Warning: Permanently added '10.128.0.152' (ED25519) to the list of known hosts. executing program syzkaller login: [ 35.667568][ T4221] loop0: detected capacity change from 0 to 2048 [ 35.675640][ T4221] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 35.677768][ T4221] UDF-fs: Scanning with blocksize 512 failed [ 35.681604][ T4221] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 112: 0xb2 != 0xba [ 35.684437][ T4221] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 35.699110][ T4221] ================================================================== [ 35.700828][ T4221] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x578/0x668 [ 35.702405][ T4221] Write of size 4 at addr ffff0000d4b03ff8 by task syz-executor221/4221 [ 35.704109][ T4221] [ 35.704600][ T4221] CPU: 1 PID: 4221 Comm: syz-executor221 Not tainted 6.1.74-syzkaller #0 [ 35.706370][ T4221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 35.708488][ T4221] Call trace: [ 35.709189][ T4221] dump_backtrace+0x1c8/0x1f4 [ 35.710172][ T4221] show_stack+0x2c/0x3c [ 35.711072][ T4221] dump_stack_lvl+0x108/0x170 [ 35.712081][ T4221] print_report+0x174/0x4c0 [ 35.713063][ T4221] kasan_report+0xd4/0x130 [ 35.714003][ T4221] __asan_report_store_n_noabort+0x28/0x34 [ 35.715229][ T4221] udf_write_aext+0x578/0x668 [ 35.716209][ T4221] udf_add_entry+0x11e0/0x28b0 [ 35.717204][ T4221] udf_mkdir+0x158/0x7e0 [ 35.718090][ T4221] vfs_mkdir+0x334/0x4e4 [ 35.718963][ T4221] do_mkdirat+0x220/0x510 [ 35.719875][ T4221] __arm64_sys_mkdirat+0x90/0xa8 [ 35.720980][ T4221] invoke_syscall+0x98/0x2c0 [ 35.721950][ T4221] el0_svc_common+0x138/0x258 [ 35.722944][ T4221] do_el0_svc+0x64/0x218 [ 35.723864][ T4221] el0_svc+0x58/0x168 [ 35.724745][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 35.725820][ T4221] el0t_64_sync+0x18c/0x190 [ 35.726777][ T4221] [ 35.727267][ T4221] Allocated by task 4221: [ 35.728124][ T4221] kasan_set_track+0x4c/0x80 [ 35.729097][ T4221] kasan_save_alloc_info+0x24/0x30 [ 35.730178][ T4221] __kasan_kmalloc+0xac/0xc4 [ 35.731142][ T4221] __kmalloc+0xd8/0x1c4 [ 35.732015][ T4221] __udf_iget+0x988/0x3134 [ 35.732955][ T4221] udf_fill_super+0xf9c/0x1a44 [ 35.733967][ T4221] mount_bdev+0x274/0x370 [ 35.734901][ T4221] udf_mount+0x44/0x58 [ 35.735769][ T4221] legacy_get_tree+0xd4/0x16c [ 35.736777][ T4221] vfs_get_tree+0x90/0x274 [ 35.737701][ T4221] do_new_mount+0x25c/0x8c4 [ 35.738658][ T4221] path_mount+0x590/0xe5c [ 35.739567][ T4221] __arm64_sys_mount+0x45c/0x594 [ 35.740615][ T4221] invoke_syscall+0x98/0x2c0 [ 35.741607][ T4221] el0_svc_common+0x138/0x258 [ 35.742623][ T4221] do_el0_svc+0x64/0x218 [ 35.743574][ T4221] el0_svc+0x58/0x168 [ 35.744421][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 35.745483][ T4221] el0t_64_sync+0x18c/0x190 [ 35.746450][ T4221] [ 35.746920][ T4221] The buggy address belongs to the object at ffff0000d4b03800 [ 35.746920][ T4221] which belongs to the cache kmalloc-1k of size 1024 [ 35.749874][ T4221] The buggy address is located 1016 bytes to the right of [ 35.749874][ T4221] 1024-byte region [ffff0000d4b03800, ffff0000d4b03c00) [ 35.752885][ T4221] [ 35.753371][ T4221] The buggy address belongs to the physical page: [ 35.754738][ T4221] page:0000000031bc567d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114b00 [ 35.756931][ T4221] head:0000000031bc567d order:3 compound_mapcount:0 compound_pincount:0 [ 35.758697][ T4221] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 35.760400][ T4221] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 35.762183][ T4221] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 35.763999][ T4221] page dumped because: kasan: bad access detected [ 35.765366][ T4221] [ 35.765837][ T4221] Memory state around the buggy address: [ 35.767007][ T4221] ffff0000d4b03e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.768712][ T4221] ffff0000d4b03f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.770441][ T4221] >ffff0000d4b03f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.772105][ T4221] ^ [ 35.773821][ T4221] f