[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.237' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   70.714264][ T8492] loop0: detected capacity change from 0 to 135266304
[   70.730921][ T8492] ==================================================================
[   70.739217][ T8492] BUG: KASAN: slab-out-of-bounds in squashfs_get_id+0x1ae/0x1d0
[   70.746883][ T8492] Read of size 8 at addr ffff88801b506d40 by task syz-executor989/8492
[   70.755118][ T8492] 
[   70.757469][ T8492] CPU: 1 PID: 8492 Comm: syz-executor989 Not tainted 5.10.0-rc5-next-20201127-syzkaller #0
[   70.767447][ T8492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.777511][ T8492] Call Trace:
[   70.780823][ T8492]  dump_stack+0x107/0x163
[   70.785205][ T8492]  ? squashfs_get_id+0x1ae/0x1d0
[   70.790154][ T8492]  ? squashfs_get_id+0x1ae/0x1d0
[   70.795110][ T8492]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   70.802154][ T8492]  ? squashfs_get_id+0x1ae/0x1d0
[   70.807102][ T8492]  ? squashfs_get_id+0x1ae/0x1d0
[   70.812042][ T8492]  kasan_report.cold+0x79/0xd5
[   70.816832][ T8492]  ? squashfs_get_id+0x1ae/0x1d0
[   70.821756][ T8492]  squashfs_get_id+0x1ae/0x1d0
[   70.826538][ T8492]  ? squashfs_read_fragment_index_table+0xf0/0xf0
[   70.832958][ T8492]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   70.839183][ T8492]  ? squashfs_read_metadata+0x2f9/0x460
[   70.844733][ T8492]  squashfs_read_inode+0x1b4/0x1b40
[   70.849927][ T8492]  ? find_held_lock+0x2d/0x110
[   70.854686][ T8492]  ? squashfs_read_id_index_table+0x120/0x120
[   70.860757][ T8492]  ? new_inode+0x23b/0x2f0
[   70.865156][ T8492]  ? lock_downgrade+0x6d0/0x6d0
[   70.870009][ T8492]  ? do_raw_spin_lock+0x120/0x2b0
[   70.875018][ T8492]  ? rwlock_bug.part.0+0x90/0x90
[   70.879943][ T8492]  ? do_raw_spin_unlock+0x171/0x230
[   70.885151][ T8492]  ? _raw_spin_unlock+0x24/0x40
[   70.889989][ T8492]  ? new_inode+0x240/0x2f0
[   70.894404][ T8492]  squashfs_fill_super+0x1140/0x23b0
[   70.899686][ T8492]  get_tree_bdev+0x421/0x740
[   70.904283][ T8492]  ? init_once+0x20/0x20
[   70.908510][ T8492]  vfs_get_tree+0x89/0x2f0
[   70.912932][ T8492]  path_mount+0x12ae/0x1e70
[   70.917423][ T8492]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   70.923659][ T8492]  ? strncpy_from_user+0x2a0/0x3e0
[   70.928758][ T8492]  ? finish_automount+0xac0/0xac0
[   70.933768][ T8492]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   70.940009][ T8492]  ? getname_flags.part.0+0x1dd/0x4f0
[   70.945375][ T8492]  __x64_sys_mount+0x27f/0x300
[   70.950137][ T8492]  ? copy_mnt_ns+0xae0/0xae0
[   70.954720][ T8492]  ? syscall_enter_from_user_mode+0x1d/0x50
[   70.960619][ T8492]  do_syscall_64+0x2d/0x70
[   70.965022][ T8492]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   70.970900][ T8492] RIP: 0033:0x446d1a
[   70.974785][ T8492] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00
[   70.994395][ T8492] RSP: 002b:00007fffa8a062a8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5
[   71.002800][ T8492] RAX: ffffffffffffffda RBX: 00007fffa8a06300 RCX: 0000000000446d1a
[   71.010783][ T8492] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fffa8a062c0
[   71.018746][ T8492] RBP: 00007fffa8a062c0 R08: 00007fffa8a06300 R09: 00007fff00000015
[   71.026723][ T8492] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   71.034682][ T8492] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003
[   71.042653][ T8492] 
[   71.044982][ T8492] Allocated by task 8492:
[   71.049297][ T8492]  kasan_save_stack+0x1b/0x40
[   71.053961][ T8492]  ____kasan_kmalloc.constprop.0+0xa0/0xd0
[   71.059781][ T8492]  squashfs_cache_init+0x3ab/0x750
[   71.064904][ T8492]  squashfs_fill_super+0xfd7/0x23b0
[   71.070087][ T8492]  get_tree_bdev+0x421/0x740
[   71.074661][ T8492]  vfs_get_tree+0x89/0x2f0
[   71.079679][ T8492]  path_mount+0x12ae/0x1e70
[   71.084187][ T8492]  __x64_sys_mount+0x27f/0x300
[   71.088932][ T8492]  do_syscall_64+0x2d/0x70
[   71.093333][ T8492]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   71.099216][ T8492] 
[   71.101541][ T8492] The buggy address belongs to the object at ffff88801b506d20
[   71.101541][ T8492]  which belongs to the cache kmalloc-8 of size 8
[   71.115231][ T8492] The buggy address is located 24 bytes to the right of
[   71.115231][ T8492]  8-byte region [ffff88801b506d20, ffff88801b506d28)
[   71.128865][ T8492] The buggy address belongs to the page:
[   71.134487][ T8492] page:00000000f0d46bcf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b506
[   71.144618][ T8492] flags: 0xfff00000000200(slab)
[   71.150426][ T8492] raw: 00fff00000000200 ffffea00005c2ac0 0000001d0000001d ffff888010041c80
[   71.158993][ T8492] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000
[   71.167568][ T8492] page dumped because: kasan: bad access detected
[   71.173975][ T8492] 
[   71.176296][ T8492] Memory state around the buggy address:
[   71.181921][ T8492]  ffff88801b506c00: fc 00 fc fc fc fc 00 fc fc fc fc fa fc fc fc fc
[   71.189966][ T8492]  ffff88801b506c80: 00 fc fc fc fc 00 fc fc fc fc fa fc fc fc fc fa
[   71.198032][ T8492] >ffff88801b506d00: fc fc fc fc 00 fc fc fc fc fb fc fc fc fc 00 fc
[   71.206071][ T8492]                                            ^
[   71.212206][ T8492]  ffff88801b506d80: fc fc fc fa fc fc fc fc fa fc fc fc fc fa fc fc
[   71.220263][ T8492]  ffff88801b506e00: fc fc fa fc fc fc fc fb fc fc fc fc fb fc fc fc
[   71.228820][ T8492] ==================================================================
[   71.236870][ T8492] Disabling lock debugging due to kernel taint
[   71.243600][ T8492] Kernel panic - not syncing: panic_on_warn set ...
[   71.250214][ T8492] CPU: 1 PID: 8492 Comm: syz-executor989 Tainted: G    B             5.10.0-rc5-next-20201127-syzkaller #0
[   71.261582][ T8492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.271629][ T8492] Call Trace:
[   71.274919][ T8492]  dump_stack+0x107/0x163
[   71.279261][ T8492]  ? squashfs_get_id+0xe0/0x1d0
[   71.284117][ T8492]  panic+0x306/0x73d
[   71.288009][ T8492]  ? __warn_printk+0xf3/0xf3
[   71.292596][ T8492]  ? preempt_schedule_common+0x59/0xc0
[   71.298046][ T8492]  ? squashfs_get_id+0x1ae/0x1d0
[   71.302976][ T8492]  ? preempt_schedule_thunk+0x16/0x18
[   71.308353][ T8492]  ? trace_hardirqs_on+0x38/0x1c0
[   71.313367][ T8492]  ? trace_hardirqs_on+0x51/0x1c0
[   71.318384][ T8492]  ? squashfs_get_id+0x1ae/0x1d0
[   71.323311][ T8492]  ? squashfs_get_id+0x1ae/0x1d0
[   71.328242][ T8492]  end_report+0x58/0x5e
[   71.332391][ T8492]  kasan_report.cold+0x67/0xd5
[   71.337149][ T8492]  ? squashfs_get_id+0x1ae/0x1d0
[   71.342080][ T8492]  squashfs_get_id+0x1ae/0x1d0
[   71.346837][ T8492]  ? squashfs_read_fragment_index_table+0xf0/0xf0
[   71.353244][ T8492]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   71.359476][ T8492]  ? squashfs_read_metadata+0x2f9/0x460
[   71.365012][ T8492]  squashfs_read_inode+0x1b4/0x1b40
[   71.370225][ T8492]  ? find_held_lock+0x2d/0x110
[   71.374983][ T8492]  ? squashfs_read_id_index_table+0x120/0x120
[   71.381056][ T8492]  ? new_inode+0x23b/0x2f0
[   71.385659][ T8492]  ? lock_downgrade+0x6d0/0x6d0
[   71.390523][ T8492]  ? do_raw_spin_lock+0x120/0x2b0
[   71.395560][ T8492]  ? rwlock_bug.part.0+0x90/0x90
[   71.400523][ T8492]  ? do_raw_spin_unlock+0x171/0x230
[   71.405720][ T8492]  ? _raw_spin_unlock+0x24/0x40
[   71.410576][ T8492]  ? new_inode+0x240/0x2f0
[   71.414985][ T8492]  squashfs_fill_super+0x1140/0x23b0
[   71.420272][ T8492]  get_tree_bdev+0x421/0x740
[   71.424874][ T8492]  ? init_once+0x20/0x20
[   71.429119][ T8492]  vfs_get_tree+0x89/0x2f0
[   71.433532][ T8492]  path_mount+0x12ae/0x1e70
[   71.438033][ T8492]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   71.444276][ T8492]  ? strncpy_from_user+0x2a0/0x3e0
[   71.449405][ T8492]  ? finish_automount+0xac0/0xac0
[   71.454945][ T8492]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   71.461180][ T8492]  ? getname_flags.part.0+0x1dd/0x4f0
[   71.466549][ T8492]  __x64_sys_mount+0x27f/0x300
[   71.471327][ T8492]  ? copy_mnt_ns+0xae0/0xae0
[   71.475913][ T8492]  ? syscall_enter_from_user_mode+0x1d/0x50
[   71.481797][ T8492]  do_syscall_64+0x2d/0x70
[   71.486212][ T8492]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   71.492359][ T8492] RIP: 0033:0x446d1a
[   71.496248][ T8492] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00
[   71.515845][ T8492] RSP: 002b:00007fffa8a062a8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5
[   71.524269][ T8492] RAX: ffffffffffffffda RBX: 00007fffa8a06300 RCX: 0000000000446d1a
[   71.532230][ T8492] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fffa8a062c0
[   71.540206][ T8492] RBP: 00007fffa8a062c0 R08: 00007fffa8a06300 R09: 00007fff00000015
[   71.548173][ T8492] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   71.556138][ T8492] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003
[   71.564614][ T8492] Kernel Offset: disabled
[   71.568971][ T8492] Rebooting in 86400 seconds..