Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts. executing program [ 37.335949][ T6237] loop0: detected capacity change from 0 to 40427 [ 37.344819][ T6237] F2FS-fs (loop0): invalid crc value [ 37.354435][ T6237] F2FS-fs (loop0): Found nat_bits in checkpoint [ 37.367498][ T6237] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 37.370189][ T6237] ================================================================== [ 37.372196][ T6237] BUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xc6c/0xf74 [ 37.374170][ T6237] Read of size 1 at addr ffff0000cbfa826c by task syz-executor240/6237 [ 37.376210][ T6237] [ 37.376794][ T6237] CPU: 0 PID: 6237 Comm: syz-executor240 Not tainted 6.9.0-rc4-syzkaller-g6a71d2909427 #0 [ 37.379388][ T6237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 37.382052][ T6237] Call trace: [ 37.382813][ T6237] dump_backtrace+0x1b8/0x1e4 [ 37.384023][ T6237] show_stack+0x2c/0x3c [ 37.385089][ T6237] dump_stack_lvl+0xe4/0x150 [ 37.386251][ T6237] print_report+0x198/0x538 [ 37.387421][ T6237] kasan_report+0xd8/0x138 [ 37.388526][ T6237] __asan_report_load1_noabort+0x20/0x2c [ 37.389912][ T6237] f2fs_get_node_info+0xc6c/0xf74 [ 37.391203][ T6237] f2fs_fiemap+0x3f0/0x17c8 [ 37.392320][ T6237] do_vfs_ioctl+0x1c18/0x2ab0 [ 37.393568][ T6237] __arm64_sys_ioctl+0xe4/0x1c8 [ 37.394827][ T6237] invoke_syscall+0x98/0x2b8 [ 37.396040][ T6237] el0_svc_common+0x130/0x23c [ 37.397191][ T6237] do_el0_svc+0x48/0x58 [ 37.398196][ T6237] el0_svc+0x54/0x168 [ 37.399230][ T6237] el0t_64_sync_handler+0x84/0xfc [ 37.400516][ T6237] el0t_64_sync+0x190/0x194 [ 37.401752][ T6237] [ 37.402350][ T6237] Allocated by task 6237: [ 37.403414][ T6237] kasan_save_track+0x40/0x78 [ 37.404687][ T6237] kasan_save_alloc_info+0x40/0x50 [ 37.406131][ T6237] __kasan_kmalloc+0xac/0xc4 [ 37.407344][ T6237] __kmalloc_node_track_caller+0x2e4/0x544 [ 37.408841][ T6237] kmemdup+0x44/0x80 [ 37.409722][ T6237] f2fs_build_node_manager+0x6e8/0x2528 [ 37.411155][ T6237] f2fs_fill_super+0x47d0/0x6848 [ 37.412465][ T6237] mount_bdev+0x1d4/0x2a0 [ 37.413573][ T6237] f2fs_mount+0x44/0x58 [ 37.414647][ T6237] legacy_get_tree+0xd4/0x16c [ 37.415856][ T6237] vfs_get_tree+0x90/0x288 [ 37.416973][ T6237] do_new_mount+0x278/0x900 [ 37.418221][ T6237] path_mount+0x590/0xe04 [ 37.419372][ T6237] __arm64_sys_mount+0x45c/0x594 [ 37.420622][ T6237] invoke_syscall+0x98/0x2b8 [ 37.421751][ T6237] el0_svc_common+0x130/0x23c [ 37.422883][ T6237] do_el0_svc+0x48/0x58 [ 37.423853][ T6237] el0_svc+0x54/0x168 [ 37.424878][ T6237] el0t_64_sync_handler+0x84/0xfc [ 37.426223][ T6237] el0t_64_sync+0x190/0x194 [ 37.427373][ T6237] [ 37.427936][ T6237] The buggy address belongs to the object at ffff0000cbfa8200 [ 37.427936][ T6237] which belongs to the cache kmalloc-64 of size 64 [ 37.431573][ T6237] The buggy address is located 44 bytes to the right of [ 37.431573][ T6237] allocated 64-byte region [ffff0000cbfa8200, ffff0000cbfa8240) [ 37.435421][ T6237] [ 37.436035][ T6237] The buggy address belongs to the physical page: [ 37.437655][ T6237] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10bfa8 [ 37.439940][ T6237] flags: 0x5ffe00000000800(slab|node=0|zone=2|lastcpupid=0xfff) [ 37.441957][ T6237] page_type: 0xffffffff() [ 37.443084][ T6237] raw: 05ffe00000000800 ffff0000c0001640 dead000000000100 dead000000000122 [ 37.445393][ T6237] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 37.447648][ T6237] page dumped because: kasan: bad access detected [ 37.449262][ T6237] [ 37.449806][ T6237] Memory state around the buggy address: [ 37.451246][ T6237] ffff0000cbfa8100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.453310][ T6237] ffff0000cbfa8180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.455239][ T6237] >ffff0000cbfa8200: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 37.457224][ T6237] ^ [ 37.459132][ T6237] ffff0000cbfa8280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 37.461205][ T6237] ffff0000cbfa8300: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 37.463388][ T6237] ================================================================== [ 37.466644][ T6237] Disabling lock debugging due to kernel taint