Warning: Permanently added '10.128.0.66' (ECDSA) to the list of known hosts. executing program [ 35.428624] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 35.435492] UDF-fs: Scanning with blocksize 512 failed [ 35.442500] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 35.449568] UDF-fs: Scanning with blocksize 1024 failed [ 35.455249] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 35.461982] UDF-fs: Scanning with blocksize 2048 failed [ 35.469641] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 35.481800] ================================================================== [ 35.489261] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x6e3/0x7d0 [ 35.496099] Write of size 4 at addr ffff8880b3096170 by task syz-executor143/7967 [ 35.503705] [ 35.505327] CPU: 1 PID: 7967 Comm: syz-executor143 Not tainted 4.14.302-syzkaller #0 [ 35.513188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.522519] Call Trace: [ 35.525091] dump_stack+0x1b2/0x281 [ 35.528698] print_address_description.cold+0x54/0x1d3 [ 35.533965] kasan_report_error.cold+0x8a/0x191 [ 35.538614] ? udf_write_aext+0x6e3/0x7d0 [ 35.542914] __asan_report_store_n_noabort+0x6b/0x80 [ 35.547996] ? udf_write_aext+0x6e3/0x7d0 [ 35.552119] udf_write_aext+0x6e3/0x7d0 [ 35.556071] udf_add_entry+0xc54/0x2710 [ 35.560025] ? udf_write_fi+0xe80/0xe80 [ 35.563976] ? udf_new_inode+0x891/0xce0 [ 35.568037] ? lock_acquire+0x170/0x3f0 [ 35.572000] udf_mkdir+0x122/0x620 [ 35.575516] ? putname+0xcd/0x110 [ 35.578944] ? udf_create+0x160/0x160 [ 35.582719] ? map_id_up+0xe9/0x180 [ 35.586324] ? security_inode_permission+0xb5/0xf0 [ 35.591236] ? security_inode_mkdir+0xca/0x100 [ 35.595795] vfs_mkdir+0x463/0x6e0 [ 35.599313] SyS_mkdirat+0x1fd/0x270 [ 35.603003] ? SyS_mknod+0x30/0x30 [ 35.606524] ? __do_page_fault+0x159/0xad0 [ 35.610732] ? do_syscall_64+0x4c/0x640 [ 35.614677] ? SyS_mknod+0x30/0x30 [ 35.618191] do_syscall_64+0x1d5/0x640 [ 35.622057] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.627224] RIP: 0033:0x7f738f5f7119 [ 35.630911] RSP: 002b:00007ffe2867d098 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 35.638595] RAX: ffffffffffffffda RBX: 00007ffe2867d0a8 RCX: 00007f738f5f7119 [ 35.645837] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 00000000ffffff9c [ 35.653084] RBP: 00007ffe2867d0a0 R08: 00007ffe2867d0a0 R09: 00007f738f5b4440 [ 35.660325] R10: 00007ffe2867d0a0 R11: 0000000000000246 R12: 0000000000000000 [ 35.667572] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 35.674822] [ 35.676423] Allocated by task 7967: [ 35.680027] kasan_kmalloc+0xeb/0x160 [ 35.683800] __kmalloc+0x15a/0x400 [ 35.687357] udf_new_inode+0x98d/0xce0 [ 35.691229] udf_mkdir+0x95/0x620 [ 35.694665] vfs_mkdir+0x463/0x6e0 [ 35.698183] SyS_mkdirat+0x1fd/0x270 [ 35.701883] do_syscall_64+0x1d5/0x640 [ 35.705836] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.710995] [ 35.712597] Freed by task 0: [ 35.715613] (stack is not available) [ 35.719295] [ 35.720900] The buggy address belongs to the object at ffff8880b3096180 [ 35.720900] which belongs to the cache kmalloc-4096 of size 4096 [ 35.734399] The buggy address is located 16 bytes to the left of [ 35.734399] 4096-byte region [ffff8880b3096180, ffff8880b3097180) [ 35.746679] The buggy address belongs to the page: [ 35.751622] page:ffffea0002cc2580 count:1 mapcount:0 mapping:ffff8880b3096180 index:0x0 compound_mapcount: 0 [ 35.761574] flags: 0xfff00000008100(slab|head) [ 35.766137] raw: 00fff00000008100 ffff8880b3096180 0000000000000000 0000000100000001 [ 35.774128] raw: ffffea0002a68ba0 ffffea0002cec1a0 ffff88813fe74dc0 0000000000000000 [ 35.781986] page dumped because: kasan: bad access detected [ 35.787677] [ 35.789281] Memory state around the buggy address: [ 35.794198] ffff8880b3096000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.801537] ffff8880b3096080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.808872] >ffff8880b3096100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.816256] ^ [ 35.823248] ffff8880b3096180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.830582] ffff8880b3096200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.837911] ================================================================== [ 35.845256] Disabling lock debugging due to kernel taint [ 35.851060] Kernel panic - not syncing: panic_on_warn set ... [ 35.851060] [ 35.858430] CPU: 1 PID: 7967 Comm: syz-executor143 Tainted: G B 4.14.302-syzkaller #0 [ 35.867512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.876851] Call Trace: [ 35.879431] dump_stack+0x1b2/0x281 [ 35.883033] panic+0x1f9/0x42d [ 35.886198] ? add_taint.cold+0x16/0x16 [ 35.890145] ? ___preempt_schedule+0x16/0x18 [ 35.894525] kasan_end_report+0x43/0x49 [ 35.898473] kasan_report_error.cold+0xa7/0x191 [ 35.903113] ? udf_write_aext+0x6e3/0x7d0 [ 35.907234] __asan_report_store_n_noabort+0x6b/0x80 [ 35.912311] ? udf_write_aext+0x6e3/0x7d0 [ 35.916429] udf_write_aext+0x6e3/0x7d0 [ 35.920390] udf_add_entry+0xc54/0x2710 [ 35.924340] ? udf_write_fi+0xe80/0xe80 [ 35.928288] ? udf_new_inode+0x891/0xce0 [ 35.932323] ? lock_acquire+0x170/0x3f0 [ 35.936270] udf_mkdir+0x122/0x620 [ 35.939788] ? putname+0xcd/0x110 [ 35.943379] ? udf_create+0x160/0x160 [ 35.947163] ? map_id_up+0xe9/0x180 [ 35.950774] ? security_inode_permission+0xb5/0xf0 [ 35.955684] ? security_inode_mkdir+0xca/0x100 [ 35.960247] vfs_mkdir+0x463/0x6e0 [ 35.963764] SyS_mkdirat+0x1fd/0x270 [ 35.967450] ? SyS_mknod+0x30/0x30 [ 35.970965] ? __do_page_fault+0x159/0xad0 [ 35.975175] ? do_syscall_64+0x4c/0x640 [ 35.979119] ? SyS_mknod+0x30/0x30 [ 35.982631] do_syscall_64+0x1d5/0x640 [ 35.986491] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.991677] RIP: 0033:0x7f738f5f7119 [ 35.995359] RSP: 002b:00007ffe2867d098 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 36.003073] RAX: ffffffffffffffda RBX: 00007ffe2867d0a8 RCX: 00007f738f5f7119 [ 36.010400] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 00000000ffffff9c [ 36.017644] RBP: 00007ffe2867d0a0 R08: 00007ffe2867d0a0 R09: 00007f738f5b4440 [ 36.024883] R10: 00007ffe2867d0a0 R11: 0000000000000246 R12: 0000000000000000 [ 36.032132] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 36.039451] Kernel Offset: disabled [ 36.043062] Rebooting in 86400 seconds..