program:
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1e71, 0x200f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xfc, 0x4, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x3}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000001c0)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x5, {0x5, 0x0, "b1a748"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000000300)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae000034aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a9eee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"})
ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000040)={0xad76, 0x103})
r3 = syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000002c0)={[{@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@partition={'partition', 0x3d, 0x6}}, {@gid_forget}, {@session={'session', 0x3d, 0xfe8}}, {@noadinicb}, {@anchor}, {@uid_forget}]}, 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk")
r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r4, 0x2007ffc)
sendfile(r4, r4, 0x0, 0x800000009)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r6 = open(&(0x7f0000000080)='./bus\x00', 0x107382, 0x1d0)
ftruncate(r6, 0x2007ffb)
sendfile(r5, r6, 0x0, 0x1000000201005)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="1201500200000040"], 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r7, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
truncate(&(0x7f00000013c0)='./file1\x00', 0x0)
ioctl$EXT4_IOC_GETSTATE(r3, 0x40046629, &(0x7f0000000200))
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r8, &(0x7f0000000140)='2', 0x1, 0x8080c61)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0x4}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0)
[ 75.891784][ T5314] Bluetooth: hci0: command tx timeout
[ 76.151441][ T5333] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[ 76.306006][ T5333] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 76.310307][ T5333] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 76.316195][ T5333] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 76.319867][ T5333] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 76.329132][ T5333] usb 5-1: config 0 descriptor??
[ 76.340008][ T5333] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 76.345984][ T5333] dvb-usb: bulk message failed: -22 (3/0)
[ 76.351089][ T5333] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 76.365141][ T5333] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 76.369185][ T5333] usb 5-1: media controller created
[ 76.374662][ T5333] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 76.392402][ T5333] dvb-usb: bulk message failed: -22 (6/0)
[ 76.395099][ T5333] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 76.410158][ T5333] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input5
[ 76.428948][ T5333] dvb-usb: schedule remote query interval to 150 msecs.
[ 76.442274][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.445223][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.451718][ T5333] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 76.540031][ T5335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 76.546157][ T5335] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 76.550988][ T5335] usb 5-1: USB disconnect, device number 2
[ 76.586746][ T5335] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 76.630698][ T5336] loop0: detected capacity change from 0 to 2048
[ 76.650480][ T5336] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=2362, location=2362
[ 76.667651][ T5336] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[ 76.683250][ T5336] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[ 76.694073][ T5336] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 76.704587][ T25] audit: type=1800 audit(1759642021.303:2): pid=5335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1346 res=0 errno=0
[ 76.828186][ T5337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 76.852573][ T5337] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 76.903661][ T5336] loop0: detected capacity change from 2048 to 64
[ 76.907611][ T5335] syz.0.0: attempt to access beyond end of device
[ 76.907611][ T5335] loop0: rw=2049, sector=1346, nr_sectors = 1 limit=64
[ 76.938772][ T5335] Buffer I/O error on dev loop0, logical block 1346, lost sync page write
[ 76.952196][ T5335] UDF-fs: warning (device loop0): udf_update_inode: IO error syncing udf inode [00000542]
[ 76.958159][ T5337] ==================================================================
[ 76.961275][ T5337] BUG: KASAN: slab-out-of-bounds in udf_write_aext+0x69d/0x7b0
[ 76.964319][ T5337] Write of size 4 at addr ffff888043807dd8 by task syz.0.0/5337
[ 76.967218][ T5337]
[ 76.968224][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 76.968238][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 76.968246][ T5337] Call Trace:
[ 76.968254][ T5337]
[ 76.968259][ T5337] dump_stack_lvl+0x189/0x250
[ 76.968279][ T5337] ? __virt_addr_valid+0x1c8/0x5c0
[ 76.968294][ T5337] ? rcu_is_watching+0x15/0xb0
[ 76.968309][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.968323][ T5337] ? rcu_is_watching+0x15/0xb0
[ 76.968333][ T5337] ? lock_release+0x4b/0x3e0
[ 76.968343][ T5337] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 76.968402][ T5337] ? __virt_addr_valid+0x1c8/0x5c0
[ 76.968417][ T5337] ? __virt_addr_valid+0x4a5/0x5c0
[ 76.968433][ T5337] print_report+0xca/0x240
[ 76.968444][ T5337] ? udf_write_aext+0x69d/0x7b0
[ 76.968459][ T5337] kasan_report+0x118/0x150
[ 76.968473][ T5337] ? udf_write_aext+0x69d/0x7b0
[ 76.968488][ T5337] udf_write_aext+0x69d/0x7b0
[ 76.968504][ T5337] __udf_add_aext+0x2b9/0x6d0
[ 76.968520][ T5337] udf_free_blocks+0x1466/0x17f0
[ 76.968535][ T5337] ? do_raw_spin_lock+0x121/0x290
[ 76.968548][ T5337] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 76.968561][ T5337] ? __pfx_udf_free_blocks+0x10/0x10
[ 76.968573][ T5337] ? rcu_is_watching+0x15/0xb0
[ 76.968584][ T5337] ? __mark_inode_dirty+0x3d2/0xe10
[ 76.968601][ T5337] ? rcu_is_watching+0x10/0xb0
[ 76.968612][ T5337] ? __mark_inode_dirty+0x3d2/0xe10
[ 76.968627][ T5337] extent_trunc+0x35c/0x450
[ 76.968640][ T5337] ? __pfx_extent_trunc+0x10/0x10
[ 76.968653][ T5337] udf_truncate_extents+0x5b0/0xec0
[ 76.968668][ T5337] ? __pfx_udf_truncate_extents+0x10/0x10
[ 76.968683][ T5337] ? do_raw_spin_unlock+0x4d/0x240
[ 76.968697][ T5337] udf_setsize+0x972/0x1000
[ 76.968713][ T5337] ? __pfx_udf_setsize+0x10/0x10
[ 76.968724][ T5337] ? down_write+0x162/0x1f0
[ 76.968735][ T5337] ? __pfx_down_write+0x10/0x10
[ 76.968746][ T5337] ? __pfx_current_time+0x10/0x10
[ 76.968760][ T5337] udf_setattr+0x3a1/0x5a0
[ 76.968772][ T5337] ? __pfx_udf_setattr+0x10/0x10
[ 76.968785][ T5337] notify_change+0xb36/0xe40
[ 76.968798][ T5337] do_truncate+0x1a4/0x220
[ 76.968810][ T5337] ? __pfx_do_truncate+0x10/0x10
[ 76.968820][ T5337] ? apparmor_path_truncate+0x238/0x2d0
[ 76.968839][ T5337] vfs_truncate+0x493/0x520
[ 76.968851][ T5337] ? __pfx_vfs_truncate+0x10/0x10
[ 76.968867][ T5337] do_sys_truncate+0xdb/0x190
[ 76.968880][ T5337] ? __pfx_do_sys_truncate+0x10/0x10
[ 76.968892][ T5337] ? rcu_is_watching+0x15/0xb0
[ 76.968905][ T5337] __x64_sys_truncate+0x5b/0x70
[ 76.968916][ T5337] do_syscall_64+0xfa/0x3b0
[ 76.968925][ T5337] ? lockdep_hardirqs_on+0x9c/0x150
[ 76.968941][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.968951][ T5337] ? clear_bhb_loop+0x60/0xb0
[ 76.968962][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.968972][ T5337] RIP: 0033:0x7fd7fab8eec9
[ 76.968985][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.968995][ T5337] RSP: 002b:00007fd7fb9c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 76.969007][ T5337] RAX: ffffffffffffffda RBX: 00007fd7fade6180 RCX: 00007fd7fab8eec9
[ 76.969014][ T5337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
[ 76.969022][ T5337] RBP: 00007fd7fac11f91 R08: 0000000000000000 R09: 0000000000000000
[ 76.969029][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 76.969036][ T5337] R13: 00007fd7fade6218 R14: 00007fd7fade6180 R15: 00007ffdcdaeaab8
[ 76.969048][ T5337]
[ 76.969053][ T5337]
[ 77.119381][ T5337] Allocated by task 5336:
[ 77.121324][ T5337] kasan_save_track+0x3e/0x80
[ 77.123454][ T5337] __kasan_kmalloc+0x93/0xb0
[ 77.125448][ T5337] __kmalloc_noprof+0x411/0x7f0
[ 77.127580][ T5337] __udf_iget+0xc66/0x3ae0
[ 77.129487][ T5337] udf_fill_partdesc_info+0x773/0x1320
[ 77.131947][ T5337] udf_process_sequence+0x111c/0x47e0
[ 77.134365][ T5337] udf_check_anchor_block+0x28e/0x550
[ 77.136683][ T5337] udf_load_vrs+0x96d/0xf20
[ 77.138613][ T5337] udf_fill_super+0x5ad/0x17a0
[ 77.140756][ T5337] get_tree_bdev_flags+0x40e/0x4d0
[ 77.143025][ T5337] vfs_get_tree+0x92/0x2b0
[ 77.145071][ T5337] do_new_mount+0x302/0xa10
[ 77.146933][ T5337] __se_sys_mount+0x313/0x410
[ 77.148817][ T5337] do_syscall_64+0xfa/0x3b0
[ 77.150651][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.153062][ T5337]
[ 77.154067][ T5337] The buggy address belongs to the object at ffff888043807c00
[ 77.154067][ T5337] which belongs to the cache kmalloc-512 of size 512
[ 77.159561][ T5337] The buggy address is located 0 bytes to the right of
[ 77.159561][ T5337] allocated 472-byte region [ffff888043807c00, ffff888043807dd8)
[ 77.165483][ T5337]
[ 77.166567][ T5337] The buggy address belongs to the physical page:
[ 77.169369][ T5337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888043807800 pfn:0x43806
[ 77.173637][ T5337] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 77.177411][ T5337] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff)
[ 77.181274][ T5337] page_type: f5(slab)
[ 77.183121][ T5337] raw: 04fff00000000240 ffff88801a041c80 ffffea00010be990 ffffea00010e0110
[ 77.186968][ T5337] raw: ffff888043807800 0000000000080007 00000000f5000000 0000000000000000
[ 77.190804][ T5337] head: 04fff00000000240 ffff88801a041c80 ffffea00010be990 ffffea00010e0110
[ 77.194671][ T5337] head: ffff888043807800 0000000000080007 00000000f5000000 0000000000000000
[ 77.198351][ T5337] head: 04fff00000000001 ffffea00010e0181 00000000ffffffff 00000000ffffffff
[ 77.202037][ T5337] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 77.205842][ T5337] page dumped because: kasan: bad access detected
[ 77.208743][ T5337] page_owner tracks the page as allocated
[ 77.211317][ T5337] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5312, tgid 5312 (syz-executor), ts 73413717412, free_ts 61461142474
[ 77.220574][ T5337] post_alloc_hook+0x240/0x2a0
[ 77.222703][ T5337] get_page_from_freelist+0x2365/0x2440
[ 77.225193][ T5337] __alloc_frozen_pages_noprof+0x181/0x370
[ 77.227821][ T5337] alloc_pages_mpol+0x232/0x4a0
[ 77.230051][ T5337] allocate_slab+0x96/0x3a0
[ 77.232190][ T5337] ___slab_alloc+0xe94/0x1920
[ 77.234169][ T5337] __slab_alloc+0x65/0x100
[ 77.235987][ T5337] __kmalloc_noprof+0x471/0x7f0
[ 77.237956][ T5337] fib6_info_alloc+0x30/0xf0
[ 77.239908][ T5337] ip6_route_info_create+0x142/0x860
[ 77.242097][ T5337] ip6_route_add+0x49/0x1b0
[ 77.243982][ T5337] addrconf_add_dev+0x24f/0x340
[ 77.246104][ T5337] inet6_addr_add+0x1a1/0xc00
[ 77.248172][ T5337] inet6_rtm_newaddr+0x93d/0xd20
[ 77.250340][ T5337] rtnetlink_rcv_msg+0x7cf/0xb70
[ 77.252622][ T5337] netlink_rcv_skb+0x208/0x470
[ 77.254734][ T5337] page last free pid 5247 tgid 5247 stack trace:
[ 77.257478][ T5337] __free_frozen_pages+0xbc4/0xd30
[ 77.259831][ T5337] __put_partials+0x146/0x170
[ 77.261979][ T5337] put_cpu_partial+0x1f2/0x2e0
[ 77.264178][ T5337] __slab_free+0x2b9/0x390
[ 77.266190][ T5337] qlist_free_all+0x97/0x140
[ 77.268322][ T5337] kasan_quarantine_reduce+0x148/0x160
[ 77.270724][ T5337] __kasan_slab_alloc+0x22/0x80
[ 77.272869][ T5337] __kmalloc_node_track_caller_noprof+0x519/0x800
[ 77.275698][ T5337] kstrdup+0x42/0x100
[ 77.277437][ T5337] bprm_change_interp+0x82/0xc0
[ 77.279616][ T5337] load_script+0x6d0/0x860
[ 77.281533][ T5337] bprm_execve+0x99c/0x1450
[ 77.283619][ T5337] do_execveat_common+0x510/0x6a0
[ 77.285861][ T5337] __x64_sys_execve+0x94/0xb0
[ 77.287988][ T5337] do_syscall_64+0xfa/0x3b0
[ 77.289986][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.292600][ T5337]
[ 77.293709][ T5337] Memory state around the buggy address:
[ 77.296165][ T5337] ffff888043807c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.299561][ T5337] ffff888043807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.302951][ T5337] >ffff888043807d80: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[ 77.306452][ T5337] ^
[ 77.309441][ T5337] ffff888043807e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 77.312884][ T5337] ffff888043807e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 77.316344][ T5337] ==================================================================
[ 77.352835][ T5337] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 77.355981][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 77.359893][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 77.364621][ T5337] Call Trace:
[ 77.366118][ T5337]
[ 77.367470][ T5337] dump_stack_lvl+0x99/0x250
[ 77.369517][ T5337] ? __asan_memcpy+0x40/0x70
[ 77.371541][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.373837][ T5337] ? __pfx__printk+0x10/0x10
[ 77.375985][ T5337] vpanic+0x237/0x6d0
[ 77.377778][ T5337] ? __pfx_vpanic+0x10/0x10
[ 77.379758][ T5337] ? preempt_schedule+0xae/0xc0
[ 77.381886][ T5337] ? __pfx_preempt_schedule+0x10/0x10
[ 77.384242][ T5337] panic+0xb9/0xc0
[ 77.385873][ T5337] ? __pfx_panic+0x10/0x10
[ 77.387875][ T5337] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 77.390596][ T5337] ? is_module_address+0x17/0xf0
[ 77.392856][ T5337] ? udf_write_aext+0x69d/0x7b0
[ 77.395049][ T5337] check_panic_on_warn+0x89/0xb0
[ 77.397284][ T5337] ? udf_write_aext+0x69d/0x7b0
[ 77.399473][ T5337] end_report+0x78/0x160
[ 77.401346][ T5337] kasan_report+0x129/0x150
[ 77.403391][ T5337] ? udf_write_aext+0x69d/0x7b0
[ 77.405697][ T5337] udf_write_aext+0x69d/0x7b0
[ 77.407741][ T5337] __udf_add_aext+0x2b9/0x6d0
[ 77.409739][ T5337] udf_free_blocks+0x1466/0x17f0
[ 77.411775][ T5337] ? do_raw_spin_lock+0x121/0x290
[ 77.413937][ T5337] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 77.416395][ T5337] ? __pfx_udf_free_blocks+0x10/0x10
[ 77.418729][ T5337] ? rcu_is_watching+0x15/0xb0
[ 77.420650][ T5337] ? __mark_inode_dirty+0x3d2/0xe10
[ 77.422902][ T5337] ? rcu_is_watching+0x10/0xb0
[ 77.424982][ T5337] ? __mark_inode_dirty+0x3d2/0xe10
[ 77.427285][ T5337] extent_trunc+0x35c/0x450
[ 77.429226][ T5337] ? __pfx_extent_trunc+0x10/0x10
[ 77.431490][ T5337] udf_truncate_extents+0x5b0/0xec0
[ 77.433506][ T5337] ? __pfx_udf_truncate_extents+0x10/0x10
[ 77.436007][ T5337] ? do_raw_spin_unlock+0x4d/0x240
[ 77.438221][ T5337] udf_setsize+0x972/0x1000
[ 77.440169][ T5337] ? __pfx_udf_setsize+0x10/0x10
[ 77.442288][ T5337] ? down_write+0x162/0x1f0
[ 77.444362][ T5337] ? __pfx_down_write+0x10/0x10
[ 77.446460][ T5337] ? __pfx_current_time+0x10/0x10
[ 77.448768][ T5337] udf_setattr+0x3a1/0x5a0
[ 77.450777][ T5337] ? __pfx_udf_setattr+0x10/0x10
[ 77.452950][ T5337] notify_change+0xb36/0xe40
[ 77.454981][ T5337] do_truncate+0x1a4/0x220
[ 77.456984][ T5337] ? __pfx_do_truncate+0x10/0x10
[ 77.459198][ T5337] ? apparmor_path_truncate+0x238/0x2d0
[ 77.461654][ T5337] vfs_truncate+0x493/0x520
[ 77.463659][ T5337] ? __pfx_vfs_truncate+0x10/0x10
[ 77.465908][ T5337] do_sys_truncate+0xdb/0x190
[ 77.467991][ T5337] ? __pfx_do_sys_truncate+0x10/0x10
[ 77.470353][ T5337] ? rcu_is_watching+0x15/0xb0
[ 77.472490][ T5337] __x64_sys_truncate+0x5b/0x70
[ 77.474805][ T5337] do_syscall_64+0xfa/0x3b0
[ 77.476724][ T5337] ? lockdep_hardirqs_on+0x9c/0x150
[ 77.478630][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.480856][ T5337] ? clear_bhb_loop+0x60/0xb0
[ 77.482658][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.485172][ T5337] RIP: 0033:0x7fd7fab8eec9
[ 77.487054][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 77.495204][ T5337] RSP: 002b:00007fd7fb9c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[ 77.498685][ T5337] RAX: ffffffffffffffda RBX: 00007fd7fade6180 RCX: 00007fd7fab8eec9
[ 77.502181][ T5337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000013c0
[ 77.505783][ T5337] RBP: 00007fd7fac11f91 R08: 0000000000000000 R09: 0000000000000000
[ 77.509139][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 77.512502][ T5337] R13: 00007fd7fade6218 R14: 00007fd7fade6180 R15: 00007ffdcdaeaab8
[ 77.515822][ T5337]
[ 77.517482][ T5337] Kernel Offset: disabled
[ 77.519134][ T5337] Rebooting in 86400 seconds..