[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.084162] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) [ 37.105339] FAULT_INJECTION: forcing a failure. [ 37.105339] name failslab, interval 1, probability 0, space 0, times 1 [ 37.116921] CPU: 0 PID: 8106 Comm: syz-executor075 Not tainted 4.19.211-syzkaller #0 [ 37.124807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.134157] Call Trace: [ 37.136736] dump_stack+0x1fc/0x2ef [ 37.140359] should_fail.cold+0xa/0xf [ 37.144143] ? setup_fault_attr+0x200/0x200 [ 37.148452] __should_failslab+0x115/0x180 [ 37.152673] should_failslab+0x5/0x10 [ 37.156452] kmem_cache_alloc_trace+0x284/0x380 [ 37.161116] udf_find_entry+0x540/0x1070 [ 37.165158] ? current_time+0x6f/0x1c0 [ 37.169061] ? check_preemption_disabled+0x41/0x280 [ 37.174130] ? empty_dir+0x7e0/0x7e0 [ 37.177832] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.182853] ? mark_buffer_dirty_inode+0xcd/0x3c0 [ 37.187692] udf_rename+0xd9e/0x1270 [ 37.191401] ? udf_unlink+0x420/0x420 [ 37.195186] ? d_splice_alias+0x4d4/0xc30 [ 37.199318] ? take_dentry_name_snapshot+0x9e/0x140 [ 37.204333] ? lock_acquire+0x170/0x3c0 [ 37.208294] ? down_write_nested+0x36/0x90 [ 37.212510] vfs_rename+0x67e/0x1bc0 [ 37.216211] ? path_openat+0x2df0/0x2df0 [ 37.220253] ? do_raw_spin_unlock+0x171/0x230 [ 37.224728] ? _raw_spin_unlock+0x29/0x40 [ 37.228862] ? security_path_rename+0x1ed/0x2e0 [ 37.233524] do_renameat2+0xb59/0xc70 [ 37.237310] ? do_mknodat.part.0+0x480/0x480 [ 37.241714] ? check_preemption_disabled+0x41/0x280 [ 37.246719] ? ksys_write+0x1c8/0x2a0 [ 37.250507] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.255853] __x64_sys_renameat+0x96/0x100 [ 37.260109] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.264688] do_syscall_64+0xf9/0x620 [ 37.268478] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.273650] RIP: 0033:0x7f5db2630579 [ 37.277359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 37.296241] RSP: 002b:00007ffd44cabf78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 37.303930] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5db2630579 [ 37.311181] RDX: 0000000000000004 RSI: 0000000020000180 RDI: 0000000000000005 [ 37.318430] RBP: 00007ffd44cabf80 R08: 0000000000000002 R09: 00007f5db2003231 [ 37.325677] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000006 [ 37.332926] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 37.354608] ================================================================== [ 37.362127] BUG: KASAN: out-of-bounds in udf_write_fi+0x8f9/0xf40 [ 37.368363] Write of size 18446744073709551572 at addr ffff88808e6ea62c by task syz-executor075/8106 [ 37.377611] [ 37.379233] CPU: 0 PID: 8106 Comm: syz-executor075 Not tainted 4.19.211-syzkaller #0 [ 37.387090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.396421] Call Trace: [ 37.398996] dump_stack+0x1fc/0x2ef [ 37.402613] print_address_description.cold+0x54/0x219 [ 37.407877] kasan_report_error.cold+0x8a/0x1b9 [ 37.412527] ? udf_write_fi+0x8f9/0xf40 [ 37.416534] kasan_report+0x8f/0xa0 [ 37.420152] ? udf_write_fi+0x8f9/0xf40 [ 37.424120] memset+0x20/0x40 [ 37.427207] udf_write_fi+0x8f9/0xf40 [ 37.430990] ? memset+0x20/0x40 [ 37.434250] udf_rename+0xdb4/0x1270 [ 37.437947] ? udf_unlink+0x420/0x420 [ 37.441730] ? d_splice_alias+0x4d4/0xc30 [ 37.445866] ? take_dentry_name_snapshot+0x9e/0x140 [ 37.450864] ? lock_acquire+0x170/0x3c0 [ 37.454822] ? down_write_nested+0x36/0x90 [ 37.459043] vfs_rename+0x67e/0x1bc0 [ 37.462748] ? path_openat+0x2df0/0x2df0 [ 37.466789] ? do_raw_spin_unlock+0x171/0x230 [ 37.471268] ? _raw_spin_unlock+0x29/0x40 [ 37.475397] ? security_path_rename+0x1ed/0x2e0 [ 37.480050] do_renameat2+0xb59/0xc70 [ 37.483837] ? do_mknodat.part.0+0x480/0x480 [ 37.488227] ? check_preemption_disabled+0x41/0x280 [ 37.493227] ? ksys_write+0x1c8/0x2a0 [ 37.497011] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.502367] __x64_sys_renameat+0x96/0x100 [ 37.506586] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.511152] do_syscall_64+0xf9/0x620 [ 37.514937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.520120] RIP: 0033:0x7f5db2630579 [ 37.523820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 37.542702] RSP: 002b:00007ffd44cabf78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 37.550391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5db2630579 [ 37.557640] RDX: 0000000000000004 RSI: 0000000020000180 RDI: 0000000000000005 [ 37.564890] RBP: 00007ffd44cabf80 R08: 0000000000000002 R09: 00007f5db2003231 [ 37.572140] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000006 [ 37.579398] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 37.586653] [ 37.588254] The buggy address belongs to the page: [ 37.593160] page:ffffea000239ba80 count:2 mapcount:0 mapping:ffff88808ff51be0 index:0xb0 [ 37.601368] flags: 0xfff00000001074(referenced|dirty|lru|active|private) [ 37.608188] raw: 00fff00000001074 ffffea000241cf08 ffffea0002466c88 ffff88808ff51be0 [ 37.616056] raw: 00000000000000b0 ffff88808dbb6690 00000002ffffffff ffff8880b59f68c0 [ 37.623912] page dumped because: kasan: bad access detected [ 37.629597] page->mem_cgroup:ffff8880b59f68c0 [ 37.634064] [ 37.635666] Memory state around the buggy address: [ 37.640585] ffff88808e6ea500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.647942] ffff88808e6ea580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.655279] >ffff88808e6ea600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.662626] ^ [ 37.667273] ffff88808e6ea680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.674611] ffff88808e6ea700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.682036] ================================================================== [ 37.689371] Disabling lock debugging due to kernel taint [ 37.695013] Kernel panic - not syncing: panic_on_warn set ... [ 37.695013] [ 37.702390] CPU: 0 PID: 8106 Comm: syz-executor075 Tainted: G B 4.19.211-syzkaller #0 [ 37.711658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.721008] Call Trace: [ 37.723584] dump_stack+0x1fc/0x2ef [ 37.727195] panic+0x26a/0x50e [ 37.730366] ? __warn_printk+0xf3/0xf3 [ 37.734237] ? preempt_schedule_common+0x45/0xc0 [ 37.738973] ? ___preempt_schedule+0x16/0x18 [ 37.743364] ? trace_hardirqs_on+0x55/0x210 [ 37.747680] kasan_end_report+0x43/0x49 [ 37.751907] kasan_report_error.cold+0xa7/0x1b9 [ 37.756556] ? udf_write_fi+0x8f9/0xf40 [ 37.760506] kasan_report+0x8f/0xa0 [ 37.764116] ? udf_write_fi+0x8f9/0xf40 [ 37.768076] memset+0x20/0x40 [ 37.771164] udf_write_fi+0x8f9/0xf40 [ 37.774949] ? memset+0x20/0x40 [ 37.778209] udf_rename+0xdb4/0x1270 [ 37.781904] ? udf_unlink+0x420/0x420 [ 37.785698] ? d_splice_alias+0x4d4/0xc30 [ 37.789836] ? take_dentry_name_snapshot+0x9e/0x140 [ 37.794833] ? lock_acquire+0x170/0x3c0 [ 37.798808] ? down_write_nested+0x36/0x90 [ 37.803284] vfs_rename+0x67e/0x1bc0 [ 37.807000] ? path_openat+0x2df0/0x2df0 [ 37.811040] ? do_raw_spin_unlock+0x171/0x230 [ 37.815533] ? _raw_spin_unlock+0x29/0x40 [ 37.819664] ? security_path_rename+0x1ed/0x2e0 [ 37.824332] do_renameat2+0xb59/0xc70 [ 37.828114] ? do_mknodat.part.0+0x480/0x480 [ 37.832503] ? check_preemption_disabled+0x41/0x280 [ 37.837500] ? ksys_write+0x1c8/0x2a0 [ 37.841455] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.846797] __x64_sys_renameat+0x96/0x100 [ 37.851018] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.855578] do_syscall_64+0xf9/0x620 [ 37.859361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.864528] RIP: 0033:0x7f5db2630579 [ 37.868221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 37.887287] RSP: 002b:00007ffd44cabf78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 37.894990] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5db2630579 [ 37.902244] RDX: 0000000000000004 RSI: 0000000020000180 RDI: 0000000000000005 [ 37.909493] RBP: 00007ffd44cabf80 R08: 0000000000000002 R09: 00007f5db2003231 [ 37.916738] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000006 [ 37.923988] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 37.931449] Kernel Offset: disabled [ 37.935069] Rebooting in 86400 seconds..