[  OK  ] Started Getty on tty2.
[  OK  ] Started Getty on tty1.
[  OK  ] Started Serial Getty on ttyS0.
[  OK  ] Reached target Login Prompts.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[  OK  ] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.200' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   29.505292] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   29.512806] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   29.516413] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   29.532836] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   29.542146] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[   29.542713] F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   29.552374] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   29.564573] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[   29.565430] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[   29.580544] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   29.922817] ==================================================================
[   29.930395] BUG: KASAN: use-after-free in f2fs_evict_inode+0xdad/0x1070
[   29.937157] Read of size 4 at addr ffff888096512930 by task syz-executor923/7987
[   29.944724] 
[   29.946877] CPU: 1 PID: 7987 Comm: syz-executor923 Not tainted 4.14.218-syzkaller #0
[   29.954787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.964141] Call Trace:
[   29.966737]  dump_stack+0x1b2/0x281
[   29.970384]  print_address_description.cold+0x54/0x1d3
[   29.975664]  kasan_report_error.cold+0x8a/0x191
[   29.980346]  ? f2fs_evict_inode+0xdad/0x1070
[   29.984771]  __asan_report_load4_noabort+0x68/0x70
[   29.989881]  ? f2fs_evict_inode+0xdad/0x1070
[   29.994305]  f2fs_evict_inode+0xdad/0x1070
[   29.998559]  ? f2fs_write_inode+0x1d0/0x1d0
[   30.002896]  evict+0x2c8/0x700
[   30.006100]  iput+0x458/0x7e0
[   30.009228]  ? f2fs_show_options+0xdf0/0xdf0
[   30.013803]  dentry_unlink_inode+0x25c/0x310
[   30.018204]  __dentry_kill+0x320/0x550
[   30.022096]  shrink_dentry_list+0x2c2/0xac0
[   30.026409]  ? list_lru_walk_node+0x1b3/0x220
[   30.030916]  ? _find_next_bit+0xdb/0x100
[   30.034979]  shrink_dcache_sb+0x105/0x1b0
[   30.039139]  ? shrink_dentry_list+0xac0/0xac0
[   30.043623]  ? f2fs_fill_super+0x1263/0x56a0
[   30.048035]  f2fs_fill_super+0x127f/0x56a0
[   30.052288]  ? snprintf+0xa5/0xd0
[   30.055732]  ? f2fs_commit_super+0x3a0/0x3a0
[   30.060214]  ? ns_test_super+0x50/0x50
[   30.064089]  ? set_blocksize+0x125/0x380
[   30.068157]  mount_bdev+0x2b3/0x360
[   30.071773]  ? f2fs_commit_super+0x3a0/0x3a0
[   30.076191]  mount_fs+0x92/0x2a0
[   30.079549]  vfs_kern_mount.part.0+0x5b/0x470
[   30.084040]  do_mount+0xe53/0x2a00
[   30.087582]  ? retint_kernel+0x2d/0x2d
[   30.091475]  ? copy_mount_string+0x40/0x40
[   30.095722]  ? memset+0x20/0x40
[   30.098989]  ? copy_mount_options+0x1fa/0x2f0
[   30.103475]  ? copy_mnt_ns+0xa30/0xa30
[   30.107357]  SyS_mount+0xa8/0x120
[   30.110815]  ? copy_mnt_ns+0xa30/0xa30
[   30.114704]  do_syscall_64+0x1d5/0x640
[   30.118608]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   30.123785] RIP: 0033:0x44be5a
[   30.126961] RSP: 002b:00007f52e2b34168 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   30.134691] RAX: ffffffffffffffda RBX: 00007f52e2b341c0 RCX: 000000000044be5a
[   30.141974] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f52e2b34180
[   30.149235] RBP: 0000000000000008 R08: 00007f52e2b341c0 R09: 00007f52e2b346b8
[   30.156503] R10: 0000000000000000 R11: 0000000000000286 R12: 00007f52e2b34180
[   30.163784] R13: 00000000200002c0 R14: 0000000000000004 R15: 0000000000000005
[   30.171055] 
[   30.172688] Allocated by task 7987:
[   30.176325]  kasan_kmalloc+0xeb/0x160
[   30.180132]  kmem_cache_alloc_trace+0x131/0x3d0
[   30.184801]  f2fs_fill_super+0xef/0x56a0
[   30.188866]  mount_bdev+0x2b3/0x360
[   30.192482]  mount_fs+0x92/0x2a0
[   30.195868]  vfs_kern_mount.part.0+0x5b/0x470
[   30.200359]  do_mount+0xe53/0x2a00
[   30.203882]  SyS_mount+0xa8/0x120
[   30.207323]  do_syscall_64+0x1d5/0x640
[   30.211215]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   30.216396] 
[   30.218004] Freed by task 7987:
[   30.221292]  kasan_slab_free+0xc3/0x1a0
[   30.225283]  kfree+0xc9/0x250
[   30.228392]  f2fs_fill_super+0x1263/0x56a0
[   30.232618]  mount_bdev+0x2b3/0x360
[   30.236251]  mount_fs+0x92/0x2a0
[   30.239602]  vfs_kern_mount.part.0+0x5b/0x470
[   30.244084]  do_mount+0xe53/0x2a00
[   30.247610]  SyS_mount+0xa8/0x120
[   30.251075]  do_syscall_64+0x1d5/0x640
[   30.254952]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   30.260125] 
[   30.261738] The buggy address belongs to the object at ffff888096512000
[   30.261738]  which belongs to the cache kmalloc-4096 of size 4096
[   30.274580] The buggy address is located 2352 bytes inside of
[   30.274580]  4096-byte region [ffff888096512000, ffff888096513000)
[   30.286611] The buggy address belongs to the page:
[   30.291545] page:ffffea0002594480 count:1 mapcount:0 mapping:ffff888096512000 index:0x0 compound_mapcount: 0
[   30.301504] flags: 0xfff00000008100(slab|head)
[   30.306091] raw: 00fff00000008100 ffff888096512000 0000000000000000 0000000100000001
[   30.313961] raw: ffffea0002d0f1a0 ffffea0002cf9ea0 ffff88813fe80dc0 0000000000000000
[   30.321831] page dumped because: kasan: bad access detected
[   30.327543] 
[   30.329152] Memory state around the buggy address:
[   30.334063]  ffff888096512800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.341413]  ffff888096512880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.348765] >ffff888096512900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.356135]                                      ^
[   30.361052]  ffff888096512980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.368421]  ffff888096512a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.375778] ==================================================================
[   30.383119] Disabling lock debugging due to kernel taint
[   30.406813] Kernel panic - not syncing: panic_on_warn set ...
[   30.406813] 
[   30.414230] CPU: 0 PID: 7987 Comm: syz-executor923 Tainted: G    B           4.14.218-syzkaller #0
[   30.423435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.432789] Call Trace:
[   30.435408]  dump_stack+0x1b2/0x281
[   30.439058]  panic+0x1f9/0x42d
[   30.442232]  ? add_taint.cold+0x16/0x16
[   30.446237]  ? ___preempt_schedule+0x16/0x18
[   30.450699]  kasan_end_report+0x43/0x49
[   30.454688]  kasan_report_error.cold+0xa7/0x191
[   30.459348]  ? f2fs_evict_inode+0xdad/0x1070
[   30.463740]  __asan_report_load4_noabort+0x68/0x70
[   30.468657]  ? f2fs_evict_inode+0xdad/0x1070
[   30.473081]  f2fs_evict_inode+0xdad/0x1070
[   30.477305]  ? f2fs_write_inode+0x1d0/0x1d0
[   30.481670]  evict+0x2c8/0x700
[   30.484872]  iput+0x458/0x7e0
[   30.487967]  ? f2fs_show_options+0xdf0/0xdf0
[   30.492408]  dentry_unlink_inode+0x25c/0x310
[   30.496861]  __dentry_kill+0x320/0x550
[   30.500730]  shrink_dentry_list+0x2c2/0xac0
[   30.505271]  ? list_lru_walk_node+0x1b3/0x220
[   30.509797]  ? _find_next_bit+0xdb/0x100
[   30.513846]  shrink_dcache_sb+0x105/0x1b0
[   30.517976]  ? shrink_dentry_list+0xac0/0xac0
[   30.522611]  ? f2fs_fill_super+0x1263/0x56a0
[   30.527050]  f2fs_fill_super+0x127f/0x56a0
[   30.531320]  ? snprintf+0xa5/0xd0
[   30.534832]  ? f2fs_commit_super+0x3a0/0x3a0
[   30.539229]  ? ns_test_super+0x50/0x50
[   30.543135]  ? set_blocksize+0x125/0x380
[   30.547413]  mount_bdev+0x2b3/0x360
[   30.551049]  ? f2fs_commit_super+0x3a0/0x3a0
[   30.555443]  mount_fs+0x92/0x2a0
[   30.559000]  vfs_kern_mount.part.0+0x5b/0x470
[   30.563482]  do_mount+0xe53/0x2a00
[   30.567007]  ? retint_kernel+0x2d/0x2d
[   30.570928]  ? copy_mount_string+0x40/0x40
[   30.575208]  ? memset+0x20/0x40
[   30.578516]  ? copy_mount_options+0x1fa/0x2f0
[   30.583049]  ? copy_mnt_ns+0xa30/0xa30
[   30.586926]  SyS_mount+0xa8/0x120
[   30.590504]  ? copy_mnt_ns+0xa30/0xa30
[   30.594447]  do_syscall_64+0x1d5/0x640
[   30.598320]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   30.603500] RIP: 0033:0x44be5a
[   30.606672] RSP: 002b:00007f52e2b34168 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   30.614361] RAX: ffffffffffffffda RBX: 00007f52e2b341c0 RCX: 000000000044be5a
[   30.621801] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f52e2b34180
[   30.629081] RBP: 0000000000000008 R08: 00007f52e2b341c0 R09: 00007f52e2b346b8
[   30.636467] R10: 0000000000000000 R11: 0000000000000286 R12: 00007f52e2b34180
[   30.644068] R13: 00000000200002c0 R14: 0000000000000004 R15: 0000000000000005
[   30.652009] Kernel Offset: disabled
[   30.655658] Rebooting in 86400 seconds..