INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.050152] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 26.057310] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 26.065376] F2FS-fs (loop0): invalid crc value [ 26.071365] ================================================================== [ 26.078735] BUG: KASAN: use-after-free in build_segment_manager+0x962a/0x9d30 [ 26.085986] Read of size 4 at addr ffff8801b9ccaa00 by task syzkaller040100/3802 [ 26.093491] [ 26.095096] CPU: 0 PID: 3802 Comm: syzkaller040100 Not tainted 4.9.95-g13cc540 #2 [ 26.102773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.112101] ffff8801bd2c7870 ffffffff81eb0ba9 ffffea0006e73280 ffff8801b9ccaa00 [ 26.120081] 0000000000000000 ffff8801b9ccaa00 ffff8801b5b4a200 ffff8801bd2c78a8 [ 26.128076] ffffffff815653cb ffff8801b9ccaa00 0000000000000004 0000000000000000 [ 26.136072] Call Trace: [ 26.138637] [] dump_stack+0xc1/0x128 [ 26.143976] [] print_address_description+0x6c/0x234 [ 26.150613] [] kasan_report.cold.6+0x242/0x2fe [ 26.156819] [] ? build_segment_manager+0x962a/0x9d30 [ 26.163545] [] __asan_report_load4_noabort+0x14/0x20 [ 26.170271] [] build_segment_manager+0x962a/0x9d30 [ 26.176835] [] ? flush_sit_entries+0x2560/0x2560 [ 26.183216] [] ? __raw_spin_lock_init+0x2d/0x100 [ 26.189606] [] f2fs_fill_super+0x1d10/0x5d00 [ 26.195642] [] ? vsnprintf+0x1a8/0x1840 [ 26.201250] [] ? vsprintf+0x40/0x40 [ 26.206502] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 26.212716] [] ? set_blocksize+0x267/0x300 [ 26.218574] [] ? set_bdev_super+0x150/0x150 [ 26.224519] [] mount_bdev+0x2c7/0x390 [ 26.229942] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 26.236150] [] f2fs_mount+0x34/0x40 [ 26.241399] [] mount_fs+0x28c/0x370 [ 26.246673] [] vfs_kern_mount.part.29+0xd1/0x3d0 [ 26.253054] [] ? ns_capable_common+0x12a/0x150 [ 26.259260] [] do_mount+0x3c9/0x2740 [ 26.264601] [] ? copy_mount_string+0x40/0x40 [ 26.270708] [] ? kasan_unpoison_shadow+0x35/0x50 [ 26.277085] [] ? kasan_kmalloc+0xc7/0xe0 [ 26.282768] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 26.289321] [] ? copy_mount_options+0x5f/0x320 [ 26.295527] [] ? copy_mount_options+0x1e5/0x320 [ 26.301818] [] SyS_mount+0xfe/0x110 [ 26.307071] [] ? copy_mnt_ns+0x8e0/0x8e0 [ 26.312754] [] do_syscall_64+0x1a6/0x490 [ 26.318441] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.325339] [ 26.326940] The buggy address belongs to the page: [ 26.331842] page:ffffea0006e73280 count:0 mapcount:0 mapping: (null) index:0x1 [ 26.340077] flags: 0x8000000000000000() [ 26.344022] page dumped because: kasan: bad access detected [ 26.349700] [ 26.351300] Memory state around the buggy address: [ 26.356202] ffff8801b9cca900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.363537] ffff8801b9cca980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.370869] >ffff8801b9ccaa00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.378199] ^ [ 26.381539] ffff8801b9ccaa80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.388871] ffff8801b9ccab00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.396202] ================================================================== [ 26.403532] Disabling lock debugging due to kernel taint [ 26.409456] Kernel panic - not syncing: panic_on_warn set ... [ 26.409456] [ 26.416817] CPU: 0 PID: 3802 Comm: syzkaller040100 Tainted: G B 4.9.95-g13cc540 #2 [ 26.425627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.434958] ffff8801bd2c77d0 ffffffff81eb0ba9 ffffffff841c4485 00000000ffffffff [ 26.442953] 0000000000000000 0000000000000000 ffff8801b5b4a200 ffff8801bd2c7890 [ 26.450936] ffffffff8141f945 0000000041b58ab3 ffffffff841b7b88 ffffffff8141f786 [ 26.458924] Call Trace: [ 26.461491] [] dump_stack+0xc1/0x128 [ 26.466831] [] panic+0x1bf/0x3bc [ 26.471829] [] ? add_taint.cold.6+0x16/0x16 [ 26.477776] [] ? ___preempt_schedule+0x16/0x18 [ 26.483985] [] kasan_end_report+0x47/0x4f [ 26.489771] [] kasan_report.cold.6+0x76/0x2fe [ 26.495894] [] ? build_segment_manager+0x962a/0x9d30 [ 26.502620] [] __asan_report_load4_noabort+0x14/0x20 [ 26.509348] [] build_segment_manager+0x962a/0x9d30 [ 26.515902] [] ? flush_sit_entries+0x2560/0x2560 [ 26.522285] [] ? __raw_spin_lock_init+0x2d/0x100 [ 26.528668] [] f2fs_fill_super+0x1d10/0x5d00 [ 26.534703] [] ? vsnprintf+0x1a8/0x1840 [ 26.540301] [] ? vsprintf+0x40/0x40 [ 26.545553] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 26.551761] [] ? set_blocksize+0x267/0x300 [ 26.557623] [] ? set_bdev_super+0x150/0x150 [ 26.563570] [] mount_bdev+0x2c7/0x390 [ 26.568995] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 26.575203] [] f2fs_mount+0x34/0x40 [ 26.580456] [] mount_fs+0x28c/0x370 [ 26.585721] [] vfs_kern_mount.part.29+0xd1/0x3d0 [ 26.592104] [] ? ns_capable_common+0x12a/0x150 [ 26.598309] [] do_mount+0x3c9/0x2740 [ 26.603649] [] ? copy_mount_string+0x40/0x40 [ 26.609684] [] ? kasan_unpoison_shadow+0x35/0x50 [ 26.616063] [] ? kasan_kmalloc+0xc7/0xe0 [ 26.621747] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 26.628303] [] ? copy_mount_options+0x5f/0x320 [ 26.634513] [] ? copy_mount_options+0x1e5/0x320 [ 26.640807] [] SyS_mount+0xfe/0x110 [ 26.646063] [] ? copy_mnt_ns+0x8e0/0x8e0 [ 26.651751] [] do_syscall_64+0x1a6/0x490 [ 26.657439] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.664900] Dumping ftrace buffer: [ 26.668419] (ftrace buffer empty) [ 26.672112] Kernel Offset: disabled [ 26.675713] Rebooting in 86400 seconds..