program: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0xcf, &(0x7f0000000080), 0x4) (async) setsockopt$inet6_int(r0, 0x29, 0xcf, &(0x7f0000000080), 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x10001, 0x7fff, 0x2, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (async) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r4, 0x4068aea3, &(0x7f0000000100)={0xbe, 0x0, 0x1}) (async) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r4, 0x4068aea3, &(0x7f0000000100)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x4b564d05, 0x0, 0x1}]}) (async) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x4b564d05, 0x0, 0x1}]}) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000001780), 0x8, r1}, 0x38) r5 = socket$inet6(0xa, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc8001}, 0x0) sendmsg$IPSET_CMD_SAVE(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4084) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) (async) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) socket$key(0xf, 0x3, 0x2) (async) r7 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r1, 0xffffffffffffffff}, 0x4) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={&(0x7f0000000300)="38fb57206d1f3967cc81df9bdbfae5daebd69afc977d4db154ad4e4203ff21447b8e1a1f4dc92986660703910445475129203b7709c48249f7fe3a420377c5c5539b802569149a0de22236614bfd145c1f942685bf7f02285be6e9b6d15fe02f79bab99516768bf74bc38501fa", &(0x7f00000003c0)=""/67, &(0x7f0000000740)="76fa9709e099dbe79168b790cc2710370067482a63614562dd733717d5fd8a2b846a8b238275a5af3cf6b69ab896ec5768bf59f39e3ebda0bf09a8dba6b2487bda20f71195c3d53018343387fa8539d07054481d28ceb2462f9889de293750ecdbdea27ec4a0d30f6a455c71cd8d77a66f4d2d5c35cd3f1eb09b3625c91c88a64b12b39d68fa4597a7c855e94b12e1c4de5351eb437c85953f0c30cd320c", &(0x7f0000000800)="666388d218668638929fee66c1661ad5c465f8b2a1da0166ddc74e67361b4f3bdb47cc4eaaee2085553ab0ec93da686aa365028ac89f0f5948255693ccd8dcafe07b928d00e9088f486f5525d2d19874aa1001d0fdf3bea31f0470badfa35cfebaa9c3b25b5505118fcc0cfa7001c0fe2f686c21a961ca845ed596dd5623697c778632ab1b22717425dcdc62a1bafb880800df5e27d1bca0c23fcd9c7de32c976b95d23856e67a69c674834da2bbbbf30b534a46815a7bb4ac8b8e1708ce797dbb51b022e124625d3890273434a5040229d5e21135843f7a3dd45cb2b9", 0xac, r8}, 0x38) r9 = socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB="009917593d44d685cf8176521846a9e90205b4b89c0ed49b3e1201fa4a79b0b9651316a89d7e4038e94e54fdffa25c529d1cb4e43bf7e12bd2a555681300b85d6621470c304d6ba5731161f3f1da1193a85525e8c9a5a95798070ca48fa7edcf62e37626480f673141bee1ea2522f8b61aac12f984c1216683ae80e6146169cfb7aa7c50dd4c52259faaee2fedc1077bda4c3e65d7005d0ab71db65617abeb3c51b056d955f1285ed9d26d7c910bf3291f6b349ce7eee33a31a484c31993effe39fcfa55e722a20bf90b2f43ffbfd19afaeb1d6e9683ce09f4c8eb9591f0772a12"], 0x1, 0xc3c, &(0x7f0000000d00)="$eJzs3V1sXGdaB/DnnWMndsqyU9qmXbpIsxSxaZoE56OtUVrkbIy1K0VtVMcLNyCP40kY1V+1nVVawSpIwA0Igoq0Ai7IDRIXXOQGCa0QirhZJECKQJUWgUSgabQSAmYFCysqYXRm3rHHbtK4+bLT/H5t/J8585w575n2OT4TzXsmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIL/30saGDaatHAQA8SK+NvzF02O9/AHiknPL+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA20tRxFuR4r2xVpps3+8YONGcO3d+YnTs5qsNpkhRiaJdX/4ZOHjo8JEXX3p5uJsfv/699rl4ffzUsdrx+dmFxcbSUmO6NjHXPD0/3dj0M9zt+hvtbb8Atdk3z02fObNUO3Tg8LqHz1dv7Hxsd/Xo8LP7nu/WToyOjY331PT13/HWPyLdu6fiU2RHFPHlSPGt/d9J9YioxN33wm2OHffbYPSV/dfeiYnRsfaOzDTrc8vlg6mSq/oiqj0rjXR75AH04l0ZibhQ/ncqB7y33L3xhfpifWqmUTtZX1xuLjfn51KlM9pyf6pRieEUsRARrWKrB8920x9FvBopbnzYSlMRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTx25Hi3cmhOJ37qt021yO+WOYrEW+VeSXFxXw/lQeI4Yjv+n0CD7W+KOJvIsV8aqXpbu+3zytPfLX2lbkz8z213fPKh/79wYPk3IRtbCCKmGqf8bfSnf9lFwAAAAAAAAAAAADwYBTxzUhxeXZPWojeOaXNubO1U/Wpmc6ngruf/a/ltVZWVlaqqZO1nEM5R3KezDmZcyHnhZwXc17KeTnnlZxXc17L2coZlbz9nLWcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhnmPQEAAAAAAAAAAAAAAAAAAHCPDUYRvxEp/v33v9b+Xulofy/9Z48OHz/xmd7vjH/mNs9T1h6IiG/G5r6Td0f+rvFUKf+59/sF3N5AFPH1/P1/v7zVgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALaFShTxK5HiG99rpUgRMRIxGZ28Vmz16AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0s5UxKuR4md/d2R1WV9EpPa/HXvKH0dipMj5RJmvxMjBdlZGjpU5EHFgC8YP3Lmlt995sz4z01h0ww033Fi9sdVHJgAAAAAAAAAAAAAAAAB4hKUi/j5S/OTvtVI1Is5Xb+x8bHf16PCz+54vomhfBCD11r8+fupY7fj87MJiY2mpMV2bmGuenp9ubHZzAyeac+fOT4yO3Zedua3B+zz+wYHj8wtvLzbP/sLyTR/fNXBsaml5sX765g/HYPRFDPUu2dse8MToWHvQM836XHvVVLnFAPsiapvdGR55u1IR/xsp3tv/7Xg8L8vX/+jv3Fvr/j/8xbV7P9y3Plf/d2wfPz57dPj4ruc2czttdqB7241XNsLYeM/ivjzKH+pZVs3j2vRzwyOq7P8XIsXP/1GRuj2U+/8HOveK1dr/+fpaTx3dkKu2qP+f6Fl2NB+1+vsiBpZnF/qfjhhYevud/c3Z+tnG2cbckUMvvzR85OUXj7zUvyNi4ExzpjG0dmvTrx0AAAAAAAAAAAAAAAAA3C/9qYgvRYpf+ru/XJ03nuf/faZzb23+X+/83z0bnqf3ugG3un3TuX63mdfXq9xmSkU8FSme/bNn2uNNscucd7hDu1IR3y/7afrL6Qt5We7/PLP/5v1/YUOu2qL5v4/3LLuQjxP/ESke/4Nn4gs9x4mNs3vLur+IFFM/8vlcFzvKuu7zdeZEdyYGl7VfixTvn1xf2503/cRa7cHN7hZspbL/ZyPFP/zW38aP5mXrr/9x8/7ftSFXbVH/P9m7TxGx9PY7b9ZnZhqLS5t+KeCRU/b/r0eKv/6Tb8dzednHXf+ne52fPc+tz8Fu0Rb1/1M9y6p5XD/2CV8LAAAAAAAAAAAAeFjsSkX8U6T48z/dl/bnZZv5/O/0hly1RZ//e7pn2fS6z//evxubfpEBAGCb6E9F/ESk+OPp66k7N/aW839fWZv/M7rxxL19Tv+D7Xn+n+hc/xPM/y+3mVIR/5fn9Q7dZl7vj0eKX/upfbku7S7rRrrDbf8ceG1+bv+xmZn50/Xl+tRMoza+UD/dKNfdGyn+9d8+n9ettOf5dudHd+YGr80J/p1I8XMfdGs7c4K7cymfXKs9WNbujxTff399bXfe1VNrtYfK2t+MFGP/ffPa3Wu1h8vaf4wU//lurVu7q6ztvp97eq32wOn5mY+8ZQMAAAAAAAAAAAAAAAAAAGDr9aciUqS48jOXVufGr7/+V/c6AOuv/7XR/fr+/+q92U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeCikKOK/IsV7Y610rSjvdwycaM6dOz8xOnbz1QZTpKhE0a4v/wwcPHT4yIsvvTzczY9f/177XLw+fupY7fj87MJiY2mpMV2bmGuenp9ubPoZ7nb9jfa2X4Da7Jvnps+cWaodOnB43cPnqzd2Pra7enT42X3Pd2snRsfGxntq+vrveOsfke7dU/EpsiOK+KtI8a3930n/XERU4u574TbHjvttMPrK/mvvxMToWHtHZpr1ueXywVTJVX0R1Z6VRro98gB68a6MRFyIiEo54L3l7o0v1BfrUzON2sn64nJzuTk/lyqd0Zb7U41KDKeIhYhoFVs9eLab/ijiSqS48WEr/UsRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTxZKR4d3Io3i86fdVum+sRXyzzlYi3yryS4mK+n8oDxHDEd/0+gYdaXxRxMlLMp1a6XuTeb59Xnvhq7StzZ+Z7arvnlQ/9+4MHybkJ29hAFPFB+4y/lT7w+xwAAAAAAAAAAAAAtrkiXo0Ul2f3pPb80NU5pc25s7VT9amZzsf6u5/9r+W1VlZWVqqpk7WcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhmVvP2ctZxDOUdynsw5mXMh54WcF3Neynk555WcV3Ney9nKGT4nDQAAAAAAAAAAAAAAAADAfVKJIn41Unzje620UnS+X3YyOnnNPFf4VPv/AAAA//84/iOE") r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r10, &(0x7f0000000140)='2', 0x1, 0x8000c61) (async) pwrite64(r10, &(0x7f0000000140)='2', 0x1, 0x8000c61) r11 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) pwritev2(r11, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0xf4240}], 0x1, 0x800001, 0x0, 0x0) (async) pwritev2(r11, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0xf4240}], 0x1, 0x800001, 0x0, 0x0) r12 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) ioctl$LOOP_SET_STATUS(r12, 0x4c02, &(0x7f0000000680)={0x0, {}, 0x0, {}, 0x2, 0x1, 0x12, 0x1d, "9e959f16b6787b08aa26e66c4056a51695284854c382ec6bcfeef4fb0efcc1d8a6078ed98e203fd5f06439ffffffffac274de9d940bba5e51e92bbd4ce85450d", "f625c1074e4c36c815e0fb7e904d864d2f0800000000000000be5a0800", [0xcbd0, 0x7]}) (async) ioctl$LOOP_SET_STATUS(r12, 0x4c02, &(0x7f0000000680)={0x0, {}, 0x0, {}, 0x2, 0x1, 0x12, 0x1d, "9e959f16b6787b08aa26e66c4056a51695284854c382ec6bcfeef4fb0efcc1d8a6078ed98e203fd5f06439ffffffffac274de9d940bba5e51e92bbd4ce85450d", "f625c1074e4c36c815e0fb7e904d864d2f0800000000000000be5a0800", [0xcbd0, 0x7]}) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) close_range(r9, 0xffffffffffffffff, 0x0) sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) [ 80.064009][ T4663] Bluetooth: hci0: command tx timeout [ 80.068995][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 80.072469][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 80.225586][ T5319] loop0: detected capacity change from 0 to 2048 [ 80.252085][ T5319] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 80.255735][ T5319] UDF-fs: Scanning with blocksize 512 failed [ 80.273887][ T5319] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 80.350013][ T5320] loop0: detected capacity change from 2048 to 2047 [ 80.408594][ T5322] ================================================================== [ 80.412273][ T5322] BUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 [ 80.415405][ T5322] Read of size 1 at addr ffff888053481000 by task syz.0.0/5322 [ 80.418425][ T5322] [ 80.419456][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller #0 [ 80.419470][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.419478][ T5322] Call Trace: [ 80.419487][ T5322] [ 80.419493][ T5322] dump_stack_lvl+0x241/0x360 [ 80.419514][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.419525][ T5322] ? __pfx__printk+0x10/0x10 [ 80.419536][ T5322] ? _printk+0xd5/0x120 [ 80.419545][ T5322] ? __virt_addr_valid+0x183/0x530 [ 80.419557][ T5322] ? __virt_addr_valid+0x183/0x530 [ 80.419566][ T5322] print_report+0x16e/0x5b0 [ 80.419578][ T5322] ? __virt_addr_valid+0x183/0x530 [ 80.419586][ T5322] ? __virt_addr_valid+0x183/0x530 [ 80.419594][ T5322] ? __virt_addr_valid+0x45f/0x530 [ 80.419602][ T5322] ? __phys_addr+0xba/0x170 [ 80.419625][ T5322] ? crc_itu_t+0x1d5/0x2b0 [ 80.419640][ T5322] kasan_report+0x143/0x180 [ 80.419653][ T5322] ? crc_itu_t+0x1d5/0x2b0 [ 80.419666][ T5322] crc_itu_t+0x1d5/0x2b0 [ 80.419681][ T5322] udf_update_tag+0x70/0x6a0 [ 80.419696][ T5322] udf_write_aext+0x4d8/0x7b0 [ 80.419714][ T5322] extent_trunc+0x2f7/0x4a0 [ 80.419727][ T5322] ? __pfx_extent_trunc+0x10/0x10 [ 80.419738][ T5322] ? udf_current_aext+0x519/0xad0 [ 80.419752][ T5322] udf_truncate_extents+0x6ed/0x1310 [ 80.419767][ T5322] ? __pfx_udf_truncate_extents+0x10/0x10 [ 80.419780][ T5322] ? __pfx_lock_release+0x10/0x10 [ 80.419794][ T5322] ? do_raw_spin_lock+0x14f/0x370 [ 80.419805][ T5322] ? do_raw_spin_unlock+0x58/0x8b0 [ 80.419818][ T5322] udf_setsize+0xaeb/0x1490 [ 80.419833][ T5322] ? __pfx_udf_setsize+0x10/0x10 [ 80.419848][ T5322] ? evict+0x4b8/0x9a0 [ 80.419858][ T5322] ? inode_wait_for_writeback+0x111/0x2a0 [ 80.419872][ T5322] ? __pfx_lock_release+0x10/0x10 [ 80.419886][ T5322] udf_evict_inode+0x7d/0x3e0 [ 80.419900][ T5322] ? evict+0x4df/0x9a0 [ 80.419908][ T5322] ? __pfx_udf_evict_inode+0x10/0x10 [ 80.419920][ T5322] evict+0x4e8/0x9a0 [ 80.419932][ T5322] ? __pfx_evict+0x10/0x10 [ 80.419941][ T5322] ? iput+0x713/0xa50 [ 80.419956][ T5322] __dentry_kill+0x20d/0x630 [ 80.419970][ T5322] ? dput+0x37/0x2b0 [ 80.419980][ T5322] dput+0x19f/0x2b0 [ 80.419991][ T5322] __fput+0x60b/0x9f0 [ 80.420008][ T5322] task_work_run+0x24f/0x310 [ 80.420019][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 80.420083][ T5322] ? __pfx_task_work_run+0x10/0x10 [ 80.420094][ T5322] ? syscall_exit_to_user_mode+0xa3/0x340 [ 80.420107][ T5322] syscall_exit_to_user_mode+0x13f/0x340 [ 80.420119][ T5322] do_syscall_64+0x100/0x230 [ 80.420133][ T5322] ? clear_bhb_loop+0x35/0x90 [ 80.420151][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.420165][ T5322] RIP: 0033:0x7f010c18d169 [ 80.420179][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.420188][ T5322] RSP: 002b:00007f010cf0b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 80.420200][ T5322] RAX: 0000000000000000 RBX: 00007f010c3a6160 RCX: 00007f010c18d169 [ 80.420207][ T5322] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 000000000000000d [ 80.420213][ T5322] RBP: 00007f010c20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 80.420219][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 80.420226][ T5322] R13: 0000000000000000 R14: 00007f010c3a6160 R15: 00007ffcbc45b498 [ 80.420237][ T5322] [ 80.420241][ T5322] [ 80.565533][ T5322] The buggy address belongs to the physical page: [ 80.568885][ T5322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x53481 [ 80.572917][ T5322] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 80.575595][ T5322] page_type: f0(buddy) [ 80.577109][ T5322] raw: 04fff00000000000 ffffea00014d1dc8 ffff88805ffd6e10 0000000000000000 [ 80.580363][ T5322] raw: 0000000000000000 0000000000000000 00000000f0000000 0000000000000000 [ 80.583534][ T5322] page dumped because: kasan: bad access detected [ 80.586028][ T5322] page_owner tracks the page as freed [ 80.588200][ T5322] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5319, tgid 5318 (syz.0.0), ts 80284322672, free_ts 80387466061 [ 80.595439][ T5322] post_alloc_hook+0x1f4/0x240 [ 80.597448][ T5322] get_page_from_freelist+0x365c/0x37a0 [ 80.599610][ T5322] __alloc_frozen_pages_noprof+0x292/0x710 [ 80.601942][ T5322] alloc_pages_mpol+0x311/0x660 [ 80.603857][ T5322] alloc_pages_noprof+0x121/0x190 [ 80.606163][ T5322] folio_alloc_noprof+0x1e/0x30 [ 80.608764][ T5322] filemap_alloc_folio_noprof+0xe1/0x540 [ 80.611702][ T5322] filemap_get_pages+0x958/0x1fb0 [ 80.613974][ T5322] filemap_read+0x464/0x1260 [ 80.616536][ T5322] __kernel_read+0x52e/0xa00 [ 80.618602][ T5322] integrity_kernel_read+0xb0/0x100 [ 80.621128][ T5322] ima_calc_file_hash+0xae6/0x1b30 [ 80.623495][ T5322] ima_collect_measurement+0x529/0xb20 [ 80.625975][ T5322] process_measurement+0x1351/0x1fb0 [ 80.628397][ T5322] ima_file_check+0xd9/0x120 [ 80.630778][ T5322] security_file_post_open+0xb9/0x280 [ 80.632972][ T5322] page last free pid 5322 tgid 5318 stack trace: [ 80.635318][ T5322] free_unref_folios+0xe40/0x18b0 [ 80.637198][ T5322] folios_put_refs+0x76c/0x860 [ 80.638978][ T5322] truncate_inode_pages_range+0x460/0x10e0 [ 80.641125][ T5322] truncate_setsize+0xcf/0xf0 [ 80.643052][ T5322] udf_setsize+0x6ba/0x1490 [ 80.645029][ T5322] udf_evict_inode+0x7d/0x3e0 [ 80.647246][ T5322] evict+0x4e8/0x9a0 [ 80.649061][ T5322] __dentry_kill+0x20d/0x630 [ 80.651036][ T5322] dput+0x19f/0x2b0 [ 80.652574][ T5322] __fput+0x60b/0x9f0 [ 80.654037][ T5322] task_work_run+0x24f/0x310 [ 80.655841][ T5322] syscall_exit_to_user_mode+0x13f/0x340 [ 80.658057][ T5322] do_syscall_64+0x100/0x230 [ 80.660141][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.662664][ T5322] [ 80.663794][ T5322] Memory state around the buggy address: [ 80.666270][ T5322] ffff888053480f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 80.669364][ T5322] ffff888053480f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 80.672477][ T5322] >ffff888053481000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.675590][ T5322] ^ [ 80.677187][ T5322] ffff888053481080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.681014][ T5322] ffff888053481100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.684363][ T5322] ================================================================== [ 80.699705][ T5322] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 80.702766][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller #0 [ 80.706922][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.711492][ T5322] Call Trace: [ 80.712858][ T5322] [ 80.714037][ T5322] dump_stack_lvl+0x241/0x360 [ 80.715837][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.718157][ T5322] ? __pfx__printk+0x10/0x10 [ 80.719968][ T5322] ? preempt_schedule+0xe1/0xf0 [ 80.721722][ T5322] ? vscnprintf+0x5d/0x90 [ 80.723402][ T5322] panic+0x349/0x880 [ 80.724937][ T5322] ? check_panic_on_warn+0x21/0xb0 [ 80.726995][ T5322] ? __pfx_panic+0x10/0x10 [ 80.728713][ T5322] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 80.731227][ T5322] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 80.733580][ T5322] ? print_report+0x519/0x5b0 [ 80.735628][ T5322] check_panic_on_warn+0x86/0xb0 [ 80.738127][ T5322] ? crc_itu_t+0x1d5/0x2b0 [ 80.740664][ T5322] end_report+0x77/0x160 [ 80.742485][ T5322] kasan_report+0x154/0x180 [ 80.744249][ T5322] ? crc_itu_t+0x1d5/0x2b0 [ 80.745961][ T5322] crc_itu_t+0x1d5/0x2b0 [ 80.747682][ T5322] udf_update_tag+0x70/0x6a0 [ 80.749736][ T5322] udf_write_aext+0x4d8/0x7b0 [ 80.752039][ T5322] extent_trunc+0x2f7/0x4a0 [ 80.754131][ T5322] ? __pfx_extent_trunc+0x10/0x10 [ 80.756065][ T5322] ? udf_current_aext+0x519/0xad0 [ 80.758176][ T5322] udf_truncate_extents+0x6ed/0x1310 [ 80.760343][ T5322] ? __pfx_udf_truncate_extents+0x10/0x10 [ 80.762567][ T5322] ? __pfx_lock_release+0x10/0x10 [ 80.764565][ T5322] ? do_raw_spin_lock+0x14f/0x370 [ 80.766531][ T5322] ? do_raw_spin_unlock+0x58/0x8b0 [ 80.769115][ T5322] udf_setsize+0xaeb/0x1490 [ 80.771438][ T5322] ? __pfx_udf_setsize+0x10/0x10 [ 80.773610][ T5322] ? evict+0x4b8/0x9a0 [ 80.775225][ T5322] ? inode_wait_for_writeback+0x111/0x2a0 [ 80.777471][ T5322] ? __pfx_lock_release+0x10/0x10 [ 80.779401][ T5322] udf_evict_inode+0x7d/0x3e0 [ 80.781251][ T5322] ? evict+0x4df/0x9a0 [ 80.782794][ T5322] ? __pfx_udf_evict_inode+0x10/0x10 [ 80.785305][ T5322] evict+0x4e8/0x9a0 [ 80.787617][ T5322] ? __pfx_evict+0x10/0x10 [ 80.789666][ T5322] ? iput+0x713/0xa50 [ 80.791436][ T5322] __dentry_kill+0x20d/0x630 [ 80.793312][ T5322] ? dput+0x37/0x2b0 [ 80.794761][ T5322] dput+0x19f/0x2b0 [ 80.796219][ T5322] __fput+0x60b/0x9f0 [ 80.797784][ T5322] task_work_run+0x24f/0x310 [ 80.799554][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 80.801494][ T5322] ? __pfx_task_work_run+0x10/0x10 [ 80.803541][ T5322] ? syscall_exit_to_user_mode+0xa3/0x340 [ 80.805858][ T5322] syscall_exit_to_user_mode+0x13f/0x340 [ 80.808519][ T5322] do_syscall_64+0x100/0x230 [ 80.811212][ T5322] ? clear_bhb_loop+0x35/0x90 [ 80.813424][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.815727][ T5322] RIP: 0033:0x7f010c18d169 [ 80.817444][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.824603][ T5322] RSP: 002b:00007f010cf0b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 80.827785][ T5322] RAX: 0000000000000000 RBX: 00007f010c3a6160 RCX: 00007f010c18d169 [ 80.831504][ T5322] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 000000000000000d [ 80.835191][ T5322] RBP: 00007f010c20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 80.838309][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 80.841361][ T5322] R13: 0000000000000000 R14: 00007f010c3a6160 R15: 00007ffcbc45b498 [ 80.844442][ T5322] [ 80.845925][ T5322] Kernel Offset: disabled [ 80.847660][ T5322] Rebooting in 86400 seconds..