Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.624366] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 32.631721] UDF-fs: Scanning with blocksize 512 failed [ 32.644297] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 32.656786] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/09/12 12:00 (1000) [ 32.668704] FAULT_INJECTION: forcing a failure. [ 32.668704] name failslab, interval 1, probability 0, space 0, times 1 [ 32.681301] CPU: 1 PID: 8108 Comm: syz-executor213 Not tainted 4.19.211-syzkaller #0 [ 32.689194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 32.698546] Call Trace: [ 32.701138] dump_stack+0x1fc/0x2ef [ 32.704777] should_fail.cold+0xa/0xf [ 32.708565] ? setup_fault_attr+0x200/0x200 [ 32.712937] __should_failslab+0x115/0x180 [ 32.717156] should_failslab+0x5/0x10 [ 32.720936] kmem_cache_alloc_trace+0x284/0x380 [ 32.725583] udf_find_entry+0x540/0x1070 [ 32.729633] ? lock_downgrade+0x720/0x720 [ 32.733762] ? check_preemption_disabled+0x41/0x280 [ 32.738764] ? empty_dir+0x7e0/0x7e0 [ 32.742541] ? __mark_inode_dirty+0xcf0/0x1140 [ 32.747113] udf_rename+0x447/0x1270 [ 32.750904] ? udf_unlink+0x420/0x420 [ 32.754687] ? do_raw_spin_unlock+0x171/0x230 [ 32.759165] ? d_splice_alias+0x469/0xc30 [ 32.763310] ? take_dentry_name_snapshot+0x9e/0x140 [ 32.768312] ? lock_acquire+0x170/0x3c0 [ 32.772270] ? down_write_nested+0x36/0x90 [ 32.776487] vfs_rename+0x67e/0x1bc0 [ 32.780187] ? __d_alloc+0x9a0/0xa10 [ 32.783887] ? path_openat+0x2df0/0x2df0 [ 32.787928] ? do_raw_spin_unlock+0x171/0x230 [ 32.792404] ? _raw_spin_unlock+0x29/0x40 [ 32.796534] ? security_path_rename+0x1ed/0x2e0 [ 32.801185] do_renameat2+0xb59/0xc70 [ 32.804969] ? do_mknodat.part.0+0x480/0x480 [ 32.809359] ? vfs_write+0x393/0x540 [ 32.813060] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.818404] ? trace_hardirqs_off_caller+0x6e/0x210 [ 32.823414] __x64_sys_rename+0x5d/0x80 [ 32.827384] do_syscall_64+0xf9/0x620 [ 32.831168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.836349] RIP: 0033:0x7fad4079f229 [ 32.840053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.858950] RSP: 002b:00007ffee9500ab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 32.866638] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fad4079f229 [ 32.873887] RDX: 0000000000000ad0 RSI: 0000000020000880 RDI: 00000000200007c0 [ 32.881138] RBP: 00007ffee9500ad0 R08: 0000000000000002 R09: 00007ffee9500a50 [ 32.888388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 32.895638] R13: 00007ffee9500be0 R14: 431bde82d7b634db R15: 00007ffee9500ae0 [ 32.910930] ================================================================== [ 32.918525] BUG: KASAN: null-ptr-deref in udf_write_fi+0x377/0xf40 [ 32.924935] Write of size 18446744073709551572 at addr 0000000000000020 by task syz-executor213/8108 [ 32.934195] [ 32.935808] CPU: 0 PID: 8108 Comm: syz-executor213 Not tainted 4.19.211-syzkaller #0 [ 32.943685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 32.953025] Call Trace: [ 32.955604] dump_stack+0x1fc/0x2ef [ 32.959218] kasan_report_error.cold+0x15b/0x1b9 [ 32.963958] ? udf_write_fi+0x377/0xf40 [ 32.967920] kasan_report+0x8f/0xa0 [ 32.971529] ? udf_write_fi+0x377/0xf40 [ 32.975493] memset+0x20/0x40 [ 32.978584] udf_write_fi+0x377/0xf40 [ 32.982370] udf_rename+0x45e/0x1270 [ 32.986067] ? udf_unlink+0x420/0x420 [ 32.989847] ? do_raw_spin_unlock+0x171/0x230 [ 32.994325] ? d_splice_alias+0x469/0xc30 [ 32.998460] ? take_dentry_name_snapshot+0x9e/0x140 [ 33.003479] ? lock_acquire+0x170/0x3c0 [ 33.007450] ? down_write_nested+0x36/0x90 [ 33.011670] vfs_rename+0x67e/0x1bc0 [ 33.015369] ? __d_alloc+0x9a0/0xa10 [ 33.019064] ? path_openat+0x2df0/0x2df0 [ 33.023117] ? do_raw_spin_unlock+0x171/0x230 [ 33.027592] ? _raw_spin_unlock+0x29/0x40 [ 33.031721] ? security_path_rename+0x1ed/0x2e0 [ 33.036372] do_renameat2+0xb59/0xc70 [ 33.040157] ? do_mknodat.part.0+0x480/0x480 [ 33.044549] ? vfs_write+0x393/0x540 [ 33.048258] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.053613] ? trace_hardirqs_off_caller+0x6e/0x210 [ 33.058616] __x64_sys_rename+0x5d/0x80 [ 33.062571] do_syscall_64+0xf9/0x620 [ 33.066356] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.071525] RIP: 0033:0x7fad4079f229 [ 33.075223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.094113] RSP: 002b:00007ffee9500ab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 33.101834] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fad4079f229 [ 33.109084] RDX: 0000000000000ad0 RSI: 0000000020000880 RDI: 00000000200007c0 [ 33.116336] RBP: 00007ffee9500ad0 R08: 0000000000000002 R09: 00007ffee9500a50 [ 33.123587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 33.130837] R13: 00007ffee9500be0 R14: 431bde82d7b634db R15: 00007ffee9500ae0 [ 33.138107] ================================================================== [ 33.145446] Disabling lock debugging due to kernel taint [ 33.151840] Kernel panic - not syncing: panic_on_warn set ... [ 33.151840] [ 33.159218] CPU: 0 PID: 8108 Comm: syz-executor213 Tainted: G B 4.19.211-syzkaller #0 [ 33.168475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 33.177806] Call Trace: [ 33.180377] dump_stack+0x1fc/0x2ef [ 33.183990] panic+0x26a/0x50e [ 33.187162] ? __warn_printk+0xf3/0xf3 [ 33.191029] ? preempt_schedule_common+0x45/0xc0 [ 33.195778] ? ___preempt_schedule+0x16/0x18 [ 33.200166] ? trace_hardirqs_on+0x55/0x210 [ 33.204573] kasan_end_report+0x43/0x49 [ 33.208537] kasan_report_error.cold+0xa7/0x1b9 [ 33.213192] ? udf_write_fi+0x377/0xf40 [ 33.217144] kasan_report+0x8f/0xa0 [ 33.220749] ? udf_write_fi+0x377/0xf40 [ 33.224702] memset+0x20/0x40 [ 33.227786] udf_write_fi+0x377/0xf40 [ 33.231570] udf_rename+0x45e/0x1270 [ 33.235263] ? udf_unlink+0x420/0x420 [ 33.239039] ? do_raw_spin_unlock+0x171/0x230 [ 33.243510] ? d_splice_alias+0x469/0xc30 [ 33.247639] ? take_dentry_name_snapshot+0x9e/0x140 [ 33.252635] ? lock_acquire+0x170/0x3c0 [ 33.256589] ? down_write_nested+0x36/0x90 [ 33.260809] vfs_rename+0x67e/0x1bc0 [ 33.264581] ? __d_alloc+0x9a0/0xa10 [ 33.268286] ? path_openat+0x2df0/0x2df0 [ 33.272330] ? do_raw_spin_unlock+0x171/0x230 [ 33.276807] ? _raw_spin_unlock+0x29/0x40 [ 33.280961] ? security_path_rename+0x1ed/0x2e0 [ 33.285641] do_renameat2+0xb59/0xc70 [ 33.290476] ? do_mknodat.part.0+0x480/0x480 [ 33.294866] ? vfs_write+0x393/0x540 [ 33.298576] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.303920] ? trace_hardirqs_off_caller+0x6e/0x210 [ 33.308916] __x64_sys_rename+0x5d/0x80 [ 33.312881] do_syscall_64+0xf9/0x620 [ 33.316674] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.321859] RIP: 0033:0x7fad4079f229 [ 33.325553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.344433] RSP: 002b:00007ffee9500ab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 33.352132] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fad4079f229 [ 33.359382] RDX: 0000000000000ad0 RSI: 0000000020000880 RDI: 00000000200007c0 [ 33.366631] RBP: 00007ffee9500ad0 R08: 0000000000000002 R09: 00007ffee9500a50 [ 33.373882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 33.381314] R13: 00007ffee9500be0 R14: 431bde82d7b634db R15: 00007ffee9500ae0 [ 33.388636] Kernel Offset: disabled [ 33.392279] Rebooting in 86400 seconds..