[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 182.681343] F2FS-fs (loop0): Invalid blocksize (65536), supports only 4KB [ 182.681343] [ 182.690043] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 182.704894] F2FS-fs (loop0): Found nat_bits in checkpoint [ 182.742333] F2FS-fs (loop0): Mounted with checkpoint version = 3e17dab1 [ 182.819020] ================================================================== [ 182.826462] BUG: KASAN: slab-out-of-bounds in is_alive+0xab1/0xb80 [ 182.832770] Read of size 4 at addr ffff88809adf6150 by task syz-executor379/8124 [ 182.840365] [ 182.841976] CPU: 1 PID: 8124 Comm: syz-executor379 Not tainted 4.19.211-syzkaller #0 [ 182.849834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 182.859170] Call Trace: [ 182.861755] dump_stack+0x1fc/0x2ef [ 182.865368] print_address_description.cold+0x54/0x219 [ 182.870629] kasan_report_error.cold+0x8a/0x1b9 [ 182.875284] ? is_alive+0xab1/0xb80 [ 182.878894] __asan_report_load4_noabort+0x88/0x90 [ 182.883811] ? is_alive+0xab1/0xb80 [ 182.887421] is_alive+0xab1/0xb80 [ 182.890861] f2fs_gc+0x1e26/0x8c90 [ 182.894398] ? f2fs_start_bidx_of_node+0x140/0x140 [ 182.899308] ? f2fs_lookup_rb_tree_ret+0x650/0x650 [ 182.904219] ? lock_downgrade+0x720/0x720 [ 182.908350] ? f2fs_inode_chksum_set+0xf2/0x2f0 [ 182.913002] ? lock_acquire+0x170/0x3c0 [ 182.916954] ? f2fs_balance_fs+0x709/0xd80 [ 182.921170] ? __mutex_lock+0x368/0x1190 [ 182.925211] ? lock_downgrade+0x720/0x720 [ 182.929340] ? f2fs_balance_fs+0x709/0xd80 [ 182.933560] ? mutex_trylock+0x1a0/0x1a0 [ 182.937610] ? up_read+0x17/0x110 [ 182.941046] ? __write_data_page+0x16ae/0x22d0 [ 182.945619] f2fs_balance_fs+0x71a/0xd80 [ 182.949675] __write_data_page+0xab8/0x22d0 [ 182.953996] ? clear_page_dirty_for_io+0xa1b/0xee0 [ 182.958912] ? f2fs_do_write_data_page+0x2950/0x2950 [ 182.964003] ? clear_page_dirty_for_io+0x2c8/0xee0 [ 182.968914] f2fs_write_cache_pages+0x96e/0x13e0 [ 182.973659] ? __write_data_page+0x22d0/0x22d0 [ 182.978220] ? count_shadow_nodes+0x260/0x260 [ 182.982702] ? isolate_freepages_block+0x87f/0xd10 [ 182.987620] f2fs_write_data_pages+0xcc3/0x1060 [ 182.992274] ? f2fs_write_cache_pages+0x13e0/0x13e0 [ 182.997272] ? mark_held_locks+0xf0/0xf0 [ 183.001318] ? __lru_cache_add+0x1e3/0x2c0 [ 183.005535] ? f2fs_write_cache_pages+0x13e0/0x13e0 [ 183.010531] do_writepages+0xe5/0x290 [ 183.014314] ? page_writeback_cpu_online+0x10/0x10 [ 183.019226] ? do_raw_spin_unlock+0x171/0x230 [ 183.023705] ? _raw_spin_unlock+0x29/0x40 [ 183.027839] ? wbc_attach_and_unlock_inode+0x11d/0x9e0 [ 183.033097] __filemap_fdatawrite_range+0x27d/0x350 [ 183.038095] ? lock_downgrade+0x720/0x720 [ 183.042222] ? delete_from_page_cache_batch+0xcc0/0xcc0 [ 183.047571] ? f2fs_update_dirty_page+0x34d/0x800 [ 183.052393] ? check_preemption_disabled+0x41/0x280 [ 183.057387] ? check_preemption_disabled+0x41/0x280 [ 183.062383] file_write_and_wait_range+0x93/0x100 [ 183.067207] f2fs_do_sync_file+0x2eb/0x2550 [ 183.071509] ? f2fs_readdir+0x11a0/0x11a0 [ 183.075642] ? f2fs_file_write_iter+0x5aa/0xbe0 [ 183.080290] f2fs_sync_file+0x136/0x190 [ 183.084242] ? f2fs_do_sync_file+0x2550/0x2550 [ 183.088806] vfs_fsync_range+0x13a/0x220 [ 183.092850] f2fs_file_write_iter+0x64b/0xbe0 [ 183.097331] do_iter_readv_writev+0x668/0x790 [ 183.101807] ? clone_verify_area+0x240/0x240 [ 183.106197] ? security_file_permission+0x1c0/0x220 [ 183.111197] do_iter_write+0x182/0x5d0 [ 183.115068] vfs_iter_write+0x70/0xa0 [ 183.118848] iter_file_splice_write+0x60d/0xbb0 [ 183.123501] ? splice_from_pipe_next.part.0+0x360/0x360 [ 183.128855] ? security_file_permission+0x1c0/0x220 [ 183.133850] ? splice_from_pipe_next.part.0+0x360/0x360 [ 183.139200] direct_splice_actor+0x115/0x160 [ 183.143609] splice_direct_to_actor+0x33f/0x8d0 [ 183.148262] ? generic_pipe_buf_nosteal+0x10/0x10 [ 183.153088] ? do_splice_to+0x160/0x160 [ 183.157046] do_splice_direct+0x1a7/0x270 [ 183.161212] ? splice_direct_to_actor+0x8d0/0x8d0 [ 183.166142] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 183.171138] do_sendfile+0x550/0xc30 [ 183.174850] ? do_compat_pwritev64+0x1b0/0x1b0 [ 183.179411] ? do_sys_ftruncate+0x410/0x560 [ 183.183715] __se_sys_sendfile64+0x147/0x160 [ 183.188103] ? __se_sys_sendfile+0x180/0x180 [ 183.192492] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 183.197835] ? trace_hardirqs_off_caller+0x6e/0x210 [ 183.202830] ? do_syscall_64+0x21/0x620 [ 183.206786] do_syscall_64+0xf9/0x620 [ 183.210567] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.215734] RIP: 0033:0x7f717e4d5509 [ 183.219434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 183.238314] RSP: 002b:00007ffed45bdb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 183.246002] RAX: ffffffffffffffda RBX: 0000000800000000 RCX: 00007f717e4d5509 [ 183.253250] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 183.260498] RBP: 0000000000000000 R08: 00007f717e544ec0 R09: 00007f717e544ec0 [ 183.267747] R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000000 [ 183.274996] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 183.282255] [ 183.283860] Allocated by task 6235: [ 183.287467] kmem_cache_alloc+0x122/0x370 [ 183.291591] getname_flags+0xce/0x590 [ 183.295368] do_sys_open+0x26c/0x520 [ 183.299058] do_syscall_64+0xf9/0x620 [ 183.302836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.308001] [ 183.309606] Freed by task 6235: [ 183.312873] kmem_cache_free+0x7f/0x260 [ 183.316826] putname+0xe1/0x120 [ 183.320083] do_sys_open+0x2ba/0x520 [ 183.323774] do_syscall_64+0xf9/0x620 [ 183.327555] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.332717] [ 183.334322] The buggy address belongs to the object at ffff88809adf6580 [ 183.334322] which belongs to the cache names_cache of size 4096 [ 183.347049] The buggy address is located 1072 bytes to the left of [ 183.347049] 4096-byte region [ffff88809adf6580, ffff88809adf7580) [ 183.359515] The buggy address belongs to the page: [ 183.364425] page:ffffea00026b7d80 count:1 mapcount:0 mapping:ffff88823b843380 index:0x0 compound_mapcount: 0 [ 183.374373] flags: 0xfff00000008100(slab|head) [ 183.378950] raw: 00fff00000008100 ffffea00026b7d08 ffffea000265b408 ffff88823b843380 [ 183.386811] raw: 0000000000000000 ffff88809adf6580 0000000100000001 0000000000000000 [ 183.394682] page dumped because: kasan: bad access detected [ 183.400363] [ 183.401967] Memory state around the buggy address: [ 183.406876] ffff88809adf6000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 183.414211] ffff88809adf6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 183.421547] >ffff88809adf6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 183.428882] ^ [ 183.434830] ffff88809adf6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 183.442165] ffff88809adf6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 183.449498] ================================================================== [ 183.456830] Disabling lock debugging due to kernel taint [ 183.466765] Kernel panic - not syncing: panic_on_warn set ... [ 183.466765] [ 183.474145] CPU: 1 PID: 8124 Comm: syz-executor379 Tainted: G B 4.19.211-syzkaller #0 [ 183.483407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 183.492755] Call Trace: [ 183.495341] dump_stack+0x1fc/0x2ef [ 183.498966] panic+0x26a/0x50e [ 183.502150] ? __warn_printk+0xf3/0xf3 [ 183.506019] ? preempt_schedule_common+0x45/0xc0 [ 183.510752] ? ___preempt_schedule+0x16/0x18 [ 183.515139] ? trace_hardirqs_on+0x55/0x210 [ 183.519441] kasan_end_report+0x43/0x49 [ 183.523393] kasan_report_error.cold+0xa7/0x1b9 [ 183.528040] ? is_alive+0xab1/0xb80 [ 183.531647] __asan_report_load4_noabort+0x88/0x90 [ 183.536555] ? is_alive+0xab1/0xb80 [ 183.540157] is_alive+0xab1/0xb80 [ 183.543586] f2fs_gc+0x1e26/0x8c90 [ 183.547116] ? f2fs_start_bidx_of_node+0x140/0x140 [ 183.552022] ? f2fs_lookup_rb_tree_ret+0x650/0x650 [ 183.556940] ? lock_downgrade+0x720/0x720 [ 183.561066] ? f2fs_inode_chksum_set+0xf2/0x2f0 [ 183.565713] ? lock_acquire+0x170/0x3c0 [ 183.569683] ? f2fs_balance_fs+0x709/0xd80 [ 183.573895] ? __mutex_lock+0x368/0x1190 [ 183.577931] ? lock_downgrade+0x720/0x720 [ 183.582055] ? f2fs_balance_fs+0x709/0xd80 [ 183.586266] ? mutex_trylock+0x1a0/0x1a0 [ 183.590309] ? up_read+0x17/0x110 [ 183.593742] ? __write_data_page+0x16ae/0x22d0 [ 183.598302] f2fs_balance_fs+0x71a/0xd80 [ 183.602349] __write_data_page+0xab8/0x22d0 [ 183.606661] ? clear_page_dirty_for_io+0xa1b/0xee0 [ 183.611584] ? f2fs_do_write_data_page+0x2950/0x2950 [ 183.616690] ? clear_page_dirty_for_io+0x2c8/0xee0 [ 183.621616] f2fs_write_cache_pages+0x96e/0x13e0 [ 183.626357] ? __write_data_page+0x22d0/0x22d0 [ 183.630919] ? count_shadow_nodes+0x260/0x260 [ 183.635394] ? isolate_freepages_block+0x87f/0xd10 [ 183.640307] f2fs_write_data_pages+0xcc3/0x1060 [ 183.644959] ? f2fs_write_cache_pages+0x13e0/0x13e0 [ 183.649953] ? mark_held_locks+0xf0/0xf0 [ 183.653993] ? __lru_cache_add+0x1e3/0x2c0 [ 183.658204] ? f2fs_write_cache_pages+0x13e0/0x13e0 [ 183.663195] do_writepages+0xe5/0x290 [ 183.666974] ? page_writeback_cpu_online+0x10/0x10 [ 183.671881] ? do_raw_spin_unlock+0x171/0x230 [ 183.676353] ? _raw_spin_unlock+0x29/0x40 [ 183.680479] ? wbc_attach_and_unlock_inode+0x11d/0x9e0 [ 183.685733] __filemap_fdatawrite_range+0x27d/0x350 [ 183.690729] ? lock_downgrade+0x720/0x720 [ 183.694854] ? delete_from_page_cache_batch+0xcc0/0xcc0 [ 183.700196] ? f2fs_update_dirty_page+0x34d/0x800 [ 183.705017] ? check_preemption_disabled+0x41/0x280 [ 183.710010] ? check_preemption_disabled+0x41/0x280 [ 183.715005] file_write_and_wait_range+0x93/0x100 [ 183.719825] f2fs_do_sync_file+0x2eb/0x2550 [ 183.724124] ? f2fs_readdir+0x11a0/0x11a0 [ 183.728270] ? f2fs_file_write_iter+0x5aa/0xbe0 [ 183.732931] f2fs_sync_file+0x136/0x190 [ 183.736890] ? f2fs_do_sync_file+0x2550/0x2550 [ 183.741453] vfs_fsync_range+0x13a/0x220 [ 183.745505] f2fs_file_write_iter+0x64b/0xbe0 [ 183.749992] do_iter_readv_writev+0x668/0x790 [ 183.754470] ? clone_verify_area+0x240/0x240 [ 183.758858] ? security_file_permission+0x1c0/0x220 [ 183.763853] do_iter_write+0x182/0x5d0 [ 183.767719] vfs_iter_write+0x70/0xa0 [ 183.771500] iter_file_splice_write+0x60d/0xbb0 [ 183.776160] ? splice_from_pipe_next.part.0+0x360/0x360 [ 183.781513] ? security_file_permission+0x1c0/0x220 [ 183.786511] ? splice_from_pipe_next.part.0+0x360/0x360 [ 183.791858] direct_splice_actor+0x115/0x160 [ 183.796249] splice_direct_to_actor+0x33f/0x8d0 [ 183.800900] ? generic_pipe_buf_nosteal+0x10/0x10 [ 183.805725] ? do_splice_to+0x160/0x160 [ 183.809678] do_splice_direct+0x1a7/0x270 [ 183.813807] ? splice_direct_to_actor+0x8d0/0x8d0 [ 183.818629] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 183.823624] do_sendfile+0x550/0xc30 [ 183.827317] ? do_compat_pwritev64+0x1b0/0x1b0 [ 183.831881] ? do_sys_ftruncate+0x410/0x560 [ 183.836209] __se_sys_sendfile64+0x147/0x160 [ 183.840598] ? __se_sys_sendfile+0x180/0x180 [ 183.844986] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 183.850332] ? trace_hardirqs_off_caller+0x6e/0x210 [ 183.855325] ? do_syscall_64+0x21/0x620 [ 183.859278] do_syscall_64+0xf9/0x620 [ 183.863069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.868245] RIP: 0033:0x7f717e4d5509 [ 183.871938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 183.890819] RSP: 002b:00007ffed45bdb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 183.898588] RAX: ffffffffffffffda RBX: 0000000800000000 RCX: 00007f717e4d5509 [ 183.905834] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 183.913078] RBP: 0000000000000000 R08: 00007f717e544ec0 R09: 00007f717e544ec0 [ 183.920392] R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000000 [ 183.927650] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 183.935072] Kernel Offset: disabled [ 183.938684] Rebooting in 86400 seconds..