[ 65.827517][ T25] audit: type=1800 audit(1575369032.358:25): pid=9264 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 66.892666][ T25] kauditd_printk_skb: 3 callbacks suppressed [ 66.892676][ T25] audit: type=1800 audit(1575369033.418:29): pid=9264 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 66.923482][ T25] audit: type=1800 audit(1575369033.418:30): pid=9264 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 78.095409][ T9417] ================================================================== [ 78.110403][ T9417] BUG: KASAN: vmalloc-out-of-bounds in kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.124315][ T9417] Write of size 4 at addr ffffc90000d36050 by task syz-executor248/9417 [ 78.135938][ T9417] [ 78.139726][ T9417] CPU: 1 PID: 9417 Comm: syz-executor248 Not tainted 5.4.0-syzkaller #0 [ 78.149128][ T9417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.160579][ T9417] Call Trace: [ 78.163896][ T9417] dump_stack+0x197/0x210 [ 78.168421][ T9417] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.174196][ T9417] print_address_description.constprop.0.cold+0x5/0x30b [ 78.181592][ T9417] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.187564][ T9417] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.193226][ T9417] __kasan_report.cold+0x1b/0x41 [ 78.198319][ T9417] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 78.203853][ T9417] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.209474][ T9417] kasan_report+0x12/0x20 [ 78.214667][ T9417] __asan_report_store4_noabort+0x17/0x20 [ 78.220374][ T9417] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.226211][ T9417] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 78.232122][ T9417] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 78.238476][ T9417] ? _copy_from_user+0x12c/0x1a0 [ 78.243440][ T9417] kvm_arch_dev_ioctl+0x300/0x4b0 [ 78.248476][ T9417] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 78.254534][ T9417] ? tomoyo_path_number_perm+0x454/0x520 [ 78.260198][ T9417] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 78.266815][ T9417] ? tomoyo_path_number_perm+0x25e/0x520 [ 78.272442][ T9417] kvm_dev_ioctl+0x127/0x17d0 [ 78.277134][ T9417] ? kvm_put_kvm+0xcc0/0xcc0 [ 78.282441][ T9417] ? kvm_put_kvm+0xcc0/0xcc0 [ 78.287167][ T9417] do_vfs_ioctl+0xdb6/0x13e0 [ 78.291885][ T9417] ? compat_ioctl_preallocate+0x210/0x210 [ 78.297609][ T9417] ? perf_trace_initcall_level+0x370/0x420 [ 78.303753][ T9417] ? putname+0xf4/0x130 [ 78.307928][ T9417] ? do_sys_open+0x31d/0x5d0 [ 78.312684][ T9417] ? tomoyo_file_ioctl+0x23/0x30 [ 78.317617][ T9417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 78.323910][ T9417] ? security_file_ioctl+0x8d/0xc0 [ 78.329064][ T9417] ksys_ioctl+0xab/0xd0 [ 78.333603][ T9417] __x64_sys_ioctl+0x73/0xb0 [ 78.338375][ T9417] do_syscall_64+0xfa/0x790 [ 78.343023][ T9417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.348924][ T9417] RIP: 0033:0x4401e9 [ 78.352837][ T9417] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.373145][ T9417] RSP: 002b:00007ffdf227bc98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.381601][ T9417] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401e9 [ 78.389585][ T9417] RDX: 0000000020000000 RSI: 00000000c008ae09 RDI: 0000000000000003 [ 78.397738][ T9417] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 78.406104][ T9417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a70 [ 78.414231][ T9417] R13: 0000000000401b00 R14: 0000000000000000 R15: 0000000000000000 [ 78.422299][ T9417] [ 78.424614][ T9417] [ 78.426922][ T9417] Memory state around the buggy address: [ 78.432569][ T9417] ffffc90000d35f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 78.440612][ T9417] ffffc90000d35f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 78.448738][ T9417] >ffffc90000d36000: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 [ 78.456773][ T9417] ^ [ 78.463472][ T9417] ffffc90000d36080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 78.471507][ T9417] ffffc90000d36100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 78.479544][ T9417] ================================================================== [ 78.487576][ T9417] Disabling lock debugging due to kernel taint [ 78.494421][ T9417] Kernel panic - not syncing: panic_on_warn set ... [ 78.501011][ T9417] CPU: 1 PID: 9417 Comm: syz-executor248 Tainted: G B 5.4.0-syzkaller #0 [ 78.510692][ T9417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.520723][ T9417] Call Trace: [ 78.523998][ T9417] dump_stack+0x197/0x210 [ 78.528304][ T9417] panic+0x2e3/0x75c [ 78.532181][ T9417] ? add_taint.cold+0x16/0x16 [ 78.536841][ T9417] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.542455][ T9417] ? preempt_schedule+0x4b/0x60 [ 78.547292][ T9417] ? ___preempt_schedule+0x16/0x18 [ 78.552395][ T9417] ? trace_hardirqs_on+0x5e/0x240 [ 78.557485][ T9417] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.563092][ T9417] end_report+0x47/0x4f [ 78.567232][ T9417] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.572839][ T9417] __kasan_report.cold+0xe/0x41 [ 78.577678][ T9417] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 78.583198][ T9417] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.588804][ T9417] kasan_report+0x12/0x20 [ 78.593108][ T9417] __asan_report_store4_noabort+0x17/0x20 [ 78.598807][ T9417] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 78.604242][ T9417] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 78.610035][ T9417] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 78.616264][ T9417] ? _copy_from_user+0x12c/0x1a0 [ 78.621180][ T9417] kvm_arch_dev_ioctl+0x300/0x4b0 [ 78.626190][ T9417] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 78.632240][ T9417] ? tomoyo_path_number_perm+0x454/0x520 [ 78.637848][ T9417] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 78.644060][ T9417] ? tomoyo_path_number_perm+0x25e/0x520 [ 78.649676][ T9417] kvm_dev_ioctl+0x127/0x17d0 [ 78.654325][ T9417] ? kvm_put_kvm+0xcc0/0xcc0 [ 78.658893][ T9417] ? kvm_put_kvm+0xcc0/0xcc0 [ 78.663458][ T9417] do_vfs_ioctl+0xdb6/0x13e0 [ 78.668042][ T9417] ? compat_ioctl_preallocate+0x210/0x210 [ 78.673743][ T9417] ? perf_trace_initcall_level+0x370/0x420 [ 78.679534][ T9417] ? putname+0xf4/0x130 [ 78.683738][ T9417] ? do_sys_open+0x31d/0x5d0 [ 78.688475][ T9417] ? tomoyo_file_ioctl+0x23/0x30 [ 78.693392][ T9417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 78.699788][ T9417] ? security_file_ioctl+0x8d/0xc0 [ 78.704895][ T9417] ksys_ioctl+0xab/0xd0 [ 78.709037][ T9417] __x64_sys_ioctl+0x73/0xb0 [ 78.713613][ T9417] do_syscall_64+0xfa/0x790 [ 78.718145][ T9417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.724029][ T9417] RIP: 0033:0x4401e9 [ 78.727905][ T9417] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.747501][ T9417] RSP: 002b:00007ffdf227bc98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.755978][ T9417] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401e9 [ 78.763938][ T9417] RDX: 0000000020000000 RSI: 00000000c008ae09 RDI: 0000000000000003 [ 78.771884][ T9417] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 78.779833][ T9417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a70 [ 78.787782][ T9417] R13: 0000000000401b00 R14: 0000000000000000 R15: 0000000000000000 [ 78.797034][ T9417] Kernel Offset: disabled [ 78.801353][ T9417] Rebooting in 86400 seconds..