Warning: Permanently added '10.128.1.188' (ED25519) to the list of known hosts.
executing program
[   51.854130][ T3498] loop0: detected capacity change from 0 to 2048
[   51.942059][ T3498] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   51.961299][ T3498] ==================================================================
[   51.969520][ T3498] BUG: KASAN: slab-out-of-bounds in udf_readdir+0xcaa/0x2170
[   51.976993][ T3498] Write of size 201 at addr ffff88801e4c3a36 by task syz-executor330/3498
[   51.985574][ T3498] 
[   51.987891][ T3498] CPU: 1 PID: 3498 Comm: syz-executor330 Not tainted 5.15.155-syzkaller #0
[   51.996569][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   52.006624][ T3498] Call Trace:
[   52.009901][ T3498]  <TASK>
[   52.012920][ T3498]  dump_stack_lvl+0x1e3/0x2d0
[   52.017609][ T3498]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   52.023257][ T3498]  ? _printk+0xd1/0x120
[   52.027419][ T3498]  ? __wake_up_klogd+0xcc/0x100
[   52.032289][ T3498]  ? panic+0x860/0x860
[   52.036372][ T3498]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   52.041857][ T3498]  print_address_description+0x63/0x3b0
[   52.047439][ T3498]  ? udf_readdir+0xcaa/0x2170
[   52.052119][ T3498]  kasan_report+0x16b/0x1c0
[   52.056626][ T3498]  ? udf_readdir+0xcaa/0x2170
[   52.061305][ T3498]  kasan_check_range+0x27e/0x290
[   52.066250][ T3498]  ? udf_readdir+0xcaa/0x2170
[   52.071008][ T3498]  memcpy+0x3c/0x60
[   52.074932][ T3498]  udf_readdir+0xcaa/0x2170
[   52.079478][ T3498]  ? load_block_bitmap+0x4d0/0x4d0
[   52.084600][ T3498]  ? load_block_bitmap+0x4d0/0x4d0
[   52.089741][ T3498]  ? __fdget_pos+0x2cb/0x380
[   52.094334][ T3498]  ? end_current_label_crit_section+0x147/0x170
[   52.100594][ T3498]  ? iterate_dir+0x10a/0x570
[   52.105194][ T3498]  ? iterate_dir+0x10a/0x570
[   52.109778][ T3498]  ? fsnotify_perm+0x438/0x5a0
[   52.114563][ T3498]  iterate_dir+0x224/0x570
[   52.118980][ T3498]  ? load_block_bitmap+0x4d0/0x4d0
[   52.124097][ T3498]  __se_sys_getdents64+0x209/0x4f0
[   52.129320][ T3498]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   52.135314][ T3498]  ? __x64_sys_getdents64+0x80/0x80
[   52.140509][ T3498]  ? filldir+0x720/0x720
[   52.144752][ T3498]  ? syscall_enter_from_user_mode+0x2e/0x240
[   52.150753][ T3498]  ? lockdep_hardirqs_on+0x94/0x130
[   52.155950][ T3498]  ? syscall_enter_from_user_mode+0x2e/0x240
[   52.161924][ T3498]  do_syscall_64+0x3b/0xb0
[   52.166335][ T3498]  ? clear_bhb_loop+0x15/0x70
[   52.171014][ T3498]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   52.176920][ T3498] RIP: 0033:0x7f7d5ffe4b39
[   52.181358][ T3498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   52.200966][ T3498] RSP: 002b:00007ffd13bb6558 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   52.209385][ T3498] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f7d5ffe4b39
[   52.217375][ T3498] RDX: 0000000000001000 RSI: 0000000020000f80 RDI: 0000000000000005
[   52.225345][ T3498] RBP: 00007f7d60058610 R08: 0000000000000000 R09: 00007ffd13bb6728
[   52.233323][ T3498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.241298][ T3498] R13: 00007ffd13bb6718 R14: 0000000000000001 R15: 0000000000000001
[   52.249310][ T3498]  </TASK>
[   52.252332][ T3498] 
[   52.254666][ T3498] Allocated by task 3498:
[   52.258999][ T3498]  ____kasan_kmalloc+0xba/0xf0
[   52.263761][ T3498]  kmem_cache_alloc_trace+0x143/0x290
[   52.269138][ T3498]  udf_readdir+0xbc6/0x2170
[   52.273926][ T3498]  iterate_dir+0x224/0x570
[   52.278358][ T3498]  __se_sys_getdents64+0x209/0x4f0
[   52.283465][ T3498]  do_syscall_64+0x3b/0xb0
[   52.287879][ T3498]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   52.293806][ T3498] 
[   52.296142][ T3498] The buggy address belongs to the object at ffff88801e4c3a00
[   52.296142][ T3498]  which belongs to the cache kmalloc-256 of size 256
[   52.310186][ T3498] The buggy address is located 54 bytes inside of
[   52.310186][ T3498]  256-byte region [ffff88801e4c3a00, ffff88801e4c3b00)
[   52.323372][ T3498] The buggy address belongs to the page:
[   52.329002][ T3498] page:ffffea0000793080 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e4c2
[   52.339143][ T3498] head:ffffea0000793080 order:1 compound_mapcount:0
[   52.345720][ T3498] flags: 0xfff80000010200(slab|head|node=0|zone=1|lastcpupid=0xfff)
[   52.353706][ T3498] raw: 00fff80000010200 ffffea000511ef00 0000000600000006 ffff888011c41b40
[   52.362279][ T3498] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   52.370877][ T3498] page dumped because: kasan: bad access detected
[   52.377455][ T3498] page_owner tracks the page as allocated
[   52.383181][ T3498] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 11209578772, free_ts 0
[   52.399751][ T3498]  get_page_from_freelist+0x322a/0x33c0
[   52.405303][ T3498]  __alloc_pages+0x272/0x700
[   52.409891][ T3498]  alloc_page_interleave+0x22/0x1c0
[   52.415103][ T3498]  new_slab+0xbb/0x4b0
[   52.419168][ T3498]  ___slab_alloc+0x6f6/0xe10
[   52.423755][ T3498]  kmem_cache_alloc_trace+0x1a0/0x290
[   52.429133][ T3498]  usb_string+0x10f/0x790
[   52.433572][ T3498]  usb_cache_string+0x79/0xf0
[   52.438242][ T3498]  usb_new_device+0x389/0x18e0
[   52.443121][ T3498]  register_root_hub+0x25f/0x540
[   52.448071][ T3498]  usb_add_hcd+0xc4e/0x1250
[   52.452563][ T3498]  vhci_hcd_probe+0x1f0/0x3b0
[   52.457375][ T3498]  platform_probe+0x131/0x1b0
[   52.462060][ T3498]  really_probe+0x24e/0xb60
[   52.466562][ T3498]  __driver_probe_device+0x1a2/0x3d0
[   52.471862][ T3498]  driver_probe_device+0x50/0x420
[   52.476878][ T3498] page_owner free stack trace missing
[   52.482238][ T3498] 
[   52.484568][ T3498] Memory state around the buggy address:
[   52.490186][ T3498]  ffff88801e4c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.498274][ T3498]  ffff88801e4c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   52.506342][ T3498] >ffff88801e4c3a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06
[   52.514392][ T3498]                                                                 ^
[   52.522361][ T3498]  ffff88801e4c3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.530417][ T3498]  ffff88801e4c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.538576][ T3498] ==================================================================
[   52.546650][ T3498] Disabling lock debugging due to kernel taint
[   52.553745][ T3498] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   52.560950][ T3498] CPU: 1 PID: 3498 Comm: syz-executor330 Tainted: G    B             5.15.155-syzkaller #0
[   52.570935][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   52.580980][ T3498] Call Trace:
[   52.584269][ T3498]  <TASK>
[   52.587191][ T3498]  dump_stack_lvl+0x1e3/0x2d0
[   52.591865][ T3498]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   52.597490][ T3498]  ? panic+0x860/0x860
[   52.601932][ T3498]  ? preempt_schedule_common+0xa6/0xd0
[   52.607383][ T3498]  ? preempt_schedule+0xd9/0xe0
[   52.612242][ T3498]  panic+0x318/0x860
[   52.616130][ T3498]  ? check_panic_on_warn+0x1d/0xa0
[   52.621234][ T3498]  ? fb_is_primary_device+0xd0/0xd0
[   52.626422][ T3498]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   52.632569][ T3498]  ? _raw_spin_unlock+0x40/0x40
[   52.637411][ T3498]  ? print_memory_metadata+0xe2/0x140
[   52.642787][ T3498]  check_panic_on_warn+0x7e/0xa0
[   52.647715][ T3498]  ? udf_readdir+0xcaa/0x2170
[   52.652380][ T3498]  end_report+0x6d/0xf0
[   52.656547][ T3498]  kasan_report+0x18e/0x1c0
[   52.661083][ T3498]  ? udf_readdir+0xcaa/0x2170
[   52.665761][ T3498]  kasan_check_range+0x27e/0x290
[   52.670701][ T3498]  ? udf_readdir+0xcaa/0x2170
[   52.675373][ T3498]  memcpy+0x3c/0x60
[   52.679187][ T3498]  udf_readdir+0xcaa/0x2170
[   52.683726][ T3498]  ? load_block_bitmap+0x4d0/0x4d0
[   52.689029][ T3498]  ? load_block_bitmap+0x4d0/0x4d0
[   52.694147][ T3498]  ? __fdget_pos+0x2cb/0x380
[   52.698745][ T3498]  ? end_current_label_crit_section+0x147/0x170
[   52.704985][ T3498]  ? iterate_dir+0x10a/0x570
[   52.709575][ T3498]  ? iterate_dir+0x10a/0x570
[   52.714158][ T3498]  ? fsnotify_perm+0x438/0x5a0
[   52.718944][ T3498]  iterate_dir+0x224/0x570
[   52.723365][ T3498]  ? load_block_bitmap+0x4d0/0x4d0
[   52.728644][ T3498]  __se_sys_getdents64+0x209/0x4f0
[   52.733835][ T3498]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   52.739806][ T3498]  ? __x64_sys_getdents64+0x80/0x80
[   52.745019][ T3498]  ? filldir+0x720/0x720
[   52.749255][ T3498]  ? syscall_enter_from_user_mode+0x2e/0x240
[   52.755226][ T3498]  ? lockdep_hardirqs_on+0x94/0x130
[   52.760417][ T3498]  ? syscall_enter_from_user_mode+0x2e/0x240
[   52.766392][ T3498]  do_syscall_64+0x3b/0xb0
[   52.770797][ T3498]  ? clear_bhb_loop+0x15/0x70
[   52.775462][ T3498]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   52.781348][ T3498] RIP: 0033:0x7f7d5ffe4b39
[   52.785756][ T3498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   52.805439][ T3498] RSP: 002b:00007ffd13bb6558 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   52.813845][ T3498] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f7d5ffe4b39
[   52.821806][ T3498] RDX: 0000000000001000 RSI: 0000000020000f80 RDI: 0000000000000005
[   52.829854][ T3498] RBP: 00007f7d60058610 R08: 0000000000000000 R09: 00007ffd13bb6728
[   52.837818][ T3498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.845775][ T3498] R13: 00007ffd13bb6718 R14: 0000000000000001 R15: 0000000000000001
[   52.853777][ T3498]  </TASK>
[   52.857098][ T3498] Kernel Offset: disabled
[   52.861507][ T3498] Rebooting in 86400 seconds..