[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.722446] audit: type=1400 audit(1601884837.115:8): avc: denied { execmem } for pid=6353 comm="syz-executor579" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 34.735745] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 34.750847] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 34.760733] F2FS-fs (loop0): Fix alignment : done, start(4096) end(147456) block(12288) [ 34.774187] F2FS-fs (loop0): invalid crc value [ 34.781062] ================================================================== [ 34.788463] BUG: KASAN: slab-out-of-bounds in build_segment_manager+0x6464/0x7f40 [ 34.796064] Read of size 8 at addr ffff88809773b728 by task syz-executor579/6353 [ 34.803571] [ 34.805177] CPU: 0 PID: 6353 Comm: syz-executor579 Not tainted 4.14.198-syzkaller #0 [ 34.813028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.822367] Call Trace: [ 34.824936] dump_stack+0x1b2/0x283 [ 34.828543] print_address_description.cold+0x54/0x1d3 [ 34.833812] kasan_report_error.cold+0x8a/0x194 [ 34.838466] ? build_segment_manager+0x6464/0x7f40 [ 34.843386] __asan_report_load8_noabort+0x68/0x70 [ 34.848307] ? build_segment_manager+0x6464/0x7f40 [ 34.853208] build_segment_manager+0x6464/0x7f40 [ 34.857963] ? flush_sit_entries+0x27d0/0x27d0 [ 34.862522] ? __raw_spin_lock_init+0x28/0x100 [ 34.867080] f2fs_fill_super+0x2e21/0x56a0 [ 34.871299] ? snprintf+0xa5/0xd0 [ 34.874727] ? f2fs_commit_super+0x3a0/0x3a0 [ 34.879123] ? ns_test_super+0x50/0x50 [ 34.882986] ? set_blocksize+0x125/0x380 [ 34.887023] mount_bdev+0x2b3/0x360 [ 34.890635] ? f2fs_commit_super+0x3a0/0x3a0 [ 34.895017] mount_fs+0x92/0x2a0 [ 34.898371] vfs_kern_mount.part.0+0x5b/0x470 [ 34.902882] do_mount+0xe53/0x2a00 [ 34.906440] ? retint_kernel+0x2d/0x2d [ 34.910303] ? copy_mount_string+0x40/0x40 [ 34.914516] ? memset+0x20/0x40 [ 34.917770] ? copy_mount_options+0x1fa/0x2f0 [ 34.922239] ? copy_mnt_ns+0xa30/0xa30 [ 34.926111] SyS_mount+0xa8/0x120 [ 34.929537] ? copy_mnt_ns+0xa30/0xa30 [ 34.933406] do_syscall_64+0x1d5/0x640 [ 34.937272] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.942438] RIP: 0033:0x446ffa [ 34.945612] RSP: 002b:00007ffc64fb47a8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 34.953311] RAX: ffffffffffffffda RBX: 00007ffc64fb4800 RCX: 0000000000446ffa [ 34.960561] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffc64fb47c0 [ 34.967819] RBP: 00007ffc64fb47c0 R08: 00007ffc64fb4800 R09: 00007ffc00000015 [ 34.975065] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000008 [ 34.982318] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 34.989586] [ 34.991197] Allocated by task 6353: [ 34.994802] kasan_kmalloc+0xeb/0x160 [ 34.998594] __kmalloc_node+0x4c/0x70 [ 35.002367] kvmalloc_node+0x46/0xd0 [ 35.006057] build_segment_manager+0x935/0x7f40 [ 35.010708] f2fs_fill_super+0x2e21/0x56a0 [ 35.014929] mount_bdev+0x2b3/0x360 [ 35.018528] mount_fs+0x92/0x2a0 [ 35.021866] vfs_kern_mount.part.0+0x5b/0x470 [ 35.026344] do_mount+0xe53/0x2a00 [ 35.029855] SyS_mount+0xa8/0x120 [ 35.033287] do_syscall_64+0x1d5/0x640 [ 35.037163] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.042320] [ 35.043921] Freed by task 0: [ 35.046907] (stack is not available) [ 35.050588] [ 35.052189] The buggy address belongs to the object at ffff88809773b280 [ 35.052189] which belongs to the cache kmalloc-2048 of size 2048 [ 35.064992] The buggy address is located 1192 bytes inside of [ 35.064992] 2048-byte region [ffff88809773b280, ffff88809773ba80) [ 35.077009] The buggy address belongs to the page: [ 35.081914] page:ffffea00025dce80 count:1 mapcount:0 mapping:ffff88809773a180 index:0x0 compound_mapcount: 0 [ 35.091857] flags: 0xfffe0000008100(slab|head) [ 35.096425] raw: 00fffe0000008100 ffff88809773a180 0000000000000000 0000000100000003 [ 35.104278] raw: ffffea00025dc320 ffff88812fe51948 ffff88812fe50c40 0000000000000000 [ 35.112140] page dumped because: kasan: bad access detected [ 35.117820] [ 35.119417] Memory state around the buggy address: [ 35.124330] ffff88809773b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.131661] ffff88809773b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.138993] >ffff88809773b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.146336] ^ [ 35.150987] ffff88809773b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.158330] ffff88809773b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.165659] ================================================================== [ 35.172987] Disabling lock debugging due to kernel taint [ 35.179322] Kernel panic - not syncing: panic_on_warn set ... [ 35.179322] [ 35.186690] CPU: 0 PID: 6353 Comm: syz-executor579 Tainted: G B 4.14.198-syzkaller #0 [ 35.195774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.205126] Call Trace: [ 35.207721] dump_stack+0x1b2/0x283 [ 35.211324] panic+0x1f9/0x42d [ 35.214489] ? add_taint.cold+0x16/0x16 [ 35.218436] ? ___preempt_schedule+0x16/0x18 [ 35.222821] kasan_end_report+0x43/0x49 [ 35.226768] kasan_report_error.cold+0xa7/0x194 [ 35.231428] ? build_segment_manager+0x6464/0x7f40 [ 35.236342] __asan_report_load8_noabort+0x68/0x70 [ 35.241260] ? build_segment_manager+0x6464/0x7f40 [ 35.246173] build_segment_manager+0x6464/0x7f40 [ 35.250923] ? flush_sit_entries+0x27d0/0x27d0 [ 35.255499] ? __raw_spin_lock_init+0x28/0x100 [ 35.260055] f2fs_fill_super+0x2e21/0x56a0 [ 35.264270] ? snprintf+0xa5/0xd0 [ 35.267696] ? f2fs_commit_super+0x3a0/0x3a0 [ 35.272089] ? ns_test_super+0x50/0x50 [ 35.275956] ? set_blocksize+0x125/0x380 [ 35.280000] mount_bdev+0x2b3/0x360 [ 35.283601] ? f2fs_commit_super+0x3a0/0x3a0 [ 35.287993] mount_fs+0x92/0x2a0 [ 35.291346] vfs_kern_mount.part.0+0x5b/0x470 [ 35.295815] do_mount+0xe53/0x2a00 [ 35.299330] ? retint_kernel+0x2d/0x2d [ 35.303192] ? copy_mount_string+0x40/0x40 [ 35.307401] ? memset+0x20/0x40 [ 35.310654] ? copy_mount_options+0x1fa/0x2f0 [ 35.315121] ? copy_mnt_ns+0xa30/0xa30 [ 35.318980] SyS_mount+0xa8/0x120 [ 35.322403] ? copy_mnt_ns+0xa30/0xa30 [ 35.326264] do_syscall_64+0x1d5/0x640 [ 35.330134] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.335296] RIP: 0033:0x446ffa [ 35.338454] RSP: 002b:00007ffc64fb47a8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 35.346133] RAX: ffffffffffffffda RBX: 00007ffc64fb4800 RCX: 0000000000446ffa [ 35.353376] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffc64fb47c0 [ 35.360635] RBP: 00007ffc64fb47c0 R08: 00007ffc64fb4800 R09: 00007ffc00000015 [ 35.367889] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000008 [ 35.375134] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 35.383533] Kernel Offset: disabled [ 35.387144] Rebooting in 86400 seconds..