[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.657058] audit: type=1800 audit(1570626842.525:33): pid=7290 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 42.488972] kauditd_printk_skb: 1 callbacks suppressed [ 42.488986] audit: type=1400 audit(1570626847.365:35): avc: denied { map } for pid=7465 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.246' (ECDSA) to the list of known hosts. executing program [ 49.048517] audit: type=1400 audit(1570626853.915:36): avc: denied { map } for pid=7477 comm="syz-executor696" path="/root/syz-executor696951167" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 49.052507] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 49.106168] ================================================================== [ 49.113743] BUG: KASAN: null-ptr-deref in kvm_write_guest_virt_system+0x64/0x90 [ 49.121215] Write of size 24 at addr 0000000000000000 by task syz-executor696/7477 [ 49.128926] [ 49.130543] CPU: 0 PID: 7477 Comm: syz-executor696 Not tainted 4.19.78 #0 [ 49.137470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.146818] Call Trace: [ 49.149397] dump_stack+0x172/0x1f0 [ 49.153010] ? kvm_write_guest_virt_system+0x64/0x90 [ 49.158097] kasan_report.cold+0x199/0x2ba [ 49.162317] check_memory_region+0x123/0x190 [ 49.166723] memset+0x24/0x40 [ 49.169815] kvm_write_guest_virt_system+0x64/0x90 [ 49.174739] handle_vmread+0x7fe/0xa10 [ 49.178613] ? handle_invpcid+0xa80/0xa80 [ 49.182761] ? __lock_is_held+0xb6/0x140 [ 49.186807] ? __lock_is_held+0xb6/0x140 [ 49.190869] ? handle_invpcid+0xa80/0xa80 [ 49.195004] vmx_handle_exit+0x276/0x16b0 [ 49.199136] ? lock_acquire+0x16f/0x3f0 [ 49.203105] ? vcpu_enter_guest+0xf15/0x5ed0 [ 49.207499] vcpu_enter_guest+0x10ca/0x5ed0 [ 49.211820] ? kvm_vcpu_ioctl+0x181/0xf90 [ 49.215965] ? emulator_read_emulated+0x50/0x50 [ 49.220617] ? lock_acquire+0x16f/0x3f0 [ 49.224578] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 49.230017] kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 49.234843] ? kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 49.239845] kvm_vcpu_ioctl+0x4dc/0xf90 [ 49.243802] ? kvm_vcpu_block+0xcc0/0xcc0 [ 49.247934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.253469] ? check_preemption_disabled+0x48/0x290 [ 49.258476] ? check_preemption_disabled+0x48/0x290 [ 49.263486] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 49.268490] ? __set_current_blocked+0xe4/0x120 [ 49.273142] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.278664] ? signal_setup_done+0xbe/0x2a0 [ 49.282970] ? set_current_blocked+0x50/0x50 [ 49.287381] ? rcu_read_lock_sched_held+0x110/0x130 [ 49.292383] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.297919] ? kvm_vcpu_block+0xcc0/0xcc0 [ 49.302055] do_vfs_ioctl+0xd5f/0x1380 [ 49.305946] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.311481] ? selinux_file_ioctl+0x125/0x5e0 [ 49.315969] ? ioctl_preallocate+0x210/0x210 [ 49.320418] ? selinux_file_mprotect+0x620/0x620 [ 49.325177] ? __sanitizer_cov_trace_cmp4+0x1b/0x20 [ 49.330185] ? __fget_light+0x1a9/0x230 [ 49.334162] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.339683] ? __fdget_pos+0x89/0x110 [ 49.343471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.349090] ? security_file_ioctl+0x8d/0xc0 [ 49.353500] ksys_ioctl+0xab/0xd0 [ 49.356936] __x64_sys_ioctl+0x73/0xb0 [ 49.360811] do_syscall_64+0xfd/0x620 [ 49.364610] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.369794] RIP: 0033:0x443679 [ 49.372971] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.391949] RSP: 002b:00007ffe8759d9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 49.399655] RAX: ffffffffffffffda RBX: 00007ffe8759d9c0 RCX: 0000000000443679 [ 49.406929] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 49.414186] RBP: 0000000000000000 R08: 0000000000400f60 R09: 0000000000400f60 [ 49.421529] R10: 0000000020003800 R11: 0000000000000246 R12: 0000000000404720 [ 49.428785] R13: 00000000004047b0 R14: 0000000000000000 R15: 0000000000000000 [ 49.436049] ================================================================== [ 49.443389] Disabling lock debugging due to kernel taint [ 49.449305] Kernel panic - not syncing: panic_on_warn set ... [ 49.449305] [ 49.456688] CPU: 0 PID: 7477 Comm: syz-executor696 Tainted: G B 4.19.78 #0 [ 49.464986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.474610] Call Trace: [ 49.477190] dump_stack+0x172/0x1f0 [ 49.480809] ? kvm_write_guest_virt_system+0x64/0x90 [ 49.485896] panic+0x263/0x507 [ 49.489072] ? __warn_printk+0xf3/0xf3 [ 49.492944] ? kvm_write_guest_virt_system+0x64/0x90 [ 49.498041] ? preempt_schedule+0x4b/0x60 [ 49.502179] ? ___preempt_schedule+0x16/0x18 [ 49.506581] ? trace_hardirqs_on+0x5e/0x220 [ 49.510899] ? kvm_write_guest_virt_system+0x64/0x90 [ 49.515985] kasan_end_report+0x47/0x4f [ 49.519943] kasan_report.cold+0xa9/0x2ba [ 49.524075] check_memory_region+0x123/0x190 [ 49.528468] memset+0x24/0x40 [ 49.531559] kvm_write_guest_virt_system+0x64/0x90 [ 49.536479] handle_vmread+0x7fe/0xa10 [ 49.540354] ? handle_invpcid+0xa80/0xa80 [ 49.544495] ? __lock_is_held+0xb6/0x140 [ 49.548546] ? __lock_is_held+0xb6/0x140 [ 49.552590] ? handle_invpcid+0xa80/0xa80 [ 49.556716] vmx_handle_exit+0x276/0x16b0 [ 49.560855] ? lock_acquire+0x16f/0x3f0 [ 49.564811] ? vcpu_enter_guest+0xf15/0x5ed0 [ 49.569206] vcpu_enter_guest+0x10ca/0x5ed0 [ 49.573513] ? kvm_vcpu_ioctl+0x181/0xf90 [ 49.577647] ? emulator_read_emulated+0x50/0x50 [ 49.582316] ? lock_acquire+0x16f/0x3f0 [ 49.586271] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 49.591708] kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 49.596539] ? kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 49.601540] kvm_vcpu_ioctl+0x4dc/0xf90 [ 49.605496] ? kvm_vcpu_block+0xcc0/0xcc0 [ 49.609627] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.615148] ? check_preemption_disabled+0x48/0x290 [ 49.620150] ? check_preemption_disabled+0x48/0x290 [ 49.625153] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 49.630256] ? __set_current_blocked+0xe4/0x120 [ 49.634917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.640438] ? signal_setup_done+0xbe/0x2a0 [ 49.644744] ? set_current_blocked+0x50/0x50 [ 49.649139] ? rcu_read_lock_sched_held+0x110/0x130 [ 49.654150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.659672] ? kvm_vcpu_block+0xcc0/0xcc0 [ 49.663817] do_vfs_ioctl+0xd5f/0x1380 [ 49.667697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.673240] ? selinux_file_ioctl+0x125/0x5e0 [ 49.677725] ? ioctl_preallocate+0x210/0x210 [ 49.682127] ? selinux_file_mprotect+0x620/0x620 [ 49.686864] ? __sanitizer_cov_trace_cmp4+0x1b/0x20 [ 49.691862] ? __fget_light+0x1a9/0x230 [ 49.695831] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.701348] ? __fdget_pos+0x89/0x110 [ 49.705131] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.710648] ? security_file_ioctl+0x8d/0xc0 [ 49.715132] ksys_ioctl+0xab/0xd0 [ 49.718569] __x64_sys_ioctl+0x73/0xb0 [ 49.722614] do_syscall_64+0xfd/0x620 [ 49.726396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.731566] RIP: 0033:0x443679 [ 49.734740] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.753624] RSP: 002b:00007ffe8759d9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 49.761333] RAX: ffffffffffffffda RBX: 00007ffe8759d9c0 RCX: 0000000000443679 [ 49.768671] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 49.775933] RBP: 0000000000000000 R08: 0000000000400f60 R09: 0000000000400f60 [ 49.783183] R10: 0000000020003800 R11: 0000000000000246 R12: 0000000000404720 [ 49.790432] R13: 00000000004047b0 R14: 0000000000000000 R15: 0000000000000000 [ 49.799754] Kernel Offset: disabled [ 49.803391] Rebooting in 86400 seconds..