Warning: Permanently added '10.128.1.72' (ECDSA) to the list of known hosts. executing program [ 34.696859] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 34.703847] UDF-fs: Scanning with blocksize 512 failed [ 34.711271] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 34.717962] UDF-fs: Scanning with blocksize 1024 failed [ 34.724308] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 34.731505] UDF-fs: Scanning with blocksize 2048 failed [ 34.738720] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 34.750617] ================================================================== [ 34.758063] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x6e3/0x7d0 [ 34.764904] Write of size 4 at addr ffff88809571c070 by task syz-executor225/7997 [ 34.772512] [ 34.774138] CPU: 1 PID: 7997 Comm: syz-executor225 Not tainted 4.14.302-syzkaller #0 [ 34.782019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 34.791351] Call Trace: [ 34.793917] dump_stack+0x1b2/0x281 [ 34.797520] print_address_description.cold+0x54/0x1d3 [ 34.802771] kasan_report_error.cold+0x8a/0x191 [ 34.807418] ? udf_write_aext+0x6e3/0x7d0 [ 34.811540] __asan_report_store_n_noabort+0x6b/0x80 [ 34.816620] ? udf_write_aext+0x6e3/0x7d0 [ 34.820743] udf_write_aext+0x6e3/0x7d0 [ 34.824696] udf_add_entry+0xc54/0x2710 [ 34.828650] ? udf_write_fi+0xe80/0xe80 [ 34.832600] ? udf_new_inode+0x891/0xce0 [ 34.836640] ? __d_lookup+0x3a0/0x660 [ 34.840415] udf_mkdir+0x122/0x620 [ 34.843933] ? putname+0xcd/0x110 [ 34.847361] ? udf_create+0x160/0x160 [ 34.851139] ? map_id_up+0xe9/0x180 [ 34.854746] ? security_inode_permission+0xb5/0xf0 [ 34.859655] ? security_inode_mkdir+0xca/0x100 [ 34.864218] vfs_mkdir+0x463/0x6e0 [ 34.867737] SyS_mkdirat+0x1fd/0x270 [ 34.871430] ? SyS_mknod+0x30/0x30 [ 34.874946] ? do_syscall_64+0x4c/0x640 [ 34.878895] ? SyS_mkdirat+0x270/0x270 [ 34.882757] do_syscall_64+0x1d5/0x640 [ 34.886626] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 34.891790] RIP: 0033:0x7f08b328ca79 [ 34.895476] RSP: 002b:00007ffe3a244a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 34.903159] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f08b328ca79 [ 34.910404] RDX: 00007f08b328ca79 RSI: 0000000000000096 RDI: 0000000020000100 [ 34.917767] RBP: 00007f08b324c080 R08: 0000000000000000 R09: 0000000000000000 [ 34.925016] R10: 000000000000189e R11: 0000000000000246 R12: 00007f08b324c110 [ 34.932265] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 34.939515] [ 34.941119] Allocated by task 7997: [ 34.944724] kasan_kmalloc+0xeb/0x160 [ 34.948498] __kmalloc+0x15a/0x400 [ 34.952018] udf_new_inode+0x98d/0xce0 [ 34.955882] udf_mkdir+0x95/0x620 [ 34.959308] vfs_mkdir+0x463/0x6e0 [ 34.962823] SyS_mkdirat+0x1fd/0x270 [ 34.966522] do_syscall_64+0x1d5/0x640 [ 34.970391] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 34.975551] [ 34.977152] Freed by task 6197: [ 34.980407] kasan_slab_free+0xc3/0x1a0 [ 34.984357] kfree+0xc9/0x250 [ 34.987441] kvfree+0x45/0x50 [ 34.990521] seq_release+0x4f/0x70 [ 34.994037] kernfs_fop_release+0xdc/0x180 [ 34.998246] __fput+0x25f/0x7a0 [ 35.001524] task_work_run+0x11f/0x190 [ 35.005395] exit_to_usermode_loop+0x1ad/0x200 [ 35.009950] do_syscall_64+0x4a3/0x640 [ 35.013809] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.018966] [ 35.020578] The buggy address belongs to the object at ffff88809571c080 [ 35.020578] which belongs to the cache kmalloc-4096 of size 4096 [ 35.033379] The buggy address is located 16 bytes to the left of [ 35.033379] 4096-byte region [ffff88809571c080, ffff88809571d080) [ 35.045663] The buggy address belongs to the page: [ 35.050566] page:ffffea000255c700 count:1 mapcount:0 mapping:ffff88809571c080 index:0x0 compound_mapcount: 0 [ 35.060506] flags: 0xfff00000008100(slab|head) [ 35.065063] raw: 00fff00000008100 ffff88809571c080 0000000000000000 0000000100000001 [ 35.072916] raw: ffffea0002ca03a0 ffffea0002ca3f20 ffff88813fe74dc0 0000000000000000 [ 35.080766] page dumped because: kasan: bad access detected [ 35.086446] [ 35.088047] Memory state around the buggy address: [ 35.092949] ffff88809571bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.100281] ffff88809571bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.107615] >ffff88809571c000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.114945] ^ [ 35.121933] ffff88809571c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.129268] ffff88809571c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.136598] ================================================================== [ 35.143929] Disabling lock debugging due to kernel taint [ 35.150022] Kernel panic - not syncing: panic_on_warn set ... [ 35.150022] [ 35.157386] CPU: 1 PID: 7997 Comm: syz-executor225 Tainted: G B 4.14.302-syzkaller #0 [ 35.166471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.175818] Call Trace: [ 35.178404] dump_stack+0x1b2/0x281 [ 35.182094] panic+0x1f9/0x42d [ 35.185285] ? add_taint.cold+0x16/0x16 [ 35.189276] ? ___preempt_schedule+0x16/0x18 [ 35.193791] kasan_end_report+0x43/0x49 [ 35.197749] kasan_report_error.cold+0xa7/0x191 [ 35.202399] ? udf_write_aext+0x6e3/0x7d0 [ 35.206526] __asan_report_store_n_noabort+0x6b/0x80 [ 35.211604] ? udf_write_aext+0x6e3/0x7d0 [ 35.215723] udf_write_aext+0x6e3/0x7d0 [ 35.219757] udf_add_entry+0xc54/0x2710 [ 35.223713] ? udf_write_fi+0xe80/0xe80 [ 35.227663] ? udf_new_inode+0x891/0xce0 [ 35.231698] ? __d_lookup+0x3a0/0x660 [ 35.235472] udf_mkdir+0x122/0x620 [ 35.239002] ? putname+0xcd/0x110 [ 35.242432] ? udf_create+0x160/0x160 [ 35.246206] ? map_id_up+0xe9/0x180 [ 35.249812] ? security_inode_permission+0xb5/0xf0 [ 35.254714] ? security_inode_mkdir+0xca/0x100 [ 35.259267] vfs_mkdir+0x463/0x6e0 [ 35.262796] SyS_mkdirat+0x1fd/0x270 [ 35.266481] ? SyS_mknod+0x30/0x30 [ 35.269994] ? do_syscall_64+0x4c/0x640 [ 35.273945] ? SyS_mkdirat+0x270/0x270 [ 35.277805] do_syscall_64+0x1d5/0x640 [ 35.281667] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.286828] RIP: 0033:0x7f08b328ca79 [ 35.290510] RSP: 002b:00007ffe3a244a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 35.298190] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f08b328ca79 [ 35.305440] RDX: 00007f08b328ca79 RSI: 0000000000000096 RDI: 0000000020000100 [ 35.312683] RBP: 00007f08b324c080 R08: 0000000000000000 R09: 0000000000000000 [ 35.319924] R10: 000000000000189e R11: 0000000000000246 R12: 00007f08b324c110 [ 35.327168] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 35.334636] Kernel Offset: disabled [ 35.338242] Rebooting in 86400 seconds..