Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. executing program [ 32.809918] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 32.816750] UDF-fs: Scanning with blocksize 512 failed [ 32.824000] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 32.830672] UDF-fs: Scanning with blocksize 1024 failed [ 32.837184] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 32.844309] UDF-fs: Scanning with blocksize 2048 failed [ 32.850068] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 32.860686] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 32.871575] ================================================================== [ 32.879019] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x6e3/0x7d0 [ 32.885846] Write of size 4 at addr ffff8880ac11e230 by task syz-executor117/7974 [ 32.893457] [ 32.895076] CPU: 0 PID: 7974 Comm: syz-executor117 Not tainted 4.14.302-syzkaller #0 [ 32.902942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.912272] Call Trace: [ 32.914862] dump_stack+0x1b2/0x281 [ 32.918470] print_address_description.cold+0x54/0x1d3 [ 32.923719] kasan_report_error.cold+0x8a/0x191 [ 32.928362] ? udf_write_aext+0x6e3/0x7d0 [ 32.932479] __asan_report_store_n_noabort+0x6b/0x80 [ 32.937554] ? udf_write_aext+0x6e3/0x7d0 [ 32.941673] udf_write_aext+0x6e3/0x7d0 [ 32.945620] udf_add_entry+0xc54/0x2710 [ 32.949569] ? udf_write_fi+0xe80/0xe80 [ 32.953516] ? udf_new_inode+0x891/0xce0 [ 32.957586] ? lock_acquire+0x170/0x3f0 [ 32.961545] udf_mkdir+0x122/0x620 [ 32.965071] ? putname+0xcd/0x110 [ 32.968502] ? udf_create+0x160/0x160 [ 32.972279] ? map_id_up+0xe9/0x180 [ 32.975885] ? security_inode_permission+0xb5/0xf0 [ 32.980789] ? security_inode_mkdir+0xca/0x100 [ 32.985343] vfs_mkdir+0x463/0x6e0 [ 32.988855] SyS_mkdirat+0x1fd/0x270 [ 32.992542] ? SyS_mknod+0x30/0x30 [ 32.996053] ? do_syscall_64+0x4c/0x640 [ 32.999997] ? SyS_mkdirat+0x270/0x270 [ 33.003856] do_syscall_64+0x1d5/0x640 [ 33.007724] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 33.012887] RIP: 0033:0x7ffba87b5e67 [ 33.016568] RSP: 002b:00007ffec0441a18 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 [ 33.024248] RAX: ffffffffffffffda RBX: 00005555570e22c0 RCX: 00007ffba87b5e67 [ 33.031500] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040 [ 33.038753] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 33.046001] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000040 [ 33.053245] R13: 00000000200002c0 R14: 0000000000000000 R15: 00007ffec0441ab0 [ 33.060491] [ 33.062093] Allocated by task 7974: [ 33.065693] kasan_kmalloc+0xeb/0x160 [ 33.069464] __kmalloc+0x15a/0x400 [ 33.072978] udf_new_inode+0x1f6/0xce0 [ 33.076837] udf_mkdir+0x95/0x620 [ 33.080261] vfs_mkdir+0x463/0x6e0 [ 33.083779] SyS_mkdirat+0x1fd/0x270 [ 33.087464] do_syscall_64+0x1d5/0x640 [ 33.091325] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 33.096480] [ 33.098078] Freed by task 6330: [ 33.101327] kasan_slab_free+0xc3/0x1a0 [ 33.105271] kfree+0xc9/0x250 [ 33.108351] kvfree+0x45/0x50 [ 33.111429] seq_release+0x4f/0x70 [ 33.114942] kernfs_fop_release+0xdc/0x180 [ 33.119148] __fput+0x25f/0x7a0 [ 33.122398] task_work_run+0x11f/0x190 [ 33.126255] exit_to_usermode_loop+0x1ad/0x200 [ 33.130810] do_syscall_64+0x4a3/0x640 [ 33.134667] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 33.139824] [ 33.141423] The buggy address belongs to the object at ffff8880ac11e240 [ 33.141423] which belongs to the cache kmalloc-4096 of size 4096 [ 33.154240] The buggy address is located 16 bytes to the left of [ 33.154240] 4096-byte region [ffff8880ac11e240, ffff8880ac11f240) [ 33.166514] The buggy address belongs to the page: [ 33.171414] page:ffffea0002b04780 count:1 mapcount:0 mapping:ffff8880ac11e240 index:0x0 compound_mapcount: 0 [ 33.181353] flags: 0xfff00000008100(slab|head) [ 33.185912] raw: 00fff00000008100 ffff8880ac11e240 0000000000000000 0000000100000001 [ 33.193763] raw: ffffea000256ab20 ffffea0002cb27a0 ffff88813fe74dc0 0000000000000000 [ 33.201610] page dumped because: kasan: bad access detected [ 33.207298] [ 33.208909] Memory state around the buggy address: [ 33.213808] ffff8880ac11e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.221136] ffff8880ac11e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.228589] >ffff8880ac11e200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 33.236098] ^ [ 33.241002] ffff8880ac11e280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.248333] ffff8880ac11e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.255750] ================================================================== [ 33.263084] Disabling lock debugging due to kernel taint [ 33.268941] Kernel panic - not syncing: panic_on_warn set ... [ 33.268941] [ 33.276305] CPU: 0 PID: 7974 Comm: syz-executor117 Tainted: G B 4.14.302-syzkaller #0 [ 33.285385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.294723] Call Trace: [ 33.297287] dump_stack+0x1b2/0x281 [ 33.300886] panic+0x1f9/0x42d [ 33.304049] ? add_taint.cold+0x16/0x16 [ 33.307995] ? ___preempt_schedule+0x16/0x18 [ 33.312376] kasan_end_report+0x43/0x49 [ 33.316319] kasan_report_error.cold+0xa7/0x191 [ 33.321311] ? udf_write_aext+0x6e3/0x7d0 [ 33.325428] __asan_report_store_n_noabort+0x6b/0x80 [ 33.330502] ? udf_write_aext+0x6e3/0x7d0 [ 33.334620] udf_write_aext+0x6e3/0x7d0 [ 33.338565] udf_add_entry+0xc54/0x2710 [ 33.342513] ? udf_write_fi+0xe80/0xe80 [ 33.346456] ? udf_new_inode+0x891/0xce0 [ 33.350491] ? lock_acquire+0x170/0x3f0 [ 33.354435] udf_mkdir+0x122/0x620 [ 33.357946] ? putname+0xcd/0x110 [ 33.361370] ? udf_create+0x160/0x160 [ 33.365141] ? map_id_up+0xe9/0x180 [ 33.368739] ? security_inode_permission+0xb5/0xf0 [ 33.373637] ? security_inode_mkdir+0xca/0x100 [ 33.378189] vfs_mkdir+0x463/0x6e0 [ 33.381705] SyS_mkdirat+0x1fd/0x270 [ 33.385388] ? SyS_mknod+0x30/0x30 [ 33.388900] ? do_syscall_64+0x4c/0x640 [ 33.392842] ? SyS_mkdirat+0x270/0x270 [ 33.396698] do_syscall_64+0x1d5/0x640 [ 33.400559] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 33.405718] RIP: 0033:0x7ffba87b5e67 [ 33.409398] RSP: 002b:00007ffec0441a18 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 [ 33.417075] RAX: ffffffffffffffda RBX: 00005555570e22c0 RCX: 00007ffba87b5e67 [ 33.424314] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040 [ 33.431565] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 33.438811] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000040 [ 33.446056] R13: 00000000200002c0 R14: 0000000000000000 R15: 00007ffec0441ab0 [ 33.453467] Kernel Offset: disabled [ 33.457073] Rebooting in 86400 seconds..