[ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. Starting getty on tty2-tty6 if dbus and logind are not available... Starting OpenBSD Secure Shell server... [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.389671][ T34] audit: type=1400 audit(1608080786.311:8): avc: denied { execmem } for pid=8481 comm="syz-executor264" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 72.422472][ T8481] ================================================================== [ 72.430764][ T8481] BUG: KASAN: slab-out-of-bounds in squashfs_export_iget+0x274/0x2a0 [ 72.438839][ T8481] Read of size 8 at addr ffff888011941cb8 by task syz-executor264/8481 [ 72.447071][ T8481] [ 72.449412][ T8481] CPU: 0 PID: 8481 Comm: syz-executor264 Not tainted 5.10.0-syzkaller #0 [ 72.457820][ T8481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.467888][ T8481] Call Trace: [ 72.471185][ T8481] dump_stack+0x107/0x163 [ 72.475525][ T8481] ? squashfs_export_iget+0x274/0x2a0 [ 72.480906][ T8481] ? squashfs_export_iget+0x274/0x2a0 [ 72.486288][ T8481] print_address_description.constprop.0.cold+0xae/0x497 [ 72.493316][ T8481] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 72.498771][ T8481] ? vprintk_func+0x95/0x1e0 [ 72.503408][ T8481] ? squashfs_export_iget+0x274/0x2a0 [ 72.508777][ T8481] ? squashfs_export_iget+0x274/0x2a0 [ 72.514128][ T8481] kasan_report.cold+0x1f/0x37 [ 72.518994][ T8481] ? squashfs_export_iget+0x274/0x2a0 [ 72.524376][ T8481] squashfs_export_iget+0x274/0x2a0 [ 72.529578][ T8481] ? squashfs_readdir+0xd70/0xd70 [ 72.534614][ T8481] ? __lock_acquire+0x16b7/0x5500 [ 72.539699][ T8481] squashfs_fh_to_dentry+0x78/0xb0 [ 72.544810][ T8481] exportfs_decode_fh+0x126/0x7e0 [ 72.549836][ T8481] ? drop_caches_sysctl_handler+0x110/0x110 [ 72.555725][ T8481] ? squashfs_get_parent+0xa0/0xa0 [ 72.560916][ T8481] ? reconnect_path+0x7e0/0x7e0 [ 72.565751][ T8481] ? find_held_lock+0x2d/0x110 [ 72.570497][ T8481] ? __might_fault+0xd3/0x180 [ 72.575237][ T8481] ? lock_downgrade+0x6d0/0x6d0 [ 72.580080][ T8481] do_handle_open+0x2b6/0x7f0 [ 72.584745][ T8481] ? vfs_dentry_acceptable+0x10/0x10 [ 72.590021][ T8481] ? syscall_enter_from_user_mode+0x1d/0x50 [ 72.595897][ T8481] do_syscall_64+0x2d/0x70 [ 72.600293][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.606160][ T8481] RIP: 0033:0x4443d9 [ 72.610035][ T8481] Code: 8d d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.629790][ T8481] RSP: 002b:00007fff6f959d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 72.638193][ T8481] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004443d9 [ 72.646203][ T8481] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 72.654169][ T8481] RBP: 00000000006cf018 R08: 00007fff00000015 R09: 00000000004002e0 [ 72.662229][ T8481] R10: 00007fff6f959bf0 R11: 0000000000000246 R12: 0000000000401fc0 [ 72.670194][ T8481] R13: 0000000000402050 R14: 0000000000000000 R15: 0000000000000000 [ 72.678179][ T8481] [ 72.680489][ T8481] Allocated by task 8481: [ 72.684801][ T8481] kasan_save_stack+0x1b/0x40 [ 72.689468][ T8481] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 72.695104][ T8481] __kmalloc+0x225/0x450 [ 72.699325][ T8481] squashfs_read_table+0x43/0x1e0 [ 72.704324][ T8481] squashfs_read_xattr_id_table+0x191/0x220 [ 72.710191][ T8481] squashfs_fill_super+0xcfb/0x23b0 [ 72.715374][ T8481] get_tree_bdev+0x421/0x740 [ 72.719940][ T8481] vfs_get_tree+0x89/0x2f0 [ 72.724332][ T8481] path_mount+0x13ad/0x20c0 [ 72.728823][ T8481] __x64_sys_mount+0x27f/0x300 [ 72.733651][ T8481] do_syscall_64+0x2d/0x70 [ 72.738157][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.744019][ T8481] [ 72.746327][ T8481] The buggy address belongs to the object at ffff888011941c80 [ 72.746327][ T8481] which belongs to the cache kmalloc-32 of size 32 [ 72.760180][ T8481] The buggy address is located 24 bytes to the right of [ 72.760180][ T8481] 32-byte region [ffff888011941c80, ffff888011941ca0) [ 72.773781][ T8481] The buggy address belongs to the page: [ 72.779407][ T8481] page:0000000061351ced refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888011941fc1 pfn:0x11941 [ 72.790830][ T8481] flags: 0xfff00000000200(slab) [ 72.795660][ T8481] raw: 00fff00000000200 ffffea0000820108 ffff888010041250 ffff888010040100 [ 72.804222][ T8481] raw: ffff888011941fc1 ffff888011941000 000000010000003f 0000000000000000 [ 72.812775][ T8481] page dumped because: kasan: bad access detected [ 72.819169][ T8481] [ 72.821474][ T8481] Memory state around the buggy address: [ 72.827082][ T8481] ffff888011941b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 72.835119][ T8481] ffff888011941c00: fa fb fb fb fc fc fc fc 00 fc fc fc fc fc fc fc [ 72.843167][ T8481] >ffff888011941c80: 00 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc [ 72.851202][ T8481] ^ [ 72.857071][ T8481] ffff888011941d00: fa fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 72.865107][ T8481] ffff888011941d80: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc [ 72.873149][ T8481] ================================================================== [ 72.881181][ T8481] Disabling lock debugging due to kernel taint [ 72.887942][ T8481] Kernel panic - not syncing: panic_on_warn set ... [ 72.894537][ T8481] CPU: 0 PID: 8481 Comm: syz-executor264 Tainted: G B 5.10.0-syzkaller #0 [ 72.904325][ T8481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.914368][ T8481] Call Trace: [ 72.917633][ T8481] dump_stack+0x107/0x163 [ 72.921953][ T8481] ? squashfs_export_iget+0x1b0/0x2a0 [ 72.927303][ T8481] panic+0x306/0x73d [ 72.931182][ T8481] ? __warn_printk+0xf3/0xf3 [ 72.935758][ T8481] ? preempt_schedule_common+0x59/0xc0 [ 72.941207][ T8481] ? squashfs_export_iget+0x274/0x2a0 [ 72.946564][ T8481] ? preempt_schedule_thunk+0x16/0x18 [ 72.951910][ T8481] ? trace_hardirqs_on+0x51/0x1c0 [ 72.956907][ T8481] ? squashfs_export_iget+0x274/0x2a0 [ 72.962253][ T8481] ? squashfs_export_iget+0x274/0x2a0 [ 72.967609][ T8481] end_report+0x58/0x5e [ 72.971738][ T8481] kasan_report.cold+0xd/0x37 [ 72.976388][ T8481] ? squashfs_export_iget+0x274/0x2a0 [ 72.981738][ T8481] squashfs_export_iget+0x274/0x2a0 [ 72.986909][ T8481] ? squashfs_readdir+0xd70/0xd70 [ 72.991908][ T8481] ? __lock_acquire+0x16b7/0x5500 [ 72.996918][ T8481] squashfs_fh_to_dentry+0x78/0xb0 [ 73.002001][ T8481] exportfs_decode_fh+0x126/0x7e0 [ 73.006998][ T8481] ? drop_caches_sysctl_handler+0x110/0x110 [ 73.012864][ T8481] ? squashfs_get_parent+0xa0/0xa0 [ 73.017946][ T8481] ? reconnect_path+0x7e0/0x7e0 [ 73.022784][ T8481] ? find_held_lock+0x2d/0x110 [ 73.027521][ T8481] ? __might_fault+0xd3/0x180 [ 73.032170][ T8481] ? lock_downgrade+0x6d0/0x6d0 [ 73.037006][ T8481] do_handle_open+0x2b6/0x7f0 [ 73.044782][ T8481] ? vfs_dentry_acceptable+0x10/0x10 [ 73.050051][ T8481] ? syscall_enter_from_user_mode+0x1d/0x50 [ 73.055929][ T8481] do_syscall_64+0x2d/0x70 [ 73.060328][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.066200][ T8481] RIP: 0033:0x4443d9 [ 73.070079][ T8481] Code: 8d d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 73.089665][ T8481] RSP: 002b:00007fff6f959d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 73.098055][ T8481] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004443d9 [ 73.106001][ T8481] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 73.113955][ T8481] RBP: 00000000006cf018 R08: 00007fff00000015 R09: 00000000004002e0 [ 73.121912][ T8481] R10: 00007fff6f959bf0 R11: 0000000000000246 R12: 0000000000401fc0 [ 73.130300][ T8481] R13: 0000000000402050 R14: 0000000000000000 R15: 0000000000000000 [ 73.138876][ T8481] Kernel Offset: disabled [ 73.143189][ T8481] Rebooting in 86400 seconds..