[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.842487][ T23] audit: type=1800 audit(1575339329.067:25): pid=8801 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.863647][ T23] audit: type=1800 audit(1575339329.067:26): pid=8801 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.917733][ T23] audit: type=1800 audit(1575339329.067:27): pid=8801 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.117' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.347689][ T8956] ================================================================== [ 69.355999][ T8956] BUG: KASAN: vmalloc-out-of-bounds in kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.364558][ T8956] Write of size 4 at addr ffffc90000d36050 by task syz-executor143/8956 [ 69.372860][ T8956] [ 69.375169][ T8956] CPU: 0 PID: 8956 Comm: syz-executor143 Not tainted 5.4.0-syzkaller #0 [ 69.383466][ T8956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.393517][ T8956] Call Trace: [ 69.396789][ T8956] dump_stack+0x197/0x210 [ 69.401095][ T8956] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.406720][ T8956] print_address_description.constprop.0.cold+0x5/0x30b [ 69.413738][ T8956] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.419502][ T8956] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.425120][ T8956] __kasan_report.cold+0x1b/0x41 [ 69.430043][ T8956] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 69.435626][ T8956] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.441240][ T8956] kasan_report+0x12/0x20 [ 69.445562][ T8956] __asan_report_store4_noabort+0x17/0x20 [ 69.451274][ T8956] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.456730][ T8956] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 69.462521][ T8956] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 69.468740][ T8956] ? _copy_from_user+0x12c/0x1a0 [ 69.473660][ T8956] kvm_arch_dev_ioctl+0x300/0x4b0 [ 69.478678][ T8956] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 69.484730][ T8956] ? tomoyo_path_number_perm+0x454/0x520 [ 69.490345][ T8956] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 69.496590][ T8956] ? tomoyo_path_number_perm+0x25e/0x520 [ 69.502225][ T8956] kvm_dev_ioctl+0x127/0x17d0 [ 69.506885][ T8956] ? kvm_put_kvm+0xcc0/0xcc0 [ 69.511455][ T8956] ? kvm_put_kvm+0xcc0/0xcc0 [ 69.516043][ T8956] do_vfs_ioctl+0xdb6/0x13e0 [ 69.520614][ T8956] ? compat_ioctl_preallocate+0x210/0x210 [ 69.526410][ T8956] ? kmem_cache_free+0x26b/0x320 [ 69.531327][ T8956] ? putname+0xf4/0x130 [ 69.535471][ T8956] ? do_sys_open+0x31d/0x5d0 [ 69.540041][ T8956] ? tomoyo_file_ioctl+0x23/0x30 [ 69.544956][ T8956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.551172][ T8956] ? security_file_ioctl+0x8d/0xc0 [ 69.556272][ T8956] ksys_ioctl+0xab/0xd0 [ 69.560418][ T8956] __x64_sys_ioctl+0x73/0xb0 [ 69.565003][ T8956] do_syscall_64+0xfa/0x790 [ 69.569489][ T8956] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.575359][ T8956] RIP: 0033:0x440209 [ 69.579246][ T8956] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.598842][ T8956] RSP: 002b:00007ffe8da91bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.607236][ T8956] RAX: ffffffffffffffda RBX: 00007ffe8da91bd0 RCX: 0000000000440209 [ 69.615271][ T8956] RDX: 0000000020000240 RSI: 00000000c008ae09 RDI: 0000000000000004 [ 69.623217][ T8956] RBP: 00000000006ca018 R08: 0000000000000016 R09: 68742f636f72702f [ 69.631163][ T8956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401af0 [ 69.639109][ T8956] R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000 [ 69.647162][ T8956] [ 69.649462][ T8956] [ 69.651777][ T8956] Memory state around the buggy address: [ 69.657386][ T8956] ffffc90000d35f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 69.665422][ T8956] ffffc90000d35f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 69.673458][ T8956] >ffffc90000d36000: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 [ 69.681490][ T8956] ^ [ 69.688139][ T8956] ffffc90000d36080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 69.696188][ T8956] ffffc90000d36100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 69.704233][ T8956] ================================================================== [ 69.712277][ T8956] Disabling lock debugging due to kernel taint [ 69.719650][ T8956] Kernel panic - not syncing: panic_on_warn set ... [ 69.726241][ T8956] CPU: 0 PID: 8956 Comm: syz-executor143 Tainted: G B 5.4.0-syzkaller #0 [ 69.735923][ T8956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.745952][ T8956] Call Trace: [ 69.749221][ T8956] dump_stack+0x197/0x210 [ 69.753542][ T8956] panic+0x2e3/0x75c [ 69.757413][ T8956] ? add_taint.cold+0x16/0x16 [ 69.762066][ T8956] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.767671][ T8956] ? preempt_schedule+0x4b/0x60 [ 69.772498][ T8956] ? ___preempt_schedule+0x16/0x18 [ 69.777587][ T8956] ? trace_hardirqs_on+0x5e/0x240 [ 69.782601][ T8956] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.788210][ T8956] end_report+0x47/0x4f [ 69.792342][ T8956] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.797947][ T8956] __kasan_report.cold+0xe/0x41 [ 69.802775][ T8956] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 69.808294][ T8956] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.813901][ T8956] kasan_report+0x12/0x20 [ 69.818208][ T8956] __asan_report_store4_noabort+0x17/0x20 [ 69.823979][ T8956] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.829457][ T8956] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 69.835304][ T8956] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 69.841520][ T8956] ? _copy_from_user+0x12c/0x1a0 [ 69.846485][ T8956] kvm_arch_dev_ioctl+0x300/0x4b0 [ 69.851486][ T8956] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 69.857532][ T8956] ? tomoyo_path_number_perm+0x454/0x520 [ 69.863144][ T8956] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 69.869362][ T8956] ? tomoyo_path_number_perm+0x25e/0x520 [ 69.874974][ T8956] kvm_dev_ioctl+0x127/0x17d0 [ 69.879626][ T8956] ? kvm_put_kvm+0xcc0/0xcc0 [ 69.884193][ T8956] ? kvm_put_kvm+0xcc0/0xcc0 [ 69.888761][ T8956] do_vfs_ioctl+0xdb6/0x13e0 [ 69.893328][ T8956] ? compat_ioctl_preallocate+0x210/0x210 [ 69.899021][ T8956] ? kmem_cache_free+0x26b/0x320 [ 69.903933][ T8956] ? putname+0xf4/0x130 [ 69.908064][ T8956] ? do_sys_open+0x31d/0x5d0 [ 69.912642][ T8956] ? tomoyo_file_ioctl+0x23/0x30 [ 69.917557][ T8956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.923784][ T8956] ? security_file_ioctl+0x8d/0xc0 [ 69.928869][ T8956] ksys_ioctl+0xab/0xd0 [ 69.932999][ T8956] __x64_sys_ioctl+0x73/0xb0 [ 69.937585][ T8956] do_syscall_64+0xfa/0x790 [ 69.942068][ T8956] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.947932][ T8956] RIP: 0033:0x440209 [ 69.952669][ T8956] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.972248][ T8956] RSP: 002b:00007ffe8da91bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.980632][ T8956] RAX: ffffffffffffffda RBX: 00007ffe8da91bd0 RCX: 0000000000440209 [ 69.988589][ T8956] RDX: 0000000020000240 RSI: 00000000c008ae09 RDI: 0000000000000004 [ 69.996541][ T8956] RBP: 00000000006ca018 R08: 0000000000000016 R09: 68742f636f72702f [ 70.004768][ T8956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401af0 [ 70.012730][ T8956] R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000 [ 70.022030][ T8956] Kernel Offset: disabled [ 70.026352][ T8956] Rebooting in 86400 seconds..