INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts.
syzkaller login: [   32.306540] IPVS: ftp: loaded support on port[0] = 21
[   32.306556] IPVS: ftp: loaded support on port[0] = 21
[   32.313099] IPVS: ftp: loaded support on port[0] = 21
[   32.318467] IPVS: ftp: loaded support on port[0] = 21
[   32.325684] IPVS: ftp: loaded support on port[0] = 21
[   32.327578] IPVS: ftp: loaded support on port[0] = 21
[   32.333228] IPVS: ftp: loaded support on port[0] = 21
[   32.340166] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
[   32.484509] XFS (loop7): nobarrier option is deprecated, ignoring.
[   32.496279] XFS (loop7): Invalid device [./file0], error=-15
executing program
[   32.529257] XFS (loop3): nobarrier option is deprecated, ignoring.
[   32.555924] XFS (loop3): Invalid device [./file0], error=-15
[   32.566644] ==================================================================
[   32.574448] BUG: KASAN: use-after-free in radix_tree_next_chunk+0xfa2/0xfc0
[   32.581550] Read of size 4 at addr ffff8801b49e8a90 by task syzkaller087807/4507
[   32.589075] 
[   32.590708] CPU: 1 PID: 4507 Comm: syzkaller087807 Not tainted 4.16.0+ #16
[   32.597717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.607068] Call Trace:
[   32.609659]  dump_stack+0x1b9/0x294
[   32.613299]  ? dump_stack_print_info.cold.2+0x52/0x52
[   32.618490]  ? printk+0x9e/0xba
[   32.621771]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
executing program
executing program
executing program
[   32.626531]  ? kasan_check_write+0x14/0x20
[   32.630769]  print_address_description+0x6c/0x20b
[   32.635613]  ? radix_tree_next_chunk+0xfa2/0xfc0
[   32.640373]  kasan_report.cold.7+0xac/0x2f5
[   32.644700]  __asan_report_load4_noabort+0x14/0x20
[   32.649628]  radix_tree_next_chunk+0xfa2/0xfc0
[   32.654214]  ? debug_check_no_locks_freed+0x310/0x310
[   32.659404]  ? __lock_acquire+0x7f5/0x5130
[   32.663635]  ? __lock_acquire+0x7f5/0x5130
[   32.667869]  ? mark_held_locks+0xc9/0x160
[   32.672018]  ? idr_preload+0x40/0x40
[   32.675736]  ? debug_check_no_locks_freed+0x310/0x310
[   32.680929]  ? debug_check_no_locks_freed+0x310/0x310
[   32.686123]  ? update_curr+0x1f8/0xbf0
[   32.690015]  ? __account_cfs_rq_runtime+0x600/0x600
[   32.695037]  ? flush_plug_callbacks+0x553/0x7f0
[   32.699705]  ? print_usage_bug+0xc0/0xc0
[   32.703776]  ? bio_cur_bytes+0x1e0/0x1e0
[   32.707842]  ? print_usage_bug+0xc0/0xc0
[   32.711907]  radix_tree_gang_lookup_tag+0x3d4/0x5f0
[   32.716928]  ? radix_tree_gang_lookup_slot+0x420/0x420
[   32.722202]  ? xfs_perag_get+0x600/0x600
[   32.726270]  ? update_curr+0x332/0xbf0
[   32.730162]  ? kasan_check_read+0x11/0x20
[   32.734308]  ? rcu_is_watching+0x85/0x140
[   32.738456]  ? find_held_lock+0x36/0x1c0
[   32.742525]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   32.747729]  xfs_perag_get_tag+0x12d/0x7c0
[   32.751969]  ? xfs_perag_get+0x600/0x600
[   32.756033]  ? rcu_is_watching+0x85/0x140
[   32.760183]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   32.765387]  ? list_lru_count_one+0x27f/0x440
[   32.769887]  xfs_reclaim_inodes_count+0x82/0xb0
[   32.774564]  xfs_fs_nr_cached_objects+0x37/0x50
executing program
[   32.779236]  ? xfs_fs_free_cached_objects+0x80/0x80
[   32.784261]  super_cache_count+0x98/0x280
[   32.788421]  shrink_slab.part.39+0x330/0xf90
[   32.792842]  ? current_may_throttle+0x230/0x230
[   32.797520]  ? shrink_active_list+0x17f0/0x17f0
[   32.802188]  ? kasan_check_read+0x11/0x20
[   32.806338]  ? rcu_is_watching+0x85/0x140
[   32.810510]  shrink_slab+0xa1/0xc0
[   32.814058]  shrink_node+0x569/0x1070
[   32.817870]  ? shrink_node_memcg+0x1910/0x1910
[   32.822453]  ? do_gettimeofday+0x170/0x170
[   32.826687]  ? lock_downgrade+0x8e0/0x8e0
[   32.830840]  ? workqueue_congested+0x3b0/0x3b0
[   32.836181]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   32.841728]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.847278]  do_try_to_free_pages+0x3af/0x1130
[   32.851877]  ? shrink_node+0x1070/0x1070
[   32.855962]  try_to_free_mem_cgroup_pages+0x49a/0xc70
[   32.861154]  ? find_held_lock+0x36/0x1c0
[   32.865220]  ? try_to_free_pages+0xb50/0xb50
[   32.869639]  ? lock_downgrade+0x8e0/0x8e0
[   32.873788]  ? kasan_check_read+0x11/0x20
[   32.877937]  ? kasan_check_read+0x11/0x20
[   32.882085]  ? do_raw_spin_unlock+0x9e/0x2e0
[   32.886493]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   32.891079]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[   32.896186]  ? trace_hardirqs_on+0xd/0x10
[   32.900344]  reclaim_high.constprop.67+0x1c3/0x300
[   32.905283]  ? mem_cgroup_css_online+0x300/0x300
[   32.910048]  ? exit_to_usermode_loop+0x87/0x310
[   32.914719]  mem_cgroup_handle_over_high+0x8d/0x130
[   32.919744]  exit_to_usermode_loop+0x274/0x310
[   32.924337]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   32.929189]  ? syscall_return_slowpath+0x5c0/0x5c0
[   32.934131]  ? syscall_return_slowpath+0x30f/0x5c0
[   32.939051]  prepare_exit_to_usermode+0x32e/0x390
[   32.943882]  ? perf_trace_sys_enter+0xaf0/0xaf0
[   32.948533]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.953358]  ? page_fault+0x2f/0x50
[   32.956971]  retint_user+0x8/0x18
[   32.960405] RIP: 0033:0x4019e9
[   32.963572] RSP: 002b:00007fffa76a63b0 EFLAGS: 00010207
[   32.968919] RAX: 0000000000000012 RBX: 0000000000000001 RCX: 0000000000442aa9
[   32.976168] RDX: 0000000000000012 RSI: 00000000004a492c RDI: 0000000000000001
[   32.983417] RBP: 00007fffa76a64c0 R08: 0000000000770880 R09: 0000000300000000
[   32.990667] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000000000
[   32.997921] R13: 0000000000000000 R14: 0000000000001380 R15: 00007fffa76a64e8
[   33.005182] 
[   33.006791] Allocated by task 4503:
[   33.010408]  save_stack+0x43/0xd0
[   33.013859]  kasan_kmalloc+0xc4/0xe0
[   33.017562]  kmem_cache_alloc_trace+0x152/0x780
[   33.022212]  xfs_fs_fill_super+0xda/0x1470
[   33.026427]  mount_bdev+0x30c/0x3e0
[   33.030044]  xfs_fs_mount+0x34/0x40
[   33.033667]  mount_fs+0xae/0x328
[   33.037033]  vfs_kern_mount.part.34+0xd4/0x4d0
[   33.041604]  do_mount+0x564/0x3070
[   33.045123]  ksys_mount+0x12d/0x140
[   33.048728]  SyS_mount+0x35/0x50
[   33.052077]  do_syscall_64+0x29e/0x9d0
[   33.055946]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   33.061109] 
[   33.062727] Freed by task 4503:
[   33.066006]  save_stack+0x43/0xd0
[   33.069449]  __kasan_slab_free+0x11a/0x170
[   33.073668]  kasan_slab_free+0xe/0x10
[   33.077448]  kfree+0xd9/0x260
[   33.080533]  xfs_fs_fill_super+0x650/0x1470
[   33.084838]  mount_bdev+0x30c/0x3e0
[   33.088447]  xfs_fs_mount+0x34/0x40
[   33.092054]  mount_fs+0xae/0x328
[   33.095402]  vfs_kern_mount.part.34+0xd4/0x4d0
[   33.099961]  do_mount+0x564/0x3070
[   33.103482]  ksys_mount+0x12d/0x140
[   33.107096]  SyS_mount+0x35/0x50
[   33.110441]  do_syscall_64+0x29e/0x9d0
[   33.114311]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   33.119471] 
[   33.121095] The buggy address belongs to the object at ffff8801b49e86c0
[   33.121095]  which belongs to the cache kmalloc-4096 of size 4096
[   33.133915] The buggy address is located 976 bytes inside of
[   33.133915]  4096-byte region [ffff8801b49e86c0, ffff8801b49e96c0)
[   33.145853] The buggy address belongs to the page:
[   33.150771] page:ffffea0006d27a00 count:1 mapcount:0 mapping:ffff8801b49e86c0 index:0x0 compound_mapcount: 0
[   33.160741] flags: 0x2fffc0000008100(slab|head)
[   33.165402] raw: 02fffc0000008100 ffff8801b49e86c0 0000000000000000 0000000100000001
[   33.173268] raw: ffffea0006d27ea0 ffffea0006d2b520 ffff8801dac00dc0 0000000000000000
[   33.181123] page dumped because: kasan: bad access detected
[   33.186818] 
[   33.188430] Memory state around the buggy address:
[   33.193342]  ffff8801b49e8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.200681]  ffff8801b49e8a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.208027] >ffff8801b49e8a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.215375]                          ^
[   33.219262]  ffff8801b49e8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.226605]  ffff8801b49e8b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.233946] ==================================================================
[   33.241289] Disabling lock debugging due to kernel taint
[   33.246893] Kernel panic - not syncing: panic_on_warn set ...
[   33.246893] 
[   33.254258] CPU: 1 PID: 4507 Comm: syzkaller087807 Tainted: G    B            4.16.0+ #16
[   33.262577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.271908] Call Trace:
[   33.274479]  dump_stack+0x1b9/0x294
[   33.278092]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.283268]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.288021]  ? radix_tree_next_chunk+0xf80/0xfc0
[   33.292771]  panic+0x22f/0x4de
[   33.295957]  ? add_taint.cold.5+0x16/0x16
[   33.300098]  ? do_raw_spin_unlock+0x9e/0x2e0
[   33.304488]  ? do_raw_spin_unlock+0x9e/0x2e0
[   33.308883]  ? radix_tree_next_chunk+0xfa2/0xfc0
[   33.313635]  kasan_end_report+0x47/0x4f
[   33.317597]  kasan_report.cold.7+0xc9/0x2f5
[   33.321905]  __asan_report_load4_noabort+0x14/0x20
[   33.326831]  radix_tree_next_chunk+0xfa2/0xfc0
[   33.331406]  ? debug_check_no_locks_freed+0x310/0x310
[   33.336577]  ? __lock_acquire+0x7f5/0x5130
[   33.340794]  ? __lock_acquire+0x7f5/0x5130
[   33.345020]  ? mark_held_locks+0xc9/0x160
[   33.349156]  ? idr_preload+0x40/0x40
[   33.352858]  ? debug_check_no_locks_freed+0x310/0x310
[   33.358036]  ? debug_check_no_locks_freed+0x310/0x310
[   33.363214]  ? update_curr+0x1f8/0xbf0
[   33.367096]  ? __account_cfs_rq_runtime+0x600/0x600
[   33.372107]  ? flush_plug_callbacks+0x553/0x7f0
[   33.376755]  ? print_usage_bug+0xc0/0xc0
[   33.380810]  ? bio_cur_bytes+0x1e0/0x1e0
[   33.384870]  ? print_usage_bug+0xc0/0xc0
[   33.388927]  radix_tree_gang_lookup_tag+0x3d4/0x5f0
[   33.393940]  ? radix_tree_gang_lookup_slot+0x420/0x420
[   33.399205]  ? xfs_perag_get+0x600/0x600
[   33.403255]  ? update_curr+0x332/0xbf0
[   33.407135]  ? kasan_check_read+0x11/0x20
[   33.411269]  ? rcu_is_watching+0x85/0x140
[   33.415394]  ? find_held_lock+0x36/0x1c0
[   33.419446]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   33.424624]  xfs_perag_get_tag+0x12d/0x7c0
[   33.428846]  ? xfs_perag_get+0x600/0x600
[   33.432902]  ? rcu_is_watching+0x85/0x140
[   33.437062]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   33.442284]  ? list_lru_count_one+0x27f/0x440
[   33.446762]  xfs_reclaim_inodes_count+0x82/0xb0
[   33.451412]  xfs_fs_nr_cached_objects+0x37/0x50
[   33.456066]  ? xfs_fs_free_cached_objects+0x80/0x80
[   33.461067]  super_cache_count+0x98/0x280
[   33.465227]  shrink_slab.part.39+0x330/0xf90
[   33.469620]  ? current_may_throttle+0x230/0x230
[   33.474271]  ? shrink_active_list+0x17f0/0x17f0
[   33.478930]  ? kasan_check_read+0x11/0x20
[   33.483069]  ? rcu_is_watching+0x85/0x140
[   33.487207]  shrink_slab+0xa1/0xc0
[   33.490729]  shrink_node+0x569/0x1070
[   33.494520]  ? shrink_node_memcg+0x1910/0x1910
[   33.499095]  ? do_gettimeofday+0x170/0x170
[   33.503310]  ? lock_downgrade+0x8e0/0x8e0
[   33.507436]  ? workqueue_congested+0x3b0/0x3b0
[   33.511998]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   33.517517]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.523046]  do_try_to_free_pages+0x3af/0x1130
[   33.527617]  ? shrink_node+0x1070/0x1070
[   33.531659]  try_to_free_mem_cgroup_pages+0x49a/0xc70
[   33.536824]  ? find_held_lock+0x36/0x1c0
[   33.540872]  ? try_to_free_pages+0xb50/0xb50
[   33.545270]  ? lock_downgrade+0x8e0/0x8e0
[   33.549409]  ? kasan_check_read+0x11/0x20
[   33.553535]  ? kasan_check_read+0x11/0x20
[   33.557663]  ? do_raw_spin_unlock+0x9e/0x2e0
[   33.562058]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   33.566624]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[   33.571705]  ? trace_hardirqs_on+0xd/0x10
[   33.575837]  reclaim_high.constprop.67+0x1c3/0x300
[   33.580749]  ? mem_cgroup_css_online+0x300/0x300
[   33.585496]  ? exit_to_usermode_loop+0x87/0x310
[   33.590153]  mem_cgroup_handle_over_high+0x8d/0x130
[   33.595155]  exit_to_usermode_loop+0x274/0x310
[   33.599817]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   33.604648]  ? syscall_return_slowpath+0x5c0/0x5c0
[   33.609560]  ? syscall_return_slowpath+0x30f/0x5c0
[   33.614469]  prepare_exit_to_usermode+0x32e/0x390
[   33.619295]  ? perf_trace_sys_enter+0xaf0/0xaf0
[   33.623945]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.628781]  ? page_fault+0x2f/0x50
[   33.632384]  retint_user+0x8/0x18
[   33.635823] RIP: 0033:0x4019e9
[   33.638994] RSP: 002b:00007fffa76a63b0 EFLAGS: 00010207
[   33.644339] RAX: 0000000000000012 RBX: 0000000000000001 RCX: 0000000000442aa9
[   33.651681] RDX: 0000000000000012 RSI: 00000000004a492c RDI: 0000000000000001
[   33.658932] RBP: 00007fffa76a64c0 R08: 0000000000770880 R09: 0000000300000000
[   33.666180] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000000000
[   33.673428] R13: 0000000000000000 R14: 0000000000001380 R15: 00007fffa76a64e8
[   33.681083] Dumping ftrace buffer:
[   33.684605]    (ftrace buffer empty)
[   33.688308] Kernel Offset: disabled
[   33.691922] Rebooting in 86400 seconds..