program: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB="009917593d44d685cf8176521846a9e90205b4b89c0ed49b3e1201fa4a79b0b9651316a89d7e4038e94e54fdffa25c529d1cb4e43bf7e12bd2a555681300b85d6621470c304d6ba5731161f3f1da1193a85525e8c9a5a95798070ca48fa7edcf62e37626480f673141bee1ea2522f8b61aac12f984c1216683ae80e6146169cfb7aa7c50dd4c52259faaee2fedc1077bda4c3e65d7005d0ab71db65617abeb3c51b056d955f1285ed9d26d7c910bf3291f6b349ce7eee33a31a484c31993effe39fcfa55e722a20bf90b2f43ffbfd19afaeb1d6e9683ce09f4c8eb9591f0772a12"], 0x1, 0xc3c, &(0x7f0000000d00)="$eJzs3V1sXGdaB/DnnWMndsqyU9qmXbpIsxSxaZoE56OtUVrkbIy1K0VtVMcLNyCP40kY1V+1nVVawSpIwA0Igoq0Ai7IDRIXXOQGCa0QirhZJECKQJUWgUSgabQSAmYFCysqYXRm3rHHbtK4+bLT/H5t/J8585w575n2OT4TzXsmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIL/30saGDaatHAQA8SK+NvzF02O9/AHiknPL+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA20tRxFuR4r2xVpps3+8YONGcO3d+YnTs5qsNpkhRiaJdX/4ZOHjo8JEXX3p5uJsfv/699rl4ffzUsdrx+dmFxcbSUmO6NjHXPD0/3dj0M9zt+hvtbb8Atdk3z02fObNUO3Tg8LqHz1dv7Hxsd/Xo8LP7nu/WToyOjY331PT13/HWPyLdu6fiU2RHFPHlSPGt/d9J9YioxN33wm2OHffbYPSV/dfeiYnRsfaOzDTrc8vlg6mSq/oiqj0rjXR75AH04l0ZibhQ/ncqB7y33L3xhfpifWqmUTtZX1xuLjfn51KlM9pyf6pRieEUsRARrWKrB8920x9FvBopbnzYSlMRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTx25Hi3cmhOJ37qt021yO+WOYrEW+VeSXFxXw/lQeI4Yjv+n0CD7W+KOJvIsV8aqXpbu+3zytPfLX2lbkz8z213fPKh/79wYPk3IRtbCCKmGqf8bfSnf9lFwAAAAAAAAAAAADwYBTxzUhxeXZPWojeOaXNubO1U/Wpmc6ngruf/a/ltVZWVlaqqZO1nEM5R3KezDmZcyHnhZwXc17KeTnnlZxXc17L2coZlbz9nLWcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhnmPQEAAAAAAAAAAAAAAAAAAHCPDUYRvxEp/v33v9b+Xulofy/9Z48OHz/xmd7vjH/mNs9T1h6IiG/G5r6Td0f+rvFUKf+59/sF3N5AFPH1/P1/v7zVgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALaFShTxK5HiG99rpUgRMRIxGZ28Vmz16AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0s5UxKuR4md/d2R1WV9EpPa/HXvKH0dipMj5RJmvxMjBdlZGjpU5EHFgC8YP3Lmlt995sz4z01h0ww033Fi9sdVHJgAAAAAAAAAAAAAAAAB4hKUi/j5S/OTvtVI1Is5Xb+x8bHf16PCz+54vomhfBCD11r8+fupY7fj87MJiY2mpMV2bmGuenp9ubHZzAyeac+fOT4yO3Zedua3B+zz+wYHj8wtvLzbP/sLyTR/fNXBsaml5sX765g/HYPRFDPUu2dse8MToWHvQM836XHvVVLnFAPsiapvdGR55u1IR/xsp3tv/7Xg8L8vX/+jv3Fvr/j/8xbV7P9y3Plf/d2wfPz57dPj4ruc2czttdqB7241XNsLYeM/ivjzKH+pZVs3j2vRzwyOq7P8XIsXP/1GRuj2U+/8HOveK1dr/+fpaTx3dkKu2qP+f6Fl2NB+1+vsiBpZnF/qfjhhYevud/c3Z+tnG2cbckUMvvzR85OUXj7zUvyNi4ExzpjG0dmvTrx0AAAAAAAAAAAAAAAAA3C/9qYgvRYpf+ru/XJ03nuf/faZzb23+X+/83z0bnqf3ugG3un3TuX63mdfXq9xmSkU8FSme/bNn2uNNscucd7hDu1IR3y/7afrL6Qt5We7/PLP/5v1/YUOu2qL5v4/3LLuQjxP/ESke/4Nn4gs9x4mNs3vLur+IFFM/8vlcFzvKuu7zdeZEdyYGl7VfixTvn1xf2503/cRa7cHN7hZspbL/ZyPFP/zW38aP5mXrr/9x8/7ftSFXbVH/P9m7TxGx9PY7b9ZnZhqLS5t+KeCRU/b/r0eKv/6Tb8dzednHXf+ne52fPc+tz8Fu0Rb1/1M9y6p5XD/2CV8LAAAAAAAAAAAAeFjsSkX8U6T48z/dl/bnZZv5/O/0hly1RZ//e7pn2fS6z//evxubfpEBAGCb6E9F/ESk+OPp66k7N/aW839fWZv/M7rxxL19Tv+D7Xn+n+hc/xPM/y+3mVIR/5fn9Q7dZl7vj0eKX/upfbku7S7rRrrDbf8ceG1+bv+xmZn50/Xl+tRMoza+UD/dKNfdGyn+9d8+n9ettOf5dudHd+YGr80J/p1I8XMfdGs7c4K7cymfXKs9WNbujxTff399bXfe1VNrtYfK2t+MFGP/ffPa3Wu1h8vaf4wU//lurVu7q6ztvp97eq32wOn5mY+8ZQMAAAAAAAAAAAAAAAAAAGDr9aciUqS48jOXVufGr7/+V/c6AOuv/7XR/fr+/+q92U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeCikKOK/IsV7Y610rSjvdwycaM6dOz8xOnbz1QZTpKhE0a4v/wwcPHT4yIsvvTzczY9f/177XLw+fupY7fj87MJiY2mpMV2bmGuenp9ubPoZ7nb9jfa2X4Da7Jvnps+cWaodOnB43cPnqzd2Pra7enT42X3Pd2snRsfGxntq+vrveOsfke7dU/EpsiOK+KtI8a3930n/XERU4u574TbHjvttMPrK/mvvxMToWHtHZpr1ueXywVTJVX0R1Z6VRro98gB68a6MRFyIiEo54L3l7o0v1BfrUzON2sn64nJzuTk/lyqd0Zb7U41KDKeIhYhoFVs9eLab/ijiSqS48WEr/UsRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTxZKR4d3Io3i86fdVum+sRXyzzlYi3yryS4mK+n8oDxHDEd/0+gYdaXxRxMlLMp1a6XuTeb59Xnvhq7StzZ+Z7arvnlQ/9+4MHybkJ29hAFPFB+4y/lT7w+xwAAAAAAAAAAAAAtrkiXo0Ul2f3pPb80NU5pc25s7VT9amZzsf6u5/9r+W1VlZWVqqpk7WcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhmVvP2ctZxDOUdynsw5mXMh54WcF3Neynk555WcV3Ney9nKGT4nDQAAAAAAAAAAAAAAAADAfVKJIn41Unzje620UnS+X3YyOnnNPFf4VPv/AAAA//84/iOE") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f0000000140)='2', 0x1, 0x8000c61) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) pwritev2(r3, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0xf4240}], 0x1, 0x800001, 0x0, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8}, @NFTA_CMP_DATA={0x4}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0xf5}]}}}]}]}], {0x14}}, 0x7c}}, 0x0) ioctl$LOOP_SET_STATUS(r4, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x2, 0x5, 0x12, 0x1d, "9e959f16b6787b08aa26f5ffffffffffffff4854c382ec6bcfeef4fb0efcc1d8a6078e998e203fd5f06439ffffebffac274de9d940bba55a1e92bbd4ce85450d", "f62507072b31cdfac4d4be5a0808000100000240000000000000020000000008", [0x5, 0x7]}) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x45c, 0x24, 0xd0f, 0x70bd28, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x2, 0x0, 0x1, 0x8001, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_PTAB={0x404, 0x3, [0xfffffff7, 0x7, 0x9e3, 0x5, 0x6, 0x0, 0x400, 0x5, 0x1, 0x0, 0x40, 0x80, 0x4, 0x82, 0xc022, 0x2, 0x1, 0x9, 0x1, 0x5, 0x6, 0x900, 0x61d88293, 0x0, 0x1, 0xffff6961, 0x5, 0x7, 0x6, 0x2, 0x2, 0x1, 0x0, 0x10001, 0x0, 0x0, 0x7, 0x6, 0x6f6, 0x4, 0x6, 0x2, 0x8, 0xfffffff8, 0x8001, 0x4, 0xff, 0x6, 0x0, 0x6, 0xe5, 0x2, 0x1, 0x8001, 0x8, 0x2, 0x6, 0xe1, 0x7ff, 0xffc, 0x5, 0x7fffffff, 0x2, 0x81, 0xe, 0x40400, 0x5, 0x6, 0x7ff, 0x75c, 0x4, 0x2d, 0x9, 0x3, 0x2, 0xfffffffa, 0x200, 0x8b40, 0x8000, 0x734, 0x10, 0x470, 0xfffffffa, 0x1, 0x8, 0x0, 0xc0, 0xfffff000, 0xee4, 0x0, 0x6, 0x6, 0x3b9, 0x5, 0x7ffe, 0x7fff, 0x1, 0x200, 0x0, 0x679e, 0x0, 0xa99, 0x8d, 0x4, 0x8, 0x0, 0x8db, 0x7, 0x0, 0x1, 0x65, 0x4, 0x3, 0xe, 0x2509, 0xa71, 0x4, 0x80000000, 0x2f, 0x7, 0x6, 0x6, 0x52, 0x8, 0xae, 0xf801, 0x7, 0xc, 0x7, 0x1ff, 0x5, 0xad2, 0x7, 0x1, 0x200, 0x0, 0xfffffe01, 0x5, 0x9, 0x96a, 0x1, 0x1, 0x0, 0x5, 0x6, 0xfff, 0xd77, 0x0, 0x0, 0x1, 0x2, 0x0, 0xd848, 0xe, 0x9a, 0xc90, 0xa2, 0x401, 0xa4b, 0x3, 0x68b, 0x100, 0x80, 0x7, 0x9, 0x9a5, 0xfffff126, 0x3, 0x2f5, 0x9, 0x6, 0x10, 0x8, 0x7, 0x7, 0xfffff6c5, 0x1193, 0x4, 0x9, 0x0, 0xb8a4, 0x7, 0xa6, 0x7, 0x35f5, 0x8, 0x9, 0x40, 0x6abb, 0x9, 0x6, 0x8, 0x9, 0xfb, 0x9, 0xfffffffe, 0x2, 0x3, 0xea, 0x1a4b, 0x1000, 0xf6d, 0x8001, 0xfffffba2, 0x6, 0x3ff, 0x5, 0xfffff001, 0x4, 0x80000001, 0x9, 0x2, 0x5984f9f, 0x5, 0x2, 0x4, 0x8, 0x5, 0x9, 0x84, 0x6, 0x1, 0x7, 0x3, 0x6, 0x8, 0x4, 0x1, 0x8, 0xd, 0x7, 0xb, 0x6, 0x7, 0x6, 0x1, 0x2, 0x3465, 0x7, 0xa, 0x8, 0x2, 0x101, 0x5, 0xebdb, 0x3, 0x0, 0x0, 0x7, 0x101000, 0x80, 0x509, 0xffff, 0x711, 0x0, 0x4]}]}}]}, 0x45c}}, 0x44080) r7 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000140000000000000000071800000900010073797a3000009cbd00003c020000000a010400000000000000000700000008000a40000000000900020073797a310000054000000021140000001100010000000000000000000084000a00"/118], 0x84}}, 0x0) sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2c}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r10, {}, {0xfff2, 0xa}, {0x2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xf}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x10}]}}]}, 0x48}}, 0x4000) r13 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(r13, &(0x7f0000002f80)=[{{&(0x7f0000000300)={0x2, 0x4e23, @remote}, 0x10, 0x0}}], 0x1, 0x0) r14 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) close(r14) bind$nfc_llcp(r14, &(0x7f0000000080)={0x27, 0x0, 0x1, 0x7, 0x0, 0x80, "75287ad1ee602ec4452a04ea7cdcd151bb2cd9893bc31f80718316d9bd3517076db9ad1f6a120d8be6d7f81cd81ec2757d0386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60) fcntl$dupfd(r8, 0x80c, r8) [ 86.323881][ T49] Bluetooth: hci0: command tx timeout [ 86.425489][ T53] cfg80211: failed to load regulatory.db [ 86.469971][ T5324] loop0: detected capacity change from 0 to 2048 [ 86.507514][ T5324] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 86.510553][ T5324] UDF-fs: Scanning with blocksize 512 failed [ 86.518502][ T5324] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 86.601108][ T5324] loop0: detected capacity change from 2048 to 2047 [ 86.645297][ T5324] ================================================================== [ 86.648389][ T5324] BUG: KASAN: slab-out-of-bounds in crc_itu_t+0x1d5/0x2b0 [ 86.651216][ T5324] Read of size 1 at addr ffff8880440007c0 by task syz.0.0/5324 [ 86.654220][ T5324] [ 86.655225][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0 [ 86.655239][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.655246][ T5324] Call Trace: [ 86.655254][ T5324] [ 86.655259][ T5324] dump_stack_lvl+0x241/0x360 [ 86.655282][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.655293][ T5324] ? __pfx__printk+0x10/0x10 [ 86.655303][ T5324] ? _printk+0xd5/0x120 [ 86.655311][ T5324] ? __virt_addr_valid+0x183/0x530 [ 86.655323][ T5324] ? __virt_addr_valid+0x183/0x530 [ 86.655332][ T5324] print_report+0x16e/0x5b0 [ 86.655345][ T5324] ? __virt_addr_valid+0x183/0x530 [ 86.655354][ T5324] ? __virt_addr_valid+0x183/0x530 [ 86.655363][ T5324] ? __virt_addr_valid+0x45f/0x530 [ 86.655373][ T5324] ? __phys_addr+0xba/0x170 [ 86.655389][ T5324] ? crc_itu_t+0x1d5/0x2b0 [ 86.655399][ T5324] kasan_report+0x143/0x180 [ 86.655411][ T5324] ? crc_itu_t+0x1d5/0x2b0 [ 86.655421][ T5324] crc_itu_t+0x1d5/0x2b0 [ 86.655430][ T5324] udf_update_tag+0x70/0x6a0 [ 86.655445][ T5324] ? __mark_inode_dirty+0x3db/0xe90 [ 86.655462][ T5324] udf_write_aext+0x4d8/0x7b0 [ 86.655473][ T5324] extent_trunc+0x2f7/0x4a0 [ 86.655487][ T5324] ? __pfx_extent_trunc+0x10/0x10 [ 86.655498][ T5324] ? udf_current_aext+0x519/0xad0 [ 86.655505][ T5324] udf_truncate_extents+0x6ed/0x1310 [ 86.655515][ T5324] ? __pfx_udf_truncate_extents+0x10/0x10 [ 86.655524][ T5324] ? __pfx_lock_release+0x10/0x10 [ 86.655533][ T5324] ? do_raw_spin_lock+0x14f/0x370 [ 86.655542][ T5324] ? do_raw_spin_unlock+0x58/0x8b0 [ 86.655551][ T5324] udf_setsize+0xaeb/0x1490 [ 86.655563][ T5324] ? __pfx_udf_setsize+0x10/0x10 [ 86.655578][ T5324] ? evict+0x4b8/0x9a0 [ 86.655587][ T5324] ? inode_wait_for_writeback+0x111/0x2a0 [ 86.655600][ T5324] ? __pfx_lock_release+0x10/0x10 [ 86.655617][ T5324] udf_evict_inode+0x7d/0x3e0 [ 86.655630][ T5324] ? evict+0x4df/0x9a0 [ 86.655639][ T5324] ? __pfx_udf_evict_inode+0x10/0x10 [ 86.655653][ T5324] evict+0x4e8/0x9a0 [ 86.655665][ T5324] ? __pfx_evict+0x10/0x10 [ 86.655677][ T5324] ? iput+0x713/0xa50 [ 86.655692][ T5324] __dentry_kill+0x20d/0x630 [ 86.655711][ T5324] ? dput+0x37/0x2b0 [ 86.655723][ T5324] dput+0x19f/0x2b0 [ 86.655737][ T5324] __fput+0x60b/0x9f0 [ 86.655753][ T5324] task_work_run+0x24f/0x310 [ 86.655764][ T5324] ? _raw_spin_unlock+0x28/0x50 [ 86.655819][ T5324] ? __pfx_task_work_run+0x10/0x10 [ 86.655827][ T5324] ? syscall_exit_to_user_mode+0xa3/0x340 [ 86.655837][ T5324] syscall_exit_to_user_mode+0x13f/0x340 [ 86.655847][ T5324] do_syscall_64+0x100/0x230 [ 86.655854][ T5324] ? clear_bhb_loop+0x35/0x90 [ 86.655869][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.655882][ T5324] RIP: 0033:0x7f8154b8d169 [ 86.655894][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.655903][ T5324] RSP: 002b:00007f8155992038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 86.655916][ T5324] RAX: 0000000000000000 RBX: 00007f8154da5fa0 RCX: 00007f8154b8d169 [ 86.655924][ T5324] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 86.655931][ T5324] RBP: 00007f8154c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 86.655937][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.655943][ T5324] R13: 0000000000000000 R14: 00007f8154da5fa0 R15: 00007ffef40097c8 [ 86.655952][ T5324] [ 86.655956][ T5324] [ 86.787180][ T5324] Allocated by task 5024: [ 86.788833][ T5324] kasan_save_track+0x3f/0x80 [ 86.790442][ T5324] __kasan_slab_alloc+0x66/0x80 [ 86.792294][ T5324] kmem_cache_alloc_noprof+0x1d9/0x380 [ 86.794337][ T5324] sk_prot_alloc+0x58/0x210 [ 86.796099][ T5324] sk_alloc+0x3e/0x370 [ 86.797761][ T5324] unix_create1+0xb4/0x7a0 [ 86.799447][ T5324] unix_create+0x14e/0x200 [ 86.801001][ T5324] __sock_create+0x4c0/0xa30 [ 86.802774][ T5324] __sys_socketpair+0x33e/0x720 [ 86.804894][ T5324] __x64_sys_socketpair+0x9b/0xb0 [ 86.806798][ T5324] do_syscall_64+0xf3/0x230 [ 86.808951][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.811217][ T5324] [ 86.812113][ T5324] The buggy address belongs to the object at ffff888044000000 [ 86.812113][ T5324] which belongs to the cache UNIX of size 1984 [ 86.816961][ T5324] The buggy address is located 0 bytes to the right of [ 86.816961][ T5324] allocated 1984-byte region [ffff888044000000, ffff8880440007c0) [ 86.822737][ T5324] [ 86.823731][ T5324] The buggy address belongs to the physical page: [ 86.825702][ T5324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888044002100 pfn:0x44000 [ 86.829418][ T5324] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 86.832564][ T5324] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff) [ 86.835783][ T5324] page_type: f5(slab) [ 86.837371][ T5324] raw: 04fff00000000240 ffff88801f046280 ffff8880332d1ac8 ffffea0001103210 [ 86.840323][ T5324] raw: ffff888044002100 00000000000f000d 00000000f5000000 0000000000000000 [ 86.843551][ T5324] head: 04fff00000000240 ffff88801f046280 ffff8880332d1ac8 ffffea0001103210 [ 86.847132][ T5324] head: ffff888044002100 00000000000f000d 00000000f5000000 0000000000000000 [ 86.850543][ T5324] head: 04fff00000000003 ffffea0001100001 ffffffffffffffff 0000000000000000 [ 86.853849][ T5324] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 86.857153][ T5324] page dumped because: kasan: bad access detected [ 86.859543][ T5324] page_owner tracks the page as allocated [ 86.861566][ T5324] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5024, tgid 5024 (dhcpcd), ts 48270385928, free_ts 46766594123 [ 86.869010][ T5324] post_alloc_hook+0x1f4/0x240 [ 86.870979][ T5324] get_page_from_freelist+0x365c/0x37a0 [ 86.873134][ T5324] __alloc_frozen_pages_noprof+0x292/0x710 [ 86.875427][ T5324] alloc_pages_mpol+0x311/0x660 [ 86.877431][ T5324] allocate_slab+0x8f/0x3a0 [ 86.879328][ T5324] ___slab_alloc+0xc27/0x14a0 [ 86.881225][ T5324] __slab_alloc+0x58/0xa0 [ 86.882847][ T5324] kmem_cache_alloc_noprof+0x268/0x380 [ 86.884979][ T5324] sk_prot_alloc+0x58/0x210 [ 86.887182][ T5324] sk_alloc+0x3e/0x370 [ 86.889097][ T5324] unix_create1+0xb4/0x7a0 [ 86.890854][ T5324] unix_create+0x14e/0x200 [ 86.892588][ T5324] __sock_create+0x4c0/0xa30 [ 86.894422][ T5324] __sys_socketpair+0x33e/0x720 [ 86.896278][ T5324] __x64_sys_socketpair+0x9b/0xb0 [ 86.898211][ T5324] do_syscall_64+0xf3/0x230 [ 86.900016][ T5324] page last free pid 5192 tgid 5192 stack trace: [ 86.902475][ T5324] free_frozen_pages+0xe0d/0x10e0 [ 86.904385][ T5324] __slab_free+0x2c2/0x380 [ 86.906106][ T5324] qlist_free_all+0x9a/0x140 [ 86.908148][ T5324] kasan_quarantine_reduce+0x14f/0x170 [ 86.910263][ T5324] __kasan_slab_alloc+0x23/0x80 [ 86.912219][ T5324] __kmalloc_noprof+0x236/0x4c0 [ 86.914052][ T5324] tomoyo_realpath_from_path+0xcf/0x5e0 [ 86.917238][ T5324] tomoyo_path_perm+0x2c0/0x610 [ 86.919423][ T5324] security_inode_getattr+0x130/0x330 [ 86.921546][ T5324] vfs_fstatat+0xa3/0x150 [ 86.923233][ T5324] __x64_sys_newfstatat+0x11d/0x1a0 [ 86.925212][ T5324] do_syscall_64+0xf3/0x230 [ 86.927083][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.929321][ T5324] [ 86.930324][ T5324] Memory state around the buggy address: [ 86.932490][ T5324] ffff888044000680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.935696][ T5324] ffff888044000700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.938859][ T5324] >ffff888044000780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 86.941769][ T5324] ^ [ 86.944052][ T5324] ffff888044000800: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 86.946982][ T5324] ffff888044000880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.949973][ T5324] ================================================================== [ 86.968985][ T5325] cover enable write trace failed, mode=0 [ 86.969019][ T5325] (errno 9) [ 86.976211][ T5324] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 86.979134][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0 [ 86.983043][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.987033][ T5324] Call Trace: [ 86.988340][ T5324] [ 86.989525][ T5324] dump_stack_lvl+0x241/0x360 [ 86.991443][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.993513][ T5324] ? __pfx__printk+0x10/0x10 [ 86.995351][ T5324] ? preempt_schedule+0xe1/0xf0 [ 86.997184][ T5324] ? vscnprintf+0x5d/0x90 [ 86.998927][ T5324] panic+0x349/0x880 [ 87.000458][ T5324] ? check_panic_on_warn+0x21/0xb0 [ 87.002387][ T5324] ? __pfx_panic+0x10/0x10 [ 87.004159][ T5324] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 87.006428][ T5324] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 87.008862][ T5324] ? print_report+0x519/0x5b0 [ 87.010725][ T5324] check_panic_on_warn+0x86/0xb0 [ 87.012665][ T5324] ? crc_itu_t+0x1d5/0x2b0 [ 87.014424][ T5324] end_report+0x77/0x160 [ 87.016064][ T5324] kasan_report+0x154/0x180 [ 87.017863][ T5324] ? crc_itu_t+0x1d5/0x2b0 [ 87.019608][ T5324] crc_itu_t+0x1d5/0x2b0 [ 87.021224][ T5324] udf_update_tag+0x70/0x6a0 [ 87.023027][ T5324] ? __mark_inode_dirty+0x3db/0xe90 [ 87.024877][ T5324] udf_write_aext+0x4d8/0x7b0 [ 87.026530][ T5324] extent_trunc+0x2f7/0x4a0 [ 87.028258][ T5324] ? __pfx_extent_trunc+0x10/0x10 [ 87.030109][ T5324] ? udf_current_aext+0x519/0xad0 [ 87.031864][ T5324] udf_truncate_extents+0x6ed/0x1310 [ 87.033902][ T5324] ? __pfx_udf_truncate_extents+0x10/0x10 [ 87.036011][ T5324] ? __pfx_lock_release+0x10/0x10 [ 87.037978][ T5324] ? do_raw_spin_lock+0x14f/0x370 [ 87.039940][ T5324] ? do_raw_spin_unlock+0x58/0x8b0 [ 87.041816][ T5324] udf_setsize+0xaeb/0x1490 [ 87.043518][ T5324] ? __pfx_udf_setsize+0x10/0x10 [ 87.045391][ T5324] ? evict+0x4b8/0x9a0 [ 87.051300][ T5324] ? inode_wait_for_writeback+0x111/0x2a0 [ 87.053509][ T5324] ? __pfx_lock_release+0x10/0x10 [ 87.055452][ T5324] udf_evict_inode+0x7d/0x3e0 [ 87.057284][ T5324] ? evict+0x4df/0x9a0 [ 87.058803][ T5324] ? __pfx_udf_evict_inode+0x10/0x10 [ 87.060820][ T5324] evict+0x4e8/0x9a0 [ 87.062347][ T5324] ? __pfx_evict+0x10/0x10 [ 87.064067][ T5324] ? iput+0x713/0xa50 [ 87.065681][ T5324] __dentry_kill+0x20d/0x630 [ 87.067482][ T5324] ? dput+0x37/0x2b0 [ 87.068972][ T5324] dput+0x19f/0x2b0 [ 87.070429][ T5324] __fput+0x60b/0x9f0 [ 87.071921][ T5324] task_work_run+0x24f/0x310 [ 87.073768][ T5324] ? _raw_spin_unlock+0x28/0x50 [ 87.075693][ T5324] ? __pfx_task_work_run+0x10/0x10 [ 87.077650][ T5324] ? syscall_exit_to_user_mode+0xa3/0x340 [ 87.079773][ T5324] syscall_exit_to_user_mode+0x13f/0x340 [ 87.081867][ T5324] do_syscall_64+0x100/0x230 [ 87.083472][ T5324] ? clear_bhb_loop+0x35/0x90 [ 87.085273][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.087573][ T5324] RIP: 0033:0x7f8154b8d169 [ 87.089322][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.096303][ T5324] RSP: 002b:00007f8155992038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 87.099536][ T5324] RAX: 0000000000000000 RBX: 00007f8154da5fa0 RCX: 00007f8154b8d169 [ 87.102648][ T5324] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 87.105557][ T5324] RBP: 00007f8154c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 87.108644][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.111522][ T5324] R13: 0000000000000000 R14: 00007f8154da5fa0 R15: 00007ffef40097c8 [ 87.114354][ T5324] [ 87.115877][ T5324] Kernel Offset: disabled [ 87.117523][ T5324] Rebooting in 86400 seconds..