program:
syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000002c0)={[{@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@partition={'partition', 0x3d, 0x6}}, {@gid_forget}, {@session={'session', 0x3d, 0xfe8}}, {@noadinicb}, {@anchor}, {@uid_forget}]}, 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk")
r0 = syz_usbip_server_init(0x4)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x184601, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r1, 0x7a4, &(0x7f00000003c0)={{@hyper, 0x8}, 0x56, 0xfffffffffffffffc, 0x7, 0x401})
syz_usb_connect(0x1, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c00712152230000000010902"], 0x0)
write$usbip_server(r0, &(0x7f0000001540)=ANY=[@ANYBLOB="000000030000000100000000000000010000000400000fff00000040"], 0x30)
r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r2, 0x2007ffc)
sendfile(r2, r2, 0x0, 0x800000009)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r4 = open(&(0x7f0000000080)='./bus\x00', 0x107382, 0x1d0)
ftruncate(r4, 0x2007ffb)
sendfile(r3, r4, 0x0, 0x1000000201005)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c)
listen(r5, 0x0)
r6 = io_uring_setup(0x6b3, &(0x7f0000000000)={0x0, 0xf324, 0x100, 0xfffffefe, 0xb9})
io_uring_register$IORING_UNREGISTER_PBUF_RING(r6, 0x17, 0x0, 0x1)
syz_open_dev$loop(&(0x7f0000000400), 0x200, 0x101680)
syz_emit_ethernet(0x5e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200400000280600fe880000000000000000000000000001fe8000000000000000aa4e240000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a0000000907800001312d4c466b340e28b05c93a0725282307180000"], 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="1201500200000040"], 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r7, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
truncate(&(0x7f00000013c0)='./file1\x00', 0x0)

[   77.523124][ T5298] Bluetooth: hci0: command tx timeout
[   77.527034][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   77.529960][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   77.659584][ T5319] loop0: detected capacity change from 0 to 2048
[   77.682294][ T5319] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=2362, location=2362
[   77.712431][ T5319] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   77.724896][ T5319] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[   77.742663][ T5319] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   77.772396][ T5319] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[   77.775415][ T5319] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   77.798861][ T5319] vhci_hcd vhci_hcd.0: Device attached
[   77.981745][    T9] vhci_hcd: vhci_device speed not set
[   78.050717][    T9] usb 6-1: new full-speed USB device number 2 using vhci_hcd
[   78.062014][   T10] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[   78.214389][   T10] usb 5-1: config 0 has no interfaces?
[   78.216814][   T10] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   78.221127][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.229485][   T10] usb 5-1: config 0 descriptor??
[   78.449213][   T25] audit: type=1800 audit(1761011506.314:2): pid=5319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1346 res=0 errno=0
[   78.605451][ T5325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   78.615951][ T5325] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   78.703739][ T5320] loop0: detected capacity change from 2048 to 64
[   78.707370][ T5319] syz.0.0: attempt to access beyond end of device
[   78.707370][ T5319] loop0: rw=2049, sector=1346, nr_sectors = 1 limit=64
[   78.728432][ T5319] Buffer I/O error on dev loop0, logical block 1346, lost sync page write
[   78.741609][ T5319] UDF-fs: warning (device loop0): udf_update_inode: IO error syncing udf inode [00000542]
[   78.755037][ T5320] ==================================================================
[   78.758943][ T5320] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x69d/0x7b0
[   78.763341][ T5320] Write of size 4 at addr ffff8880433a15d8 by task syz.0.0/5320
[   78.767117][ T5320] 
[   78.768208][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   78.768224][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.768230][ T5320] Call Trace:
[   78.768237][ T5320]  <TASK>
[   78.768243][ T5320]  dump_stack_lvl+0x189/0x250
[   78.768260][ T5320]  ? __virt_addr_valid+0x1c8/0x5c0
[   78.768273][ T5320]  ? rcu_is_watching+0x15/0xb0
[   78.768293][ T5320]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.768304][ T5320]  ? rcu_is_watching+0x15/0xb0
[   78.768319][ T5320]  ? lock_release+0x4b/0x3e0
[   78.768333][ T5320]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[   78.768382][ T5320]  ? __virt_addr_valid+0x1c8/0x5c0
[   78.768394][ T5320]  ? __virt_addr_valid+0x4a5/0x5c0
[   78.768406][ T5320]  print_report+0xca/0x240
[   78.768420][ T5320]  ? udf_write_aext+0x69d/0x7b0
[   78.768441][ T5320]  kasan_report+0x118/0x150
[   78.768455][ T5320]  ? udf_write_aext+0x69d/0x7b0
[   78.768470][ T5320]  udf_write_aext+0x69d/0x7b0
[   78.768485][ T5320]  __udf_add_aext+0x2b9/0x6d0
[   78.768499][ T5320]  udf_free_blocks+0x1466/0x17f0
[   78.768513][ T5320]  ? do_raw_spin_lock+0x121/0x290
[   78.768526][ T5320]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   78.768536][ T5320]  ? __pfx_udf_free_blocks+0x10/0x10
[   78.768548][ T5320]  ? rcu_is_watching+0x15/0xb0
[   78.768563][ T5320]  ? __mark_inode_dirty+0x3d2/0xe10
[   78.768578][ T5320]  ? rcu_needs_cpu+0x10/0xb0
[   78.768593][ T5320]  ? __mark_inode_dirty+0x3d2/0xe10
[   78.768608][ T5320]  extent_trunc+0x35c/0x450
[   78.768620][ T5320]  ? __pfx_extent_trunc+0x10/0x10
[   78.768632][ T5320]  udf_truncate_extents+0x5b0/0xec0
[   78.768646][ T5320]  ? __pfx_udf_truncate_extents+0x10/0x10
[   78.768661][ T5320]  ? do_raw_spin_unlock+0x4d/0x240
[   78.768673][ T5320]  udf_setsize+0x972/0x1000
[   78.768684][ T5320]  ? udf_setattr+0x385/0x5a0
[   78.768698][ T5320]  ? __pfx_udf_setsize+0x10/0x10
[   78.768709][ T5320]  ? down_write+0x162/0x1f0
[   78.768718][ T5320]  ? __pfx_down_write+0x10/0x10
[   78.768728][ T5320]  ? __pfx_current_time+0x10/0x10
[   78.768742][ T5320]  udf_setattr+0x3a1/0x5a0
[   78.768753][ T5320]  ? __pfx_udf_setattr+0x10/0x10
[   78.768764][ T5320]  notify_change+0xc1a/0xf40
[   78.768782][ T5320]  do_truncate+0x1a4/0x220
[   78.768793][ T5320]  ? __pfx_do_truncate+0x10/0x10
[   78.768802][ T5320]  ? apparmor_path_truncate+0x238/0x2d0
[   78.768819][ T5320]  vfs_truncate+0x493/0x520
[   78.768830][ T5320]  ? __pfx_vfs_truncate+0x10/0x10
[   78.768843][ T5320]  do_sys_truncate+0xdb/0x190
[   78.768853][ T5320]  ? __pfx_do_sys_truncate+0x10/0x10
[   78.768864][ T5320]  __x64_sys_truncate+0x5b/0x70
[   78.768873][ T5320]  do_syscall_64+0xfa/0xfa0
[   78.768887][ T5320]  ? lockdep_hardirqs_on+0x9c/0x150
[   78.768900][ T5320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.768911][ T5320]  ? clear_bhb_loop+0x60/0xb0
[   78.768922][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.768933][ T5320] RIP: 0033:0x7f0d5cd8efc9
[   78.768943][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.768948][ T5320] RSP: 002b:00007f0d5dc5f038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[   78.768956][ T5320] RAX: ffffffffffffffda RBX: 00007f0d5cfe6090 RCX: 00007f0d5cd8efc9
[   78.768961][ T5320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
[   78.768965][ T5320] RBP: 00007f0d5ce11f91 R08: 0000000000000000 R09: 0000000000000000
[   78.768969][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   78.768973][ T5320] R13: 00007f0d5cfe6128 R14: 00007f0d5cfe6090 R15: 00007ffd3d347878
[   78.768980][ T5320]  </TASK>
[   78.768983][ T5320] 
[   78.918472][ T5320] Allocated by task 5319:
[   78.920313][ T5320]  kasan_save_track+0x3e/0x80
[   78.922261][ T5320]  __kasan_kmalloc+0x93/0xb0
[   78.924006][ T5320]  __kmalloc_noprof+0x411/0x7f0
[   78.926027][ T5320]  __udf_iget+0xc66/0x3ae0
[   78.927903][ T5320]  udf_fill_partdesc_info+0x773/0x1320
[   78.930009][ T5320]  udf_process_sequence+0x111c/0x47e0
[   78.932262][ T5320]  udf_check_anchor_block+0x28e/0x550
[   78.934402][ T5320]  udf_load_vrs+0x96d/0xf20
[   78.936205][ T5320]  udf_fill_super+0x5ad/0x17a0
[   78.938286][ T5320]  get_tree_bdev_flags+0x40e/0x4d0
[   78.940948][ T5320]  vfs_get_tree+0x92/0x2b0
[   78.943342][ T5320]  do_new_mount+0x302/0xa10
[   78.945873][ T5320]  __se_sys_mount+0x313/0x410
[   78.948503][ T5320]  do_syscall_64+0xfa/0xfa0
[   78.951002][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.954158][ T5320] 
[   78.955277][ T5320] The buggy address belongs to the object at ffff8880433a1400
[   78.955277][ T5320]  which belongs to the cache kmalloc-512 of size 512
[   78.961289][ T5320] The buggy address is located 0 bytes to the right of
[   78.961289][ T5320]  allocated 472-byte region [ffff8880433a1400, ffff8880433a15d8)
[   78.967400][ T5320] 
[   78.968432][ T5320] The buggy address belongs to the physical page:
[   78.971103][ T5320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x433a0
[   78.975669][ T5320] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   78.979143][ T5320] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   78.982542][ T5320] page_type: f5(slab)
[   78.984188][ T5320] raw: 04fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122
[   78.987551][ T5320] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[   78.990797][ T5320] head: 04fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122
[   78.993904][ T5320] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[   78.997115][ T5320] head: 04fff00000000001 ffffea00010ce801 00000000ffffffff 00000000ffffffff
[   79.000878][ T5320] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   79.004364][ T5320] page dumped because: kasan: bad access detected
[   79.007156][ T5320] page_owner tracks the page as allocated
[   79.009617][ T5320] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5296, tgid 5296 (sh), ts 72146847167, free_ts 61885960983
[   79.017176][ T5320]  post_alloc_hook+0x240/0x2a0
[   79.019370][ T5320]  get_page_from_freelist+0x2365/0x2440
[   79.021831][ T5320]  __alloc_frozen_pages_noprof+0x181/0x370
[   79.024407][ T5320]  alloc_pages_mpol+0x232/0x4a0
[   79.026609][ T5320]  allocate_slab+0x96/0x3a0
[   79.028658][ T5320]  ___slab_alloc+0xe94/0x18a0
[   79.030734][ T5320]  __slab_alloc+0x65/0x100
[   79.032481][ T5320]  __kmalloc_noprof+0x471/0x7f0
[   79.034462][ T5320]  tomoyo_init_log+0x1a6e/0x1f70
[   79.036439][ T5320]  tomoyo_supervisor+0x340/0x1480
[   79.038517][ T5320]  tomoyo_path_permission+0x25a/0x380
[   79.040800][ T5320]  tomoyo_check_open_permission+0x24d/0x3b0
[   79.043284][ T5320]  security_file_open+0xb1/0x270
[   79.045419][ T5320]  do_dentry_open+0x384/0x13f0
[   79.047454][ T5320]  vfs_open+0x3b/0x340
[   79.049305][ T5320]  path_openat+0x2ee5/0x3830
[   79.051281][ T5320] page last free pid 5255 tgid 5255 stack trace:
[   79.053975][ T5320]  __free_frozen_pages+0xbc4/0xd30
[   79.055944][ T5320]  __put_partials+0x146/0x170
[   79.057977][ T5320]  put_cpu_partial+0x1f2/0x2e0
[   79.060015][ T5320]  __slab_free+0x2b9/0x390
[   79.061925][ T5320]  qlist_free_all+0x97/0x140
[   79.063676][ T5320]  kasan_quarantine_reduce+0x148/0x160
[   79.065858][ T5320]  __kasan_slab_alloc+0x22/0x80
[   79.067886][ T5320]  kmem_cache_alloc_noprof+0x367/0x6e0
[   79.070132][ T5320]  getname_flags+0xb8/0x540
[   79.071983][ T5320]  do_sys_openat2+0xbc/0x1c0
[   79.073869][ T5320]  __x64_sys_openat+0x138/0x170
[   79.075818][ T5320]  do_syscall_64+0xfa/0xfa0
[   79.077746][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.080064][ T5320] 
[   79.081019][ T5320] Memory state around the buggy address:
[   79.083425][ T5320]  ffff8880433a1480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   79.086856][ T5320]  ffff8880433a1500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   79.090151][ T5320] >ffff8880433a1580: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   79.093488][ T5320]                                                     ^
[   79.096269][ T5320]  ffff8880433a1600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.099553][ T5320]  ffff8880433a1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.103234][ T5320] ==================================================================
[   79.187586][ T5320] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   79.190792][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   79.194574][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   79.199145][ T5320] Call Trace:
[   79.200645][ T5320]  <TASK>
[   79.201962][ T5320]  dump_stack_lvl+0x99/0x250
[   79.203904][ T5320]  ? __asan_memcpy+0x40/0x70
[   79.206028][ T5320]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.208445][ T5320]  ? __pfx__printk+0x10/0x10
[   79.210559][ T5320]  vpanic+0x237/0x6d0
[   79.212412][ T5320]  ? __pfx_vpanic+0x10/0x10
[   79.214423][ T5320]  ? preempt_schedule+0xae/0xc0
[   79.216465][ T5320]  ? __pfx_preempt_schedule+0x10/0x10
[   79.218820][ T5320]  panic+0xb9/0xc0
[   79.220482][ T5320]  ? __pfx_panic+0x10/0x10
[   79.222384][ T5320]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   79.224876][ T5320]  ? is_module_address+0x17/0xf0
[   79.226941][ T5320]  ? udf_write_aext+0x69d/0x7b0
[   79.228914][ T5320]  check_panic_on_warn+0x89/0xb0
[   79.230955][ T5320]  ? udf_write_aext+0x69d/0x7b0
[   79.233029][ T5320]  end_report+0x78/0x160
[   79.234863][ T5320]  kasan_report+0x129/0x150
[   79.236710][ T5320]  ? udf_write_aext+0x69d/0x7b0
[   79.238727][ T5320]  udf_write_aext+0x69d/0x7b0
[   79.240567][ T5320]  __udf_add_aext+0x2b9/0x6d0
[   79.242551][ T5320]  udf_free_blocks+0x1466/0x17f0
[   79.244860][ T5320]  ? do_raw_spin_lock+0x121/0x290
[   79.247105][ T5320]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   79.249449][ T5320]  ? __pfx_udf_free_blocks+0x10/0x10
[   79.251784][ T5320]  ? rcu_is_watching+0x15/0xb0
[   79.253801][ T5320]  ? __mark_inode_dirty+0x3d2/0xe10
[   79.256243][ T5320]  ? rcu_needs_cpu+0x10/0xb0
[   79.258583][ T5320]  ? __mark_inode_dirty+0x3d2/0xe10
[   79.261346][ T5320]  extent_trunc+0x35c/0x450
[   79.263616][ T5320]  ? __pfx_extent_trunc+0x10/0x10
[   79.266594][ T5320]  udf_truncate_extents+0x5b0/0xec0
[   79.269628][ T5320]  ? __pfx_udf_truncate_extents+0x10/0x10
[   79.272747][ T5320]  ? do_raw_spin_unlock+0x4d/0x240
[   79.275572][ T5320]  udf_setsize+0x972/0x1000
[   79.277380][ T5320]  ? udf_setattr+0x385/0x5a0
[   79.279650][ T5320]  ? __pfx_udf_setsize+0x10/0x10
[   79.281689][ T5320]  ? down_write+0x162/0x1f0
[   79.283577][ T5320]  ? __pfx_down_write+0x10/0x10
[   79.285727][ T5320]  ? __pfx_current_time+0x10/0x10
[   79.287972][ T5320]  udf_setattr+0x3a1/0x5a0
[   79.289748][ T5320]  ? __pfx_udf_setattr+0x10/0x10
[   79.291866][ T5320]  notify_change+0xc1a/0xf40
[   79.293760][ T5320]  do_truncate+0x1a4/0x220
[   79.295556][ T5320]  ? __pfx_do_truncate+0x10/0x10
[   79.297565][ T5320]  ? apparmor_path_truncate+0x238/0x2d0
[   79.299798][ T5320]  vfs_truncate+0x493/0x520
[   79.301684][ T5320]  ? __pfx_vfs_truncate+0x10/0x10
[   79.303774][ T5320]  do_sys_truncate+0xdb/0x190
[   79.305780][ T5320]  ? __pfx_do_sys_truncate+0x10/0x10
[   79.308147][ T5320]  __x64_sys_truncate+0x5b/0x70
[   79.310135][ T5320]  do_syscall_64+0xfa/0xfa0
[   79.312402][ T5320]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.314969][ T5320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.317980][ T5320]  ? clear_bhb_loop+0x60/0xb0
[   79.320264][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.323135][ T5320] RIP: 0033:0x7f0d5cd8efc9
[   79.325414][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   79.334580][ T5320] RSP: 002b:00007f0d5dc5f038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[   79.338141][ T5320] RAX: ffffffffffffffda RBX: 00007f0d5cfe6090 RCX: 00007f0d5cd8efc9
[   79.341488][ T5320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
[   79.344691][ T5320] RBP: 00007f0d5ce11f91 R08: 0000000000000000 R09: 0000000000000000
[   79.347764][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   79.351165][ T5320] R13: 00007f0d5cfe6128 R14: 00007f0d5cfe6090 R15: 00007ffd3d347878
[   79.354581][ T5320]  </TASK>
[   79.356064][ T5320] Kernel Offset: disabled
[   79.359613][ T5320] Rebooting in 86400 seconds..