[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 66.045725][ T23] audit: type=1800 audit(1575482194.769:25): pid=9017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 66.066749][ T23] audit: type=1800 audit(1575482194.769:26): pid=9017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 66.087646][ T23] audit: type=1800 audit(1575482194.779:27): pid=9017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 76.983563][ T9172] ================================================================== [ 76.991922][ T9172] BUG: KASAN: vmalloc-out-of-bounds in kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.000574][ T9172] Write of size 4 at addr ffffc90000d36050 by task syz-executor885/9172 [ 77.008981][ T9172] [ 77.011295][ T9172] CPU: 0 PID: 9172 Comm: syz-executor885 Not tainted 5.4.0-syzkaller #0 [ 77.019592][ T9172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.029819][ T9172] Call Trace: [ 77.033160][ T9172] dump_stack+0x197/0x210 [ 77.037490][ T9172] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.043293][ T9172] print_address_description.constprop.0.cold+0x5/0x30b [ 77.050248][ T9172] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.055871][ T9172] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.061486][ T9172] __kasan_report.cold+0x1b/0x41 [ 77.066433][ T9172] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 77.071954][ T9172] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.077569][ T9172] kasan_report+0x12/0x20 [ 77.081904][ T9172] __asan_report_store4_noabort+0x17/0x20 [ 77.087629][ T9172] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.093090][ T9172] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 77.098934][ T9172] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 77.105159][ T9172] ? _copy_from_user+0x12c/0x1a0 [ 77.110101][ T9172] kvm_arch_dev_ioctl+0x300/0x4b0 [ 77.115152][ T9172] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 77.121202][ T9172] ? tomoyo_path_number_perm+0x454/0x520 [ 77.126820][ T9172] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 77.133154][ T9172] ? tomoyo_path_number_perm+0x25e/0x520 [ 77.138987][ T9172] kvm_dev_ioctl+0x127/0x17d0 [ 77.143654][ T9172] ? kvm_put_kvm+0xcc0/0xcc0 [ 77.148249][ T9172] ? kvm_put_kvm+0xcc0/0xcc0 [ 77.152822][ T9172] do_vfs_ioctl+0x977/0x14e0 [ 77.157424][ T9172] ? compat_ioctl_preallocate+0x220/0x220 [ 77.163176][ T9172] ? perf_trace_initcall_level+0x370/0x420 [ 77.169034][ T9172] ? putname+0xf4/0x130 [ 77.173198][ T9172] ? do_sys_open+0x31d/0x5d0 [ 77.177821][ T9172] ? tomoyo_file_ioctl+0x23/0x30 [ 77.182763][ T9172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 77.189214][ T9172] ? security_file_ioctl+0x8d/0xc0 [ 77.194613][ T9172] ksys_ioctl+0xab/0xd0 [ 77.198758][ T9172] __x64_sys_ioctl+0x73/0xb0 [ 77.203609][ T9172] do_syscall_64+0xfa/0x790 [ 77.208278][ T9172] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.214343][ T9172] RIP: 0033:0x4401e9 [ 77.218219][ T9172] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.237907][ T9172] RSP: 002b:00007fff9da443c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.246338][ T9172] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401e9 [ 77.254677][ T9172] RDX: 0000000020000000 RSI: 00000000c008ae09 RDI: 0000000000000003 [ 77.262693][ T9172] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 77.270666][ T9172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a70 [ 77.278730][ T9172] R13: 0000000000401b00 R14: 0000000000000000 R15: 0000000000000000 [ 77.286707][ T9172] [ 77.289189][ T9172] [ 77.291523][ T9172] Memory state around the buggy address: [ 77.297191][ T9172] ffffc90000d35f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.305341][ T9172] ffffc90000d35f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.313510][ T9172] >ffffc90000d36000: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 [ 77.321563][ T9172] ^ [ 77.328339][ T9172] ffffc90000d36080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.336398][ T9172] ffffc90000d36100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.344457][ T9172] ================================================================== [ 77.352661][ T9172] Disabling lock debugging due to kernel taint [ 77.359777][ T9172] Kernel panic - not syncing: panic_on_warn set ... [ 77.366580][ T9172] CPU: 0 PID: 9172 Comm: syz-executor885 Tainted: G B 5.4.0-syzkaller #0 [ 77.376395][ T9172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.386434][ T9172] Call Trace: [ 77.389807][ T9172] dump_stack+0x197/0x210 [ 77.394221][ T9172] panic+0x2e3/0x75c [ 77.398199][ T9172] ? add_taint.cold+0x16/0x16 [ 77.402881][ T9172] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.408623][ T9172] ? preempt_schedule+0x4b/0x60 [ 77.413487][ T9172] ? ___preempt_schedule+0x16/0x18 [ 77.418607][ T9172] ? trace_hardirqs_on+0x5e/0x240 [ 77.423644][ T9172] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.429487][ T9172] end_report+0x47/0x4f [ 77.433732][ T9172] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.439370][ T9172] __kasan_report.cold+0xe/0x41 [ 77.444296][ T9172] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 77.449843][ T9172] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.455513][ T9172] kasan_report+0x12/0x20 [ 77.459875][ T9172] __asan_report_store4_noabort+0x17/0x20 [ 77.465605][ T9172] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 77.471407][ T9172] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 77.477396][ T9172] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 77.483718][ T9172] ? _copy_from_user+0x12c/0x1a0 [ 77.488783][ T9172] kvm_arch_dev_ioctl+0x300/0x4b0 [ 77.493811][ T9172] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 77.499860][ T9172] ? tomoyo_path_number_perm+0x454/0x520 [ 77.505562][ T9172] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 77.511779][ T9172] ? tomoyo_path_number_perm+0x25e/0x520 [ 77.517399][ T9172] kvm_dev_ioctl+0x127/0x17d0 [ 77.522818][ T9172] ? kvm_put_kvm+0xcc0/0xcc0 [ 77.527399][ T9172] ? kvm_put_kvm+0xcc0/0xcc0 [ 77.532080][ T9172] do_vfs_ioctl+0x977/0x14e0 [ 77.536660][ T9172] ? compat_ioctl_preallocate+0x220/0x220 [ 77.542444][ T9172] ? perf_trace_initcall_level+0x370/0x420 [ 77.548233][ T9172] ? putname+0xf4/0x130 [ 77.552364][ T9172] ? do_sys_open+0x31d/0x5d0 [ 77.556967][ T9172] ? tomoyo_file_ioctl+0x23/0x30 [ 77.561891][ T9172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 77.568199][ T9172] ? security_file_ioctl+0x8d/0xc0 [ 77.573288][ T9172] ksys_ioctl+0xab/0xd0 [ 77.577515][ T9172] __x64_sys_ioctl+0x73/0xb0 [ 77.582102][ T9172] do_syscall_64+0xfa/0x790 [ 77.586587][ T9172] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.592497][ T9172] RIP: 0033:0x4401e9 [ 77.596391][ T9172] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.616175][ T9172] RSP: 002b:00007fff9da443c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.624581][ T9172] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401e9 [ 77.632631][ T9172] RDX: 0000000020000000 RSI: 00000000c008ae09 RDI: 0000000000000003 [ 77.640583][ T9172] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 77.648631][ T9172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a70 [ 77.656595][ T9172] R13: 0000000000401b00 R14: 0000000000000000 R15: 0000000000000000 [ 77.666465][ T9172] Kernel Offset: disabled [ 77.670811][ T9172] Rebooting in 86400 seconds..