INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.657877] IPVS: Creating netns size=2536 id=1 [ 26.670511] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 26.677536] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 26.685907] F2FS-fs (loop0): invalid crc value [ 26.691431] ================================================================== [ 26.698782] BUG: KASAN: use-after-free in build_segment_manager+0x962a/0x9d30 [ 26.706024] Read of size 4 at addr ffff8801c5491680 by task syzkaller746813/3800 [ 26.713524] [ 26.715125] CPU: 0 PID: 3800 Comm: syzkaller746813 Not tainted 4.9.95-g13cc540 #2 [ 26.722709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.732030] ffff8801b584f870 ffffffff81eb0ba9 ffffea0007152440 ffff8801c5491680 [ 26.740006] 0000000000000000 ffff8801c5491680 ffff8801d6b2c400 ffff8801b584f8a8 [ 26.747976] ffffffff815653cb ffff8801c5491680 0000000000000004 0000000000000000 [ 26.755944] Call Trace: [ 26.758503] [] dump_stack+0xc1/0x128 [ 26.763837] [] print_address_description+0x6c/0x234 [ 26.770472] [] kasan_report.cold.6+0x242/0x2fe [ 26.776674] [] ? build_segment_manager+0x962a/0x9d30 [ 26.783399] [] __asan_report_load4_noabort+0x14/0x20 [ 26.790120] [] build_segment_manager+0x962a/0x9d30 [ 26.796666] [] ? flush_sit_entries+0x2560/0x2560 [ 26.803041] [] ? __raw_spin_lock_init+0x2d/0x100 [ 26.809418] [] f2fs_fill_super+0x1d10/0x5d00 [ 26.815444] [] ? vsnprintf+0x1a8/0x1840 [ 26.821035] [] ? vsprintf+0x40/0x40 [ 26.826281] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 26.832482] [] ? set_blocksize+0x267/0x300 [ 26.838336] [] ? set_bdev_super+0x150/0x150 [ 26.844277] [] mount_bdev+0x2c7/0x390 [ 26.849695] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 26.855892] [] f2fs_mount+0x34/0x40 [ 26.861139] [] mount_fs+0x28c/0x370 [ 26.866386] [] vfs_kern_mount.part.29+0xd1/0x3d0 [ 26.872760] [] ? ns_capable_common+0x12a/0x150 [ 26.878959] [] do_mount+0x3c9/0x2740 [ 26.884289] [] ? copy_mount_string+0x40/0x40 [ 26.890314] [] ? kasan_unpoison_shadow+0x35/0x50 [ 26.896688] [] ? kasan_kmalloc+0xc7/0xe0 [ 26.902368] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 26.908913] [] ? copy_mount_options+0x5f/0x320 [ 26.915112] [] ? copy_mount_options+0x1e5/0x320 [ 26.921398] [] SyS_mount+0xfe/0x110 [ 26.926643] [] ? copy_mnt_ns+0x8e0/0x8e0 [ 26.932322] [] do_syscall_64+0x1a6/0x490 [ 26.938002] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.944893] [ 26.946488] The buggy address belongs to the page: [ 26.951384] page:ffffea0007152440 count:0 mapcount:0 mapping: (null) index:0x1 [ 26.959610] flags: 0x8000000000000000() [ 26.963549] page dumped because: kasan: bad access detected [ 26.969226] [ 26.970823] Memory state around the buggy address: [ 26.975720] ffff8801c5491580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.983045] ffff8801c5491600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.990371] >ffff8801c5491680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.997694] ^ [ 27.001028] ffff8801c5491700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.008353] ffff8801c5491780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.015678] ================================================================== [ 27.023001] Disabling lock debugging due to kernel taint [ 27.028711] Kernel panic - not syncing: panic_on_warn set ... [ 27.028711] [ 27.036079] CPU: 0 PID: 3800 Comm: syzkaller746813 Tainted: G B 4.9.95-g13cc540 #2 [ 27.044892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.054217] ffff8801b584f7d0 ffffffff81eb0ba9 ffffffff841c4485 00000000ffffffff [ 27.062181] 0000000000000000 0000000000000000 ffff8801d6b2c400 ffff8801b584f890 [ 27.070152] ffffffff8141f945 0000000041b58ab3 ffffffff841b7b88 ffffffff8141f786 [ 27.078116] Call Trace: [ 27.080674] [] dump_stack+0xc1/0x128 [ 27.086005] [] panic+0x1bf/0x3bc [ 27.090991] [] ? add_taint.cold.6+0x16/0x16 [ 27.096929] [] ? ___preempt_schedule+0x16/0x18 [ 27.103131] [] kasan_end_report+0x47/0x4f [ 27.108896] [] kasan_report.cold.6+0x76/0x2fe [ 27.115010] [] ? build_segment_manager+0x962a/0x9d30 [ 27.121732] [] __asan_report_load4_noabort+0x14/0x20 [ 27.128454] [] build_segment_manager+0x962a/0x9d30 [ 27.135002] [] ? flush_sit_entries+0x2560/0x2560 [ 27.141376] [] ? __raw_spin_lock_init+0x2d/0x100 [ 27.147749] [] f2fs_fill_super+0x1d10/0x5d00 [ 27.153775] [] ? vsnprintf+0x1a8/0x1840 [ 27.159366] [] ? vsprintf+0x40/0x40 [ 27.164611] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 27.170810] [] ? set_blocksize+0x267/0x300 [ 27.176660] [] ? set_bdev_super+0x150/0x150 [ 27.182606] [] mount_bdev+0x2c7/0x390 [ 27.188022] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 27.194223] [] f2fs_mount+0x34/0x40 [ 27.199468] [] mount_fs+0x28c/0x370 [ 27.204713] [] vfs_kern_mount.part.29+0xd1/0x3d0 [ 27.211089] [] ? ns_capable_common+0x12a/0x150 [ 27.217288] [] do_mount+0x3c9/0x2740 [ 27.222619] [] ? copy_mount_string+0x40/0x40 [ 27.228646] [] ? kasan_unpoison_shadow+0x35/0x50 [ 27.235019] [] ? kasan_kmalloc+0xc7/0xe0 [ 27.240698] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 27.247244] [] ? copy_mount_options+0x5f/0x320 [ 27.253445] [] ? copy_mount_options+0x1e5/0x320 [ 27.259735] [] SyS_mount+0xfe/0x110 [ 27.264977] [] ? copy_mnt_ns+0x8e0/0x8e0 [ 27.270656] [] do_syscall_64+0x1a6/0x490 [ 27.276334] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 27.283619] Dumping ftrace buffer: [ 27.287130] (ftrace buffer empty) [ 27.290811] Kernel Offset: disabled [ 27.294405] Rebooting in 86400 seconds..