[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 61.428953][ T23] audit: type=1800 audit(1575365418.358:25): pid=8815 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 61.449046][ T23] audit: type=1800 audit(1575365418.358:26): pid=8815 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 61.483852][ T23] audit: type=1800 audit(1575365418.368:27): pid=8815 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.789695][ T8966] ================================================================== [ 69.798922][ T8966] BUG: KASAN: vmalloc-out-of-bounds in kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.807493][ T8966] Write of size 4 at addr ffffc90000d36050 by task syz-executor086/8966 [ 69.815805][ T8966] [ 69.818130][ T8966] CPU: 1 PID: 8966 Comm: syz-executor086 Not tainted 5.4.0-syzkaller #0 [ 69.826428][ T8966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.836462][ T8966] Call Trace: [ 69.839750][ T8966] dump_stack+0x197/0x210 [ 69.844071][ T8966] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.849686][ T8966] print_address_description.constprop.0.cold+0x5/0x30b [ 69.856600][ T8966] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.862210][ T8966] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.867924][ T8966] __kasan_report.cold+0x1b/0x41 [ 69.872865][ T8966] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 69.878388][ T8966] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.884023][ T8966] kasan_report+0x12/0x20 [ 69.888356][ T8966] __asan_report_store4_noabort+0x17/0x20 [ 69.894079][ T8966] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 69.899534][ T8966] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 69.905340][ T8966] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 69.911597][ T8966] ? _copy_from_user+0x12c/0x1a0 [ 69.916543][ T8966] kvm_arch_dev_ioctl+0x300/0x4b0 [ 69.921550][ T8966] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 69.927692][ T8966] ? tomoyo_path_number_perm+0x454/0x520 [ 69.933306][ T8966] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 69.939532][ T8966] ? tomoyo_path_number_perm+0x25e/0x520 [ 69.945157][ T8966] kvm_dev_ioctl+0x127/0x17d0 [ 69.949834][ T8966] ? kvm_put_kvm+0xcc0/0xcc0 [ 69.954413][ T8966] ? kvm_put_kvm+0xcc0/0xcc0 [ 69.958985][ T8966] do_vfs_ioctl+0xdb6/0x13e0 [ 69.963553][ T8966] ? compat_ioctl_preallocate+0x210/0x210 [ 69.969283][ T8966] ? kmem_cache_free+0x26b/0x320 [ 69.974199][ T8966] ? putname+0xf4/0x130 [ 69.978343][ T8966] ? do_sys_open+0x31d/0x5d0 [ 69.982923][ T8966] ? tomoyo_file_ioctl+0x23/0x30 [ 69.987838][ T8966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.994076][ T8966] ? security_file_ioctl+0x8d/0xc0 [ 69.999198][ T8966] ksys_ioctl+0xab/0xd0 [ 70.003381][ T8966] __x64_sys_ioctl+0x73/0xb0 [ 70.007970][ T8966] do_syscall_64+0xfa/0x790 [ 70.012457][ T8966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.018459][ T8966] RIP: 0033:0x440209 [ 70.022429][ T8966] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.043751][ T8966] RSP: 002b:00007ffcf5486ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.052166][ T8966] RAX: ffffffffffffffda RBX: 00007ffcf5487000 RCX: 0000000000440209 [ 70.060119][ T8966] RDX: 0000000020000240 RSI: 00000000c008ae09 RDI: 0000000000000004 [ 70.068068][ T8966] RBP: 00000000006ca018 R08: 0000000000000016 R09: 68742f636f72702f [ 70.076019][ T8966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401af0 [ 70.083970][ T8966] R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000 [ 70.091939][ T8966] [ 70.094240][ T8966] [ 70.096541][ T8966] Memory state around the buggy address: [ 70.102151][ T8966] ffffc90000d35f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 70.110187][ T8966] ffffc90000d35f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 70.118234][ T8966] >ffffc90000d36000: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 [ 70.126299][ T8966] ^ [ 70.132987][ T8966] ffffc90000d36080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 70.141028][ T8966] ffffc90000d36100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 70.149758][ T8966] ================================================================== [ 70.157805][ T8966] Disabling lock debugging due to kernel taint [ 70.164434][ T8966] Kernel panic - not syncing: panic_on_warn set ... [ 70.171022][ T8966] CPU: 1 PID: 8966 Comm: syz-executor086 Tainted: G B 5.4.0-syzkaller #0 [ 70.180730][ T8966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.190767][ T8966] Call Trace: [ 70.194046][ T8966] dump_stack+0x197/0x210 [ 70.198442][ T8966] panic+0x2e3/0x75c [ 70.202314][ T8966] ? add_taint.cold+0x16/0x16 [ 70.206979][ T8966] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.212599][ T8966] ? preempt_schedule+0x4b/0x60 [ 70.217533][ T8966] ? ___preempt_schedule+0x16/0x18 [ 70.222771][ T8966] ? trace_hardirqs_on+0x5e/0x240 [ 70.227795][ T8966] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.233457][ T8966] end_report+0x47/0x4f [ 70.237653][ T8966] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.243273][ T8966] __kasan_report.cold+0xe/0x41 [ 70.248107][ T8966] ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b [ 70.253627][ T8966] ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.259236][ T8966] kasan_report+0x12/0x20 [ 70.263543][ T8966] __asan_report_store4_noabort+0x17/0x20 [ 70.269333][ T8966] kvm_dev_ioctl_get_cpuid+0xad7/0xb0b [ 70.274781][ T8966] ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160 [ 70.280583][ T8966] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 70.286810][ T8966] ? _copy_from_user+0x12c/0x1a0 [ 70.291735][ T8966] kvm_arch_dev_ioctl+0x300/0x4b0 [ 70.296747][ T8966] ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0 [ 70.302810][ T8966] ? tomoyo_path_number_perm+0x454/0x520 [ 70.308418][ T8966] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.315155][ T8966] ? tomoyo_path_number_perm+0x25e/0x520 [ 70.320763][ T8966] kvm_dev_ioctl+0x127/0x17d0 [ 70.325478][ T8966] ? kvm_put_kvm+0xcc0/0xcc0 [ 70.330060][ T8966] ? kvm_put_kvm+0xcc0/0xcc0 [ 70.334645][ T8966] do_vfs_ioctl+0xdb6/0x13e0 [ 70.339261][ T8966] ? compat_ioctl_preallocate+0x210/0x210 [ 70.344968][ T8966] ? kmem_cache_free+0x26b/0x320 [ 70.349931][ T8966] ? putname+0xf4/0x130 [ 70.354466][ T8966] ? do_sys_open+0x31d/0x5d0 [ 70.359053][ T8966] ? tomoyo_file_ioctl+0x23/0x30 [ 70.363968][ T8966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.370183][ T8966] ? security_file_ioctl+0x8d/0xc0 [ 70.375283][ T8966] ksys_ioctl+0xab/0xd0 [ 70.379424][ T8966] __x64_sys_ioctl+0x73/0xb0 [ 70.383999][ T8966] do_syscall_64+0xfa/0x790 [ 70.388492][ T8966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.394423][ T8966] RIP: 0033:0x440209 [ 70.398346][ T8966] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.418714][ T8966] RSP: 002b:00007ffcf5486ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.427103][ T8966] RAX: ffffffffffffffda RBX: 00007ffcf5487000 RCX: 0000000000440209 [ 70.435050][ T8966] RDX: 0000000020000240 RSI: 00000000c008ae09 RDI: 0000000000000004 [ 70.442998][ T8966] RBP: 00000000006ca018 R08: 0000000000000016 R09: 68742f636f72702f [ 70.450948][ T8966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401af0 [ 70.458895][ T8966] R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000 [ 70.468371][ T8966] Kernel Offset: disabled [ 70.472695][ T8966] Rebooting in 86400 seconds..