[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.933554][ T6836] ================================================================== [ 45.941739][ T6836] BUG: KASAN: slab-out-of-bounds in squashfs_get_id+0xb9/0x1c0 [ 45.949258][ T6836] Read of size 8 at addr ffff8880a9684b98 by task syz-executor329/6836 [ 45.957475][ T6836] [ 45.959791][ T6836] CPU: 1 PID: 6836 Comm: syz-executor329 Not tainted 5.9.0-rc6-syzkaller #0 [ 45.968464][ T6836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.978509][ T6836] Call Trace: [ 45.981807][ T6836] dump_stack+0x1d6/0x29e [ 45.986115][ T6836] print_address_description+0x66/0x620 [ 45.991643][ T6836] ? printk+0x62/0x83 [ 45.995603][ T6836] ? _raw_spin_lock_irqsave+0x84/0xd0 [ 46.000958][ T6836] ? vprintk_emit+0x2f0/0x370 [ 46.005623][ T6836] kasan_report+0x132/0x1d0 [ 46.010122][ T6836] ? squashfs_get_id+0xb9/0x1c0 [ 46.014966][ T6836] ? _raw_spin_unlock+0x24/0x40 [ 46.019792][ T6836] squashfs_get_id+0xb9/0x1c0 [ 46.024467][ T6836] squashfs_read_inode+0x155/0x2170 [ 46.029653][ T6836] ? _raw_spin_unlock+0x24/0x40 [ 46.034524][ T6836] ? new_inode+0x1be/0x1d0 [ 46.038917][ T6836] squashfs_fill_super+0x1478/0x1790 [ 46.044185][ T6836] get_tree_bdev+0x3e9/0x5f0 [ 46.048764][ T6836] ? squashfs_reconfigure+0xa0/0xa0 [ 46.053950][ T6836] vfs_get_tree+0x88/0x270 [ 46.058381][ T6836] path_mount+0x179d/0x29e0 [ 46.062869][ T6836] __se_sys_mount+0x126/0x180 [ 46.067533][ T6836] do_syscall_64+0x31/0x70 [ 46.071924][ T6836] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 46.077788][ T6836] RIP: 0033:0x446d1a [ 46.081668][ T6836] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 46.101312][ T6836] RSP: 002b:00007ffd7dd4f8b8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 46.109749][ T6836] RAX: ffffffffffffffda RBX: 00007ffd7dd4f910 RCX: 0000000000446d1a [ 46.117725][ T6836] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd7dd4f8d0 [ 46.125959][ T6836] RBP: 00007ffd7dd4f8d0 R08: 00007ffd7dd4f910 R09: 00007ffd00000015 [ 46.134045][ T6836] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 46.142015][ T6836] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 46.149998][ T6836] [ 46.152313][ T6836] Allocated by task 3913: [ 46.156617][ T6836] __kasan_kmalloc+0x100/0x130 [ 46.161373][ T6836] __vmalloc_node_range+0x2c7/0x870 [ 46.166557][ T6836] module_alloc+0x7e/0x90 [ 46.170873][ T6836] bpf_jit_binary_alloc+0x123/0x230 [ 46.176052][ T6836] bpf_int_jit_compile+0x7995/0x8920 [ 46.181311][ T6836] bpf_prog_select_runtime+0x76d/0xa60 [ 46.186750][ T6836] bpf_prepare_filter+0xec2/0x1140 [ 46.191836][ T6836] bpf_prog_create_from_user+0x2ad/0x3e0 [ 46.197445][ T6836] do_seccomp+0x852/0x20b0 [ 46.201836][ T6836] do_syscall_64+0x31/0x70 [ 46.206225][ T6836] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 46.212093][ T6836] [ 46.214395][ T6836] The buggy address belongs to the object at ffff8880a9684b80 [ 46.214395][ T6836] which belongs to the cache kmalloc-32 of size 32 [ 46.228262][ T6836] The buggy address is located 24 bytes inside of [ 46.228262][ T6836] 32-byte region [ffff8880a9684b80, ffff8880a9684ba0) [ 46.241351][ T6836] The buggy address belongs to the page: [ 46.246972][ T6836] page:00000000f697ca3d refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a9684fc1 pfn:0xa9684 [ 46.258401][ T6836] flags: 0xfffe0000000200(slab) [ 46.263243][ T6836] raw: 00fffe0000000200 ffffea0002a5d5c8 ffffea0002a98588 ffff8880aa440100 [ 46.271805][ T6836] raw: ffff8880a9684fc1 ffff8880a9684000 000000010000003f 0000000000000000 [ 46.280375][ T6836] page dumped because: kasan: bad access detected [ 46.286767][ T6836] [ 46.290300][ T6836] Memory state around the buggy address: [ 46.295904][ T6836] ffff8880a9684a80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 46.304041][ T6836] ffff8880a9684b00: 00 fc fc fc fc fc fc fc fa fb fb fb fc fc fc fc [ 46.312096][ T6836] >ffff8880a9684b80: 00 fc fc fc fc fc fc fc fa fb fb fb fc fc fc fc [ 46.320145][ T6836] ^ [ 46.324975][ T6836] ffff8880a9684c00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 46.333010][ T6836] ffff8880a9684c80: 00 00 01 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 46.341131][ T6836] ================================================================== [ 46.349163][ T6836] Disabling lock debugging due to kernel taint [ 46.370100][ T6836] Kernel panic - not syncing: panic_on_warn set ... [ 46.376700][ T6836] CPU: 0 PID: 6836 Comm: syz-executor329 Tainted: G B 5.9.0-rc6-syzkaller #0 [ 46.386743][ T6836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.396813][ T6836] Call Trace: [ 46.400086][ T6836] dump_stack+0x1d6/0x29e [ 46.404508][ T6836] panic+0x2c0/0x800 [ 46.408394][ T6836] ? trace_hardirqs_on+0x30/0x80 [ 46.413335][ T6836] kasan_report+0x1c9/0x1d0 [ 46.417812][ T6836] ? squashfs_get_id+0xb9/0x1c0 [ 46.422633][ T6836] ? _raw_spin_unlock+0x24/0x40 [ 46.427450][ T6836] squashfs_get_id+0xb9/0x1c0 [ 46.432096][ T6836] squashfs_read_inode+0x155/0x2170 [ 46.437271][ T6836] ? _raw_spin_unlock+0x24/0x40 [ 46.442101][ T6836] ? new_inode+0x1be/0x1d0 [ 46.446485][ T6836] squashfs_fill_super+0x1478/0x1790 [ 46.451741][ T6836] get_tree_bdev+0x3e9/0x5f0 [ 46.456301][ T6836] ? squashfs_reconfigure+0xa0/0xa0 [ 46.461467][ T6836] vfs_get_tree+0x88/0x270 [ 46.465851][ T6836] path_mount+0x179d/0x29e0 [ 46.470345][ T6836] __se_sys_mount+0x126/0x180 [ 46.474999][ T6836] do_syscall_64+0x31/0x70 [ 46.479426][ T6836] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 46.485297][ T6836] RIP: 0033:0x446d1a [ 46.489170][ T6836] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 46.508748][ T6836] RSP: 002b:00007ffd7dd4f8b8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 46.517140][ T6836] RAX: ffffffffffffffda RBX: 00007ffd7dd4f910 RCX: 0000000000446d1a [ 46.525083][ T6836] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd7dd4f8d0 [ 46.533027][ T6836] RBP: 00007ffd7dd4f8d0 R08: 00007ffd7dd4f910 R09: 00007ffd00000015 [ 46.541001][ T6836] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 46.548965][ T6836] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 46.557884][ T6836] Kernel Offset: disabled [ 46.562193][ T6836] Rebooting in 86400 seconds..