[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.115' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   34.744860] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000)
[   34.755223] ==================================================================
[   34.762698] BUG: KASAN: slab-out-of-bounds in udf_get_fileident+0x233/0x250
[   34.769795] Read of size 2 at addr ffff8880977b9ffc by task syz-executor721/8110
[   34.777414] 
[   34.779047] CPU: 0 PID: 8110 Comm: syz-executor721 Not tainted 4.19.211-syzkaller #0
[   34.786921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.796256] Call Trace:
[   34.798831]  dump_stack+0x1fc/0x2ef
[   34.802444]  print_address_description.cold+0x54/0x219
[   34.807702]  kasan_report_error.cold+0x8a/0x1b9
[   34.812350]  ? udf_get_fileident+0x233/0x250
[   34.816744]  __asan_report_load_n_noabort+0x8b/0xa0
[   34.821743]  ? unwind_get_return_address+0x70/0x90
[   34.826652]  ? udf_get_fileident+0x233/0x250
[   34.831055]  udf_get_fileident+0x233/0x250
[   34.835272]  udf_fileident_read+0x550/0x1930
[   34.839662]  ? deref_stack_reg+0x1d0/0x1d0
[   34.843876]  ? __unwind_start+0x5b8/0x960
[   34.848002]  ? bpf_prog_kallsyms_find.part.0+0x1ad/0x270
[   34.853433]  ? udf_get_fileident+0x250/0x250
[   34.857820]  ? is_bpf_text_address+0xfc/0x1b0
[   34.862297]  ? kernel_text_address+0xbd/0xf0
[   34.866693]  ? check_preemption_disabled+0x41/0x280
[   34.871693]  ? udf_readdir+0x376/0x1350
[   34.875647]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[   34.880649]  udf_readdir+0x559/0x1350
[   34.884436]  ? udf_new_block+0x490/0x490
[   34.888479]  ? aa_path_link+0x410/0x410
[   34.892430]  ? kmem_cache_free+0x7f/0x260
[   34.896556]  ? putname+0xe1/0x120
[   34.899988]  ? do_sys_open+0x2ba/0x520
[   34.903872]  ? do_syscall_64+0xf9/0x620
[   34.907826]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.913171]  ? mark_held_locks+0xf0/0xf0
[   34.917216]  ? mark_held_locks+0xf0/0xf0
[   34.921261]  ? debug_check_no_obj_freed+0x201/0x490
[   34.926257]  ? fsnotify+0x84e/0xe10
[   34.929864]  ? fsnotify_first_mark+0x200/0x200
[   34.934429]  ? lock_acquire+0x170/0x3c0
[   34.938381]  ? iterate_dir+0xd2/0x5c0
[   34.942166]  iterate_dir+0x473/0x5c0
[   34.945877]  ksys_getdents64+0x175/0x2b0
[   34.949917]  ? __ia32_sys_getdents+0xa0/0xa0
[   34.954306]  ? do_sys_open+0x2bf/0x520
[   34.958172]  ? filldir+0x400/0x400
[   34.961709]  ? inode_permission.part.0+0x10c/0x450
[   34.966630]  ? __sanitizer_cov_trace_switch+0x4b/0x80
[   34.971808]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   34.977174]  ? trace_hardirqs_off_caller+0x6e/0x210
[   34.982173]  __x64_sys_getdents64+0x6f/0xb0
[   34.986476]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   34.991039]  do_syscall_64+0xf9/0x620
[   34.994822]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.999990] RIP: 0033:0x7f173bc1b219
[   35.003683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   35.022564] RSP: 002b:00007ffec75c0be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   35.030251] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f173bc1b219
[   35.037501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   35.044751] RBP: 00007f173bbd3000 R08: 0000000000000000 R09: 0000000000000000
[   35.052001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f173bbd3090
[   35.059252] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   35.066506] 
[   35.068113] Allocated by task 6152:
[   35.071725]  kmem_cache_alloc+0x122/0x370
[   35.075853]  shmem_alloc_inode+0x18/0x40
[   35.079896]  alloc_inode+0x5d/0x180
[   35.083499]  new_inode+0x1d/0xf0
[   35.086843]  shmem_get_inode+0x96/0x8d0
[   35.090801]  shmem_mknod+0x5a/0x1f0
[   35.094423]  lookup_open+0x893/0x1a20
[   35.098207]  path_openat+0x1094/0x2df0
[   35.102073]  do_filp_open+0x18c/0x3f0
[   35.105851]  do_sys_open+0x3b3/0x520
[   35.109548]  do_syscall_64+0xf9/0x620
[   35.113331]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.118495] 
[   35.120100] Freed by task 0:
[   35.123093] (stack is not available)
[   35.126786] 
[   35.128392] The buggy address belongs to the object at ffff8880977b9a60
[   35.128392]  which belongs to the cache shmem_inode_cache of size 1200
[   35.141647] The buggy address is located 236 bytes to the right of
[   35.141647]  1200-byte region [ffff8880977b9a60, ffff8880977b9f10)
[   35.154103] The buggy address belongs to the page:
[   35.159013] page:ffffea00025dee40 count:1 mapcount:0 mapping:ffff8880b59c36c0 index:0xffff8880977b9ffd
[   35.168437] flags: 0xfff00000000100(slab)
[   35.172568] raw: 00fff00000000100 ffffea000260f208 ffffea000262d5c8 ffff8880b59c36c0
[   35.180445] raw: ffff8880977b9ffd ffff8880977b9000 0000000100000003 0000000000000000
[   35.188301] page dumped because: kasan: bad access detected
[   35.193998] 
[   35.195602] Memory state around the buggy address:
[   35.200509]  ffff8880977b9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.207845]  ffff8880977b9f00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.215181] >ffff8880977b9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.222519]                                                                 ^
[   35.229769]  ffff8880977ba000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.237112]  ffff8880977ba080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   35.244448] ==================================================================
[   35.251780] Disabling lock debugging due to kernel taint
[   35.258561] Kernel panic - not syncing: panic_on_warn set ...
[   35.258561] 
[   35.265946] CPU: 0 PID: 8110 Comm: syz-executor721 Tainted: G    B             4.19.211-syzkaller #0
[   35.275211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.284556] Call Trace:
[   35.287147]  dump_stack+0x1fc/0x2ef
[   35.290789]  panic+0x26a/0x50e
[   35.293980]  ? __warn_printk+0xf3/0xf3
[   35.297864]  ? preempt_schedule_common+0x45/0xc0
[   35.302617]  ? ___preempt_schedule+0x16/0x18
[   35.307021]  ? trace_hardirqs_on+0x55/0x210
[   35.311326]  kasan_end_report+0x43/0x49
[   35.315281]  kasan_report_error.cold+0xa7/0x1b9
[   35.319929]  ? udf_get_fileident+0x233/0x250
[   35.324318]  __asan_report_load_n_noabort+0x8b/0xa0
[   35.329313]  ? unwind_get_return_address+0x70/0x90
[   35.334221]  ? udf_get_fileident+0x233/0x250
[   35.338609]  udf_get_fileident+0x233/0x250
[   35.342821]  udf_fileident_read+0x550/0x1930
[   35.347225]  ? deref_stack_reg+0x1d0/0x1d0
[   35.351440]  ? __unwind_start+0x5b8/0x960
[   35.355570]  ? bpf_prog_kallsyms_find.part.0+0x1ad/0x270
[   35.361013]  ? udf_get_fileident+0x250/0x250
[   35.365398]  ? is_bpf_text_address+0xfc/0x1b0
[   35.369870]  ? kernel_text_address+0xbd/0xf0
[   35.374259]  ? check_preemption_disabled+0x41/0x280
[   35.379265]  ? udf_readdir+0x376/0x1350
[   35.383217]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[   35.388215]  udf_readdir+0x559/0x1350
[   35.391998]  ? udf_new_block+0x490/0x490
[   35.396037]  ? aa_path_link+0x410/0x410
[   35.399988]  ? kmem_cache_free+0x7f/0x260
[   35.404112]  ? putname+0xe1/0x120
[   35.407543]  ? do_sys_open+0x2ba/0x520
[   35.411409]  ? do_syscall_64+0xf9/0x620
[   35.415379]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.420743]  ? mark_held_locks+0xf0/0xf0
[   35.424793]  ? mark_held_locks+0xf0/0xf0
[   35.428836]  ? debug_check_no_obj_freed+0x201/0x490
[   35.433836]  ? fsnotify+0x84e/0xe10
[   35.437443]  ? fsnotify_first_mark+0x200/0x200
[   35.442007]  ? lock_acquire+0x170/0x3c0
[   35.445960]  ? iterate_dir+0xd2/0x5c0
[   35.449742]  iterate_dir+0x473/0x5c0
[   35.453434]  ksys_getdents64+0x175/0x2b0
[   35.457473]  ? __ia32_sys_getdents+0xa0/0xa0
[   35.461858]  ? do_sys_open+0x2bf/0x520
[   35.465725]  ? filldir+0x400/0x400
[   35.469261]  ? inode_permission.part.0+0x10c/0x450
[   35.474187]  ? __sanitizer_cov_trace_switch+0x4b/0x80
[   35.479373]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   35.484724]  ? trace_hardirqs_off_caller+0x6e/0x210
[   35.489721]  __x64_sys_getdents64+0x6f/0xb0
[   35.494022]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   35.498580]  do_syscall_64+0xf9/0x620
[   35.502359]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.507539] RIP: 0033:0x7f173bc1b219
[   35.511352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   35.530232] RSP: 002b:00007ffec75c0be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   35.537918] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f173bc1b219
[   35.545194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   35.552444] RBP: 00007f173bbd3000 R08: 0000000000000000 R09: 0000000000000000
[   35.559691] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f173bbd3090
[   35.566936] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   35.574362] Kernel Offset: disabled
[   35.577982] Rebooting in 86400 seconds..