Warning: Permanently added '10.128.0.201' (ED25519) to the list of known hosts. executing program syzkaller login: [ 41.347913][ T3959] loop0: detected capacity change from 0 to 2048 [ 41.490755][ T3959] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 41.492673][ T3959] UDF-fs: Scanning with blocksize 512 failed [ 41.497256][ T3959] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 112: 0xb2 != 0xba [ 41.500484][ T3959] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 41.506023][ T3959] ================================================================== [ 41.507858][ T3959] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x578/0x668 [ 41.509561][ T3959] Write of size 4 at addr ffff0000c90767f8 by task syz-executor392/3959 [ 41.511298][ T3959] [ 41.511834][ T3959] CPU: 0 PID: 3959 Comm: syz-executor392 Not tainted 5.15.153-syzkaller #0 [ 41.513690][ T3959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 41.516011][ T3959] Call trace: [ 41.516731][ T3959] dump_backtrace+0x0/0x530 [ 41.517757][ T3959] show_stack+0x2c/0x3c [ 41.518688][ T3959] dump_stack_lvl+0x108/0x170 [ 41.519752][ T3959] print_address_description+0x7c/0x3f0 [ 41.521027][ T3959] kasan_report+0x174/0x1e4 [ 41.522006][ T3959] __asan_report_store_n_noabort+0x40/0x4c [ 41.523247][ T3959] udf_write_aext+0x578/0x668 [ 41.524291][ T3959] udf_add_entry+0x11e0/0x28b0 [ 41.525383][ T3959] udf_mkdir+0x158/0x7e0 [ 41.526296][ T3959] vfs_mkdir+0x350/0x514 [ 41.527231][ T3959] do_mkdirat+0x20c/0x610 [ 41.528209][ T3959] __arm64_sys_mkdirat+0x90/0xa8 [ 41.529298][ T3959] invoke_syscall+0x98/0x2b8 [ 41.530310][ T3959] el0_svc_common+0x138/0x258 [ 41.531379][ T3959] do_el0_svc+0x58/0x14c [ 41.532334][ T3959] el0_svc+0x7c/0x1f0 [ 41.533366][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 41.534469][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 41.535484][ T3959] [ 41.536024][ T3959] Allocated by task 3572: [ 41.536950][ T3959] ____kasan_kmalloc+0xbc/0xfc [ 41.538099][ T3959] __kasan_kmalloc+0x10/0x1c [ 41.539147][ T3959] kmem_cache_alloc_trace+0x27c/0x47c [ 41.540325][ T3959] syslog_print+0x10c/0x984 [ 41.541282][ T3959] do_syslog+0x7e8/0x8b4 [ 41.542264][ T3959] __arm64_sys_syslog+0x80/0x98 [ 41.543353][ T3959] invoke_syscall+0x98/0x2b8 [ 41.544332][ T3959] el0_svc_common+0x138/0x258 [ 41.545402][ T3959] do_el0_svc+0x58/0x14c [ 41.546310][ T3959] el0_svc+0x7c/0x1f0 [ 41.547195][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 41.548277][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 41.549329][ T3959] [ 41.549829][ T3959] The buggy address belongs to the object at ffff0000c9076000 [ 41.549829][ T3959] which belongs to the cache kmalloc-1k of size 1024 [ 41.552864][ T3959] The buggy address is located 1016 bytes to the right of [ 41.552864][ T3959] 1024-byte region [ffff0000c9076000, ffff0000c9076400) [ 41.556045][ T3959] The buggy address belongs to the page: [ 41.557299][ T3959] page:00000000810fbe8f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109070 [ 41.559531][ T3959] head:00000000810fbe8f order:3 compound_mapcount:0 compound_pincount:0 [ 41.561353][ T3959] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 41.563181][ T3959] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 41.565093][ T3959] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 41.567031][ T3959] page dumped because: kasan: bad access detected [ 41.568465][ T3959] [ 41.569047][ T3959] Memory state around the buggy address: [ 41.570180][ T3959] ffff0000c9076680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.572035][ T3959] ffff0000c9076700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.573752][ T3959] >ffff0000c9076780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.575593][ T3959] ^ [ 41.577455][ T3959] ffff0000c9076800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.579309][ T3959] ffff0000c9076880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.581123][ T3959] ================================================================== [ 41.582857][ T3959] Disabling lock debugging due to kernel taint