INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-386-2,10.128.15.213' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.683831] ================================================================== [ 31.684979] BUG: KASAN: global-out-of-bounds in show_timer+0x278/0x2b0 [ 31.685857] Read of size 8 at addr ffffffff85352a20 by task syzkaller615263/3083 [ 31.686843] [ 31.687079] CPU: 0 PID: 3083 Comm: syzkaller615263 Not tainted 4.15.0-rc1+ #115 [ 31.688055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.689275] Call Trace: [ 31.689634] dump_stack+0x194/0x257 [ 31.690128] ? arch_local_irq_restore+0x53/0x53 [ 31.690754] ? show_regs_print_info+0x65/0x65 [ 31.691359] ? seq_printf+0xb3/0xe0 [ 31.691876] ? show_timer+0x278/0x2b0 [ 31.692392] print_address_description+0x178/0x250 [ 31.693104] ? show_timer+0x278/0x2b0 [ 31.693635] kasan_report+0x25b/0x340 [ 31.694151] __asan_report_load8_noabort+0x14/0x20 [ 31.694808] show_timer+0x278/0x2b0 [ 31.695297] ? timers_start+0x14c/0x1c0 [ 31.695887] traverse+0x248/0xa00 [ 31.696363] ? seq_hlist_next+0xc0/0xc0 [ 31.696912] seq_read+0x96a/0x13d0 [ 31.697406] ? seq_lseek+0x3c0/0x3c0 [ 31.697912] ? selinux_file_permission+0x82/0x460 [ 31.698564] ? security_file_permission+0x89/0x1f0 [ 31.699227] ? rw_verify_area+0xe5/0x2b0 [ 31.699792] do_iter_read+0x3db/0x5b0 [ 31.700308] ? iov_iter_get_pages+0x1150/0x1150 [ 31.700979] compat_readv+0x1bf/0x270 [ 31.701493] ? vfs_iter_read+0xb0/0xb0 [ 31.702027] ? fget_raw+0x20/0x20 [ 31.702502] ? down_read_trylock+0xdb/0x170 [ 31.703099] ? __do_page_fault+0x32d/0xc90 [ 31.703669] ? __handle_mm_fault+0x3e20/0x3e20 [ 31.704281] ? vmacache_find+0x5f/0x280 [ 31.708238] do_compat_preadv64+0xdc/0x100 [ 31.712449] ? do_compat_preadv64+0xdc/0x100 [ 31.716832] compat_SyS_preadv+0x3b/0x50 [ 31.720860] ? compat_SyS_preadv64+0x40/0x40 [ 31.725238] do_fast_syscall_32+0x3ee/0xf9d [ 31.729533] ? do_int80_syscall_32+0x9d0/0x9d0 [ 31.734083] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.738811] ? lockdep_sys_exit+0x47/0xf0 [ 31.742937] ? syscall_return_slowpath+0x2ad/0x550 [ 31.747835] ? lockdep_sys_exit+0x47/0xf0 [ 31.751952] ? retint_user+0x18/0x18 [ 31.755639] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.760455] entry_SYSENTER_compat+0x51/0x60 [ 31.764831] RIP: 0023:0xf7f85c79 [ 31.768164] RSP: 002b:00000000fff98b7c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 31.775842] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000205e2ff0 [ 31.783081] RDX: 0000000000000001 RSI: 0000000000000003 RDI: 0000000000000002 [ 31.790316] RBP: 0000000020adafa0 R08: 0000000000000000 R09: 0000000000000000 [ 31.797552] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 31.804790] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 31.812045] [ 31.813640] The buggy address belongs to the variable: [ 31.818888] tokens+0xb40/0xda0 [ 31.822132] [ 31.823726] Memory state around the buggy address: [ 31.828620] ffffffff85352900: fa fa fa fa 00 00 06 fa fa fa fa fa 00 00 00 00 [ 31.835946] ffffffff85352980: fa fa fa fa 00 07 fa fa fa fa fa fa 00 00 00 00 [ 31.843270] >ffffffff85352a00: 03 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 31.850592] ^ [ 31.854970] ffffffff85352a80: 00 00 00 00 00 fa fa fa fa fa fa fa 00 00 03 fa [ 31.862294] ffffffff85352b00: fa fa fa fa 00 00 00 00 00 05 fa fa fa fa fa fa [ 31.869617] ================================================================== [ 31.876943] Disabling lock debugging due to kernel taint [ 31.882357] Kernel panic - not syncing: panic_on_warn set ... [ 31.882357] [ 31.889684] CPU: 0 PID: 3083 Comm: syzkaller615263 Tainted: G B 4.15.0-rc1+ #115 [ 31.898405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.907723] Call Trace: [ 31.910279] dump_stack+0x194/0x257 [ 31.913874] ? arch_local_irq_restore+0x53/0x53 [ 31.918512] ? vprintk_default+0x28/0x30 [ 31.922538] ? vsnprintf+0x1ed/0x1900 [ 31.926305] ? show_timer+0x1e0/0x2b0 [ 31.930076] panic+0x1e4/0x41c [ 31.933234] ? refcount_error_report+0x214/0x214 [ 31.937958] ? add_taint+0x40/0x50 [ 31.941462] ? add_taint+0x1c/0x50 [ 31.944969] ? show_timer+0x278/0x2b0 [ 31.948736] kasan_end_report+0x50/0x50 [ 31.952675] kasan_report+0x144/0x340 [ 31.956442] __asan_report_load8_noabort+0x14/0x20 [ 31.961333] show_timer+0x278/0x2b0 [ 31.964925] ? timers_start+0x14c/0x1c0 [ 31.968865] traverse+0x248/0xa00 [ 31.972287] ? seq_hlist_next+0xc0/0xc0 [ 31.976229] seq_read+0x96a/0x13d0 [ 31.979745] ? seq_lseek+0x3c0/0x3c0 [ 31.983428] ? selinux_file_permission+0x82/0x460 [ 31.988239] ? security_file_permission+0x89/0x1f0 [ 31.993138] ? rw_verify_area+0xe5/0x2b0 [ 31.997170] do_iter_read+0x3db/0x5b0 [ 32.000942] ? iov_iter_get_pages+0x1150/0x1150 [ 32.005586] compat_readv+0x1bf/0x270 [ 32.009355] ? vfs_iter_read+0xb0/0xb0 [ 32.013215] ? fget_raw+0x20/0x20 [ 32.016638] ? down_read_trylock+0xdb/0x170 [ 32.020928] ? __do_page_fault+0x32d/0xc90 [ 32.025129] ? __handle_mm_fault+0x3e20/0x3e20 [ 32.029680] ? vmacache_find+0x5f/0x280 [ 32.033626] do_compat_preadv64+0xdc/0x100 [ 32.037823] ? do_compat_preadv64+0xdc/0x100 [ 32.042198] compat_SyS_preadv+0x3b/0x50 [ 32.046225] ? compat_SyS_preadv64+0x40/0x40 [ 32.050600] do_fast_syscall_32+0x3ee/0xf9d [ 32.054892] ? do_int80_syscall_32+0x9d0/0x9d0 [ 32.059438] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 32.064160] ? lockdep_sys_exit+0x47/0xf0 [ 32.068273] ? syscall_return_slowpath+0x2ad/0x550 [ 32.073167] ? lockdep_sys_exit+0x47/0xf0 [ 32.077280] ? retint_user+0x18/0x18 [ 32.080964] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.085786] entry_SYSENTER_compat+0x51/0x60 [ 32.090164] RIP: 0023:0xf7f85c79 [ 32.093492] RSP: 002b:00000000fff98b7c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 32.101167] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000205e2ff0 [ 32.108403] RDX: 0000000000000001 RSI: 0000000000000003 RDI: 0000000000000002 [ 32.115640] RBP: 0000000020adafa0 R08: 0000000000000000 R09: 0000000000000000 [ 32.122878] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 32.130112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.137398] Dumping ftrace buffer: [ 32.140905] (ftrace buffer empty) [ 32.144582] Kernel Offset: disabled [ 32.148175] Rebooting in 86400 seconds..