[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 60.876973][ T23] audit: type=1800 audit(1575337174.578:25): pid=8797 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 60.897635][ T23] audit: type=1800 audit(1575337174.578:26): pid=8797 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 60.954346][ T23] audit: type=1800 audit(1575337174.578:27): pid=8797 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 70.464956][ T8950] ================================================================== [ 70.473236][ T8950] BUG: KASAN: vmalloc-out-of-bounds in kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.481982][ T8950] Write of size 4 at addr ffffc90000d36050 by task syz-executor352/8950 [ 70.490628][ T8950] [ 70.492962][ T8950] CPU: 0 PID: 8950 Comm: syz-executor352 Not tainted 5.4.0-syzkaller #0 [ 70.501368][ T8950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.511455][ T8950] Call Trace: [ 70.515090][ T8950] dump_stack+0x197/0x210 [ 70.519418][ T8950] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.525046][ T8950] print_address_description.constprop.0.cold+0x5/0x30b [ 70.532143][ T8950] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.537856][ T8950] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.543499][ T8950] __kasan_report.cold+0x1b/0x41 [ 70.548434][ T8950] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 70.553992][ T8950] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.559783][ T8950] kasan_report+0x12/0x20 [ 70.564241][ T8950] __asan_report_store4_noabort+0x17/0x20 [ 70.570001][ T8950] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.575737][ T8950] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 70.581662][ T8950] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 70.588043][ T8950] ? _copy_from_user+0x12c/0x1a0 [ 70.593004][ T8950] kvm_arch_dev_ioctl+0x300/0x4b0 [ 70.598062][ T8950] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 70.604152][ T8950] ? tomoyo_path_number_perm+0x454/0x520 [ 70.609786][ T8950] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.616024][ T8950] ? tomoyo_path_number_perm+0x25e/0x520 [ 70.621643][ T8950] kvm_dev_ioctl+0x127/0x17d0 [ 70.626312][ T8950] ? kvm_put_kvm+0xcc0/0xcc0 [ 70.630894][ T8950] ? kvm_put_kvm+0xcc0/0xcc0 [ 70.635469][ T8950] do_vfs_ioctl+0xdb6/0x13e0 [ 70.640041][ T8950] ? compat_ioctl_preallocate+0x210/0x210 [ 70.645761][ T8950] ? perf_trace_initcall_level+0x370/0x420 [ 70.651553][ T8950] ? putname+0xf4/0x130 [ 70.655693][ T8950] ? do_sys_open+0x31d/0x5d0 [ 70.660269][ T8950] ? tomoyo_file_ioctl+0x23/0x30 [ 70.665226][ T8950] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.671469][ T8950] ? security_file_ioctl+0x8d/0xc0 [ 70.676588][ T8950] ksys_ioctl+0xab/0xd0 [ 70.680883][ T8950] __x64_sys_ioctl+0x73/0xb0 [ 70.685470][ T8950] do_syscall_64+0xfa/0x790 [ 70.689961][ T8950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.695834][ T8950] RIP: 0033:0x440199 [ 70.699799][ T8950] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.719508][ T8950] RSP: 002b:00007ffd23b0e278 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.728255][ T8950] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440199 [ 70.736498][ T8950] RDX: 0000000020000000 RSI: 00000000c008ae09 RDI: 0000000000000003 [ 70.744492][ T8950] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 70.752451][ T8950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a20 [ 70.760566][ T8950] R13: 0000000000401ab0 R14: 0000000000000000 R15: 0000000000000000 [ 70.768688][ T8950] [ 70.771007][ T8950] [ 70.774012][ T8950] Memory state around the buggy address: [ 70.779689][ T8950] ffffc90000d35f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 70.787870][ T8950] ffffc90000d35f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 70.795931][ T8950] >ffffc90000d36000: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 [ 70.803975][ T8950] ^ [ 70.810720][ T8950] ffffc90000d36080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 70.818766][ T8950] ffffc90000d36100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 70.827154][ T8950] ================================================================== [ 70.835385][ T8950] Disabling lock debugging due to kernel taint [ 70.842769][ T8950] Kernel panic - not syncing: panic_on_warn set ... [ 70.849389][ T8950] CPU: 0 PID: 8950 Comm: syz-executor352 Tainted: G B 5.4.0-syzkaller #0 [ 70.859106][ T8950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.869151][ T8950] Call Trace: [ 70.872449][ T8950] dump_stack+0x197/0x210 [ 70.876763][ T8950] panic+0x2e3/0x75c [ 70.880639][ T8950] ? add_taint.cold+0x16/0x16 [ 70.885303][ T8950] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.890916][ T8950] ? preempt_schedule+0x4b/0x60 [ 70.895779][ T8950] ? ___preempt_schedule+0x16/0x18 [ 70.900875][ T8950] ? trace_hardirqs_on+0x5e/0x240 [ 70.905881][ T8950] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.911498][ T8950] end_report+0x47/0x4f [ 70.915639][ T8950] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.921290][ T8950] __kasan_report.cold+0xe/0x41 [ 70.926171][ T8950] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 70.931702][ T8950] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.937364][ T8950] kasan_report+0x12/0x20 [ 70.941722][ T8950] __asan_report_store4_noabort+0x17/0x20 [ 70.947440][ T8950] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.952886][ T8950] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 70.958681][ T8950] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 70.964911][ T8950] ? _copy_from_user+0x12c/0x1a0 [ 70.969872][ T8950] kvm_arch_dev_ioctl+0x300/0x4b0 [ 70.974959][ T8950] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 70.981258][ T8950] ? tomoyo_path_number_perm+0x454/0x520 [ 70.987049][ T8950] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.993309][ T8950] ? tomoyo_path_number_perm+0x25e/0x520 [ 70.999477][ T8950] kvm_dev_ioctl+0x127/0x17d0 [ 71.004219][ T8950] ? kvm_put_kvm+0xcc0/0xcc0 [ 71.008837][ T8950] ? kvm_put_kvm+0xcc0/0xcc0 [ 71.013543][ T8950] do_vfs_ioctl+0xdb6/0x13e0 [ 71.018275][ T8950] ? compat_ioctl_preallocate+0x210/0x210 [ 71.023997][ T8950] ? perf_trace_initcall_level+0x370/0x420 [ 71.029828][ T8950] ? putname+0xf4/0x130 [ 71.034152][ T8950] ? do_sys_open+0x31d/0x5d0 [ 71.038813][ T8950] ? tomoyo_file_ioctl+0x23/0x30 [ 71.043737][ T8950] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 71.050005][ T8950] ? security_file_ioctl+0x8d/0xc0 [ 71.055103][ T8950] ksys_ioctl+0xab/0xd0 [ 71.059251][ T8950] __x64_sys_ioctl+0x73/0xb0 [ 71.063829][ T8950] do_syscall_64+0xfa/0x790 [ 71.068318][ T8950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.074186][ T8950] RIP: 0033:0x440199 [ 71.078073][ T8950] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.097781][ T8950] RSP: 002b:00007ffd23b0e278 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 71.106173][ T8950] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440199 [ 71.114119][ T8950] RDX: 0000000020000000 RSI: 00000000c008ae09 RDI: 0000000000000003 [ 71.122080][ T8950] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 71.130045][ T8950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a20 [ 71.137994][ T8950] R13: 0000000000401ab0 R14: 0000000000000000 R15: 0000000000000000 [ 71.147235][ T8950] Kernel Offset: disabled [ 71.151580][ T8950] Rebooting in 86400 seconds..