[ 8.565301][ T22] audit: type=1107 audit(1601020334.889:7): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='avc: denied { status } for auid=n/a uid=0 gid=0 path="/lib/systemd/system/systemd-timesyncd.service" cmdline="systemctl try-restart systemd-timesyncd.service" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=service [ 8.565301][ T22] exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Starting Network Time Synchronization... [ OK ] Started Network Time Synchronization. [ OK ] Started Raise network interfaces. [ OK ] Reached target Network. Starting OpenBSD Secure Shell server... Starting Permit User Sessions... [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. Warning: Permanently added '10.128.0.164' (ECDSA) to the list of known hosts. executing program [* ] A start job is running for dev-ttyS0.device (8s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s)[ 17.453270][ T22] audit: type=1400 audit(1601020343.548:8): avc: denied { execmem } for pid=341 comm="syz-executor844" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 17.458183][ T341] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 17.482720][ T341] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 17.491150][ T341] F2FS-fs (loop0): Fix alignment : done, start(4096) end(147456) block(12288) [ 17.500717][ T341] F2FS-fs (loop0): invalid crc_offset: 0 [ 17.507312][ T341] ================================================================== [ 17.515359][ T341] BUG: KASAN: slab-out-of-bounds in f2fs_build_segment_manager+0x7ed0/0x88b0 [ 17.524117][ T341] Read of size 8 at addr ffff8881c5eab3e0 by task syz-executor844/341 [ 17.532228][ T341] [ 17.534525][ T341] CPU: 1 PID: 341 Comm: syz-executor844 Not tainted 5.4.65-syzkaller-00175-g63d1c2f0b547 #0 [ 17.544544][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 17.554660][ T341] Call Trace: [ 17.557931][ T341] dump_stack+0x1b0/0x21e [ 17.562237][ T341] ? show_regs_print_info+0x12/0x12 [ 17.567411][ T341] ? printk+0xc0/0x104 [ 17.571455][ T341] print_address_description+0x96/0x5d0 [ 17.576985][ T341] ? devkmsg_release+0x11c/0x11c [ 17.581899][ T341] ? ___slab_alloc+0x9b/0x450 [ 17.586546][ T341] __kasan_report+0x14b/0x1c0 [ 17.591200][ T341] ? f2fs_build_segment_manager+0x7ed0/0x88b0 [ 17.597234][ T341] kasan_report+0x27/0x50 [ 17.601534][ T341] f2fs_build_segment_manager+0x7ed0/0x88b0 [ 17.607429][ T341] ? f2fs_sanity_check_ckpt+0x1b3a/0x2100 [ 17.613116][ T341] ? f2fs_check_write_pointer+0x10/0x10 [ 17.618663][ T341] ? copy_page_from_iter+0x480/0x660 [ 17.623911][ T341] ? cpumask_next+0xc/0x20 [ 17.628292][ T341] f2fs_fill_super+0x691a/0x9a40 [ 17.633195][ T341] ? vsnprintf+0x1ba3/0x1c50 [ 17.637749][ T341] ? snprintf+0xc0/0x110 [ 17.641967][ T341] ? kill_f2fs_super+0x330/0x330 [ 17.646867][ T341] ? mount_bdev+0x340/0x340 [ 17.651347][ T341] mount_bdev+0x22d/0x340 [ 17.655641][ T341] ? kill_f2fs_super+0x330/0x330 [ 17.660564][ T341] legacy_get_tree+0xde/0x170 [ 17.665206][ T341] ? trace_raw_output_f2fs_fiemap+0x210/0x210 [ 17.671237][ T341] vfs_get_tree+0x85/0x260 [ 17.675618][ T341] do_mount+0x1883/0x2630 [ 17.679917][ T341] ? copy_mount_string+0x30/0x30 [ 17.684923][ T341] ? page_fault+0x2f/0x40 [ 17.689230][ T341] ? memset+0x1f/0x40 [ 17.693199][ T341] ? copy_mount_options+0x2c8/0x320 [ 17.693205][ T341] ksys_mount+0xc2/0xf0 [ 17.693216][ T341] __x64_sys_mount+0xb1/0xc0 [ 17.707087][ T341] do_syscall_64+0xcb/0x150 [ 17.711607][ T341] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 17.717474][ T341] RIP: 0033:0x446ffa [ 17.721411][ T341] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 17.741004][ T341] RSP: 002b:00007ffc8d626778 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 17.749397][ T341] RAX: ffffffffffffffda RBX: 00007ffc8d6267d0 RCX: 0000000000446ffa [ 17.757348][ T341] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffc8d626790 [ 17.765303][ T341] RBP: 00007ffc8d626790 R08: 00007ffc8d6267d0 R09: 00007ffc00000015 [ 17.773515][ T341] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000008 [ 17.781477][ T341] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 17.789439][ T341] [ 17.791933][ T341] Allocated by task 341: [ 17.796156][ T341] __kasan_kmalloc+0x117/0x1b0 [ *[ 17.800907][ T341] __kmalloc+0xf7/0x2c0 [ 17.806419][ T341] kvmalloc_node+0xc2/0x120 *[[ 17.810899][ T341] f2fs_build_segment_manager+0xd5f/0x88b0 [ 17.818061][ T341] f2fs_fill_super+0x691a/0x9a40 [ 17.822989][ T341] mount_bdev+0x22d/0x340 [ 17.827298][ T341] legacy_get_tree+0xde/0x170 0;31m*] A st[ 17.831948][ T341] vfs_get_tree+0x85/0x260 [ 17.837724][ T341] do_mount+0x1883/0x2630 art job is runni[ 17.842046][ T341] ksys_mount+0xc2/0xf0 [ 17.847558][ T341] __x64_sys_mount+0xb1/0xc0 ng for dev-ttyS0[ 17.852298][ T341] do_syscall_64+0xcb/0x150 [ 17.858159][ T341] entry_SYSCALL_64_after_hwframe+0x44/0xa9 .device (11s / 1[ 17.864030][ T341] [ 17.867734][ T341] Freed by task 0: [ 17.871438][ T341] (stack is not available) [ 17.875825][ T341] [ 17.878140][ T341] The buggy address belongs to the object at ffff8881c5eab000 [ 17.878140][ T341] which belongs to the cache kmalloc-1k of size 1024 min 30s)[ 17.892168][ T341] The buggy address is located 992 bytes inside of [ 17.892168][ T341] 1024-byte region [ffff8881c5eab000, ffff8881c5eab400) [ 17.906184][ T341] The buggy address belongs to the page: [ 17.911790][ T341] page:ffffea000717aa00 refcount:1 mapcount:0 mapping:ffff8881da802280 index:0x0 compound_mapcount: 0 [ 17.922695][ T341] flags: 0x8000000000010200(slab|head) [ 17.928127][ T341] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da802280 [ 17.936684][ T341] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 17.945229][ T341] page dumped because: kasan: bad access detected [ 17.951608][ T341] [ 17.953903][ T341] Memory state around the buggy address: [ 17.959509][ T341] ffff8881c5eab280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.967534][ T341] ffff8881c5eab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.975573][ T341] >ffff8881c5eab380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 17.983597][ T341] ^ [ 17.990859][ T341] ffff8881c5eab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.998882][ T341] ffff8881c5eab480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.006919][ T341] ================================================================== [ 18.014941][ T341] Disabling lock debugging due to kernel taint [ 18.041908][ T341] F2FS-fs (loop0): inconsistent node block, nid:3, node_footer[nid:0,ino:0,ofs:0,cpver:0,blkaddr:0] [ 18.052724][ T341] F2FS-fs (loop0): Failed to read root inode