executing program syzkaller login: [ 17.355129] usercopy: kernel memory overwrite attempt detected to ffff880069ff9bd4 (kvm_vcpu) (80 bytes) [ 17.355808] ------------[ cut here ]------------ [ 17.356143] kernel BUG at mm/usercopy.c:84! [ 17.356408] invalid opcode: 0000 [#1] SMP KASAN [ 17.356701] Dumping ftrace buffer: [ 17.356923] (ftrace buffer empty) [ 17.357163] Modules linked in: [ 17.357365] CPU: 3 PID: 2971 Comm: syzkaller846689 Not tainted 4.14.0-rc5-next-20171018+ #8 [ 17.359029] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 17.359768] task: ffff880069dc48c0 task.stack: ffff88006d258000 [ 17.360310] RIP: 0010:__check_object_size+0x3a2/0x4f0 [ 17.360778] RSP: 0018:ffff88006d25f148 EFLAGS: 00010286 [ 17.361270] RAX: 000000000000005c RBX: ffffffff8511a0e0 RCX: 0000000000000000 [ 17.361942] RDX: 000000000000005c RSI: 1ffff1000da4bde9 RDI: ffffed000da4be1d [ 17.362593] RBP: ffff88006d25f238 R08: 0000000000000001 R09: 0000000000000000 [ 17.363245] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8511a0a0 [ 17.363908] R13: ffff880069ff9bd4 R14: 0000000000000050 R15: ffffea0001a7fe00 [ 17.364565] FS: 00000000018a8880(0000) GS:ffff88006df00000(0000) knlGS:0000000000000000 [ 17.365289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 17.365924] CR2: 0000000020ccbfe3 CR3: 000000003b170000 CR4: 00000000000026e0 [ 17.366608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 17.367264] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 17.367906] Call Trace: [ 17.368150] ? lock_release+0xa40/0xa40 [ 17.368520] ? check_stack_object+0x140/0x140 [ 17.368939] ? __might_sleep+0x95/0x190 [ 17.369310] kvm_vcpu_ioctl_set_cpuid2+0x75/0x1a0 [ 17.369851] kvm_arch_vcpu_ioctl+0x1718/0x4710 [ 17.370273] ? kvm_arch_vcpu_put+0x3e0/0x3e0 [ 17.370676] ? __lru_cache_add+0x2a4/0x410 [ 17.371056] ? __pagevec_lru_add+0x30/0x30 [ 17.371327] ? save_stack+0xa3/0xd0 [ 17.371609] ? save_stack+0x43/0xd0 [ 17.371971] ? kasan_kmalloc+0xad/0xe0 [ 17.372445] ? print_irqtrace_events+0x270/0x270 [ 17.372752] ? __handle_mm_fault+0x1827/0x39c0 [ 17.373061] ? check_noncircular+0x20/0x20 [ 17.373315] ? lru_cache_add+0x1c7/0x3a0 [ 17.373581] ? get_mem_cgroup_from_mm+0x710/0x710 [ 17.374142] ? lru_cache_add_file+0x20/0x20 [ 17.374546] ? lock_acquire+0x1d5/0x580 [ 17.374864] ? lock_acquire+0x1d5/0x580 [ 17.375159] ? vcpu_load+0x1c/0x70 [ 17.375411] ? lock_release+0xa40/0xa40 [ 17.375712] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.376149] ? rcu_note_context_switch+0x710/0x710 [ 17.376501] ? __might_sleep+0x95/0x190 [ 17.376789] ? vcpu_load+0x1c/0x70 [ 17.377051] ? __mutex_lock+0x16f/0x19d0 [ 17.377343] ? vcpu_load+0x1c/0x70 [ 17.377588] ? trace_event_raw_event_sched_switch+0x840/0x8a0 [ 17.378157] ? vcpu_load+0x1c/0x70 [ 17.378474] ? _cond_resched+0x14/0x30 [ 17.378802] ? mutex_lock_io_nested+0x1880/0x1880 [ 17.379154] ? _raw_spin_unlock+0x22/0x30 [ 17.379404] ? do_huge_pmd_anonymous_page+0xb21/0x1b00 [ 17.379745] ? __thp_get_unmapped_area+0x130/0x130 [ 17.380107] ? kvm_arch_end_assignment+0x20/0x20 [ 17.380397] ? vmx_vcpu_load+0x9c6/0xdd0 [ 17.380644] ? handle_invept+0x5f0/0x5f0 [ 17.380922] ? trace_hardirqs_on+0xd/0x10 [ 17.381231] ? queue_delayed_work_on+0x10d/0x1d0 [ 17.381620] ? kvm_arch_vcpu_postcreate+0xb6/0x230 [ 17.386030] ? refcount_add+0x60/0x60 [ 17.386559] ? kvm_arch_vcpu_create+0x1a0/0x1a0 [ 17.387048] ? fd_install+0x4d/0x60 [ 17.387418] ? kvm_vm_ioctl+0x220/0x1c40 [ 17.387845] ? kfree+0xe4/0x250 [ 17.388200] ? kvm_arch_vcpu_load+0x1c1/0x890 [ 17.388670] ? kvm_arch_vcpu_load+0x4b1/0x890 [ 17.389147] ? kvm_arch_dev_ioctl+0x3b0/0x3b0 [ 17.389624] ? __hrtick_start+0x1d0/0x1d0 [ 17.390938] ? vcpu_load+0x4b/0x70 [ 17.391268] kvm_vcpu_ioctl+0x240/0x1010 [ 17.391640] ? __pmd_alloc+0x4e0/0x4e0 [ 17.392000] ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0 [ 17.392486] ? find_held_lock+0x35/0x1d0 [ 17.392869] ? handle_mm_fault+0x248/0x8d0 [ 17.393259] ? find_held_lock+0x35/0x1d0 [ 17.394613] ? __do_page_fault+0x64c/0xd60 [ 17.395008] ? lock_downgrade+0x990/0x990 [ 17.395393] ? handle_mm_fault+0x410/0x8d0 [ 17.395779] ? down_read_trylock+0xdb/0x170 [ 17.396175] ? __do_page_fault+0x31e/0xd60 [ 17.396562] ? __handle_mm_fault+0x39c0/0x39c0 [ 17.396978] ? vmacache_find+0x5f/0x280 [ 17.397348] ? up_read+0x1a/0x40 [ 17.401725] ? __do_page_fault+0x3d6/0xd60 [ 17.405051] ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0 [ 17.405534] do_vfs_ioctl+0x1b1/0x1520 [ 17.405903] ? _cond_resched+0x14/0x30 [ 17.406265] ? ioctl_preallocate+0x2b0/0x2b0 [ 17.406669] ? selinux_capable+0x40/0x40 [ 17.407041] ? putname+0xf3/0x130 [ 17.407368] ? security_file_ioctl+0x89/0xb0 [ 17.407771] SyS_ioctl+0x8f/0xc0 [ 17.408085] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 17.408515] RIP: 0033:0x434f89 [ 17.408806] RSP: 002b:00007ffe4b4d1728 EFLAGS: 00000203 ORIG_RAX: 0000000000000010 [ 17.409515] RAX: ffffffffffffffda RBX: 00000000004002b0 RCX: 0000000000434f89 [ 17.410238] RDX: 0000000020ccbfe3 RSI: 000000004008ae90 RDI: 0000000000000005 [ 17.410898] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 [ 17.411552] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000000000 [ 17.412206] R13: 0000000000401900 R14: 0000000000401990 R15: 0000000000000000 [ 17.412866] Code: 48 0f 44 da e8 70 f0 c3 ff 48 8b 85 28 ff ff ff 4d 89 f1 4c 89 e9 4c 89 e2 48 89 de 48 c7 c7 a0 a1 11 85 49 89 c0 e8 c3 fb ad ff <0f> 0b 48 c7 c0 60 9f 11 85 eb 96 48 c7 c0 a0 9f 11 85 eb 8d 48 [ 17.414796] RIP: __check_object_size+0x3a2/0x4f0 RSP: ffff88006d25f148 [ 17.415433] ---[ end trace 450cc42fc4ecf7b8 ]--- [ 17.415871] Kernel panic - not syncing: Fatal exception [ 17.417717] Dumping ftrace buffer: [ 17.418111] (ftrace buffer empty) [ 17.418518] Kernel Offset: disabled [ 17.418903] Rebooting in 86400 seconds..