[   70.168854][   T26] audit: type=1800 audit(1567884461.561:27): pid=9857 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   70.190821][   T26] audit: type=1800 audit(1567884461.571:28): pid=9857 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   70.736737][   T26] audit: type=1800 audit(1567884462.201:29): pid=9857 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   70.758061][   T26] audit: type=1800 audit(1567884462.201:30): pid=9857 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   81.144127][T10006] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   81.204081][T10006] ==================================================================
[   81.212321][T10006] BUG: KASAN: slab-out-of-bounds in handle_vmptrld+0x777/0x800
[   81.220011][T10006] Read of size 4 at addr ffff888091e10000 by task syz-executor758/10006
[   81.228316][T10006] 
[   81.230631][T10006] CPU: 1 PID: 10006 Comm: syz-executor758 Not tainted 5.3.0-rc7+ #0
[   81.238582][T10006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   81.248624][T10006] Call Trace:
[   81.251898][T10006]  dump_stack+0x172/0x1f0
[   81.256567][T10006]  ? handle_vmptrld+0x777/0x800
[   81.261399][T10006]  print_address_description.cold+0xd4/0x306
[   81.267440][T10006]  ? handle_vmptrld+0x777/0x800
[   81.272268][T10006]  ? handle_vmptrld+0x777/0x800
[   81.277093][T10006]  __kasan_report.cold+0x1b/0x36
[   81.282007][T10006]  ? handle_vmptrld+0x777/0x800
[   81.286852][T10006]  kasan_report+0x12/0x17
[   81.291159][T10006]  __asan_report_load_n_noabort+0xf/0x20
[   81.296767][T10006]  handle_vmptrld+0x777/0x800
[   81.301436][T10006]  ? vmx_update_host_rsp+0x71/0xd0
[   81.306535][T10006]  ? handle_vmon+0x3c0/0x3c0
[   81.311114][T10006]  ? handle_vmon+0x3c0/0x3c0
[   81.315683][T10006]  vmx_handle_exit+0x299/0x15e0
[   81.320599][T10006]  vcpu_enter_guest+0x1087/0x5e90
[   81.325624][T10006]  ? handle_emulation_failure+0x4e0/0x4e0
[   81.331325][T10006]  ? lock_acquire+0x190/0x410
[   81.335996][T10006]  ? kvm_check_async_pf_completion+0x2d8/0x440
[   81.342184][T10006]  kvm_arch_vcpu_ioctl_run+0x464/0x1750
[   81.347882][T10006]  ? kvm_arch_vcpu_ioctl_run+0x464/0x1750
[   81.353587][T10006]  kvm_vcpu_ioctl+0x4dc/0xfd0
[   81.358241][T10006]  ? kvm_write_guest_cached+0x40/0x40
[   81.363767][T10006]  ? tomoyo_path_number_perm+0x263/0x520
[   81.369377][T10006]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   81.375188][T10006]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   81.380899][T10006]  ? __set_current_blocked+0xd6/0x110
[   81.386268][T10006]  ? kvm_write_guest_cached+0x40/0x40
[   81.391623][T10006]  do_vfs_ioctl+0xdb6/0x13e0
[   81.396196][T10006]  ? ioctl_preallocate+0x210/0x210
[   81.401284][T10006]  ? do_signal+0x4f8/0x1700
[   81.405769][T10006]  ? setup_sigcontext+0x7d0/0x7d0
[   81.410782][T10006]  ? __bad_area_nosemaphore+0xb3/0x420
[   81.416836][T10006]  ? tomoyo_file_ioctl+0x23/0x30
[   81.421839][T10006]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   81.428145][T10006]  ? security_file_ioctl+0x8d/0xc0
[   81.433231][T10006]  ksys_ioctl+0xab/0xd0
[   81.437365][T10006]  __x64_sys_ioctl+0x73/0xb0
[   81.441949][T10006]  do_syscall_64+0xfd/0x6a0
[   81.446461][T10006]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.452329][T10006] RIP: 0033:0x447269
[   81.456202][T10006] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b d0 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   81.475793][T10006] RSP: 002b:00007ffd58df6ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   81.484305][T10006] RAX: ffffffffffffffda RBX: 00007ffd58df6ae0 RCX: 0000000000447269
[   81.492402][T10006] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   81.500368][T10006] RBP: 0000000000000000 R08: 0000000020003800 R09: 0000000000400e80
[   81.508599][T10006] R10: 00007ffd58df4f20 R11: 0000000000000246 R12: 0000000000404730
[   81.516614][T10006] R13: 00000000004047c0 R14: 0000000000000000 R15: 0000000000000000
[   81.524568][T10006] 
[   81.526875][T10006] Allocated by task 10006:
[   81.531364][T10006]  save_stack+0x23/0x90
[   81.535514][T10006]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   81.541133][T10006]  kasan_kmalloc+0x9/0x10
[   81.545449][T10006]  __kmalloc+0x163/0x770
[   81.549671][T10006]  hcd_buffer_alloc+0x1c6/0x260
[   81.554495][T10006]  usb_alloc_coherent+0x62/0x90
[   81.559326][T10006]  usbdev_mmap+0x1ce/0x790
[   81.563723][T10006]  mmap_region+0xc35/0x1760
[   81.568199][T10006]  do_mmap+0x82e/0x1090
[   81.572416][T10006]  vm_mmap_pgoff+0x1c5/0x230
[   81.576981][T10006]  ksys_mmap_pgoff+0x4aa/0x630
[   81.581750][T10006]  __x64_sys_mmap+0xe9/0x1b0
[   81.586316][T10006]  do_syscall_64+0xfd/0x6a0
[   81.590801][T10006]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.596666][T10006] 
[   81.598969][T10006] Freed by task 9516:
[   81.602925][T10006]  save_stack+0x23/0x90
[   81.607223][T10006]  __kasan_slab_free+0x102/0x150
[   81.612155][T10006]  kasan_slab_free+0xe/0x10
[   81.616638][T10006]  kfree+0x10a/0x2c0
[   81.620526][T10006]  tomoyo_init_log+0x15ba/0x2070
[   81.625452][T10006]  tomoyo_supervisor+0x33f/0xef0
[   81.630381][T10006]  tomoyo_env_perm+0x18e/0x210
[   81.635135][T10006]  tomoyo_find_next_domain+0x1354/0x1f6c
[   81.640768][T10006]  tomoyo_bprm_check_security+0x124/0x1b0
[   81.646475][T10006]  security_bprm_check+0x63/0xb0
[   81.651404][T10006]  search_binary_handler+0x71/0x570
[   81.656576][T10006]  __do_execve_file.isra.0+0x1333/0x2340
[   81.662185][T10006]  __x64_sys_execve+0x8f/0xc0
[   81.666881][T10006]  do_syscall_64+0xfd/0x6a0
[   81.671366][T10006]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.677240][T10006] 
[   81.679547][T10006] The buggy address belongs to the object at ffff888091e109c0
[   81.679547][T10006]  which belongs to the cache kmalloc-8k of size 8192
[   81.693663][T10006] The buggy address is located 2496 bytes to the left of
[   81.693663][T10006]  8192-byte region [ffff888091e109c0, ffff888091e129c0)
[   81.707520][T10006] The buggy address belongs to the page:
[   81.713147][T10006] page:ffffea0002478400 refcount:2 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0
[   81.724064][T10006] flags: 0x1fffc0000010200(slab|head)
[   81.729548][T10006] raw: 01fffc0000010200 ffffea000242e608 ffffea0002436708 ffff8880aa4021c0
[   81.738123][T10006] raw: 0000000000000000 ffff888091e109c0 0000000200000001 0000000000000000
[   81.746854][T10006] page dumped because: kasan: bad access detected
[   81.753236][T10006] 
[   81.755538][T10006] Memory state around the buggy address:
[   81.761157][T10006]  ffff888091e0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.769210][T10006]  ffff888091e0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.777248][T10006] >ffff888091e10000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.785434][T10006]                    ^
[   81.789495][T10006]  ffff888091e10080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.797533][T10006]  ffff888091e10100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   81.805569][T10006] ==================================================================
[   81.813842][T10006] Kernel panic - not syncing: panic_on_warn set ...
[   81.820454][T10006] CPU: 1 PID: 10006 Comm: syz-executor758 Tainted: G    B             5.3.0-rc7+ #0
[   81.829797][T10006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   81.839826][T10006] Call Trace:
[   81.843101][T10006]  dump_stack+0x172/0x1f0
[   81.847415][T10006]  panic+0x2dc/0x755
[   81.851288][T10006]  ? add_taint.cold+0x16/0x16
[   81.855943][T10006]  ? handle_vmptrld+0x777/0x800
[   81.860783][T10006]  ? preempt_schedule+0x4b/0x60
[   81.865613][T10006]  ? ___preempt_schedule+0x16/0x20
[   81.870733][T10006]  ? trace_hardirqs_on+0x5e/0x240
[   81.875745][T10006]  ? handle_vmptrld+0x777/0x800
[   81.880593][T10006]  end_report+0x47/0x4f
[   81.884733][T10006]  ? handle_vmptrld+0x777/0x800
[   81.889565][T10006]  __kasan_report.cold+0xe/0x36
[   81.894398][T10006]  ? handle_vmptrld+0x777/0x800
[   81.899239][T10006]  kasan_report+0x12/0x17
[   81.903549][T10006]  __asan_report_load_n_noabort+0xf/0x20
[   81.909173][T10006]  handle_vmptrld+0x777/0x800
[   81.913825][T10006]  ? vmx_update_host_rsp+0x71/0xd0
[   81.918937][T10006]  ? handle_vmon+0x3c0/0x3c0
[   81.923508][T10006]  ? handle_vmon+0x3c0/0x3c0
[   81.928094][T10006]  vmx_handle_exit+0x299/0x15e0
[   81.932921][T10006]  vcpu_enter_guest+0x1087/0x5e90
[   81.937925][T10006]  ? handle_emulation_failure+0x4e0/0x4e0
[   81.943634][T10006]  ? lock_acquire+0x190/0x410
[   81.949157][T10006]  ? kvm_check_async_pf_completion+0x2d8/0x440
[   81.955332][T10006]  kvm_arch_vcpu_ioctl_run+0x464/0x1750
[   81.960858][T10006]  ? kvm_arch_vcpu_ioctl_run+0x464/0x1750
[   81.966681][T10006]  kvm_vcpu_ioctl+0x4dc/0xfd0
[   81.971430][T10006]  ? kvm_write_guest_cached+0x40/0x40
[   81.976786][T10006]  ? tomoyo_path_number_perm+0x263/0x520
[   81.982402][T10006]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   81.988188][T10006]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   81.993889][T10006]  ? __set_current_blocked+0xd6/0x110
[   81.999258][T10006]  ? kvm_write_guest_cached+0x40/0x40
[   82.004606][T10006]  do_vfs_ioctl+0xdb6/0x13e0
[   82.009174][T10006]  ? ioctl_preallocate+0x210/0x210
[   82.014266][T10006]  ? do_signal+0x4f8/0x1700
[   82.018749][T10006]  ? setup_sigcontext+0x7d0/0x7d0
[   82.023751][T10006]  ? __bad_area_nosemaphore+0xb3/0x420
[   82.029199][T10006]  ? tomoyo_file_ioctl+0x23/0x30
[   82.034113][T10006]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.040334][T10006]  ? security_file_ioctl+0x8d/0xc0
[   82.046398][T10006]  ksys_ioctl+0xab/0xd0
[   82.050532][T10006]  __x64_sys_ioctl+0x73/0xb0
[   82.055116][T10006]  do_syscall_64+0xfd/0x6a0
[   82.059612][T10006]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.065482][T10006] RIP: 0033:0x447269
[   82.069354][T10006] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b d0 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   82.088935][T10006] RSP: 002b:00007ffd58df6ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   82.097326][T10006] RAX: ffffffffffffffda RBX: 00007ffd58df6ae0 RCX: 0000000000447269
[   82.105290][T10006] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   82.113252][T10006] RBP: 0000000000000000 R08: 0000000020003800 R09: 0000000000400e80
[   82.121201][T10006] R10: 00007ffd58df4f20 R11: 0000000000000246 R12: 0000000000404730
[   82.129147][T10006] R13: 00000000004047c0 R14: 0000000000000000 R15: 0000000000000000
[   82.138851][T10006] Kernel Offset: disabled
[   82.143237][T10006] Rebooting in 86400 seconds..