program: syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x280008a, &(0x7f00000007c0)=ANY=[@ANYBLOB='nonumtail=0,shortname=win95,errors=remount-ro,iocharset=default,uni_xlate=0,nonumtail=0,utf8=0,flush,rodir,shortname=mixed,shortname=winnt,shortname=win95,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c756e695f2afc89d3653d77ff757466383d302c73686f6e616d653d6d6978651c2d215fc5d4101cba5c9f3062a84678642c756c695f786c6174653d302c73686f"], 0x97, 0x2a9, &(0x7f0000000500)="$eJzs3T9ra2UYAPDnpGkSdEgEJxE8oINTabu6pEgLxUxKBnXQYluQJggtFPyDsZOri6OriyC4+SVc/AaCq+BmwcKRk5xjkt40N+m9ae+f32/p2/c8z3ue9/QtpcN58vGr/ZPDNI4vvvojGo0kKu1ox2USrahE6ZuY0v4uAICn2WWWxd/ZyDJ5SUQ0VlcWALBCS//9/2XlJQEAK/be+x+8s9Pp7L6bpo3Y63973s3/s8+/jq7vHMen0Yuj2IxmXEVk/xuN97IsG1TTXCve6A/Ou3lm/6PfivV3/ooY5m9FM1rDqen8/c7uVjoykT/I63ihuH87z9+OZrw84/77nd3tGfnRrcWbr0/UvxHN+P2T+Cx6cTgsYpQflYivt9L07ez7f778MC8vz08G5936MG4sW7vjHw0AAAAAAAAAAAAAAAAAAAAAAM+wjaJ3Tj2G/XvyqaL/ztpV/s16pKXWdH+eUX5SLnStP9Agix/K/jybaZpmReA4vxqvVKN6P7sGAAAAAAAAAAAAAAAAAACAJ8vZ51+cHPR6R6ePZVB2Ayhf67/tOu2JmddifnB9fK9KMZyzcqyVMUnE3DLyTSxc879F24PbPbqXbqr5p58XXufHh++9GKwvEPOIg/J0nRwks59hPcqZRnlIfp2MqcWC96rddClb6vjVZl5qLr332ovDwWBOTCTzCnvrz9GTK2aS67uoDZ/qzPT1YjCRPh3TWPw8578pD0h06wAAAAAAAAAAAAAAAAAAgJUav/Q74+LF3NRKVl9ZWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwp8af/7/EYFAkLxBci9Oze94iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4H/AgAA///uD2MO") syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f0000000740)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYRESDEC, @ANYBLOB=',session=0000\x00000000000000005,\x00'], 0x12, 0xc38, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThq3m6ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNiOSEml9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSoWwEAPExXRr5y+qz7PwA8Vq75/38AAAAAAAAAAAAAANjvUhTxZKSYubKSxqr3HfXL7b47d0eHhjevdiRVNQ9V5cuf+pmz585/8YXBC9283J76gPq77dPx2si1S42Xp2/PzE7MzU2MN0an2jemxye2vYed1t/oZHUCGrdfvzN+8+Zc4+zz59Z9fHfg/f4njg9cHHz21DPdsqNDw8Mja0XqveVrD9yQjq1meByOIk5Fiue++5PUiogidn4u6g937Dc6UnXiZNWJ0aHhqiOT7dbUfPnh1e6JKCIaPZWa3XO0+VhEre+h9mFrzYiFsvllg0+W3RuZac22rk9ONK62Zufb8+3pqaup09qyP40o4kKKWIyI5f77d9cXRdQixbePraTrEXGoex6+UE0M3rodxR72cRvKdjb6IhaLAzBm+1h/FPFqpPjpOyfiRr7OVNeaz0e8Wub3I94q86WIVH4xzke8t8n3iIOpFkX8ZTn+F1fSeHU96F5XLn+18eWpm9M9ZbvXlV/y/nDfleIR3R+ObMiHY59fm+pRRKu64q+kB//NDgAAAAAAAAAAAAAAAAC77UgU8alI8cp//Ek1rziqeenHLg7+4cCv9s4Zf/pD9lOWfT4iFortzck9nCcGXk1XU3rEc4kfZ/Uo4k/z/L9vPurGAAAAAAAAAAAAAAAAAAAAPNaK+HGkePHdE2kxetcUb0/dalxrXZ/srArbXfu3u2b66urqaiN1splzLOdCzsWcSzmXc0aR6+ds5hzLuZBzMedSzuWccSjXz9nMOZZzIedizqWcyzmjluvnbOYcy7mQczEvur+U3y/njH2ydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEdJEUX8PFJ86+srKVJENCPGopNL/Y+6dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAqT8V8b1I0fij5r1ttYhI1b8dJ8pfzkfzcJkfj+ZgmS9F81LOVpW15jcfQfvZmb5UxI8iRX/97XsDnse/r/Pu3tcg3vrG2rtP1zp5qPvhwPv9Txw/dnFw+Dee3up12qwBJy+3p+7cbYwODQ+P9Gyu5aN/vGfbQD5usTtdJyLm3njz9dbk5MTsg78ovwI7qH6AXqTa49LTg/3iN3drh1HbD915NC8e9ZWJh6G8/78XKX733f/s3vA79/96/Ern3b07fPzsz9bu/y9u3NE27/+1jfXy/b+8p292/3+yZ9uL+XcjfbWI+vztmb7jEfW5N9481b7dujVxa2Lq/OnTXxoc/NK5032HI+o325MTPa925XQBAAAAAAAAAAAAAAAAPDypiN+PFK0fraRGRNyt5msNXBx89tQzh+JQNd9q3bzt10auXWq8PH17ZnZibm5ivDE61b4xPT6x3cPVq+leo0PDe9KZD3Vkj9t/pP7y9Mwbs+1bfzy/6edH65euz83Ptm5s/nEciSKi2bvlZNXg0aHhqtGT7dZUVfXqppPpf3l9qYj/ihQ3zjfSZ/O2PP9/4wz/dfP/FzbuaI/m/3+sZ1t5zJSK+Fmk+J2/ejo+W7XzaNx3znK5v4sUJy98JpeLw2W5bhs6zxXozAwsy/5fpPinn68v250P+eRa2TPbPrEHRDn+xyLF9/7iO/Fbedv65z9sPv5HN+5oj8b/qZ5tR9c9r2DHXSeP/6lI8dKTb8fn8rYPev5H99kbJ3Lhe8/n2KPx/0TPtoF83N/ena4DAAAAAAAAAAAcaH2piL+PFD8YrqUX8rbt/P2/8Y072qO///XJnm3ju7Ne0Ye+2PFJBQAAAIB9oi8V8eNIcWv+7XtzqNfP/+6Z//l7a/M/h9KGT6s/5/u16rkBu/nnf70G8nHHdt5tAAAAAAAAAAAAAAAAAAAA2FdSKuKFvJ76WDWff3zL9dSXIsUr//NcLpeOl+W668APVL/Wr0xPnbo0OTl9ozXfuj450RiZad2YKOs+FSlW/vYzuW5Rra/eXW++s8b72lrss5Fi+B+6ZTtrsXfXJn9qreyZsuzHIsV//+P6sp/L5T6xVvZsWfZvIsXX/uX+sqXja2XPlWW/Eyl++LVGt+zRsmz3+aifXCv7/I3pYo9GBgAAAAAAAAAAAAAAAAAAgMdJXyrizyPF/95evDeXP6//39fztvLWN3rW+9/gbrXO/0C1/v9Wrx9k/f/quQILWx0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+mlIU8WakmLmykpb6y/cd9cvtqTt3R4eGN692JFU1D1Xly5/6mbPnzn/xhcEL3fzg+rvtU/HayLVLjZenb8/MTszNTYw3RqfaN6bHJ7a9h53W3+hkdQIat1+/M37z5lzj7PPn1n18d+D9/ieOD1wcfPbUM92yo0PDwyM9ZWp9D3z0+6Qtth+OIv46Ujz33Z+kH/RHFLHzc/Eh3529dqTqxMmqE6NDw1VHJtutqfnyw6vdE1FENHoqNbvn6CGMxY40IxbK5pcNPll2b2SmNdu6PjnRuNqanW/Pt6enrqZOa8v+NKKICyliMSKW++/fXV8U8Xqk+PaxlfSv/RGHuufhC1dGvnL67NbtKPawj9tQtrPRF7FYHIAx28f6o4h/jhQ/fedE/Ft/RC06P/H5iFfL/H7EW9EZ71R+Mc5HvLfJ94iDqRZF/H85/hdX0jv95fWge125/NXGl6duTveU7V5XDvz94WHa59emehTxw+qKv5L+3X/XAAAAAAAAAAAAAAAAAPtIEb8eKV5890Sq5gffm1PcnrrVuNa6PtmZ1ted+9edM726urraSJ1s5hzLuZBzMedSzuWcUeT6OZtl1ldXx/L7hZyLOZdyLueMQ7l+zmbOsZwLORdzLuVczhm1XD9nM+dYzoWcizmXci7njH0ydw8AAAAAAAAAAAAAAAAAAPhoKap/Unzr6ytptb+zvvRYdHLJeqAfeb8IAAD//1qT9HY=") setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r0 = open(&(0x7f0000000040)='./file1\x00', 0x100002, 0x0) pwrite64(r0, &(0x7f0000000140)="9d", 0x1, 0x10000000005) r1 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000280)={0x0, {}, 0x0, {}, 0x5, 0x5, 0x100a, 0x8, "9e959f16b6efb0427626e66c4056a51695284854c382ec6bcfeef4fb0efcc1d8a6518ed98e203fd5f0643902dd8f6fac274de9d940bba5e51e92bbd4ce85450d", "f6257170000036c800def96006e08d34000000006f1c00", [0x3, 0x7]}) creat(&(0x7f0000000240)='./file1\x00', 0x4) mount(&(0x7f0000000540)=@filename='./file1\x00', &(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='erofs\x00', 0x200000, 0x0) [ 59.683328][ T5323] loop0: detected capacity change from 0 to 256 [ 59.702299][ T5323] vfat: Unknown parameter 'uni_*ü‰Óe' [ 59.747761][ T5323] loop0: detected capacity change from 0 to 2048 [ 59.778231][ T5323] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 59.830157][ T4677] Bluetooth: hci0: command tx timeout [ 59.832435][ T5323] loop0: detected capacity change from 2048 to 2047 [ 59.864621][ T24] audit: type=1804 audit(1730809517.455:2): pid=5323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/file1/file1" dev="loop0" ino=1346 res=1 errno=0 [ 59.878187][ T5323] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 59.882748][ T5323] KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] [ 59.885946][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0 [ 59.889804][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.893806][ T5323] RIP: 0010:udf_read_folio+0x2b/0xc0 [ 59.895947][ T5323] Code: 0f 1e fa 41 57 41 56 41 54 53 49 89 f6 48 89 fb 49 bc 00 00 00 00 00 fc ff df e8 a0 f4 70 fe 48 83 c3 68 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 86 ba da fe 49 c7 c7 e8 fe ff ff [ 59.903264][ T5323] RSP: 0018:ffffc9000d42f9d8 EFLAGS: 00010202 [ 59.905644][ T5323] RAX: 000000000000000d RBX: 0000000000000068 RCX: 0000000000040000 [ 59.908743][ T5323] RDX: ffffc9000d919000 RSI: 00000000000026f1 RDI: 00000000000026f2 [ 59.911721][ T5323] RBP: ffffc9000d42fab0 R08: ffffffff81cdced6 R09: 1ffffd400020fdd8 [ 59.914620][ T5323] R10: dffffc0000000000 R11: ffffffff8323e5a0 R12: dffffc0000000000 [ 59.917604][ T5323] R13: ffffea000107eec0 R14: ffffea000107eec0 R15: 1ffffd400020fdd9 [ 59.920441][ T5323] FS: 00007f1e7ed736c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 59.923526][ T5323] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.926062][ T5323] CR2: 0000557e62b381f8 CR3: 0000000044270000 CR4: 0000000000352ef0 [ 59.929110][ T5323] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.931917][ T5323] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.934823][ T5323] Call Trace: [ 59.936122][ T5323] [ 59.937177][ T5323] ? __die_body+0x5f/0xb0 [ 59.938727][ T5323] ? die_addr+0xb0/0xe0 [ 59.940290][ T5323] ? exc_general_protection+0x3dd/0x5d0 [ 59.942353][ T5323] ? asm_exc_general_protection+0x26/0x30 [ 59.944512][ T5323] ? __pfx_udf_read_folio+0x10/0x10 [ 59.946513][ T5323] ? filemap_read_folio+0x106/0x630 [ 59.948518][ T5323] ? udf_read_folio+0x2b/0xc0 [ 59.950322][ T5323] ? udf_read_folio+0x20/0xc0 [ 59.952119][ T5323] filemap_read_folio+0x14b/0x630 [ 59.954028][ T5323] ? __pfx_udf_read_folio+0x10/0x10 [ 59.956002][ T5323] ? __pfx_filemap_read_folio+0x10/0x10 [ 59.958091][ T5323] ? __filemap_get_folio+0x949/0xbd0 [ 59.960065][ T5323] do_read_cache_folio+0x3f5/0x850 [ 59.962000][ T5323] ? __pfx_udf_read_folio+0x10/0x10 [ 59.963973][ T5323] erofs_bread+0x499/0xd40 [ 59.965704][ T5323] erofs_fc_fill_super+0x345/0x1770 [ 59.967799][ T5323] ? __pfx_erofs_fc_fill_super+0x10/0x10 [ 59.970037][ T5323] ? sget_fc+0x909/0x9c0 [ 59.971710][ T5323] ? __pfx_set_anon_super_fc+0x10/0x10 [ 59.973760][ T5323] ? __pfx_erofs_fc_fill_super+0x10/0x10 [ 59.975880][ T5323] get_tree_nodev+0xb7/0x140 [ 59.977554][ T5323] vfs_get_tree+0x90/0x2b0 [ 59.979089][ T5323] do_new_mount+0x2be/0xb40 [ 59.980697][ T5323] ? __pfx_do_new_mount+0x10/0x10 [ 59.982475][ T5323] __se_sys_mount+0x2d6/0x3c0 [ 59.984164][ T5323] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 59.986514][ T5323] ? __pfx___se_sys_mount+0x10/0x10 [ 59.988519][ T5323] ? do_syscall_64+0x100/0x230 [ 59.990420][ T5323] ? __x64_sys_mount+0x20/0xc0 [ 59.992256][ T5323] do_syscall_64+0xf3/0x230 [ 59.994047][ T5323] ? clear_bhb_loop+0x35/0x90 [ 59.995811][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.998060][ T5323] RIP: 0033:0x7f1e7df7e719 [ 59.999802][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.007113][ T5323] RSP: 002b:00007f1e7ed73038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 60.010179][ T5323] RAX: ffffffffffffffda RBX: 00007f1e7e135f80 RCX: 00007f1e7df7e719 [ 60.013197][ T5323] RDX: 00000000200005c0 RSI: 0000000020000580 RDI: 0000000020000540 [ 60.016191][ T5323] RBP: 00007f1e7dff139e R08: 0000000000000000 R09: 0000000000000000 [ 60.019296][ T5323] R10: 0000000000200000 R11: 0000000000000246 R12: 0000000000000000 [ 60.022424][ T5323] R13: 0000000000000000 R14: 00007f1e7e135f80 R15: 00007ffcc0a15518 [ 60.025478][ T5323] [ 60.026695][ T5323] Modules linked in: [ 60.028699][ T5323] ---[ end trace 0000000000000000 ]--- [ 60.037198][ T5323] RIP: 0010:udf_read_folio+0x2b/0xc0 [ 60.039742][ T5323] Code: 0f 1e fa 41 57 41 56 41 54 53 49 89 f6 48 89 fb 49 bc 00 00 00 00 00 fc ff df e8 a0 f4 70 fe 48 83 c3 68 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 86 ba da fe 49 c7 c7 e8 fe ff ff [ 60.047319][ T5323] RSP: 0018:ffffc9000d42f9d8 EFLAGS: 00010202 [ 60.051057][ T5323] RAX: 000000000000000d RBX: 0000000000000068 RCX: 0000000000040000 [ 60.054436][ T5323] RDX: ffffc9000d919000 RSI: 00000000000026f1 RDI: 00000000000026f2 [ 60.057289][ T5323] RBP: ffffc9000d42fab0 R08: ffffffff81cdced6 R09: 1ffffd400020fdd8 [ 60.060656][ T5323] R10: dffffc0000000000 R11: ffffffff8323e5a0 R12: dffffc0000000000 [ 60.063694][ T5323] R13: ffffea000107eec0 R14: ffffea000107eec0 R15: 1ffffd400020fdd9 [ 60.066750][ T5323] FS: 00007f1e7ed736c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 60.071268][ T5323] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.073808][ T5323] CR2: 0000557e62b381f8 CR3: 0000000044270000 CR4: 0000000000352ef0 [ 60.076869][ T5323] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.080392][ T5323] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.083460][ T5323] Kernel panic - not syncing: Fatal exception [ 60.086019][ T5323] Kernel Offset: disabled [ 60.087598][ T5323] Rebooting in 86400 seconds..