Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts. executing program [ 35.523521][ T4222] loop0: detected capacity change from 0 to 2048 [ 35.526931][ T4222] ======================================================= [ 35.526931][ T4222] WARNING: The mand mount option has been deprecated and [ 35.526931][ T4222] and is ignored by this kernel. Remove the mand [ 35.526931][ T4222] option from the mount to silence this warning. [ 35.526931][ T4222] ======================================================= [ 35.539897][ T4222] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 35.544727][ T4222] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 35.549971][ T4222] ================================================================== [ 35.552162][ T4222] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x578/0x668 [ 35.554204][ T4222] Write of size 4 at addr ffff0000c60d33f8 by task syz-executor205/4222 [ 35.556525][ T4222] [ 35.557105][ T4222] CPU: 1 PID: 4222 Comm: syz-executor205 Not tainted 6.1.90-syzkaller #0 [ 35.559408][ T4222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.562048][ T4222] Call trace: [ 35.562943][ T4222] dump_backtrace+0x1c8/0x1f4 [ 35.564222][ T4222] show_stack+0x2c/0x3c [ 35.565458][ T4222] dump_stack_lvl+0x108/0x170 [ 35.566704][ T4222] print_report+0x174/0x4c0 [ 35.567926][ T4222] kasan_report+0xd4/0x130 [ 35.569067][ T4222] __asan_report_store_n_noabort+0x28/0x34 [ 35.570650][ T4222] udf_write_aext+0x578/0x668 [ 35.571938][ T4222] udf_add_entry+0x11e0/0x28b0 [ 35.573218][ T4222] udf_mkdir+0x158/0x7e0 [ 35.574368][ T4222] vfs_mkdir+0x334/0x4e4 [ 35.575568][ T4222] do_mkdirat+0x220/0x510 [ 35.576726][ T4222] __arm64_sys_mkdirat+0x90/0xa8 [ 35.578077][ T4222] invoke_syscall+0x98/0x2c0 [ 35.579276][ T4222] el0_svc_common+0x138/0x258 [ 35.580508][ T4222] do_el0_svc+0x64/0x218 [ 35.581633][ T4222] el0_svc+0x58/0x168 [ 35.582681][ T4222] el0t_64_sync_handler+0x84/0xf0 [ 35.584012][ T4222] el0t_64_sync+0x18c/0x190 [ 35.585208][ T4222] [ 35.585812][ T4222] Allocated by task 3898: [ 35.586949][ T4222] kasan_set_track+0x4c/0x80 [ 35.588204][ T4222] kasan_save_alloc_info+0x24/0x30 [ 35.589568][ T4222] __kasan_kmalloc+0xac/0xc4 [ 35.590764][ T4222] __kmalloc_node_track_caller+0xd0/0x1c0 [ 35.592322][ T4222] __alloc_skb+0x180/0x580 [ 35.593462][ T4222] netlink_ack+0x2f4/0xf20 [ 35.594667][ T4222] netlink_rcv_skb+0x1ec/0x3b8 [ 35.595893][ T4222] rtnetlink_rcv+0x28/0x38 [ 35.597054][ T4222] netlink_unicast+0x65c/0x898 [ 35.598370][ T4222] netlink_sendmsg+0x834/0xb18 [ 35.599631][ T4222] ____sys_sendmsg+0x55c/0x848 [ 35.600925][ T4222] __sys_sendmsg+0x26c/0x33c [ 35.602130][ T4222] __arm64_sys_sendmsg+0x80/0x94 [ 35.603414][ T4222] invoke_syscall+0x98/0x2c0 [ 35.604696][ T4222] el0_svc_common+0x138/0x258 [ 35.605911][ T4222] do_el0_svc+0x64/0x218 [ 35.607034][ T4222] el0_svc+0x58/0x168 [ 35.608093][ T4222] el0t_64_sync_handler+0x84/0xf0 [ 35.609431][ T4222] el0t_64_sync+0x18c/0x190 [ 35.610677][ T4222] [ 35.611349][ T4222] Freed by task 3898: [ 35.612419][ T4222] kasan_set_track+0x4c/0x80 [ 35.613677][ T4222] kasan_save_free_info+0x38/0x5c [ 35.615060][ T4222] ____kasan_slab_free+0x144/0x1c0 [ 35.616422][ T4222] __kasan_slab_free+0x18/0x28 [ 35.617786][ T4222] __kmem_cache_free+0x2c0/0x4b4 [ 35.619062][ T4222] kfree+0xcc/0x1b8 [ 35.620053][ T4222] skb_release_data+0x488/0x6b0 [ 35.621365][ T4222] consume_skb+0xa0/0x178 [ 35.622557][ T4222] skb_free_datagram+0x20/0x30 [ 35.623828][ T4222] netlink_recvmsg+0x4a0/0xdf8 [ 35.625105][ T4222] ____sys_recvmsg+0x234/0x69c [ 35.626424][ T4222] __sys_recvmsg+0x27c/0x350 [ 35.627762][ T4222] __arm64_sys_recvmsg+0x80/0x94 [ 35.629139][ T4222] invoke_syscall+0x98/0x2c0 [ 35.630418][ T4222] el0_svc_common+0x138/0x258 [ 35.631716][ T4222] do_el0_svc+0x64/0x218 [ 35.632814][ T4222] el0_svc+0x58/0x168 [ 35.633862][ T4222] el0t_64_sync_handler+0x84/0xf0 [ 35.635224][ T4222] el0t_64_sync+0x18c/0x190 [ 35.636446][ T4222] [ 35.637054][ T4222] The buggy address belongs to the object at ffff0000c60d3000 [ 35.637054][ T4222] which belongs to the cache kmalloc-512 of size 512 [ 35.640846][ T4222] The buggy address is located 504 bytes to the right of [ 35.640846][ T4222] 512-byte region [ffff0000c60d3000, ffff0000c60d3200) [ 35.644567][ T4222] [ 35.645151][ T4222] The buggy address belongs to the physical page: [ 35.646921][ T4222] page:00000000c6614747 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d0 [ 35.649761][ T4222] head:00000000c6614747 order:2 compound_mapcount:0 compound_pincount:0 [ 35.652047][ T4222] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 35.654379][ T4222] raw: 05ffc00000010200 fffffc000312e900 dead000000000002 ffff0000c0002600 [ 35.656575][ T4222] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 35.658910][ T4222] page dumped because: kasan: bad access detected [ 35.660680][ T4222] [ 35.661285][ T4222] Memory state around the buggy address: [ 35.662843][ T4222] ffff0000c60d3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.664978][ T4222] ffff0000c60d3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.667055][ T4222] >ffff0000c60d3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.669187][ T4222] ^ [ 35.671371][ T4222] ffff0000c60d3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.673536][ T4222] ffff0000c60d3480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.675687][ T4222] ================================================================== [ 35.678356][ T4222] Disabling lock debugging due to kernel taint