Debian GNU/Linux 7 syzkaller ttyS0 executing program syzkaller login: [ 14.780954] usercopy: kernel memory overwrite attempt detected to ffff88006be11bd4 (kvm_vcpu) (840 bytes) [ 14.782108] ------------[ cut here ]------------ [ 14.782587] kernel BUG at mm/usercopy.c:84! [ 14.783103] invalid opcode: 0000 [#1] SMP KASAN [ 14.783585] Dumping ftrace buffer: [ 14.783955] (ftrace buffer empty) [ 14.784318] Modules linked in: [ 14.784725] CPU: 1 PID: 2989 Comm: syzkaller263185 Not tainted 4.14.0-rc5-next-20171018+ #8 [ 14.785544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 14.786350] task: ffff8800390d42c0 task.stack: ffff8800391f0000 [ 14.786935] RIP: 0010:__check_object_size+0x3a2/0x4f0 [ 14.787436] RSP: 0018:ffff8800391f7148 EFLAGS: 00010286 [ 14.787961] RAX: 000000000000005d RBX: ffffffff8511a0e0 RCX: 0000000000000000 [ 14.788666] RDX: 000000000000005d RSI: 1ffff1000723ede9 RDI: ffffed000723ee1d [ 14.789373] RBP: ffff8800391f7238 R08: 0000000000000001 R09: 0000000000000000 [ 14.790185] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8511a0a0 [ 14.790959] R13: ffff88006be11bd4 R14: 0000000000000348 R15: ffffea0001af8400 [ 14.791709] FS: 0000000001ac1880(0000) GS:ffff88003ed00000(0000) knlGS:0000000000000000 [ 14.792508] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 14.793073] CR2: 00007ffd4cc44908 CR3: 000000006bea2000 CR4: 00000000000026e0 [ 14.793774] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 14.794557] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 14.795257] Call Trace: [ 14.795518] ? lock_release+0xa40/0xa40 [ 14.795907] ? check_stack_object+0x140/0x140 [ 14.796343] ? check_noncircular+0x20/0x20 [ 14.796768] ? __might_sleep+0x95/0x190 [ 14.797149] kvm_vcpu_ioctl_set_cpuid2+0x75/0x1a0 [ 14.797604] kvm_arch_vcpu_ioctl+0x1718/0x4710 [ 14.798109] ? find_held_lock+0x35/0x1d0 [ 14.798529] ? kvm_arch_vcpu_put+0x3e0/0x3e0 [ 14.798942] ? depot_save_stack+0x3b5/0x490 [ 14.799355] ? lock_downgrade+0x990/0x990 [ 14.799753] ? do_raw_spin_trylock+0x190/0x190 [ 14.800185] ? is_bpf_text_address+0xa4/0x120 [ 14.801212] ? kernel_text_address+0x102/0x140 [ 14.801647] ? __kernel_text_address+0xd/0x40 [ 14.802079] ? unwind_get_return_address+0x61/0xa0 [ 14.802541] ? trace_hardirqs_off+0xd/0x10 [ 14.802943] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 14.803424] ? depot_save_stack+0x3b5/0x490 [ 14.803833] ? __vunmap+0x247/0x2e0 [ 14.804175] ? save_stack+0xa3/0xd0 [ 14.804525] ? lock_acquire+0x1d5/0x580 [ 14.804901] ? lock_acquire+0x1d5/0x580 [ 14.805283] ? vcpu_load+0x1c/0x70 [ 14.805624] ? lock_release+0xa40/0xa40 [ 14.806152] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 14.806710] ? rcu_note_context_switch+0x710/0x710 [ 14.807182] ? __might_sleep+0x95/0x190 [ 14.807666] ? vcpu_load+0x1c/0x70 [ 14.808000] ? __mutex_lock+0x16f/0x19d0 [ 14.808380] ? vcpu_load+0x1c/0x70 [ 14.808724] ? vcpu_load+0x1c/0x70 [ 14.809064] ? trace_hardirqs_off+0xd/0x10 [ 14.809475] ? mutex_lock_io_nested+0x1880/0x1880 [ 14.809969] ? find_held_lock+0x35/0x1d0 [ 14.810389] ? __might_fault+0x110/0x1d0 [ 14.810796] ? lock_downgrade+0x990/0x990 [ 14.811208] ? vmx_vcpu_load+0x9c6/0xdd0 [ 14.811610] ? handle_invept+0x5f0/0x5f0 [ 14.812012] ? __might_sleep+0x95/0x190 [ 14.812405] ? kasan_check_read+0x11/0x20 [ 14.812812] ? _copy_to_user+0xa2/0xc0 [ 14.813199] ? kvm_arch_dev_ioctl+0xc7/0x3b0 [ 14.813635] ? kvm_vm_ioctl_check_extension+0x510/0x510 [ 14.814266] ? kvm_arch_vcpu_load+0x1c1/0x890 [ 14.814706] ? kvm_arch_vcpu_load+0x4b1/0x890 [ 14.815142] ? find_held_lock+0x35/0x1d0 [ 14.815538] ? kvm_arch_dev_ioctl+0x3b0/0x3b0 [ 14.815973] ? __hrtick_start+0x1d0/0x1d0 [ 14.816375] ? avc_has_extended_perms+0x6e5/0x12c0 [ 14.816855] ? vcpu_load+0x4b/0x70 [ 14.817201] kvm_vcpu_ioctl+0x240/0x1010 [ 14.817596] ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0 [ 14.818188] ? is_bpf_text_address+0xa4/0x120 [ 14.818630] ? avc_has_extended_perms+0x7fa/0x12c0 [ 14.819110] ? unwind_get_return_address+0x6e/0xa0 [ 14.819596] ? avc_ss_reset+0x110/0x110 [ 14.820554] ? putname+0xee/0x130 [ 14.820936] ? save_stack+0xa3/0xd0 [ 14.821217] ? save_stack+0x43/0xd0 [ 14.821450] ? kasan_slab_free+0x71/0xc0 [ 14.821714] ? kmem_cache_free+0x77/0x280 [ 14.821998] ? putname+0xee/0x130 [ 14.822219] ? do_sys_open+0x31b/0x6d0 [ 14.822470] ? __lock_is_held+0xb6/0x140 [ 14.822737] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 14.823115] ? rcu_note_context_switch+0x710/0x710 [ 14.823430] ? get_unused_fd_flags+0x190/0x190 [ 14.823736] ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0 [ 14.824072] do_vfs_ioctl+0x1b1/0x1520 [ 14.824323] ? _cond_resched+0x14/0x30 [ 14.824575] ? ioctl_preallocate+0x2b0/0x2b0 [ 14.824870] ? selinux_capable+0x40/0x40 [ 14.825136] ? putname+0xf3/0x130 [ 14.825361] ? do_sys_open+0x320/0x6d0 [ 14.825623] ? security_file_ioctl+0x89/0xb0 [ 14.825909] SyS_ioctl+0x8f/0xc0 [ 14.827117] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 14.827593] RIP: 0033:0x437f57 [ 14.827919] RSP: 002b:00007ffd4cc448f8 EFLAGS: 00000217 ORIG_RAX: 0000000000000010 [ 14.828660] RAX: ffffffffffffffda RBX: 00007ffd4cc44fc0 RCX: 0000000000437f57 [ 14.829394] RDX: 00007ffd4cc44fc0 RSI: 000000004008ae90 RDI: 0000000000000005 [ 14.830193] RBP: 0000000000000082 R08: 0000000000000001 R09: 000000000000007a [ 14.830894] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000000000 [ 14.831615] R13: 00000000004040d0 R14: 0000000000000004 R15: 0000000000000000 [ 14.832335] Code: 48 0f 44 da e8 70 f0 c3 ff 48 8b 85 28 ff ff ff 4d 89 f1 4c 89 e9 4c 89 e2 48 89 de 48 c7 c7 a0 a1 11 85 49 89 c0 e8 c3 fb ad ff <0f> 0b 48 c7 c0 60 9f 11 85 eb 96 48 c7 c0 a0 9f 11 85 eb 8d 48 [ 14.834372] RIP: __check_object_size+0x3a2/0x4f0 RSP: ffff8800391f7148 [ 14.835106] ---[ end trace 452ed6ced4a069b7 ]--- [ 14.835611] Kernel panic - not syncing: Fatal exception [ 14.836938] Dumping ftrace buffer: [ 14.837306] (ftrace buffer empty) [ 14.837675] Kernel Offset: disabled [ 14.838139] Rebooting in 86400 seconds..