Warning: Permanently added '10.128.0.188' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 48.664874] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 48.672190] UDF-fs: Scanning with blocksize 512 failed [ 48.682576] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 48.689303] UDF-fs: Scanning with blocksize 1024 failed [ 48.695133] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 48.701909] UDF-fs: Scanning with blocksize 2048 failed [ 48.709481] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 48.722191] ================================================================== [ 48.729823] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x6e3/0x7d0 [ 48.736666] Write of size 4 at addr ffff8880b2eca670 by task syz-executor368/7987 [ 48.744287] [ 48.745917] CPU: 0 PID: 7987 Comm: syz-executor368 Not tainted 4.14.302-syzkaller #0 [ 48.753883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 48.763701] Call Trace: [ 48.766274] dump_stack+0x1b2/0x281 [ 48.769883] print_address_description.cold+0x54/0x1d3 [ 48.775138] kasan_report_error.cold+0x8a/0x191 [ 48.780047] ? udf_write_aext+0x6e3/0x7d0 [ 48.784262] __asan_report_store_n_noabort+0x6b/0x80 [ 48.789443] ? udf_write_aext+0x6e3/0x7d0 [ 48.793574] udf_write_aext+0x6e3/0x7d0 [ 48.797618] udf_add_entry+0xc54/0x2710 [ 48.801583] ? udf_write_fi+0xe80/0xe80 [ 48.805721] ? udf_new_inode+0x891/0xce0 [ 48.809785] ? __d_lookup+0x3a0/0x660 [ 48.813576] udf_mkdir+0x122/0x620 [ 48.817114] ? putname+0xcd/0x110 [ 48.820551] ? udf_create+0x160/0x160 [ 48.824339] ? map_id_up+0xe9/0x180 [ 48.827954] ? security_inode_permission+0xb5/0xf0 [ 48.832866] ? security_inode_mkdir+0xca/0x100 [ 48.837432] vfs_mkdir+0x463/0x6e0 [ 48.840961] SyS_mkdirat+0x1fd/0x270 [ 48.844668] ? SyS_mknod+0x30/0x30 [ 48.848190] ? do_syscall_64+0x4c/0x640 [ 48.852144] ? SyS_mknod+0x30/0x30 [ 48.855664] do_syscall_64+0x1d5/0x640 [ 48.859538] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 48.864762] RIP: 0033:0x7f4923de5a79 [ 48.868456] RSP: 002b:00007fff29e50028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 48.876144] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f4923de5a79 [ 48.883524] RDX: 0000000000000004 RSI: 0000000020000100 RDI: 00000000ffffff9c [ 48.890782] RBP: 00007f4923da5080 R08: 0000000000000000 R09: 0000000000000000 [ 48.898043] R10: 000000000000189e R11: 0000000000000246 R12: 00007f4923da5110 [ 48.905383] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.912642] [ 48.914272] Allocated by task 7987: [ 48.917883] kasan_kmalloc+0xeb/0x160 [ 48.921662] __kmalloc+0x15a/0x400 [ 48.925180] udf_new_inode+0x98d/0xce0 [ 48.929044] udf_mkdir+0x95/0x620 [ 48.932475] vfs_mkdir+0x463/0x6e0 [ 48.935991] SyS_mkdirat+0x1fd/0x270 [ 48.939685] do_syscall_64+0x1d5/0x640 [ 48.943554] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 48.948718] [ 48.950324] Freed by task 6153: [ 48.953583] kasan_slab_free+0xc3/0x1a0 [ 48.957540] kfree+0xc9/0x250 [ 48.960628] uevent_show+0x27e/0x330 [ 48.964323] dev_attr_show+0x4f/0xc0 [ 48.968017] sysfs_kf_seq_show+0x1dd/0x420 [ 48.972228] seq_read+0x4e4/0x1180 [ 48.975744] kernfs_fop_read+0xd7/0x500 [ 48.979747] __vfs_read+0xe4/0x620 [ 48.983279] vfs_read+0x139/0x340 [ 48.986710] SyS_read+0xf2/0x210 [ 48.990054] do_syscall_64+0x1d5/0x640 [ 48.994090] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 48.999367] [ 49.000976] The buggy address belongs to the object at ffff8880b2eca680 [ 49.000976] which belongs to the cache kmalloc-4096 of size 4096 [ 49.013790] The buggy address is located 16 bytes to the left of [ 49.013790] 4096-byte region [ffff8880b2eca680, ffff8880b2ecb680) [ 49.026187] The buggy address belongs to the page: [ 49.031108] page:ffffea0002cbb280 count:1 mapcount:0 mapping:ffff8880b2eca680 index:0x0 compound_mapcount: 0 [ 49.041148] flags: 0xfff00000008100(slab|head) [ 49.045730] raw: 00fff00000008100 ffff8880b2eca680 0000000000000000 0000000100000001 [ 49.053587] raw: ffffea0002557e20 ffffea0002cb1ea0 ffff88813fe74dc0 0000000000000000 [ 49.061452] page dumped because: kasan: bad access detected [ 49.067240] [ 49.068930] Memory state around the buggy address: [ 49.073924] ffff8880b2eca500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.081258] ffff8880b2eca580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.088595] >ffff8880b2eca600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.095939] ^ [ 49.102946] ffff8880b2eca680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.110286] ffff8880b2eca700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.117619] ================================================================== [ 49.124955] Disabling lock debugging due to kernel taint [ 49.130799] Kernel panic - not syncing: panic_on_warn set ... [ 49.130799] [ 49.138160] CPU: 0 PID: 7987 Comm: syz-executor368 Tainted: G B 4.14.302-syzkaller #0 [ 49.147333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 49.156688] Call Trace: [ 49.159271] dump_stack+0x1b2/0x281 [ 49.162887] panic+0x1f9/0x42d [ 49.166241] ? add_taint.cold+0x16/0x16 [ 49.170194] ? ___preempt_schedule+0x16/0x18 [ 49.174579] kasan_end_report+0x43/0x49 [ 49.178530] kasan_report_error.cold+0xa7/0x191 [ 49.183177] ? udf_write_aext+0x6e3/0x7d0 [ 49.187306] __asan_report_store_n_noabort+0x6b/0x80 [ 49.192430] ? udf_write_aext+0x6e3/0x7d0 [ 49.196556] udf_write_aext+0x6e3/0x7d0 [ 49.200506] udf_add_entry+0xc54/0x2710 [ 49.204460] ? udf_write_fi+0xe80/0xe80 [ 49.208411] ? udf_new_inode+0x891/0xce0 [ 49.212451] ? __d_lookup+0x3a0/0x660 [ 49.216229] udf_mkdir+0x122/0x620 [ 49.219746] ? putname+0xcd/0x110 [ 49.223179] ? udf_create+0x160/0x160 [ 49.226960] ? map_id_up+0xe9/0x180 [ 49.230575] ? security_inode_permission+0xb5/0xf0 [ 49.235482] ? security_inode_mkdir+0xca/0x100 [ 49.240067] vfs_mkdir+0x463/0x6e0 [ 49.243704] SyS_mkdirat+0x1fd/0x270 [ 49.247394] ? SyS_mknod+0x30/0x30 [ 49.250915] ? do_syscall_64+0x4c/0x640 [ 49.254869] ? SyS_mknod+0x30/0x30 [ 49.258387] do_syscall_64+0x1d5/0x640 [ 49.262257] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 49.267429] RIP: 0033:0x7f4923de5a79 [ 49.271120] RSP: 002b:00007fff29e50028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 49.278989] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f4923de5a79 [ 49.286284] RDX: 0000000000000004 RSI: 0000000020000100 RDI: 00000000ffffff9c [ 49.293794] RBP: 00007f4923da5080 R08: 0000000000000000 R09: 0000000000000000 [ 49.301147] R10: 000000000000189e R11: 0000000000000246 R12: 00007f4923da5110 [ 49.308401] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 49.315730] Kernel Offset: disabled [ 49.319355] Rebooting in 86400 seconds..