[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.75' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.484073] audit: type=1400 audit(1602924714.030:8): avc: denied { execmem } for pid=6506 comm="syz-executor063" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.496410] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 40.511645] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 40.520383] F2FS-fs (loop0): Fix alignment : done, start(4096) end(147456) block(12288) [ 40.530081] F2FS-fs (loop0): invalid crc value [ 40.538685] ================================================================== [ 40.546149] BUG: KASAN: slab-out-of-bounds in f2fs_build_segment_manager+0x8ed7/0xa980 [ 40.554209] Read of size 8 at addr ffff8880975e5628 by task syz-executor063/6506 [ 40.561734] [ 40.563366] CPU: 1 PID: 6506 Comm: syz-executor063 Not tainted 4.19.150-syzkaller #0 [ 40.571236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.580581] Call Trace: [ 40.583163] dump_stack+0x22c/0x33e [ 40.586788] print_address_description.cold+0x56/0x25c [ 40.592047] kasan_report_error.cold+0x66/0xb9 [ 40.596613] ? f2fs_build_segment_manager+0x8ed7/0xa980 [ 40.601958] __asan_report_load8_noabort+0x88/0x90 [ 40.606884] ? f2fs_build_segment_manager+0x8ed7/0xa980 [ 40.612229] f2fs_build_segment_manager+0x8ed7/0xa980 [ 40.617436] ? f2fs_flush_sit_entries+0x37c0/0x37c0 [ 40.622455] ? map_id_range_down+0x293/0x340 [ 40.626862] ? debug_mutex_wake_waiter+0x380/0x3e0 [ 40.631774] ? __lockdep_init_map+0x100/0x5c0 [ 40.636254] f2fs_fill_super+0x2173/0x7920 [ 40.640499] ? snprintf+0xbb/0xf0 [ 40.643936] ? f2fs_commit_super+0x400/0x400 [ 40.648328] ? __mutex_add_waiter+0x160/0x160 [ 40.652805] ? set_blocksize+0x163/0x3f0 [ 40.656865] mount_bdev+0x2fc/0x3b0 [ 40.660485] ? f2fs_commit_super+0x400/0x400 [ 40.664890] mount_fs+0xa3/0x318 [ 40.668239] vfs_kern_mount.part.0+0x68/0x470 [ 40.672732] do_mount+0x51c/0x2f10 [ 40.676276] ? __do_page_fault+0x1ca/0xe00 [ 40.680488] ? copy_mount_string+0x40/0x40 [ 40.684707] ? copy_mount_options+0x1c3/0x370 [ 40.689193] ? copy_mount_options+0x1d0/0x370 [ 40.693676] ? copy_mount_options+0x1df/0x370 [ 40.698149] ? copy_mount_options+0x261/0x370 [ 40.702625] ksys_mount+0xcf/0x130 [ 40.706146] __x64_sys_mount+0xba/0x150 [ 40.710100] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 40.714664] do_syscall_64+0xf9/0x670 [ 40.718462] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.723646] RIP: 0033:0x446ffa [ 40.726822] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 40.745708] RSP: 002b:00007ffc88417ad8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 40.753414] RAX: ffffffffffffffda RBX: 00007ffc88417b30 RCX: 0000000000446ffa [ 40.760662] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffc88417af0 [ 40.767910] RBP: 00007ffc88417af0 R08: 00007ffc88417b30 R09: 00007ffc00000015 [ 40.775172] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000008 [ 40.782421] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 40.789697] [ 40.791303] Allocated by task 6506: [ 40.794928] __kmalloc_node+0x4c/0x70 [ 40.798707] kvmalloc_node+0x61/0xf0 [ 40.802418] f2fs_build_segment_manager+0xd2e/0xa980 [ 40.807512] f2fs_fill_super+0x2173/0x7920 [ 40.811739] mount_bdev+0x2fc/0x3b0 [ 40.815344] mount_fs+0xa3/0x318 [ 40.818706] vfs_kern_mount.part.0+0x68/0x470 [ 40.823178] do_mount+0x51c/0x2f10 [ 40.826708] ksys_mount+0xcf/0x130 [ 40.830599] __x64_sys_mount+0xba/0x150 [ 40.834566] do_syscall_64+0xf9/0x670 [ 40.838361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.843523] [ 40.845139] Freed by task 0: [ 40.848142] (stack is not available) [ 40.851849] [ 40.853467] The buggy address belongs to the object at ffff8880975e5180 [ 40.853467] which belongs to the cache kmalloc-2048 of size 2048 [ 40.866282] The buggy address is located 1192 bytes inside of [ 40.866282] 2048-byte region [ffff8880975e5180, ffff8880975e5980) [ 40.878318] The buggy address belongs to the page: [ 40.883231] page:ffffea00025d7900 count:1 mapcount:0 mapping:ffff88812c3f6c40 index:0x0 compound_mapcount: 0 [ 40.893176] flags: 0xfffe0000008100(slab|head) [ 40.897740] raw: 00fffe0000008100 ffffea00025b2388 ffff88812c3f4948 ffff88812c3f6c40 [ 40.905642] raw: 0000000000000000 ffff8880975e4080 0000000100000003 0000000000000000 [ 40.913535] page dumped because: kasan: bad access detected [ 40.919232] [ 40.920839] Memory state around the buggy address: [ 40.925756] ffff8880975e5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.933117] ffff8880975e5580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.940468] >ffff8880975e5600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.947822] ^ [ 40.952485] ffff8880975e5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.959838] ffff8880975e5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.967176] ================================================================== [ 40.974509] Disabling lock debugging due to kernel taint [ 40.980748] Kernel panic - not syncing: panic_on_warn set ... [ 40.980748] [ 40.988127] CPU: 1 PID: 6506 Comm: syz-executor063 Tainted: G B 4.19.150-syzkaller #0 [ 40.997398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.006748] Call Trace: [ 41.009345] dump_stack+0x22c/0x33e [ 41.012983] panic+0x2ac/0x565 [ 41.016178] ? __warn_printk+0xf3/0xf3 [ 41.020067] ? preempt_schedule_common+0x45/0xc0 [ 41.024835] ? ___preempt_schedule+0x16/0x18 [ 41.029224] ? trace_hardirqs_on+0x55/0x210 [ 41.033538] kasan_end_report+0x43/0x49 [ 41.037491] kasan_report_error.cold+0x83/0xb9 [ 41.042067] ? f2fs_build_segment_manager+0x8ed7/0xa980 [ 41.047420] __asan_report_load8_noabort+0x88/0x90 [ 41.052331] ? f2fs_build_segment_manager+0x8ed7/0xa980 [ 41.057674] f2fs_build_segment_manager+0x8ed7/0xa980 [ 41.062865] ? f2fs_flush_sit_entries+0x37c0/0x37c0 [ 41.067862] ? map_id_range_down+0x293/0x340 [ 41.072260] ? debug_mutex_wake_waiter+0x380/0x3e0 [ 41.077179] ? __lockdep_init_map+0x100/0x5c0 [ 41.081657] f2fs_fill_super+0x2173/0x7920 [ 41.085878] ? snprintf+0xbb/0xf0 [ 41.089307] ? f2fs_commit_super+0x400/0x400 [ 41.093705] ? __mutex_add_waiter+0x160/0x160 [ 41.098179] ? set_blocksize+0x163/0x3f0 [ 41.102222] mount_bdev+0x2fc/0x3b0 [ 41.105826] ? f2fs_commit_super+0x400/0x400 [ 41.110211] mount_fs+0xa3/0x318 [ 41.113558] vfs_kern_mount.part.0+0x68/0x470 [ 41.118028] do_mount+0x51c/0x2f10 [ 41.121547] ? __do_page_fault+0x1ca/0xe00 [ 41.125765] ? copy_mount_string+0x40/0x40 [ 41.129982] ? copy_mount_options+0x1c3/0x370 [ 41.134465] ? copy_mount_options+0x1d0/0x370 [ 41.138942] ? copy_mount_options+0x1df/0x370 [ 41.143418] ? copy_mount_options+0x261/0x370 [ 41.147902] ksys_mount+0xcf/0x130 [ 41.151423] __x64_sys_mount+0xba/0x150 [ 41.155385] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 41.159946] do_syscall_64+0xf9/0x670 [ 41.163745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.168928] RIP: 0033:0x446ffa [ 41.172116] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 41.191001] RSP: 002b:00007ffc88417ad8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 41.198717] RAX: ffffffffffffffda RBX: 00007ffc88417b30 RCX: 0000000000446ffa [ 41.205981] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffc88417af0 [ 41.213239] RBP: 00007ffc88417af0 R08: 00007ffc88417b30 R09: 00007ffc00000015 [ 41.220554] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000008 [ 41.227824] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 41.236149] Kernel Offset: disabled [ 41.239772] Rebooting in 86400 seconds..