[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.187' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   31.220997] ==================================================================
[   31.228520] BUG: KASAN: slab-out-of-bounds in squashfs_export_iget+0x22f/0x250
[   31.237105] Read of size 8 at addr ffff8880af8135b8 by task syz-executor102/8023
[   31.244759] 
[   31.246370] CPU: 0 PID: 8023 Comm: syz-executor102 Not tainted 4.14.216-syzkaller #0
[   31.254229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.263662] Call Trace:
[   31.266268]  dump_stack+0x1b2/0x281
[   31.269880]  print_address_description.cold+0x54/0x1d3
[   31.275300]  kasan_report_error.cold+0x8a/0x191
[   31.279974]  ? squashfs_export_iget+0x22f/0x250
[   31.284633]  __asan_report_load8_noabort+0x68/0x70
[   31.289611]  ? squashfs_export_iget+0x22f/0x250
[   31.294269]  squashfs_export_iget+0x22f/0x250
[   31.298827]  ? squashfs_readdir+0xc10/0xc10
[   31.303285]  squashfs_fh_to_dentry+0x5f/0x90
[   31.307697]  exportfs_decode_fh+0x113/0x6c0
[   31.312033]  ? squashfs_get_parent+0xa0/0xa0
[   31.316777]  ? drop_caches_sysctl_handler+0xe0/0xe0
[   31.321775]  ? reconnect_path+0x730/0x730
[   31.325909]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   31.331017]  ? debug_check_no_obj_freed+0x2c0/0x680
[   31.336038]  ? __might_fault+0x104/0x1b0
[   31.340088]  ? lock_acquire+0x170/0x3f0
[   31.344054]  ? lock_downgrade+0x740/0x740
[   31.348382]  ? __might_fault+0x177/0x1b0
[   31.352471]  do_handle_open+0x248/0x570
[   31.356447]  ? SyS_name_to_handle_at+0x3f0/0x3f0
[   31.361181]  ? __close_fd+0x159/0x230
[   31.364973]  ? do_syscall_64+0x4c/0x640
[   31.368933]  ? do_handle_open+0x570/0x570
[   31.373081]  do_syscall_64+0x1d5/0x640
[   31.377003]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.382186] RIP: 0033:0x444409
[   31.385359] RSP: 002b:00007fffe2e371f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   31.393148] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444409
[   31.400519] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003
[   31.407773] RBP: 00000000006cf018 R08: 0000000000000000 R09: 00000000004002e0
[   31.415023] R10: 00007fff00000015 R11: 0000000000000246 R12: 0000000000401ff0
[   31.422377] R13: 0000000000402080 R14: 0000000000000000 R15: 0000000000000000
[   31.429655] 
[   31.431698] Allocated by task 6200:
[   31.435323]  kasan_kmalloc+0xeb/0x160
[   31.439125]  kmem_cache_alloc_trace+0x131/0x3d0
[   31.443774]  aa_alloc_task_context+0x4d/0x90
[   31.448161]  apparmor_cred_prepare+0x1a/0xb0
[   31.452549]  security_prepare_creds+0x76/0xb0
[   31.457043]  prepare_creds+0x2ef/0x490
[   31.460913]  SyS_faccessat+0x7b/0x680
[   31.464707]  do_syscall_64+0x1d5/0x640
[   31.468589]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.474311] 
[   31.476066] Freed by task 6200:
[   31.479365]  kasan_slab_free+0xc3/0x1a0
[   31.483367]  kfree+0xc9/0x250
[   31.486525]  aa_free_task_context+0xda/0x130
[   31.491161]  apparmor_cred_free+0x34/0x70
[   31.495324]  security_cred_free+0x71/0xb0
[   31.499498]  put_cred_rcu+0xe3/0x300
[   31.503198]  __put_cred+0x1a1/0x210
[   31.506824]  SyS_faccessat+0x52a/0x680
[   31.510695]  do_syscall_64+0x1d5/0x640
[   31.514582]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.519763] 
[   31.521394] The buggy address belongs to the object at ffff8880af813580
[   31.521394]  which belongs to the cache kmalloc-32 of size 32
[   31.533866] The buggy address is located 24 bytes to the right of
[   31.533866]  32-byte region [ffff8880af813580, ffff8880af8135a0)
[   31.546130] The buggy address belongs to the page:
[   31.551060] page:ffffea0002be04c0 count:1 mapcount:0 mapping:ffff8880af813000 index:0xffff8880af813fc1
[   31.560506] flags: 0xfff00000000100(slab)
[   31.564661] raw: 00fff00000000100 ffff8880af813000 ffff8880af813fc1 0000000100000020
[   31.572551] raw: ffffea0002be5360 ffff88813fe81238 ffff88813fe801c0 0000000000000000
[   31.580908] page dumped because: kasan: bad access detected
[   31.586618] 
[   31.588357] Memory state around the buggy address:
[   31.593390]  ffff8880af813480: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   31.600786]  ffff8880af813500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   31.608135] >ffff8880af813580: fb fb fb fb fc fc fc fc 00 fc fc fc fc fc fc fc
[   31.615484]                                         ^
[   31.620658]  ffff8880af813600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   31.627997]  ffff8880af813680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   31.635341] ==================================================================
[   31.642724] Disabling lock debugging due to kernel taint
[   31.659074] Kernel panic - not syncing: panic_on_warn set ...
[   31.659074] 
[   31.666496] CPU: 1 PID: 8023 Comm: syz-executor102 Tainted: G    B           4.14.216-syzkaller #0
[   31.675580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.684921] Call Trace:
[   31.687496]  dump_stack+0x1b2/0x281
[   31.691106]  panic+0x1f9/0x42d
[   31.694279]  ? add_taint.cold+0x16/0x16
[   31.698231]  ? ___preempt_schedule+0x16/0x18
[   31.702621]  kasan_end_report+0x43/0x49
[   31.706607]  kasan_report_error.cold+0xa7/0x191
[   31.711264]  ? squashfs_export_iget+0x22f/0x250
[   31.715912]  __asan_report_load8_noabort+0x68/0x70
[   31.720844]  ? squashfs_export_iget+0x22f/0x250
[   31.725495]  squashfs_export_iget+0x22f/0x250
[   31.729992]  ? squashfs_readdir+0xc10/0xc10
[   31.734292]  squashfs_fh_to_dentry+0x5f/0x90
[   31.738685]  exportfs_decode_fh+0x113/0x6c0
[   31.743086]  ? squashfs_get_parent+0xa0/0xa0
[   31.747486]  ? drop_caches_sysctl_handler+0xe0/0xe0
[   31.752486]  ? reconnect_path+0x730/0x730
[   31.756616]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   31.761727]  ? debug_check_no_obj_freed+0x2c0/0x680
[   31.766744]  ? __might_fault+0x104/0x1b0
[   31.770819]  ? lock_acquire+0x170/0x3f0
[   31.774776]  ? lock_downgrade+0x740/0x740
[   31.778905]  ? __might_fault+0x177/0x1b0
[   31.782949]  do_handle_open+0x248/0x570
[   31.786913]  ? SyS_name_to_handle_at+0x3f0/0x3f0
[   31.791661]  ? __close_fd+0x159/0x230
[   31.795441]  ? do_syscall_64+0x4c/0x640
[   31.799399]  ? do_handle_open+0x570/0x570
[   31.803527]  do_syscall_64+0x1d5/0x640
[   31.807418]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   31.812602] RIP: 0033:0x444409
[   31.815875] RSP: 002b:00007fffe2e371f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   31.823575] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444409
[   31.830845] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003
[   31.838092] RBP: 00000000006cf018 R08: 0000000000000000 R09: 00000000004002e0
[   31.845340] R10: 00007fff00000015 R11: 0000000000000246 R12: 0000000000401ff0
[   31.852712] R13: 0000000000402080 R14: 0000000000000000 R15: 0000000000000000
[   31.860528] Kernel Offset: disabled
[   31.864141] Rebooting in 86400 seconds..