[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 66.040341][ T23] audit: type=1800 audit(1575427141.108:25): pid=8790 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 66.060490][ T23] audit: type=1800 audit(1575427141.108:26): pid=8790 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 66.081199][ T23] audit: type=1800 audit(1575427141.108:27): pid=8790 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 77.075832][ T8942] ================================================================== [ 77.084043][ T8942] BUG: KASAN: vmalloc-out-of-bounds in kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.092625][ T8942] Write of size 4 at addr ffffc90000d36050 by task syz-executor978/8942 [ 77.100936][ T8942] [ 77.103267][ T8942] CPU: 1 PID: 8942 Comm: syz-executor978 Not tainted 5.4.0-syzkaller #0 [ 77.111582][ T8942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.121628][ T8942] Call Trace: [ 77.124927][ T8942] dump_stack+0x197/0x210 [ 77.129257][ T8942] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.134871][ T8942] print_address_description.constprop.0.cold+0x5/0x30b [ 77.141800][ T8942] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.147676][ T8942] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.153289][ T8942] __kasan_report.cold+0x1b/0x41 [ 77.158210][ T8942] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 77.163735][ T8942] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.169348][ T8942] kasan_report+0x12/0x20 [ 77.173657][ T8942] __asan_report_store4_noabort+0x17/0x20 [ 77.179379][ T8942] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.184834][ T8942] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 77.190637][ T8942] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 77.196927][ T8942] ? _copy_from_user+0x12c/0x1a0 [ 77.201985][ T8942] kvm_arch_dev_ioctl+0x300/0x4b0 [ 77.207032][ T8942] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 77.213232][ T8942] ? tomoyo_path_number_perm+0x454/0x520 [ 77.219103][ T8942] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 77.225402][ T8942] ? tomoyo_path_number_perm+0x25e/0x520 [ 77.231046][ T8942] kvm_dev_ioctl+0x127/0x17d0 [ 77.235904][ T8942] ? kvm_put_kvm+0xcc0/0xcc0 [ 77.240505][ T8942] ? kvm_put_kvm+0xcc0/0xcc0 [ 77.245112][ T8942] do_vfs_ioctl+0x977/0x14e0 [ 77.249733][ T8942] ? compat_ioctl_preallocate+0x220/0x220 [ 77.255578][ T8942] ? perf_trace_initcall_level+0x370/0x420 [ 77.261382][ T8942] ? putname+0xf4/0x130 [ 77.265544][ T8942] ? do_sys_open+0x31d/0x5d0 [ 77.270131][ T8942] ? tomoyo_file_ioctl+0x23/0x30 [ 77.275068][ T8942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 77.281301][ T8942] ? security_file_ioctl+0x8d/0xc0 [ 77.286401][ T8942] ksys_ioctl+0xab/0xd0 [ 77.290548][ T8942] __x64_sys_ioctl+0x73/0xb0 [ 77.295164][ T8942] do_syscall_64+0xfa/0x790 [ 77.299673][ T8942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.305559][ T8942] RIP: 0033:0x440159 [ 77.309446][ T8942] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.329358][ T8942] RSP: 002b:00007ffd2df2fde8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.337763][ T8942] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440159 [ 77.345844][ T8942] RDX: 0000000020000080 RSI: 00000000c008ae09 RDI: 0000000000000003 [ 77.353857][ T8942] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 77.361875][ T8942] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004019e0 [ 77.369835][ T8942] R13: 0000000000401a70 R14: 0000000000000000 R15: 0000000000000000 [ 77.377804][ T8942] [ 77.380113][ T8942] [ 77.382479][ T8942] Memory state around the buggy address: [ 77.388101][ T8942] ffffc90000d35f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.396180][ T8942] ffffc90000d35f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.404233][ T8942] >ffffc90000d36000: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 [ 77.413152][ T8942] ^ [ 77.419815][ T8942] ffffc90000d36080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.427865][ T8942] ffffc90000d36100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.436508][ T8942] ================================================================== [ 77.444546][ T8942] Disabling lock debugging due to kernel taint [ 77.451611][ T8942] Kernel panic - not syncing: panic_on_warn set ... [ 77.458337][ T8942] CPU: 1 PID: 8942 Comm: syz-executor978 Tainted: G B 5.4.0-syzkaller #0 [ 77.468034][ T8942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.478171][ T8942] Call Trace: [ 77.481455][ T8942] dump_stack+0x197/0x210 [ 77.485811][ T8942] panic+0x2e3/0x75c [ 77.490122][ T8942] ? add_taint.cold+0x16/0x16 [ 77.494813][ T8942] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.500435][ T8942] ? preempt_schedule+0x4b/0x60 [ 77.505273][ T8942] ? ___preempt_schedule+0x16/0x18 [ 77.510376][ T8942] ? trace_hardirqs_on+0x5e/0x240 [ 77.515393][ T8942] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.521113][ T8942] end_report+0x47/0x4f [ 77.525271][ T8942] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.530893][ T8942] __kasan_report.cold+0xe/0x41 [ 77.535731][ T8942] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 77.541256][ T8942] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.546875][ T8942] kasan_report+0x12/0x20 [ 77.551178][ T8942] __asan_report_store4_noabort+0x17/0x20 [ 77.556872][ T8942] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.562307][ T8942] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 77.568092][ T8942] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 77.574310][ T8942] ? _copy_from_user+0x12c/0x1a0 [ 77.579224][ T8942] kvm_arch_dev_ioctl+0x300/0x4b0 [ 77.584224][ T8942] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 77.590274][ T8942] ? tomoyo_path_number_perm+0x454/0x520 [ 77.595884][ T8942] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 77.602097][ T8942] ? tomoyo_path_number_perm+0x25e/0x520 [ 77.607707][ T8942] kvm_dev_ioctl+0x127/0x17d0 [ 77.612360][ T8942] ? kvm_put_kvm+0xcc0/0xcc0 [ 77.616927][ T8942] ? kvm_put_kvm+0xcc0/0xcc0 [ 77.621491][ T8942] do_vfs_ioctl+0x977/0x14e0 [ 77.626060][ T8942] ? compat_ioctl_preallocate+0x220/0x220 [ 77.631753][ T8942] ? perf_trace_initcall_level+0x370/0x420 [ 77.637538][ T8942] ? putname+0xf4/0x130 [ 77.641680][ T8942] ? do_sys_open+0x31d/0x5d0 [ 77.646256][ T8942] ? tomoyo_file_ioctl+0x23/0x30 [ 77.651172][ T8942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 77.657389][ T8942] ? security_file_ioctl+0x8d/0xc0 [ 77.662484][ T8942] ksys_ioctl+0xab/0xd0 [ 77.666616][ T8942] __x64_sys_ioctl+0x73/0xb0 [ 77.671184][ T8942] do_syscall_64+0xfa/0x790 [ 77.675676][ T8942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.681551][ T8942] RIP: 0033:0x440159 [ 77.685430][ T8942] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.705007][ T8942] RSP: 002b:00007ffd2df2fde8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.713393][ T8942] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440159 [ 77.721340][ T8942] RDX: 0000000020000080 RSI: 00000000c008ae09 RDI: 0000000000000003 [ 77.729371][ T8942] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 77.737316][ T8942] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004019e0 [ 77.745259][ T8942] R13: 0000000000401a70 R14: 0000000000000000 R15: 0000000000000000 [ 77.754696][ T8942] Kernel Offset: disabled [ 77.759019][ T8942] Rebooting in 86400 seconds..