INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   23.785358] ==================================================================
[   23.792824] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x2de/0x320
[   23.799988] Read of size 2 at addr ffff8801b80bf000 by task syzkaller432828/4365
[   23.807490] 
[   23.809096] CPU: 1 PID: 4365 Comm: syzkaller432828 Not tainted 4.16.0-rc7+ #7
[   23.816342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.825679] Call Trace:
[   23.828253]  dump_stack+0x194/0x24d
[   23.831862]  ? arch_local_irq_restore+0x53/0x53
[   23.836510]  ? show_regs_print_info+0x18/0x18
[   23.840978]  ? ext4_getblk+0x12a/0x500
[   23.844841]  ? __ext4_check_dir_entry+0x2de/0x320
[   23.849660]  print_address_description+0x73/0x250
[   23.854479]  ? __ext4_check_dir_entry+0x2de/0x320
[   23.859293]  kasan_report+0x23c/0x360
[   23.863069]  __asan_report_load2_noabort+0x14/0x20
[   23.867971]  __ext4_check_dir_entry+0x2de/0x320
[   23.872612]  ext4_readdir+0xd00/0x3600
[   23.876472]  ? lock_release+0xa40/0xa40
[   23.880422]  ? trace_hardirqs_off+0x10/0x10
[   23.884715]  ? __ext4_check_dir_entry+0x320/0x320
[   23.889529]  ? mntput_no_expire+0x15e/0xa90
[   23.893828]  ? lock_acquire+0x1d5/0x580
[   23.897774]  ? lock_acquire+0x1d5/0x580
[   23.901721]  ? iterate_dir+0xc3/0x530
[   23.905496]  ? lock_release+0xa40/0xa40
[   23.909444]  ? check_same_owner+0x320/0x320
[   23.913739]  ? mntput+0x66/0x90
[   23.916996]  ? rcu_note_context_switch+0x710/0x710
[   23.921904]  ? __might_sleep+0x95/0x190
[   23.925853]  ? down_read_killable+0x95/0x180
[   23.930237]  ? iterate_dir+0xc3/0x530
[   23.934008]  ? down_write+0x120/0x120
[   23.937783]  iterate_dir+0x1ca/0x530
[   23.941469]  SyS_getdents64+0x221/0x420
[   23.945416]  ? SyS_getdents+0x450/0x450
[   23.949362]  ? ext4_llseek+0x237/0x2a0
[   23.953221]  ? iterate_dir+0x530/0x530
[   23.957089]  ? ext4_dir_llseek+0x187/0x200
[   23.961299]  ? do_syscall_64+0xb7/0x940
[   23.965248]  ? SyS_getdents+0x450/0x450
[   23.969194]  do_syscall_64+0x281/0x940
[   23.973057]  ? do_syscall_64+0x281/0x940
[   23.977097]  ? vmalloc_sync_all+0x30/0x30
[   23.981215]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.985946]  ? syscall_return_slowpath+0x550/0x550
[   23.990848]  ? syscall_return_slowpath+0x2ac/0x550
[   23.995751]  ? prepare_exit_to_usermode+0x350/0x350
[   24.000741]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   24.006077]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   24.010897]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   24.016070] RIP: 0033:0x43fd69
[   24.019244] RSP: 002b:00007ffc446ac118 EFLAGS: 00000203 ORIG_RAX: 00000000000000d9
[   24.026929] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd69
[   24.034172] RDX: 00000000200015fc RSI: 0000000020001540 RDI: 0000000000000003
[   24.041414] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   24.048657] R10: 00000000004002c8 R11: 0000000000000203 R12: 0000000000401690
[   24.055898] R13: 0000000000401720 R14: 0000000000000000 R15: 0000000000000000
[   24.063148] 
[   24.064746] The buggy address belongs to the page:
[   24.069647] page:ffffea0006e02fc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   24.077761] flags: 0x2fffc0000000000()
[   24.081622] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   24.089473] raw: ffffea0006c095a0 ffffea0006e03020 ffff8801be5f2a50 0000000000000000
[   24.097324] page dumped because: kasan: bad access detected
[   24.103002] 
[   24.104600] Memory state around the buggy address:
[   24.109502]  ffff8801b80bef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.116833]  ffff8801b80bef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.124162] >ffff8801b80bf000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.131489]                    ^
[   24.134825]  ffff8801b80bf080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.142155]  ffff8801b80bf100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.149483] ==================================================================
[   24.156810] Disabling lock debugging due to kernel taint
[   24.162280] Kernel panic - not syncing: panic_on_warn set ...
[   24.162280] 
[   24.169632] CPU: 1 PID: 4365 Comm: syzkaller432828 Tainted: G    B            4.16.0-rc7+ #7
[   24.178175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.187499] Call Trace:
[   24.190064]  dump_stack+0x194/0x24d
[   24.193661]  ? arch_local_irq_restore+0x53/0x53
[   24.198301]  ? kasan_end_report+0x32/0x50
[   24.202423]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.207148]  ? vsnprintf+0x1ed/0x1900
[   24.210931]  ? __ext4_check_dir_entry+0x290/0x320
[   24.215744]  panic+0x1e4/0x41c
[   24.218906]  ? refcount_error_report+0x214/0x214
[   24.223634]  ? add_taint+0x1c/0x50
[   24.227147]  ? add_taint+0x1c/0x50
[   24.230660]  ? __ext4_check_dir_entry+0x2de/0x320
[   24.235481]  kasan_end_report+0x50/0x50
[   24.239429]  kasan_report+0x149/0x360
[   24.243200]  __asan_report_load2_noabort+0x14/0x20
[   24.248101]  __ext4_check_dir_entry+0x2de/0x320
[   24.252738]  ext4_readdir+0xd00/0x3600
[   24.256597]  ? lock_release+0xa40/0xa40
[   24.260547]  ? trace_hardirqs_off+0x10/0x10
[   24.264840]  ? __ext4_check_dir_entry+0x320/0x320
[   24.269657]  ? mntput_no_expire+0x15e/0xa90
[   24.273951]  ? lock_acquire+0x1d5/0x580
[   24.277895]  ? lock_acquire+0x1d5/0x580
[   24.281840]  ? iterate_dir+0xc3/0x530
[   24.285613]  ? lock_release+0xa40/0xa40
[   24.289557]  ? check_same_owner+0x320/0x320
[   24.293848]  ? mntput+0x66/0x90
[   24.297275]  ? rcu_note_context_switch+0x710/0x710
[   24.302174]  ? __might_sleep+0x95/0x190
[   24.306121]  ? down_read_killable+0x95/0x180
[   24.310499]  ? iterate_dir+0xc3/0x530
[   24.314269]  ? down_write+0x120/0x120
[   24.318039]  iterate_dir+0x1ca/0x530
[   24.321726]  SyS_getdents64+0x221/0x420
[   24.325670]  ? SyS_getdents+0x450/0x450
[   24.329616]  ? ext4_llseek+0x237/0x2a0
[   24.333472]  ? iterate_dir+0x530/0x530
[   24.337332]  ? ext4_dir_llseek+0x187/0x200
[   24.341538]  ? do_syscall_64+0xb7/0x940
[   24.345481]  ? SyS_getdents+0x450/0x450
[   24.349438]  do_syscall_64+0x281/0x940
[   24.353293]  ? do_syscall_64+0x281/0x940
[   24.357333]  ? vmalloc_sync_all+0x30/0x30
[   24.361450]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.366176]  ? syscall_return_slowpath+0x550/0x550
[   24.371076]  ? syscall_return_slowpath+0x2ac/0x550
[   24.375975]  ? prepare_exit_to_usermode+0x350/0x350
[   24.380966]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   24.386301]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   24.391123]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   24.396284] RIP: 0033:0x43fd69
[   24.399444] RSP: 002b:00007ffc446ac118 EFLAGS: 00000203 ORIG_RAX: 00000000000000d9
[   24.407124] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd69
[   24.414364] RDX: 00000000200015fc RSI: 0000000020001540 RDI: 0000000000000003
[   24.421607] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   24.428847] R10: 00000000004002c8 R11: 0000000000000203 R12: 0000000000401690
[   24.436085] R13: 0000000000401720 R14: 0000000000000000 R15: 0000000000000000
[   24.443781] Dumping ftrace buffer:
[   24.447297]    (ftrace buffer empty)
[   24.450979] Kernel Offset: disabled
[   24.454578] Rebooting in 86400 seconds..