[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.56' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 65.807648][ T8479] ================================================================== [ 65.815857][ T8479] BUG: KASAN: slab-out-of-bounds in squashfs_get_id+0x1ae/0x1d0 [ 65.823468][ T8479] Read of size 8 at addr ffff888017caff58 by task syz-executor293/8479 [ 65.831721][ T8479] [ 65.834036][ T8479] CPU: 0 PID: 8479 Comm: syz-executor293 Not tainted 5.10.0-rc2-syzkaller #0 [ 65.842855][ T8479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.853755][ T8479] Call Trace: [ 65.857029][ T8479] dump_stack+0x107/0x163 [ 65.861338][ T8479] ? squashfs_get_id+0x1ae/0x1d0 [ 65.866247][ T8479] ? squashfs_get_id+0x1ae/0x1d0 [ 65.871168][ T8479] print_address_description.constprop.0.cold+0xae/0x4c8 [ 65.878185][ T8479] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 65.883536][ T8479] ? vprintk_func+0x95/0x1e0 [ 65.888194][ T8479] ? squashfs_get_id+0x1ae/0x1d0 [ 65.893206][ T8479] ? squashfs_get_id+0x1ae/0x1d0 [ 65.898121][ T8479] kasan_report.cold+0x1f/0x37 [ 65.902930][ T8479] ? squashfs_get_id+0x1ae/0x1d0 [ 65.907869][ T8479] squashfs_get_id+0x1ae/0x1d0 [ 65.912666][ T8479] ? squashfs_read_fragment_index_table+0xf0/0xf0 [ 65.919068][ T8479] squashfs_read_inode+0x1ee/0x1b40 [ 65.924270][ T8479] ? squashfs_read_id_index_table+0x120/0x120 [ 65.930348][ T8479] ? lock_downgrade+0x6d0/0x6d0 [ 65.935199][ T8479] ? do_raw_spin_lock+0x120/0x2b0 [ 65.940212][ T8479] ? rwlock_bug.part.0+0x90/0x90 [ 65.945146][ T8479] ? do_raw_spin_unlock+0x171/0x230 [ 65.950345][ T8479] ? _raw_spin_unlock+0x24/0x40 [ 65.955174][ T8479] ? new_inode+0x240/0x2f0 [ 65.959574][ T8479] squashfs_fill_super+0x1140/0x23b0 [ 65.964844][ T8479] get_tree_bdev+0x421/0x740 [ 65.969525][ T8479] ? init_once+0x20/0x20 [ 65.973750][ T8479] vfs_get_tree+0x89/0x2f0 [ 65.978147][ T8479] path_mount+0x13ad/0x20c0 [ 65.982631][ T8479] ? strncpy_from_user+0x29e/0x3a0 [ 65.987721][ T8479] ? finish_automount+0xac0/0xac0 [ 65.992834][ T8479] ? getname_flags.part.0+0x1dd/0x4f0 [ 65.998200][ T8479] __x64_sys_mount+0x27f/0x300 [ 66.002951][ T8479] ? copy_mnt_ns+0xa60/0xa60 [ 66.007529][ T8479] ? syscall_enter_from_user_mode+0x1d/0x50 [ 66.013408][ T8479] do_syscall_64+0x2d/0x70 [ 66.017808][ T8479] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.023679][ T8479] RIP: 0033:0x446d2a [ 66.027643][ T8479] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 66.047312][ T8479] RSP: 002b:00007ffcc178e548 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 66.055709][ T8479] RAX: ffffffffffffffda RBX: 00007ffcc178e5a0 RCX: 0000000000446d2a [ 66.063662][ T8479] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcc178e560 [ 66.071615][ T8479] RBP: 00007ffcc178e560 R08: 00007ffcc178e5a0 R09: 00007ffc00000015 [ 66.079562][ T8479] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 66.087773][ T8479] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 66.095730][ T8479] [ 66.098050][ T8479] Allocated by task 4896: [ 66.102357][ T8479] kasan_save_stack+0x1b/0x40 [ 66.107010][ T8479] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 66.112626][ T8479] kernfs_fop_write+0x345/0x490 [ 66.117456][ T8479] vfs_write+0x28e/0x700 [ 66.121683][ T8479] ksys_write+0x12d/0x250 [ 66.125988][ T8479] do_syscall_64+0x2d/0x70 [ 66.130396][ T8479] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.136347][ T8479] [ 66.138667][ T8479] The buggy address belongs to the object at ffff888017caff50 [ 66.138667][ T8479] which belongs to the cache kmalloc-8 of size 8 [ 66.152446][ T8479] The buggy address is located 0 bytes to the right of [ 66.152446][ T8479] 8-byte region [ffff888017caff50, ffff888017caff58) [ 66.165864][ T8479] The buggy address belongs to the page: [ 66.171479][ T8479] page:00000000a63e6329 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17caf [ 66.181604][ T8479] flags: 0xfff00000000200(slab) [ 66.186433][ T8479] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888010041c80 [ 66.195016][ T8479] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 66.203577][ T8479] page dumped because: kasan: bad access detected [ 66.210056][ T8479] [ 66.212360][ T8479] Memory state around the buggy address: [ 66.218013][ T8479] ffff888017cafe00: fc fc fa fc fc fc fc fa fc fc fc fc 00 fc fc fc [ 66.226065][ T8479] ffff888017cafe80: fc fb fc fc fc fc fa fc fc fc fc 00 fc fc fc fc [ 66.234115][ T8479] >ffff888017caff00: fb fc fc fc fc fb fc fc fc fc fb fc fc fc fc fb [ 66.242161][ T8479] ^ [ 66.249083][ T8479] ffff888017caff80: fc fc fc fc fa fc fc fc fc fa fc fc fc fc fc fc [ 66.257122][ T8479] ffff888017cb0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.265156][ T8479] ================================================================== [ 66.273191][ T8479] Disabling lock debugging due to kernel taint [ 66.280002][ T8479] Kernel panic - not syncing: panic_on_warn set ... [ 66.286622][ T8479] CPU: 0 PID: 8479 Comm: syz-executor293 Tainted: G B 5.10.0-rc2-syzkaller #0 [ 66.296760][ T8479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.306812][ T8479] Call Trace: [ 66.310081][ T8479] dump_stack+0x107/0x163 [ 66.314385][ T8479] ? squashfs_get_id+0x150/0x1d0 [ 66.322699][ T8479] panic+0x306/0x73d [ 66.326569][ T8479] ? __warn_printk+0xf3/0xf3 [ 66.331130][ T8479] ? preempt_schedule_common+0x59/0xc0 [ 66.336658][ T8479] ? squashfs_get_id+0x1ae/0x1d0 [ 66.341577][ T8479] ? preempt_schedule_thunk+0x16/0x18 [ 66.346921][ T8479] ? trace_hardirqs_on+0x51/0x1c0 [ 66.351935][ T8479] ? squashfs_get_id+0x1ae/0x1d0 [ 66.356875][ T8479] ? squashfs_get_id+0x1ae/0x1d0 [ 66.361795][ T8479] end_report+0x58/0x5e [ 66.365928][ T8479] kasan_report.cold+0xd/0x37 [ 66.370597][ T8479] ? squashfs_get_id+0x1ae/0x1d0 [ 66.375508][ T8479] squashfs_get_id+0x1ae/0x1d0 [ 66.380257][ T8479] ? squashfs_read_fragment_index_table+0xf0/0xf0 [ 66.386672][ T8479] squashfs_read_inode+0x1ee/0x1b40 [ 66.391856][ T8479] ? squashfs_read_id_index_table+0x120/0x120 [ 66.397909][ T8479] ? lock_downgrade+0x6d0/0x6d0 [ 66.402743][ T8479] ? do_raw_spin_lock+0x120/0x2b0 [ 66.407741][ T8479] ? rwlock_bug.part.0+0x90/0x90 [ 66.412664][ T8479] ? do_raw_spin_unlock+0x171/0x230 [ 66.417838][ T8479] ? _raw_spin_unlock+0x24/0x40 [ 66.422670][ T8479] ? new_inode+0x240/0x2f0 [ 66.427061][ T8479] squashfs_fill_super+0x1140/0x23b0 [ 66.432320][ T8479] get_tree_bdev+0x421/0x740 [ 66.436881][ T8479] ? init_once+0x20/0x20 [ 66.441096][ T8479] vfs_get_tree+0x89/0x2f0 [ 66.445483][ T8479] path_mount+0x13ad/0x20c0 [ 66.449970][ T8479] ? strncpy_from_user+0x29e/0x3a0 [ 66.455076][ T8479] ? finish_automount+0xac0/0xac0 [ 66.460082][ T8479] ? getname_flags.part.0+0x1dd/0x4f0 [ 66.465443][ T8479] __x64_sys_mount+0x27f/0x300 [ 66.470179][ T8479] ? copy_mnt_ns+0xa60/0xa60 [ 66.474743][ T8479] ? syscall_enter_from_user_mode+0x1d/0x50 [ 66.480608][ T8479] do_syscall_64+0x2d/0x70 [ 66.484999][ T8479] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.490863][ T8479] RIP: 0033:0x446d2a [ 66.494745][ T8479] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 66.514320][ T8479] RSP: 002b:00007ffcc178e548 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 66.522706][ T8479] RAX: ffffffffffffffda RBX: 00007ffcc178e5a0 RCX: 0000000000446d2a [ 66.530666][ T8479] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcc178e560 [ 66.538610][ T8479] RBP: 00007ffcc178e560 R08: 00007ffcc178e5a0 R09: 00007ffc00000015 [ 66.546556][ T8479] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 66.554499][ T8479] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 66.563028][ T8479] Kernel Offset: disabled [ 66.567342][ T8479] Rebooting in 86400 seconds..