[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.617922] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 32.624820] UDF-fs: Scanning with blocksize 512 failed [ 32.630886] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 32.637693] UDF-fs: Scanning with blocksize 1024 failed [ 32.643541] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 32.650321] UDF-fs: Scanning with blocksize 2048 failed [ 32.658043] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/09/12 12:00 (1000) [ 32.668460] ================================================================== [ 32.675893] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x7b3/0x7d0 [ 32.682717] Write of size 4 at addr ffff8880b3018938 by task syz-executor202/7975 [ 32.690324] [ 32.691942] CPU: 1 PID: 7975 Comm: syz-executor202 Not tainted 4.14.294-syzkaller #0 [ 32.699800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 32.709131] Call Trace: [ 32.711697] dump_stack+0x1b2/0x281 [ 32.715317] print_address_description.cold+0x54/0x1d3 [ 32.720568] kasan_report_error.cold+0x8a/0x191 [ 32.725215] ? udf_write_aext+0x7b3/0x7d0 [ 32.729339] __asan_report_store_n_noabort+0x6b/0x80 [ 32.734428] ? udf_write_aext+0x7b3/0x7d0 [ 32.738552] udf_write_aext+0x7b3/0x7d0 [ 32.742505] udf_add_entry+0xc54/0x2710 [ 32.746456] ? udf_write_fi+0xe80/0xe80 [ 32.750404] ? udf_new_inode+0x891/0xce0 [ 32.754441] ? lock_acquire+0x170/0x3f0 [ 32.758389] udf_mkdir+0x122/0x620 [ 32.761904] ? putname+0xcd/0x110 [ 32.765330] ? udf_create+0x160/0x160 [ 32.769105] ? map_id_up+0xe9/0x180 [ 32.772711] ? security_inode_permission+0xb5/0xf0 [ 32.777623] ? security_inode_mkdir+0xca/0x100 [ 32.782189] vfs_mkdir+0x463/0x6e0 [ 32.785728] SyS_mkdirat+0x1fd/0x270 [ 32.789420] ? SyS_mknod+0x30/0x30 [ 32.792932] ? __close_fd+0x159/0x230 [ 32.796707] ? do_syscall_64+0x4c/0x640 [ 32.800666] ? SyS_mkdirat+0x270/0x270 [ 32.804530] do_syscall_64+0x1d5/0x640 [ 32.808395] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.813569] RIP: 0033:0x7f7826698249 [ 32.817252] RSP: 002b:00007ffc67cd0e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 32.824943] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7826698249 [ 32.832187] RDX: 00007f78266567e3 RSI: 0000000000000000 RDI: 0000000020000580 [ 32.839432] RBP: 00007f7826657ab0 R08: 0000000000000000 R09: 0000000000000000 [ 32.846675] R10: 00007ffc67cd0cd0 R11: 0000000000000246 R12: 00007f7826657b40 [ 32.853924] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.861171] [ 32.862785] Allocated by task 7975: [ 32.866393] kasan_kmalloc+0xeb/0x160 [ 32.870165] __kmalloc+0x15a/0x400 [ 32.873677] udf_new_inode+0x98d/0xce0 [ 32.877537] udf_mkdir+0x95/0x620 [ 32.880963] vfs_mkdir+0x463/0x6e0 [ 32.884476] SyS_mkdirat+0x1fd/0x270 [ 32.888160] do_syscall_64+0x1d5/0x640 [ 32.892027] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.897187] [ 32.898787] Freed by task 6227: [ 32.902042] kasan_slab_free+0xc3/0x1a0 [ 32.905987] kfree+0xc9/0x250 [ 32.909068] uevent_show+0x27e/0x330 [ 32.912757] dev_attr_show+0x4f/0xc0 [ 32.916447] sysfs_kf_seq_show+0x1dd/0x420 [ 32.920668] seq_read+0x4e4/0x1180 [ 32.924195] kernfs_fop_read+0xd7/0x500 [ 32.928168] __vfs_read+0xe4/0x620 [ 32.931686] vfs_read+0x139/0x340 [ 32.935115] SyS_read+0xf2/0x210 [ 32.938461] do_syscall_64+0x1d5/0x640 [ 32.942324] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.947483] [ 32.949121] The buggy address belongs to the object at ffff8880b3018940 [ 32.949121] which belongs to the cache kmalloc-4096 of size 4096 [ 32.961925] The buggy address is located 8 bytes to the left of [ 32.961925] 4096-byte region [ffff8880b3018940, ffff8880b3019940) [ 32.974117] The buggy address belongs to the page: [ 32.979020] page:ffffea0002cc0600 count:1 mapcount:0 mapping:ffff8880b3018940 index:0x0 compound_mapcount: 0 [ 32.988976] flags: 0xfff00000008100(slab|head) [ 32.993535] raw: 00fff00000008100 ffff8880b3018940 0000000000000000 0000000100000001 [ 33.001407] raw: ffffea0002cc2920 ffffea00025507a0 ffff88813fe74dc0 0000000000000000 [ 33.009264] page dumped because: kasan: bad access detected [ 33.014947] [ 33.016552] Memory state around the buggy address: [ 33.021454] ffff8880b3018800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.028786] ffff8880b3018880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.036127] >ffff8880b3018900: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 33.043460] ^ [ 33.048624] ffff8880b3018980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.055960] ffff8880b3018a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.063307] ================================================================== [ 33.070644] Disabling lock debugging due to kernel taint [ 33.076797] Kernel panic - not syncing: panic_on_warn set ... [ 33.076797] [ 33.084181] CPU: 1 PID: 7975 Comm: syz-executor202 Tainted: G B 4.14.294-syzkaller #0 [ 33.093259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 33.102600] Call Trace: [ 33.105168] dump_stack+0x1b2/0x281 [ 33.108770] panic+0x1f9/0x42d [ 33.111937] ? add_taint.cold+0x16/0x16 [ 33.115885] ? ___preempt_schedule+0x16/0x18 [ 33.120265] kasan_end_report+0x43/0x49 [ 33.124227] kasan_report_error.cold+0xa7/0x191 [ 33.128866] ? udf_write_aext+0x7b3/0x7d0 [ 33.132994] __asan_report_store_n_noabort+0x6b/0x80 [ 33.138083] ? udf_write_aext+0x7b3/0x7d0 [ 33.142212] udf_write_aext+0x7b3/0x7d0 [ 33.146162] udf_add_entry+0xc54/0x2710 [ 33.150115] ? udf_write_fi+0xe80/0xe80 [ 33.154061] ? udf_new_inode+0x891/0xce0 [ 33.158101] ? lock_acquire+0x170/0x3f0 [ 33.162048] udf_mkdir+0x122/0x620 [ 33.165561] ? putname+0xcd/0x110 [ 33.168985] ? udf_create+0x160/0x160 [ 33.172759] ? map_id_up+0xe9/0x180 [ 33.176375] ? security_inode_permission+0xb5/0xf0 [ 33.181288] ? security_inode_mkdir+0xca/0x100 [ 33.185842] vfs_mkdir+0x463/0x6e0 [ 33.189360] SyS_mkdirat+0x1fd/0x270 [ 33.193048] ? SyS_mknod+0x30/0x30 [ 33.196561] ? __close_fd+0x159/0x230 [ 33.200336] ? do_syscall_64+0x4c/0x640 [ 33.204293] ? SyS_mkdirat+0x270/0x270 [ 33.208153] do_syscall_64+0x1d5/0x640 [ 33.212018] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.217182] RIP: 0033:0x7f7826698249 [ 33.220880] RSP: 002b:00007ffc67cd0e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 33.228559] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7826698249 [ 33.235808] RDX: 00007f78266567e3 RSI: 0000000000000000 RDI: 0000000020000580 [ 33.243053] RBP: 00007f7826657ab0 R08: 0000000000000000 R09: 0000000000000000 [ 33.250298] R10: 00007ffc67cd0cd0 R11: 0000000000000246 R12: 00007f7826657b40 [ 33.257541] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 33.264968] Kernel Offset: disabled [ 33.268571] Rebooting in 86400 seconds..