program: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="2000000010000104000000000000000000480000", @ANYRES32=r1, @ANYBLOB="ae1e0200"], 0x20}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240), 0x0, 0x0) r3 = landlock_create_ruleset(&(0x7f0000000080)={0x4009, 0x2, 0x3}, 0xffffffdd, 0x0) landlock_restrict_self(r3, 0x0) ioctl$UI_END_FF_ERASE(0xffffffffffffffff, 0x400c55cb, &(0x7f0000000000)={0xc, 0xbac4, 0x7}) umount2(&(0x7f0000000380)='./file0/file0\x00', 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB="009917593d44d685cf8176521846a9e90205b4b89c0ed49b3e1201fa4a79b0b9651316a89d7e4038e94e54fdffa25c529d1cb4e43bf7e12bd2a555681300b85d6621470c304d6ba5731161f3f1da1193a85525e8c9a5a95798070ca48fa7edcf62e37626480f673141bee1ea2522f8b61aac12f984c1216683ae80e6146169cfb7aa7c50dd4c52259faaee2fedc1077bda4c3e65d7005d0ab71db65617abeb3c51b056d955f1285ed9d26d7c910bf3291f6b349ce7eee33a31a484c31993effe39fcfa55e722a20bf90b2f43ffbfd19afaeb1d6e9683ce09f4c8eb9591f0772a12"], 0x1, 0xc3c, &(0x7f0000000d00)="$eJzs3V1sXGdaB/DnnWMndsqyU9qmXbpIsxSxaZoE56OtUVrkbIy1K0VtVMcLNyCP40kY1V+1nVVawSpIwA0Igoq0Ai7IDRIXXOQGCa0QirhZJECKQJUWgUSgabQSAmYFCysqYXRm3rHHbtK4+bLT/H5t/J8585w575n2OT4TzXsmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIL/30saGDaatHAQA8SK+NvzF02O9/AHiknPL+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA20tRxFuR4r2xVpps3+8YONGcO3d+YnTs5qsNpkhRiaJdX/4ZOHjo8JEXX3p5uJsfv/699rl4ffzUsdrx+dmFxcbSUmO6NjHXPD0/3dj0M9zt+hvtbb8Atdk3z02fObNUO3Tg8LqHz1dv7Hxsd/Xo8LP7nu/WToyOjY331PT13/HWPyLdu6fiU2RHFPHlSPGt/d9J9YioxN33wm2OHffbYPSV/dfeiYnRsfaOzDTrc8vlg6mSq/oiqj0rjXR75AH04l0ZibhQ/ncqB7y33L3xhfpifWqmUTtZX1xuLjfn51KlM9pyf6pRieEUsRARrWKrB8920x9FvBopbnzYSlMRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTx25Hi3cmhOJ37qt021yO+WOYrEW+VeSXFxXw/lQeI4Yjv+n0CD7W+KOJvIsV8aqXpbu+3zytPfLX2lbkz8z213fPKh/79wYPk3IRtbCCKmGqf8bfSnf9lFwAAAAAAAAAAAADwYBTxzUhxeXZPWojeOaXNubO1U/Wpmc6ngruf/a/ltVZWVlaqqZO1nEM5R3KezDmZcyHnhZwXc17KeTnnlZxXc17L2coZlbz9nLWcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhnmPQEAAAAAAAAAAAAAAAAAAHCPDUYRvxEp/v33v9b+Xulofy/9Z48OHz/xmd7vjH/mNs9T1h6IiG/G5r6Td0f+rvFUKf+59/sF3N5AFPH1/P1/v7zVgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALaFShTxK5HiG99rpUgRMRIxGZ28Vmz16AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0s5UxKuR4md/d2R1WV9EpPa/HXvKH0dipMj5RJmvxMjBdlZGjpU5EHFgC8YP3Lmlt995sz4z01h0ww033Fi9sdVHJgAAAAAAAAAAAAAAAAB4hKUi/j5S/OTvtVI1Is5Xb+x8bHf16PCz+54vomhfBCD11r8+fupY7fj87MJiY2mpMV2bmGuenp9ubHZzAyeac+fOT4yO3Zedua3B+zz+wYHj8wtvLzbP/sLyTR/fNXBsaml5sX765g/HYPRFDPUu2dse8MToWHvQM836XHvVVLnFAPsiapvdGR55u1IR/xsp3tv/7Xg8L8vX/+jv3Fvr/j/8xbV7P9y3Plf/d2wfPz57dPj4ruc2czttdqB7241XNsLYeM/ivjzKH+pZVs3j2vRzwyOq7P8XIsXP/1GRuj2U+/8HOveK1dr/+fpaTx3dkKu2qP+f6Fl2NB+1+vsiBpZnF/qfjhhYevud/c3Z+tnG2cbckUMvvzR85OUXj7zUvyNi4ExzpjG0dmvTrx0AAAAAAAAAAAAAAAAA3C/9qYgvRYpf+ru/XJ03nuf/faZzb23+X+/83z0bnqf3ugG3un3TuX63mdfXq9xmSkU8FSme/bNn2uNNscucd7hDu1IR3y/7afrL6Qt5We7/PLP/5v1/YUOu2qL5v4/3LLuQjxP/ESke/4Nn4gs9x4mNs3vLur+IFFM/8vlcFzvKuu7zdeZEdyYGl7VfixTvn1xf2503/cRa7cHN7hZspbL/ZyPFP/zW38aP5mXrr/9x8/7ftSFXbVH/P9m7TxGx9PY7b9ZnZhqLS5t+KeCRU/b/r0eKv/6Tb8dzednHXf+ne52fPc+tz8Fu0Rb1/1M9y6p5XD/2CV8LAAAAAAAAAAAAeFjsSkX8U6T48z/dl/bnZZv5/O/0hly1RZ//e7pn2fS6z//evxubfpEBAGCb6E9F/ESk+OPp66k7N/aW839fWZv/M7rxxL19Tv+D7Xn+n+hc/xPM/y+3mVIR/5fn9Q7dZl7vj0eKX/upfbku7S7rRrrDbf8ceG1+bv+xmZn50/Xl+tRMoza+UD/dKNfdGyn+9d8+n9ettOf5dudHd+YGr80J/p1I8XMfdGs7c4K7cymfXKs9WNbujxTff399bXfe1VNrtYfK2t+MFGP/ffPa3Wu1h8vaf4wU//lurVu7q6ztvp97eq32wOn5mY+8ZQMAAAAAAAAAAAAAAAAAAGDr9aciUqS48jOXVufGr7/+V/c6AOuv/7XR/fr+/+q92U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeCikKOK/IsV7Y610rSjvdwycaM6dOz8xOnbz1QZTpKhE0a4v/wwcPHT4yIsvvTzczY9f/177XLw+fupY7fj87MJiY2mpMV2bmGuenp9ubPoZ7nb9jfa2X4Da7Jvnps+cWaodOnB43cPnqzd2Pra7enT42X3Pd2snRsfGxntq+vrveOsfke7dU/EpsiOK+KtI8a3930n/XERU4u574TbHjvttMPrK/mvvxMToWHtHZpr1ueXywVTJVX0R1Z6VRro98gB68a6MRFyIiEo54L3l7o0v1BfrUzON2sn64nJzuTk/lyqd0Zb7U41KDKeIhYhoFVs9eLab/ijiSqS48WEr/UsRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTxZKR4d3Io3i86fdVum+sRXyzzlYi3yryS4mK+n8oDxHDEd/0+gYdaXxRxMlLMp1a6XuTeb59Xnvhq7StzZ+Z7arvnlQ/9+4MHybkJ29hAFPFB+4y/lT7w+xwAAAAAAAAAAAAAtrkiXo0Ul2f3pPb80NU5pc25s7VT9amZzsf6u5/9r+W1VlZWVqqpk7WcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhmVvP2ctZxDOUdynsw5mXMh54WcF3Neynk555WcV3Ney9nKGT4nDQAAAAAAAAAAAAAAAADAfVKJIn41Unzje620UnS+X3YyOnnNPFf4VPv/AAAA//84/iOE") r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r5, &(0x7f0000000140)='2', 0x1, 0x8000c61) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) pwritev2(r6, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0xf4240}], 0x1, 0x800001, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x40) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000001900)='./bus\x00', 0x0, 0x21002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x13, 0xf, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000098d701f500000000ff7f000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000d6000000000083000000bf0900000000000055090100000000009500000000000000b5739a7e587e72bf91000000000000b70200000000004085000000b1000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, @void, @value}, 0x90) r7 = open(&(0x7f0000000280)='./bus\x00', 0x20000, 0x74) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r7, 0x4c02, &(0x7f0000000140)) close_range(r4, 0xffffffffffffffff, 0x0) r8 = socket$unix(0x1, 0x2, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000004b15b4dee7cd023fb1ba768822188060b94ec43f6f62063cdf39ddd7cbb15a60c10a074092c68fd0d378ce2ddb620616ca73238a86d3d415d9db6d5e84c7bc77e11d858ac5b15e2777fb1123483ea64efe6b3bfffb4778f69171379d3f21857e4d7bcfab1c00000000f17edc88bca76f131cab9dc62e692bbb1527d60a2b4d39c4", @ANYRES16=r9, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r10, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c65723000000000000008000500070000000a0018"], 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x24044884) r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r11) [ 57.783417][ T5319] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 57.806287][ T5319] loop0: detected capacity change from 0 to 2048 [ 57.825468][ T5319] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 57.834442][ T5319] UDF-fs: Scanning with blocksize 512 failed [ 57.843010][ T5319] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 57.907246][ T5319] loop0: detected capacity change from 2048 to 2047 [ 57.936081][ T5319] ================================================================== [ 57.938696][ T5319] BUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 [ 57.941133][ T5319] Read of size 1 at addr ffff88804cfde000 by task syz.0.0/5319 [ 57.943718][ T5319] [ 57.944435][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 57.948107][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 57.952295][ T5319] Call Trace: [ 57.953593][ T5319] [ 57.954717][ T5319] dump_stack_lvl+0x241/0x360 [ 57.956463][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 57.958350][ T5319] ? __pfx__printk+0x10/0x10 [ 57.960201][ T5319] ? _printk+0xd5/0x120 [ 57.961825][ T5319] ? __virt_addr_valid+0x183/0x530 [ 57.963744][ T5319] ? __virt_addr_valid+0x183/0x530 [ 57.965798][ T5319] print_report+0x169/0x550 [ 57.967617][ T5319] ? __virt_addr_valid+0x183/0x530 [ 57.969597][ T5319] ? __virt_addr_valid+0x183/0x530 [ 57.971541][ T5319] ? __virt_addr_valid+0x45f/0x530 [ 57.973545][ T5319] ? __phys_addr+0xba/0x170 [ 57.975345][ T5319] ? crc_itu_t+0x1d5/0x2b0 [ 57.977077][ T5319] kasan_report+0x143/0x180 [ 57.978867][ T5319] ? crc_itu_t+0x1d5/0x2b0 [ 57.980637][ T5319] crc_itu_t+0x1d5/0x2b0 [ 57.982286][ T5319] udf_update_tag+0x70/0x6a0 [ 57.984053][ T5319] udf_write_aext+0x4d8/0x7b0 [ 57.985866][ T5319] extent_trunc+0x2f7/0x4a0 [ 57.987634][ T5319] ? __pfx_extent_trunc+0x10/0x10 [ 57.989530][ T5319] ? udf_current_aext+0x519/0xad0 [ 57.991444][ T5319] udf_truncate_extents+0x6ed/0x1310 [ 57.993454][ T5319] ? __pfx_udf_truncate_extents+0x10/0x10 [ 57.995648][ T5319] ? __pfx_lock_release+0x10/0x10 [ 57.997597][ T5319] ? do_raw_spin_lock+0x14f/0x370 [ 57.999511][ T5319] ? do_raw_spin_unlock+0x58/0x8b0 [ 58.001511][ T5319] udf_setsize+0xabb/0x1450 [ 58.003300][ T5319] ? __pfx_udf_setsize+0x10/0x10 [ 58.005163][ T5319] ? evict+0x4b8/0x9a0 [ 58.006621][ T5319] ? inode_wait_for_writeback+0x111/0x2a0 [ 58.008767][ T5319] ? __pfx_lock_release+0x10/0x10 [ 58.010971][ T5319] udf_evict_inode+0x7d/0x3e0 [ 58.012737][ T5319] ? evict+0x4df/0x9a0 [ 58.014270][ T5319] ? __pfx_udf_evict_inode+0x10/0x10 [ 58.016224][ T5319] evict+0x4e8/0x9a0 [ 58.017945][ T5319] ? __pfx_evict+0x10/0x10 [ 58.019633][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 58.021565][ T5319] ? iput+0x713/0xa50 [ 58.023379][ T5319] __dentry_kill+0x20d/0x630 [ 58.025241][ T5319] ? dput+0x37/0x2b0 [ 58.026783][ T5319] dput+0x19f/0x2b0 [ 58.028278][ T5319] __fput+0x5ba/0xa50 [ 58.029860][ T5319] task_work_run+0x24f/0x310 [ 58.031659][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 58.033552][ T5319] ? __pfx_task_work_run+0x10/0x10 [ 58.035552][ T5319] ? syscall_exit_to_user_mode+0xa3/0x340 [ 58.037762][ T5319] syscall_exit_to_user_mode+0x13f/0x340 [ 58.039848][ T5319] do_syscall_64+0x100/0x230 [ 58.041645][ T5319] ? clear_bhb_loop+0x35/0x90 [ 58.043572][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.045665][ T5319] RIP: 0033:0x7f530ff7ff19 [ 58.047338][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.054362][ T5319] RSP: 002b:00007f5310e64058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 58.057461][ T5319] RAX: 0000000000000000 RBX: 00007f5310145fa0 RCX: 00007f530ff7ff19 [ 58.060447][ T5319] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000005 [ 58.063381][ T5319] RBP: 00007f530fff3986 R08: 0000000000000000 R09: 0000000000000000 [ 58.066345][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.069333][ T5319] R13: 0000000000000000 R14: 00007f5310145fa0 R15: 00007ffe89d682a8 [ 58.072329][ T5319] [ 58.073523][ T5319] [ 58.074448][ T5319] The buggy address belongs to the physical page: [ 58.076840][ T5319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x18 pfn:0x4cfde [ 58.079991][ T5319] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 58.082644][ T5319] raw: 04fff00000000000 ffffea000133f7c8 ffffea000133b4c8 0000000000000000 [ 58.085751][ T5319] raw: 0000000000000018 0000000000000000 00000000ffffffff 0000000000000000 [ 58.088979][ T5319] page dumped because: kasan: bad access detected [ 58.091483][ T5319] page_owner tracks the page as freed [ 58.093877][ T5319] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5319, tgid 5318 (syz.0.0), ts 57840574331, free_ts 57886401089 [ 58.101198][ T5319] post_alloc_hook+0x1f3/0x230 [ 58.103041][ T5319] get_page_from_freelist+0x365c/0x37a0 [ 58.105107][ T5319] __alloc_pages_noprof+0x292/0x710 [ 58.107435][ T5319] alloc_pages_mpol_noprof+0x3e8/0x680 [ 58.109549][ T5319] folio_alloc_noprof+0x128/0x180 [ 58.111542][ T5319] filemap_alloc_folio_noprof+0xdf/0x500 [ 58.113744][ T5319] __filemap_get_folio+0x446/0xbd0 [ 58.115897][ T5319] bdev_getblk+0x1d8/0x550 [ 58.117634][ T5319] __bread_gfp+0x86/0x400 [ 58.119363][ T5319] udf_read_tagged+0xa6/0xe00 [ 58.121304][ T5319] udf_process_sequence+0x282/0x4ed0 [ 58.123321][ T5319] udf_check_anchor_block+0x2a6/0x550 [ 58.125458][ T5319] udf_load_vrs+0x767/0x1130 [ 58.127339][ T5319] udf_fill_super+0x5eb/0x1ed0 [ 58.129213][ T5319] get_tree_bdev_flags+0x48c/0x5c0 [ 58.131184][ T5319] vfs_get_tree+0x90/0x2b0 [ 58.132885][ T5319] page last free pid 5319 tgid 5318 stack trace: [ 58.135356][ T5319] free_unref_folios+0xf62/0x1a90 [ 58.137305][ T5319] folios_put_refs+0x76c/0x860 [ 58.139187][ T5319] mapping_try_invalidate+0x3f7/0x550 [ 58.141225][ T5319] loop_set_status+0x1ab/0x8f0 [ 58.143079][ T5319] lo_ioctl+0xcbc/0x1f50 [ 58.144702][ T5319] blkdev_ioctl+0x57d/0x6a0 [ 58.146427][ T5319] __se_sys_ioctl+0xf5/0x170 [ 58.148231][ T5319] do_syscall_64+0xf3/0x230 [ 58.149989][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.152329][ T5319] [ 58.153276][ T5319] Memory state around the buggy address: [ 58.155362][ T5319] ffff88804cfddf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.158443][ T5319] ffff88804cfddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.161511][ T5319] >ffff88804cfde000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.164473][ T5319] ^ [ 58.166011][ T5319] ffff88804cfde080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.169014][ T5319] ffff88804cfde100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.172042][ T5319] ================================================================== [ 58.177499][ T4663] Bluetooth: hci0: command tx timeout [ 58.183582][ T5320] cover enable write trace failed, mode=0 [ 58.183610][ T5320] (errno 9) [ 58.189645][ T5319] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.192377][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 58.196300][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.200587][ T5319] Call Trace: [ 58.201916][ T5319] [ 58.203146][ T5319] dump_stack_lvl+0x241/0x360 [ 58.204992][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.207014][ T5319] ? __pfx__printk+0x10/0x10 [ 58.208800][ T5319] ? preempt_schedule+0xe1/0xf0 [ 58.210729][ T5319] ? vscnprintf+0x5d/0x90 [ 58.212412][ T5319] panic+0x349/0x880 [ 58.213969][ T5319] ? check_panic_on_warn+0x21/0xb0 [ 58.215898][ T5319] ? __pfx_panic+0x10/0x10 [ 58.217664][ T5319] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 58.220041][ T5319] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 58.222367][ T5319] ? print_report+0x502/0x550 [ 58.224031][ T5319] check_panic_on_warn+0x86/0xb0 [ 58.225790][ T5319] ? crc_itu_t+0x1d5/0x2b0 [ 58.227429][ T5319] end_report+0x77/0x160 [ 58.228929][ T5319] kasan_report+0x154/0x180 [ 58.230536][ T5319] ? crc_itu_t+0x1d5/0x2b0 [ 58.232028][ T5319] crc_itu_t+0x1d5/0x2b0 [ 58.233455][ T5319] udf_update_tag+0x70/0x6a0 [ 58.235061][ T5319] udf_write_aext+0x4d8/0x7b0 [ 58.236718][ T5319] extent_trunc+0x2f7/0x4a0 [ 58.238401][ T5319] ? __pfx_extent_trunc+0x10/0x10 [ 58.240212][ T5319] ? udf_current_aext+0x519/0xad0 [ 58.242075][ T5319] udf_truncate_extents+0x6ed/0x1310 [ 58.243994][ T5319] ? __pfx_udf_truncate_extents+0x10/0x10 [ 58.246020][ T5319] ? __pfx_lock_release+0x10/0x10 [ 58.247897][ T5319] ? do_raw_spin_lock+0x14f/0x370 [ 58.249764][ T5319] ? do_raw_spin_unlock+0x58/0x8b0 [ 58.251803][ T5319] udf_setsize+0xabb/0x1450 [ 58.253485][ T5319] ? __pfx_udf_setsize+0x10/0x10 [ 58.255450][ T5319] ? evict+0x4b8/0x9a0 [ 58.256957][ T5319] ? inode_wait_for_writeback+0x111/0x2a0 [ 58.259170][ T5319] ? __pfx_lock_release+0x10/0x10 [ 58.261056][ T5319] udf_evict_inode+0x7d/0x3e0 [ 58.262823][ T5319] ? evict+0x4df/0x9a0 [ 58.264365][ T5319] ? __pfx_udf_evict_inode+0x10/0x10 [ 58.266380][ T5319] evict+0x4e8/0x9a0 [ 58.267904][ T5319] ? __pfx_evict+0x10/0x10 [ 58.269584][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 58.271508][ T5319] ? iput+0x713/0xa50 [ 58.272972][ T5319] __dentry_kill+0x20d/0x630 [ 58.274691][ T5319] ? dput+0x37/0x2b0 [ 58.276176][ T5319] dput+0x19f/0x2b0 [ 58.277639][ T5319] __fput+0x5ba/0xa50 [ 58.279171][ T5319] task_work_run+0x24f/0x310 [ 58.280929][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 58.282802][ T5319] ? __pfx_task_work_run+0x10/0x10 [ 58.284745][ T5319] ? syscall_exit_to_user_mode+0xa3/0x340 [ 58.286949][ T5319] syscall_exit_to_user_mode+0x13f/0x340 [ 58.289099][ T5319] do_syscall_64+0x100/0x230 [ 58.290942][ T5319] ? clear_bhb_loop+0x35/0x90 [ 58.292758][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.295017][ T5319] RIP: 0033:0x7f530ff7ff19 [ 58.296733][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.304197][ T5319] RSP: 002b:00007f5310e64058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 58.307398][ T5319] RAX: 0000000000000000 RBX: 00007f5310145fa0 RCX: 00007f530ff7ff19 [ 58.310455][ T5319] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000005 [ 58.313416][ T5319] RBP: 00007f530fff3986 R08: 0000000000000000 R09: 0000000000000000 [ 58.316417][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.319511][ T5319] R13: 0000000000000000 R14: 00007f5310145fa0 R15: 00007ffe89d682a8 [ 58.322610][ T5319] [ 58.324084][ T5319] Kernel Offset: disabled [ 58.325760][ T5319] Rebooting in 86400 seconds..