Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.72' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.596660] F2FS-fs (loop0): invalid crc value [ 32.604943] ================================================================== [ 32.612381] BUG: KASAN: slab-out-of-bounds in f2fs_build_segment_manager+0xa926/0xad90 [ 32.620432] Read of size 4 at addr ffff88809c700068 by task syz-executor241/8076 [ 32.628045] [ 32.629677] CPU: 0 PID: 8076 Comm: syz-executor241 Not tainted 4.19.211-syzkaller #0 [ 32.637555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.646907] Call Trace: [ 32.649489] dump_stack+0x1fc/0x2ef [ 32.653100] print_address_description.cold+0x54/0x219 [ 32.658374] kasan_report_error.cold+0x8a/0x1b9 [ 32.663047] ? f2fs_build_segment_manager+0xa926/0xad90 [ 32.668402] __asan_report_load4_noabort+0x88/0x90 [ 32.673319] ? f2fs_build_segment_manager+0xa926/0xad90 [ 32.678723] f2fs_build_segment_manager+0xa926/0xad90 [ 32.683923] ? f2fs_flush_sit_entries+0x33a0/0x33a0 [ 32.688927] ? map_id_range_down+0x1c4/0x340 [ 32.693323] ? __cpuusage_read+0x160/0x1f0 [ 32.697540] ? __lockdep_init_map+0x100/0x5a0 [ 32.702022] f2fs_fill_super+0x31d9/0x7050 [ 32.706259] ? snprintf+0xbb/0xf0 [ 32.709691] ? f2fs_commit_super+0x400/0x400 [ 32.714078] ? set_blocksize+0x163/0x3f0 [ 32.718120] mount_bdev+0x2fc/0x3b0 [ 32.721723] ? f2fs_commit_super+0x400/0x400 [ 32.726113] mount_fs+0xa3/0x310 [ 32.729525] vfs_kern_mount.part.0+0x68/0x470 [ 32.734001] do_mount+0x115c/0x2f50 [ 32.737616] ? lock_acquire+0x170/0x3c0 [ 32.741573] ? check_preemption_disabled+0x41/0x280 [ 32.746570] ? copy_mount_string+0x40/0x40 [ 32.750835] ? copy_mount_options+0x59/0x380 [ 32.755235] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 32.760238] ? kmem_cache_alloc_trace+0x323/0x380 [ 32.765066] ? copy_mount_options+0x26f/0x380 [ 32.769540] ksys_mount+0xcf/0x130 [ 32.773061] __x64_sys_mount+0xba/0x150 [ 32.777016] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 32.781576] do_syscall_64+0xf9/0x620 [ 32.785360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.790527] RIP: 0033:0x7f84913adefa [ 32.794222] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.813099] RSP: 002b:00007fff86b22c78 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 32.820794] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f84913adefa [ 32.828041] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff86b22c90 [ 32.835289] RBP: 00007fff86b22c90 R08: 00007fff86b22cd0 R09: 00005555567302c0 [ 32.842536] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 32.849783] R13: 00007fff86b22cd0 R14: 0000000000000027 R15: 00000000200005a8 [ 32.857037] [ 32.858641] Allocated by task 8076: [ 32.862251] __kmalloc_node+0x4c/0x70 [ 32.866031] kvmalloc_node+0x61/0xf0 [ 32.869722] f2fs_build_segment_manager+0x213d/0xad90 [ 32.874889] f2fs_fill_super+0x31d9/0x7050 [ 32.879102] mount_bdev+0x2fc/0x3b0 [ 32.882705] mount_fs+0xa3/0x310 [ 32.886050] vfs_kern_mount.part.0+0x68/0x470 [ 32.890520] do_mount+0x115c/0x2f50 [ 32.894126] ksys_mount+0xcf/0x130 [ 32.897642] __x64_sys_mount+0xba/0x150 [ 32.901593] do_syscall_64+0xf9/0x620 [ 32.905373] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.910537] [ 32.912143] Freed by task 18: [ 32.915235] kfree+0xcc/0x210 [ 32.918327] rcu_process_callbacks+0xa0d/0x18b0 [ 32.922973] __do_softirq+0x265/0x980 [ 32.926745] [ 32.928352] The buggy address belongs to the object at ffff88809c700000 [ 32.928352] which belongs to the cache kmalloc-128 of size 128 [ 32.940986] The buggy address is located 104 bytes inside of [ 32.940986] 128-byte region [ffff88809c700000, ffff88809c700080) [ 32.952831] The buggy address belongs to the page: [ 32.957738] page:ffffea000271c000 count:1 mapcount:0 mapping:ffff88813bff0640 index:0xffff88809c700480 [ 32.967156] flags: 0xfff00000000100(slab) [ 32.971306] raw: 00fff00000000100 ffffea0002a94948 ffffea0002d37e48 ffff88813bff0640 [ 32.979165] raw: ffff88809c700480 ffff88809c700000 0000000100000011 0000000000000000 [ 32.987017] page dumped because: kasan: bad access detected [ 32.992699] [ 32.994300] Memory state around the buggy address: [ 32.999208] ffff88809c6fff00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 33.006546] ffff88809c6fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.013881] >ffff88809c700000: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 33.021213] ^ [ 33.027941] ffff88809c700080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 33.035273] ffff88809c700100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 33.042602] ================================================================== [ 33.049936] Disabling lock debugging due to kernel taint [ 33.055709] Kernel panic - not syncing: panic_on_warn set ... [ 33.055709] [ 33.063075] CPU: 0 PID: 8076 Comm: syz-executor241 Tainted: G B 4.19.211-syzkaller #0 [ 33.072347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.081696] Call Trace: [ 33.084284] dump_stack+0x1fc/0x2ef [ 33.087947] panic+0x26a/0x50e [ 33.091119] ? __warn_printk+0xf3/0xf3 [ 33.094992] ? preempt_schedule_common+0x45/0xc0 [ 33.099732] ? ___preempt_schedule+0x16/0x18 [ 33.104120] ? trace_hardirqs_on+0x55/0x210 [ 33.108421] kasan_end_report+0x43/0x49 [ 33.112371] kasan_report_error.cold+0xa7/0x1b9 [ 33.117030] ? f2fs_build_segment_manager+0xa926/0xad90 [ 33.122381] __asan_report_load4_noabort+0x88/0x90 [ 33.127293] ? f2fs_build_segment_manager+0xa926/0xad90 [ 33.132645] f2fs_build_segment_manager+0xa926/0xad90 [ 33.137823] ? f2fs_flush_sit_entries+0x33a0/0x33a0 [ 33.142829] ? map_id_range_down+0x1c4/0x340 [ 33.147321] ? __cpuusage_read+0x160/0x1f0 [ 33.151549] ? __lockdep_init_map+0x100/0x5a0 [ 33.156031] f2fs_fill_super+0x31d9/0x7050 [ 33.160268] ? snprintf+0xbb/0xf0 [ 33.163725] ? f2fs_commit_super+0x400/0x400 [ 33.168122] ? set_blocksize+0x163/0x3f0 [ 33.172164] mount_bdev+0x2fc/0x3b0 [ 33.175770] ? f2fs_commit_super+0x400/0x400 [ 33.180158] mount_fs+0xa3/0x310 [ 33.183506] vfs_kern_mount.part.0+0x68/0x470 [ 33.187981] do_mount+0x115c/0x2f50 [ 33.191585] ? lock_acquire+0x170/0x3c0 [ 33.195550] ? check_preemption_disabled+0x41/0x280 [ 33.200557] ? copy_mount_string+0x40/0x40 [ 33.204777] ? copy_mount_options+0x59/0x380 [ 33.209180] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 33.214185] ? kmem_cache_alloc_trace+0x323/0x380 [ 33.219015] ? copy_mount_options+0x26f/0x380 [ 33.223494] ksys_mount+0xcf/0x130 [ 33.227024] __x64_sys_mount+0xba/0x150 [ 33.230980] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 33.235549] do_syscall_64+0xf9/0x620 [ 33.239341] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.244515] RIP: 0033:0x7f84913adefa [ 33.248215] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.267095] RSP: 002b:00007fff86b22c78 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 33.274788] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f84913adefa [ 33.282042] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff86b22c90 [ 33.289290] RBP: 00007fff86b22c90 R08: 00007fff86b22cd0 R09: 00005555567302c0 [ 33.296537] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004 [ 33.303795] R13: 00007fff86b22cd0 R14: 0000000000000027 R15: 00000000200005a8 [ 33.311132] Kernel Offset: disabled [ 33.314740] Rebooting in 86400 seconds..