program: syz_mount_image$udf(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x18418, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRES16], 0xfc, 0x4b1, &(0x7f0000000cc0)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) truncate(&(0x7f0000000100)='./file1\x00', 0x20fdfffffe) (async) ftruncate(0xffffffffffffffff, 0x5) (async) creat(&(0x7f0000000240)='./bus\x00', 0x24) (async) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000680)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1a, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780800d1cbf7966d61f53dc17769048b0000fd0c000000000000000000000000000000000200000000000000000000000000008000", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143441, 0x98) pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) (async, rerun: 32) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) (async, rerun: 32) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='io.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000780), 0xb) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) (async, rerun: 32) syz_usb_control_io$hid(r2, 0x0, 0x0) (rerun: 32) syz_usb_control_io$hid(r2, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="33220f0000000b2e2b5aa40bf85edaca8300000000"], 0x0}, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000c00)={0x84, &(0x7f0000000800)=ANY=[@ANYBLOB="00000184bfa241"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) (async) r5 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000100)={'bond_slave_0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x2c, 0x2, 0x7, 0x20000004}}) (async, rerun: 64) r6 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) (rerun: 64) readv(r6, &(0x7f0000000480)=[{&(0x7f0000001580)=""/4091, 0x18}], 0x1) (async) ioctl$HIDIOCSFLAG(r6, 0x4004480f, &(0x7f0000000000)=0x3) ioctl$HIDIOCGUSAGE(r6, 0xc018480b, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vxcan0\x00'}) (async) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) (async) r9 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r8], 0x50}}, 0x0) [ 104.493320][ T5297] Bluetooth: hci0: command tx timeout [ 104.732777][ T5333] loop0: detected capacity change from 0 to 128 [ 104.807916][ T5333] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 104.900722][ T5334] loop0: detected capacity change from 128 to 0 [ 104.906221][ T5333] ------------[ cut here ]------------ [ 104.908842][ T5333] le32_to_cpu(aed->lengthAllocDescs) != epos->offset - sizeof(struct allocExtDesc) [ 104.908851][ T5333] WARNING: fs/udf/inode.c:2086 at __udf_add_aext+0x52b/0x6e0, CPU#0: syz.0.0/5333 [ 104.916985][ T5333] Modules linked in: [ 104.919248][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 104.922940][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 104.927324][ T5333] RIP: 0010:__udf_add_aext+0x52b/0x6e0 [ 104.929751][ T5333] Code: 81 c4 48 ff ff ff 4c 89 e6 e8 61 b7 fe fe 31 c0 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 cc d1 52 08 cc e8 06 3e 6c fe 90 <0f> 0b 90 e9 0d fc ff ff e8 f8 3d 6c fe 90 0f 0b 90 e9 5f fd ff ff [ 104.938037][ T5333] RSP: 0018:ffffc9000e627180 EFLAGS: 00010293 [ 104.940633][ T5333] RAX: ffffffff8359881a RBX: dffffc0000000000 RCX: ffff88803a80a540 [ 104.944322][ T5333] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 104.948003][ T5333] RBP: 1ffff92001cc4eb5 R08: ffff88803a80a540 R09: 0000000000000002 [ 104.951094][ T5333] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 104.954252][ T5333] R13: 0000000000000001 R14: ffffc9000e6275a0 R15: ffffc9000e6275a8 [ 104.957880][ T5333] FS: 00007fdeea8566c0(0000) GS:ffff88808c895000(0000) knlGS:0000000000000000 [ 104.961696][ T5333] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.964468][ T5333] CR2: 00007fff16733e40 CR3: 0000000036747000 CR4: 0000000000352ef0 [ 104.967847][ T5333] Call Trace: [ 104.969264][ T5333] [ 104.970531][ T5333] udf_do_extend_file+0x90c/0x11e0 [ 104.972669][ T5333] ? __pfx_udf_do_extend_file+0x10/0x10 [ 104.975016][ T5333] udf_map_block+0xfc9/0x42d0 [ 104.977719][ T5333] ? __kernel_text_address+0xd/0x30 [ 104.979679][ T5333] ? __pfx_udf_map_block+0x10/0x10 [ 104.981530][ T5333] ? add_lock_to_list+0xc7/0x100 [ 104.983360][ T5333] ? do_raw_spin_lock+0x12b/0x2f0 [ 104.985211][ T5333] ? do_raw_spin_unlock+0x4d/0x210 [ 104.987075][ T5333] __udf_get_block+0x52/0x250 [ 104.988747][ T5333] ? create_empty_buffers+0x465/0x530 [ 104.990924][ T5333] __block_write_begin_int+0x6c6/0x1910 [ 104.993174][ T5333] ? __pfx_udf_get_block+0x10/0x10 [ 104.995395][ T5333] ? __pfx___block_write_begin_int+0x10/0x10 [ 104.997916][ T5333] ? __pfx_udf_get_block+0x10/0x10 [ 105.000172][ T5333] block_write_begin+0x8d/0x120 [ 105.002195][ T5333] ? udf_write_begin+0x92/0x270 [ 105.004144][ T5333] udf_write_begin+0x118/0x270 [ 105.006178][ T5333] generic_perform_write+0x2e2/0x8f0 [ 105.008517][ T5333] ? __pfx_generic_perform_write+0x10/0x10 [ 105.010963][ T5333] ? file_update_time_flags+0x400/0x4a0 [ 105.013226][ T5333] ? __generic_file_write_iter+0xf9/0x230 [ 105.015530][ T5333] ? udf_file_write_iter+0x1a3/0x6b0 [ 105.017757][ T5333] udf_file_write_iter+0x2ca/0x6b0 [ 105.019885][ T5333] do_iter_readv_writev+0x619/0x8c0 [ 105.022047][ T5333] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 105.024337][ T5333] vfs_writev+0x33c/0x990 [ 105.026164][ T5333] ? __pfx_vfs_writev+0x10/0x10 [ 105.028363][ T5333] ? __fget_files+0x2a/0x420 [ 105.030323][ T5333] ? __fget_files+0x3a0/0x420 [ 105.032374][ T5333] ? __fget_files+0x2a/0x420 [ 105.034363][ T5333] __se_sys_pwritev2+0x184/0x2a0 [ 105.036672][ T5333] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 105.039017][ T5333] ? __x64_sys_pwritev2+0x20/0xc0 [ 105.041176][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.043666][ T5333] do_syscall_64+0x174/0x580 [ 105.045641][ T5333] ? trace_irq_disable+0x3b/0x140 [ 105.048133][ T5333] ? clear_bhb_loop+0x40/0x90 [ 105.050155][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.052665][ T5333] RIP: 0033:0x7fdee999ce59 [ 105.054588][ T5333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.063491][ T5333] RSP: 002b:00007fdeea855fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 105.067190][ T5333] RAX: ffffffffffffffda RBX: 00007fdee9c15fa0 RCX: 00007fdee999ce59 [ 105.070395][ T5333] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000006 [ 105.073691][ T5333] RBP: 00007fdee9a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 105.077227][ T5333] R10: 0000000000000e7b R11: 0000000000000246 R12: 0000000000000000 [ 105.080669][ T5333] R13: 00007fdee9c16038 R14: 00007fdee9c15fa0 R15: 00007fff16734818 [ 105.083991][ T5333] [ 105.085256][ T5333] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 105.088407][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 105.091942][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 105.096314][ T5333] Call Trace: [ 105.097813][ T5333] [ 105.099307][ T5333] vpanic+0x56c/0xa60 [ 105.101389][ T5333] ? __pfx__printk+0x10/0x10 [ 105.103843][ T5333] ? __pfx_vpanic+0x10/0x10 [ 105.106363][ T5333] ? is_bpf_text_address+0x292/0x2b0 [ 105.109174][ T5333] ? is_bpf_text_address+0x26/0x2b0 [ 105.111551][ T5333] panic+0xc5/0xd0 [ 105.113168][ T5333] ? __pfx_panic+0x10/0x10 [ 105.115134][ T5333] __warn+0x315/0x4c0 [ 105.116869][ T5333] ? __udf_add_aext+0x52b/0x6e0 [ 105.119024][ T5333] ? __udf_add_aext+0x52b/0x6e0 [ 105.121452][ T5333] __report_bug+0x29a/0x540 [ 105.123691][ T5333] ? __udf_add_aext+0x52b/0x6e0 [ 105.125962][ T5333] ? __pfx___report_bug+0x10/0x10 [ 105.128167][ T5333] ? bdev_getblk+0xbe/0x6e0 [ 105.130175][ T5333] ? bdev_getblk+0x582/0x6e0 [ 105.132191][ T5333] ? __udf_add_aext+0x52b/0x6e0 [ 105.134214][ T5333] report_bug+0x16a/0x220 [ 105.136072][ T5333] ? __udf_add_aext+0x52b/0x6e0 [ 105.138093][ T5333] ? __udf_add_aext+0x52d/0x6e0 [ 105.140062][ T5333] handle_bug+0x9c/0x200 [ 105.141749][ T5333] exc_invalid_op+0x1a/0x50 [ 105.143625][ T5333] asm_exc_invalid_op+0x1a/0x20 [ 105.145592][ T5333] RIP: 0010:__udf_add_aext+0x52b/0x6e0 [ 105.147777][ T5333] Code: 81 c4 48 ff ff ff 4c 89 e6 e8 61 b7 fe fe 31 c0 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 cc d1 52 08 cc e8 06 3e 6c fe 90 <0f> 0b 90 e9 0d fc ff ff e8 f8 3d 6c fe 90 0f 0b 90 e9 5f fd ff ff [ 105.155436][ T5333] RSP: 0018:ffffc9000e627180 EFLAGS: 00010293 [ 105.158082][ T5333] RAX: ffffffff8359881a RBX: dffffc0000000000 RCX: ffff88803a80a540 [ 105.161471][ T5333] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 105.164831][ T5333] RBP: 1ffff92001cc4eb5 R08: ffff88803a80a540 R09: 0000000000000002 [ 105.168193][ T5333] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 105.171596][ T5333] R13: 0000000000000001 R14: ffffc9000e6275a0 R15: ffffc9000e6275a8 [ 105.175032][ T5333] ? __udf_add_aext+0x52a/0x6e0 [ 105.177174][ T5333] udf_do_extend_file+0x90c/0x11e0 [ 105.179442][ T5333] ? __pfx_udf_do_extend_file+0x10/0x10 [ 105.181737][ T5333] udf_map_block+0xfc9/0x42d0 [ 105.183795][ T5333] ? __kernel_text_address+0xd/0x30 [ 105.186075][ T5333] ? __pfx_udf_map_block+0x10/0x10 [ 105.188644][ T5333] ? add_lock_to_list+0xc7/0x100 [ 105.191144][ T5333] ? do_raw_spin_lock+0x12b/0x2f0 [ 105.193374][ T5333] ? do_raw_spin_unlock+0x4d/0x210 [ 105.195650][ T5333] __udf_get_block+0x52/0x250 [ 105.197638][ T5333] ? create_empty_buffers+0x465/0x530 [ 105.199894][ T5333] __block_write_begin_int+0x6c6/0x1910 [ 105.202288][ T5333] ? __pfx_udf_get_block+0x10/0x10 [ 105.204503][ T5333] ? __pfx___block_write_begin_int+0x10/0x10 [ 105.206978][ T5333] ? __pfx_udf_get_block+0x10/0x10 [ 105.209103][ T5333] block_write_begin+0x8d/0x120 [ 105.211183][ T5333] ? udf_write_begin+0x92/0x270 [ 105.213303][ T5333] udf_write_begin+0x118/0x270 [ 105.215369][ T5333] generic_perform_write+0x2e2/0x8f0 [ 105.217641][ T5333] ? __pfx_generic_perform_write+0x10/0x10 [ 105.220236][ T5333] ? file_update_time_flags+0x400/0x4a0 [ 105.222695][ T5333] ? __generic_file_write_iter+0xf9/0x230 [ 105.225200][ T5333] ? udf_file_write_iter+0x1a3/0x6b0 [ 105.227542][ T5333] udf_file_write_iter+0x2ca/0x6b0 [ 105.229834][ T5333] do_iter_readv_writev+0x619/0x8c0 [ 105.232228][ T5333] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 105.234843][ T5333] vfs_writev+0x33c/0x990 [ 105.236714][ T5333] ? __pfx_vfs_writev+0x10/0x10 [ 105.238894][ T5333] ? __fget_files+0x2a/0x420 [ 105.240939][ T5333] ? __fget_files+0x3a0/0x420 [ 105.243039][ T5333] ? __fget_files+0x2a/0x420 [ 105.245167][ T5333] __se_sys_pwritev2+0x184/0x2a0 [ 105.247394][ T5333] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 105.249803][ T5333] ? __x64_sys_pwritev2+0x20/0xc0 [ 105.252053][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.254760][ T5333] do_syscall_64+0x174/0x580 [ 105.256746][ T5333] ? trace_irq_disable+0x3b/0x140 [ 105.259011][ T5333] ? clear_bhb_loop+0x40/0x90 [ 105.261106][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.263730][ T5333] RIP: 0033:0x7fdee999ce59 [ 105.265680][ T5333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.273850][ T5333] RSP: 002b:00007fdeea855fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 105.277586][ T5333] RAX: ffffffffffffffda RBX: 00007fdee9c15fa0 RCX: 00007fdee999ce59 [ 105.281082][ T5333] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000006 [ 105.284574][ T5333] RBP: 00007fdee9a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 105.288061][ T5333] R10: 0000000000000e7b R11: 0000000000000246 R12: 0000000000000000 [ 105.291494][ T5333] R13: 00007fdee9c16038 R14: 00007fdee9c15fa0 R15: 00007fff16734818 [ 105.294893][ T5333] [ 105.296654][ T5333] Kernel Offset: disabled [ 105.298440][ T5333] Rebooting in 86400 seconds..