INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.18' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   28.774799] ==================================================================
[   28.782281] BUG: KASAN: slab-out-of-bounds in find_first_zero_bit+0xc5/0xe0
[   28.789376] Read of size 8 at addr ffff8801d7480a00 by task syzkaller291450/4476
[   28.796902] 
[   28.798522] CPU: 1 PID: 4476 Comm: syzkaller291450 Not tainted 4.16.0-rc7+ #8
[   28.805776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.815125] Call Trace:
[   28.817701]  dump_stack+0x194/0x24d
[   28.821331]  ? arch_local_irq_restore+0x53/0x53
[   28.825977]  ? show_regs_print_info+0x18/0x18
[   28.830477]  ? preempt_schedule_common+0x22/0x60
[   28.835258]  ? find_first_zero_bit+0xc5/0xe0
[   28.839659]  print_address_description+0x73/0x250
[   28.844500]  ? find_first_zero_bit+0xc5/0xe0
[   28.848900]  kasan_report+0x23c/0x360
[   28.852686]  __asan_report_load8_noabort+0x14/0x20
[   28.857614]  find_first_zero_bit+0xc5/0xe0
[   28.861844]  bfs_create+0xf7/0x610
[   28.865383]  ? bfs_link+0x220/0x220
[   28.869001]  lookup_open+0x1217/0x1970
[   28.872883]  ? pick_link+0xab0/0xab0
[   28.876586]  path_openat+0xd76/0x3530
[   28.880374]  ? path_lookupat+0xba0/0xba0
[   28.884418]  ? lock_downgrade+0x980/0x980
[   28.888560]  ? do_sys_open+0x2e7/0x6d0
[   28.892432]  ? lock_release+0xa40/0xa40
[   28.896387]  ? find_held_lock+0x35/0x1d0
[   28.900430]  ? do_raw_spin_trylock+0x190/0x190
[   28.905001]  ? __lock_is_held+0xb6/0x140
[   28.909063]  ? _raw_spin_unlock+0x22/0x30
[   28.913192]  ? __alloc_fd+0x29b/0x750
[   28.916985]  do_filp_open+0x25b/0x3b0
[   28.920788]  ? may_open_dev+0xe0/0xe0
[   28.924572]  ? mpi_resize+0x200/0x200
[   28.928357]  ? get_unused_fd_flags+0x121/0x190
[   28.932930]  ? __alloc_fd+0x750/0x750
[   28.936742]  ? getname_flags+0x256/0x580
[   28.940794]  do_sys_open+0x502/0x6d0
[   28.944506]  ? do_sys_open+0x502/0x6d0
[   28.948379]  ? filp_open+0x70/0x70
[   28.951907]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   28.957458]  SyS_open+0x2d/0x40
[   28.960728]  ? do_sys_open+0x6d0/0x6d0
[   28.964605]  do_syscall_64+0x281/0x940
[   28.968492]  ? vmalloc_sync_all+0x30/0x30
[   28.972644]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.977389]  ? syscall_return_slowpath+0x550/0x550
[   28.982333]  ? syscall_return_slowpath+0x2ac/0x550
[   28.987252]  ? prepare_exit_to_usermode+0x350/0x350
[   28.992266]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   28.997631]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.002479]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.007657] RIP: 0033:0x4404f9
[   29.010835] RSP: 002b:00007ffd2305ebd8 EFLAGS: 00000207 ORIG_RAX: 0000000000000002
[   29.018535] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004404f9
[   29.025813] RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000020000340
[   29.033086] RBP: 0000000000000003 R08: 000000000000000a R09: 6f6f6c2f7665642f
[   29.040359] R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000000004
[   29.047616] R13: 0000000000401d70 R14: 0000000000000000 R15: 0000000000000000
[   29.054898] 
[   29.056514] Allocated by task 4476:
[   29.060124]  save_stack+0x43/0xd0
[   29.063563]  kasan_kmalloc+0xad/0xe0
[   29.067256]  __kmalloc+0x162/0x760
[   29.070789]  bfs_fill_super+0x3d3/0xea0
[   29.074768]  mount_bdev+0x2b7/0x370
[   29.078383]  bfs_mount+0x34/0x40
[   29.081729]  mount_fs+0x66/0x2d0
[   29.085189]  vfs_kern_mount.part.26+0xc6/0x4a0
[   29.089769]  do_mount+0xea4/0x2bb0
[   29.093298]  SyS_mount+0xab/0x120
[   29.096741]  do_syscall_64+0x281/0x940
[   29.100608]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.105770] 
[   29.107387] Freed by task 2830:
[   29.110669]  save_stack+0x43/0xd0
[   29.114122]  __kasan_slab_free+0x11a/0x170
[   29.118356]  kasan_slab_free+0xe/0x10
[   29.122137]  kfree+0xd9/0x260
[   29.125222]  single_release+0x88/0xb0
[   29.129018]  __fput+0x327/0x7e0
[   29.132293]  ____fput+0x15/0x20
[   29.135560]  task_work_run+0x199/0x270
[   29.139437]  exit_to_usermode_loop+0x275/0x2f0
[   29.143994]  do_syscall_64+0x6ec/0x940
[   29.147876]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.153038] 
[   29.154641] The buggy address belongs to the object at ffff8801d7480a00
[   29.154641]  which belongs to the cache kmalloc-32 of size 32
[   29.167108] The buggy address is located 0 bytes inside of
[   29.167108]  32-byte region [ffff8801d7480a00, ffff8801d7480a20)
[   29.178704] The buggy address belongs to the page:
[   29.183620] page:ffffea00075d2000 count:1 mapcount:0 mapping:ffff8801d7480000 index:0xffff8801d7480fc1
[   29.193058] flags: 0x2fffc0000000100(slab)
[   29.197294] raw: 02fffc0000000100 ffff8801d7480000 ffff8801d7480fc1 000000010000003f
[   29.205160] raw: ffffea00075d1ea0 ffffea00075d32a0 ffff8801dac001c0 0000000000000000
[   29.213032] page dumped because: kasan: bad access detected
[   29.218717] 
[   29.220318] Memory state around the buggy address:
[   29.225230]  ffff8801d7480900: 00 02 fc fc fc fc fc fc 00 02 fc fc fc fc fc fc
[   29.232566]  ffff8801d7480980: 00 02 fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   29.239901] >ffff8801d7480a00: 07 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   29.247238]                    ^
[   29.250582]  ffff8801d7480a80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   29.257922]  ffff8801d7480b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   29.265262] ==================================================================
[   29.272618] Disabling lock debugging due to kernel taint
[   29.278211] Kernel panic - not syncing: panic_on_warn set ...
[   29.278211] 
[   29.285583] CPU: 1 PID: 4476 Comm: syzkaller291450 Tainted: G    B            4.16.0-rc7+ #8
[   29.294151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.303488] Call Trace:
[   29.306060]  dump_stack+0x194/0x24d
[   29.309673]  ? arch_local_irq_restore+0x53/0x53
[   29.314499]  ? kasan_end_report+0x32/0x50
[   29.318641]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.323384]  ? vsnprintf+0x1ed/0x1900
[   29.327170]  ? find_first_zero_bit+0xc0/0xe0
[   29.331561]  panic+0x1e4/0x41c
[   29.334728]  ? refcount_error_report+0x214/0x214
[   29.339467]  ? add_taint+0x1c/0x50
[   29.342995]  ? add_taint+0x1c/0x50
[   29.346526]  ? find_first_zero_bit+0xc5/0xe0
[   29.350920]  kasan_end_report+0x50/0x50
[   29.354880]  kasan_report+0x149/0x360
[   29.358666]  __asan_report_load8_noabort+0x14/0x20
[   29.363574]  find_first_zero_bit+0xc5/0xe0
[   29.367785]  bfs_create+0xf7/0x610
[   29.371335]  ? bfs_link+0x220/0x220
[   29.374949]  lookup_open+0x1217/0x1970
[   29.378816]  ? pick_link+0xab0/0xab0
[   29.382534]  path_openat+0xd76/0x3530
[   29.386316]  ? path_lookupat+0xba0/0xba0
[   29.390358]  ? lock_downgrade+0x980/0x980
[   29.394483]  ? do_sys_open+0x2e7/0x6d0
[   29.398371]  ? lock_release+0xa40/0xa40
[   29.402321]  ? find_held_lock+0x35/0x1d0
[   29.406377]  ? do_raw_spin_trylock+0x190/0x190
[   29.410963]  ? __lock_is_held+0xb6/0x140
[   29.415021]  ? _raw_spin_unlock+0x22/0x30
[   29.419157]  ? __alloc_fd+0x29b/0x750
[   29.422945]  do_filp_open+0x25b/0x3b0
[   29.426727]  ? may_open_dev+0xe0/0xe0
[   29.430510]  ? mpi_resize+0x200/0x200
[   29.434287]  ? get_unused_fd_flags+0x121/0x190
[   29.438851]  ? __alloc_fd+0x750/0x750
[   29.442650]  ? getname_flags+0x256/0x580
[   29.446691]  do_sys_open+0x502/0x6d0
[   29.450402]  ? do_sys_open+0x502/0x6d0
[   29.454280]  ? filp_open+0x70/0x70
[   29.457813]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   29.463346]  SyS_open+0x2d/0x40
[   29.466615]  ? do_sys_open+0x6d0/0x6d0
[   29.470478]  do_syscall_64+0x281/0x940
[   29.474356]  ? vmalloc_sync_all+0x30/0x30
[   29.478490]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.483236]  ? syscall_return_slowpath+0x550/0x550
[   29.488166]  ? syscall_return_slowpath+0x2ac/0x550
[   29.493080]  ? prepare_exit_to_usermode+0x350/0x350
[   29.498079]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   29.503433]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.508287]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.513456] RIP: 0033:0x4404f9
[   29.516628] RSP: 002b:00007ffd2305ebd8 EFLAGS: 00000207 ORIG_RAX: 0000000000000002
[   29.524312] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004404f9
[   29.531560] RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000020000340
[   29.538812] RBP: 0000000000000003 R08: 000000000000000a R09: 6f6f6c2f7665642f
[   29.546076] R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000000004
[   29.553339] R13: 0000000000401d70 R14: 0000000000000000 R15: 0000000000000000
[   29.561150] Dumping ftrace buffer:
[   29.564683]    (ftrace buffer empty)
[   29.568382] Kernel Offset: disabled
[   29.572023] Rebooting in 86400 seconds..