[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.037327] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 35.054725] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 35.085606] FAULT_INJECTION: forcing a failure. [ 35.085606] name failslab, interval 1, probability 0, space 0, times 1 [ 35.103461] CPU: 0 PID: 8112 Comm: syz-executor370 Not tainted 4.19.211-syzkaller #0 [ 35.111487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 35.121549] Call Trace: [ 35.128453] dump_stack+0x1fc/0x2ef [ 35.132117] should_fail.cold+0xa/0xf [ 35.137360] ? setup_fault_attr+0x200/0x200 [ 35.143971] __should_failslab+0x115/0x180 [ 35.148607] should_failslab+0x5/0x10 [ 35.152528] kmem_cache_alloc_trace+0x284/0x380 [ 35.157325] udf_find_entry+0x540/0x1070 [ 35.161405] ? current_time+0x6f/0x1c0 [ 35.165294] ? check_preemption_disabled+0x41/0x280 [ 35.170314] ? empty_dir+0x7e0/0x7e0 [ 35.174017] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 35.179029] ? mark_buffer_dirty_inode+0xcd/0x3c0 [ 35.183878] udf_rename+0x447/0x1270 [ 35.187616] ? udf_unlink+0x420/0x420 [ 35.191507] ? do_raw_spin_unlock+0x171/0x230 [ 35.195998] ? d_splice_alias+0x469/0xc30 [ 35.200229] ? take_dentry_name_snapshot+0xe8/0x140 [ 35.205398] ? lock_acquire+0x170/0x3c0 [ 35.209376] ? down_write_nested+0x36/0x90 [ 35.213600] vfs_rename+0x67e/0x1bc0 [ 35.217302] ? __d_alloc+0x9a0/0xa10 [ 35.221033] ? path_openat+0x2df0/0x2df0 [ 35.225086] ? do_raw_spin_unlock+0x171/0x230 [ 35.229587] ? _raw_spin_unlock+0x29/0x40 [ 35.233727] ? security_path_rename+0x1ed/0x2e0 [ 35.238407] do_renameat2+0xb59/0xc70 [ 35.242277] ? do_mknodat.part.0+0x480/0x480 [ 35.246691] ? vfs_write+0x393/0x540 [ 35.250400] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.255749] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.260764] __x64_sys_rename+0x5d/0x80 [ 35.264768] do_syscall_64+0xf9/0x620 [ 35.268834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.274013] RIP: 0033:0x7f91ae7734b9 [ 35.278056] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 35.298279] RSP: 002b:00007ffc12960068 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 35.307231] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f91ae7734b9 [ 35.315024] RDX: 00000000000000b0 RSI: 00000000200000c0 RDI: 0000000020000200 [ 35.322464] RBP: 00007ffc129600b0 R08: 0000000000000002 R09: aaaaaaaaaaaa0102 [ 35.330867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 35.338492] R13: 00007f91ae7e177c R14: 0000000000000003 R15: 0000000000000001 [ 35.347333] ================================================================== [ 35.355468] BUG: KASAN: out-of-bounds in udf_write_fi+0x8f9/0xf40 [ 35.361813] Write of size 18446744073709551328 at addr ffff88808ce4a920 by task syz-executor370/8112 [ 35.371169] [ 35.372889] CPU: 0 PID: 8112 Comm: syz-executor370 Not tainted 4.19.211-syzkaller #0 [ 35.382770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 35.393869] Call Trace: [ 35.396495] dump_stack+0x1fc/0x2ef [ 35.400127] print_address_description.cold+0x54/0x219 [ 35.405702] kasan_report_error.cold+0x8a/0x1b9 [ 35.410609] ? udf_write_fi+0x8f9/0xf40 [ 35.415377] kasan_report+0x8f/0xa0 [ 35.419108] ? udf_write_fi+0x8f9/0xf40 [ 35.423169] memset+0x20/0x40 [ 35.427351] udf_write_fi+0x8f9/0xf40 [ 35.433027] ? memset+0x20/0x40 [ 35.436750] udf_rename+0x45e/0x1270 [ 35.440715] ? udf_unlink+0x420/0x420 [ 35.444715] ? do_raw_spin_unlock+0x171/0x230 [ 35.449915] ? d_splice_alias+0x469/0xc30 [ 35.454839] ? take_dentry_name_snapshot+0xe8/0x140 [ 35.459940] ? lock_acquire+0x170/0x3c0 [ 35.464444] ? down_write_nested+0x36/0x90 [ 35.469052] vfs_rename+0x67e/0x1bc0 [ 35.472772] ? __d_alloc+0x9a0/0xa10 [ 35.476488] ? path_openat+0x2df0/0x2df0 [ 35.480725] ? do_raw_spin_unlock+0x171/0x230 [ 35.485400] ? _raw_spin_unlock+0x29/0x40 [ 35.489809] ? security_path_rename+0x1ed/0x2e0 [ 35.494669] do_renameat2+0xb59/0xc70 [ 35.498473] ? do_mknodat.part.0+0x480/0x480 [ 35.502885] ? vfs_write+0x393/0x540 [ 35.506590] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.512512] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.517808] __x64_sys_rename+0x5d/0x80 [ 35.521783] do_syscall_64+0xf9/0x620 [ 35.525674] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.530861] RIP: 0033:0x7f91ae7734b9 [ 35.534687] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 35.554023] RSP: 002b:00007ffc12960068 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 35.562552] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f91ae7734b9 [ 35.570125] RDX: 00000000000000b0 RSI: 00000000200000c0 RDI: 0000000020000200 [ 35.577841] RBP: 00007ffc129600b0 R08: 0000000000000002 R09: aaaaaaaaaaaa0102 [ 35.585497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 35.593449] R13: 00007f91ae7e177c R14: 0000000000000003 R15: 0000000000000001 [ 35.601014] [ 35.602887] The buggy address belongs to the page: [ 35.608371] page:ffffea0002339280 count:2 mapcount:0 mapping:ffff8880b1b0fae0 index:0xe [ 35.619144] flags: 0xfff00000001074(referenced|dirty|lru|active|private) [ 35.627220] raw: 00fff00000001074 ffffea000295a608 ffffea00023392c8 ffff8880b1b0fae0 [ 35.637496] raw: 000000000000000e ffff88808dbd8d20 00000002ffffffff ffff8880b59f68c0 [ 35.647059] page dumped because: kasan: bad access detected [ 35.657473] page->mem_cgroup:ffff8880b59f68c0 [ 35.664493] [ 35.666607] Memory state around the buggy address: [ 35.671957] ffff88808ce4a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.681680] ffff88808ce4a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.690512] >ffff88808ce4a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.698607] ^ [ 35.704340] ffff88808ce4a980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.712793] ffff88808ce4aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.720147] ================================================================== [ 35.727890] Disabling lock debugging due to kernel taint [ 35.734649] Kernel panic - not syncing: panic_on_warn set ... [ 35.734649] [ 35.742388] CPU: 0 PID: 8112 Comm: syz-executor370 Tainted: G B 4.19.211-syzkaller #0 [ 35.751971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 35.761779] Call Trace: [ 35.764365] dump_stack+0x1fc/0x2ef [ 35.768201] panic+0x26a/0x50e [ 35.771570] ? __warn_printk+0xf3/0xf3 [ 35.775740] ? preempt_schedule_common+0x45/0xc0 [ 35.780583] ? ___preempt_schedule+0x16/0x18 [ 35.785190] ? trace_hardirqs_on+0x55/0x210 [ 35.789773] kasan_end_report+0x43/0x49 [ 35.793848] kasan_report_error.cold+0xa7/0x1b9 [ 35.799457] ? udf_write_fi+0x8f9/0xf40 [ 35.803611] kasan_report+0x8f/0xa0 [ 35.807706] ? udf_write_fi+0x8f9/0xf40 [ 35.812499] memset+0x20/0x40 [ 35.815597] udf_write_fi+0x8f9/0xf40 [ 35.819889] ? memset+0x20/0x40 [ 35.823584] udf_rename+0x45e/0x1270 [ 35.827834] ? udf_unlink+0x420/0x420 [ 35.832124] ? do_raw_spin_unlock+0x171/0x230 [ 35.836818] ? d_splice_alias+0x469/0xc30 [ 35.841672] ? take_dentry_name_snapshot+0xe8/0x140 [ 35.847484] ? lock_acquire+0x170/0x3c0 [ 35.852632] ? down_write_nested+0x36/0x90 [ 35.857712] vfs_rename+0x67e/0x1bc0 [ 35.861553] ? __d_alloc+0x9a0/0xa10 [ 35.865437] ? path_openat+0x2df0/0x2df0 [ 35.871354] ? do_raw_spin_unlock+0x171/0x230 [ 35.876580] ? _raw_spin_unlock+0x29/0x40 [ 35.881125] ? security_path_rename+0x1ed/0x2e0 [ 35.886279] do_renameat2+0xb59/0xc70 [ 35.891350] ? do_mknodat.part.0+0x480/0x480 [ 35.896283] ? vfs_write+0x393/0x540 [ 35.900121] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.907056] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.912263] __x64_sys_rename+0x5d/0x80 [ 35.916493] do_syscall_64+0xf9/0x620 [ 35.920301] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.925692] RIP: 0033:0x7f91ae7734b9 [ 35.929566] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 35.950117] RSP: 002b:00007ffc12960068 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 35.957825] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f91ae7734b9 [ 35.965814] RDX: 00000000000000b0 RSI: 00000000200000c0 RDI: 0000000020000200 [ 35.973343] RBP: 00007ffc129600b0 R08: 0000000000000002 R09: aaaaaaaaaaaa0102 [ 35.980861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 35.988381] R13: 00007f91ae7e177c R14: 0000000000000003 R15: 0000000000000001 [ 35.995977] Kernel Offset: disabled [ 36.000245] Rebooting in 86400 seconds..