Warning: Permanently added '10.128.0.213' (ED25519) to the list of known hosts. executing program [ 33.236117][ T4222] loop0: detected capacity change from 0 to 2048 [ 33.239335][ T4222] ======================================================= [ 33.239335][ T4222] WARNING: The mand mount option has been deprecated and [ 33.239335][ T4222] and is ignored by this kernel. Remove the mand [ 33.239335][ T4222] option from the mount to silence this warning. [ 33.239335][ T4222] ======================================================= [ 33.250606][ T4222] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 33.254380][ T4222] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 33.266461][ T4222] ================================================================== [ 33.268380][ T4222] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x4c0/0x668 [ 33.270172][ T4222] Write of size 4 at addr ffff0000c9a60bf0 by task syz-executor126/4222 [ 33.272250][ T4222] [ 33.272776][ T4222] CPU: 1 PID: 4222 Comm: syz-executor126 Not tainted 6.1.69-syzkaller #0 [ 33.274853][ T4222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 33.277169][ T4222] Call trace: [ 33.278003][ T4222] dump_backtrace+0x1c8/0x1f4 [ 33.279054][ T4222] show_stack+0x2c/0x3c [ 33.280048][ T4222] dump_stack_lvl+0x108/0x170 [ 33.281208][ T4222] print_report+0x174/0x4c0 [ 33.282308][ T4222] kasan_report+0xd4/0x130 [ 33.283368][ T4222] __asan_report_store_n_noabort+0x28/0x34 [ 33.284790][ T4222] udf_write_aext+0x4c0/0x668 [ 33.285992][ T4222] udf_add_entry+0x11e0/0x28b0 [ 33.287148][ T4222] udf_mkdir+0x158/0x7e0 [ 33.288252][ T4222] vfs_mkdir+0x334/0x4e4 [ 33.289301][ T4222] do_mkdirat+0x220/0x510 [ 33.290259][ T4222] __arm64_sys_mkdirat+0x90/0xa8 [ 33.291442][ T4222] invoke_syscall+0x98/0x2c0 [ 33.292578][ T4222] el0_svc_common+0x138/0x258 [ 33.293672][ T4222] do_el0_svc+0x64/0x218 [ 33.294733][ T4222] el0_svc+0x58/0x168 [ 33.295774][ T4222] el0t_64_sync_handler+0x84/0xf0 [ 33.297008][ T4222] el0t_64_sync+0x18c/0x190 [ 33.298137][ T4222] [ 33.298639][ T4222] Allocated by task 3916: [ 33.299642][ T4222] kasan_set_track+0x4c/0x80 [ 33.300796][ T4222] kasan_save_alloc_info+0x24/0x30 [ 33.301998][ T4222] __kasan_kmalloc+0xac/0xc4 [ 33.303166][ T4222] __kmalloc+0xd8/0x1c4 [ 33.304233][ T4222] tomoyo_init_log+0x1558/0x19c4 [ 33.305325][ T4222] tomoyo_supervisor+0x370/0x1070 [ 33.306556][ T4222] tomoyo_path_permission+0x1f4/0x2fc [ 33.307953][ T4222] tomoyo_check_open_permission+0x384/0x3f4 [ 33.309394][ T4222] tomoyo_file_open+0x130/0x19c [ 33.310540][ T4222] security_file_open+0x6c/0xb0 [ 33.311876][ T4222] do_dentry_open+0x2a0/0xfa0 [ 33.312986][ T4222] vfs_open+0x7c/0x90 [ 33.313955][ T4222] path_openat+0x1e14/0x2548 [ 33.315004][ T4222] do_filp_open+0x1bc/0x3cc [ 33.316207][ T4222] do_sys_openat2+0x128/0x3d8 [ 33.317291][ T4222] __arm64_sys_openat+0x1f0/0x240 [ 33.318432][ T4222] invoke_syscall+0x98/0x2c0 [ 33.319491][ T4222] el0_svc_common+0x138/0x258 [ 33.320554][ T4222] do_el0_svc+0x64/0x218 [ 33.321689][ T4222] el0_svc+0x58/0x168 [ 33.322570][ T4222] el0t_64_sync_handler+0x84/0xf0 [ 33.323897][ T4222] el0t_64_sync+0x18c/0x190 [ 33.325052][ T4222] [ 33.325517][ T4222] Freed by task 3916: [ 33.326582][ T4222] kasan_set_track+0x4c/0x80 [ 33.327856][ T4222] kasan_save_free_info+0x38/0x5c [ 33.329269][ T4222] ____kasan_slab_free+0x144/0x1c0 [ 33.330549][ T4222] __kasan_slab_free+0x18/0x28 [ 33.331686][ T4222] __kmem_cache_free+0x2c0/0x4b4 [ 33.332928][ T4222] kfree+0xcc/0x1b8 [ 33.333926][ T4222] tomoyo_supervisor+0xdc0/0x1070 [ 33.335215][ T4222] tomoyo_path_permission+0x1f4/0x2fc [ 33.336498][ T4222] tomoyo_check_open_permission+0x384/0x3f4 [ 33.337981][ T4222] tomoyo_file_open+0x130/0x19c [ 33.339123][ T4222] security_file_open+0x6c/0xb0 [ 33.340273][ T4222] do_dentry_open+0x2a0/0xfa0 [ 33.341377][ T4222] vfs_open+0x7c/0x90 [ 33.342393][ T4222] path_openat+0x1e14/0x2548 [ 33.343577][ T4222] do_filp_open+0x1bc/0x3cc [ 33.344758][ T4222] do_sys_openat2+0x128/0x3d8 [ 33.345876][ T4222] __arm64_sys_openat+0x1f0/0x240 [ 33.347036][ T4222] invoke_syscall+0x98/0x2c0 [ 33.348324][ T4222] el0_svc_common+0x138/0x258 [ 33.349521][ T4222] do_el0_svc+0x64/0x218 [ 33.350601][ T4222] el0_svc+0x58/0x168 [ 33.351561][ T4222] el0t_64_sync_handler+0x84/0xf0 [ 33.352723][ T4222] el0t_64_sync+0x18c/0x190 [ 33.353757][ T4222] [ 33.354328][ T4222] The buggy address belongs to the object at ffff0000c9a60800 [ 33.354328][ T4222] which belongs to the cache kmalloc-512 of size 512 [ 33.357674][ T4222] The buggy address is located 496 bytes to the right of [ 33.357674][ T4222] 512-byte region [ffff0000c9a60800, ffff0000c9a60a00) [ 33.361005][ T4222] [ 33.361491][ T4222] The buggy address belongs to the physical page: [ 33.362943][ T4222] page:00000000c1581f0b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a60 [ 33.365311][ T4222] head:00000000c1581f0b order:2 compound_mapcount:0 compound_pincount:0 [ 33.367284][ T4222] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 33.369138][ T4222] raw: 05ffc00000010200 0000000000000000 dead000000000001 ffff0000c0002600 [ 33.371236][ T4222] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 33.373392][ T4222] page dumped because: kasan: bad access detected [ 33.374906][ T4222] [ 33.375493][ T4222] Memory state around the buggy address: [ 33.376934][ T4222] ffff0000c9a60a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.378955][ T4222] ffff0000c9a60b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.380998][ T4222] >ffff0000c9a60b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.383004][ T4222] ^ [ 33.384979][ T4222] ffff0000c9a60c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.386939][ T4222] ffff0000c9a60c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.388908][ T4222] ================================================================== [ 33.391164][ T4222] Disabling lock debugging due to kernel taint