[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 61.875094][ T25] audit: type=1800 audit(1575351454.973:25): pid=8921 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 61.896127][ T25] audit: type=1800 audit(1575351454.983:26): pid=8921 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 61.949295][ T25] audit: type=1800 audit(1575351454.983:27): pid=8921 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 73.343627][ T9076] ================================================================== [ 73.352267][ T9076] BUG: KASAN: vmalloc-out-of-bounds in kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.360851][ T9076] Write of size 4 at addr ffffc90000d36050 by task syz-executor161/9076 [ 73.369158][ T9076] [ 73.371472][ T9076] CPU: 1 PID: 9076 Comm: syz-executor161 Not tainted 5.4.0-syzkaller #0 [ 73.379784][ T9076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.389820][ T9076] Call Trace: [ 73.393147][ T9076] dump_stack+0x197/0x210 [ 73.397460][ T9076] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.403104][ T9076] print_address_description.constprop.0.cold+0x5/0x30b [ 73.410031][ T9076] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.415643][ T9076] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.421257][ T9076] __kasan_report.cold+0x1b/0x41 [ 73.426178][ T9076] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 73.431712][ T9076] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.437337][ T9076] kasan_report+0x12/0x20 [ 73.441666][ T9076] __asan_report_store4_noabort+0x17/0x20 [ 73.447365][ T9076] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.452808][ T9076] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 73.458597][ T9076] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 73.464813][ T9076] ? _copy_from_user+0x12c/0x1a0 [ 73.469855][ T9076] kvm_arch_dev_ioctl+0x300/0x4b0 [ 73.474856][ T9076] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 73.480900][ T9076] ? tomoyo_path_number_perm+0x454/0x520 [ 73.486512][ T9076] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 73.492739][ T9076] ? tomoyo_path_number_perm+0x25e/0x520 [ 73.498440][ T9076] kvm_dev_ioctl+0x127/0x17d0 [ 73.503099][ T9076] ? kvm_put_kvm+0xcc0/0xcc0 [ 73.508117][ T9076] ? kvm_put_kvm+0xcc0/0xcc0 [ 73.512698][ T9076] do_vfs_ioctl+0xdb6/0x13e0 [ 73.517269][ T9076] ? compat_ioctl_preallocate+0x210/0x210 [ 73.522967][ T9076] ? perf_trace_initcall_level+0x370/0x420 [ 73.528755][ T9076] ? putname+0xf4/0x130 [ 73.532897][ T9076] ? do_sys_open+0x31d/0x5d0 [ 73.537564][ T9076] ? tomoyo_file_ioctl+0x23/0x30 [ 73.542477][ T9076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 73.549824][ T9076] ? security_file_ioctl+0x8d/0xc0 [ 73.554915][ T9076] ksys_ioctl+0xab/0xd0 [ 73.559063][ T9076] __x64_sys_ioctl+0x73/0xb0 [ 73.563649][ T9076] do_syscall_64+0xfa/0x790 [ 73.568135][ T9076] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.574003][ T9076] RIP: 0033:0x440159 [ 73.577875][ T9076] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 73.597457][ T9076] RSP: 002b:00007ffd4511cf68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.605974][ T9076] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440159 [ 73.613975][ T9076] RDX: 0000000020000080 RSI: 00000000c008ae09 RDI: 0000000000000003 [ 73.621963][ T9076] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 73.629923][ T9076] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004019e0 [ 73.637878][ T9076] R13: 0000000000401a70 R14: 0000000000000000 R15: 0000000000000000 [ 73.645837][ T9076] [ 73.648142][ T9076] [ 73.650446][ T9076] Memory state around the buggy address: [ 73.656170][ T9076] ffffc90000d35f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 73.664209][ T9076] ffffc90000d35f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 73.672253][ T9076] >ffffc90000d36000: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 [ 73.680290][ T9076] ^ [ 73.686953][ T9076] ffffc90000d36080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 73.695002][ T9076] ffffc90000d36100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 73.703037][ T9076] ================================================================== [ 73.711074][ T9076] Disabling lock debugging due to kernel taint [ 73.718025][ T9076] Kernel panic - not syncing: panic_on_warn set ... [ 73.724717][ T9076] CPU: 1 PID: 9076 Comm: syz-executor161 Tainted: G B 5.4.0-syzkaller #0 [ 73.736939][ T9076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.746973][ T9076] Call Trace: [ 73.750246][ T9076] dump_stack+0x197/0x210 [ 73.754556][ T9076] panic+0x2e3/0x75c [ 73.758429][ T9076] ? add_taint.cold+0x16/0x16 [ 73.763099][ T9076] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.768722][ T9076] ? preempt_schedule+0x4b/0x60 [ 73.773552][ T9076] ? ___preempt_schedule+0x16/0x18 [ 73.778646][ T9076] ? trace_hardirqs_on+0x5e/0x240 [ 73.783656][ T9076] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.789266][ T9076] end_report+0x47/0x4f [ 73.793398][ T9076] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.799006][ T9076] __kasan_report.cold+0xe/0x41 [ 73.803835][ T9076] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 73.809358][ T9076] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.814970][ T9076] kasan_report+0x12/0x20 [ 73.819278][ T9076] __asan_report_store4_noabort+0x17/0x20 [ 73.824984][ T9076] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 73.830423][ T9076] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 73.836222][ T9076] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 73.842438][ T9076] ? _copy_from_user+0x12c/0x1a0 [ 73.847352][ T9076] kvm_arch_dev_ioctl+0x300/0x4b0 [ 73.852353][ T9076] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 73.858395][ T9076] ? tomoyo_path_number_perm+0x454/0x520 [ 73.864006][ T9076] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 73.870233][ T9076] ? tomoyo_path_number_perm+0x25e/0x520 [ 73.875942][ T9076] kvm_dev_ioctl+0x127/0x17d0 [ 73.880605][ T9076] ? kvm_put_kvm+0xcc0/0xcc0 [ 73.885167][ T9076] ? kvm_put_kvm+0xcc0/0xcc0 [ 73.889747][ T9076] do_vfs_ioctl+0xdb6/0x13e0 [ 73.894315][ T9076] ? compat_ioctl_preallocate+0x210/0x210 [ 73.900026][ T9076] ? perf_trace_initcall_level+0x370/0x420 [ 73.905808][ T9076] ? putname+0xf4/0x130 [ 73.909940][ T9076] ? do_sys_open+0x31d/0x5d0 [ 73.914520][ T9076] ? tomoyo_file_ioctl+0x23/0x30 [ 73.919437][ T9076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 73.925662][ T9076] ? security_file_ioctl+0x8d/0xc0 [ 73.930753][ T9076] ksys_ioctl+0xab/0xd0 [ 73.934884][ T9076] __x64_sys_ioctl+0x73/0xb0 [ 73.939585][ T9076] do_syscall_64+0xfa/0x790 [ 73.944428][ T9076] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.950328][ T9076] RIP: 0033:0x440159 [ 73.954209][ T9076] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 73.973805][ T9076] RSP: 002b:00007ffd4511cf68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.982207][ T9076] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440159 [ 73.990166][ T9076] RDX: 0000000020000080 RSI: 00000000c008ae09 RDI: 0000000000000003 [ 73.998129][ T9076] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 74.006165][ T9076] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004019e0 [ 74.014112][ T9076] R13: 0000000000401a70 R14: 0000000000000000 R15: 0000000000000000 [ 74.023429][ T9076] Kernel Offset: disabled [ 74.027772][ T9076] Rebooting in 86400 seconds..