====================================================== WARNING: the mand mount option is being deprecated and will be removed in v5.15! ====================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in udf_close_lvid+0x67c/0x770 fs/udf/super.c:2051 Write of size 1 at addr ffff8880b1a5efa0 by task syz-executor367/8079 CPU: 1 PID: 8079 Comm: syz-executor367 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_address_description.cold+0x54/0x219 mm/kasan/report.c:256 kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354 kasan_report mm/kasan/report.c:412 [inline] __asan_report_store1_noabort+0x88/0x90 mm/kasan/report.c:435 udf_close_lvid+0x67c/0x770 fs/udf/super.c:2051 udf_put_super+0x217/0x290 fs/udf/super.c:2361 generic_shutdown_super+0x144/0x370 fs/super.c:456 kill_block_super+0x97/0xf0 fs/super.c:1185 deactivate_locked_super+0x94/0x160 fs/super.c:329 deactivate_super+0x174/0x1a0 fs/super.c:360 cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098 task_work_run+0x148/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xbf3/0x2be0 kernel/exit.c:870 do_group_exit+0x125/0x310 kernel/exit.c:967 __do_sys_exit_group kernel/exit.c:978 [inline] __se_sys_exit_group kernel/exit.c:976 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:976 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fea65218b59 Code: Bad RIP value. RSP: 002b:00007ffdd300e188 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007fea6528e350 RCX: 00007fea65218b59 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007fea65288e40 R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007fea6528e350 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 Allocated by task 1: kmem_cache_alloc+0x122/0x370 mm/slab.c:3559 __d_alloc+0x2b/0xa10 fs/dcache.c:1612 d_alloc+0x4a/0x230 fs/dcache.c:1696 d_alloc_parallel+0xeb/0x19e0 fs/dcache.c:2443 __lookup_slow+0x18d/0x4a0 fs/namei.c:1655 lookup_slow fs/namei.c:1689 [inline] walk_component+0x7ac/0xda0 fs/namei.c:1811 lookup_last fs/namei.c:2274 [inline] path_lookupat+0x1ff/0x8d0 fs/namei.c:2319 filename_lookup+0x1ac/0x5a0 fs/namei.c:2349 user_path_at include/linux/namei.h:57 [inline] vfs_statx+0x113/0x210 fs/stat.c:185 vfs_lstat include/linux/fs.h:3137 [inline] __do_sys_newlstat fs/stat.c:350 [inline] __se_sys_newlstat+0x96/0x120 fs/stat.c:344 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 18: __cache_free mm/slab.c:3503 [inline] kmem_cache_free+0x7f/0x260 mm/slab.c:3765 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2584 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2864 [inline] rcu_process_callbacks+0x8ff/0x18b0 kernel/rcu/tree.c:2881 __do_softirq+0x265/0x980 kernel/softirq.c:292 The buggy address belongs to the object at ffff8880b1a5ee00 which belongs to the cache dentry of size 288 The buggy address is located 128 bytes to the right of 288-byte region [ffff8880b1a5ee00, ffff8880b1a5ef20) The buggy address belongs to the page: page:ffffea0002c69780 count:1 mapcount:0 mapping:ffff88813be45200 index:0x0 flags: 0xfff00000000100(slab) raw: 00fff00000000100 ffffea0002c6a308 ffffea0002c6a348 ffff88813be45200 raw: 0000000000000000 ffff8880b1a5e040 000000010000000b 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880b1a5ee80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880b1a5ef00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc >ffff8880b1a5ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8880b1a5f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880b1a5f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================