[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   28.452760] ==================================================================
[   28.460289] BUG: KASAN: slab-out-of-bounds in squashfs_export_iget+0x22f/0x250
[   28.467645] Read of size 8 at addr ffff8880b11053d0 by task syz-executor160/8006
[   28.475166] 
[   28.476790] CPU: 1 PID: 8006 Comm: syz-executor160 Not tainted 4.14.212-syzkaller #0
[   28.484703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.494040] Call Trace:
[   28.496604]  dump_stack+0x1b2/0x283
[   28.500211]  print_address_description.cold+0x54/0x1d3
[   28.505462]  kasan_report_error.cold+0x8a/0x194
[   28.510104]  ? squashfs_export_iget+0x22f/0x250
[   28.514747]  __asan_report_load8_noabort+0x68/0x70
[   28.519668]  ? squashfs_export_iget+0x22f/0x250
[   28.524312]  squashfs_export_iget+0x22f/0x250
[   28.528790]  ? squashfs_readdir.cold+0x4b/0x4b
[   28.533351]  squashfs_fh_to_dentry+0x5f/0x90
[   28.537732]  exportfs_decode_fh+0x113/0x6bc
[   28.542031]  ? squashfs_get_parent+0xa0/0xa0
[   28.546412]  ? drop_caches_sysctl_handler.cold+0x76/0x76
[   28.551889]  ? reconnect_path+0x730/0x730
[   28.556063]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   28.561143]  ? debug_check_no_obj_freed+0x2c0/0x674
[   28.566133]  ? __might_fault+0x104/0x1b0
[   28.570168]  ? lock_acquire+0x170/0x3f0
[   28.574126]  ? lock_downgrade+0x740/0x740
[   28.578251]  ? __might_fault+0x177/0x1b0
[   28.582288]  do_handle_open+0x248/0x570
[   28.586237]  ? SyS_name_to_handle_at+0x3f0/0x3f0
[   28.590965]  ? __close_fd+0x159/0x230
[   28.594740]  ? do_syscall_64+0x4c/0x640
[   28.598804]  ? do_handle_open+0x570/0x570
[   28.602935]  do_syscall_64+0x1d5/0x640
[   28.606806]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.611979] RIP: 0033:0x444449
[   28.615147] RSP: 002b:00007ffeb38f26b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   28.622868] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444449
[   28.630126] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003
[   28.637380] RBP: 00000000006d0018 R08: 0000000000000000 R09: 00000000004002e0
[   28.644625] R10: 00007ffe00000015 R11: 0000000000000246 R12: 0000000000402030
[   28.651868] R13: 00000000004020c0 R14: 0000000000000000 R15: 0000000000000000
[   28.659134] 
[   28.660764] Allocated by task 6224:
[   28.664371]  kasan_kmalloc+0xeb/0x160
[   28.668147]  kmem_cache_alloc+0x124/0x3c0
[   28.672330]  getname_flags+0xc8/0x550
[   28.676109]  user_path_at_empty+0x2a/0x50
[   28.680285]  do_utimes+0x149/0x250
[   28.683872]  SyS_utimensat+0xbf/0x120
[   28.687693]  do_syscall_64+0x1d5/0x640
[   28.691556]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.696715] 
[   28.698320] Freed by task 6224:
[   28.701575]  kasan_slab_free+0xc3/0x1a0
[   28.705536]  kmem_cache_free+0x7c/0x2b0
[   28.709503]  putname+0xcd/0x110
[   28.712756]  filename_lookup+0x37b/0x510
[   28.716806]  do_utimes+0x149/0x250
[   28.720321]  SyS_utimensat+0xbf/0x120
[   28.724114]  do_syscall_64+0x1d5/0x640
[   28.727983]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.733151] 
[   28.734754] The buggy address belongs to the object at ffff8880b11043c0
[   28.734754]  which belongs to the cache names_cache of size 4096
[   28.747482] The buggy address is located 16 bytes to the right of
[   28.747482]  4096-byte region [ffff8880b11043c0, ffff8880b11053c0)
[   28.759849] The buggy address belongs to the page:
[   28.764752] page:ffffea0002c44100 count:1 mapcount:0 mapping:ffff8880b11043c0 index:0x0 compound_mapcount: 0
[   28.774695] flags: 0xfff00000008100(slab|head)
[   28.779252] raw: 00fff00000008100 ffff8880b11043c0 0000000000000000 0000000100000001
[   28.787117] raw: ffffea0002c5ff20 ffffea0002c411a0 ffff88823f8bb200 0000000000000000
[   28.794969] page dumped because: kasan: bad access detected
[   28.800650] 
[   28.802263] Memory state around the buggy address:
[   28.807164]  ffff8880b1105280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.814494]  ffff8880b1105300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.821827] >ffff8880b1105380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   28.829158]                                                  ^
[   28.835101]  ffff8880b1105400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.842442]  ffff8880b1105480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.849773] ==================================================================
[   28.857102] Disabling lock debugging due to kernel taint
[   28.862609] Kernel panic - not syncing: panic_on_warn set ...
[   28.862609] 
[   28.869968] CPU: 1 PID: 8006 Comm: syz-executor160 Tainted: G    B           4.14.212-syzkaller #0
[   28.879054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.888394] Call Trace:
[   28.890958]  dump_stack+0x1b2/0x283
[   28.894561]  panic+0x1f9/0x42d
[   28.897729]  ? add_taint.cold+0x16/0x16
[   28.901677]  ? ___preempt_schedule+0x16/0x18
[   28.906059]  kasan_end_report+0x43/0x49
[   28.910007]  kasan_report_error.cold+0xa7/0x194
[   28.914738]  ? squashfs_export_iget+0x22f/0x250
[   28.919380]  __asan_report_load8_noabort+0x68/0x70
[   28.924283]  ? squashfs_export_iget+0x22f/0x250
[   28.928923]  squashfs_export_iget+0x22f/0x250
[   28.933391]  ? squashfs_readdir.cold+0x4b/0x4b
[   28.937949]  squashfs_fh_to_dentry+0x5f/0x90
[   28.942330]  exportfs_decode_fh+0x113/0x6bc
[   28.946623]  ? squashfs_get_parent+0xa0/0xa0
[   28.951006]  ? drop_caches_sysctl_handler.cold+0x76/0x76
[   28.956429]  ? reconnect_path+0x730/0x730
[   28.960550]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   28.965640]  ? debug_check_no_obj_freed+0x2c0/0x674
[   28.970629]  ? __might_fault+0x104/0x1b0
[   28.974663]  ? lock_acquire+0x170/0x3f0
[   28.978623]  ? lock_downgrade+0x740/0x740
[   28.982745]  ? __might_fault+0x177/0x1b0
[   28.986780]  do_handle_open+0x248/0x570
[   28.990729]  ? SyS_name_to_handle_at+0x3f0/0x3f0
[   28.995474]  ? __close_fd+0x159/0x230
[   28.999247]  ? do_syscall_64+0x4c/0x640
[   29.003205]  ? do_handle_open+0x570/0x570
[   29.007325]  do_syscall_64+0x1d5/0x640
[   29.011189]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.016351] RIP: 0033:0x444449
[   29.019529] RSP: 002b:00007ffeb38f26b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   29.027209] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444449
[   29.034453] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003
[   29.041707] RBP: 00000000006d0018 R08: 0000000000000000 R09: 00000000004002e0
[   29.048951] R10: 00007ffe00000015 R11: 0000000000000246 R12: 0000000000402030
[   29.056192] R13: 00000000004020c0 R14: 0000000000000000 R15: 0000000000000000
[   29.064080] Kernel Offset: disabled
[   29.067685] Rebooting in 86400 seconds..