Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 68.391573][ T8895] ================================================================== [ 68.399765][ T8895] BUG: KASAN: vmalloc-out-of-bounds in kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.408338][ T8895] Write of size 4 at addr ffffc90000d36050 by task syz-executor900/8895 [ 68.416632][ T8895] [ 68.418944][ T8895] CPU: 1 PID: 8895 Comm: syz-executor900 Not tainted 5.4.0-syzkaller #0 [ 68.427238][ T8895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.437297][ T8895] Call Trace: [ 68.440608][ T8895] dump_stack+0x197/0x210 [ 68.444917][ T8895] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.450528][ T8895] print_address_description.constprop.0.cold+0x5/0x30b [ 68.457437][ T8895] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.463043][ T8895] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.468650][ T8895] __kasan_report.cold+0x1b/0x41 [ 68.473565][ T8895] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 68.479087][ T8895] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.484695][ T8895] kasan_report+0x12/0x20 [ 68.489004][ T8895] __asan_report_store4_noabort+0x17/0x20 [ 68.494721][ T8895] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.500162][ T8895] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 68.505947][ T8895] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 68.512172][ T8895] ? _copy_from_user+0x12c/0x1a0 [ 68.517108][ T8895] kvm_arch_dev_ioctl+0x300/0x4b0 [ 68.522136][ T8895] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 68.528184][ T8895] kvm_dev_ioctl+0x127/0x17d0 [ 68.532838][ T8895] ? putname+0xf4/0x130 [ 68.536969][ T8895] ? do_sys_open+0x31d/0x5d0 [ 68.541533][ T8895] ? kvm_put_kvm+0xcc0/0xcc0 [ 68.546102][ T8895] ? tomoyo_file_ioctl+0x23/0x30 [ 68.551018][ T8895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.557254][ T8895] ? security_file_ioctl+0x8d/0xc0 [ 68.562448][ T8895] __ia32_compat_sys_ioctl+0x22d/0x5c0 [ 68.567895][ T8895] ? kvm_put_kvm+0xcc0/0xcc0 [ 68.572482][ T8895] do_fast_syscall_32+0x27b/0xe16 [ 68.577505][ T8895] entry_SYSENTER_compat+0x70/0x7f [ 68.582596][ T8895] RIP: 0023:0xf7fa3a39 [ 68.586643][ T8895] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 68.606229][ T8895] RSP: 002b:00000000ffd5ca2c EFLAGS: 00000213 ORIG_RAX: 0000000000000036 [ 68.614624][ T8895] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c008ae09 [ 68.622614][ T8895] RDX: 0000000020000000 RSI: 00000000080ea078 RDI: 00000000ffd5ca80 [ 68.630569][ T8895] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 68.638528][ T8895] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 68.646519][ T8895] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 68.654480][ T8895] [ 68.656791][ T8895] [ 68.659092][ T8895] Memory state around the buggy address: [ 68.664706][ T8895] ffffc90000d35f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 68.672752][ T8895] ffffc90000d35f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 68.680801][ T8895] >ffffc90000d36000: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 [ 68.688850][ T8895] ^ [ 68.695499][ T8895] ffffc90000d36080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 68.703533][ T8895] ffffc90000d36100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 68.711565][ T8895] ================================================================== [ 68.719609][ T8895] Disabling lock debugging due to kernel taint [ 68.726426][ T8895] Kernel panic - not syncing: panic_on_warn set ... [ 68.733027][ T8895] CPU: 1 PID: 8895 Comm: syz-executor900 Tainted: G B 5.4.0-syzkaller #0 [ 68.742712][ T8895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.752740][ T8895] Call Trace: [ 68.756012][ T8895] dump_stack+0x197/0x210 [ 68.760326][ T8895] panic+0x2e3/0x75c [ 68.764207][ T8895] ? add_taint.cold+0x16/0x16 [ 68.768864][ T8895] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.774468][ T8895] ? preempt_schedule+0x4b/0x60 [ 68.779294][ T8895] ? ___preempt_schedule+0x16/0x18 [ 68.784392][ T8895] ? trace_hardirqs_on+0x5e/0x240 [ 68.789402][ T8895] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.795008][ T8895] end_report+0x47/0x4f [ 68.799136][ T8895] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.804742][ T8895] __kasan_report.cold+0xe/0x41 [ 68.809565][ T8895] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 68.815083][ T8895] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.820688][ T8895] kasan_report+0x12/0x20 [ 68.824992][ T8895] __asan_report_store4_noabort+0x17/0x20 [ 68.830686][ T8895] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 68.836122][ T8895] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 68.841901][ T8895] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 68.848115][ T8895] ? _copy_from_user+0x12c/0x1a0 [ 68.853026][ T8895] kvm_arch_dev_ioctl+0x300/0x4b0 [ 68.858025][ T8895] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 68.864072][ T8895] kvm_dev_ioctl+0x127/0x17d0 [ 68.868733][ T8895] ? putname+0xf4/0x130 [ 68.872897][ T8895] ? do_sys_open+0x31d/0x5d0 [ 68.877521][ T8895] ? kvm_put_kvm+0xcc0/0xcc0 [ 68.882095][ T8895] ? tomoyo_file_ioctl+0x23/0x30 [ 68.887011][ T8895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.893229][ T8895] ? security_file_ioctl+0x8d/0xc0 [ 68.898326][ T8895] __ia32_compat_sys_ioctl+0x22d/0x5c0 [ 68.903762][ T8895] ? kvm_put_kvm+0xcc0/0xcc0 [ 68.908372][ T8895] do_fast_syscall_32+0x27b/0xe16 [ 68.913374][ T8895] entry_SYSENTER_compat+0x70/0x7f [ 68.918494][ T8895] RIP: 0023:0xf7fa3a39 [ 68.922539][ T8895] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 68.942118][ T8895] RSP: 002b:00000000ffd5ca2c EFLAGS: 00000213 ORIG_RAX: 0000000000000036 [ 68.950511][ T8895] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c008ae09 [ 68.958460][ T8895] RDX: 0000000020000000 RSI: 00000000080ea078 RDI: 00000000ffd5ca80 [ 68.966407][ T8895] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 68.974351][ T8895] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 68.982303][ T8895] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 68.991451][ T8895] Kernel Offset: disabled [ 68.995773][ T8895] Rebooting in 86400 seconds..