Warning: Permanently added '10.128.0.138' (ED25519) to the list of known hosts. executing program [ 41.173794][ T3959] loop0: detected capacity change from 0 to 2048 [ 41.290691][ T3959] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 41.292704][ T3959] UDF-fs: Scanning with blocksize 512 failed [ 41.297460][ T3959] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 112: 0xb2 != 0xba [ 41.300721][ T3959] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 41.307913][ T3959] ================================================================== [ 41.310049][ T3959] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x578/0x668 [ 41.311965][ T3959] Write of size 4 at addr ffff0000c20f87f8 by task syz-executor138/3959 [ 41.314107][ T3959] [ 41.314751][ T3959] CPU: 1 PID: 3959 Comm: syz-executor138 Not tainted 5.15.156-syzkaller #0 [ 41.316883][ T3959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 41.319397][ T3959] Call trace: [ 41.320308][ T3959] dump_backtrace+0x0/0x530 [ 41.321466][ T3959] show_stack+0x2c/0x3c [ 41.322539][ T3959] dump_stack_lvl+0x108/0x170 [ 41.323746][ T3959] print_address_description+0x7c/0x3f0 [ 41.325113][ T3959] kasan_report+0x174/0x1e4 [ 41.326283][ T3959] __asan_report_store_n_noabort+0x40/0x4c [ 41.327674][ T3959] udf_write_aext+0x578/0x668 [ 41.328881][ T3959] udf_add_entry+0x11e0/0x28b0 [ 41.330043][ T3959] udf_mkdir+0x158/0x7e0 [ 41.331104][ T3959] vfs_mkdir+0x334/0x4e4 [ 41.332258][ T3959] do_mkdirat+0x20c/0x610 [ 41.333443][ T3959] __arm64_sys_mkdirat+0x90/0xa8 [ 41.334735][ T3959] invoke_syscall+0x98/0x2b8 [ 41.335910][ T3959] el0_svc_common+0x138/0x258 [ 41.337106][ T3959] do_el0_svc+0x58/0x14c [ 41.338235][ T3959] el0_svc+0x7c/0x1f0 [ 41.339224][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 41.340531][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 41.341665][ T3959] [ 41.342247][ T3959] Allocated by task 3959: [ 41.343335][ T3959] ____kasan_kmalloc+0xbc/0xfc [ 41.344608][ T3959] __kasan_kmalloc+0x10/0x1c [ 41.345813][ T3959] __kmalloc+0x29c/0x4c8 [ 41.346918][ T3959] __udf_iget+0x988/0x3134 [ 41.348072][ T3959] udf_fill_super+0xfbc/0x1a7c [ 41.349287][ T3959] mount_bdev+0x274/0x370 [ 41.350444][ T3959] udf_mount+0x44/0x58 [ 41.351482][ T3959] legacy_get_tree+0xd4/0x16c [ 41.352666][ T3959] vfs_get_tree+0x90/0x274 [ 41.353788][ T3959] do_new_mount+0x278/0x8fc [ 41.354962][ T3959] path_mount+0x594/0x101c [ 41.356101][ T3959] __arm64_sys_mount+0x510/0x5e0 [ 41.357381][ T3959] invoke_syscall+0x98/0x2b8 [ 41.358519][ T3959] el0_svc_common+0x138/0x258 [ 41.359702][ T3959] do_el0_svc+0x58/0x14c [ 41.360783][ T3959] el0_svc+0x7c/0x1f0 [ 41.361848][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 41.363174][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 41.364365][ T3959] [ 41.364984][ T3959] The buggy address belongs to the object at ffff0000c20f8000 [ 41.364984][ T3959] which belongs to the cache kmalloc-1k of size 1024 [ 41.368558][ T3959] The buggy address is located 1016 bytes to the right of [ 41.368558][ T3959] 1024-byte region [ffff0000c20f8000, ffff0000c20f8400) [ 41.372189][ T3959] The buggy address belongs to the page: [ 41.373682][ T3959] page:00000000bd345426 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1020f8 [ 41.376278][ T3959] head:00000000bd345426 order:3 compound_mapcount:0 compound_pincount:0 [ 41.378339][ T3959] flags: 0x5ffe00000010200(slab|head|node=0|zone=2|lastcpupid=0xfff) [ 41.380407][ T3959] raw: 05ffe00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 41.382617][ T3959] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 41.384940][ T3959] page dumped because: kasan: bad access detected [ 41.386539][ T3959] [ 41.387153][ T3959] Memory state around the buggy address: [ 41.388601][ T3959] ffff0000c20f8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.390638][ T3959] ffff0000c20f8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.392758][ T3959] >ffff0000c20f8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.394768][ T3959] ^ [ 41.396808][ T3959] ffff0000c20f8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.398888][ T3959] ffff0000c20f8880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.400914][ T3959] ================================================================== [ 41.402976][ T3959] Disabling lock debugging due to kernel taint