[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 76.122569][ T8493] ================================================================== [ 76.131141][ T8493] BUG: KASAN: slab-out-of-bounds in squashfs_get_id+0x1ae/0x1d0 [ 76.139232][ T8493] Read of size 8 at addr ffff888018210dd0 by task syz-executor028/8493 [ 76.147569][ T8493] [ 76.149923][ T8493] CPU: 1 PID: 8493 Comm: syz-executor028 Not tainted 5.10.0-rc6-syzkaller #0 [ 76.160476][ T8493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.170775][ T8493] Call Trace: [ 76.174094][ T8493] dump_stack+0x107/0x163 [ 76.178428][ T8493] ? squashfs_get_id+0x1ae/0x1d0 [ 76.183350][ T8493] ? squashfs_get_id+0x1ae/0x1d0 [ 76.188394][ T8493] print_address_description.constprop.0.cold+0xae/0x4c8 [ 76.196175][ T8493] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 76.201946][ T8493] ? vprintk_func+0x95/0x1e0 [ 76.206627][ T8493] ? squashfs_get_id+0x1ae/0x1d0 [ 76.211560][ T8493] ? squashfs_get_id+0x1ae/0x1d0 [ 76.216486][ T8493] kasan_report.cold+0x1f/0x37 [ 76.221338][ T8493] ? squashfs_get_id+0x1ae/0x1d0 [ 76.226259][ T8493] squashfs_get_id+0x1ae/0x1d0 [ 76.231181][ T8493] ? squashfs_read_fragment_index_table+0xf0/0xf0 [ 76.237578][ T8493] ? squashfs_read_metadata+0x2f9/0x460 [ 76.243196][ T8493] squashfs_read_inode+0x1b4/0x1b40 [ 76.248403][ T8493] ? find_held_lock+0x2d/0x110 [ 76.253171][ T8493] ? squashfs_read_id_index_table+0x120/0x120 [ 76.259235][ T8493] ? new_inode+0x23b/0x2f0 [ 76.263631][ T8493] ? lock_downgrade+0x6d0/0x6d0 [ 76.268459][ T8493] ? do_raw_spin_lock+0x120/0x2b0 [ 76.273461][ T8493] ? rwlock_bug.part.0+0x90/0x90 [ 76.278381][ T8493] ? do_raw_spin_unlock+0x171/0x230 [ 76.283564][ T8493] ? _raw_spin_unlock+0x24/0x40 [ 76.288394][ T8493] ? new_inode+0x240/0x2f0 [ 76.292793][ T8493] squashfs_fill_super+0x1140/0x23b0 [ 76.298064][ T8493] get_tree_bdev+0x421/0x740 [ 76.302630][ T8493] ? init_once+0x20/0x20 [ 76.306849][ T8493] vfs_get_tree+0x89/0x2f0 [ 76.311273][ T8493] path_mount+0x13ad/0x20c0 [ 76.315789][ T8493] ? strncpy_from_user+0x2a0/0x3e0 [ 76.320962][ T8493] ? finish_automount+0xac0/0xac0 [ 76.326065][ T8493] ? getname_flags.part.0+0x1dd/0x4f0 [ 76.331435][ T8493] __x64_sys_mount+0x27f/0x300 [ 76.336175][ T8493] ? copy_mnt_ns+0xa60/0xa60 [ 76.340765][ T8493] ? syscall_enter_from_user_mode+0x1d/0x50 [ 76.346659][ T8493] do_syscall_64+0x2d/0x70 [ 76.351058][ T8493] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.356955][ T8493] RIP: 0033:0x446d2a [ 76.360850][ T8493] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 76.380448][ T8493] RSP: 002b:00007ffdd5a4fbb8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 76.388854][ T8493] RAX: ffffffffffffffda RBX: 00007ffdd5a4fc10 RCX: 0000000000446d2a [ 76.396826][ T8493] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffdd5a4fbd0 [ 76.404801][ T8493] RBP: 00007ffdd5a4fbd0 R08: 00007ffdd5a4fc10 R09: 00007ffd00000015 [ 76.412779][ T8493] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 76.420774][ T8493] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 76.428766][ T8493] [ 76.431075][ T8493] Allocated by task 6477: [ 76.435423][ T8493] kasan_save_stack+0x1b/0x40 [ 76.440077][ T8493] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 76.445990][ T8493] security_prepare_creds+0x10e/0x190 [ 76.451364][ T8493] prepare_creds+0x4bd/0x6c0 [ 76.455951][ T8493] do_faccessat+0x3d7/0x820 [ 76.460450][ T8493] do_syscall_64+0x2d/0x70 [ 76.464863][ T8493] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.470741][ T8493] [ 76.473048][ T8493] The buggy address belongs to the object at ffff888018210dc0 [ 76.473048][ T8493] which belongs to the cache kmalloc-8 of size 8 [ 76.486753][ T8493] The buggy address is located 8 bytes to the right of [ 76.486753][ T8493] 8-byte region [ffff888018210dc0, ffff888018210dc8) [ 76.501164][ T8493] The buggy address belongs to the page: [ 76.506799][ T8493] page:00000000b186da5e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18210 [ 76.517188][ T8493] flags: 0xfff00000000200(slab) [ 76.522026][ T8493] raw: 00fff00000000200 0000000000000000 0000000100000001 ffff888010041c80 [ 76.530600][ T8493] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 76.539176][ T8493] page dumped because: kasan: bad access detected [ 76.545579][ T8493] [ 76.548157][ T8493] Memory state around the buggy address: [ 76.554260][ T8493] ffff888018210c80: fb fc fc fc fc fb fc fc fc fc fb fc fc fc fc fb [ 76.562991][ T8493] ffff888018210d00: fc fc fc fc fb fc fc fc fc fb fc fc fc fc 00 fc [ 76.571671][ T8493] >ffff888018210d80: fc fc fc fa fc fc fc fc fb fc fc fc fc fb fc fc [ 76.579705][ T8493] ^ [ 76.586525][ T8493] ffff888018210e00: fc fc 00 fc fc fc fc fb fc fc fc fc fb fc fc fc [ 76.594737][ T8493] ffff888018210e80: fc fb fc fc fc fc fb fc fc fc fc fb fc fc fc fc [ 76.602844][ T8493] ================================================================== [ 76.610918][ T8493] Disabling lock debugging due to kernel taint [ 76.618323][ T8493] Kernel panic - not syncing: panic_on_warn set ... [ 76.624942][ T8493] CPU: 1 PID: 8493 Comm: syz-executor028 Tainted: G B 5.10.0-rc6-syzkaller #0 [ 76.635155][ T8493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.645207][ T8493] Call Trace: [ 76.648503][ T8493] dump_stack+0x107/0x163 [ 76.652807][ T8493] ? squashfs_get_id+0x130/0x1d0 [ 76.657722][ T8493] panic+0x306/0x73d [ 76.661600][ T8493] ? __warn_printk+0xf3/0xf3 [ 76.666169][ T8493] ? preempt_schedule_common+0x59/0xc0 [ 76.671614][ T8493] ? squashfs_get_id+0x1ae/0x1d0 [ 76.676634][ T8493] ? preempt_schedule_thunk+0x16/0x18 [ 76.681992][ T8493] ? trace_hardirqs_on+0x51/0x1c0 [ 76.686996][ T8493] ? squashfs_get_id+0x1ae/0x1d0 [ 76.691901][ T8493] ? squashfs_get_id+0x1ae/0x1d0 [ 76.696828][ T8493] end_report+0x58/0x5e [ 76.700979][ T8493] kasan_report.cold+0xd/0x37 [ 76.705652][ T8493] ? squashfs_get_id+0x1ae/0x1d0 [ 76.710581][ T8493] squashfs_get_id+0x1ae/0x1d0 [ 76.715343][ T8493] ? squashfs_read_fragment_index_table+0xf0/0xf0 [ 76.721752][ T8493] ? squashfs_read_metadata+0x2f9/0x460 [ 76.727289][ T8493] squashfs_read_inode+0x1b4/0x1b40 [ 76.732474][ T8493] ? find_held_lock+0x2d/0x110 [ 76.737221][ T8493] ? squashfs_read_id_index_table+0x120/0x120 [ 76.743281][ T8493] ? new_inode+0x23b/0x2f0 [ 76.747757][ T8493] ? lock_downgrade+0x6d0/0x6d0 [ 76.752576][ T8493] ? do_raw_spin_lock+0x120/0x2b0 [ 76.757595][ T8493] ? rwlock_bug.part.0+0x90/0x90 [ 76.762507][ T8493] ? do_raw_spin_unlock+0x171/0x230 [ 76.767685][ T8493] ? _raw_spin_unlock+0x24/0x40 [ 76.772509][ T8493] ? new_inode+0x240/0x2f0 [ 76.776918][ T8493] squashfs_fill_super+0x1140/0x23b0 [ 76.782197][ T8493] get_tree_bdev+0x421/0x740 [ 76.786761][ T8493] ? init_once+0x20/0x20 [ 76.790976][ T8493] vfs_get_tree+0x89/0x2f0 [ 76.795364][ T8493] path_mount+0x13ad/0x20c0 [ 76.799844][ T8493] ? strncpy_from_user+0x2a0/0x3e0 [ 76.804951][ T8493] ? finish_automount+0xac0/0xac0 [ 76.809970][ T8493] ? getname_flags.part.0+0x1dd/0x4f0 [ 76.815429][ T8493] __x64_sys_mount+0x27f/0x300 [ 76.820274][ T8493] ? copy_mnt_ns+0xa60/0xa60 [ 76.824968][ T8493] ? syscall_enter_from_user_mode+0x1d/0x50 [ 76.830846][ T8493] do_syscall_64+0x2d/0x70 [ 76.835248][ T8493] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.841127][ T8493] RIP: 0033:0x446d2a [ 76.845194][ T8493] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 76.866123][ T8493] RSP: 002b:00007ffdd5a4fbb8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 76.874618][ T8493] RAX: ffffffffffffffda RBX: 00007ffdd5a4fc10 RCX: 0000000000446d2a [ 76.882590][ T8493] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffdd5a4fbd0 [ 76.890554][ T8493] RBP: 00007ffdd5a4fbd0 R08: 00007ffdd5a4fc10 R09: 00007ffd00000015 [ 76.898535][ T8493] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 76.906525][ T8493] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 76.918227][ T8493] Kernel Offset: disabled [ 76.922567][ T8493] Rebooting in 86400 seconds..