[ OK ] Started Getty on tty5. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty4. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 46.531822][ T8471] ================================================================== [ 46.539972][ T8471] BUG: KASAN: slab-out-of-bounds in squashfs_get_id+0xb9/0x1c0 [ 46.547535][ T8471] Read of size 8 at addr ffff8880139ddfd8 by task syz-executor029/8471 [ 46.555755][ T8471] [ 46.558067][ T8471] CPU: 0 PID: 8471 Comm: syz-executor029 Not tainted 5.10.0-rc2-syzkaller #0 [ 46.566794][ T8471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.576823][ T8471] Call Trace: [ 46.580088][ T8471] dump_stack+0x137/0x1be [ 46.584409][ T8471] print_address_description+0x6c/0x660 [ 46.589932][ T8471] ? printk+0x62/0x83 [ 46.593887][ T8471] ? wake_up_klogd+0xb2/0xf0 [ 46.598453][ T8471] kasan_report+0x136/0x1e0 [ 46.602930][ T8471] ? squashfs_read_metadata+0x670/0x7f0 [ 46.608447][ T8471] ? squashfs_get_id+0xb9/0x1c0 [ 46.613270][ T8471] squashfs_get_id+0xb9/0x1c0 [ 46.617924][ T8471] squashfs_read_inode+0x19d/0x2690 [ 46.623096][ T8471] ? do_raw_spin_unlock+0x134/0x8c0 [ 46.628273][ T8471] ? _raw_spin_unlock+0x24/0x40 [ 46.633095][ T8471] ? new_inode+0x1be/0x1d0 [ 46.637495][ T8471] squashfs_fill_super+0x1665/0x1c90 [ 46.642802][ T8471] get_tree_bdev+0x3e9/0x5f0 [ 46.647379][ T8471] ? squashfs_reconfigure+0xa0/0xa0 [ 46.652550][ T8471] vfs_get_tree+0x88/0x270 [ 46.656943][ T8471] path_mount+0x17b4/0x2a20 [ 46.661421][ T8471] ? getname_flags+0x1fb/0x630 [ 46.666164][ T8471] __se_sys_mount+0x28c/0x320 [ 46.670833][ T8471] do_syscall_64+0x2d/0x70 [ 46.675222][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 46.681088][ T8471] RIP: 0033:0x446d2a [ 46.684958][ T8471] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 46.704543][ T8471] RSP: 002b:00007ffe07d05238 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 46.712929][ T8471] RAX: ffffffffffffffda RBX: 00007ffe07d05290 RCX: 0000000000446d2a [ 46.720890][ T8471] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe07d05250 [ 46.728837][ T8471] RBP: 00007ffe07d05250 R08: 00007ffe07d05290 R09: 00007ffe00000015 [ 46.736782][ T8471] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 46.744730][ T8471] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 46.752687][ T8471] [ 46.754990][ T8471] Allocated by task 6638: [ 46.759295][ T8471] __kasan_kmalloc+0x111/0x140 [ 46.764042][ T8471] __kmalloc+0x170/0x290 [ 46.768270][ T8471] kzalloc+0x1d/0x30 [ 46.772144][ T8471] smk_parse_smack+0x18e/0x220 [ 46.776878][ T8471] smk_import_entry+0x22/0x400 [ 46.781610][ T8471] smack_d_instantiate+0x6af/0xcc0 [ 46.786707][ T8471] security_d_instantiate+0xa5/0x100 [ 46.791967][ T8471] d_instantiate+0x51/0x90 [ 46.796368][ T8471] shmem_symlink+0x53e/0x6f0 [ 46.800926][ T8471] vfs_symlink+0x36f/0x500 [ 46.805311][ T8471] do_symlinkat+0x18b/0x420 [ 46.809788][ T8471] do_syscall_64+0x2d/0x70 [ 46.814174][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 46.820033][ T8471] [ 46.822337][ T8471] The buggy address belongs to the object at ffff8880139ddfc8 [ 46.822337][ T8471] which belongs to the cache kmalloc-8 of size 8 [ 46.836011][ T8471] The buggy address is located 8 bytes to the right of [ 46.836011][ T8471] 8-byte region [ffff8880139ddfc8, ffff8880139ddfd0) [ 46.849475][ T8471] The buggy address belongs to the page: [ 46.855092][ T8471] page:0000000086e48f61 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880139dd1e0 pfn:0x139dd [ 46.866530][ T8471] flags: 0xfff00000000200(slab) [ 46.871357][ T8471] raw: 00fff00000000200 ffffea000050e180 0000000700000007 ffff888010441c80 [ 46.879913][ T8471] raw: ffff8880139dd1e0 0000000080660047 00000001ffffffff 0000000000000000 [ 46.888466][ T8471] page dumped because: kasan: bad access detected [ 46.894849][ T8471] [ 46.897150][ T8471] Memory state around the buggy address: [ 46.902753][ T8471] ffff8880139dde80: fc fb fc fc fc fc fb fc fc fc fc fb fc fc fc fc [ 46.910786][ T8471] ffff8880139ddf00: fb fc fc fc fc fa fc fc fc fc fb fc fc fc fc 00 [ 46.918821][ T8471] >ffff8880139ddf80: fc fc fc fc fa fc fc fc fc fb fc fc fc fc fc fc [ 46.926851][ T8471] ^ [ 46.933762][ T8471] ffff8880139de000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.941795][ T8471] ffff8880139de080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.949824][ T8471] ================================================================== [ 46.957868][ T8471] Disabling lock debugging due to kernel taint [ 46.964869][ T8471] Kernel panic - not syncing: panic_on_warn set ... [ 46.971462][ T8471] CPU: 0 PID: 8471 Comm: syz-executor029 Tainted: G B 5.10.0-rc2-syzkaller #0 [ 46.981625][ T8471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.991665][ T8471] Call Trace: [ 46.994927][ T8471] dump_stack+0x137/0x1be [ 46.999229][ T8471] ? panic+0x1f3/0x800 [ 47.003265][ T8471] panic+0x291/0x800 [ 47.007130][ T8471] ? preempt_schedule_thunk+0x16/0x18 [ 47.012481][ T8471] ? trace_hardirqs_on+0x30/0x80 [ 47.017404][ T8471] kasan_report+0x1da/0x1e0 [ 47.021880][ T8471] ? squashfs_read_metadata+0x670/0x7f0 [ 47.027393][ T8471] ? squashfs_get_id+0xb9/0x1c0 [ 47.032214][ T8471] squashfs_get_id+0xb9/0x1c0 [ 47.036864][ T8471] squashfs_read_inode+0x19d/0x2690 [ 47.042042][ T8471] ? do_raw_spin_unlock+0x134/0x8c0 [ 47.047214][ T8471] ? _raw_spin_unlock+0x24/0x40 [ 47.052035][ T8471] ? new_inode+0x1be/0x1d0 [ 47.056464][ T8471] squashfs_fill_super+0x1665/0x1c90 [ 47.061734][ T8471] get_tree_bdev+0x3e9/0x5f0 [ 47.066309][ T8471] ? squashfs_reconfigure+0xa0/0xa0 [ 47.071473][ T8471] vfs_get_tree+0x88/0x270 [ 47.075860][ T8471] path_mount+0x17b4/0x2a20 [ 47.080332][ T8471] ? getname_flags+0x1fb/0x630 [ 47.085064][ T8471] __se_sys_mount+0x28c/0x320 [ 47.089731][ T8471] do_syscall_64+0x2d/0x70 [ 47.094132][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.099992][ T8471] RIP: 0033:0x446d2a [ 47.103859][ T8471] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 47.123464][ T8471] RSP: 002b:00007ffe07d05238 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 47.131847][ T8471] RAX: ffffffffffffffda RBX: 00007ffe07d05290 RCX: 0000000000446d2a [ 47.139788][ T8471] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe07d05250 [ 47.147743][ T8471] RBP: 00007ffe07d05250 R08: 00007ffe07d05290 R09: 00007ffe00000015 [ 47.155685][ T8471] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 47.163644][ T8471] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 47.172265][ T8471] Kernel Offset: disabled [ 47.176586][ T8471] Rebooting in 86400 seconds..