Warning: Permanently added '10.128.0.174' (ED25519) to the list of known hosts. executing program [ 33.901573][ T4221] loop0: detected capacity change from 0 to 2048 [ 33.905112][ T4221] ======================================================= [ 33.905112][ T4221] WARNING: The mand mount option has been deprecated and [ 33.905112][ T4221] and is ignored by this kernel. Remove the mand [ 33.905112][ T4221] option from the mount to silence this warning. [ 33.905112][ T4221] ======================================================= [ 33.917752][ T4221] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 33.922268][ T4221] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 33.927470][ T4221] ================================================================== [ 33.929643][ T4221] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x4c0/0x668 [ 33.931606][ T4221] Write of size 4 at addr ffff0000d1cdf3f0 by task syz-executor342/4221 [ 33.933748][ T4221] [ 33.934339][ T4221] CPU: 1 PID: 4221 Comm: syz-executor342 Not tainted 6.1.87-syzkaller #0 [ 33.936554][ T4221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 33.939204][ T4221] Call trace: [ 33.940098][ T4221] dump_backtrace+0x1c8/0x1f4 [ 33.941363][ T4221] show_stack+0x2c/0x3c [ 33.942425][ T4221] dump_stack_lvl+0x108/0x170 [ 33.943634][ T4221] print_report+0x174/0x4c0 [ 33.944816][ T4221] kasan_report+0xd4/0x130 [ 33.945984][ T4221] __asan_report_store_n_noabort+0x28/0x34 [ 33.947517][ T4221] udf_write_aext+0x4c0/0x668 [ 33.948790][ T4221] udf_add_entry+0x11e0/0x28b0 [ 33.950052][ T4221] udf_mkdir+0x158/0x7e0 [ 33.951189][ T4221] vfs_mkdir+0x334/0x4e4 [ 33.952295][ T4221] do_mkdirat+0x220/0x510 [ 33.953391][ T4221] __arm64_sys_mkdirat+0x90/0xa8 [ 33.954655][ T4221] invoke_syscall+0x98/0x2c0 [ 33.955909][ T4221] el0_svc_common+0x138/0x258 [ 33.957161][ T4221] do_el0_svc+0x64/0x218 [ 33.958308][ T4221] el0_svc+0x58/0x168 [ 33.959361][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 33.960704][ T4221] el0t_64_sync+0x18c/0x190 [ 33.961823][ T4221] [ 33.962423][ T4221] Allocated by task 4221: [ 33.963569][ T4221] kasan_set_track+0x4c/0x80 [ 33.964768][ T4221] kasan_save_alloc_info+0x24/0x30 [ 33.966076][ T4221] __kasan_kmalloc+0xac/0xc4 [ 33.967265][ T4221] __kmalloc+0xd8/0x1c4 [ 33.968333][ T4221] tomoyo_init_log+0x1558/0x19c4 [ 33.969635][ T4221] tomoyo_supervisor+0x370/0x1070 [ 33.970958][ T4221] tomoyo_path_number_perm+0x498/0x688 [ 33.972377][ T4221] tomoyo_path_mkdir+0xd8/0x11c [ 33.973667][ T4221] security_path_mkdir+0xec/0x13c [ 33.975023][ T4221] do_mkdirat+0x178/0x510 [ 33.976174][ T4221] __arm64_sys_mkdirat+0x90/0xa8 [ 33.977500][ T4221] invoke_syscall+0x98/0x2c0 [ 33.978781][ T4221] el0_svc_common+0x138/0x258 [ 33.980011][ T4221] do_el0_svc+0x64/0x218 [ 33.981074][ T4221] el0_svc+0x58/0x168 [ 33.982170][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 33.983497][ T4221] el0t_64_sync+0x18c/0x190 [ 33.984701][ T4221] [ 33.985287][ T4221] Freed by task 4221: [ 33.986289][ T4221] kasan_set_track+0x4c/0x80 [ 33.987435][ T4221] kasan_save_free_info+0x38/0x5c [ 33.988746][ T4221] ____kasan_slab_free+0x144/0x1c0 [ 33.990058][ T4221] __kasan_slab_free+0x18/0x28 [ 33.991265][ T4221] __kmem_cache_free+0x2c0/0x4b4 [ 33.992536][ T4221] kfree+0xcc/0x1b8 [ 33.993587][ T4221] tomoyo_supervisor+0xdc0/0x1070 [ 33.994926][ T4221] tomoyo_path_number_perm+0x498/0x688 [ 33.996303][ T4221] tomoyo_path_mkdir+0xd8/0x11c [ 33.997523][ T4221] security_path_mkdir+0xec/0x13c [ 33.998868][ T4221] do_mkdirat+0x178/0x510 [ 33.999941][ T4221] __arm64_sys_mkdirat+0x90/0xa8 [ 34.001241][ T4221] invoke_syscall+0x98/0x2c0 [ 34.002429][ T4221] el0_svc_common+0x138/0x258 [ 34.003657][ T4221] do_el0_svc+0x64/0x218 [ 34.004806][ T4221] el0_svc+0x58/0x168 [ 34.005836][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 34.007134][ T4221] el0t_64_sync+0x18c/0x190 [ 34.008296][ T4221] [ 34.008926][ T4221] The buggy address belongs to the object at ffff0000d1cdf000 [ 34.008926][ T4221] which belongs to the cache kmalloc-512 of size 512 [ 34.012652][ T4221] The buggy address is located 496 bytes to the right of [ 34.012652][ T4221] 512-byte region [ffff0000d1cdf000, ffff0000d1cdf200) [ 34.016277][ T4221] [ 34.016859][ T4221] The buggy address belongs to the physical page: [ 34.018504][ T4221] page:000000002f7f1e07 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111cdc [ 34.021170][ T4221] head:000000002f7f1e07 order:2 compound_mapcount:0 compound_pincount:0 [ 34.023249][ T4221] flags: 0x5ffe00000010200(slab|head|node=0|zone=2|lastcpupid=0xfff) [ 34.025382][ T4221] raw: 05ffe00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 34.027666][ T4221] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 34.029925][ T4221] page dumped because: kasan: bad access detected [ 34.031560][ T4221] [ 34.032197][ T4221] Memory state around the buggy address: [ 34.033627][ T4221] ffff0000d1cdf280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.035706][ T4221] ffff0000d1cdf300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.037763][ T4221] >ffff0000d1cdf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.039866][ T4221] ^ [ 34.041917][ T4221] ffff0000d1cdf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.044026][ T4221] ffff0000d1cdf480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.046111][ T4221] ================================================================== [ 34.049540][ T4221] Disabling lock debugging due to kernel taint