syzbot

------------[ cut here ]------------
WARNING: CPU: 0 PID: 5869 at fs/udf/inode.c:2081 __udf_add_aext+0x555/0x700 fs/udf/inode.c:2080
Modules linked in:
CPU: 0 UID: 0 PID: 5869 Comm: syz-executor362 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:__udf_add_aext+0x555/0x700 fs/udf/inode.c:2080
Code: 17 d7 fe 49 8b 3c 24 4c 89 fe e8 a6 d3 fb fe 31 c0 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ec 6e 6f fe 90 <0f> 0b 90 e9 e7 fb ff ff e8 de 6e 6f fe 90 0f 0b 90 e9 54 fc ff ff
RSP: 0018:ffffc9000406e8d8 EFLAGS: 00010293
RAX: ffffffff83534d74 RBX: 1ffff9200080dd67 RCX: ffff888031bb3c00
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff83534956 R09: ffffffff83534886
R10: 0000000000000002 R11: ffff888031bb3c00 R12: ffffc9000406eb30
R13: 0000000000000004 R14: dffffc0000000000 R15: ffffc9000406eb38
FS:  00007fad642de6c0(0000) GS:ffff888124fcf000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000021340 CR3: 00000000358be000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 udf_add_aext fs/udf/inode.c:2138 [inline]
 udf_insert_aext fs/udf/inode.c:2317 [inline]
 udf_update_extents fs/udf/inode.c:1205 [inline]
 inode_getblk fs/udf/inode.c:919 [inline]
 udf_map_block+0x402c/0x55c0 fs/udf/inode.c:447
 __udf_get_block+0x128/0x410 fs/udf/inode.c:461
 __block_write_begin_int+0x691/0x1930 fs/buffer.c:2116
 udf_page_mkwrite+0x5bf/0x8d0 fs/udf/file.c:65
 do_page_mkwrite+0x159/0x340 mm/memory.c:3287
 wp_page_shared mm/memory.c:3688 [inline]
 do_wp_page+0x2b7e/0x5dc0 mm/memory.c:3907
 handle_pte_fault+0xfaf/0x61c0 mm/memory.c:6013
 __handle_mm_fault mm/memory.c:6140 [inline]
 handle_mm_fault+0x1030/0x1aa0 mm/memory.c:6309
 do_user_addr_fault arch/x86/mm/fault.c:1388 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x2bb/0x920 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_movs_alternative+0x4a/0x90 arch/x86/lib/copy_user_64.S:74
Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
RSP: 0018:ffffc9000406fac8 EFLAGS: 00050246
RAX: ffffffff84fc3301 RBX: 0000200000105040 RCX: 0000000000000040
RDX: 0000000000000000 RSI: ffffc9000406fb60 RDI: 0000200000105000
RBP: ffffc9000406fc10 R08: ffffc9000406fb9f R09: 1ffff9200080df73
R10: dffffc0000000000 R11: fffff5200080df74 R12: 0000000000000040
R13: 00007ffffffff000 R14: ffffc9000406fb60 R15: 0000200000105000
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]
 _inline_copy_to_user include/linux/uaccess.h:197 [inline]
 _copy_to_user+0x8b/0xb0 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 rng_dev_read+0x3dc/0x720 drivers/char/hw_random/core.c:258
 do_loop_readv_writev fs/read_write.c:845 [inline]
 vfs_readv+0x6be/0xa80 fs/read_write.c:1018
 do_preadv fs/read_write.c:1130 [inline]
 __do_sys_preadv fs/read_write.c:1177 [inline]
 __se_sys_preadv fs/read_write.c:1172 [inline]
 __x64_sys_preadv+0x1ba/0x2d0 fs/read_write.c:1172
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fad6432a999
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fad642de218 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
RAX: ffffffffffffffda RBX: 00007fad643f3708 RCX: 00007fad6432a999
RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004
RBP: 00007fad643f3700 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad643bf514
R13: 0000200000000040 R14: 00007fad642f2abd R15: 0000200000000180
 </TASK>
----------------
Code disassembly (best guess):
   0:	cc                   	int3
   1:	cc                   	int3
   2:	cc                   	int3
   3:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
   a:	00 00 00
   d:	0f 1f 00             	nopl   (%rax)
  10:	48 8b 06             	mov    (%rsi),%rax
  13:	48 89 07             	mov    %rax,(%rdi)
  16:	48 83 c6 08          	add    $0x8,%rsi
  1a:	48 83 c7 08          	add    $0x8,%rdi
  1e:	83 e9 08             	sub    $0x8,%ecx
  21:	74 db                	je     0xfffffffe
  23:	83 f9 08             	cmp    $0x8,%ecx
  26:	73 e8                	jae    0x10
  28:	eb c5                	jmp    0xffffffef
* 2a:	f3 a4                	rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction
  2c:	c3                   	ret
  2d:	cc                   	int3
  2e:	cc                   	int3
  2f:	cc                   	int3
  30:	cc                   	int3
  31:	48 8b 06             	mov    (%rsi),%rax
  34:	48 89 07             	mov    %rax,(%rdi)
  37:	48 8d 47 08          	lea    0x8(%rdi),%rax
  3b:	48 83 e0 f8          	and    $0xfffffffffffffff8,%rax
  3f:	48                   	rex.W