INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-next-kasan-gce-6,10.128.0.22' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 54.929824] ================================================================== [ 54.930992] BUG: KASAN: global-out-of-bounds in show_timer+0x278/0x2b0 [ 54.931873] Read of size 8 at addr ffffffff853537a0 by task syzkaller237444/3086 [ 54.932879] [ 54.933113] CPU: 1 PID: 3086 Comm: syzkaller237444 Not tainted 4.15.0-rc2-next-20171206+ #60 [ 54.934247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.935470] Call Trace: [ 54.935833] dump_stack+0x194/0x257 [ 54.936327] ? arch_local_irq_restore+0x53/0x53 [ 54.936955] ? show_regs_print_info+0x18/0x18 [ 54.937561] ? seq_printf+0xb3/0xe0 [ 54.938144] ? show_timer+0x278/0x2b0 [ 54.938662] print_address_description+0x178/0x250 [ 54.939353] ? show_timer+0x278/0x2b0 [ 54.939866] kasan_report+0x25b/0x340 [ 54.940382] __asan_report_load8_noabort+0x14/0x20 [ 54.941040] show_timer+0x278/0x2b0 [ 54.941549] ? timers_start+0x14c/0x1c0 [ 54.942087] traverse+0x248/0xa00 [ 54.942563] ? seq_hlist_next+0xc0/0xc0 [ 54.943206] seq_read+0x96a/0x13d0 [ 54.943716] ? seq_lseek+0x3c0/0x3c0 [ 54.944228] ? selinux_file_permission+0x82/0x460 [ 54.944892] ? security_file_permission+0x89/0x1f0 [ 54.945592] ? rw_verify_area+0xe5/0x2b0 [ 54.946142] do_iter_read+0x3db/0x5b0 [ 54.946658] ? dup_iter+0x260/0x260 [ 54.947157] vfs_readv+0x121/0x1c0 [ 54.947662] ? may_open_dev+0xe0/0xe0 [ 54.948176] ? compat_rw_copy_check_uvector+0x2e0/0x2e0 [ 54.948893] ? mm_fault_error+0x2c0/0x2c0 [ 54.949473] ? fget_raw+0x20/0x20 [ 54.949944] ? do_page_fault+0xee/0x720 [ 54.953842] ? putname+0xf3/0x130 [ 54.957270] ? do_sys_open+0x320/0x6d0 [ 54.961138] do_preadv+0x11b/0x1a0 [ 54.964647] ? do_preadv+0x11b/0x1a0 [ 54.968334] SyS_preadv+0x30/0x40 [ 54.971760] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 54.976488] RIP: 0033:0x440159 [ 54.979646] RSP: 002b:00007ffdc5ede0b8 EFLAGS: 00000213 ORIG_RAX: 0000000000000127 [ 54.987324] RAX: ffffffffffffffda RBX: 00007ffdc5ede0c0 RCX: 0000000000440159 [ 54.994565] RDX: 0000000000000001 RSI: 00000000205e2ff0 RDI: 0000000000000003 [ 55.001816] RBP: 0000000000000000 R08: 0000000000000011 R09: 65732f636f72702f [ 55.009057] R10: 0000000000000003 R11: 0000000000000213 R12: 0000000000401a20 [ 55.016296] R13: 0000000000401ab0 R14: 0000000000000000 R15: 0000000000000000 [ 55.023551] [ 55.025146] The buggy address belongs to the variable: [ 55.030393] tokens+0xb40/0xda0 [ 55.033649] [ 55.035244] Memory state around the buggy address: [ 55.040141] ffffffff85353680: fa fa fa fa 00 00 06 fa fa fa fa fa 00 00 00 00 [ 55.047466] ffffffff85353700: fa fa fa fa 00 07 fa fa fa fa fa fa 00 00 00 00 [ 55.054793] >ffffffff85353780: 03 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 55.062119] ^ [ 55.066492] ffffffff85353800: 00 00 00 00 00 fa fa fa fa fa fa fa 00 00 03 fa [ 55.073819] ffffffff85353880: fa fa fa fa 00 00 00 00 00 05 fa fa fa fa fa fa [ 55.081144] ================================================================== [ 55.088471] Disabling lock debugging due to kernel taint [ 55.093885] Kernel panic - not syncing: panic_on_warn set ... [ 55.093885] [ 55.101214] CPU: 1 PID: 3086 Comm: syzkaller237444 Tainted: G B 4.15.0-rc2-next-20171206+ #60 [ 55.111053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.120372] Call Trace: [ 55.122940] dump_stack+0x194/0x257 [ 55.126534] ? arch_local_irq_restore+0x53/0x53 [ 55.131170] ? vprintk_default+0x28/0x30 [ 55.135195] ? vsnprintf+0x1ed/0x1900 [ 55.138964] ? show_timer+0x1b0/0x2b0 [ 55.142730] panic+0x1e4/0x41c [ 55.145890] ? refcount_error_report+0x214/0x214 [ 55.150616] ? add_taint+0x40/0x50 [ 55.154122] ? add_taint+0x1c/0x50 [ 55.157628] ? show_timer+0x278/0x2b0 [ 55.161394] kasan_end_report+0x50/0x50 [ 55.165335] kasan_report+0x144/0x340 [ 55.169104] __asan_report_load8_noabort+0x14/0x20 [ 55.173998] show_timer+0x278/0x2b0 [ 55.177592] ? timers_start+0x14c/0x1c0 [ 55.181557] traverse+0x248/0xa00 [ 55.184980] ? seq_hlist_next+0xc0/0xc0 [ 55.188925] seq_read+0x96a/0x13d0 [ 55.192438] ? seq_lseek+0x3c0/0x3c0 [ 55.196120] ? selinux_file_permission+0x82/0x460 [ 55.200943] ? security_file_permission+0x89/0x1f0 [ 55.205841] ? rw_verify_area+0xe5/0x2b0 [ 55.209869] do_iter_read+0x3db/0x5b0 [ 55.213638] ? dup_iter+0x260/0x260 [ 55.217235] vfs_readv+0x121/0x1c0 [ 55.220742] ? may_open_dev+0xe0/0xe0 [ 55.224509] ? compat_rw_copy_check_uvector+0x2e0/0x2e0 [ 55.229841] ? mm_fault_error+0x2c0/0x2c0 [ 55.233965] ? fget_raw+0x20/0x20 [ 55.237407] ? do_page_fault+0xee/0x720 [ 55.241352] ? putname+0xf3/0x130 [ 55.244775] ? do_sys_open+0x320/0x6d0 [ 55.248645] do_preadv+0x11b/0x1a0 [ 55.252151] ? do_preadv+0x11b/0x1a0 [ 55.255833] SyS_preadv+0x30/0x40 [ 55.259257] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 55.263980] RIP: 0033:0x440159 [ 55.267136] RSP: 002b:00007ffdc5ede0b8 EFLAGS: 00000213 ORIG_RAX: 0000000000000127 [ 55.274810] RAX: ffffffffffffffda RBX: 00007ffdc5ede0c0 RCX: 0000000000440159 [ 55.282066] RDX: 0000000000000001 RSI: 00000000205e2ff0 RDI: 0000000000000003 [ 55.289317] RBP: 0000000000000000 R08: 0000000000000011 R09: 65732f636f72702f [ 55.296554] R10: 0000000000000003 R11: 0000000000000213 R12: 0000000000401a20 [ 55.303788] R13: 0000000000401ab0 R14: 0000000000000000 R15: 0000000000000000 [ 55.311067] Dumping ftrace buffer: [ 55.314572] (ftrace buffer empty) [ 55.318252] Kernel Offset: disabled [ 55.321851] Rebooting in 86400 seconds..