Warning: Permanently added '10.128.0.2' (ED25519) to the list of known hosts. executing program [ 35.075585][ T4220] loop0: detected capacity change from 0 to 256 [ 35.080686][ T4220] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 35.083872][ T4220] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 35.087433][ T4220] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 35.089218][ T4220] UDF-fs: Scanning with blocksize 512 failed [ 35.091741][ T4220] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 35.097273][ T4220] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 35.103949][ T4220] ================================================================== [ 35.105824][ T4220] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x4c0/0x668 [ 35.107587][ T4220] Write of size 4 at addr ffff0000c3f067f0 by task syz-executor332/4220 [ 35.109640][ T4220] [ 35.110166][ T4220] CPU: 1 PID: 4220 Comm: syz-executor332 Not tainted 6.1.83-syzkaller #0 [ 35.112100][ T4220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 35.114478][ T4220] Call trace: [ 35.115251][ T4220] dump_backtrace+0x1c8/0x1f4 [ 35.116503][ T4220] show_stack+0x2c/0x3c [ 35.117468][ T4220] dump_stack_lvl+0x108/0x170 [ 35.118518][ T4220] print_report+0x174/0x4c0 [ 35.119626][ T4220] kasan_report+0xd4/0x130 [ 35.120678][ T4220] __asan_report_store_n_noabort+0x28/0x34 [ 35.122025][ T4220] udf_write_aext+0x4c0/0x668 [ 35.123199][ T4220] udf_add_entry+0x11e0/0x28b0 [ 35.124369][ T4220] udf_mkdir+0x158/0x7e0 [ 35.125350][ T4220] vfs_mkdir+0x334/0x4e4 [ 35.126329][ T4220] do_mkdirat+0x220/0x510 [ 35.127405][ T4220] __arm64_sys_mkdirat+0x90/0xa8 [ 35.128526][ T4220] invoke_syscall+0x98/0x2c0 [ 35.129589][ T4220] el0_svc_common+0x138/0x258 [ 35.130631][ T4220] do_el0_svc+0x64/0x218 [ 35.131616][ T4220] el0_svc+0x58/0x168 [ 35.132525][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 35.133658][ T4220] el0t_64_sync+0x18c/0x190 [ 35.134601][ T4220] [ 35.135063][ T4220] Allocated by task 4220: [ 35.136017][ T4220] kasan_set_track+0x4c/0x80 [ 35.137020][ T4220] kasan_save_alloc_info+0x24/0x30 [ 35.138179][ T4220] __kasan_kmalloc+0xac/0xc4 [ 35.139281][ T4220] __kmalloc+0xd8/0x1c4 [ 35.140353][ T4220] __udf_iget+0xb14/0x3134 [ 35.141406][ T4220] udf_fill_super+0xf9c/0x1a44 [ 35.142600][ T4220] mount_bdev+0x274/0x370 [ 35.143646][ T4220] udf_mount+0x44/0x58 [ 35.144560][ T4220] legacy_get_tree+0xd4/0x16c [ 35.145746][ T4220] vfs_get_tree+0x90/0x274 [ 35.146841][ T4220] do_new_mount+0x278/0x8fc [ 35.147804][ T4220] path_mount+0x590/0xe5c [ 35.148772][ T4220] __arm64_sys_mount+0x45c/0x594 [ 35.149901][ T4220] invoke_syscall+0x98/0x2c0 [ 35.150984][ T4220] el0_svc_common+0x138/0x258 [ 35.152023][ T4220] do_el0_svc+0x64/0x218 [ 35.152946][ T4220] el0_svc+0x58/0x168 [ 35.153919][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 35.155145][ T4220] el0t_64_sync+0x18c/0x190 [ 35.156275][ T4220] [ 35.156843][ T4220] The buggy address belongs to the object at ffff0000c3f06000 [ 35.156843][ T4220] which belongs to the cache kmalloc-1k of size 1024 [ 35.160508][ T4220] The buggy address is located 1008 bytes to the right of [ 35.160508][ T4220] 1024-byte region [ffff0000c3f06000, ffff0000c3f06400) [ 35.163753][ T4220] [ 35.164301][ T4220] The buggy address belongs to the physical page: [ 35.165811][ T4220] page:00000000283ac182 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f00 [ 35.168088][ T4220] head:00000000283ac182 order:3 compound_mapcount:0 compound_pincount:0 [ 35.170241][ T4220] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 35.172048][ T4220] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 35.174310][ T4220] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 35.176241][ T4220] page dumped because: kasan: bad access detected [ 35.177819][ T4220] [ 35.178304][ T4220] Memory state around the buggy address: [ 35.179606][ T4220] ffff0000c3f06680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.181428][ T4220] ffff0000c3f06700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.183202][ T4220] >ffff0000c3f06780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.185057][ T4220] ^ [ 35.186789][ T4220] ffff0000c3f06800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.188702][ T4220] ffff0000c3f06880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.190567][ T4220] ================================================================== [ 35.193000][ T4220] Disabling lock debugging due to kernel taint