[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.27' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.213971] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 32.227823] ================================================================== [ 32.235269] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x6e3/0x7d0 [ 32.242099] Write of size 4 at addr ffff8880a9310830 by task syz-executor127/7990 [ 32.249694] [ 32.251294] CPU: 0 PID: 7990 Comm: syz-executor127 Not tainted 4.14.302-syzkaller #0 [ 32.259159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.268496] Call Trace: [ 32.271056] dump_stack+0x1b2/0x281 [ 32.274657] print_address_description.cold+0x54/0x1d3 [ 32.279907] kasan_report_error.cold+0x8a/0x191 [ 32.284550] ? udf_write_aext+0x6e3/0x7d0 [ 32.288666] __asan_report_store_n_noabort+0x6b/0x80 [ 32.293744] ? udf_write_aext+0x6e3/0x7d0 [ 32.297860] udf_write_aext+0x6e3/0x7d0 [ 32.301806] udf_add_entry+0xc54/0x2710 [ 32.305759] ? udf_write_fi+0xe80/0xe80 [ 32.309705] ? udf_new_inode+0x891/0xce0 [ 32.313744] ? lock_acquire+0x170/0x3f0 [ 32.317686] udf_mkdir+0x122/0x620 [ 32.321197] ? putname+0xcd/0x110 [ 32.324618] ? udf_create+0x160/0x160 [ 32.328391] ? map_id_up+0xe9/0x180 [ 32.332014] ? security_inode_permission+0xb5/0xf0 [ 32.336926] ? security_inode_mkdir+0xca/0x100 [ 32.341476] vfs_mkdir+0x463/0x6e0 [ 32.344986] SyS_mkdirat+0x1fd/0x270 [ 32.348668] ? SyS_mknod+0x30/0x30 [ 32.352179] ? __do_page_fault+0x159/0xad0 [ 32.356384] ? do_syscall_64+0x4c/0x640 [ 32.360325] ? SyS_mkdirat+0x270/0x270 [ 32.364187] do_syscall_64+0x1d5/0x640 [ 32.368053] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 32.373218] RIP: 0033:0x7ff4cfbf56b7 [ 32.376898] RSP: 002b:00007fff8afb7af8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 [ 32.384575] RAX: ffffffffffffffda RBX: 0000555556e24380 RCX: 00007ff4cfbf56b7 [ 32.391816] RDX: 1100000000000000 RSI: 00000000000001ff RDI: 0000000020000100 [ 32.399054] RBP: 00007fff8afb7b90 R08: 0000000000000000 R09: 0000000000000000 [ 32.406293] R10: 0000000000010012 R11: 0000000000000286 R12: 00000000ffffffff [ 32.413531] R13: 0000000020000100 R14: 0000000020000000 R15: 0000000000000000 [ 32.420780] [ 32.422377] Allocated by task 7990: [ 32.425974] kasan_kmalloc+0xeb/0x160 [ 32.429742] __kmalloc+0x15a/0x400 [ 32.433255] udf_new_inode+0x1f6/0xce0 [ 32.437109] udf_create+0x1d/0x160 [ 32.440635] lookup_open+0x77a/0x1750 [ 32.444404] path_openat+0xe08/0x2970 [ 32.448171] do_filp_open+0x179/0x3c0 [ 32.451948] do_sys_open+0x296/0x410 [ 32.455630] do_syscall_64+0x1d5/0x640 [ 32.459489] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 32.464658] [ 32.466254] Freed by task 6300: [ 32.469511] kasan_slab_free+0xc3/0x1a0 [ 32.473455] kfree+0xc9/0x250 [ 32.476536] pipe_release+0x29f/0x300 [ 32.480309] __fput+0x25f/0x7a0 [ 32.483556] task_work_run+0x11f/0x190 [ 32.487420] exit_to_usermode_loop+0x1ad/0x200 [ 32.491974] do_syscall_64+0x4a3/0x640 [ 32.495827] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 32.500987] [ 32.502588] The buggy address belongs to the object at ffff8880a93105c0 [ 32.502588] which belongs to the cache kmalloc-512 of size 512 [ 32.515210] The buggy address is located 112 bytes to the right of [ 32.515210] 512-byte region [ffff8880a93105c0, ffff8880a93107c0) [ 32.527570] The buggy address belongs to the page: [ 32.532467] page:ffffea0002a4c400 count:1 mapcount:0 mapping:ffff8880a93100c0 index:0x0 [ 32.540576] flags: 0xfff00000000100(slab) [ 32.544695] raw: 00fff00000000100 ffff8880a93100c0 0000000000000000 0000000100000006 [ 32.552555] raw: ffffea0002a5ef20 ffffea0002a53260 ffff88813fe74940 0000000000000000 [ 32.560406] page dumped because: kasan: bad access detected [ 32.566095] [ 32.567694] Memory state around the buggy address: [ 32.572589] ffff8880a9310700: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.579914] ffff8880a9310780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.587240] >ffff8880a9310800: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 32.594564] ^ [ 32.599465] ffff8880a9310880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.606791] ffff8880a9310900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.614121] ================================================================== [ 32.621445] Disabling lock debugging due to kernel taint [ 32.627175] Kernel panic - not syncing: panic_on_warn set ... [ 32.627175] [ 32.634540] CPU: 0 PID: 7990 Comm: syz-executor127 Tainted: G B 4.14.302-syzkaller #0 [ 32.643621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.652966] Call Trace: [ 32.655534] dump_stack+0x1b2/0x281 [ 32.659150] panic+0x1f9/0x42d [ 32.662317] ? add_taint.cold+0x16/0x16 [ 32.666273] ? ___preempt_schedule+0x16/0x18 [ 32.670741] kasan_end_report+0x43/0x49 [ 32.674774] kasan_report_error.cold+0xa7/0x191 [ 32.679421] ? udf_write_aext+0x6e3/0x7d0 [ 32.683541] __asan_report_store_n_noabort+0x6b/0x80 [ 32.688614] ? udf_write_aext+0x6e3/0x7d0 [ 32.692839] udf_write_aext+0x6e3/0x7d0 [ 32.696874] udf_add_entry+0xc54/0x2710 [ 32.700829] ? udf_write_fi+0xe80/0xe80 [ 32.704776] ? udf_new_inode+0x891/0xce0 [ 32.708811] ? lock_acquire+0x170/0x3f0 [ 32.712761] udf_mkdir+0x122/0x620 [ 32.716272] ? putname+0xcd/0x110 [ 32.719698] ? udf_create+0x160/0x160 [ 32.723469] ? map_id_up+0xe9/0x180 [ 32.727069] ? security_inode_permission+0xb5/0xf0 [ 32.731968] ? security_inode_mkdir+0xca/0x100 [ 32.736523] vfs_mkdir+0x463/0x6e0 [ 32.740032] SyS_mkdirat+0x1fd/0x270 [ 32.743713] ? SyS_mknod+0x30/0x30 [ 32.747221] ? __do_page_fault+0x159/0xad0 [ 32.751433] ? do_syscall_64+0x4c/0x640 [ 32.755378] ? SyS_mkdirat+0x270/0x270 [ 32.759234] do_syscall_64+0x1d5/0x640 [ 32.763091] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 32.768260] RIP: 0033:0x7ff4cfbf56b7 [ 32.771944] RSP: 002b:00007fff8afb7af8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 [ 32.779622] RAX: ffffffffffffffda RBX: 0000555556e24380 RCX: 00007ff4cfbf56b7 [ 32.786868] RDX: 1100000000000000 RSI: 00000000000001ff RDI: 0000000020000100 [ 32.794143] RBP: 00007fff8afb7b90 R08: 0000000000000000 R09: 0000000000000000 [ 32.801392] R10: 0000000000010012 R11: 0000000000000286 R12: 00000000ffffffff [ 32.808646] R13: 0000000020000100 R14: 0000000020000000 R15: 0000000000000000 [ 32.816043] Kernel Offset: disabled [ 32.819645] Rebooting in 86400 seconds..