program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000000206010800000000000000000000003f0500010006000000050005000200000005000400000000000900020073797a310020000013000300686173683a6e65742c6966616365"], 0x4c}}, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r4 = syz_open_dev$dvb_dvr(&(0x7f00000001c0), 0x4, 0x10000) ioctl$DVB_DVR_DMX_DQBUF(r4, 0xc0186f40, &(0x7f0000002240)={0x2, 0x4e3d, 0xa, 0x4, 0x10, 0x1000}) syz_mount_image$udf(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x80, &(0x7f0000000280)=ANY=[@ANYBLOB="009d0e609c62517a68813f6b578e2fd2b349823558145159a317949dcbd54be4c36b6f14857fbb1963983b808b676663bb5e55330899648c7f63eb159926f6b541adc762bfd60e00247eda5373d9d7c8084d4bc2aab5abcea10f3526dac0abdf5e6ff7d4bec8b703be45c710eadcc7d384775276a3ce3e043e0fa4b684f56e8a4a5c628e25393cf7883c90532fe96490a3cf734421991574c1bd33ae90f20fddb872101a0de2e9689df0fe1295d3946fdd6a9c91"], 0x1, 0x486, &(0x7f0000002300)="$eJzs3M1vG0UYx/HfbGJ34xZw39yCKmEJiaIiSuy0pG8ghZa0SH2hTYJAKEUhcYLVxInitGoqaCtx6BEoElw4wKEXhKogwQUOHODGf8CFWw9cMCdOILSbWe/acV6KXxKH70dqPN19vDs7Mzv7bLyOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9PIrfd0Zs/z6eCsrAwAAWuL8wKXu7ArXfwAAsPkMrnL/DwAAgE3FyNEnMvrh05I55/9/kXs2X7h6fehUf+23dRn/nR1+vPfPzWR7Dh1+ofdI8Lry+xvtcV0YGOxLn5yempnNFYu5sfRQIT86PZZb8xbqfX+1A34DpKeuXB0bHy+mswd7KlZfTz7YsjWVPN6bOvF0EDt0qr9/IBLTGfvPe19iuQw/Lkd3ZFT6+L45L8lR/W2xythpti7/IA74BzF0qt8/kMn8SGHOW2mChnAq2yQetFEL+qIuuySvXibemHu2mBwVZbQ7VTIXJHUE7fCs/4vh1TfgNKQaD82r57CktNqgzzawLXJ0WEZ3jyb1mtdmQf93Su+vd+XQdJ1ydF9G+18qmYv+fOCdT960efb19KuF8elIrDH2jGr360MrbfC5yZWj8/4ZXzKX1rsyaDkvWRqW0aHBa35eIT8vfex47+kzg9EMY88q2/FiD9ryWq7JsUjqYNYphwAAAAAAAAA2O3erLXzj+i9p+xkQ/ieMo+dl9OeZkv/RePS5hI7I8x1l7f7ZT3Pr3+WenJ6Zn81PvDtXc33C7XunODc7Mlp7tbq8k6/i1+GrPcdQp5hxdERGt/5ZCPebNF7ZTgPhju6dCOvmmqq1/rh5dPF5luAzhGP9e6LlmlV+iM/Hkna/zE9AYxjjqE9G49/vtc9+JLRkDrJx38rojy/22Tgn7gUFp2nS/+mO5ydz3V7sTzL68u8g1n/MTEGqsTOMzXixjow+OlcZu83G7gpjs17saRn9fLl27O4wtseL/UBGM7+ng9iEF/ukjU2FsQdHpyfHmtbAG5w3/9+U0Y4X0yboS9tedprtKMfeey+c729Xb2iZOb/e+T8ZWXbbjsMH3ni9vNcfe/54dWqP1zsy+vq7fTZucawEf85ku/8zHK9vyGjil8rYhI3dEcZm1tywbcLr/7dllC0slNvG9r/tgcj1P9L/T1SPjib1//bIsqTd75bGHDokFedvXBmZnMzNUqBAgUK5sN4zE1rBu/5/JqM3L/5aznfs9d+m1WH+99fN8Pp/rHpDTbr+74gsO2azkVin5M5NzcRSklucv/FcfmpkIjeRK/RkM0e7jx7qzcTiQW4Xlupuqk0pZu/Vrn34Vfn+rDL/q53/J6o31KT+3xlZlqjIV+o+dNj+/01Gb/24UL6PXin/D+6znnlq8bV8fjap/3dFliXtfh9pzKEDAAAAAAAAAAAAAAAAQFuLGUd3ZeQOd5rgu1Fref5vyRemmvT8VyqybKxF31eou1EBoA04cvS5jParZG55C7ZJ56Kv2NT+DQAA//+Juh/g") r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000027c0)='./file0\x00', 0x0, 0x0) r6 = fanotify_init(0x4, 0x101000) fanotify_mark(r6, 0x1, 0x4800003e, r5, 0x0) r7 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_WATCH_KEY(0x20, r7, r3, 0x0) userfaultfd(0x80801) eventfd2(0x9, 0x80000) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r8 = io_uring_setup(0x6ec2, &(0x7f0000002840)={0x0, 0xc89e, 0x100, 0x2, 0x1a1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r8, 0x2219, 0x7721, 0x16, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) getdents64(r1, &(0x7f0000002280)=""/26, 0x1a) pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r9, 0x5761, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000001fa000000000000000000800000000000000000002d080000070000000000000000000000fdffffff00000000"]) keyctl$setperm(0x5, r7, 0x20200000) r10 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) r11 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) read$FUSE(r11, &(0x7f0000004900)={0x2020}, 0x2020) mount(&(0x7f00000022c0)=@md0, &(0x7f0000000200)='./file1\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) sendfile(r10, r1, 0x0, 0x80000000) socket$nl_netfilter(0x10, 0x3, 0xc) [ 77.161290][ T4653] Bluetooth: hci0: command tx timeout [ 77.249270][ T5320] loop0: detected capacity change from 0 to 128 [ 77.296413][ T5320] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 77.315465][ T5320] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 77.386995][ T5320] ------------[ cut here ]------------ [ 77.390005][ T5320] byte_offset [ 77.390017][ T5320] WARNING: fs/udf/truncate.c:224 at udf_truncate_extents+0xd92/0xf00, CPU#0: syz.0.0/5320 [ 77.396966][ T5320] Modules linked in: [ 77.398876][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 77.402549][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 77.406494][ T5320] RIP: 0010:udf_truncate_extents+0xd92/0xf00 [ 77.408957][ T5320] Code: 5f df 0f 48 3b 84 24 80 01 00 00 75 7a 44 89 e0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 95 68 53 08 cc e8 0f d5 6a fe 90 <0f> 0b 90 e9 64 ff ff ff 44 89 e9 80 e1 07 38 c1 0f 8c da f3 ff ff [ 77.417190][ T5320] RSP: 0018:ffffc90003a4f420 EFLAGS: 00010287 [ 77.420318][ T5320] RAX: ffffffff835af051 RBX: 1ffff11008cbf746 RCX: 0000000000100000 [ 77.423525][ T5320] RDX: ffffc90020001000 RSI: 0000000000004995 RDI: 0000000000004996 [ 77.426729][ T5320] RBP: ffffc90003a4f5f8 R08: ffff88801f9ea500 R09: 0000000000000002 [ 77.429754][ T5320] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000000 [ 77.433268][ T5320] R13: 0000000000000000 R14: 000000000000000a R15: 000000000000000a [ 77.436534][ T5320] FS: 00007f112926e6c0(0000) GS:ffff88808c87b000(0000) knlGS:0000000000000000 [ 77.440595][ T5320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.443140][ T5320] CR2: 0000200000005000 CR3: 000000003430e000 CR4: 0000000000352ef0 [ 77.446405][ T5320] Call Trace: [ 77.447715][ T5320] [ 77.448982][ T5320] ? __pfx_udf_truncate_extents+0x10/0x10 [ 77.451324][ T5320] ? do_raw_spin_lock+0x12b/0x2f0 [ 77.453584][ T5320] ? do_raw_spin_unlock+0x4d/0x210 [ 77.455852][ T5320] udf_write_failed+0x185/0x1c0 [ 77.458142][ T5320] udf_write_begin+0x215/0x270 [ 77.460087][ T5320] generic_perform_write+0x2e2/0x8f0 [ 77.462272][ T5320] ? __pfx_generic_perform_write+0x10/0x10 [ 77.464743][ T5320] ? file_update_time_flags+0x400/0x4a0 [ 77.467086][ T5320] ? __generic_file_write_iter+0xf9/0x230 [ 77.469734][ T5320] ? udf_file_write_iter+0x2af/0x6b0 [ 77.471918][ T5320] udf_file_write_iter+0x2ca/0x6b0 [ 77.474340][ T5320] iter_file_splice_write+0x9a1/0x10f0 [ 77.476794][ T5320] ? __pfx_iter_file_splice_write+0x10/0x10 [ 77.479756][ T5320] ? __pfx_iter_file_splice_write+0x10/0x10 [ 77.482206][ T5320] direct_splice_actor+0x101/0x160 [ 77.484818][ T5320] splice_direct_to_actor+0x53a/0xc70 [ 77.487446][ T5320] ? __pfx_direct_splice_actor+0x10/0x10 [ 77.490100][ T5320] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 77.492653][ T5320] do_splice_direct+0x195/0x290 [ 77.494785][ T5320] ? __pfx_do_splice_direct+0x10/0x10 [ 77.497020][ T5320] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 77.499627][ T5320] ? rw_verify_area+0x255/0x4d0 [ 77.501721][ T5320] do_sendfile+0x535/0x7d0 [ 77.503639][ T5320] ? __pfx_do_sendfile+0x10/0x10 [ 77.505726][ T5320] ? arch_do_signal_or_restart+0x304/0x840 [ 77.508290][ T5320] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 77.510905][ T5320] __se_sys_sendfile64+0x144/0x1a0 [ 77.513255][ T5320] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 77.515662][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.518269][ T5320] do_syscall_64+0x15f/0x560 [ 77.520340][ T5320] ? trace_irq_disable+0x3b/0x140 [ 77.522548][ T5320] ? clear_bhb_loop+0x40/0x90 [ 77.524604][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.527325][ T5320] RIP: 0033:0x7f112839ce59 [ 77.529394][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 77.537196][ T5320] RSP: 002b:00007f112926dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 77.540931][ T5320] RAX: ffffffffffffffda RBX: 00007f1128615fa0 RCX: 00007f112839ce59 [ 77.544417][ T5320] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000007 [ 77.547837][ T5320] RBP: 00007f1128432d6f R08: 0000000000000000 R09: 0000000000000000 [ 77.551264][ T5320] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.554807][ T5320] R13: 00007f1128616038 R14: 00007f1128615fa0 R15: 00007ffeae904e18 [ 77.558403][ T5320] [ 77.559776][ T5320] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 77.562707][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 77.566609][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 77.571033][ T5320] Call Trace: [ 77.572535][ T5320] [ 77.573934][ T5320] vpanic+0x56c/0xa60 [ 77.575719][ T5320] ? __pfx__printk+0x10/0x10 [ 77.577776][ T5320] ? __pfx_vpanic+0x10/0x10 [ 77.579646][ T5320] ? is_bpf_text_address+0x292/0x2b0 [ 77.582007][ T5320] ? is_bpf_text_address+0x26/0x2b0 [ 77.584186][ T5320] panic+0xc5/0xd0 [ 77.585765][ T5320] ? __pfx_panic+0x10/0x10 [ 77.587639][ T5320] __warn+0x315/0x4c0 [ 77.589607][ T5320] ? udf_truncate_extents+0xd92/0xf00 [ 77.591927][ T5320] ? udf_truncate_extents+0xd92/0xf00 [ 77.594303][ T5320] __report_bug+0x29a/0x540 [ 77.596171][ T5320] ? udf_truncate_extents+0xd92/0xf00 [ 77.598576][ T5320] ? __pfx___report_bug+0x10/0x10 [ 77.600802][ T5320] ? udf_current_aext+0x69f/0xb30 [ 77.603141][ T5320] ? udf_truncate_extents+0xd92/0xf00 [ 77.605517][ T5320] report_bug+0x16a/0x220 [ 77.607446][ T5320] ? udf_truncate_extents+0xd92/0xf00 [ 77.609835][ T5320] ? udf_truncate_extents+0xd94/0xf00 [ 77.612227][ T5320] handle_bug+0x9c/0x200 [ 77.614077][ T5320] exc_invalid_op+0x1a/0x50 [ 77.616084][ T5320] asm_exc_invalid_op+0x1a/0x20 [ 77.618252][ T5320] RIP: 0010:udf_truncate_extents+0xd92/0xf00 [ 77.620822][ T5320] Code: 5f df 0f 48 3b 84 24 80 01 00 00 75 7a 44 89 e0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 95 68 53 08 cc e8 0f d5 6a fe 90 <0f> 0b 90 e9 64 ff ff ff 44 89 e9 80 e1 07 38 c1 0f 8c da f3 ff ff [ 77.628960][ T5320] RSP: 0018:ffffc90003a4f420 EFLAGS: 00010287 [ 77.631662][ T5320] RAX: ffffffff835af051 RBX: 1ffff11008cbf746 RCX: 0000000000100000 [ 77.634895][ T5320] RDX: ffffc90020001000 RSI: 0000000000004995 RDI: 0000000000004996 [ 77.638171][ T5320] RBP: ffffc90003a4f5f8 R08: ffff88801f9ea500 R09: 0000000000000002 [ 77.641547][ T5320] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000000 [ 77.644660][ T5320] R13: 0000000000000000 R14: 000000000000000a R15: 000000000000000a [ 77.647900][ T5320] ? udf_truncate_extents+0xd91/0xf00 [ 77.650242][ T5320] ? __pfx_udf_truncate_extents+0x10/0x10 [ 77.652661][ T5320] ? do_raw_spin_lock+0x12b/0x2f0 [ 77.654918][ T5320] ? do_raw_spin_unlock+0x4d/0x210 [ 77.657061][ T5320] udf_write_failed+0x185/0x1c0 [ 77.659135][ T5320] udf_write_begin+0x215/0x270 [ 77.661187][ T5320] generic_perform_write+0x2e2/0x8f0 [ 77.663593][ T5320] ? __pfx_generic_perform_write+0x10/0x10 [ 77.666148][ T5320] ? file_update_time_flags+0x400/0x4a0 [ 77.668628][ T5320] ? __generic_file_write_iter+0xf9/0x230 [ 77.671030][ T5320] ? udf_file_write_iter+0x2af/0x6b0 [ 77.673400][ T5320] udf_file_write_iter+0x2ca/0x6b0 [ 77.675593][ T5320] iter_file_splice_write+0x9a1/0x10f0 [ 77.678066][ T5320] ? __pfx_iter_file_splice_write+0x10/0x10 [ 77.680468][ T5320] ? __pfx_iter_file_splice_write+0x10/0x10 [ 77.682732][ T5320] direct_splice_actor+0x101/0x160 [ 77.684770][ T5320] splice_direct_to_actor+0x53a/0xc70 [ 77.686924][ T5320] ? __pfx_direct_splice_actor+0x10/0x10 [ 77.689245][ T5320] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 77.691887][ T5320] do_splice_direct+0x195/0x290 [ 77.694554][ T5320] ? __pfx_do_splice_direct+0x10/0x10 [ 77.697218][ T5320] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 77.699850][ T5320] ? rw_verify_area+0x255/0x4d0 [ 77.702103][ T5320] do_sendfile+0x535/0x7d0 [ 77.704190][ T5320] ? __pfx_do_sendfile+0x10/0x10 [ 77.706262][ T5320] ? arch_do_signal_or_restart+0x304/0x840 [ 77.708706][ T5320] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 77.711298][ T5320] __se_sys_sendfile64+0x144/0x1a0 [ 77.713457][ T5320] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 77.715507][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.717890][ T5320] do_syscall_64+0x15f/0x560 [ 77.719931][ T5320] ? trace_irq_disable+0x3b/0x140 [ 77.722119][ T5320] ? clear_bhb_loop+0x40/0x90 [ 77.724217][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.726825][ T5320] RIP: 0033:0x7f112839ce59 [ 77.728858][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 77.737310][ T5320] RSP: 002b:00007f112926dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 77.740965][ T5320] RAX: ffffffffffffffda RBX: 00007f1128615fa0 RCX: 00007f112839ce59 [ 77.744468][ T5320] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000007 [ 77.748016][ T5320] RBP: 00007f1128432d6f R08: 0000000000000000 R09: 0000000000000000 [ 77.751523][ T5320] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.754985][ T5320] R13: 00007f1128616038 R14: 00007f1128615fa0 R15: 00007ffeae904e18 [ 77.758434][ T5320] [ 77.760236][ T5320] Kernel Offset: disabled [ 77.762109][ T5320] Rebooting in 86400 seconds..