INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.242803] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 26.249931] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 26.257971] F2FS-fs (loop0): invalid crc value [ 26.263571] ================================================================== [ 26.270934] BUG: KASAN: use-after-free in build_segment_manager+0x962a/0x9d30 [ 26.278184] Read of size 4 at addr ffff8801c10c95d0 by task syzkaller253852/3788 [ 26.285697] [ 26.287351] CPU: 0 PID: 3788 Comm: syzkaller253852 Not tainted 4.9.94-g8683408 #1 [ 26.294943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.304274] ffff8801b5d2f870 ffffffff81eb0aa9 ffffea0007043240 ffff8801c10c95d0 [ 26.312300] 0000000000000000 ffff8801c10c95d0 ffff8801d957b300 ffff8801b5d2f8a8 [ 26.320283] ffffffff815652cb ffff8801c10c95d0 0000000000000004 0000000000000000 [ 26.328263] Call Trace: [ 26.330826] [] dump_stack+0xc1/0x128 [ 26.336162] [] print_address_description+0x6c/0x234 [ 26.342800] [] kasan_report.cold.6+0x242/0x2fe [ 26.349005] [] ? build_segment_manager+0x962a/0x9d30 [ 26.355736] [] __asan_report_load4_noabort+0x14/0x20 [ 26.362467] [] build_segment_manager+0x962a/0x9d30 [ 26.369034] [] ? flush_sit_entries+0x2560/0x2560 [ 26.375422] [] ? __raw_spin_lock_init+0x2d/0x100 [ 26.381810] [] f2fs_fill_super+0x1d10/0x5d00 [ 26.387846] [] ? vsnprintf+0x1a8/0x1840 [ 26.393446] [] ? vsprintf+0x40/0x40 [ 26.398703] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 26.404916] [] ? set_blocksize+0x267/0x300 [ 26.410778] [] ? set_bdev_super+0x150/0x150 [ 26.416720] [] mount_bdev+0x2c7/0x390 [ 26.422142] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 26.428345] [] f2fs_mount+0x34/0x40 [ 26.433594] [] mount_fs+0x28c/0x370 [ 26.438857] [] vfs_kern_mount.part.29+0xd1/0x3d0 [ 26.445240] [] ? ns_capable_common+0x12a/0x150 [ 26.451447] [] do_mount+0x3c9/0x2740 [ 26.456789] [] ? copy_mount_string+0x40/0x40 [ 26.462824] [] ? kasan_unpoison_shadow+0x35/0x50 [ 26.469198] [] ? kasan_kmalloc+0xc7/0xe0 [ 26.474882] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 26.481437] [] ? copy_mount_options+0x5f/0x320 [ 26.487657] [] ? copy_mount_options+0x1e5/0x320 [ 26.493953] [] SyS_mount+0xfe/0x110 [ 26.499216] [] ? copy_mnt_ns+0x8e0/0x8e0 [ 26.504905] [] do_syscall_64+0x1a6/0x490 [ 26.510589] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.517493] [ 26.519093] The buggy address belongs to the page: [ 26.524081] page:ffffea0007043240 count:0 mapcount:0 mapping: (null) index:0x1 [ 26.532306] flags: 0x8000000000000000() [ 26.536248] page dumped because: kasan: bad access detected [ 26.541924] [ 26.543522] Memory state around the buggy address: [ 26.548425] ffff8801c10c9480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.555759] ffff8801c10c9500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.563091] >ffff8801c10c9580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.570421] ^ [ 26.576362] ffff8801c10c9600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.583691] ffff8801c10c9680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.591028] ================================================================== [ 26.598357] Disabling lock debugging due to kernel taint [ 26.604186] Kernel panic - not syncing: panic_on_warn set ... [ 26.604186] [ 26.611531] CPU: 0 PID: 3788 Comm: syzkaller253852 Tainted: G B 4.9.94-g8683408 #1 [ 26.620350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.629682] ffff8801b5d2f7d0 ffffffff81eb0aa9 ffffffff841c4445 00000000ffffffff [ 26.637798] 0000000000000000 0000000000000000 ffff8801d957b300 ffff8801b5d2f890 [ 26.645785] ffffffff8141f845 0000000041b58ab3 ffffffff841b7b48 ffffffff8141f686 [ 26.653786] Call Trace: [ 26.656351] [] dump_stack+0xc1/0x128 [ 26.661863] [] panic+0x1bf/0x3bc [ 26.666875] [] ? add_taint.cold.6+0x16/0x16 [ 26.672827] [] ? ___preempt_schedule+0x16/0x18 [ 26.679119] [] kasan_end_report+0x47/0x4f [ 26.684892] [] kasan_report.cold.6+0x76/0x2fe [ 26.691012] [] ? build_segment_manager+0x962a/0x9d30 [ 26.697743] [] __asan_report_load4_noabort+0x14/0x20 [ 26.704472] [] build_segment_manager+0x962a/0x9d30 [ 26.711021] [] ? flush_sit_entries+0x2560/0x2560 [ 26.717420] [] ? __raw_spin_lock_init+0x2d/0x100 [ 26.723798] [] f2fs_fill_super+0x1d10/0x5d00 [ 26.729829] [] ? vsnprintf+0x1a8/0x1840 [ 26.735440] [] ? vsprintf+0x40/0x40 [ 26.740690] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 26.746901] [] ? set_blocksize+0x267/0x300 [ 26.752853] [] ? set_bdev_super+0x150/0x150 [ 26.758796] [] mount_bdev+0x2c7/0x390 [ 26.764219] [] ? f2fs_commit_super+0x3c0/0x3c0 [ 26.770436] [] f2fs_mount+0x34/0x40 [ 26.775690] [] mount_fs+0x28c/0x370 [ 26.780950] [] vfs_kern_mount.part.29+0xd1/0x3d0 [ 26.787330] [] ? ns_capable_common+0x12a/0x150 [ 26.793532] [] do_mount+0x3c9/0x2740 [ 26.798872] [] ? copy_mount_string+0x40/0x40 [ 26.804900] [] ? kasan_unpoison_shadow+0x35/0x50 [ 26.811277] [] ? kasan_kmalloc+0xc7/0xe0 [ 26.816973] [] ? kmem_cache_alloc_trace+0xfd/0x2b0 [ 26.823611] [] ? copy_mount_options+0x5f/0x320 [ 26.829820] [] ? copy_mount_options+0x1e5/0x320 [ 26.836111] [] SyS_mount+0xfe/0x110 [ 26.841362] [] ? copy_mnt_ns+0x8e0/0x8e0 [ 26.847308] [] do_syscall_64+0x1a6/0x490 [ 26.852994] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.860561] Dumping ftrace buffer: [ 26.864084] (ftrace buffer empty) [ 26.867768] Kernel Offset: disabled [ 26.871599] Rebooting in 86400 seconds..