[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.119730] audit: type=1800 audit(1570616755.978:33): pid=7306 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.532094] kauditd_printk_skb: 1 callbacks suppressed [ 41.532108] audit: type=1400 audit(1570616759.388:35): avc: denied { map } for pid=7483 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. executing program [ 48.031195] audit: type=1400 audit(1570616765.888:36): avc: denied { map } for pid=7495 comm="syz-executor293" path="/root/syz-executor293068982" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.036713] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 48.087285] ================================================================== [ 48.094796] BUG: KASAN: null-ptr-deref in kvm_write_guest_virt_system+0x64/0x90 [ 48.102232] Write of size 24 at addr 0000000000000000 by task syz-executor293/7495 [ 48.109965] [ 48.111580] CPU: 1 PID: 7495 Comm: syz-executor293 Not tainted 4.19.78 #0 [ 48.118492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.127826] Call Trace: [ 48.130444] dump_stack+0x172/0x1f0 [ 48.134095] ? kvm_write_guest_virt_system+0x64/0x90 [ 48.139186] kasan_report.cold+0x199/0x2ba [ 48.143414] check_memory_region+0x123/0x190 [ 48.147810] memset+0x24/0x40 [ 48.151163] kvm_write_guest_virt_system+0x64/0x90 [ 48.156101] handle_vmread+0x7fe/0xa10 [ 48.159987] ? handle_invpcid+0xa80/0xa80 [ 48.164129] ? __lock_is_held+0xb6/0x140 [ 48.168191] ? __lock_is_held+0xb6/0x140 [ 48.172254] ? handle_invpcid+0xa80/0xa80 [ 48.176405] vmx_handle_exit+0x276/0x16b0 [ 48.180543] ? lock_acquire+0x16f/0x3f0 [ 48.184508] ? vcpu_enter_guest+0xf15/0x5ed0 [ 48.188905] vcpu_enter_guest+0x10ca/0x5ed0 [ 48.193228] ? kvm_vcpu_ioctl+0x181/0xf90 [ 48.197367] ? emulator_read_emulated+0x50/0x50 [ 48.202025] ? lock_acquire+0x16f/0x3f0 [ 48.205988] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 48.211441] kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 48.216280] ? kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 48.221298] kvm_vcpu_ioctl+0x4dc/0xf90 [ 48.225278] ? kvm_vcpu_block+0xcc0/0xcc0 [ 48.229426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.234947] ? check_preemption_disabled+0x48/0x290 [ 48.239947] ? check_preemption_disabled+0x48/0x290 [ 48.244961] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 48.249965] ? __set_current_blocked+0xe4/0x120 [ 48.254621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.260142] ? signal_setup_done+0xbe/0x2a0 [ 48.264447] ? set_current_blocked+0x50/0x50 [ 48.268840] ? rcu_read_lock_sched_held+0x110/0x130 [ 48.273849] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.279482] ? kvm_vcpu_block+0xcc0/0xcc0 [ 48.283620] do_vfs_ioctl+0xd5f/0x1380 [ 48.287504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.293029] ? selinux_file_ioctl+0x125/0x5e0 [ 48.297528] ? ioctl_preallocate+0x210/0x210 [ 48.301930] ? selinux_file_mprotect+0x620/0x620 [ 48.306676] ? __sanitizer_cov_trace_cmp4+0x1b/0x20 [ 48.311678] ? __fget_light+0x1a9/0x230 [ 48.315636] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.321172] ? __fdget_pos+0x89/0x110 [ 48.324981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.330504] ? security_file_ioctl+0x8d/0xc0 [ 48.337948] ksys_ioctl+0xab/0xd0 [ 48.341388] __x64_sys_ioctl+0x73/0xb0 [ 48.345272] do_syscall_64+0xfd/0x620 [ 48.349069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.354252] RIP: 0033:0x443679 [ 48.357440] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.376330] RSP: 002b:00007ffe0aa567b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.384086] RAX: ffffffffffffffda RBX: 00007ffe0aa567c0 RCX: 0000000000443679 [ 48.391354] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 48.398647] RBP: 0000000000000000 R08: 0000000000400f60 R09: 0000000000400f60 [ 48.405905] R10: 0000000020003800 R11: 0000000000000246 R12: 0000000000404720 [ 48.413160] R13: 00000000004047b0 R14: 0000000000000000 R15: 0000000000000000 [ 48.420425] ================================================================== [ 48.427937] Disabling lock debugging due to kernel taint [ 48.433789] Kernel panic - not syncing: panic_on_warn set ... [ 48.433789] [ 48.441164] CPU: 1 PID: 7495 Comm: syz-executor293 Tainted: G B 4.19.78 #0 [ 48.449461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.458892] Call Trace: [ 48.461467] dump_stack+0x172/0x1f0 [ 48.465079] ? kvm_write_guest_virt_system+0x64/0x90 [ 48.470165] panic+0x263/0x507 [ 48.473339] ? __warn_printk+0xf3/0xf3 [ 48.477219] ? kvm_write_guest_virt_system+0x64/0x90 [ 48.482303] ? preempt_schedule+0x4b/0x60 [ 48.486431] ? ___preempt_schedule+0x16/0x18 [ 48.490833] ? trace_hardirqs_on+0x5e/0x220 [ 48.495136] ? kvm_write_guest_virt_system+0x64/0x90 [ 48.500225] kasan_end_report+0x47/0x4f [ 48.504180] kasan_report.cold+0xa9/0x2ba [ 48.508320] check_memory_region+0x123/0x190 [ 48.512753] memset+0x24/0x40 [ 48.515840] kvm_write_guest_virt_system+0x64/0x90 [ 48.520752] handle_vmread+0x7fe/0xa10 [ 48.524631] ? handle_invpcid+0xa80/0xa80 [ 48.528763] ? __lock_is_held+0xb6/0x140 [ 48.532811] ? __lock_is_held+0xb6/0x140 [ 48.536857] ? handle_invpcid+0xa80/0xa80 [ 48.541000] vmx_handle_exit+0x276/0x16b0 [ 48.545133] ? lock_acquire+0x16f/0x3f0 [ 48.549090] ? vcpu_enter_guest+0xf15/0x5ed0 [ 48.553484] vcpu_enter_guest+0x10ca/0x5ed0 [ 48.557789] ? kvm_vcpu_ioctl+0x181/0xf90 [ 48.561922] ? emulator_read_emulated+0x50/0x50 [ 48.566571] ? lock_acquire+0x16f/0x3f0 [ 48.570529] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 48.575965] kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 48.580803] ? kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 48.585801] kvm_vcpu_ioctl+0x4dc/0xf90 [ 48.589757] ? kvm_vcpu_block+0xcc0/0xcc0 [ 48.593896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.599415] ? check_preemption_disabled+0x48/0x290 [ 48.604415] ? check_preemption_disabled+0x48/0x290 [ 48.609415] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 48.614415] ? __set_current_blocked+0xe4/0x120 [ 48.619077] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.624607] ? signal_setup_done+0xbe/0x2a0 [ 48.628918] ? set_current_blocked+0x50/0x50 [ 48.633322] ? rcu_read_lock_sched_held+0x110/0x130 [ 48.638330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.643851] ? kvm_vcpu_block+0xcc0/0xcc0 [ 48.647981] do_vfs_ioctl+0xd5f/0x1380 [ 48.651855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.657385] ? selinux_file_ioctl+0x125/0x5e0 [ 48.661863] ? ioctl_preallocate+0x210/0x210 [ 48.666262] ? selinux_file_mprotect+0x620/0x620 [ 48.671012] ? __sanitizer_cov_trace_cmp4+0x1b/0x20 [ 48.676012] ? __fget_light+0x1a9/0x230 [ 48.679972] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.685500] ? __fdget_pos+0x89/0x110 [ 48.689301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.694829] ? security_file_ioctl+0x8d/0xc0 [ 48.699220] ksys_ioctl+0xab/0xd0 [ 48.702666] __x64_sys_ioctl+0x73/0xb0 [ 48.706540] do_syscall_64+0xfd/0x620 [ 48.710327] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.715498] RIP: 0033:0x443679 [ 48.718671] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.737571] RSP: 002b:00007ffe0aa567b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.745281] RAX: ffffffffffffffda RBX: 00007ffe0aa567c0 RCX: 0000000000443679 [ 48.752536] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 48.759785] RBP: 0000000000000000 R08: 0000000000400f60 R09: 0000000000400f60 [ 48.767054] R10: 0000000020003800 R11: 0000000000000246 R12: 0000000000404720 [ 48.774306] R13: 00000000004047b0 R14: 0000000000000000 R15: 0000000000000000 [ 48.782968] Kernel Offset: disabled [ 48.786598] Rebooting in 86400 seconds..