Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.005573] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 37.013695] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.022242] F2FS-fs (loop0): invalid crc value [ 37.028806] ================================================================== [ 37.036268] BUG: KASAN: use-after-free in build_segment_manager+0xb92d/0xbf70 [ 37.043552] Read of size 4 at addr ffff8801acc556c0 by task syzkaller118486/4540 [ 37.051075] [ 37.052707] CPU: 1 PID: 4540 Comm: syzkaller118486 Not tainted 4.17.0-rc1+ #9 [ 37.059979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.069335] Call Trace: [ 37.071939] dump_stack+0x1b9/0x294 [ 37.075581] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.080780] ? printk+0x9e/0xba [ 37.084070] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.088840] ? kasan_check_write+0x14/0x20 [ 37.093086] print_address_description+0x6c/0x20b [ 37.097938] ? build_segment_manager+0xb92d/0xbf70 [ 37.102876] kasan_report.cold.7+0x242/0x2fe [ 37.107300] __asan_report_load4_noabort+0x14/0x20 [ 37.112249] build_segment_manager+0xb92d/0xbf70 [ 37.117023] ? flush_sit_entries+0x2c40/0x2c40 [ 37.121618] ? vprintk_emit+0x3e5/0xdd0 [ 37.125609] ? console_unlock+0x1100/0x1100 [ 37.129918] ? lock_downgrade+0x8e0/0x8e0 [ 37.134053] ? mark_held_locks+0xc9/0x160 [ 37.138188] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 37.142759] ? vprintk_default+0x28/0x30 [ 37.146812] ? vprintk_func+0x81/0xe7 [ 37.150618] ? printk+0x9e/0xba [ 37.153886] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.158631] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.164157] ? f2fs_msg+0x11e/0x170 [ 37.167767] ? f2fs_quota_read+0x1030/0x1030 [ 37.172160] ? crc32_pclmul_le+0x49/0x120 [ 37.176304] ? __asan_allocas_unpoison+0x16/0x20 [ 37.181045] ? crypto_shash_update+0x10b/0x2a0 [ 37.185618] ? get_checkpoint_version+0x351/0x5d0 [ 37.190469] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.195992] ? unlock_page+0x1d0/0x2b0 [ 37.199965] ? wake_up_page_bit+0x580/0x580 [ 37.204281] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.209804] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 37.214987] ? modules_open+0xa0/0xa0 [ 37.218773] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 37.223965] ? lock_downgrade+0x8e0/0x8e0 [ 37.228106] ? noop_count+0x40/0x40 [ 37.231737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.237490] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 37.242230] ? modules_open+0xa0/0xa0 [ 37.246014] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 37.251299] ? kernel_text_address+0x79/0xf0 [ 37.255690] ? is_bpf_text_address+0xae/0x170 [ 37.260177] ? lock_downgrade+0x8e0/0x8e0 [ 37.264308] ? lock_release+0xa10/0xa10 [ 37.268270] ? kasan_check_read+0x11/0x20 [ 37.272404] ? rcu_is_watching+0x85/0x140 [ 37.276535] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 37.281712] ? is_bpf_text_address+0xd7/0x170 [ 37.286190] ? kernel_text_address+0x79/0xf0 [ 37.290584] ? __unwind_start+0x166/0x330 [ 37.294722] ? __kernel_text_address+0xd/0x40 [ 37.299202] ? unwind_get_return_address+0x61/0xa0 [ 37.304232] ? __save_stack_trace+0x7e/0xd0 [ 37.308543] ? add_lock_to_list.isra.29+0x1e4/0x490 [ 37.313729] ? trace_hardirqs_off+0x10/0x10 [ 37.318041] ? save_stack_trace+0x1a/0x20 [ 37.322176] ? save_trace+0xe0/0x290 [ 37.325876] ? kasan_check_read+0x11/0x20 [ 37.330130] ? __lock_acquire+0x28fb/0x5140 [ 37.334456] ? debug_check_no_locks_freed+0x310/0x310 [ 37.339985] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 37.344569] ? kasan_check_read+0x11/0x20 [ 37.348709] ? mark_held_locks+0xc9/0x160 [ 37.352854] ? print_usage_bug+0xc0/0xc0 [ 37.356920] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.362625] ? __lockdep_init_map+0x105/0x590 [ 37.367162] ? lockdep_init_map+0x9/0x10 [ 37.371226] ? __mutex_init+0x1ef/0x280 [ 37.375203] ? print_usage_bug+0xc0/0xc0 [ 37.379250] ? mark_held_locks+0xc9/0x160 [ 37.383385] ? __raw_spin_lock_init+0x1c/0x100 [ 37.387958] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.392965] ? __lockdep_init_map+0x105/0x590 [ 37.397450] ? lockdep_init_map+0x9/0x10 [ 37.401497] ? mark_held_locks+0xc9/0x160 [ 37.405627] ? f2fs_update_extent_cache_range+0x1d0/0x1d0 [ 37.411151] ? __raw_spin_lock_init+0x1c/0x100 [ 37.415726] ? __lockdep_init_map+0x105/0x590 [ 37.420207] ? lockdep_init_map+0x9/0x10 [ 37.424270] ? __raw_spin_lock_init+0x2d/0x100 [ 37.428853] f2fs_fill_super+0x4095/0x7bf0 [ 37.433108] ? f2fs_commit_super+0x400/0x400 [ 37.437512] ? lock_downgrade+0x8e0/0x8e0 [ 37.441658] ? lock_release+0xa10/0xa10 [ 37.445636] ? check_same_owner+0x320/0x320 [ 37.449972] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 37.455005] ? widen_string+0xd8/0x2d0 [ 37.458888] ? rcu_note_context_switch+0x710/0x710 [ 37.463844] ? format_decode+0xae0/0xae0 [ 37.468418] ? graph_lock+0x170/0x170 [ 37.472230] ? widen_string+0x2d0/0x2d0 [ 37.476214] ? sget_userns+0x2dd/0xf20 [ 37.480106] ? find_held_lock+0x13f/0x1c0 [ 37.484265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.489818] ? bdev_name.isra.7+0x1a1/0x1f0 [ 37.494145] ? pointer+0x1b0/0xa20 [ 37.497687] ? netdev_bits+0xb0/0xb0 [ 37.501401] ? format_decode+0x1a9/0xae0 [ 37.505475] ? set_precision+0xe0/0xe0 [ 37.509392] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 37.514620] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.520150] ? vsnprintf+0x242/0x1b40 [ 37.523943] ? pointer+0xa20/0xa20 [ 37.527490] ? snprintf+0xa5/0xd0 [ 37.531107] ? vsprintf+0x40/0x40 [ 37.534557] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 37.539672] ? set_blocksize+0x2c4/0x350 [ 37.543756] mount_bdev+0x30c/0x3e0 [ 37.547417] ? f2fs_commit_super+0x400/0x400 [ 37.551851] ? mount_bdev+0x30c/0x3e0 [ 37.555662] ? f2fs_commit_super+0x400/0x400 [ 37.560064] f2fs_mount+0x34/0x40 [ 37.563530] mount_fs+0xae/0x328 [ 37.566903] vfs_kern_mount.part.34+0xd4/0x4d0 [ 37.571584] ? may_umount+0xb0/0xb0 [ 37.575242] ? _raw_read_unlock+0x22/0x30 [ 37.579406] ? __get_fs_type+0x97/0xc0 [ 37.583326] do_mount+0x564/0x3070 [ 37.586879] ? copy_mount_string+0x40/0x40 [ 37.591102] ? rcu_pm_notify+0xc0/0xc0 [ 37.595002] ? copy_mount_options+0x5f/0x380 [ 37.599396] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.604562] ? kmem_cache_alloc_trace+0x616/0x780 [ 37.610010] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.615543] ? _copy_from_user+0xdf/0x150 [ 37.619693] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.625210] ? copy_mount_options+0x285/0x380 [ 37.629691] ksys_mount+0x12d/0x140 [ 37.633307] __x64_sys_mount+0xbe/0x150 [ 37.637270] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.642271] do_syscall_64+0x1b1/0x800 [ 37.646318] ? syscall_return_slowpath+0x5c0/0x5c0 [ 37.651238] ? syscall_return_slowpath+0x30f/0x5c0 [ 37.656551] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 37.661904] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.666739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.671923] RIP: 0033:0x443c9a [ 37.675098] RSP: 002b:00007ffd1f003538 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 37.682805] RAX: ffffffffffffffda RBX: 0000000020000b70 RCX: 0000000000443c9a [ 37.690077] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd1f003540 [ 37.697332] RBP: 0000000000000003 R08: 0000000020016600 R09: 000000000000000a [ 37.705567] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000004 [ 37.712834] R13: 0000000000402b90 R14: 0000000000000000 R15: 0000000000000000 [ 37.720096] [ 37.721704] The buggy address belongs to the page: [ 37.726627] page:ffffea0006b31540 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 37.734753] flags: 0x2fffc0000000000() [ 37.738639] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 37.746501] raw: 0000000000000000 ffffea0006b30101 0000000000000000 0000000000000000 [ 37.754364] page dumped because: kasan: bad access detected [ 37.760050] [ 37.761656] Memory state around the buggy address: [ 37.766572] ffff8801acc55580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.773926] ffff8801acc55600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.781276] >ffff8801acc55680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.788618] ^ [ 37.794050] ffff8801acc55700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.801397] ffff8801acc55780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.808737] ================================================================== [ 37.816089] Disabling lock debugging due to kernel taint [ 37.821751] Kernel panic - not syncing: panic_on_warn set ... [ 37.821751] [ 37.829117] CPU: 1 PID: 4540 Comm: syzkaller118486 Tainted: G B 4.17.0-rc1+ #9 [ 37.837781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.847450] Call Trace: [ 37.850031] dump_stack+0x1b9/0x294 [ 37.853687] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.858859] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.863605] ? build_segment_manager+0xb850/0xbf70 [ 37.868525] panic+0x22f/0x4de [ 37.871699] ? add_taint.cold.5+0x16/0x16 [ 37.875839] ? do_raw_spin_unlock+0x9e/0x2e0 [ 37.880229] ? do_raw_spin_unlock+0x9e/0x2e0 [ 37.884617] ? build_segment_manager+0xb92d/0xbf70 [ 37.889526] kasan_end_report+0x47/0x4f [ 37.893476] kasan_report.cold.7+0x76/0x2fe [ 37.897790] __asan_report_load4_noabort+0x14/0x20 [ 37.902697] build_segment_manager+0xb92d/0xbf70 [ 37.907435] ? flush_sit_entries+0x2c40/0x2c40 [ 37.911996] ? vprintk_emit+0x3e5/0xdd0 [ 37.915948] ? console_unlock+0x1100/0x1100 [ 37.920252] ? lock_downgrade+0x8e0/0x8e0 [ 37.924398] ? mark_held_locks+0xc9/0x160 [ 37.928527] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 37.933091] ? vprintk_default+0x28/0x30 [ 37.937134] ? vprintk_func+0x81/0xe7 [ 37.940916] ? printk+0x9e/0xba [ 37.944177] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.948928] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.954449] ? f2fs_msg+0x11e/0x170 [ 37.958228] ? f2fs_quota_read+0x1030/0x1030 [ 37.962629] ? crc32_pclmul_le+0x49/0x120 [ 37.966777] ? __asan_allocas_unpoison+0x16/0x20 [ 37.971516] ? crypto_shash_update+0x10b/0x2a0 [ 37.976087] ? get_checkpoint_version+0x351/0x5d0 [ 37.980908] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.986426] ? unlock_page+0x1d0/0x2b0 [ 37.990297] ? wake_up_page_bit+0x580/0x580 [ 37.994601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.000119] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 38.004856] ? modules_open+0xa0/0xa0 [ 38.008637] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 38.013807] ? lock_downgrade+0x8e0/0x8e0 [ 38.017935] ? noop_count+0x40/0x40 [ 38.021552] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.027075] ? bpf_prog_kallsyms_find+0xd6/0x4a0 [ 38.031809] ? modules_open+0xa0/0xa0 [ 38.038288] ? __bpf_trace_bpf_map_next_key+0x40/0x40 [ 38.043458] ? kernel_text_address+0x79/0xf0 [ 38.047846] ? is_bpf_text_address+0xae/0x170 [ 38.052322] ? lock_downgrade+0x8e0/0x8e0 [ 38.056452] ? lock_release+0xa10/0xa10 [ 38.060405] ? kasan_check_read+0x11/0x20 [ 38.064532] ? rcu_is_watching+0x85/0x140 [ 38.068660] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 38.073834] ? is_bpf_text_address+0xd7/0x170 [ 38.078318] ? kernel_text_address+0x79/0xf0 [ 38.082718] ? __unwind_start+0x166/0x330 [ 38.086843] ? __kernel_text_address+0xd/0x40 [ 38.091318] ? unwind_get_return_address+0x61/0xa0 [ 38.096227] ? __save_stack_trace+0x7e/0xd0 [ 38.100534] ? add_lock_to_list.isra.29+0x1e4/0x490 [ 38.105532] ? trace_hardirqs_off+0x10/0x10 [ 38.109835] ? save_stack_trace+0x1a/0x20 [ 38.113978] ? save_trace+0xe0/0x290 [ 38.117678] ? kasan_check_read+0x11/0x20 [ 38.121815] ? __lock_acquire+0x28fb/0x5140 [ 38.126123] ? debug_check_no_locks_freed+0x310/0x310 [ 38.131592] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 38.136379] ? kasan_check_read+0x11/0x20 [ 38.140545] ? mark_held_locks+0xc9/0x160 [ 38.144682] ? print_usage_bug+0xc0/0xc0 [ 38.148728] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.153723] ? __lockdep_init_map+0x105/0x590 [ 38.158201] ? lockdep_init_map+0x9/0x10 [ 38.162242] ? __mutex_init+0x1ef/0x280 [ 38.166197] ? print_usage_bug+0xc0/0xc0 [ 38.170244] ? mark_held_locks+0xc9/0x160 [ 38.174375] ? __raw_spin_lock_init+0x1c/0x100 [ 38.178937] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.183933] ? __lockdep_init_map+0x105/0x590 [ 38.188421] ? lockdep_init_map+0x9/0x10 [ 38.192462] ? mark_held_locks+0xc9/0x160 [ 38.196597] ? f2fs_update_extent_cache_range+0x1d0/0x1d0 [ 38.202126] ? __raw_spin_lock_init+0x1c/0x100 [ 38.206689] ? __lockdep_init_map+0x105/0x590 [ 38.211164] ? lockdep_init_map+0x9/0x10 [ 38.215204] ? __raw_spin_lock_init+0x2d/0x100 [ 38.219868] f2fs_fill_super+0x4095/0x7bf0 [ 38.224099] ? f2fs_commit_super+0x400/0x400 [ 38.228506] ? lock_downgrade+0x8e0/0x8e0 [ 38.232637] ? lock_release+0xa10/0xa10 [ 38.236604] ? check_same_owner+0x320/0x320 [ 38.240914] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 38.245910] ? widen_string+0xd8/0x2d0 [ 38.249785] ? rcu_note_context_switch+0x710/0x710 [ 38.254694] ? format_decode+0xae0/0xae0 [ 38.258733] ? graph_lock+0x170/0x170 [ 38.262514] ? widen_string+0x2d0/0x2d0 [ 38.266465] ? sget_userns+0x2dd/0xf20 [ 38.270333] ? find_held_lock+0x13f/0x1c0 [ 38.274476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.279997] ? bdev_name.isra.7+0x1a1/0x1f0 [ 38.284300] ? pointer+0x1b0/0xa20 [ 38.287819] ? netdev_bits+0xb0/0xb0 [ 38.291513] ? format_decode+0x1a9/0xae0 [ 38.295561] ? set_precision+0xe0/0xe0 [ 38.299436] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 38.304610] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.310131] ? vsnprintf+0x242/0x1b40 [ 38.313921] ? pointer+0xa20/0xa20 [ 38.317443] ? snprintf+0xa5/0xd0 [ 38.320875] ? vsprintf+0x40/0x40 [ 38.324496] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 38.329499] ? set_blocksize+0x2c4/0x350 [ 38.333639] mount_bdev+0x30c/0x3e0 [ 38.337252] ? f2fs_commit_super+0x400/0x400 [ 38.341651] ? mount_bdev+0x30c/0x3e0 [ 38.345433] ? f2fs_commit_super+0x400/0x400 [ 38.349831] f2fs_mount+0x34/0x40 [ 38.353275] mount_fs+0xae/0x328 [ 38.356624] vfs_kern_mount.part.34+0xd4/0x4d0 [ 38.361201] ? may_umount+0xb0/0xb0 [ 38.364810] ? _raw_read_unlock+0x22/0x30 [ 38.368935] ? __get_fs_type+0x97/0xc0 [ 38.372800] do_mount+0x564/0x3070 [ 38.376318] ? copy_mount_string+0x40/0x40 [ 38.380537] ? rcu_pm_notify+0xc0/0xc0 [ 38.384412] ? copy_mount_options+0x5f/0x380 [ 38.388799] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.393816] ? kmem_cache_alloc_trace+0x616/0x780 [ 38.398641] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.404158] ? _copy_from_user+0xdf/0x150 [ 38.408287] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.413802] ? copy_mount_options+0x285/0x380 [ 38.418276] ksys_mount+0x12d/0x140 [ 38.421885] __x64_sys_mount+0xbe/0x150 [ 38.425838] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.430842] do_syscall_64+0x1b1/0x800 [ 38.434711] ? syscall_return_slowpath+0x5c0/0x5c0 [ 38.439635] ? syscall_return_slowpath+0x30f/0x5c0 [ 38.444547] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 38.449895] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.454721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.459898] RIP: 0033:0x443c9a [ 38.463070] RSP: 002b:00007ffd1f003538 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 38.470757] RAX: ffffffffffffffda RBX: 0000000020000b70 RCX: 0000000000443c9a [ 38.478294] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd1f003540 [ 38.485541] RBP: 0000000000000003 R08: 0000000020016600 R09: 000000000000000a [ 38.492788] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000004 [ 38.500035] R13: 0000000000402b90 R14: 0000000000000000 R15: 0000000000000000 [ 38.507695] Dumping ftrace buffer: [ 38.511211] (ftrace buffer empty) [ 38.514897] Kernel Offset: disabled [ 38.518504] Rebooting in 86400 seconds..