[ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. Starting OpenBSD Secure Shell server... Starting System Logging Service... Starting Permit User Sessions... [ OK ] Found device /dev/ttyS0. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.224' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.164226][ T6859] ================================================================== [ 45.172382][ T6859] BUG: KASAN: slab-out-of-bounds in squashfs_get_id+0xb9/0x1c0 [ 45.179919][ T6859] Read of size 8 at addr ffff8880a90629f8 by task syz-executor640/6859 [ 45.188125][ T6859] [ 45.190448][ T6859] CPU: 0 PID: 6859 Comm: syz-executor640 Not tainted 5.9.0-rc8-syzkaller #0 [ 45.199084][ T6859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.209112][ T6859] Call Trace: [ 45.212385][ T6859] dump_stack+0x1d6/0x29e [ 45.216692][ T6859] print_address_description+0x66/0x620 [ 45.222214][ T6859] ? printk+0x62/0x83 [ 45.226186][ T6859] ? _raw_spin_lock_irqsave+0x84/0xd0 [ 45.231531][ T6859] ? vprintk_emit+0x2f0/0x370 [ 45.236181][ T6859] kasan_report+0x132/0x1d0 [ 45.240660][ T6859] ? squashfs_get_id+0xb9/0x1c0 [ 45.245483][ T6859] ? _raw_spin_unlock+0x24/0x40 [ 45.250310][ T6859] squashfs_get_id+0xb9/0x1c0 [ 45.255124][ T6859] squashfs_read_inode+0x155/0x2170 [ 45.260307][ T6859] ? _raw_spin_unlock+0x24/0x40 [ 45.265132][ T6859] ? new_inode+0x1be/0x1d0 [ 45.269540][ T6859] squashfs_fill_super+0x1478/0x1790 [ 45.274808][ T6859] get_tree_bdev+0x3e9/0x5f0 [ 45.279375][ T6859] ? squashfs_reconfigure+0xa0/0xa0 [ 45.284547][ T6859] vfs_get_tree+0x88/0x270 [ 45.288942][ T6859] path_mount+0x179d/0x29e0 [ 45.293439][ T6859] __se_sys_mount+0x126/0x180 [ 45.298094][ T6859] do_syscall_64+0x31/0x70 [ 45.302486][ T6859] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.308366][ T6859] RIP: 0033:0x446d1a [ 45.312237][ T6859] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 45.331816][ T6859] RSP: 002b:00007ffda3b5f228 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 45.340200][ T6859] RAX: ffffffffffffffda RBX: 00007ffda3b5f280 RCX: 0000000000446d1a [ 45.348148][ T6859] RDX: 0000000020000040 RSI: 0000000020000100 RDI: 00007ffda3b5f240 [ 45.356113][ T6859] RBP: 00007ffda3b5f240 R08: 00007ffda3b5f280 R09: 00007ffd00000015 [ 45.364058][ T6859] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 45.372005][ T6859] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 45.379960][ T6859] [ 45.382261][ T6859] Allocated by task 1: [ 45.386389][ T6859] __kasan_kmalloc+0x100/0x130 [ 45.391146][ T6859] __kmalloc+0x205/0x300 [ 45.395368][ T6859] tomoyo_encode2+0x25a/0x560 [ 45.400016][ T6859] tomoyo_realpath_from_path+0x5d6/0x630 [ 45.405650][ T6859] tomoyo_path_perm+0x17d/0x740 [ 45.410472][ T6859] security_inode_getattr+0xc0/0x140 [ 45.415730][ T6859] vfs_statx+0x118/0x380 [ 45.419943][ T6859] __x64_sys_newlstat+0x81/0xd0 [ 45.424851][ T6859] do_syscall_64+0x31/0x70 [ 45.429245][ T6859] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.435104][ T6859] [ 45.437406][ T6859] Freed by task 1: [ 45.441101][ T6859] kasan_set_track+0x3d/0x70 [ 45.445667][ T6859] kasan_set_free_info+0x17/0x30 [ 45.450581][ T6859] __kasan_slab_free+0xdd/0x110 [ 45.455404][ T6859] kfree+0x113/0x200 [ 45.459285][ T6859] tomoyo_path_perm+0x59b/0x740 [ 45.464106][ T6859] security_inode_getattr+0xc0/0x140 [ 45.469370][ T6859] vfs_statx+0x118/0x380 [ 45.473584][ T6859] __x64_sys_newlstat+0x81/0xd0 [ 45.478424][ T6859] do_syscall_64+0x31/0x70 [ 45.482828][ T6859] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.488691][ T6859] [ 45.490998][ T6859] The buggy address belongs to the object at ffff8880a90629c0 [ 45.490998][ T6859] which belongs to the cache kmalloc-32 of size 32 [ 45.505010][ T6859] The buggy address is located 24 bytes to the right of [ 45.505010][ T6859] 32-byte region [ffff8880a90629c0, ffff8880a90629e0) [ 45.518629][ T6859] The buggy address belongs to the page: [ 45.524252][ T6859] page:00000000ff6a40cb refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a9062fc1 pfn:0xa9062 [ 45.535684][ T6859] flags: 0xfffe0000000200(slab) [ 45.540540][ T6859] raw: 00fffe0000000200 ffffea000282cdc8 ffffea00029d5108 ffff8880aa440100 [ 45.549158][ T6859] raw: ffff8880a9062fc1 ffff8880a9062000 000000010000003f 0000000000000000 [ 45.557741][ T6859] page dumped because: kasan: bad access detected [ 45.564151][ T6859] [ 45.566484][ T6859] Memory state around the buggy address: [ 45.572116][ T6859] ffff8880a9062880: 00 01 fc fc fc fc fc fc fa fb fb fb fc fc fc fc [ 45.580179][ T6859] ffff8880a9062900: 00 fc fc fc fc fc fc fc 00 01 fc fc fc fc fc fc [ 45.588255][ T6859] >ffff8880a9062980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 45.596309][ T6859] ^ [ 45.604299][ T6859] ffff8880a9062a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 45.612349][ T6859] ffff8880a9062a80: 00 01 fc fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 45.620386][ T6859] ================================================================== [ 45.628419][ T6859] Disabling lock debugging due to kernel taint [ 45.636061][ T6859] Kernel panic - not syncing: panic_on_warn set ... [ 45.642663][ T6859] CPU: 0 PID: 6859 Comm: syz-executor640 Tainted: G B 5.9.0-rc8-syzkaller #0 [ 45.652713][ T6859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.662758][ T6859] Call Trace: [ 45.666026][ T6859] dump_stack+0x1d6/0x29e [ 45.670346][ T6859] panic+0x2c0/0x800 [ 45.674265][ T6859] ? trace_hardirqs_on+0x30/0x80 [ 45.679181][ T6859] kasan_report+0x1c9/0x1d0 [ 45.683701][ T6859] ? squashfs_get_id+0xb9/0x1c0 [ 45.688543][ T6859] ? _raw_spin_unlock+0x24/0x40 [ 45.693380][ T6859] squashfs_get_id+0xb9/0x1c0 [ 45.698029][ T6859] squashfs_read_inode+0x155/0x2170 [ 45.703216][ T6859] ? _raw_spin_unlock+0x24/0x40 [ 45.708041][ T6859] ? new_inode+0x1be/0x1d0 [ 45.712444][ T6859] squashfs_fill_super+0x1478/0x1790 [ 45.717700][ T6859] get_tree_bdev+0x3e9/0x5f0 [ 45.722274][ T6859] ? squashfs_reconfigure+0xa0/0xa0 [ 45.727458][ T6859] vfs_get_tree+0x88/0x270 [ 45.731861][ T6859] path_mount+0x179d/0x29e0 [ 45.736336][ T6859] __se_sys_mount+0x126/0x180 [ 45.740982][ T6859] do_syscall_64+0x31/0x70 [ 45.745367][ T6859] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.751232][ T6859] RIP: 0033:0x446d1a [ 45.755097][ T6859] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 45.774671][ T6859] RSP: 002b:00007ffda3b5f228 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 45.783313][ T6859] RAX: ffffffffffffffda RBX: 00007ffda3b5f280 RCX: 0000000000446d1a [ 45.791270][ T6859] RDX: 0000000020000040 RSI: 0000000020000100 RDI: 00007ffda3b5f240 [ 45.799212][ T6859] RBP: 00007ffda3b5f240 R08: 00007ffda3b5f280 R09: 00007ffd00000015 [ 45.807155][ T6859] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 45.815096][ T6859] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 45.824409][ T6859] Kernel Offset: disabled [ 45.828724][ T6859] Rebooting in 86400 seconds..