audit: type=1804 audit(1612390676.725:1504): pid=20977 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir166428260/syzkaller.rbkIof/225/bus" dev="sda1" ino=15874 res=1 UDF-fs: bad mount option "„iPe^™Š(1ëçÑ„qP¢ âd§š·­" or missing value ================================================================== BUG: KASAN: use-after-free in memcpy include/linux/string.h:372 [inline] BUG: KASAN: use-after-free in memcpy_dir crypto/scatterwalk.c:28 [inline] BUG: KASAN: use-after-free in scatterwalk_copychunks+0x256/0x680 crypto/scatterwalk.c:43 Read of size 4096 at addr ffff88803b89d000 by task syz-executor.1/20962 CPU: 1 PID: 20962 Comm: syz-executor.1 Not tainted 4.14.218-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_address_description.cold+0x54/0x1d3 mm/kasan/report.c:252 kasan_report_error.cold+0x8a/0x191 mm/kasan/report.c:351 kasan_report+0x6f/0x80 mm/kasan/report.c:409 memcpy+0x20/0x50 mm/kasan/kasan.c:302 memcpy include/linux/string.h:372 [inline] memcpy_dir crypto/scatterwalk.c:28 [inline] scatterwalk_copychunks+0x256/0x680 crypto/scatterwalk.c:43 scatterwalk_map_and_copy crypto/scatterwalk.c:72 [inline] scatterwalk_map_and_copy+0x100/0x1a0 crypto/scatterwalk.c:60 gcmaes_encrypt.constprop.0+0x5b5/0xc00 arch/x86/crypto/aesni-intel_glue.c:778 UDF-fs: bad mount option "„iPe^™Š(1ëçÑ„qP¢ âd§š·­" or missing value The buggy address belongs to the page: page:ffffea0000ee2740 count:0 mapcount:0 mapping: (null) index:0x1 flags: 0xfff00000000000() raw: 00fff00000000000 0000000000000000 0000000000000001 00000000ffffffff raw: ffffea0000ef86a0 ffffea0000feeba0 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88803b89cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88803b89cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88803b89d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88803b89d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88803b89d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================