FAT-fs (loop2): invalid media value (0xad) FAT-fs (loop2): Can't find a valid FAT filesystem EXT4-fs (loop3): Unrecognized mount option "ÿÿÿÿ" or missing value ================================================================== BUG: KASAN: slab-out-of-bounds in nla_strlcpy+0x13d/0x150 lib/nlattr.c:314 Read of size 1 at addr ffff8801c612a21d by task syz-executor4/25536 CPU: 0 PID: 25536 Comm: syz-executor4 Not tainted 4.17.0-rc6+ #64 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 FAT-fs (loop2): Unrecognized mount option "e†rors=inue" or missing value Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 __asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:430 nla_strlcpy+0x13d/0x150 lib/nlattr.c:314 nfnl_acct_new+0x574/0xc50 net/netfilter/nfnetlink_acct.c:118 nfnetlink_rcv_msg+0xdb5/0xff0 net/netfilter/nfnetlink.c:212 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2448 nfnetlink_rcv+0x1fe/0x1ba0 net/netfilter/nfnetlink.c:513 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x58b/0x740 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x9f0/0xfa0 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:639 sock_write_iter+0x35a/0x5a0 net/socket.c:908 call_write_iter include/linux/fs.h:1784 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x64d/0x960 fs/read_write.c:487 vfs_write+0x1f8/0x560 fs/read_write.c:549 ksys_write+0xf9/0x250 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:607 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007fe30fc1fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fe30fc206d4 RCX: 0000000000455a09 RDX: 000000000000001f RSI: 0000000020390000 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 000000000000077b R14: 00000000006ff428 R15: 0000000000000000 Allocated by task 23309: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490 kmem_cache_alloc+0x12e/0x760 mm/slab.c:3554 kmem_cache_zalloc include/linux/slab.h:691 [inline] get_empty_filp+0x125/0x520 fs/file_table.c:122 path_openat+0x116/0x4e20 fs/namei.c:3477 do_filp_open+0x249/0x350 fs/namei.c:3535 do_sys_open+0x56f/0x740 fs/open.c:1093 __do_sys_open fs/open.c:1111 [inline] __se_sys_open fs/open.c:1106 [inline] __x64_sys_open+0x7e/0xc0 fs/open.c:1106 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 0: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kmem_cache_free+0x86/0x2d0 mm/slab.c:3756 file_free_rcu+0x6f/0x90 fs/file_table.c:49 __rcu_reclaim kernel/rcu/rcu.h:178 [inline] rcu_do_batch kernel/rcu/tree.c:2675 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2930 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2897 [inline] rcu_process_callbacks+0x941/0x15f0 kernel/rcu/tree.c:2914 __do_softirq+0x2e0/0xaf5 kernel/softirq.c:285 The buggy address belongs to the object at ffff8801c612a000 which belongs to the cache filp of size 456 The buggy address is located 85 bytes to the right of 456-byte region [ffff8801c612a000, ffff8801c612a1c8) The buggy address belongs to the page: page:ffffea0007184a80 count:1 mapcount:0 mapping:ffff8801c612a000 index:0xffff8801c612a780 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffff8801c612a000 ffff8801c612a780 0000000100000003 raw: ffffea00071a65e0 ffffea00073970e0 ffff8801da988940 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801c612a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801c612a180: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc >ffff8801c612a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8801c612a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801c612a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================