Warning: Permanently added '10.128.0.165' (ECDSA) to the list of known hosts. executing program [* ] A start job is running for dev-ttyS0.device (8s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (11s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (11s / 1min 30s)[ 18.746453][ T22] audit: type=1400 audit(1601023447.951:8): avc: denied { execmem } for pid=341 comm="syz-executor072" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 18.768221][ T341] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 18.776814][ T341] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 18.786096][ T341] F2FS-fs (loop0): Fix alignment : done, start(4096) end(147456) block(12288) [ 18.795969][ T341] F2FS-fs (loop0): invalid crc_offset: 0 [ 18.802417][ T341] ================================================================== [ 18.810480][ T341] BUG: KASAN: slab-out-of-bounds in f2fs_build_segment_manager+0x7ed0/0x88b0 [ 18.819207][ T341] Read of size 8 at addr ffff8881cdc78be0 by task syz-executor072/341 [ 18.827335][ T341] [ 18.829638][ T341] CPU: 0 PID: 341 Comm: syz-executor072 Not tainted 5.4.65-syzkaller-00175-g63d1c2f0b547 #0 [ 18.839676][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.849699][ T341] Call Trace: [ 18.852977][ T341] dump_stack+0x1b0/0x21e [ 18.857276][ T341] ? show_regs_print_info+0x12/0x12 [ 18.862466][ T341] ? printk+0xc0/0x104 [ 18.866516][ T341] print_address_description+0x96/0x5d0 [ 18.872025][ T341] ? devkmsg_release+0x11c/0x11c [ 18.876930][ T341] __kasan_report+0x14b/0x1c0 [ 18.881573][ T341] ? f2fs_build_segment_manager+0x7ed0/0x88b0 [ 18.887618][ T341] kasan_report+0x27/0x50 [ 18.891929][ T341] f2fs_build_segment_manager+0x7ed0/0x88b0 [ 18.897786][ T341] ? f2fs_sanity_check_ckpt+0x1b3a/0x2100 [ 18.903474][ T341] ? f2fs_check_write_pointer+0x10/0x10 [ 18.909002][ T341] ? copy_page_from_iter+0x480/0x660 [ 18.914268][ T341] ? cpumask_next+0xc/0x20 [ 18.918663][ T341] f2fs_fill_super+0x691a/0x9a40 [ 18.923571][ T341] ? vsnprintf+0x1ba3/0x1c50 [ 18.928127][ T341] ? snprintf+0xc0/0x110 [ 18.932333][ T341] ? kill_f2fs_super+0x330/0x330 [ 18.937237][ T341] ? mount_bdev+0x340/0x340 [ 18.941704][ T341] mount_bdev+0x22d/0x340 [ 18.946011][ T341] ? kill_f2fs_super+0x330/0x330 [ 18.950913][ T341] legacy_get_tree+0xde/0x170 [ 18.955569][ T341] ? trace_raw_output_f2fs_fiemap+0x210/0x210 [ 18.961615][ T341] vfs_get_tree+0x85/0x260 [ 18.965997][ T341] do_mount+0x1883/0x2630 [ 18.970333][ T341] ? copy_mount_string+0x30/0x30 [ 18.975239][ T341] ? __should_failslab+0x8b/0x150 [ 18.980257][ T341] ? copy_mount_options+0x59/0x320 [ 18.985337][ T341] ? copy_mount_options+0x293/0x320 [ 18.990503][ T341] ksys_mount+0xc2/0xf0 [ 18.994628][ T341] __x64_sys_mount+0xb1/0xc0 [ 18.999185][ T341] do_syscall_64+0xcb/0x150 [ 19.003666][ T341] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.009704][ T341] RIP: 0033:0x446ffa [ 19.013569][ T341] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 19.033251][ T341] RSP: 002b:00007fff06edda68 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 19.041634][ T341] RAX: ffffffffffffffda RBX: 00007fff06eddac0 RCX: 0000000000446ffa [ 19.049589][ T341] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff06edda80 [ 19.057536][ T341] RBP: 00007fff06edda80 R08: 00007fff06eddac0 R09: 00007fff00000015 [ 19.065500][ T341] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000008 [ 19.073449][ T341] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 19.081394][ T341] [ 19.083710][ T341] Allocated by task 341: [ 19.087964][ T341] __kasan_kmalloc+0x117/0x1b0 [ 19.092694][ T341] __kmalloc+0xf7/0x2c0 [ 19.096904][ T341] kvmalloc_node+0xc2/0x120 [ 19.101483][ T341] f2fs_build_segment_manager+0xd5f/0x88b0 [ 19.107269][ T341] f2fs_fill_super+0x691a/0x9a40 [ 19.112171][ T341] mount_bdev+0x22d/0x340 [ 19.116471][ T341] legacy_get_tree+0xde/0x170 [ 19.121125][ T341] vfs_get_tree+0x85/0x260 [ 19.128895][ T341] do_mount+0x1883/0x2630 [ 19.133614][ T341] ksys_mount+0xc2/0xf0 [ 19.137736][ T341] __x64_sys_mount+0xb1/0xc0 [ 19.142289][ T341] do_syscall_64+0xcb/0x150 [ 19.146814][ T341] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.152680][ T341] [ 19.154977][ T341] Freed by task 0: [ 19.158679][ T341] (stack is not available) [ 19.163059][ T341] [ 19.165359][ T341] The buggy address belongs to the object at ffff8881cdc78800 [ 19.165359][ T341] which belongs to the cache kmalloc-1k of size 1024 [ 19.179502][ T341] The buggy address is located 992 bytes inside of [ 19.179502][ T341] 1024-byte region [ffff8881cdc78800, ffff8881cdc78c00) [ 19.192822][ T341] The buggy address belongs to the page: [ 19.198423][ T341] page:ffffea0007371e00 refcount:1 mapcount:0 mapping:ffff8881da802280 index:0x0 compound_mapcount: 0 [ 19.209315][ T341] flags: 0x8000000000010200(slab|head) [ 19.214743][ T341] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da802280 [ 19.223294][ T341] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 19.231839][ T341] page dumped because: kasan: bad access detected [ 19.238215][ T341] [ 19.240527][ T341] Memory state around the buggy address: [ 19.246127][ T341] ffff8881cdc78a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.254155][ T341] ffff8881cdc78b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.262201][ T341] >ffff8881cdc78b80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 19.270660][ T341] ^ [ 19.277817][ T341] ffff8881cdc78c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.285844][ T341] ffff8881cdc78c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.293867][ T341] ================================================================== [ 19.301904][ T341] Disabling lock debugging due to kernel taint [ *] A start job is running for dev-ttyS0.device (12s / 1min 30s)[ 19.326880][ T341] F2FS-fs (loop0): inconsistent node block, nid:3, node_footer[nid:0,ino:0,ofs:0,cpver:0,blkaddr:0] [ 19.337799][ T341] F2FS-fs (loop0): Failed to read root inode