program: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) lseek(r1, 0x7ffffb, 0x0) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000900)=ANY=[@ANYBLOB="dc92953e28a9f936e328f7ae2faac204b1247cb0e709a040280fcced1bab7ad71f8bdb339150e843da1b9b497dc2480799b07594c7cfe63bcce1761a826db417a7382838d2edd9ed6534bdac5d22607ec996c8168d72661f65fcfa8a340c39a6a934ef1955e69a5b1918dcb41e35a70266397b52d55388deece4bd8c5f9de69d3d9f53d872fa9c49353f594feb18e523f9a36a9399c548f44b6d5c5df7b1", @ANYBLOB="57731da3afe557fad654c8127acd04b7cd7d9d3f7f7cc340d23db7fb44ccfb5fb810ce7a721a2fb16d8b531a78944fee5a82ad1b33bc3eccfc98839903b3ab864249c40a55c65d1af8e5c3cd6434967645a1d72480fddf89c360c2cad22603d0a5c395b5d57c5e41def4acc9464c420a26c568ec039016146dd4b8c394b9d72267e267cc2892c132011fc7334f6d75641a5b2739b71c8a079a987a8a62", @ANYRES8, @ANYRESOCT=r1, @ANYRES64=r0], 0xa) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f00000003c0)={0x16, 0x98, 0xfa00, {&(0x7f0000000380)={0xffffffffffffffff}, 0x2, 0xffffffffffffffff, 0x1c, 0x0, @ib={0x1b, 0x0, 0x5, {"d1d952a93d063f7333aa2986ac6a66a5"}, 0xb, 0x9, 0x2}}}, 0xa0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000480)={0x11, 0x10, 0xfa00, {&(0x7f0000000300), r2}}, 0x18) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[], 0x3, 0x5fe, &(0x7f0000000b00)="$eJzs3cFvHGcZB+DfbGxnHaTUSZM2oEpERaoQFsl6LZGUC1AKslCFKnHgbBEnsbJJK3uL3B7AIA4Vp/4JRchnJMQFqUg50B44wKlnSz0iwdm3RTM7u1knixM7jr1unkea/d6Zb+bbd96ZHc/YsjbAc2tpPlP3U2Rp/q2Ncn57a7GzvbV4dxAnOZ2kkTSTFOXivyT5ItlMf8pXBx0j7SM+/6R567OPPv2wP1eO1Sym+usXe233ZIa5zPVzrdrDGq/99OON7uHUUw8Fh6U30BjbXZ61f/rvkWcFAByFIjk1bvlccqa+YS+fA/p3xf177BNt87gTAAAAgCPwwk52spGzx50HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnCT19/8X9dQYxJdTDL7/f6Zeljo+0e4fdwIAAAAAAAAAcAi+vpOdbOTsYL5XVH/zf7WauVC9fiXvZT0rWcuVbGQ53XSzloUkcyMDzWwsd7trC0+wZXu45Wb50uxv2T7CnQYAAAAAAACAL5/fZunB3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGASFMmpflNNFwbxXBpTSZpJZsr1NpN/DeKT7P5xJwAAAABH4IWd7GQjZwfzvaJ65n+peu5v5r3cSzer6aaTldxI8deZ+qm/sb212NneWrxbTo+O+4P/7CuNasT0f/cw/p0vVWvM5mZWqyVX8ou8k05upFFtWbo0yGd8Xr8pcyq+V3vCzG7UbZHkJ3U7GeaqikwPK9KqcyurcW7vSuzz6Dz8TgtpDH/zc+EZ1PxM3Zb78+ZE17w9cva9tHclkvM///212517d27fXJ+fnF06oIcrsThSiZefq0q0qkpcHM4v5cf5WeZzOW9nLav5ZZbTzUou580qWq7P5/J1bu9KfX/X3NuPy2SmPi79q+j+cnq12vZsVvPTvJMb1RFt5VqupZ3v5PW0dh3hi2Pz/nWv7t7p9Xpp7O9T/41v1sF0kh/V7WQo63pupK6j19y5qm90SVWl6gfq+cdcG0/XwT6qNPW1OijPnjcm7tp47qGfEoPz5cW9K/GH6sRZ79y7s3Z7+d0nfL/X6raswA+HlZiql/ZOHcpOHUh5vpwf5rL77Cj7Xhzbt1D1XRj2NR7puzjse9wndaa+h3t0pHbV9/LYvv52l0b6xt1vATDxznzrzMzsv2f/Ofvx7O9mb8++1Xzj9PXTr8xk+u/T351qnXqt8Urx53ycXz14/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5u/f0P7ix3OitrBw4G30T0tOMIBCcsSLJ5OB+iIw6m8/h1jvnCBDxzV7t33726/v4H3169u3xr5dbKvddb168vLCxca129udpZqV+PO0sA4DDtepgBAAAAAAAAAAAAAAAm0hH9mzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAzszSfqfspstC60irnt7cWO+U0iB+s2UxSlMHfknyRbKY/ZW5kuOL/vc/nnzRvffbRpx8+GKtZrf+P9mHsxa5cGg/l9LTjtUfG++OBhiuGlbmc5HzdwrH7XwAAAP//CaIDRw==") open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f00000002c0)='./file0\x00', 0x0, 0x5000, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x12, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) setxattr$trusted_overlay_nlink(&(0x7f0000000240)='./file0\x00', &(0x7f0000000340), 0x0, 0x0, 0x2) prctl$PR_GET_NO_NEW_PRIVS(0x27) bind$inet6(r0, &(0x7f0000002c80)={0xa, 0x14e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000500)={0xa, 0x4e24}, 0x1c) fanotify_mark(0xffffffffffffffff, 0x1, 0xa90d61e0df308670, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4001}, 0x0) r5 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$xdp(&(0x7f0000ceb000/0x1000)=nil, 0x1000, 0x0, 0x10012, r5, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r5) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000000000000000000a000003000000000000"], 0x14}, 0x1, 0x0, 0x0, 0xc0c0}, 0x48081) sendmsg$GTP_CMD_NEWPDP(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="11000000000000006f8b5145417875b80100eda31abdc4c0f74dca355d866be9046894987951e94a433c9897f6cea650a4917993cd6f83d3c46bb8867a39009f77c7ec299aac063afe0954fec1c9fb3869aaa49bddad6e696e12137729340000000000", @ANYRES32=0x0, @ANYBLOB="08000800000000000800020001000000"], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x840) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040)) getsockopt$inet6_tcp_int(r0, 0x6, 0x18, &(0x7f0000000240), &(0x7f0000000280)=0x4) sendmsg$GTP_CMD_DELPDP(r5, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r7, 0x300, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x84) sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a48000000060a82fee67d0000000000000a0000000900010073797a31000000000900020073797a32000000001c000480180001800d00010073796e70726f78790000000004000280140000001100010000000000000000000100000ae92431ad91e6cf258b800fef4ddac9dfff820dcb1fa17d74ca1ea33886d63fdb600533af9b52d6bdb76d68d5fd05a40ab9fca061045edb1eda5e614f8d89b3dad76eb9cfdbaa127df7aee92fbfd9868cd6ac501a183d"], 0x70}, 0x1, 0x0, 0x0, 0x4000851}, 0x24044010) [ 86.010650][ T44] Bluetooth: hci0: command tx timeout [ 86.179420][ T5326] loop0: detected capacity change from 0 to 1024 [ 86.339018][ T24] audit: type=1804 audit(1776588623.354:2): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/file1/bus" dev="loop0" ino=25 res=1 errno=0 [ 86.365954][ T5326] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 86.371615][ T5326] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 86.375461][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.380374][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 86.385280][ T5326] RIP: 0010:__hfsplus_setxattr+0x1c68/0x2860 [ 86.388112][ T5326] Code: 8b 36 49 83 c6 30 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 86 02 82 ff 4d 8b 36 49 83 c6 08 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 69 02 82 ff 4d 8b 36 49 8d 7e 90 [ 86.396435][ T5326] RSP: 0018:ffffc9000e027420 EFLAGS: 00010202 [ 86.400543][ T5326] RAX: 0000000000000001 RBX: fffff52001c04ea4 RCX: 0000000000100000 [ 86.406124][ T5326] RDX: ffffc9000ec0a000 RSI: 00000000000014f7 RDI: 00000000000014f8 [ 86.410063][ T5326] RBP: ffffc9000e0278f8 R08: ffffea000157a6f7 R09: 1ffffd40002af4de [ 86.413893][ T5326] R10: dffffc0000000000 R11: fffff940002af4df R12: dffffc0000000000 [ 86.417242][ T5326] R13: ffff888037a29ba8 R14: 0000000000000008 R15: ffff888037a2a1b8 [ 86.420703][ T5326] FS: 00007f5f0b92e6c0(0000) GS:ffff88808c81a000(0000) knlGS:0000000000000000 [ 86.425711][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.429005][ T5326] CR2: 00007f354c5909c0 CR3: 000000003564b000 CR4: 0000000000352ef0 [ 86.432351][ T5326] Call Trace: [ 86.433708][ T5326] [ 86.434963][ T5326] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 86.437150][ T5326] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 86.439654][ T5326] ? rcu_is_watching+0x15/0xb0 [ 86.441884][ T5326] ? __kasan_kmalloc+0x93/0xb0 [ 86.444194][ T5326] ? __kmalloc_cache_noprof+0x31c/0x660 [ 86.447059][ T5326] ? hfsplus_setxattr+0x10b/0x340 [ 86.449491][ T5326] hfsplus_setxattr+0x124/0x340 [ 86.451724][ T5326] hfsplus_trusted_setxattr+0x40/0x60 [ 86.454186][ T5326] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 86.456905][ T5326] __vfs_setxattr+0x43c/0x480 [ 86.458977][ T5326] __vfs_setxattr_noperm+0x12d/0x660 [ 86.461272][ T5326] vfs_setxattr+0x163/0x360 [ 86.463511][ T5326] ? __pfx_vfs_setxattr+0x10/0x10 [ 86.465941][ T5326] filename_setxattr+0x296/0x630 [ 86.468382][ T5326] ? __pfx_filename_setxattr+0x10/0x10 [ 86.471048][ T5326] ? do_getname+0x151/0x250 [ 86.473109][ T5326] path_setxattrat+0x3eb/0x440 [ 86.475253][ T5326] ? __pfx_path_setxattrat+0x10/0x10 [ 86.477937][ T5326] ? do_futex+0x395/0x420 [ 86.480502][ T5326] ? rcu_is_watching+0x15/0xb0 [ 86.482833][ T5326] __x64_sys_setxattr+0xbc/0xe0 [ 86.485239][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.488254][ T5326] do_syscall_64+0x15f/0xf80 [ 86.490479][ T5326] ? trace_irq_disable+0x3b/0x140 [ 86.492793][ T5326] ? clear_bhb_loop+0x40/0x90 [ 86.494936][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.497471][ T5326] RIP: 0033:0x7f5f0a99c819 [ 86.499391][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.508271][ T5326] RSP: 002b:00007f5f0b92dfe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 86.512152][ T5326] RAX: ffffffffffffffda RBX: 00007f5f0ac15fa0 RCX: 00007f5f0a99c819 [ 86.516062][ T5326] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000200000000240 [ 86.520191][ T5326] RBP: 00007f5f0aa32c91 R08: 0000000000000002 R09: 0000000000000000 [ 86.524308][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.528058][ T5326] R13: 00007f5f0ac16038 R14: 00007f5f0ac15fa0 R15: 00007fffe7af1fa8 [ 86.531647][ T5326] [ 86.532970][ T5326] Modules linked in: [ 86.535277][ T5326] ---[ end trace 0000000000000000 ]--- [ 86.554004][ T5326] RIP: 0010:__hfsplus_setxattr+0x1c68/0x2860 [ 86.556442][ T5326] Code: 8b 36 49 83 c6 30 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 86 02 82 ff 4d 8b 36 49 83 c6 08 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 69 02 82 ff 4d 8b 36 49 8d 7e 90 [ 86.565513][ T5326] RSP: 0018:ffffc9000e027420 EFLAGS: 00010202 [ 86.568524][ T5326] RAX: 0000000000000001 RBX: fffff52001c04ea4 RCX: 0000000000100000 [ 86.573169][ T5326] RDX: ffffc9000ec0a000 RSI: 00000000000014f7 RDI: 00000000000014f8 [ 86.577055][ T5326] RBP: ffffc9000e0278f8 R08: ffffea000157a6f7 R09: 1ffffd40002af4de [ 86.581243][ T5326] R10: dffffc0000000000 R11: fffff940002af4df R12: dffffc0000000000 [ 86.584856][ T5326] R13: ffff888037a29ba8 R14: 0000000000000008 R15: ffff888037a2a1b8 [ 86.588629][ T5326] FS: 00007f5f0b92e6c0(0000) GS:ffff88808c81a000(0000) knlGS:0000000000000000 [ 86.593948][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.597539][ T5326] CR2: 0000200000009b00 CR3: 000000003564b000 CR4: 0000000000352ef0 [ 86.602032][ T5326] Kernel panic - not syncing: Fatal exception [ 86.605010][ T5326] Kernel Offset: disabled [ 86.606549][ T5326] Rebooting in 86400 seconds..