[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   27.146759] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[   27.154112] UDF-fs: Scanning with blocksize 512 failed
[   27.161385] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[   27.168049] UDF-fs: Scanning with blocksize 1024 failed
[   27.174443] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[   27.181519] UDF-fs: Scanning with blocksize 2048 failed
[   27.188737] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   27.205992] ==================================================================
[   27.213446] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x6e3/0x7d0
[   27.220363] Write of size 4 at addr ffff88809626e130 by task syz-executor409/7967
[   27.227963] 
[   27.229568] CPU: 0 PID: 7967 Comm: syz-executor409 Not tainted 4.14.302-syzkaller #0
[   27.237446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   27.246856] Call Trace:
[   27.249424]  dump_stack+0x1b2/0x281
[   27.253025]  print_address_description.cold+0x54/0x1d3
[   27.258273]  kasan_report_error.cold+0x8a/0x191
[   27.262914]  ? udf_write_aext+0x6e3/0x7d0
[   27.267037]  __asan_report_store_n_noabort+0x6b/0x80
[   27.272110]  ? udf_write_aext+0x6e3/0x7d0
[   27.276230]  udf_write_aext+0x6e3/0x7d0
[   27.280178]  udf_add_entry+0xc54/0x2710
[   27.284128]  ? udf_write_fi+0xe80/0xe80
[   27.288074]  ? udf_new_inode+0x891/0xce0
[   27.292110]  ? __d_lookup+0x3a0/0x660
[   27.295882]  udf_mkdir+0x122/0x620
[   27.299394]  ? putname+0xcd/0x110
[   27.302823]  ? udf_create+0x160/0x160
[   27.306597]  ? map_id_up+0xe9/0x180
[   27.310199]  ? security_inode_permission+0xb5/0xf0
[   27.315100]  ? security_inode_mkdir+0xca/0x100
[   27.319660]  vfs_mkdir+0x463/0x6e0
[   27.323178]  SyS_mkdirat+0x1fd/0x270
[   27.326863]  ? SyS_mknod+0x30/0x30
[   27.330380]  ? do_syscall_64+0x4c/0x640
[   27.334328]  ? SyS_mkdirat+0x270/0x270
[   27.338186]  do_syscall_64+0x1d5/0x640
[   27.342051]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   27.347211] RIP: 0033:0x7f5e088eede7
[   27.350896] RSP: 002b:00007ffce02dc308 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[   27.358577] RAX: ffffffffffffffda RBX: 00005555565332c0 RCX: 00007f5e088eede7
[   27.365819] RDX: 0000000000046000 RSI: 00000000000001ff RDI: 0000000020000300
[   27.373059] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[   27.380301] R10: 00007ffce02dc3a0 R11: 0000000000000286 R12: 0000000020000300
[   27.387543] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffce02dc3a0
[   27.394789] 
[   27.396396] Allocated by task 7967:
[   27.399995]  kasan_kmalloc+0xeb/0x160
[   27.403770]  __kmalloc+0x15a/0x400
[   27.407282]  udf_new_inode+0x98d/0xce0
[   27.411139]  udf_mkdir+0x95/0x620
[   27.414562]  vfs_mkdir+0x463/0x6e0
[   27.418071]  SyS_mkdirat+0x1fd/0x270
[   27.421754]  do_syscall_64+0x1d5/0x640
[   27.425613]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   27.430768] 
[   27.432382] Freed by task 0:
[   27.435371] (stack is not available)
[   27.439056] 
[   27.440656] The buggy address belongs to the object at ffff88809626e140
[   27.440656]  which belongs to the cache kmalloc-4096 of size 4096
[   27.453454] The buggy address is located 16 bytes to the left of
[   27.453454]  4096-byte region [ffff88809626e140, ffff88809626f140)
[   27.465730] The buggy address belongs to the page:
[   27.470655] page:ffffea0002589b80 count:1 mapcount:0 mapping:ffff88809626e140 index:0x0 compound_mapcount: 0
[   27.480591] flags: 0xfff00000008100(slab|head)
[   27.485144] raw: 00fff00000008100 ffff88809626e140 0000000000000000 0000000100000001
[   27.492996] raw: ffffea0002ccde20 ffffea0002ccb1a0 ffff88813fe74dc0 0000000000000000
[   27.501251] page dumped because: kasan: bad access detected
[   27.506927] 
[   27.508528] Memory state around the buggy address:
[   27.513429]  ffff88809626e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.520763]  ffff88809626e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.528098] >ffff88809626e100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   27.535439]                                      ^
[   27.540380]  ffff88809626e180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.547723]  ffff88809626e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.555051] ==================================================================
[   27.562383] Disabling lock debugging due to kernel taint
[   27.570688] Kernel panic - not syncing: panic_on_warn set ...
[   27.570688] 
[   27.578046] CPU: 0 PID: 7967 Comm: syz-executor409 Tainted: G    B           4.14.302-syzkaller #0
[   27.587123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   27.596458] Call Trace:
[   27.599024]  dump_stack+0x1b2/0x281
[   27.602719]  panic+0x1f9/0x42d
[   27.605885]  ? add_taint.cold+0x16/0x16
[   27.609841]  ? ___preempt_schedule+0x16/0x18
[   27.614249]  kasan_end_report+0x43/0x49
[   27.618207]  kasan_report_error.cold+0xa7/0x191
[   27.622852]  ? udf_write_aext+0x6e3/0x7d0
[   27.627126]  __asan_report_store_n_noabort+0x6b/0x80
[   27.632206]  ? udf_write_aext+0x6e3/0x7d0
[   27.636329]  udf_write_aext+0x6e3/0x7d0
[   27.640282]  udf_add_entry+0xc54/0x2710
[   27.644235]  ? udf_write_fi+0xe80/0xe80
[   27.648184]  ? udf_new_inode+0x891/0xce0
[   27.652224]  ? __d_lookup+0x3a0/0x660
[   27.655998]  udf_mkdir+0x122/0x620
[   27.659509]  ? putname+0xcd/0x110
[   27.662936]  ? udf_create+0x160/0x160
[   27.666710]  ? map_id_up+0xe9/0x180
[   27.670312]  ? security_inode_permission+0xb5/0xf0
[   27.675213]  ? security_inode_mkdir+0xca/0x100
[   27.679910]  vfs_mkdir+0x463/0x6e0
[   27.683428]  SyS_mkdirat+0x1fd/0x270
[   27.687200]  ? SyS_mknod+0x30/0x30
[   27.690716]  ? do_syscall_64+0x4c/0x640
[   27.694662]  ? SyS_mkdirat+0x270/0x270
[   27.698548]  do_syscall_64+0x1d5/0x640
[   27.702413]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   27.707577] RIP: 0033:0x7f5e088eede7
[   27.711259] RSP: 002b:00007ffce02dc308 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[   27.718942] RAX: ffffffffffffffda RBX: 00005555565332c0 RCX: 00007f5e088eede7
[   27.726183] RDX: 0000000000046000 RSI: 00000000000001ff RDI: 0000000020000300
[   27.733449] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[   27.740690] R10: 00007ffce02dc3a0 R11: 0000000000000286 R12: 0000000020000300
[   27.748018] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffce02dc3a0
[   27.755427] Kernel Offset: disabled
[   27.759118] Rebooting in 86400 seconds..