Warning: Permanently added '10.128.0.197' (ECDSA) to the list of known hosts. syzkaller login: [ 36.337131] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 36.338147] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 36.353506] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 36.357425] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 36.366292] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 36.389377] audit: type=1804 audit(1675169344.428:2): pid=8114 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor318" name="/root/file0/bus" dev="loop3" ino=1357 res=1 [ 36.396651] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 36.448772] audit: type=1804 audit(1675169344.468:3): pid=8123 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor318" name="/root/file0/bus" dev="loop0" ino=1357 res=1 [ 36.496225] ------------[ cut here ]------------ [ 36.519978] ------------[ cut here ]------------ [ 36.525648] WARNING: CPU: 0 PID: 8114 at fs/udf/inode.c:1975 __udf_add_aext.cold+0x11/0x76 [ 36.534068] Kernel panic - not syncing: panic_on_warn set ... [ 36.534068] [ 36.541446] CPU: 0 PID: 8114 Comm: syz-executor318 Not tainted 4.19.211-syzkaller #0 [ 36.549331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 36.558689] Call Trace: [ 36.561294] dump_stack+0x1fc/0x2ef [ 36.564936] panic+0x26a/0x50e [ 36.568141] ? __warn_printk+0xf3/0xf3 [ 36.572043] ? __udf_add_aext.cold+0x11/0x76 [ 36.576646] ? __probe_kernel_read+0x130/0x1b0 [ 36.581242] ? __warn.cold+0x5/0x5a [ 36.584877] ? __warn+0xe4/0x200 [ 36.588278] ? __udf_add_aext.cold+0x11/0x76 [ 36.592699] __warn.cold+0x20/0x5a [ 36.596249] ? __udf_add_aext.cold+0x11/0x76 [ 36.600674] report_bug+0x262/0x2b0 [ 36.604314] do_error_trap+0x1d7/0x310 [ 36.608216] ? math_error+0x310/0x310 [ 36.612021] ? __irq_work_queue_local+0x101/0x160 [ 36.616875] ? irq_work_queue+0x29/0x80 [ 36.620864] ? error_entry+0x72/0xd0 [ 36.624590] ? trace_hardirqs_off_caller+0x6e/0x210 [ 36.629619] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.634478] invalid_op+0x14/0x20 [ 36.637954] RIP: 0010:__udf_add_aext.cold+0x11/0x76 [ 36.642984] Code: 13 75 fa e8 e7 b1 69 f9 e8 32 75 9f f9 48 c7 c7 60 89 9a 88 e8 52 8b 1d 00 e8 d1 b1 69 f9 48 c7 c7 80 85 9a 88 e8 30 e3 fa ff <0f> 0b e9 bc 1b 76 fa e8 b9 b1 69 f9 48 c7 c7 80 85 9a 88 e8 18 e3 [ 36.645163] audit: type=1804 audit(1675169344.478:4): pid=8127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor318" name="/root/file0/bus" dev="loop4" ino=1357 res=1 [ 36.661912] RSP: 0018:ffff8880b2746ed0 EFLAGS: 00010282 [ 36.661930] RAX: 0000000000000024 RBX: ffff8880b2747220 RCX: 0000000000000000 [ 36.661938] RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed10164e8dcc [ 36.661945] RBP: ffff88808c882120 R08: 0000000000000024 R09: 0000000000000000 [ 36.661950] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000001 [ 36.661956] R13: ffffffffffffff68 R14: 0000000000000010 R15: 0000000000000150 [ 36.661979] ? vprintk_func+0x81/0x180 [ 36.662001] udf_add_aext+0x243/0x2e0 [ 36.662022] ? udf_setup_indirect_aext+0x7e0/0x7e0 [ 36.736411] ? udf_next_aext+0x2a6/0x3a0 [ 36.740498] inode_getblk+0x1984/0x3b30 [ 36.744498] ? udf_delete_aext+0xac0/0xac0 [ 36.748740] ? kmem_cache_alloc+0x122/0x370 [ 36.753076] ? __lock_acquire+0x6de/0x3ff0 [ 36.757337] ? mark_held_locks+0xf0/0xf0 [ 36.761415] ? lock_downgrade+0x720/0x720 [ 36.765578] ? check_preemption_disabled+0x41/0x280 [ 36.770603] ? lock_downgrade+0x720/0x720 [ 36.774764] ? lock_acquire+0x170/0x3c0 [ 36.778749] ? udf_get_block+0x10a/0x650 [ 36.782822] udf_get_block+0x1e1/0x650 [ 36.786718] ? udf_block_map+0x290/0x290 [ 36.790788] ? create_empty_buffers+0x4e7/0x760 [ 36.795466] ? _raw_spin_unlock+0x29/0x40 [ 36.799631] ? create_page_buffers+0x190/0x350 [ 36.804247] __block_write_begin_int+0x46c/0x17b0 [ 36.809100] ? udf_block_map+0x290/0x290 [ 36.813180] ? __breadahead_gfp+0x130/0x130 [ 36.817513] ? wait_for_stable_page+0x122/0x360 [ 36.822317] ? udf_block_map+0x290/0x290 [ 36.826396] block_write_begin+0x58/0x2e0 [ 36.830569] udf_write_begin+0x39/0xa0 [ 36.834475] generic_perform_write+0x1f8/0x4d0 [ 36.839247] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 36.843929] ? current_time+0x1c0/0x1c0 [ 36.847920] ? lock_downgrade+0x720/0x720 [ 36.852082] ? lock_acquire+0x170/0x3c0 [ 36.856080] __generic_file_write_iter+0x24b/0x610 [ 36.861029] udf_file_write_iter+0x2d4/0x4e0 [ 36.865444] ? iov_iter_init+0xb8/0x1d0 [ 36.869432] __vfs_write+0x51b/0x770 [ 36.873155] ? kernel_read+0x110/0x110 [ 36.877080] __kernel_write+0x109/0x370 [ 36.881063] write_pipe_buf+0x153/0x1f0 [ 36.885047] ? default_file_splice_read+0xa00/0xa00 [ 36.890070] ? splice_from_pipe_next.part.0+0x2ad/0x360 [ 36.890980] audit: type=1804 audit(1675169344.489:5): pid=8145 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor318" name="/root/file0/bus" dev="loop3" ino=1357 res=1 [ 36.895445] ? page_cache_pipe_buf_confirm+0x1e5/0x2a0 [ 36.895461] __splice_from_pipe+0x389/0x800 [ 36.895475] ? default_file_splice_read+0xa00/0xa00 [ 36.895490] default_file_splice_write+0xd8/0x180 [ 36.928087] WARNING: CPU: 1 PID: 8123 at fs/udf/inode.c:1975 __udf_add_aext.cold+0x11/0x76 [ 36.929501] ? generic_splice_sendpage+0x140/0x140 [ 36.934325] Modules linked in: [ 36.942808] ? security_file_permission+0x1c0/0x220 [ 36.947719] CPU: 1 PID: 8123 Comm: syz-executor318 Not tainted 4.19.211-syzkaller #0 [ 36.950892] ? generic_splice_sendpage+0x140/0x140 [ 36.955886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 36.963767] direct_splice_actor+0x115/0x160 [ 36.968684] RIP: 0010:__udf_add_aext.cold+0x11/0x76 [ 36.978027] splice_direct_to_actor+0x33f/0x8d0 [ 36.982418] Code: 13 75 fa e8 e7 b1 69 f9 e8 32 75 9f f9 48 c7 c7 60 89 9a 88 e8 52 8b 1d 00 e8 d1 b1 69 f9 48 c7 c7 80 85 9a 88 e8 30 e3 fa ff <0f> 0b e9 bc 1b 76 fa e8 b9 b1 69 f9 48 c7 c7 80 85 9a 88 e8 18 e3 [ 36.987435] ? generic_pipe_buf_nosteal+0x10/0x10 [ 36.992081] RSP: 0018:ffff8880b159eed0 EFLAGS: 00010282 [ 37.015252] ? do_splice_to+0x160/0x160 [ 37.020070] RAX: 0000000000000024 RBX: ffff8880b159f220 RCX: 0000000000000000 [ 37.025423] do_splice_direct+0x1a7/0x270 [ 37.029374] RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed10162b3dcc [ 37.036635] ? splice_direct_to_actor+0x8d0/0x8d0 [ 37.040758] RBP: ffff88808c885bc0 R08: 0000000000000024 R09: 0000000000000000 [ 37.048020] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.052837] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000001 [ 37.060096] do_sendfile+0x550/0xc30 [ 37.065085] R13: ffffffffffffff68 R14: 0000000000000010 R15: 0000000000000150 [ 37.072377] ? do_compat_pwritev64+0x1b0/0x1b0 [ 37.076069] FS: 00007f79cc8b1700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 37.083363] ? __se_sys_futex+0x28f/0x3b0 [ 37.088012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.096248] ? __se_sys_futex+0x298/0x3b0 [ 37.100373] CR2: 00007ffe70596ab8 CR3: 000000009b4f5000 CR4: 00000000003406e0 [ 37.106242] __se_sys_sendfile64+0x147/0x160 [ 37.110369] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.117624] ? __se_sys_sendfile+0x180/0x180 [ 37.122139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.129396] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.133774] Call Trace: [ 37.141036] ? trace_hardirqs_off_caller+0x6e/0x210 [ 37.146386] udf_add_aext+0x243/0x2e0 [ 37.148946] ? do_syscall_64+0x21/0x620 [ 37.153946] ? udf_setup_indirect_aext+0x7e0/0x7e0 [ 37.157726] do_syscall_64+0xf9/0x620 [ 37.161776] ? udf_next_aext+0x2a6/0x3a0 [ 37.166688] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.170475] inode_getblk+0x1984/0x3b30 [ 37.174509] RIP: 0033:0x7f79cc905159 [ 37.179695] ? udf_delete_aext+0xac0/0xac0 [ 37.183644] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 37.187374] ? __lock_acquire+0x6de/0x3ff0 [ 37.191590] RSP: 002b:00007f79cc8b12f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 37.210491] ? __lock_acquire+0x6de/0x3ff0 [ 37.214695] RAX: ffffffffffffffda RBX: 00007f79cc989720 RCX: 00007f79cc905159 [ 37.222576] ? do_raw_spin_lock+0xcb/0x220 [ 37.226797] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 37.234062] ? lock_downgrade+0x720/0x720 [ 37.238276] RBP: 00007f79cc956cb0 R08: 0000000000000000 R09: 0000000000000000 [ 37.245538] ? lock_acquire+0x170/0x3c0 [ 37.249659] R10: 0000000001000fc4 R11: 0000000000000246 R12: 00007f79cc9560c0 [ 37.249669] R13: 0000000020000cc0 R14: 0030656c69662f2e R15: 00007f79cc989728 [ 37.256956] ? udf_get_block+0x10a/0x650 [ 37.279471] udf_get_block+0x1e1/0x650 [ 37.283357] ? udf_block_map+0x290/0x290 [ 37.287418] ? lock_downgrade+0x720/0x720 [ 37.291561] ? check_preemption_disabled+0x41/0x280 [ 37.296570] ? create_page_buffers+0x190/0x350 [ 37.301242] __block_write_begin_int+0x46c/0x17b0 [ 37.306079] ? udf_block_map+0x290/0x290 [ 37.310144] ? __breadahead_gfp+0x130/0x130 [ 37.314467] ? wait_for_stable_page+0x122/0x360 [ 37.319218] ? udf_block_map+0x290/0x290 [ 37.323276] block_write_begin+0x58/0x2e0 [ 37.327428] udf_write_begin+0x39/0xa0 [ 37.331314] ? current_time+0x13c/0x1c0 [ 37.335286] generic_perform_write+0x1f8/0x4d0 [ 37.339873] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 37.344537] ? current_time+0x1c0/0x1c0 [ 37.348599] ? lock_downgrade+0x720/0x720 [ 37.352743] ? lock_acquire+0x170/0x3c0 [ 37.356717] __generic_file_write_iter+0x24b/0x610 [ 37.361659] udf_file_write_iter+0x2d4/0x4e0 [ 37.366060] ? iov_iter_init+0xb8/0x1d0 [ 37.370030] __vfs_write+0x51b/0x770 [ 37.373741] ? kernel_read+0x110/0x110 [ 37.377643] __kernel_write+0x109/0x370 [ 37.381614] write_pipe_buf+0x153/0x1f0 [ 37.385593] ? default_file_splice_read+0xa00/0xa00 [ 37.390608] ? splice_from_pipe_next.part.0+0x2ad/0x360 [ 37.395993] ? page_cache_pipe_buf_confirm+0x1e5/0x2a0 [ 37.401609] __splice_from_pipe+0x389/0x800 [ 37.405929] ? default_file_splice_read+0xa00/0xa00 [ 37.410945] default_file_splice_write+0xd8/0x180 [ 37.415784] ? generic_splice_sendpage+0x140/0x140 [ 37.420713] ? security_file_permission+0x1c0/0x220 [ 37.425824] ? generic_splice_sendpage+0x140/0x140 [ 37.430753] direct_splice_actor+0x115/0x160 [ 37.435284] splice_direct_to_actor+0x33f/0x8d0 [ 37.439953] ? generic_pipe_buf_nosteal+0x10/0x10 [ 37.444797] ? do_splice_to+0x160/0x160 [ 37.448774] do_splice_direct+0x1a7/0x270 [ 37.452919] ? splice_direct_to_actor+0x8d0/0x8d0 [ 37.457776] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.462791] do_sendfile+0x550/0xc30 [ 37.466508] ? do_compat_pwritev64+0x1b0/0x1b0 [ 37.471090] ? __se_sys_futex+0x28f/0x3b0 [ 37.475231] ? __se_sys_futex+0x298/0x3b0 [ 37.479375] __se_sys_sendfile64+0x147/0x160 [ 37.483781] ? __se_sys_sendfile+0x180/0x180 [ 37.488186] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.493545] ? trace_hardirqs_off_caller+0x6e/0x210 [ 37.498558] ? do_syscall_64+0x21/0x620 [ 37.502526] do_syscall_64+0xf9/0x620 [ 37.506324] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.511506] RIP: 0033:0x7f79cc905159 [ 37.515213] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 37.534133] RSP: 002b:00007f79cc8b12f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 37.541834] RAX: ffffffffffffffda RBX: 00007f79cc989720 RCX: 00007f79cc905159 [ 37.549097] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 37.556358] RBP: 00007f79cc956cb0 R08: 0000000000000000 R09: 0000000000000000 [ 37.563620] R10: 0000000001000fc4 R11: 0000000000000246 R12: 00007f79cc9560c0 [ 37.570883] R13: 0000000020000cc0 R14: 0030656c69662f2e R15: 00007f79cc989728 [ 37.578154] irq event stamp: 10970 [ 37.581692] hardirqs last enabled at (10969): [] _raw_spin_unlock_irq+0x24/0x80 [ 37.590783] hardirqs last disabled at (10970): [] trace_hardirqs_off_thunk+0x1a/0x1c [ 37.600220] softirqs last enabled at (10422): [] __do_softirq+0x678/0x980 [ 37.608788] softirqs last disabled at (10381): [] irq_exit+0x215/0x260 [ 37.617001] ---[ end trace da89b52b7a99a170 ]--- [ 37.621905] Kernel Offset: disabled [ 37.625575] Rebooting in 86400 seconds..