Starting getty on tty2-tty6 if dbus and logind are not available... Starting OpenBSD Secure Shell server... [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.177' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 76.476795][ T35] audit: type=1400 audit(1604641625.454:8): avc: denied { execmem } for pid=8507 comm="syz-executor411" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 76.494119][ T8507] ================================================================== [ 76.505754][ T8507] BUG: KASAN: slab-out-of-bounds in squashfs_get_id+0x1ae/0x1d0 [ 76.513473][ T8507] Read of size 8 at addr ffff88801b8d13d8 by task syz-executor411/8507 [ 76.521689][ T8507] [ 76.524013][ T8507] CPU: 1 PID: 8507 Comm: syz-executor411 Not tainted 5.10.0-rc2-syzkaller #0 [ 76.532756][ T8507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.542788][ T8507] Call Trace: [ 76.546065][ T8507] dump_stack+0x107/0x163 [ 76.550380][ T8507] ? squashfs_get_id+0x1ae/0x1d0 [ 76.555298][ T8507] ? squashfs_get_id+0x1ae/0x1d0 [ 76.560318][ T8507] print_address_description.constprop.0.cold+0xae/0x497 [ 76.567334][ T8507] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 76.572695][ T8507] ? vprintk_func+0x95/0x1e0 [ 76.577286][ T8507] ? squashfs_get_id+0x1ae/0x1d0 [ 76.582214][ T8507] ? squashfs_get_id+0x1ae/0x1d0 [ 76.587143][ T8507] kasan_report.cold+0x1f/0x37 [ 76.591897][ T8507] ? squashfs_get_id+0x1ae/0x1d0 [ 76.596821][ T8507] squashfs_get_id+0x1ae/0x1d0 [ 76.601571][ T8507] ? squashfs_read_fragment_index_table+0xf0/0xf0 [ 76.607984][ T8507] ? squashfs_read_metadata+0x2f9/0x460 [ 76.613525][ T8507] squashfs_read_inode+0x1b4/0x1b40 [ 76.618712][ T8507] ? find_held_lock+0x2d/0x110 [ 76.623461][ T8507] ? squashfs_read_id_index_table+0x120/0x120 [ 76.629517][ T8507] ? new_inode+0x23b/0x2f0 [ 76.633937][ T8507] ? lock_downgrade+0x6d0/0x6d0 [ 76.638769][ T8507] ? do_raw_spin_lock+0x120/0x2b0 [ 76.643778][ T8507] ? rwlock_bug.part.0+0x90/0x90 [ 76.648701][ T8507] ? do_raw_spin_unlock+0x171/0x230 [ 76.653896][ T8507] ? _raw_spin_unlock+0x24/0x40 [ 76.658726][ T8507] ? new_inode+0x240/0x2f0 [ 76.663130][ T8507] squashfs_fill_super+0x1140/0x23b0 [ 76.668405][ T8507] get_tree_bdev+0x421/0x740 [ 76.672979][ T8507] ? init_once+0x20/0x20 [ 76.677199][ T8507] vfs_get_tree+0x89/0x2f0 [ 76.681598][ T8507] path_mount+0x13ad/0x20c0 [ 76.686084][ T8507] ? strncpy_from_user+0x29e/0x3a0 [ 76.691189][ T8507] ? finish_automount+0xac0/0xac0 [ 76.696197][ T8507] ? getname_flags.part.0+0x1dd/0x4f0 [ 76.701564][ T8507] __x64_sys_mount+0x27f/0x300 [ 76.706313][ T8507] ? copy_mnt_ns+0xa60/0xa60 [ 76.710885][ T8507] ? syscall_enter_from_user_mode+0x1d/0x50 [ 76.716761][ T8507] do_syscall_64+0x2d/0x70 [ 76.721173][ T8507] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.727042][ T8507] RIP: 0033:0x446d4a [ 76.730937][ T8507] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 76.750534][ T8507] RSP: 002b:00007fff93b307e8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 76.759460][ T8507] RAX: ffffffffffffffda RBX: 00007fff93b30840 RCX: 0000000000446d4a [ 76.767451][ T8507] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff93b30800 [ 76.775441][ T8507] RBP: 00007fff93b30800 R08: 00007fff93b30840 R09: 00007fff00000015 [ 76.783405][ T8507] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 76.791399][ T8507] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 76.799384][ T8507] [ 76.801711][ T8507] Allocated by task 6509: [ 76.806031][ T8507] kasan_save_stack+0x1b/0x40 [ 76.810698][ T8507] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 76.816308][ T8507] __kmalloc_track_caller+0x23b/0x490 [ 76.821666][ T8507] kstrdup+0x36/0x70 [ 76.825540][ T8507] simple_xattr_set+0x93/0x6e0 [ 76.830281][ T8507] __vfs_setxattr+0x10e/0x170 [ 76.834944][ T8507] __vfs_setxattr_noperm+0x11a/0x4c0 [ 76.840205][ T8507] __vfs_setxattr_locked+0x1bf/0x250 [ 76.845475][ T8507] vfs_setxattr+0xe5/0x270 [ 76.849876][ T8507] setxattr+0x23d/0x330 [ 76.854019][ T8507] path_setxattr+0x170/0x190 [ 76.858583][ T8507] __x64_sys_lsetxattr+0xbd/0x150 [ 76.863588][ T8507] do_syscall_64+0x2d/0x70 [ 76.867983][ T8507] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.873920][ T8507] [ 76.876246][ T8507] The buggy address belongs to the object at ffff88801b8d13c0 [ 76.876246][ T8507] which belongs to the cache kmalloc-32 of size 32 [ 76.890228][ T8507] The buggy address is located 24 bytes inside of [ 76.890228][ T8507] 32-byte region [ffff88801b8d13c0, ffff88801b8d13e0) [ 76.903302][ T8507] The buggy address belongs to the page: [ 76.908930][ T8507] page:00000000d747b1b4 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801b8d1fc1 pfn:0x1b8d1 [ 76.920368][ T8507] flags: 0xfff00000000200(slab) [ 76.925293][ T8507] raw: 00fff00000000200 ffffea0000699dc8 ffffea000069ec88 ffff888010040100 [ 76.933880][ T8507] raw: ffff88801b8d1fc1 ffff88801b8d1000 000000010000001c 0000000000000000 [ 76.942446][ T8507] page dumped because: kasan: bad access detected [ 76.948838][ T8507] [ 76.951148][ T8507] Memory state around the buggy address: [ 76.956778][ T8507] ffff88801b8d1280: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 76.964825][ T8507] ffff88801b8d1300: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 76.972872][ T8507] >ffff88801b8d1380: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 76.980913][ T8507] ^ [ 76.987831][ T8507] ffff88801b8d1400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 76.996004][ T8507] ffff88801b8d1480: fa fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 77.004059][ T8507] ================================================================== [ 77.012108][ T8507] Disabling lock debugging due to kernel taint [ 77.018852][ T8507] Kernel panic - not syncing: panic_on_warn set ... [ 77.025490][ T8507] CPU: 1 PID: 8507 Comm: syz-executor411 Tainted: G B 5.10.0-rc2-syzkaller #0 [ 77.035636][ T8507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.045692][ T8507] Call Trace: [ 77.049007][ T8507] dump_stack+0x107/0x163 [ 77.053327][ T8507] ? squashfs_get_id+0x140/0x1d0 [ 77.058244][ T8507] panic+0x306/0x73d [ 77.062115][ T8507] ? __warn_printk+0xf3/0xf3 [ 77.066716][ T8507] ? preempt_schedule_common+0x59/0xc0 [ 77.072285][ T8507] ? squashfs_get_id+0x1ae/0x1d0 [ 77.077209][ T8507] ? preempt_schedule_thunk+0x16/0x18 [ 77.082588][ T8507] ? trace_hardirqs_on+0x51/0x1c0 [ 77.087596][ T8507] ? squashfs_get_id+0x1ae/0x1d0 [ 77.092550][ T8507] ? squashfs_get_id+0x1ae/0x1d0 [ 77.097485][ T8507] end_report+0x58/0x5e [ 77.101623][ T8507] kasan_report.cold+0xd/0x37 [ 77.106278][ T8507] ? squashfs_get_id+0x1ae/0x1d0 [ 77.111221][ T8507] squashfs_get_id+0x1ae/0x1d0 [ 77.115970][ T8507] ? squashfs_read_fragment_index_table+0xf0/0xf0 [ 77.122373][ T8507] ? squashfs_read_metadata+0x2f9/0x460 [ 77.127908][ T8507] squashfs_read_inode+0x1b4/0x1b40 [ 77.133699][ T8507] ? find_held_lock+0x2d/0x110 [ 77.138896][ T8507] ? squashfs_read_id_index_table+0x120/0x120 [ 77.145037][ T8507] ? new_inode+0x23b/0x2f0 [ 77.149472][ T8507] ? lock_downgrade+0x6d0/0x6d0 [ 77.154314][ T8507] ? do_raw_spin_lock+0x120/0x2b0 [ 77.159318][ T8507] ? rwlock_bug.part.0+0x90/0x90 [ 77.164482][ T8507] ? do_raw_spin_unlock+0x171/0x230 [ 77.169774][ T8507] ? _raw_spin_unlock+0x24/0x40 [ 77.174784][ T8507] ? new_inode+0x240/0x2f0 [ 77.179224][ T8507] squashfs_fill_super+0x1140/0x23b0 [ 77.184531][ T8507] get_tree_bdev+0x421/0x740 [ 77.189123][ T8507] ? init_once+0x20/0x20 [ 77.193370][ T8507] vfs_get_tree+0x89/0x2f0 [ 77.197768][ T8507] path_mount+0x13ad/0x20c0 [ 77.202269][ T8507] ? strncpy_from_user+0x29e/0x3a0 [ 77.207375][ T8507] ? finish_automount+0xac0/0xac0 [ 77.212820][ T8507] ? getname_flags.part.0+0x1dd/0x4f0 [ 77.218520][ T8507] __x64_sys_mount+0x27f/0x300 [ 77.223284][ T8507] ? copy_mnt_ns+0xa60/0xa60 [ 77.227878][ T8507] ? syscall_enter_from_user_mode+0x1d/0x50 [ 77.233751][ T8507] do_syscall_64+0x2d/0x70 [ 77.238156][ T8507] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.244046][ T8507] RIP: 0033:0x446d4a [ 77.247918][ T8507] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 77.267590][ T8507] RSP: 002b:00007fff93b307e8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 77.275996][ T8507] RAX: ffffffffffffffda RBX: 00007fff93b30840 RCX: 0000000000446d4a [ 77.284311][ T8507] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff93b30800 [ 77.292264][ T8507] RBP: 00007fff93b30800 R08: 00007fff93b30840 R09: 00007fff00000015 [ 77.300224][ T8507] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 77.308169][ T8507] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 77.317100][ T8507] Kernel Offset: disabled [ 77.321412][ T8507] Rebooting in 86400 seconds..