Warning: Permanently added '10.128.0.151' (ED25519) to the list of known hosts.
executing program
syzkaller login: [   42.218570][ T3966] loop0: detected capacity change from 0 to 2048
[   42.244299][ T3966] =======================================================
[   42.244299][ T3966] WARNING: The mand mount option has been deprecated and
[   42.244299][ T3966]          and is ignored by this kernel. Remove the mand
[   42.244299][ T3966]          option from the mount to silence this warning.
[   42.244299][ T3966] =======================================================
[   42.315381][ T3966] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   42.319550][ T3966] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   42.328937][ T3966] ==================================================================
[   42.331083][ T3966] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x4c0/0x668
[   42.333020][ T3966] Write of size 4 at addr ffff0000c9de2ff0 by task syz-executor104/3966
[   42.335207][ T3966] 
[   42.335791][ T3966] CPU: 1 PID: 3966 Comm: syz-executor104 Not tainted 5.15.161-syzkaller #0
[   42.338004][ T3966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   42.340548][ T3966] Call trace:
[   42.341400][ T3966]  dump_backtrace+0x0/0x530
[   42.342520][ T3966]  show_stack+0x2c/0x3c
[   42.343648][ T3966]  dump_stack_lvl+0x108/0x170
[   42.344861][ T3966]  print_address_description+0x7c/0x3f0
[   42.346273][ T3966]  kasan_report+0x174/0x1e4
[   42.347414][ T3966]  __asan_report_store_n_noabort+0x40/0x4c
[   42.348885][ T3966]  udf_write_aext+0x4c0/0x668
[   42.350144][ T3966]  udf_add_entry+0x11e0/0x28b0
[   42.351432][ T3966]  udf_mkdir+0x158/0x7e0
[   42.352583][ T3966]  vfs_mkdir+0x334/0x4e4
[   42.353636][ T3966]  do_mkdirat+0x20c/0x610
[   42.354699][ T3966]  __arm64_sys_mkdirat+0x90/0xa8
[   42.356023][ T3966]  invoke_syscall+0x98/0x2b8
[   42.357218][ T3966]  el0_svc_common+0x138/0x258
[   42.358427][ T3966]  do_el0_svc+0x58/0x14c
[   42.359502][ T3966]  el0_svc+0x7c/0x1f0
[   42.360589][ T3966]  el0t_64_sync_handler+0x84/0xe4
[   42.361847][ T3966]  el0t_64_sync+0x1a0/0x1a4
[   42.362994][ T3966] 
[   42.363563][ T3966] Allocated by task 3722:
[   42.364622][ T3966]  ____kasan_kmalloc+0xbc/0xfc
[   42.365855][ T3966]  __kasan_kmalloc+0x10/0x1c
[   42.367052][ T3966]  kmem_cache_alloc_trace+0x27c/0x47c
[   42.368463][ T3966]  alloc_bprm+0x6c/0x604
[   42.369506][ T3966]  do_execveat_common+0x154/0x814
[   42.370755][ T3966]  __arm64_sys_execve+0x98/0xb0
[   42.371979][ T3966]  invoke_syscall+0x98/0x2b8
[   42.373107][ T3966]  el0_svc_common+0x138/0x258
[   42.374270][ T3966]  do_el0_svc+0x58/0x14c
[   42.375368][ T3966]  el0_svc+0x7c/0x1f0
[   42.376371][ T3966]  el0t_64_sync_handler+0x84/0xe4
[   42.377690][ T3966]  el0t_64_sync+0x1a0/0x1a4
[   42.378848][ T3966] 
[   42.379448][ T3966] Freed by task 3722:
[   42.380496][ T3966]  kasan_set_track+0x4c/0x84
[   42.381696][ T3966]  kasan_set_free_info+0x28/0x4c
[   42.382968][ T3966]  ____kasan_slab_free+0x118/0x164
[   42.384311][ T3966]  __kasan_slab_free+0x18/0x28
[   42.385510][ T3966]  slab_free_freelist_hook+0x128/0x1ec
[   42.386981][ T3966]  kfree+0x178/0x410
[   42.387927][ T3966]  free_bprm+0x2ac/0x32c
[   42.389042][ T3966]  do_execveat_common+0x674/0x814
[   42.390415][ T3966]  __arm64_sys_execve+0x98/0xb0
[   42.391655][ T3966]  invoke_syscall+0x98/0x2b8
[   42.392815][ T3966]  el0_svc_common+0x138/0x258
[   42.393943][ T3966]  do_el0_svc+0x58/0x14c
[   42.395012][ T3966]  el0_svc+0x7c/0x1f0
[   42.396044][ T3966]  el0t_64_sync_handler+0x84/0xe4
[   42.397363][ T3966]  el0t_64_sync+0x1a0/0x1a4
[   42.398478][ T3966] 
[   42.399059][ T3966] The buggy address belongs to the object at ffff0000c9de2c00
[   42.399059][ T3966]  which belongs to the cache kmalloc-512 of size 512
[   42.402647][ T3966] The buggy address is located 496 bytes to the right of
[   42.402647][ T3966]  512-byte region [ffff0000c9de2c00, ffff0000c9de2e00)
[   42.406210][ T3966] The buggy address belongs to the page:
[   42.407610][ T3966] page:000000003c749197 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109de0
[   42.410320][ T3966] head:000000003c749197 order:2 compound_mapcount:0 compound_pincount:0
[   42.412497][ T3966] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   42.414588][ T3966] raw: 05ffc00000010200 0000000000000000 0000000100000001 ffff0000c0002600
[   42.416785][ T3966] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   42.419071][ T3966] page dumped because: kasan: bad access detected
[   42.420748][ T3966] 
[   42.421321][ T3966] Memory state around the buggy address:
[   42.422734][ T3966]  ffff0000c9de2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.424704][ T3966]  ffff0000c9de2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.426756][ T3966] >ffff0000c9de2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.428828][ T3966]                                                              ^
[   42.430787][ T3966]  ffff0000c9de3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.432863][ T3966]  ffff0000c9de3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.434898][ T3966] ==================================================================
[   42.436981][ T3966] Disabling lock debugging due to kernel taint