INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. 2018/04/03 15:06:38 parsed 1 programs 2018/04/03 15:06:38 executed programs: 0 syzkaller login: [ 30.801821] IPVS: ftp: loaded support on port[0] = 21 [ 31.678451] REISERFS warning (device loop0): sh-2021 reiserfs_fill_super: can not find reiserfs on loop0 RESULT: signal 0, coverage 0 errno 0 [ 31.800162] syz-executor0 (4503) used greatest stack depth: 15560 bytes left [ 32.653254] REISERFS warning (device loop0): sh-2021 reiserfs_fill_super: can not find reiserfs on loop0 RESULT: signal 0, coverage 0 errno 0 [ 33.599240] ================================================================== [ 33.606771] BUG: KASAN: global-out-of-bounds in string+0x1cb/0x200 [ 33.613082] Write of size 1 at addr ffffffff89e166a0 by task syz-executor0/4522 [ 33.620514] [ 33.622134] CPU: 1 PID: 4522 Comm: syz-executor0 Not tainted 4.16.0+ #12 [ 33.628957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.638308] Call Trace: [ 33.640890] dump_stack+0x1a7/0x27d [ 33.644513] ? arch_local_irq_restore+0x53/0x53 [ 33.649167] ? show_regs_print_info+0x18/0x18 [ 33.653657] ? kasan_check_write+0x14/0x20 [ 33.657880] ? string+0x1cb/0x200 [ 33.661332] print_address_description+0x178/0x250 [ 33.666255] ? string+0x1cb/0x200 [ 33.669709] kasan_report+0x23c/0x360 [ 33.673504] __asan_report_store1_noabort+0x17/0x20 [ 33.678510] string+0x1cb/0x200 [ 33.681782] vsnprintf+0x863/0x1900 [ 33.685400] ? pointer+0x9c0/0x9c0 [ 33.688934] ? print_irqtrace_events+0x270/0x270 [ 33.693684] ? kasan_check_write+0x14/0x20 [ 33.697908] vsprintf+0x2a/0x40 [ 33.701181] prepare_error_buf+0x1d2/0x1820 [ 33.705498] ? sprintf_le_key+0x580/0x580 [ 33.709637] ? mark_held_locks+0xaf/0x100 [ 33.713773] ? retint_kernel+0x10/0x10 [ 33.717649] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 33.722656] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 33.727410] __reiserfs_warning+0xc8/0x1a0 [ 33.731640] ? reiserfs_printk+0x110/0x110 [ 33.735874] ? strchr+0x4b/0xb0 [ 33.739146] reiserfs_parse_options+0x11e5/0x24e0 [ 33.743985] ? reiserfs_sync_fs+0xe0/0xe0 [ 33.748130] ? pwq_activate_delayed_work+0x5c0/0x5c0 [ 33.753296] ? __lockdep_init_map+0xe4/0x650 [ 33.757707] reiserfs_fill_super+0x520/0x33a0 [ 33.762207] ? finish_unfinished+0x1460/0x1460 [ 33.766789] ? netdev_bits+0xa0/0xa0 [ 33.770488] ? ns_test_super+0x50/0x50 [ 33.774363] ? format_decode+0x10a/0x830 [ 33.778415] ? vsnprintf+0x1ed/0x1900 [ 33.782214] ? pointer+0x9c0/0x9c0 [ 33.785746] ? cap_capable+0x1b5/0x230 [ 33.789630] ? snprintf+0xc0/0xf0 [ 33.793072] ? vsprintf+0x40/0x40 [ 33.796512] ? ns_capable_common+0xcf/0x160 [ 33.800823] ? set_blocksize+0x1f1/0x260 [ 33.804876] mount_bdev+0x2b7/0x370 [ 33.808493] ? finish_unfinished+0x1460/0x1460 [ 33.813073] get_super_block+0x34/0x40 [ 33.816953] mount_fs+0x66/0x2d0 [ 33.820315] vfs_kern_mount.part.26+0xc6/0x4a0 [ 33.824886] ? may_umount+0xa0/0xa0 [ 33.828501] ? _raw_read_unlock+0x22/0x30 [ 33.832635] ? __get_fs_type+0x8a/0xc0 [ 33.836512] do_mount+0xea4/0x2b90 [ 33.840046] ? copy_mount_string+0x40/0x40 [ 33.844270] ? rcu_pm_notify+0xc0/0xc0 [ 33.848156] ? copy_mount_options+0x5f/0x2e0 [ 33.852553] ? rcu_read_lock_sched_held+0x108/0x120 [ 33.857560] ? kmem_cache_alloc_trace+0x459/0x740 [ 33.862394] ? kasan_check_write+0x14/0x20 [ 33.866621] ? _copy_from_user+0x99/0x110 [ 33.870769] ? copy_mount_options+0x1f7/0x2e0 [ 33.875255] ksys_mount+0xab/0x120 [ 33.878782] SyS_mount+0x39/0x50 [ 33.882134] ? ksys_mount+0x120/0x120 [ 33.885927] do_syscall_64+0x281/0x940 [ 33.889806] ? vmalloc_sync_all+0x30/0x30 [ 33.893945] ? finish_task_switch+0x1b9/0x970 [ 33.898427] ? finish_task_switch+0x17a/0x970 [ 33.902913] ? syscall_return_slowpath+0x550/0x550 [ 33.907831] ? syscall_return_slowpath+0x2ac/0x550 [ 33.912752] ? prepare_exit_to_usermode+0x350/0x350 [ 33.917762] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 33.923123] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.928701] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 33.933877] RIP: 0033:0x457d0a [ 33.937053] RSP: 002b:00007f0655cddbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 33.944752] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457d0a [ 33.952008] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f0655cddc00 [ 33.959268] RBP: 0000000000000004 R08: 0000000020013f00 R09: 0000000020000000 [ 33.966705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 33.973965] R13: 000000000000066d R14: 00000000006fcad8 R15: 0000000000000001 [ 33.981234] [ 33.982847] The buggy address belongs to the variable: [ 33.988114] error_buf+0x400/0x420 [ 33.991634] [ 33.993249] Memory state around the buggy address: [ 33.998166] ffffffff89e16580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.005517] ffffffff89e16600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.012861] >ffffffff89e16680: 00 00 00 00 fa fa fa fa 04 fa fa fa fa fa fa fa [ 34.020205] ^ [ 34.024599] ffffffff89e16700: 00 fa fa fa fa fa fa fa 00 fa fa fa fa fa fa fa [ 34.031942] ffffffff89e16780: 00 fa fa fa fa fa fa fa 00 fa fa fa fa fa fa fa [ 34.039290] ================================================================== [ 34.046636] Disabling lock debugging due to kernel taint [ 34.052169] Kernel panic - not syncing: panic_on_warn set ... [ 34.052169] [ 34.059534] CPU: 1 PID: 4522 Comm: syz-executor0 Tainted: G B 4.16.0+ #12 [ 34.067655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.076990] Call Trace: [ 34.079565] dump_stack+0x1a7/0x27d [ 34.083176] ? arch_local_irq_restore+0x53/0x53 [ 34.087832] ? kasan_end_report+0x32/0x50 [ 34.091969] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.096714] ? vsnprintf+0x1ed/0x1900 [ 34.100496] ? string+0x160/0x200 [ 34.103933] panic+0x1f8/0x42c [ 34.107112] ? refcount_error_report+0x214/0x214 [ 34.111858] ? do_raw_spin_unlock+0x9e/0x310 [ 34.116248] ? do_raw_spin_unlock+0x9e/0x310 [ 34.120627] ? string+0x1cb/0x200 [ 34.124051] kasan_end_report+0x50/0x50 [ 34.127994] kasan_report+0x149/0x360 [ 34.131768] __asan_report_store1_noabort+0x17/0x20 [ 34.136750] string+0x1cb/0x200 [ 34.140008] vsnprintf+0x863/0x1900 [ 34.143625] ? pointer+0x9c0/0x9c0 [ 34.147141] ? print_irqtrace_events+0x270/0x270 [ 34.151882] ? kasan_check_write+0x14/0x20 [ 34.156099] vsprintf+0x2a/0x40 [ 34.159355] prepare_error_buf+0x1d2/0x1820 [ 34.163647] ? sprintf_le_key+0x580/0x580 [ 34.167770] ? mark_held_locks+0xaf/0x100 [ 34.171892] ? retint_kernel+0x10/0x10 [ 34.175757] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 34.180749] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.185476] __reiserfs_warning+0xc8/0x1a0 [ 34.189686] ? reiserfs_printk+0x110/0x110 [ 34.193896] ? strchr+0x4b/0xb0 [ 34.197147] reiserfs_parse_options+0x11e5/0x24e0 [ 34.201961] ? reiserfs_sync_fs+0xe0/0xe0 [ 34.206078] ? pwq_activate_delayed_work+0x5c0/0x5c0 [ 34.211171] ? __lockdep_init_map+0xe4/0x650 [ 34.215556] reiserfs_fill_super+0x520/0x33a0 [ 34.220031] ? finish_unfinished+0x1460/0x1460 [ 34.224584] ? netdev_bits+0xa0/0xa0 [ 34.228267] ? ns_test_super+0x50/0x50 [ 34.232129] ? format_decode+0x10a/0x830 [ 34.236161] ? vsnprintf+0x1ed/0x1900 [ 34.239932] ? pointer+0x9c0/0x9c0 [ 34.243458] ? cap_capable+0x1b5/0x230 [ 34.247316] ? snprintf+0xc0/0xf0 [ 34.250736] ? vsprintf+0x40/0x40 [ 34.254160] ? ns_capable_common+0xcf/0x160 [ 34.258461] ? set_blocksize+0x1f1/0x260 [ 34.262493] mount_bdev+0x2b7/0x370 [ 34.266089] ? finish_unfinished+0x1460/0x1460 [ 34.270653] get_super_block+0x34/0x40 [ 34.274513] mount_fs+0x66/0x2d0 [ 34.277851] vfs_kern_mount.part.26+0xc6/0x4a0 [ 34.282401] ? may_umount+0xa0/0xa0 [ 34.285998] ? _raw_read_unlock+0x22/0x30 [ 34.290118] ? __get_fs_type+0x8a/0xc0 [ 34.293975] do_mount+0xea4/0x2b90 [ 34.297494] ? copy_mount_string+0x40/0x40 [ 34.301698] ? rcu_pm_notify+0xc0/0xc0 [ 34.305556] ? copy_mount_options+0x5f/0x2e0 [ 34.309933] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.314925] ? kmem_cache_alloc_trace+0x459/0x740 [ 34.319736] ? kasan_check_write+0x14/0x20 [ 34.323940] ? _copy_from_user+0x99/0x110 [ 34.328057] ? copy_mount_options+0x1f7/0x2e0 [ 34.332522] ksys_mount+0xab/0x120 [ 34.336037] SyS_mount+0x39/0x50 [ 34.339378] ? ksys_mount+0x120/0x120 [ 34.343156] do_syscall_64+0x281/0x940 [ 34.347101] ? vmalloc_sync_all+0x30/0x30 [ 34.351218] ? finish_task_switch+0x1b9/0x970 [ 34.355689] ? finish_task_switch+0x17a/0x970 [ 34.360152] ? syscall_return_slowpath+0x550/0x550 [ 34.365060] ? syscall_return_slowpath+0x2ac/0x550 [ 34.369965] ? prepare_exit_to_usermode+0x350/0x350 [ 34.374952] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 34.380290] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.385121] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 34.390287] RIP: 0033:0x457d0a [ 34.393448] RSP: 002b:00007f0655cddbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 34.401127] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457d0a [ 34.408373] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f0655cddc00 [ 34.415612] RBP: 0000000000000004 R08: 0000000020013f00 R09: 0000000020000000 [ 34.422862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 34.430103] R13: 000000000000066d R14: 00000000006fcad8 R15: 0000000000000001 [ 34.437814] Dumping ftrace buffer: [ 34.441322] (ftrace buffer empty) [ 34.445001] Kernel Offset: disabled [ 34.448597] Rebooting in 86400 seconds..