DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2
forked to background, child pid 3172
[   22.159499][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0
[   22.171640][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   45.590367][ T3504] loop0: detected capacity change from 0 to 2048
[   45.602744][ T3504] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   45.615738][ T3504] ==================================================================
[   45.623934][ T3504] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x5e9/0x7a0
[   45.631513][ T3504] Write of size 4 at addr ffff888147215ff0 by task syz-executor388/3504
[   45.639856][ T3504] 
[   45.642235][ T3504] CPU: 0 PID: 3504 Comm: syz-executor388 Not tainted 5.15.110-syzkaller #0
[   45.650934][ T3504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   45.661335][ T3504] Call Trace:
[   45.664611][ T3504]  <TASK>
[   45.667539][ T3504]  dump_stack_lvl+0x1e3/0x2cb
[   45.672226][ T3504]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   45.677845][ T3504]  ? _printk+0xd1/0x111
[   45.681988][ T3504]  ? __wake_up_klogd+0xcc/0x100
[   45.686822][ T3504]  ? panic+0x84d/0x84d
[   45.690876][ T3504]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   45.696327][ T3504]  print_address_description+0x63/0x3b0
[   45.701863][ T3504]  ? udf_write_aext+0x5e9/0x7a0
[   45.706711][ T3504]  kasan_report+0x16b/0x1c0
[   45.711199][ T3504]  ? udf_write_aext+0x5e9/0x7a0
[   45.716041][ T3504]  udf_write_aext+0x5e9/0x7a0
[   45.720709][ T3504]  udf_add_entry+0x17b7/0x3350
[   45.725465][ T3504]  ? rcu_is_watching+0x11/0xa0
[   45.730216][ T3504]  ? udf_add_nondir+0x5d0/0x5d0
[   45.735059][ T3504]  ? udf_new_inode+0xaf9/0xf10
[   45.739841][ T3504]  ? d_alloc+0x194/0x1d0
[   45.744203][ T3504]  udf_mkdir+0x1a8/0xaa0
[   45.748444][ T3504]  ? udf_symlink+0x1690/0x1690
[   45.753201][ T3504]  ? from_kgid+0x1a3/0x730
[   45.757659][ T3504]  ? make_kgid+0x6f0/0x6f0
[   45.762175][ T3504]  ? inode_permission+0xf7/0x450
[   45.767114][ T3504]  ? bpf_lsm_inode_mkdir+0x5/0x10
[   45.772252][ T3504]  ? security_inode_mkdir+0xb4/0x100
[   45.777646][ T3504]  vfs_mkdir+0x419/0x640
[   45.782116][ T3504]  do_mkdirat+0x260/0x520
[   45.786586][ T3504]  ? vfs_mkdir+0x640/0x640
[   45.791012][ T3504]  ? getname_flags+0x1ec/0x4e0
[   45.795765][ T3504]  __x64_sys_mkdirat+0x85/0x90
[   45.800600][ T3504]  do_syscall_64+0x3d/0xb0
[   45.805055][ T3504]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   45.810949][ T3504] RIP: 0033:0x7f4f5ba74bd9
[   45.815359][ T3504] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   45.835093][ T3504] RSP: 002b:00007fff8dba01f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   45.843629][ T3504] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4f5ba74bd9
[   45.851603][ T3504] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 00000000ffffff9c
[   45.859785][ T3504] RBP: 00007f4f5ba341e0 R08: 0000000000000bfc R09: 0000000000000000
[   45.867776][ T3504] R10: 00007fff8dba00c0 R11: 0000000000000246 R12: 00007f4f5ba34270
[   45.876535][ T3504] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   45.884782][ T3504]  </TASK>
[   45.887821][ T3504] 
[   45.890377][ T3504] Allocated by task 1:
[   45.894529][ T3504]  ____kasan_kmalloc+0xba/0xf0
[   45.899287][ T3504]  kmem_cache_alloc_trace+0x143/0x290
[   45.904664][ T3504]  crtc_or_fake_commit+0xeb/0x300
[   45.909692][ T3504]  drm_atomic_helper_setup_commit+0xef7/0x12b0
[   45.915844][ T3504]  drm_atomic_helper_commit+0x5d/0x750
[   45.921287][ T3504]  drm_client_modeset_commit_atomic+0x664/0x7b0
[   45.927513][ T3504]  drm_client_modeset_commit_locked+0xdc/0x510
[   45.933653][ T3504]  drm_fb_helper_pan_display+0x375/0xc00
[   45.939281][ T3504]  fb_pan_display+0x3ac/0x680
[   45.943966][ T3504]  bit_update_start+0x49/0x1c0
[   45.948891][ T3504]  fbcon_switch+0x13e6/0x21b0
[   45.953596][ T3504]  redraw_screen+0x538/0xe70
[   45.958192][ T3504]  do_bind_con_driver+0xdb9/0xf40
[   45.963198][ T3504]  do_take_over_console+0x5d7/0x730
[   45.968374][ T3504]  do_fbcon_takeover+0x12f/0x230
[   45.973294][ T3504]  register_framebuffer+0x770/0xa20
[   45.978471][ T3504]  __drm_fb_helper_initial_config_and_unlock+0x144a/0x1e30
[   45.985668][ T3504]  drm_fbdev_client_hotplug+0x683/0x800
[   45.991216][ T3504]  drm_fbdev_generic_setup+0x191/0x410
[   45.996709][ T3504]  vkms_init+0x597/0x6c6
[   46.001072][ T3504]  do_one_initcall+0x22b/0x7a0
[   46.005853][ T3504]  do_initcall_level+0x157/0x207
[   46.010780][ T3504]  do_initcalls+0x49/0x86
[   46.015107][ T3504]  kernel_init_freeable+0x43c/0x5c5
[   46.020295][ T3504]  kernel_init+0x19/0x290
[   46.024782][ T3504]  ret_from_fork+0x1f/0x30
[   46.029181][ T3504] 
[   46.031521][ T3504] The buggy address belongs to the object at ffff888147215c00
[   46.031521][ T3504]  which belongs to the cache kmalloc-512 of size 512
[   46.045741][ T3504] The buggy address is located 496 bytes to the right of
[   46.045741][ T3504]  512-byte region [ffff888147215c00, ffff888147215e00)
[   46.059870][ T3504] The buggy address belongs to the page:
[   46.065483][ T3504] page:ffffea00051c8500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x147214
[   46.075723][ T3504] head:ffffea00051c8500 order:2 compound_mapcount:0 compound_pincount:0
[   46.084128][ T3504] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[   46.092196][ T3504] raw: 057ff00000010200 dead000000000100 dead000000000122 ffff888011c41c80
[   46.100855][ T3504] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   46.109512][ T3504] page dumped because: kasan: bad access detected
[   46.116010][ T3504] page_owner tracks the page as allocated
[   46.121716][ T3504] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 5880181811, free_ts 0
[   46.139765][ T3504]  get_page_from_freelist+0x322a/0x33c0
[   46.145312][ T3504]  __alloc_pages+0x272/0x700
[   46.151926][ T3504]  alloc_page_interleave+0x22/0x1c0
[   46.157391][ T3504]  new_slab+0xbb/0x4b0
[   46.161526][ T3504]  ___slab_alloc+0x6f6/0xe10
[   46.166334][ T3504]  kmem_cache_alloc_trace+0x1a0/0x290
[   46.171700][ T3504]  crtc_or_fake_commit+0xeb/0x300
[   46.176743][ T3504]  drm_atomic_helper_setup_commit+0xef7/0x12b0
[   46.183059][ T3504]  drm_atomic_helper_commit+0x5d/0x750
[   46.188534][ T3504]  drm_client_modeset_commit_atomic+0x664/0x7b0
[   46.194875][ T3504]  drm_client_modeset_commit_locked+0xdc/0x510
[   46.201305][ T3504]  drm_fb_helper_pan_display+0x375/0xc00
[   46.206930][ T3504]  fb_pan_display+0x3ac/0x680
[   46.211608][ T3504]  bit_update_start+0x49/0x1c0
[   46.216353][ T3504]  fbcon_switch+0x13e6/0x21b0
[   46.221033][ T3504]  redraw_screen+0x538/0xe70
[   46.225625][ T3504] page_owner free stack trace missing
[   46.230969][ T3504] 
[   46.233280][ T3504] Memory state around the buggy address:
[   46.238973][ T3504]  ffff888147215e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   46.247015][ T3504]  ffff888147215f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   46.255096][ T3504] >ffff888147215f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   46.263143][ T3504]                                                              ^
[   46.270929][ T3504]  ffff888147216000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.279074][ T3504]  ffff888147216080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.287288][ T3504] ==================================================================
[   46.295337][ T3504] Disabling lock debugging due to kernel taint
[   46.301758][ T3504] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   46.309038][ T3504] CPU: 0 PID: 3504 Comm: syz-executor388 Tainted: G    B             5.15.110-syzkaller #0
[   46.323259][ T3504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   46.333684][ T3504] Call Trace:
[   46.336973][ T3504]  <TASK>
[   46.339894][ T3504]  dump_stack_lvl+0x1e3/0x2cb
[   46.344561][ T3504]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   46.350181][ T3504]  ? panic+0x84d/0x84d
[   46.354250][ T3504]  ? rcu_is_watching+0x11/0xa0
[   46.359057][ T3504]  ? preempt_schedule_common+0xa6/0xd0
[   46.364590][ T3504]  panic+0x318/0x84d
[   46.368492][ T3504]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   46.374800][ T3504]  ? check_panic_on_warn+0x1d/0xa0
[   46.379892][ T3504]  ? fb_is_primary_device+0xcc/0xcc
[   46.385092][ T3504]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   46.391144][ T3504]  ? _raw_spin_unlock+0x40/0x40
[   46.395980][ T3504]  check_panic_on_warn+0x7e/0xa0
[   46.401006][ T3504]  ? udf_write_aext+0x5e9/0x7a0
[   46.405854][ T3504]  end_report+0x6d/0xf0
[   46.410022][ T3504]  kasan_report+0x18e/0x1c0
[   46.414622][ T3504]  ? udf_write_aext+0x5e9/0x7a0
[   46.419640][ T3504]  udf_write_aext+0x5e9/0x7a0
[   46.424564][ T3504]  udf_add_entry+0x17b7/0x3350
[   46.429331][ T3504]  ? rcu_is_watching+0x11/0xa0
[   46.434104][ T3504]  ? udf_add_nondir+0x5d0/0x5d0
[   46.438955][ T3504]  ? udf_new_inode+0xaf9/0xf10
[   46.443702][ T3504]  ? d_alloc+0x194/0x1d0
[   46.447928][ T3504]  udf_mkdir+0x1a8/0xaa0
[   46.452162][ T3504]  ? udf_symlink+0x1690/0x1690
[   46.456913][ T3504]  ? from_kgid+0x1a3/0x730
[   46.461311][ T3504]  ? make_kgid+0x6f0/0x6f0
[   46.465717][ T3504]  ? inode_permission+0xf7/0x450
[   46.470751][ T3504]  ? bpf_lsm_inode_mkdir+0x5/0x10
[   46.475793][ T3504]  ? security_inode_mkdir+0xb4/0x100
[   46.481185][ T3504]  vfs_mkdir+0x419/0x640
[   46.485441][ T3504]  do_mkdirat+0x260/0x520
[   46.489754][ T3504]  ? vfs_mkdir+0x640/0x640
[   46.494152][ T3504]  ? getname_flags+0x1ec/0x4e0
[   46.499107][ T3504]  __x64_sys_mkdirat+0x85/0x90
[   46.503858][ T3504]  do_syscall_64+0x3d/0xb0
[   46.508267][ T3504]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   46.514139][ T3504] RIP: 0033:0x7f4f5ba74bd9
[   46.518533][ T3504] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   46.538300][ T3504] RSP: 002b:00007fff8dba01f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   46.546702][ T3504] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4f5ba74bd9
[   46.554779][ T3504] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 00000000ffffff9c
[   46.562832][ T3504] RBP: 00007f4f5ba341e0 R08: 0000000000000bfc R09: 0000000000000000
[   46.570803][ T3504] R10: 00007fff8dba00c0 R11: 0000000000000246 R12: 00007f4f5ba34270
[   46.580778][ T3504] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   46.588751][ T3504]  </TASK>
[   46.591940][ T3504] Kernel Offset: disabled
[   46.596352][ T3504] Rebooting in 86400 seconds..