Warning: Permanently added '10.128.0.253' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.092408] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 30.117010] ================================================================== [ 30.124487] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x6e3/0x7d0 [ 30.131313] Write of size 4 at addr ffff8880b36f00b0 by task syz-executor235/7979 [ 30.138912] [ 30.140539] CPU: 0 PID: 7979 Comm: syz-executor235 Not tainted 4.14.302-syzkaller #0 [ 30.148402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 30.157730] Call Trace: [ 30.160457] dump_stack+0x1b2/0x281 [ 30.164144] print_address_description.cold+0x54/0x1d3 [ 30.169401] kasan_report_error.cold+0x8a/0x191 [ 30.174041] ? udf_write_aext+0x6e3/0x7d0 [ 30.178161] __asan_report_store_n_noabort+0x6b/0x80 [ 30.183235] ? udf_write_aext+0x6e3/0x7d0 [ 30.187442] udf_write_aext+0x6e3/0x7d0 [ 30.191389] udf_add_entry+0xc54/0x2710 [ 30.195344] ? udf_write_fi+0xe80/0xe80 [ 30.199291] ? udf_new_inode+0x891/0xce0 [ 30.203334] ? lock_acquire+0x170/0x3f0 [ 30.207280] udf_mkdir+0x122/0x620 [ 30.210794] ? putname+0xcd/0x110 [ 30.214234] ? udf_create+0x160/0x160 [ 30.218006] ? map_id_up+0xe9/0x180 [ 30.221611] ? security_inode_permission+0xb5/0xf0 [ 30.226516] ? security_inode_mkdir+0xca/0x100 [ 30.231069] vfs_mkdir+0x463/0x6e0 [ 30.234582] SyS_mkdirat+0x1fd/0x270 [ 30.238269] ? SyS_mknod+0x30/0x30 [ 30.241781] ? do_syscall_64+0x4c/0x640 [ 30.245726] ? SyS_mknod+0x30/0x30 [ 30.249238] do_syscall_64+0x1d5/0x640 [ 30.253101] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.258272] RIP: 0033:0x7ffaa5d61b59 [ 30.261954] RSP: 002b:00007fff4e944a78 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 30.269631] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffaa5d61b59 [ 30.276874] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004 [ 30.284114] RBP: 00007ffaa5d21160 R08: 0000000000000000 R09: 0000000000000000 [ 30.291356] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffaa5d211f0 [ 30.298598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.305844] [ 30.307445] Allocated by task 7979: [ 30.311048] kasan_kmalloc+0xeb/0x160 [ 30.314819] __kmalloc+0x15a/0x400 [ 30.318330] udf_new_inode+0x1f6/0xce0 [ 30.322191] udf_mkdir+0x95/0x620 [ 30.325614] vfs_mkdir+0x463/0x6e0 [ 30.329124] SyS_mkdirat+0x1fd/0x270 [ 30.332809] do_syscall_64+0x1d5/0x640 [ 30.336666] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.341823] [ 30.343423] Freed by task 6352: [ 30.346673] kasan_slab_free+0xc3/0x1a0 [ 30.350620] kfree+0xc9/0x250 [ 30.353696] kernfs_fop_release+0x10e/0x180 [ 30.357987] __fput+0x25f/0x7a0 [ 30.361237] task_work_run+0x11f/0x190 [ 30.365094] exit_to_usermode_loop+0x1ad/0x200 [ 30.369653] do_syscall_64+0x4a3/0x640 [ 30.373622] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.378788] [ 30.380397] The buggy address belongs to the object at ffff8880b36f00c0 [ 30.380397] which belongs to the cache kmalloc-512 of size 512 [ 30.393021] The buggy address is located 16 bytes to the left of [ 30.393021] 512-byte region [ffff8880b36f00c0, ffff8880b36f02c0) [ 30.405208] The buggy address belongs to the page: [ 30.410110] page:ffffea0002cdbc00 count:1 mapcount:0 mapping:ffff8880b36f00c0 index:0x0 [ 30.418223] flags: 0xfff00000000100(slab) [ 30.422345] raw: 00fff00000000100 ffff8880b36f00c0 0000000000000000 0000000100000006 [ 30.430199] raw: ffffea00025ad3e0 ffffea0002cbe620 ffff88813fe74940 0000000000000000 [ 30.438046] page dumped because: kasan: bad access detected [ 30.443723] [ 30.445321] Memory state around the buggy address: [ 30.450394] ffff8880b36eff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.457722] ffff8880b36f0000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.465152] >ffff8880b36f0080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 30.472481] ^ [ 30.477378] ffff8880b36f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.484794] ffff8880b36f0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.492121] ================================================================== [ 30.499448] Disabling lock debugging due to kernel taint [ 30.507650] Kernel panic - not syncing: panic_on_warn set ... [ 30.507650] [ 30.515009] CPU: 1 PID: 7979 Comm: syz-executor235 Tainted: G B 4.14.302-syzkaller #0 [ 30.524087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 30.533421] Call Trace: [ 30.535986] dump_stack+0x1b2/0x281 [ 30.539587] panic+0x1f9/0x42d [ 30.542759] ? add_taint.cold+0x16/0x16 [ 30.546711] ? ___preempt_schedule+0x16/0x18 [ 30.551099] kasan_end_report+0x43/0x49 [ 30.555230] kasan_report_error.cold+0xa7/0x191 [ 30.559870] ? udf_write_aext+0x6e3/0x7d0 [ 30.564011] __asan_report_store_n_noabort+0x6b/0x80 [ 30.569087] ? udf_write_aext+0x6e3/0x7d0 [ 30.573206] udf_write_aext+0x6e3/0x7d0 [ 30.577180] udf_add_entry+0xc54/0x2710 [ 30.581129] ? udf_write_fi+0xe80/0xe80 [ 30.585081] ? udf_new_inode+0x891/0xce0 [ 30.589203] ? lock_acquire+0x170/0x3f0 [ 30.593151] udf_mkdir+0x122/0x620 [ 30.596664] ? putname+0xcd/0x110 [ 30.600089] ? udf_create+0x160/0x160 [ 30.603862] ? map_id_up+0xe9/0x180 [ 30.607459] ? security_inode_permission+0xb5/0xf0 [ 30.612358] ? security_inode_mkdir+0xca/0x100 [ 30.616910] vfs_mkdir+0x463/0x6e0 [ 30.620419] SyS_mkdirat+0x1fd/0x270 [ 30.624105] ? SyS_mknod+0x30/0x30 [ 30.627727] ? do_syscall_64+0x4c/0x640 [ 30.631686] ? SyS_mknod+0x30/0x30 [ 30.635219] do_syscall_64+0x1d5/0x640 [ 30.639175] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.644425] RIP: 0033:0x7ffaa5d61b59 [ 30.648117] RSP: 002b:00007fff4e944a78 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 30.655801] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffaa5d61b59 [ 30.663048] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004 [ 30.670342] RBP: 00007ffaa5d21160 R08: 0000000000000000 R09: 0000000000000000 [ 30.677585] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffaa5d211f0 [ 30.684828] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.692259] Kernel Offset: disabled [ 30.695867] Rebooting in 86400 seconds..