program:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000010000004000018007000600666f00000800080000000000060001000200000008000500000000000c0007000000000000000000080009"], 0x54}}, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_FLUSH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4000000", @ANYRES16=r3, @ANYBLOB="01000000000000000000070000002c000280060002004e2000000800090010000000060002004e210000080007000101000006000f000700000008000400ff7fffff1400028008000600020000000800090008000000080004000200000060000180080009005600000007000600666f00000c0007002000000002000000080008000100000008000b00736970000600010002000000080005"], 0xc4}}, 0x0)
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB="009917593d44d685cf8176521846a9e90205b4b89c0ed49b3e1201fa4a79b0b9651316a89d7e4038e94e54fdffa25c529d1cb4e43bf7e12bd2a555681300b85d6621470c304d6ba5731161f3f1da1193a85525e8c9a5a95798070ca48fa7edcf62e37626480f673141bee1ea2522f8b61aac12f984c1216683ae80e6146169cfb7aa7c50dd4c52259faaee2fedc1077bda4c3e65d7005d0ab71db65617abeb3c51b056d955f1285ed9d26d7c910bf3291f6b349ce7eee33a31a484c31993effe39fcfa55e722a20bf90b2f43ffbfd19afaeb1d6e9683ce09f4c8eb9591f0772a12"], 0x1, 0xc3c, &(0x7f0000000d00)="$eJzs3V1sXGdaB/DnnWMndsqyU9qmXbpIsxSxaZoE56OtUVrkbIy1K0VtVMcLNyCP40kY1V+1nVVawSpIwA0Igoq0Ai7IDRIXXOQGCa0QirhZJECKQJUWgUSgabQSAmYFCysqYXRm3rHHbtK4+bLT/H5t/J8585w575n2OT4TzXsmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIL/30saGDaatHAQA8SK+NvzF02O9/AHiknPL+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA20tRxFuR4r2xVpps3+8YONGcO3d+YnTs5qsNpkhRiaJdX/4ZOHjo8JEXX3p5uJsfv/699rl4ffzUsdrx+dmFxcbSUmO6NjHXPD0/3dj0M9zt+hvtbb8Atdk3z02fObNUO3Tg8LqHz1dv7Hxsd/Xo8LP7nu/WToyOjY331PT13/HWPyLdu6fiU2RHFPHlSPGt/d9J9YioxN33wm2OHffbYPSV/dfeiYnRsfaOzDTrc8vlg6mSq/oiqj0rjXR75AH04l0ZibhQ/ncqB7y33L3xhfpifWqmUTtZX1xuLjfn51KlM9pyf6pRieEUsRARrWKrB8920x9FvBopbnzYSlMRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTx25Hi3cmhOJ37qt021yO+WOYrEW+VeSXFxXw/lQeI4Yjv+n0CD7W+KOJvIsV8aqXpbu+3zytPfLX2lbkz8z213fPKh/79wYPk3IRtbCCKmGqf8bfSnf9lFwAAAAAAAAAAAADwYBTxzUhxeXZPWojeOaXNubO1U/Wpmc6ngruf/a/ltVZWVlaqqZO1nEM5R3KezDmZcyHnhZwXc17KeTnnlZxXc17L2coZlbz9nLWcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhnmPQEAAAAAAAAAAAAAAAAAAHCPDUYRvxEp/v33v9b+Xulofy/9Z48OHz/xmd7vjH/mNs9T1h6IiG/G5r6Td0f+rvFUKf+59/sF3N5AFPH1/P1/v7zVgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALaFShTxK5HiG99rpUgRMRIxGZ28Vmz16AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0s5UxKuR4md/d2R1WV9EpPa/HXvKH0dipMj5RJmvxMjBdlZGjpU5EHFgC8YP3Lmlt995sz4z01h0ww033Fi9sdVHJgAAAAAAAAAAAAAAAAB4hKUi/j5S/OTvtVI1Is5Xb+x8bHf16PCz+54vomhfBCD11r8+fupY7fj87MJiY2mpMV2bmGuenp9ubHZzAyeac+fOT4yO3Zedua3B+zz+wYHj8wtvLzbP/sLyTR/fNXBsaml5sX765g/HYPRFDPUu2dse8MToWHvQM836XHvVVLnFAPsiapvdGR55u1IR/xsp3tv/7Xg8L8vX/+jv3Fvr/j/8xbV7P9y3Plf/d2wfPz57dPj4ruc2czttdqB7241XNsLYeM/ivjzKH+pZVs3j2vRzwyOq7P8XIsXP/1GRuj2U+/8HOveK1dr/+fpaTx3dkKu2qP+f6Fl2NB+1+vsiBpZnF/qfjhhYevud/c3Z+tnG2cbckUMvvzR85OUXj7zUvyNi4ExzpjG0dmvTrx0AAAAAAAAAAAAAAAAA3C/9qYgvRYpf+ru/XJ03nuf/faZzb23+X+/83z0bnqf3ugG3un3TuX63mdfXq9xmSkU8FSme/bNn2uNNscucd7hDu1IR3y/7afrL6Qt5We7/PLP/5v1/YUOu2qL5v4/3LLuQjxP/ESke/4Nn4gs9x4mNs3vLur+IFFM/8vlcFzvKuu7zdeZEdyYGl7VfixTvn1xf2503/cRa7cHN7hZspbL/ZyPFP/zW38aP5mXrr/9x8/7ftSFXbVH/P9m7TxGx9PY7b9ZnZhqLS5t+KeCRU/b/r0eKv/6Tb8dzednHXf+ne52fPc+tz8Fu0Rb1/1M9y6p5XD/2CV8LAAAAAAAAAAAAeFjsSkX8U6T48z/dl/bnZZv5/O/0hly1RZ//e7pn2fS6z//evxubfpEBAGCb6E9F/ESk+OPp66k7N/aW839fWZv/M7rxxL19Tv+D7Xn+n+hc/xPM/y+3mVIR/5fn9Q7dZl7vj0eKX/upfbku7S7rRrrDbf8ceG1+bv+xmZn50/Xl+tRMoza+UD/dKNfdGyn+9d8+n9ettOf5dudHd+YGr80J/p1I8XMfdGs7c4K7cymfXKs9WNbujxTff399bXfe1VNrtYfK2t+MFGP/ffPa3Wu1h8vaf4wU//lurVu7q6ztvp97eq32wOn5mY+8ZQMAAAAAAAAAAAAAAAAAAGDr9aciUqS48jOXVufGr7/+V/c6AOuv/7XR/fr+/+q92U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeCikKOK/IsV7Y610rSjvdwycaM6dOz8xOnbz1QZTpKhE0a4v/wwcPHT4yIsvvTzczY9f/177XLw+fupY7fj87MJiY2mpMV2bmGuenp9ubPoZ7nb9jfa2X4Da7Jvnps+cWaodOnB43cPnqzd2Pra7enT42X3Pd2snRsfGxntq+vrveOsfke7dU/EpsiOK+KtI8a3930n/XERU4u574TbHjvttMPrK/mvvxMToWHtHZpr1ueXywVTJVX0R1Z6VRro98gB68a6MRFyIiEo54L3l7o0v1BfrUzON2sn64nJzuTk/lyqd0Zb7U41KDKeIhYhoFVs9eLab/ijiSqS48WEr/UsRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTxZKR4d3Io3i86fdVum+sRXyzzlYi3yryS4mK+n8oDxHDEd/0+gYdaXxRxMlLMp1a6XuTeb59Xnvhq7StzZ+Z7arvnlQ/9+4MHybkJ29hAFPFB+4y/lT7w+xwAAAAAAAAAAAAAtrkiXo0Ul2f3pPb80NU5pc25s7VT9amZzsf6u5/9r+W1VlZWVqqpk7WcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhmVvP2ctZxDOUdynsw5mXMh54WcF3Neynk555WcV3Ney9nKGT4nDQAAAAAAAAAAAAAAAADAfVKJIn41Unzje620UnS+X3YyOnnNPFf4VPv/AAAA//84/iOE")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r5, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0)
pwritev2(r6, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0xf4240}], 0x1, 0x800001, 0x0, 0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000001900)='./bus\x00', 0x0, 0x21002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x13, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000098d701f500000000ff99840fa1fff2ef30c4a49f9afe48d613951105c9eac38ae4c750045667e51bfcf0fa74fc4344c4eb9766c2998e9391337757c1560b6aaa5b732e7f0ede335f4ef650b28d93ff3b69d1a2affc439430525ea6730708d16d92bb0c9ee4ec80a1e3a20ddc2f3264a5b98d18f621ff97262f51353374da320749e1f1f2a34164ef2ffa67602e47e0c1235e6370acdc97e5492efb6a0bf48903a53b7b8c4d20c5477e00"/190, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200000000004085000000b1000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, @void, @value}, 0x90)
r7 = open(&(0x7f0000000280)='./bus\x00', 0x20000, 0x74)
r8 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r8, 0x40045532, &(0x7f0000000040))
r9 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)
r10 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$F2FS_IOC_SET_PIN_FILE(r6, 0x4004f50d, &(0x7f0000000000)=0x1)
ioctl$SNDCTL_DSP_CHANNELS(r9, 0xc0045006, &(0x7f00000000c0)=0x4)
writev(r10, &(0x7f0000000180)=[{&(0x7f0000000440)="3e7780f606e210b4d6e5ecd7", 0xc}, {0x0}], 0x2)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r7, 0x4c02, &(0x7f0000000140))
close_range(r0, 0xffffffffffffffff, 0x0)
[ 58.502721][ T5317] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'.
[ 58.514497][ T9] IPVS: starting estimator thread 0...
[ 58.535891][ T5317] netlink: 32 bytes leftover after parsing attributes in process `syz.0.0'.
[ 58.562898][ T5317] loop0: detected capacity change from 0 to 2048
[ 58.590055][ T5317] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[ 58.602315][ T5317] UDF-fs: Scanning with blocksize 512 failed
[ 58.614302][ T5317] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 58.620810][ T5319] IPVS: using max 45 ests per chain, 108000 per kthread
[ 58.700406][ T5317] loop0: detected capacity change from 2048 to 2047
[ 58.745778][ T5317] ==================================================================
[ 58.748702][ T5317] BUG: KASAN: slab-out-of-bounds in crc_itu_t+0x1d5/0x2b0
[ 58.751104][ T5317] Read of size 1 at addr ffff888043800488 by task syz.0.0/5317
[ 58.753352][ T5317]
[ 58.754251][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[ 58.758179][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 58.762106][ T5317] Call Trace:
[ 58.763484][ T5317]
[ 58.764594][ T5317] dump_stack_lvl+0x241/0x360
[ 58.766454][ T5317] ? __pfx_dump_stack_lvl+0x10/0x10
[ 58.768254][ T5317] ? __pfx__printk+0x10/0x10
[ 58.769939][ T5317] ? _printk+0xd5/0x120
[ 58.771433][ T5317] ? __virt_addr_valid+0x183/0x530
[ 58.773373][ T5317] ? __virt_addr_valid+0x183/0x530
[ 58.775299][ T5317] print_report+0x169/0x550
[ 58.777447][ T5317] ? __virt_addr_valid+0x183/0x530
[ 58.779914][ T5317] ? __virt_addr_valid+0x183/0x530
[ 58.782346][ T5317] ? __virt_addr_valid+0x45f/0x530
[ 58.784836][ T5317] ? __phys_addr+0xba/0x170
[ 58.787059][ T5317] ? crc_itu_t+0x1d5/0x2b0
[ 58.789145][ T5317] kasan_report+0x143/0x180
[ 58.791340][ T5317] ? crc_itu_t+0x1d5/0x2b0
[ 58.793485][ T5317] crc_itu_t+0x1d5/0x2b0
[ 58.795570][ T5317] udf_update_tag+0x70/0x6a0
[ 58.797662][ T5317] ? __mark_inode_dirty+0x3db/0xe90
[ 58.799582][ T5317] udf_write_aext+0x4d8/0x7b0
[ 58.801401][ T5317] extent_trunc+0x2f7/0x4a0
[ 58.803090][ T5317] ? __pfx_extent_trunc+0x10/0x10
[ 58.805012][ T5317] ? udf_current_aext+0x519/0xad0
[ 58.807018][ T5317] udf_truncate_extents+0x6ed/0x1310
[ 58.809030][ T5317] ? __pfx_udf_truncate_extents+0x10/0x10
[ 58.811173][ T5317] ? __pfx_lock_release+0x10/0x10
[ 58.813056][ T5317] ? do_raw_spin_lock+0x14f/0x370
[ 58.814889][ T5317] ? do_raw_spin_unlock+0x58/0x8b0
[ 58.816846][ T5317] udf_setsize+0xabb/0x1450
[ 58.818621][ T5317] ? __pfx_udf_setsize+0x10/0x10
[ 58.820457][ T5317] ? evict+0x4b8/0x9a0
[ 58.821872][ T5317] ? inode_wait_for_writeback+0x111/0x2a0
[ 58.823919][ T5317] ? __pfx_lock_release+0x10/0x10
[ 58.825659][ T5317] udf_evict_inode+0x7d/0x3e0
[ 58.827303][ T5317] ? evict+0x4df/0x9a0
[ 58.828594][ T5317] ? __pfx_udf_evict_inode+0x10/0x10
[ 58.830476][ T5317] evict+0x4e8/0x9a0
[ 58.831895][ T5317] ? __pfx_evict+0x10/0x10
[ 58.833523][ T5317] ? _raw_spin_unlock+0x28/0x50
[ 58.835306][ T5317] ? iput+0x713/0xa50
[ 58.836752][ T5317] __dentry_kill+0x20d/0x630
[ 58.838397][ T5317] ? dput+0x37/0x2b0
[ 58.839763][ T5317] dput+0x19f/0x2b0
[ 58.841128][ T5317] __fput+0x5ba/0xa50
[ 58.842668][ T5317] task_work_run+0x24f/0x310
[ 58.844375][ T5317] ? _raw_spin_unlock+0x28/0x50
[ 58.846295][ T5317] ? __pfx_task_work_run+0x10/0x10
[ 58.848251][ T5317] ? syscall_exit_to_user_mode+0xa3/0x340
[ 58.850459][ T5317] syscall_exit_to_user_mode+0x13f/0x340
[ 58.852669][ T5317] do_syscall_64+0x100/0x230
[ 58.854556][ T5317] ? clear_bhb_loop+0x35/0x90
[ 58.856441][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 58.858726][ T5317] RIP: 0033:0x7f2c7ab7ff19
[ 58.860440][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 58.867523][ T5317] RSP: 002b:00007f2c7b8ae058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 58.870431][ T5317] RAX: 0000000000000000 RBX: 00007f2c7ad45fa0 RCX: 00007f2c7ab7ff19
[ 58.873072][ T5317] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000003
[ 58.875751][ T5317] RBP: 00007f2c7abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 58.878479][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 58.881173][ T5317] R13: 0000000000000000 R14: 00007f2c7ad45fa0 R15: 00007ffe75431768
[ 58.883991][ T5317]
[ 58.885176][ T5317]
[ 58.886108][ T5317] Allocated by task 4735:
[ 58.887927][ T5317] kasan_save_track+0x3f/0x80
[ 58.889714][ T5317] __kasan_slab_alloc+0x66/0x80
[ 58.891542][ T5317] kmem_cache_alloc_lru_noprof+0x1dd/0x390
[ 58.893361][ T5317] alloc_inode+0x87/0x1a0
[ 58.895064][ T5317] iget_locked+0xf1/0x5a0
[ 58.896711][ T5317] kernfs_get_inode+0x51/0x760
[ 58.898391][ T5317] kernfs_iop_lookup+0x266/0x390
[ 58.900280][ T5317] __lookup_slow+0x28c/0x3f0
[ 58.902024][ T5317] lookup_slow+0x53/0x70
[ 58.903578][ T5317] walk_component+0x2e1/0x410
[ 58.905377][ T5317] path_lookupat+0x16f/0x450
[ 58.907290][ T5317] filename_lookup+0x2a3/0x670
[ 58.909289][ T5317] do_readlinkat+0xf0/0x3a0
[ 58.911033][ T5317] __x64_sys_readlink+0x7f/0x90
[ 58.912855][ T5317] do_syscall_64+0xf3/0x230
[ 58.914569][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 58.916811][ T5317]
[ 58.917723][ T5317] The buggy address belongs to the object at ffff888043800000
[ 58.917723][ T5317] which belongs to the cache inode_cache of size 1160
[ 58.922770][ T5317] The buggy address is located 0 bytes to the right of
[ 58.922770][ T5317] allocated 1160-byte region [ffff888043800000, ffff888043800488)
[ 58.928045][ T5317]
[ 58.928925][ T5317] The buggy address belongs to the physical page:
[ 58.931341][ T5317] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43800
[ 58.934694][ T5317] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 58.937818][ T5317] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 58.940759][ T5317] page_type: f5(slab)
[ 58.942353][ T5317] raw: 04fff00000000040 ffff88801be91a00 ffffea000046c000 dead000000000002
[ 58.945527][ T5317] raw: 0000000000000000 00000000000c000c 00000001f5000000 0000000000000000
[ 58.948686][ T5317] head: 04fff00000000040 ffff88801be91a00 ffffea000046c000 dead000000000002
[ 58.951862][ T5317] head: 0000000000000000 00000000000c000c 00000001f5000000 0000000000000000
[ 58.955059][ T5317] head: 04fff00000000002 ffffea00010e0001 ffffffffffffffff 0000000000000000
[ 58.958361][ T5317] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 58.961482][ T5317] page dumped because: kasan: bad access detected
[ 58.963883][ T5317] page_owner tracks the page as allocated
[ 58.966117][ T5317] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 4732, tgid 4732 (udevd), ts 31481050827, free_ts 0
[ 58.973822][ T5317] post_alloc_hook+0x1f3/0x230
[ 58.975415][ T5317] get_page_from_freelist+0x365c/0x37a0
[ 58.977331][ T5317] __alloc_pages_noprof+0x292/0x710
[ 58.979074][ T5317] alloc_pages_mpol_noprof+0x3e8/0x680
[ 58.980903][ T5317] alloc_slab_page+0x6a/0x110
[ 58.982532][ T5317] allocate_slab+0x5a/0x2b0
[ 58.984059][ T5317] ___slab_alloc+0xc27/0x14a0
[ 58.985813][ T5317] __slab_alloc+0x58/0xa0
[ 58.987349][ T5317] kmem_cache_alloc_lru_noprof+0x26c/0x390
[ 58.989439][ T5317] alloc_inode+0x87/0x1a0
[ 58.991047][ T5317] create_pipe_files+0x50/0x700
[ 58.992837][ T5317] __do_pipe_flags+0x48/0x2d0
[ 58.994595][ T5317] do_pipe2+0xd4/0x310
[ 58.996187][ T5317] __x64_sys_pipe2+0x5a/0x70
[ 58.997980][ T5317] do_syscall_64+0xf3/0x230
[ 58.999615][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.001711][ T5317] page_owner free stack trace missing
[ 59.003597][ T5317]
[ 59.004528][ T5317] Memory state around the buggy address:
[ 59.006651][ T5317] ffff888043800380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 59.009622][ T5317] ffff888043800400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 59.012621][ T5317] >ffff888043800480: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.015706][ T5317] ^
[ 59.017371][ T5317] ffff888043800500: fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 59.020331][ T5317] ffff888043800580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 59.023275][ T5317] ==================================================================
[ 59.026849][ T4665] Bluetooth: hci0: command tx timeout
[ 59.036802][ T5317] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 59.039402][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[ 59.043295][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 59.047428][ T5317] Call Trace:
[ 59.048783][ T5317]
[ 59.049979][ T5317] dump_stack_lvl+0x241/0x360
[ 59.051806][ T5317] ? __pfx_dump_stack_lvl+0x10/0x10
[ 59.053862][ T5317] ? __pfx__printk+0x10/0x10
[ 59.055541][ T5317] ? preempt_schedule+0xe1/0xf0
[ 59.057405][ T5317] ? vscnprintf+0x5d/0x90
[ 59.059047][ T5317] panic+0x349/0x880
[ 59.060513][ T5317] ? check_panic_on_warn+0x21/0xb0
[ 59.062411][ T5317] ? __pfx_panic+0x10/0x10
[ 59.064153][ T5317] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 59.066517][ T5317] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 59.068848][ T5317] ? print_report+0x502/0x550
[ 59.070662][ T5317] check_panic_on_warn+0x86/0xb0
[ 59.072605][ T5317] ? crc_itu_t+0x1d5/0x2b0
[ 59.074277][ T5317] end_report+0x77/0x160
[ 59.075902][ T5317] kasan_report+0x154/0x180
[ 59.077640][ T5317] ? crc_itu_t+0x1d5/0x2b0
[ 59.079402][ T5317] crc_itu_t+0x1d5/0x2b0
[ 59.081099][ T5317] udf_update_tag+0x70/0x6a0
[ 59.082843][ T5317] ? __mark_inode_dirty+0x3db/0xe90
[ 59.084779][ T5317] udf_write_aext+0x4d8/0x7b0
[ 59.086585][ T5317] extent_trunc+0x2f7/0x4a0
[ 59.088328][ T5317] ? __pfx_extent_trunc+0x10/0x10
[ 59.090183][ T5317] ? udf_current_aext+0x519/0xad0
[ 59.092075][ T5317] udf_truncate_extents+0x6ed/0x1310
[ 59.094078][ T5317] ? __pfx_udf_truncate_extents+0x10/0x10
[ 59.095973][ T5317] ? __pfx_lock_release+0x10/0x10
[ 59.097718][ T5317] ? do_raw_spin_lock+0x14f/0x370
[ 59.099619][ T5317] ? do_raw_spin_unlock+0x58/0x8b0
[ 59.101536][ T5317] udf_setsize+0xabb/0x1450
[ 59.103304][ T5317] ? __pfx_udf_setsize+0x10/0x10
[ 59.105123][ T5317] ? evict+0x4b8/0x9a0
[ 59.106652][ T5317] ? inode_wait_for_writeback+0x111/0x2a0
[ 59.108723][ T5317] ? __pfx_lock_release+0x10/0x10
[ 59.110574][ T5317] udf_evict_inode+0x7d/0x3e0
[ 59.112232][ T5317] ? evict+0x4df/0x9a0
[ 59.113735][ T5317] ? __pfx_udf_evict_inode+0x10/0x10
[ 59.115702][ T5317] evict+0x4e8/0x9a0
[ 59.117194][ T5317] ? __pfx_evict+0x10/0x10
[ 59.118867][ T5317] ? _raw_spin_unlock+0x28/0x50
[ 59.120652][ T5317] ? iput+0x713/0xa50
[ 59.122166][ T5317] __dentry_kill+0x20d/0x630
[ 59.123909][ T5317] ? dput+0x37/0x2b0
[ 59.125395][ T5317] dput+0x19f/0x2b0
[ 59.126886][ T5317] __fput+0x5ba/0xa50
[ 59.128294][ T5317] task_work_run+0x24f/0x310
[ 59.129910][ T5317] ? _raw_spin_unlock+0x28/0x50
[ 59.131586][ T5317] ? __pfx_task_work_run+0x10/0x10
[ 59.133374][ T5317] ? syscall_exit_to_user_mode+0xa3/0x340
[ 59.135360][ T5317] syscall_exit_to_user_mode+0x13f/0x340
[ 59.137303][ T5317] do_syscall_64+0x100/0x230
[ 59.138910][ T5317] ? clear_bhb_loop+0x35/0x90
[ 59.140537][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.142714][ T5317] RIP: 0033:0x7f2c7ab7ff19
[ 59.144411][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 59.151442][ T5317] RSP: 002b:00007f2c7b8ae058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 59.154578][ T5317] RAX: 0000000000000000 RBX: 00007f2c7ad45fa0 RCX: 00007f2c7ab7ff19
[ 59.157601][ T5317] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000003
[ 59.160606][ T5317] RBP: 00007f2c7abf3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 59.163465][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 59.166461][ T5317] R13: 0000000000000000 R14: 00007f2c7ad45fa0 R15: 00007ffe75431768
[ 59.169462][ T5317]
[ 59.170904][ T5317] Kernel Offset: disabled
[ 59.172562][ T5317] Rebooting in 86400 seconds..