[�[0;32m OK �[0m] Started OpenBSD Secure Shell server.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.15.205' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 34.029108] audit: type=1400 audit(1601200638.961:8): avc: denied { execmem } for pid=6357 comm="syz-executor863" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 34.037436] ==================================================================
[ 34.058117] BUG: KASAN: slab-out-of-bounds in squashfs_get_id+0x181/0x1a0
[ 34.065109] Read of size 8 at addr ffff8880903cd578 by task syz-executor863/6357
[ 34.072662]
[ 34.074378] CPU: 0 PID: 6357 Comm: syz-executor863 Not tainted 4.14.198-syzkaller #0
[ 34.082245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.092359] Call Trace:
[ 34.095140] dump_stack+0x1b2/0x283
[ 34.098756] print_address_description.cold+0x54/0x1d3
[ 34.104119] kasan_report_error.cold+0x8a/0x194
[ 34.108782] ? squashfs_get_id+0x181/0x1a0
[ 34.112993] __asan_report_load8_noabort+0x68/0x70
[ 34.117919] ? squashfs_get_id+0x181/0x1a0
[ 34.122254] squashfs_get_id+0x181/0x1a0
[ 34.126384] ? squashfs_read_fragment_index_table+0xc0/0xc0
[ 34.132420] ? squashfs_read_metadata+0x2a6/0x370
[ 34.137256] squashfs_read_inode+0x171/0x1840
[ 34.141747] ? squashfs_read_id_index_table+0xc0/0xc0
[ 34.146913] ? new_inode+0xc7/0xf0
[ 34.150431] ? lock_acquire+0x170/0x3f0
[ 34.154380] ? do_raw_spin_unlock+0x164/0x220
[ 34.158859] squashfs_fill_super+0x1138/0x1640
[ 34.163561] mount_bdev+0x2b3/0x360
[ 34.167288] ? squashfs_alloc_inode+0x40/0x40
[ 34.171778] mount_fs+0x92/0x2a0
[ 34.175124] vfs_kern_mount.part.0+0x5b/0x470
[ 34.179613] do_mount+0xe53/0x2a00
[ 34.183133] ? retint_kernel+0x2d/0x2d
[ 34.187005] ? copy_mount_string+0x40/0x40
[ 34.191265] ? memset+0x20/0x40
[ 34.194518] ? copy_mount_options+0x1fa/0x2f0
[ 34.199003] ? copy_mnt_ns+0xa30/0xa30
[ 34.202878] SyS_mount+0xa8/0x120
[ 34.206304] ? copy_mnt_ns+0xa30/0xa30
[ 34.210192] do_syscall_64+0x1d5/0x640
[ 34.214080] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 34.219243] RIP: 0033:0x446d1a
[ 34.222422] RSP: 002b:00007fff489fd348 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5
[ 34.230125] RAX: ffffffffffffffda RBX: 00007fff489fd3a0 RCX: 0000000000446d1a
[ 34.237517] RDX: 0000000020000040 RSI: 0000000020000100 RDI: 00007fff489fd360
[ 34.244817] RBP: 00007fff489fd360 R08: 00007fff489fd3a0 R09: 00007fff00000015
[ 34.252197] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 34.259459] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003
[ 34.266720]
[ 34.268338] Allocated by task 6357:
[ 34.272024] kasan_kmalloc+0xeb/0x160
[ 34.275818] __kmalloc+0x15a/0x400
[ 34.279348] squashfs_read_data+0x153/0x1140
[ 34.284010] squashfs_read_table+0x11c/0x18d
[ 34.288392] squashfs_read_xattr_id_table+0x2b/0x1c0
[ 34.293494] squashfs_fill_super+0xcba/0x1640
[ 34.297971] mount_bdev+0x2b3/0x360
[ 34.301577] mount_fs+0x92/0x2a0
[ 34.304918] vfs_kern_mount.part.0+0x5b/0x470
[ 34.309398] do_mount+0xe53/0x2a00
[ 34.312936] SyS_mount+0xa8/0x120
[ 34.316530] do_syscall_64+0x1d5/0x640
[ 34.320570] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 34.325749]
[ 34.327356] Freed by task 6357:
[ 34.330617] kasan_slab_free+0xc3/0x1a0
[ 34.334588] kfree+0xc9/0x250
[ 34.337686] squashfs_read_data+0x931/0x1140
[ 34.342085] squashfs_read_table+0x11c/0x18d
[ 34.346468] squashfs_read_xattr_id_table+0x2b/0x1c0
[ 34.351546] squashfs_fill_super+0xcba/0x1640
[ 34.356014] mount_bdev+0x2b3/0x360
[ 34.359612] mount_fs+0x92/0x2a0
[ 34.362952] vfs_kern_mount.part.0+0x5b/0x470
[ 34.367433] do_mount+0xe53/0x2a00
[ 34.370990] SyS_mount+0xa8/0x120
[ 34.374417] do_syscall_64+0x1d5/0x640
[ 34.378278] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 34.383483]
[ 34.385091] The buggy address belongs to the object at ffff8880903cd540
[ 34.385091] which belongs to the cache kmalloc-32 of size 32
[ 34.397594] The buggy address is located 24 bytes to the right of
[ 34.397594] 32-byte region [ffff8880903cd540, ffff8880903cd560)
[ 34.409912] The buggy address belongs to the page:
[ 34.414817] page:ffffea000240f340 count:1 mapcount:0 mapping:ffff8880903cd000 index:0xffff8880903cdfc1
[ 34.424245] flags: 0xfffe0000000100(slab)
[ 34.428378] raw: 00fffe0000000100 ffff8880903cd000 ffff8880903cdfc1 000000010000003f
[ 34.436301] raw: ffffea00024cfa20 ffffea000234e2e0 ffff88812fe501c0 0000000000000000
[ 34.444157] page dumped because: kasan: bad access detected
[ 34.449856]
[ 34.451456] Memory state around the buggy address:
[ 34.456359] ffff8880903cd400: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[ 34.463703] ffff8880903cd480: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[ 34.471072] >ffff8880903cd500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[ 34.478409] ^
[ 34.485672] ffff8880903cd580: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[ 34.493012] ffff8880903cd600: fb fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[ 34.500347] ==================================================================
[ 34.508655] Disabling lock debugging due to kernel taint
[ 34.515585] Kernel panic - not syncing: panic_on_warn set ...
[ 34.515585]
[ 34.522961] CPU: 0 PID: 6357 Comm: syz-executor863 Tainted: G B 4.14.198-syzkaller #0
[ 34.532133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.541880] Call Trace:
[ 34.544448] dump_stack+0x1b2/0x283
[ 34.548054] panic+0x1f9/0x42d
[ 34.551232] ? add_taint.cold+0x16/0x16
[ 34.555195] ? ___preempt_schedule+0x16/0x18
[ 34.559579] kasan_end_report+0x43/0x49
[ 34.564046] kasan_report_error.cold+0xa7/0x194
[ 34.568700] ? squashfs_get_id+0x181/0x1a0
[ 34.572908] __asan_report_load8_noabort+0x68/0x70
[ 34.577811] ? squashfs_get_id+0x181/0x1a0
[ 34.582021] squashfs_get_id+0x181/0x1a0
[ 34.586056] ? squashfs_read_fragment_index_table+0xc0/0xc0
[ 34.591741] ? squashfs_read_metadata+0x2a6/0x370
[ 34.596579] squashfs_read_inode+0x171/0x1840
[ 34.601051] ? squashfs_read_id_index_table+0xc0/0xc0
[ 34.606233] ? new_inode+0xc7/0xf0
[ 34.609756] ? lock_acquire+0x170/0x3f0
[ 34.613727] ? do_raw_spin_unlock+0x164/0x220
[ 34.618217] squashfs_fill_super+0x1138/0x1640
[ 34.623312] mount_bdev+0x2b3/0x360
[ 34.626918] ? squashfs_alloc_inode+0x40/0x40
[ 34.631397] mount_fs+0x92/0x2a0
[ 34.634747] vfs_kern_mount.part.0+0x5b/0x470
[ 34.639223] do_mount+0xe53/0x2a00
[ 34.642771] ? retint_kernel+0x2d/0x2d
[ 34.646629] ? copy_mount_string+0x40/0x40
[ 34.650852] ? memset+0x20/0x40
[ 34.654104] ? copy_mount_options+0x1fa/0x2f0
[ 34.658569] ? copy_mnt_ns+0xa30/0xa30
[ 34.662428] SyS_mount+0xa8/0x120
[ 34.665868] ? copy_mnt_ns+0xa30/0xa30
[ 34.669731] do_syscall_64+0x1d5/0x640
[ 34.673596] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 34.678780] RIP: 0033:0x446d1a
[ 34.681954] RSP: 002b:00007fff489fd348 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5
[ 34.689635] RAX: ffffffffffffffda RBX: 00007fff489fd3a0 RCX: 0000000000446d1a
[ 34.696886] RDX: 0000000020000040 RSI: 0000000020000100 RDI: 00007fff489fd360
[ 34.704237] RBP: 00007fff489fd360 R08: 00007fff489fd3a0 R09: 00007fff00000015
[ 34.711491] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 34.718732] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003
[ 34.727565] Kernel Offset: disabled
[ 34.731190] Rebooting in 86400 seconds..