loop3: detected capacity change from 127 to 0
==================================================================
BUG: KASAN: slab-out-of-bounds in squashfs_get_id+0x116/0x250 fs/squashfs/id.c:38
Read of size 8 at addr ffff888020cb1e40 by task syz-executor.3/11437

CPU: 0 PID: 11437 Comm: syz-executor.3 Not tainted 5.11.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x183/0x22e lib/dump_stack.c:120
 print_address_description+0x5f/0x3b0 mm/kasan/report.c:230
 __kasan_report mm/kasan/report.c:396 [inline]
 kasan_report+0x15e/0x200 mm/kasan/report.c:413
 squashfs_get_id+0x116/0x250 fs/squashfs/id.c:38
 squashfs_new_inode fs/squashfs/inode.c:55 [inline]
 squashfs_read_inode+0x2a7/0x2970 fs/squashfs/inode.c:120
 squashfs_fill_super+0x1668/0x1c60 fs/squashfs/super.c:310
 get_tree_bdev+0x406/0x630 fs/super.c:1291
 vfs_get_tree+0x86/0x270 fs/super.c:1496
 do_new_mount fs/namespace.c:2878 [inline]
 path_mount+0x1937/0x2c50 fs/namespace.c:3208
 do_mount fs/namespace.c:3221 [inline]
 __do_sys_mount fs/namespace.c:3429 [inline]
 __se_sys_mount+0x2f9/0x3b0 fs/namespace.c:3406
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x460c6a
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007fde9571ba78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fde9571bb10 RCX: 0000000000460c6a
RDX: 0000000020000040 RSI: 0000000020000100 RDI: 00007fde9571bad0
RBP: 00007fde9571bad0 R08: 00007fde9571bb10 R09: 0000000020000040
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000040
R13: 0000000020000100 R14: 0000000020000440 R15: 00000000200003c0

Allocated by task 8474:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:401 [inline]
 ____kasan_kmalloc+0xbd/0xf0 mm/kasan/common.c:429
 kasan_kmalloc include/linux/kasan.h:215 [inline]
 __kmalloc_node+0x24f/0x3e0 mm/slub.c:4018
 kmalloc_node include/linux/slab.h:575 [inline]
 __vmalloc_area_node mm/vmalloc.c:2493 [inline]
 __vmalloc_node_range+0x51b/0x890 mm/vmalloc.c:2574
 __vmalloc_node mm/vmalloc.c:2617 [inline]
 vzalloc+0x75/0x80 mm/vmalloc.c:2670
 __do_replace+0xc2/0xab0 net/ipv6/netfilter/ip6_tables.c:1065
 do_replace net/ipv6/netfilter/ip6_tables.c:1156 [inline]
 do_ip6t_set_ctl+0x2c9e/0x3d10 net/ipv6/netfilter/ip6_tables.c:1636
 nf_setsockopt+0x29f/0x2d0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x3d66/0x5730 net/ipv6/ipv6_sockglue.c:1008
 __sys_setsockopt+0x552/0x990 net/socket.c:2115
 __do_sys_setsockopt net/socket.c:2126 [inline]
 __se_sys_setsockopt net/socket.c:2123 [inline]
 __x64_sys_setsockopt+0xb1/0xc0 net/socket.c:2123
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Freed by task 8474:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x3d/0x70 mm/kasan/common.c:46
 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:356
 ____kasan_slab_free+0xe2/0x110 mm/kasan/common.c:362
 kasan_slab_free include/linux/kasan.h:188 [inline]
 slab_free_hook mm/slub.c:1547 [inline]
 slab_free_freelist_hook+0xd6/0x1a0 mm/slub.c:1580
 slab_free mm/slub.c:3142 [inline]
 kfree+0xd1/0x2a0 mm/slub.c:4124
 __vunmap+0x9b3/0xa60 mm/vmalloc.c:2290
 __do_replace+0x850/0xab0 net/ipv6/netfilter/ip6_tables.c:1104
 do_replace net/ipv6/netfilter/ip6_tables.c:1156 [inline]
 do_ip6t_set_ctl+0x2c9e/0x3d10 net/ipv6/netfilter/ip6_tables.c:1636
 nf_setsockopt+0x29f/0x2d0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x3d66/0x5730 net/ipv6/ipv6_sockglue.c:1008
 __sys_setsockopt+0x552/0x990 net/socket.c:2115
 __do_sys_setsockopt net/socket.c:2126 [inline]
 __se_sys_setsockopt net/socket.c:2123 [inline]
 __x64_sys_setsockopt+0xb1/0xc0 net/socket.c:2123
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

The buggy address belongs to the object at ffff888020cb1e38
 which belongs to the cache kmalloc-8 of size 8
The buggy address is located 0 bytes to the right of
 8-byte region [ffff888020cb1e38, ffff888020cb1e40)
The buggy address belongs to the page:
page:0000000004d05cd2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20cb1
flags: 0xfff00000000200(slab)
raw: 00fff00000000200 ffffea0005054340 0000000200000002 ffff888010841c80
raw: 0000000000000000 0000000000660066 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff888020cb1d00: fc fc fc fc fa fc fc fc fc fa fc fc fc fc fa fc
 ffff888020cb1d80: fc fc fc fa fc fc fc fc fa fc fc fc fc 00 fc fc
>ffff888020cb1e00: fc fc fa fc fc fc fc fa fc fc fc fc fa fc fc fc
                                           ^
 ffff888020cb1e80: fc fa fc fc fc fc fa fc fc fc fc fa fc fc fc fc
 ffff888020cb1f00: fa fc fc fc fc fa fc fc fc fc fa fc fc fc fc fa
==================================================================