[ OK ] Started Regular background program processing daemon. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. Starting System Logging Service... [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 73.159267][ T28] audit: type=1400 audit(1602554171.895:8): avc: denied { execmem } for pid=6866 comm="syz-executor079" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 73.178360][ T6866] ================================================================== [ 73.189966][ T6866] BUG: KASAN: slab-out-of-bounds in squashfs_get_id+0x1ae/0x1d0 [ 73.198876][ T6866] Read of size 8 at addr ffff8880a6486278 by task syz-executor079/6866 [ 73.207789][ T6866] [ 73.210242][ T6866] CPU: 1 PID: 6866 Comm: syz-executor079 Not tainted 5.9.0-syzkaller #0 [ 73.218747][ T6866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.229383][ T6866] Call Trace: [ 73.232745][ T6866] dump_stack+0x198/0x1fd [ 73.237353][ T6866] ? squashfs_get_id+0x1ae/0x1d0 [ 73.242558][ T6866] ? squashfs_get_id+0x1ae/0x1d0 [ 73.247975][ T6866] print_address_description.constprop.0.cold+0xae/0x497 [ 73.255450][ T6866] ? squashfs_get_id+0x1ae/0x1d0 [ 73.260544][ T6866] ? lockdep_hardirqs_off+0x96/0xd0 [ 73.265793][ T6866] ? vprintk_func+0x95/0x1d4 [ 73.270385][ T6866] ? squashfs_get_id+0x1ae/0x1d0 [ 73.275537][ T6866] ? squashfs_get_id+0x1ae/0x1d0 [ 73.280519][ T6866] kasan_report.cold+0x1f/0x37 [ 73.285897][ T6866] ? squashfs_get_id+0x1ae/0x1d0 [ 73.291072][ T6866] squashfs_get_id+0x1ae/0x1d0 [ 73.295880][ T6866] ? squashfs_read_fragment_index_table+0xf0/0xf0 [ 73.302478][ T6866] squashfs_read_inode+0x1d3/0x1940 [ 73.308264][ T6866] ? squashfs_read_id_index_table+0xf0/0xf0 [ 73.314311][ T6866] ? new_inode+0x23b/0x2f0 [ 73.318822][ T6866] ? lock_downgrade+0x830/0x830 [ 73.324185][ T6866] ? do_raw_spin_lock+0x120/0x2b0 [ 73.329457][ T6866] ? rwlock_bug.part.0+0x90/0x90 [ 73.334665][ T6866] ? inode_init_always+0xa98/0xd10 [ 73.340344][ T6866] ? do_raw_spin_unlock+0x171/0x230 [ 73.345551][ T6866] ? _raw_spin_unlock+0x24/0x40 [ 73.350879][ T6866] ? new_inode+0x240/0x2f0 [ 73.355482][ T6866] squashfs_fill_super+0x1079/0x1ecf [ 73.360829][ T6866] get_tree_bdev+0x421/0x740 [ 73.365556][ T6866] ? init_once+0x20/0x20 [ 73.369934][ T6866] vfs_get_tree+0x89/0x2f0 [ 73.374357][ T6866] path_mount+0x1387/0x20a0 [ 73.380304][ T6866] ? strncpy_from_user+0x2bf/0x3e0 [ 73.385616][ T6866] ? copy_mount_string+0x40/0x40 [ 73.391159][ T6866] ? getname_flags.part.0+0x1dd/0x4f0 [ 73.397094][ T6866] __x64_sys_mount+0x27f/0x300 [ 73.402356][ T6866] ? copy_mnt_ns+0xa60/0xa60 [ 73.407507][ T6866] ? check_preemption_disabled+0x50/0x130 [ 73.413750][ T6866] ? syscall_enter_from_user_mode+0x1d/0x60 [ 73.420070][ T6866] do_syscall_64+0x2d/0x70 [ 73.424564][ T6866] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.430728][ T6866] RIP: 0033:0x446d2a [ 73.436545][ T6866] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 73.459897][ T6866] RSP: 002b:00007ffe4ba5a7f8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 73.471536][ T6866] RAX: ffffffffffffffda RBX: 00007ffe4ba5a850 RCX: 0000000000446d2a [ 73.479709][ T6866] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe4ba5a810 [ 73.487800][ T6866] RBP: 00007ffe4ba5a810 R08: 00007ffe4ba5a850 R09: 00007ffe00000015 [ 73.496252][ T6866] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 73.505898][ T6866] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 73.515044][ T6866] [ 73.517523][ T6866] Allocated by task 3918: [ 73.523129][ T6866] kasan_save_stack+0x1b/0x40 [ 73.528643][ T6866] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 73.534577][ T6866] kvmalloc_node+0x61/0xf0 [ 73.541502][ T6866] getxattr+0x262/0x2e0 [ 73.546324][ T6866] path_getxattr+0xb6/0x150 [ 73.550920][ T6866] do_syscall_64+0x2d/0x70 [ 73.557371][ T6866] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.563391][ T6866] [ 73.565746][ T6866] Freed by task 3918: [ 73.569823][ T6866] kasan_save_stack+0x1b/0x40 [ 73.574892][ T6866] kasan_set_track+0x1c/0x30 [ 73.579651][ T6866] kasan_set_free_info+0x1b/0x30 [ 73.586248][ T6866] __kasan_slab_free+0xd8/0x120 [ 73.591509][ T6866] kfree+0x10e/0x2b0 [ 73.595861][ T6866] kvfree+0x42/0x50 [ 73.600246][ T6866] getxattr+0x1e6/0x2e0 [ 73.606050][ T6866] path_getxattr+0xb6/0x150 [ 73.610896][ T6866] do_syscall_64+0x2d/0x70 [ 73.617175][ T6866] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.625542][ T6866] [ 73.629051][ T6866] The buggy address belongs to the object at ffff8880a6486240 [ 73.629051][ T6866] which belongs to the cache kmalloc-32 of size 32 [ 73.649038][ T6866] The buggy address is located 24 bytes to the right of [ 73.649038][ T6866] 32-byte region [ffff8880a6486240, ffff8880a6486260) [ 73.670903][ T6866] The buggy address belongs to the page: [ 73.677916][ T6866] page:0000000008c7d1de refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a6486fc1 pfn:0xa6486 [ 73.690082][ T6866] flags: 0xfffe0000000200(slab) [ 73.695357][ T6866] raw: 00fffe0000000200 ffffea00027777c8 ffffea000279a5c8 ffff8880aa040100 [ 73.705559][ T6866] raw: ffff8880a6486fc1 ffff8880a6486000 000000010000003b 0000000000000000 [ 73.715481][ T6866] page dumped because: kasan: bad access detected [ 73.722673][ T6866] [ 73.725000][ T6866] Memory state around the buggy address: [ 73.731314][ T6866] ffff8880a6486100: 00 04 fc fc fc fc fc fc 00 06 fc fc fc fc fc fc [ 73.740672][ T6866] ffff8880a6486180: 00 fc fc fc fc fc fc fc fa fb fb fb fc fc fc fc [ 73.749512][ T6866] >ffff8880a6486200: 00 00 01 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 73.757723][ T6866] ^ [ 73.766633][ T6866] ffff8880a6486280: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 73.775115][ T6866] ffff8880a6486300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 73.784626][ T6866] ================================================================== [ 73.794131][ T6866] Disabling lock debugging due to kernel taint [ 73.802187][ T6866] Kernel panic - not syncing: panic_on_warn set ... [ 73.809290][ T6866] CPU: 0 PID: 6866 Comm: syz-executor079 Tainted: G B 5.9.0-syzkaller #0 [ 73.819882][ T6866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.834095][ T6866] Call Trace: [ 73.839076][ T6866] dump_stack+0x198/0x1fd [ 73.845246][ T6866] ? squashfs_get_id+0x100/0x1d0 [ 73.850885][ T6866] panic+0x382/0x7fb [ 73.855074][ T6866] ? __warn_printk+0xf3/0xf3 [ 73.861312][ T6866] ? preempt_schedule_common+0x59/0xc0 [ 73.867562][ T6866] ? squashfs_get_id+0x1ae/0x1d0 [ 73.872920][ T6866] ? preempt_schedule_thunk+0x16/0x18 [ 73.879993][ T6866] ? trace_hardirqs_on+0x55/0x220 [ 73.885559][ T6866] ? squashfs_get_id+0x1ae/0x1d0 [ 73.892617][ T6866] ? squashfs_get_id+0x1ae/0x1d0 [ 73.899386][ T6866] end_report+0x4d/0x53 [ 73.904356][ T6866] kasan_report.cold+0xd/0x37 [ 73.910052][ T6866] ? squashfs_get_id+0x1ae/0x1d0 [ 73.915868][ T6866] squashfs_get_id+0x1ae/0x1d0 [ 73.923424][ T6866] ? squashfs_read_fragment_index_table+0xf0/0xf0 [ 73.929933][ T6866] squashfs_read_inode+0x1d3/0x1940 [ 73.935607][ T6866] ? squashfs_read_id_index_table+0xf0/0xf0 [ 73.943527][ T6866] ? new_inode+0x23b/0x2f0 [ 73.948563][ T6866] ? lock_downgrade+0x830/0x830 [ 73.955362][ T6866] ? do_raw_spin_lock+0x120/0x2b0 [ 73.964033][ T6866] ? rwlock_bug.part.0+0x90/0x90 [ 73.971191][ T6866] ? inode_init_always+0xa98/0xd10 [ 73.977955][ T6866] ? do_raw_spin_unlock+0x171/0x230 [ 73.984907][ T6866] ? _raw_spin_unlock+0x24/0x40 [ 73.990221][ T6866] ? new_inode+0x240/0x2f0 [ 73.995365][ T6866] squashfs_fill_super+0x1079/0x1ecf [ 74.001546][ T6866] get_tree_bdev+0x421/0x740 [ 74.006563][ T6866] ? init_once+0x20/0x20 [ 74.011763][ T6866] vfs_get_tree+0x89/0x2f0 [ 74.018643][ T6866] path_mount+0x1387/0x20a0 [ 74.024476][ T6866] ? strncpy_from_user+0x2bf/0x3e0 [ 74.030293][ T6866] ? copy_mount_string+0x40/0x40 [ 74.037196][ T6866] ? getname_flags.part.0+0x1dd/0x4f0 [ 74.043782][ T6866] __x64_sys_mount+0x27f/0x300 [ 74.049604][ T6866] ? copy_mnt_ns+0xa60/0xa60 [ 74.054328][ T6866] ? check_preemption_disabled+0x50/0x130 [ 74.060559][ T6866] ? syscall_enter_from_user_mode+0x1d/0x60 [ 74.067045][ T6866] do_syscall_64+0x2d/0x70 [ 74.071685][ T6866] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.078154][ T6866] RIP: 0033:0x446d2a [ 74.082445][ T6866] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 74.107192][ T6866] RSP: 002b:00007ffe4ba5a7f8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 74.115930][ T6866] RAX: ffffffffffffffda RBX: 00007ffe4ba5a850 RCX: 0000000000446d2a [ 74.124354][ T6866] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe4ba5a810 [ 74.133216][ T6866] RBP: 00007ffe4ba5a810 R08: 00007ffe4ba5a850 R09: 00007ffe00000015 [ 74.142561][ T6866] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 74.150931][ T6866] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 74.161417][ T6866] Kernel Offset: disabled [ 74.166516][ T6866] Rebooting in 86400 seconds..