[....] Starting enhanced syslogd: rsyslogd[ 13.682880] audit: type=1400 audit(1513022503.036:5): avc: denied { syslog } for pid=2996 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.057320] audit: type=1400 audit(1513022507.411:6): avc: denied { map } for pid=3137 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-kasan-gce-6,10.128.15.201' (ECDSA) to the list of known hosts. executing program [ 24.433113] audit: type=1400 audit(1513022513.786:7): avc: denied { map } for pid=3151 comm="syzkaller514695" path="/root/syzkaller514695434" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 24.437392] ================================================================== [ 24.437415] BUG: KASAN: global-out-of-bounds in show_timer+0x278/0x2b0 [ 24.437422] Read of size 8 at addr ffffffff853431f8 by task syzkaller514695/3151 [ 24.437427] [ 24.437436] CPU: 1 PID: 3151 Comm: syzkaller514695 Not tainted 4.15.0-rc3+ #217 [ 24.437442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.437447] Call Trace: [ 24.437458] dump_stack+0x194/0x257 [ 24.437473] ? arch_local_irq_restore+0x53/0x53 [ 24.437485] ? show_regs_print_info+0x18/0x18 [ 24.437499] ? seq_printf+0xb3/0xe0 [ 24.437511] ? show_timer+0x278/0x2b0 [ 24.437524] print_address_description+0x178/0x250 [ 24.437534] ? show_timer+0x278/0x2b0 [ 24.437545] kasan_report+0x25b/0x340 [ 24.437562] __asan_report_load8_noabort+0x14/0x20 [ 24.437571] show_timer+0x278/0x2b0 [ 24.437579] ? timers_start+0x14c/0x1c0 [ 24.437593] seq_read+0x385/0x13d0 [ 24.437626] ? seq_lseek+0x3c0/0x3c0 [ 24.437636] ? selinux_file_permission+0x82/0x460 [ 24.437653] ? security_file_permission+0x89/0x1f0 [ 24.437669] ? rw_verify_area+0xe5/0x2b0 [ 24.437686] do_iter_read+0x3db/0x5b0 [ 24.437697] ? dup_iter+0x260/0x260 [ 24.437723] vfs_readv+0x121/0x1c0 [ 24.437730] ? may_open_dev+0xe0/0xe0 [ 24.437745] ? compat_rw_copy_check_uvector+0x2e0/0x2e0 [ 24.437759] ? mm_fault_error+0x2c0/0x2c0 [ 24.437779] ? fget_raw+0x20/0x20 [ 24.437792] ? do_page_fault+0xee/0x720 [ 24.437809] ? putname+0xf3/0x130 [ 24.437824] ? do_sys_open+0x320/0x6d0 [ 24.437846] do_preadv+0x11b/0x1a0 [ 24.437854] ? do_preadv+0x11b/0x1a0 [ 24.437872] SyS_preadv+0x30/0x40 [ 24.437886] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.437894] RIP: 0033:0x440149 [ 24.437900] RSP: 002b:00007ffcfb489e78 EFLAGS: 00000213 ORIG_RAX: 0000000000000127 [ 24.437912] RAX: ffffffffffffffda RBX: 00007ffcfb489e80 RCX: 0000000000440149 [ 24.437918] RDX: 0000000000000001 RSI: 00000000205e2ff0 RDI: 0000000000000003 [ 24.437924] RBP: 0000000000000000 R08: 0000000000000011 R09: 65732f636f72702f [ 24.437930] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401a10 [ 24.437935] R13: 0000000000401aa0 R14: 0000000000000000 R15: 0000000000000000 [ 24.437966] [ 24.437970] The buggy address belongs to the variable: [ 24.437979] nstr.44444+0x18/0x40 [ 24.437983] [ 24.437987] Memory state around the buggy address: [ 24.437996] ffffffff85343080: fa fa fa fa 00 00 00 fa fa fa fa fa 00 06 fa fa [ 24.438007] ffffffff85343100: fa fa fa fa 07 fa fa fa fa fa fa fa 05 fa fa fa [ 24.438014] >ffffffff85343180: fa fa fa fa 07 fa fa fa fa fa fa fa 00 00 00 fa [ 24.438019] ^ [ 24.438026] ffffffff85343200: fa fa fa fa 00 fa fa fa fa fa fa fa 07 fa fa fa [ 24.438033] ffffffff85343280: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.438038] ================================================================== [ 24.438041] Disabling lock debugging due to kernel taint [ 24.438045] Kernel panic - not syncing: panic_on_warn set ... [ 24.438045] [ 24.438051] CPU: 1 PID: 3151 Comm: syzkaller514695 Tainted: G B 4.15.0-rc3+ #217 [ 24.438054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.438056] Call Trace: [ 24.438061] dump_stack+0x194/0x257 [ 24.438070] ? arch_local_irq_restore+0x53/0x53 [ 24.438078] ? vprintk_default+0x28/0x30 [ 24.438089] ? vsnprintf+0x1ed/0x1900 [ 24.438096] ? show_timer+0x1b0/0x2b0 [ 24.438103] panic+0x1e4/0x41c [ 24.438109] ? refcount_error_report+0x214/0x214 [ 24.438119] ? add_taint+0x40/0x50 [ 24.438125] ? add_taint+0x1c/0x50 [ 24.438133] ? show_timer+0x278/0x2b0 [ 24.438139] kasan_end_report+0x50/0x50 [ 24.438145] kasan_report+0x144/0x340 [ 24.438154] __asan_report_load8_noabort+0x14/0x20 [ 24.438160] show_timer+0x278/0x2b0 [ 24.438165] ? timers_start+0x14c/0x1c0 [ 24.438174] seq_read+0x385/0x13d0 [ 24.438191] ? seq_lseek+0x3c0/0x3c0 [ 24.438197] ? selinux_file_permission+0x82/0x460 [ 24.438206] ? security_file_permission+0x89/0x1f0 [ 24.438215] ? rw_verify_area+0xe5/0x2b0 [ 24.438225] do_iter_read+0x3db/0x5b0 [ 24.438231] ? dup_iter+0x260/0x260 [ 24.438245] vfs_readv+0x121/0x1c0 [ 24.438250] ? may_open_dev+0xe0/0xe0 [ 24.438258] ? compat_rw_copy_check_uvector+0x2e0/0x2e0 [ 24.438267] ? mm_fault_error+0x2c0/0x2c0 [ 24.438278] ? fget_raw+0x20/0x20 [ 24.438285] ? do_page_fault+0xee/0x720 [ 24.438295] ? putname+0xf3/0x130 [ 24.438304] ? do_sys_open+0x320/0x6d0 [ 24.438316] do_preadv+0x11b/0x1a0 [ 24.438321] ? do_preadv+0x11b/0x1a0 [ 24.438330] SyS_preadv+0x30/0x40 [ 24.438338] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.438342] RIP: 0033:0x440149 [ 24.438345] RSP: 002b:00007ffcfb489e78 EFLAGS: 00000213 ORIG_RAX: 0000000000000127 [ 24.438351] RAX: ffffffffffffffda RBX: 00007ffcfb489e80 RCX: 0000000000440149 [ 24.438355] RDX: 0000000000000001 RSI: 00000000205e2ff0 RDI: 0000000000000003 [ 24.438358] RBP: 0000000000000000 R08: 0000000000000011 R09: 65732f636f72702f [ 24.438362] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401a10 [ 24.438365] R13: 0000000000401aa0 R14: 0000000000000000 R15: 0000000000000000 [ 24.459714] Dumping ftrace buffer: [ 24.459717] (ftrace buffer empty) [ 24.459720] Kernel Offset: disabled [ 24.964294] Rebooting in 86400 seconds..