
Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   60.233727][ T6878] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   60.241648][ T6878] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   60.252577][ T6878] F2FS-fs (loop0): Fix alignment : done, start(4096) end(147456) block(12288)
[   60.263288][ T6878] F2FS-fs (loop0): invalid crc_offset: 0
[   60.272627][ T6878] ==================================================================
[   60.280815][ T6878] BUG: KASAN: slab-out-of-bounds in f2fs_build_segment_manager+0x9302/0xa6d0
[   60.289561][ T6878] Read of size 8 at addr ffff8880a1b934a8 by task syz-executor682/6878
[   60.297824][ T6878] 
[   60.300154][ T6878] CPU: 1 PID: 6878 Comm: syz-executor682 Not tainted 5.9.0-rc6-syzkaller #0
[   60.308854][ T6878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.318895][ T6878] Call Trace:
[   60.322178][ T6878]  dump_stack+0x198/0x1fd
[   60.326504][ T6878]  ? f2fs_build_segment_manager+0x9302/0xa6d0
[   60.332567][ T6878]  ? f2fs_build_segment_manager+0x9302/0xa6d0
[   60.338623][ T6878]  print_address_description.constprop.0.cold+0xae/0x497
[   60.345640][ T6878]  ? f2fs_build_segment_manager+0x9302/0xa6d0
[   60.351710][ T6878]  ? lockdep_hardirqs_off+0x96/0xd0
[   60.356894][ T6878]  ? vprintk_func+0x95/0x1d4
[   60.361468][ T6878]  ? f2fs_build_segment_manager+0x9302/0xa6d0
[   60.367517][ T6878]  ? f2fs_build_segment_manager+0x9302/0xa6d0
[   60.373583][ T6878]  kasan_report.cold+0x1f/0x37
[   60.378336][ T6878]  ? f2fs_build_segment_manager+0x9302/0xa6d0
[   60.384392][ T6878]  f2fs_build_segment_manager+0x9302/0xa6d0
[   60.390290][ T6878]  ? f2fs_check_write_pointer+0x290/0x290
[   60.396006][ T6878]  ? lockdep_hardirqs_on+0x53/0x100
[   60.401191][ T6878]  ? map_id_range_down+0x1c4/0x340
[   60.406294][ T6878]  ? lock_release+0x90/0x8f0
[   60.410888][ T6878]  ? __raw_spin_lock_init+0x34/0x100
[   60.416165][ T6878]  f2fs_fill_super+0x381a/0x6e80
[   60.421149][ T6878]  ? f2fs_commit_super+0x840/0x840
[   60.426261][ T6878]  ? set_blocksize+0x1c1/0x400
[   60.431016][ T6878]  mount_bdev+0x32e/0x3f0
[   60.435344][ T6878]  ? f2fs_commit_super+0x840/0x840
[   60.440458][ T6878]  ? __bpf_trace_f2fs_fiemap+0x1b0/0x1b0
[   60.446077][ T6878]  legacy_get_tree+0x105/0x220
[   60.450846][ T6878]  vfs_get_tree+0x89/0x2f0
[   60.455258][ T6878]  path_mount+0x1387/0x20a0
[   60.459768][ T6878]  ? strncpy_from_user+0x2bf/0x3e0
[   60.464864][ T6878]  ? copy_mount_string+0x40/0x40
[   60.469786][ T6878]  ? getname_flags.part.0+0x1dd/0x4f0
[   60.475160][ T6878]  __x64_sys_mount+0x27f/0x300
[   60.479908][ T6878]  ? copy_mnt_ns+0xa60/0xa60
[   60.484492][ T6878]  ? check_preemption_disabled+0x50/0x130
[   60.490192][ T6878]  ? syscall_enter_from_user_mode+0x1d/0x60
[   60.496090][ T6878]  do_syscall_64+0x2d/0x70
[   60.500519][ T6878]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   60.506407][ T6878] RIP: 0033:0x446ffa
[   60.510292][ T6878] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00
[   60.529889][ T6878] RSP: 002b:00007ffcfc6dc038 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
[   60.538410][ T6878] RAX: ffffffffffffffda RBX: 00007ffcfc6dc090 RCX: 0000000000446ffa
[   60.546374][ T6878] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcfc6dc050
[   60.554384][ T6878] RBP: 00007ffcfc6dc050 R08: 00007ffcfc6dc090 R09: 00007ffc00000015
[   60.562353][ T6878] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000008
[   60.570315][ T6878] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003
[   60.578281][ T6878] 
[   60.580593][ T6878] Allocated by task 6878:
[   60.584918][ T6878]  kasan_save_stack+0x1b/0x40
[   60.589575][ T6878]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   60.595196][ T6878]  kvmalloc_node+0x61/0xf0
[   60.599616][ T6878]  f2fs_build_segment_manager+0xb5b/0xa6d0
[   60.605402][ T6878]  f2fs_fill_super+0x381a/0x6e80
[   60.610319][ T6878]  mount_bdev+0x32e/0x3f0
[   60.614625][ T6878]  legacy_get_tree+0x105/0x220
[   60.619383][ T6878]  vfs_get_tree+0x89/0x2f0
[   60.623777][ T6878]  path_mount+0x1387/0x20a0
[   60.628263][ T6878]  __x64_sys_mount+0x27f/0x300
[   60.633013][ T6878]  do_syscall_64+0x2d/0x70
[   60.637433][ T6878]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   60.643314][ T6878] 
[   60.645626][ T6878] The buggy address belongs to the object at ffff8880a1b93000
[   60.645626][ T6878]  which belongs to the cache kmalloc-2k of size 2048
[   60.659663][ T6878] The buggy address is located 1192 bytes inside of
[   60.659663][ T6878]  2048-byte region [ffff8880a1b93000, ffff8880a1b93800)
[   60.673094][ T6878] The buggy address belongs to the page:
[   60.678719][ T6878] page:000000008c03fe3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa1b93
[   60.688867][ T6878] flags: 0xfffe0000000200(slab)
[   60.693701][ T6878] raw: 00fffe0000000200 ffffea000275f408 ffffea00025a7548 ffff8880aa040800
[   60.702300][ T6878] raw: 0000000000000000 ffff8880a1b93000 0000000100000001 0000000000000000
[   60.710868][ T6878] page dumped because: kasan: bad access detected
[   60.717260][ T6878] 
[   60.719566][ T6878] Memory state around the buggy address:
[   60.725181][ T6878]  ffff8880a1b93380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.733232][ T6878]  ffff8880a1b93400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.741283][ T6878] >ffff8880a1b93480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   60.749330][ T6878]                                   ^
[   60.754688][ T6878]  ffff8880a1b93500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   60.762744][ T6878]  ffff8880a1b93580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   60.770791][ T6878] ==================================================================
[   60.778947][ T6878] Disabling lock debugging due to kernel taint
[   60.802463][ T6878] Kernel panic - not syncing: panic_on_warn set ...
[   60.809079][ T6878] CPU: 0 PID: 6878 Comm: syz-executor682 Tainted: G    B             5.9.0-rc6-syzkaller #0
[   60.819146][ T6878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.829184][ T6878] Call Trace:
[   60.832461][ T6878]  dump_stack+0x198/0x1fd
[   60.836778][ T6878]  ? f2fs_build_segment_manager+0x92f0/0xa6d0
[   60.842839][ T6878]  panic+0x382/0x7fb
[   60.846723][ T6878]  ? __warn_printk+0xf3/0xf3
[   60.851338][ T6878]  ? preempt_schedule_common+0x59/0xc0
[   60.856781][ T6878]  ? f2fs_build_segment_manager+0x9302/0xa6d0
[   60.862855][ T6878]  ? preempt_schedule_thunk+0x16/0x18
[   60.868210][ T6878]  ? trace_hardirqs_on+0x55/0x220
[   60.873218][ T6878]  ? f2fs_build_segment_manager+0x9302/0xa6d0
[   60.879274][ T6878]  ? f2fs_build_segment_manager+0x9302/0xa6d0
[   60.885331][ T6878]  end_report+0x4d/0x53
[   60.889483][ T6878]  kasan_report.cold+0xd/0x37
[   60.894150][ T6878]  ? f2fs_build_segment_manager+0x9302/0xa6d0
[   60.900208][ T6878]  f2fs_build_segment_manager+0x9302/0xa6d0
[   60.906099][ T6878]  ? f2fs_check_write_pointer+0x290/0x290
[   60.911800][ T6878]  ? lockdep_hardirqs_on+0x53/0x100
[   60.916977][ T6878]  ? map_id_range_down+0x1c4/0x340
[   60.922066][ T6878]  ? lock_release+0x90/0x8f0
[   60.926646][ T6878]  ? __raw_spin_lock_init+0x34/0x100
[   60.931912][ T6878]  f2fs_fill_super+0x381a/0x6e80
[   60.936840][ T6878]  ? f2fs_commit_super+0x840/0x840
[   60.941945][ T6878]  ? set_blocksize+0x1c1/0x400
[   60.946712][ T6878]  mount_bdev+0x32e/0x3f0
[   60.951019][ T6878]  ? f2fs_commit_super+0x840/0x840
[   60.956120][ T6878]  ? __bpf_trace_f2fs_fiemap+0x1b0/0x1b0
[   60.961740][ T6878]  legacy_get_tree+0x105/0x220
[   60.966494][ T6878]  vfs_get_tree+0x89/0x2f0
[   60.970900][ T6878]  path_mount+0x1387/0x20a0
[   60.975409][ T6878]  ? strncpy_from_user+0x2bf/0x3e0
[   60.980506][ T6878]  ? copy_mount_string+0x40/0x40
[   60.985435][ T6878]  ? getname_flags.part.0+0x1dd/0x4f0
[   60.990835][ T6878]  __x64_sys_mount+0x27f/0x300
[   60.995595][ T6878]  ? copy_mnt_ns+0xa60/0xa60
[   61.000178][ T6878]  ? check_preemption_disabled+0x50/0x130
[   61.005886][ T6878]  ? syscall_enter_from_user_mode+0x1d/0x60
[   61.011796][ T6878]  do_syscall_64+0x2d/0x70
[   61.016194][ T6878]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   61.022084][ T6878] RIP: 0033:0x446ffa
[   61.025957][ T6878] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00
[   61.045559][ T6878] RSP: 002b:00007ffcfc6dc038 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
[   61.053953][ T6878] RAX: ffffffffffffffda RBX: 00007ffcfc6dc090 RCX: 0000000000446ffa
[   61.061907][ T6878] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcfc6dc050
[   61.069872][ T6878] RBP: 00007ffcfc6dc050 R08: 00007ffcfc6dc090 R09: 00007ffc00000015
[   61.077837][ T6878] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000008
[   61.085803][ T6878] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003
[   61.094797][ T6878] Kernel Offset: disabled
[   61.099127][ T6878] Rebooting in 86400 seconds..