[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   61.524104][ T6821] ==================================================================
[   61.532280][ T6821] BUG: KASAN: use-after-free in path_init+0x116b/0x13c0
[   61.539237][ T6821] Read of size 8 at addr ffff8880950a8a80 by task syz-executor167/6821
[   61.547442][ T6821] 
[   61.549751][ T6821] CPU: 0 PID: 6821 Comm: syz-executor167 Not tainted 5.8.0-syzkaller #0
[   61.558058][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   61.568088][ T6821] Call Trace:
[   61.571370][ T6821]  dump_stack+0x18f/0x20d
[   61.575689][ T6821]  ? path_init+0x116b/0x13c0
[   61.580268][ T6821]  ? path_init+0x116b/0x13c0
[   61.584849][ T6821]  print_address_description.constprop.0.cold+0xae/0x497
[   61.591852][ T6821]  ? vprintk_func+0x97/0x1a6
[   61.596434][ T6821]  ? path_init+0x116b/0x13c0
[   61.600997][ T6821]  ? path_init+0x116b/0x13c0
[   61.605576][ T6821]  kasan_report.cold+0x1f/0x37
[   61.610329][ T6821]  ? path_init+0x116b/0x13c0
[   61.614897][ T6821]  path_init+0x116b/0x13c0
[   61.619289][ T6821]  ? __kasan_slab_free+0xd8/0x120
[   61.624301][ T6821]  ? kmem_cache_free.part.0+0x67/0x1f0
[   61.629799][ T6821]  ? putname+0xe1/0x120
[   61.633929][ T6821]  ? do_rmdir+0x145/0x440
[   61.638235][ T6821]  ? do_syscall_64+0x2d/0x70
[   61.642804][ T6821]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   61.648851][ T6821]  path_parentat+0x22/0x1b0
[   61.653346][ T6821]  filename_parentat+0x188/0x560
[   61.658276][ T6821]  ? getname+0xd0/0xd0
[   61.662326][ T6821]  ? lockdep_hardirqs_off+0x89/0xc0
[   61.667504][ T6821]  ? _raw_spin_unlock_irqrestore+0x9b/0xe0
[   61.673284][ T6821]  ? lockdep_hardirqs_off+0x89/0xc0
[   61.678472][ T6821]  ? check_preemption_disabled+0x50/0x130
[   61.684200][ T6821]  ? putname+0xe1/0x120
[   61.688334][ T6821]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   61.693850][ T6821]  ? putname+0xe1/0x120
[   61.697981][ T6821]  ? kmem_cache_free.part.0+0x1c4/0x1f0
[   61.703500][ T6821]  do_rmdir+0xa8/0x440
[   61.707562][ T6821]  ? __ia32_sys_mkdir+0x80/0x80
[   61.712391][ T6821]  ? strncpy_from_user+0x2bf/0x3e0
[   61.717482][ T6821]  ? trace_hardirqs_on+0x5f/0x220
[   61.722499][ T6821]  do_syscall_64+0x2d/0x70
[   61.726894][ T6821]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   61.732763][ T6821] RIP: 0033:0x4403e9
[   61.736665][ T6821] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   61.756252][ T6821] RSP: 002b:00007ffd4e3bdb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[   61.764641][ T6821] RAX: ffffffffffffffda RBX: 69662f7375622f2e RCX: 00000000004403e9
[   61.772590][ T6821] RDX: 00000000004403e9 RSI: 00000000004403e9 RDI: 0000000020000080
[   61.780539][ T6821] RBP: 2f31656c69662f2e R08: 0000000000000000 R09: 0000000000000000
[   61.788488][ T6821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401bf0
[   61.796443][ T6821] R13: 0000000000401c80 R14: 0000000000000000 R15: 0000000000000000
[   61.804410][ T6821] 
[   61.806718][ T6821] Allocated by task 6821:
[   61.811028][ T6821]  kasan_save_stack+0x1b/0x40
[   61.815684][ T6821]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   61.821290][ T6821]  kmem_cache_alloc+0x138/0x3a0
[   61.826129][ T6821]  getname_flags.part.0+0x50/0x4f0
[   61.831213][ T6821]  __x64_sys_rmdir+0xb1/0x100
[   61.835884][ T6821]  do_syscall_64+0x2d/0x70
[   61.840292][ T6821]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   61.846151][ T6821] 
[   61.848451][ T6821] Freed by task 6821:
[   61.852420][ T6821]  kasan_save_stack+0x1b/0x40
[   61.857088][ T6821]  kasan_set_track+0x1c/0x30
[   61.861656][ T6821]  kasan_set_free_info+0x1b/0x30
[   61.866574][ T6821]  __kasan_slab_free+0xd8/0x120
[   61.871415][ T6821]  kmem_cache_free.part.0+0x67/0x1f0
[   61.876675][ T6821]  putname+0xe1/0x120
[   61.880630][ T6821]  do_rmdir+0x145/0x440
[   61.884768][ T6821]  do_syscall_64+0x2d/0x70
[   61.889179][ T6821]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   61.895055][ T6821] 
[   61.897362][ T6821] The buggy address belongs to the object at ffff8880950a8a80
[   61.897362][ T6821]  which belongs to the cache names_cache of size 4096
[   61.911488][ T6821] The buggy address is located 0 bytes inside of
[   61.911488][ T6821]  4096-byte region [ffff8880950a8a80, ffff8880950a9a80)
[   61.924644][ T6821] The buggy address belongs to the page:
[   61.930256][ T6821] page:00000000c8532513 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x950a8
[   61.940381][ T6821] head:00000000c8532513 order:1 compound_mapcount:0
[   61.946960][ T6821] flags: 0xfffe0000010200(slab|head)
[   61.952222][ T6821] raw: 00fffe0000010200 ffffea0002540e88 ffffea000251ef88 ffff88821bc47a00
[   61.960782][ T6821] raw: 0000000000000000 ffff8880950a8a80 0000000100000001 0000000000000000
[   61.969339][ T6821] page dumped because: kasan: bad access detected
[   61.975730][ T6821] 
[   61.978038][ T6821] Memory state around the buggy address:
[   61.983660][ T6821]  ffff8880950a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   61.991719][ T6821]  ffff8880950a8a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   61.999767][ T6821] >ffff8880950a8a80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.007806][ T6821]                    ^
[   62.011861][ T6821]  ffff8880950a8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.019909][ T6821]  ffff8880950a8b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.027959][ T6821] ==================================================================
[   62.035992][ T6821] Disabling lock debugging due to kernel taint
[   62.042782][ T6821] Kernel panic - not syncing: panic_on_warn set ...
[   62.049388][ T6821] CPU: 0 PID: 6821 Comm: syz-executor167 Tainted: G    B             5.8.0-syzkaller #0
[   62.059092][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.069137][ T6821] Call Trace:
[   62.072426][ T6821]  dump_stack+0x18f/0x20d
[   62.076743][ T6821]  ? path_init+0x1160/0x13c0
[   62.081320][ T6821]  panic+0x2e3/0x75c
[   62.085189][ T6821]  ? __warn_printk+0xf3/0xf3
[   62.089767][ T6821]  ? preempt_schedule_common+0x59/0xc0
[   62.095202][ T6821]  ? path_init+0x116b/0x13c0
[   62.099781][ T6821]  ? preempt_schedule_thunk+0x16/0x18
[   62.105133][ T6821]  ? trace_hardirqs_on+0x55/0x220
[   62.110129][ T6821]  ? path_init+0x116b/0x13c0
[   62.114706][ T6821]  ? path_init+0x116b/0x13c0
[   62.119270][ T6821]  end_report+0x4d/0x53
[   62.123421][ T6821]  kasan_report.cold+0xd/0x37
[   62.128071][ T6821]  ? path_init+0x116b/0x13c0
[   62.132632][ T6821]  path_init+0x116b/0x13c0
[   62.137026][ T6821]  ? __kasan_slab_free+0xd8/0x120
[   62.142024][ T6821]  ? kmem_cache_free.part.0+0x67/0x1f0
[   62.147452][ T6821]  ? putname+0xe1/0x120
[   62.151578][ T6821]  ? do_rmdir+0x145/0x440
[   62.155883][ T6821]  ? do_syscall_64+0x2d/0x70
[   62.160457][ T6821]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.166497][ T6821]  path_parentat+0x22/0x1b0
[   62.170985][ T6821]  filename_parentat+0x188/0x560
[   62.175897][ T6821]  ? getname+0xd0/0xd0
[   62.179944][ T6821]  ? lockdep_hardirqs_off+0x89/0xc0
[   62.185141][ T6821]  ? _raw_spin_unlock_irqrestore+0x9b/0xe0
[   62.190917][ T6821]  ? lockdep_hardirqs_off+0x89/0xc0
[   62.196086][ T6821]  ? check_preemption_disabled+0x50/0x130
[   62.201777][ T6821]  ? putname+0xe1/0x120
[   62.205920][ T6821]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   62.211436][ T6821]  ? putname+0xe1/0x120
[   62.215580][ T6821]  ? kmem_cache_free.part.0+0x1c4/0x1f0
[   62.221145][ T6821]  do_rmdir+0xa8/0x440
[   62.225195][ T6821]  ? __ia32_sys_mkdir+0x80/0x80
[   62.230020][ T6821]  ? strncpy_from_user+0x2bf/0x3e0
[   62.235111][ T6821]  ? trace_hardirqs_on+0x5f/0x220
[   62.240134][ T6821]  do_syscall_64+0x2d/0x70
[   62.244529][ T6821]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.250391][ T6821] RIP: 0033:0x4403e9
[   62.254272][ T6821] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   62.273872][ T6821] RSP: 002b:00007ffd4e3bdb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[   62.282275][ T6821] RAX: ffffffffffffffda RBX: 69662f7375622f2e RCX: 00000000004403e9
[   62.290237][ T6821] RDX: 00000000004403e9 RSI: 00000000004403e9 RDI: 0000000020000080
[   62.298182][ T6821] RBP: 2f31656c69662f2e R08: 0000000000000000 R09: 0000000000000000
[   62.306127][ T6821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401bf0
[   62.314073][ T6821] R13: 0000000000401c80 R14: 0000000000000000 R15: 0000000000000000
[   62.323005][ T6821] Kernel Offset: disabled
[   62.327319][ T6821] Rebooting in 86400 seconds..