program: syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./file1\x00', 0x84, &(0x7f0000000000)=ANY=[], 0x8b, 0x2d5, &(0x7f0000025dc0)="$eJzs3c9OE10Yx/HfmSlteeHFUTAmxoVBia4M4Ma4aWKI1+BGI9KaEBqIiImysXFtvAD3bLwAL8KVMXGNK1deALsxZ3pKz7QzbYHQAfl+ktrO9Px5zsy0c56RZgTgwnq0sr93/7d9GClUKOmhFNi3bqok6aquVd9s7qzvNBv1QQ2FUlXJw0hJTdNXZm2zkVXV1ktqOJFdKmnaX4fTEcdx/KvoIFCkqnsOs94MpIr7dIZ+4bOs0rM80bPcCqXWGOM5i8yBDvRWM0XHAQAolmmf3wN3np928/cgkBbcad8////8v+B4T+aODooOoWDe+T/JsmJj9++l5K1uvmc06cp3ssSj9mPnYmW1j6zUBNOks8r+ZDGJJZh8ud5s3FvbatYDfVAtYfy8cE5STXWXs2ZF29/0fMa6tLK/sD+sdK6pZAwTdgzL3fhrNa/IbFanx93aozDfzHfzzET6rPrh/K8UG3/Mbk89nujGv5jX3Narp/Y5apfKGeVluxtK19MbduAow7yMRG5LxaHSFwiidJzlzFpl9dRqj24pryfXzmxmreUhteZsrS9ere7RnF/ztJlP5omZ1x991Yo3/w/s1l5Q/yczu5GkpDsyBo6nlJSM/FWtG5klg6OPBUfU3cYf9UIPNPP63e7GarPZ2B73CxvD2Du9mC8i9a7pHARnJcLjvbDfsf4aRY3t0nh6L59401XdTrGTmf4yld2N1YpfuD3Szgmxt8HOx3qE3jsX8IZGOMZvJRSmu9Pzy7wX/xPzD7NfHqad/3n5ymKS9Nh/ogHz9HjYtM1rcSkjN+heqv/Pa8m46/P5GdBUZgbX0mg5V1L31l3ptrdyf68yKOeKdEWH2fD5Z1b0Q8+5/g8AAAAAAAAAAAAAAAAAAHDejOPXGl53/B05AAAAAAAAAAAAAAAAAAAAAADHkH//36pO8f6/qd8BjHz/394bewI4kb8BAAD//+jIZ98=") ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000000)={{0x8000000000000001, 0x1}, {0x1000, 0x5}, 0x0, 0x1}) r0 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x48, {0x2, 0x4e20, @dev}}) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) sendto$packet(r1, 0x0, 0x0, 0x1, &(0x7f0000000540)={0xc9, 0x8100, r2, 0x1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x14) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0xfff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./file1\x00', 0x84, &(0x7f0000000000)=ANY=[], 0x8b, 0x2d5, &(0x7f0000025dc0)="$eJzs3c9OE10Yx/HfmSlteeHFUTAmxoVBia4M4Ma4aWKI1+BGI9KaEBqIiImysXFtvAD3bLwAL8KVMXGNK1deALsxZ3pKz7QzbYHQAfl+ktrO9Px5zsy0c56RZgTgwnq0sr93/7d9GClUKOmhFNi3bqok6aquVd9s7qzvNBv1QQ2FUlXJw0hJTdNXZm2zkVXV1ktqOJFdKmnaX4fTEcdx/KvoIFCkqnsOs94MpIr7dIZ+4bOs0rM80bPcCqXWGOM5i8yBDvRWM0XHAQAolmmf3wN3np928/cgkBbcad8////8v+B4T+aODooOoWDe+T/JsmJj9++l5K1uvmc06cp3ssSj9mPnYmW1j6zUBNOks8r+ZDGJJZh8ud5s3FvbatYDfVAtYfy8cE5STXWXs2ZF29/0fMa6tLK/sD+sdK6pZAwTdgzL3fhrNa/IbFanx93aozDfzHfzzET6rPrh/K8UG3/Mbk89nujGv5jX3Narp/Y5apfKGeVluxtK19MbduAow7yMRG5LxaHSFwiidJzlzFpl9dRqj24pryfXzmxmreUhteZsrS9ere7RnF/ztJlP5omZ1x991Yo3/w/s1l5Q/yczu5GkpDsyBo6nlJSM/FWtG5klg6OPBUfU3cYf9UIPNPP63e7GarPZ2B73CxvD2Du9mC8i9a7pHARnJcLjvbDfsf4aRY3t0nh6L59401XdTrGTmf4yld2N1YpfuD3Szgmxt8HOx3qE3jsX8IZGOMZvJRSmu9Pzy7wX/xPzD7NfHqad/3n5ymKS9Nh/ogHz9HjYtM1rcSkjN+heqv/Pa8m46/P5GdBUZgbX0mg5V1L31l3ptrdyf68yKOeKdEWH2fD5Z1b0Q8+5/g8AAAAAAAAAAAAAAAAAAHDejOPXGl53/B05AAAAAAAAAAAAAAAAAAAAAADHkH//36pO8f6/qd8BjHz/394bewI4kb8BAAD//+jIZ98=") (async) ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000000)={{0x8000000000000001, 0x1}, {0x1000, 0x5}, 0x0, 0x1}) (async) socket$inet(0x2, 0x3, 0x6) (async) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x48, {0x2, 0x4e20, @dev}}) (async) socket$packet(0x11, 0x2, 0x300) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge0\x00'}) (async) sendto$packet(r1, 0x0, 0x0, 0x1, &(0x7f0000000540)={0xc9, 0x8100, r2, 0x1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x14) (async) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') (async) preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0xfff, 0x0) (async) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) (async) [ 108.963249][ T5297] Bluetooth: hci0: command tx timeout [ 109.080991][ T5335] loop0: detected capacity change from 0 to 64 [ 109.236101][ T24] ------------[ cut here ]------------ [ 109.238733][ T24] kernel BUG at fs/hfs/inode.c:474! [ 109.261190][ T24] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 109.263985][ T24] CPU: 0 UID: 0 PID: 24 Comm: kworker/u4:2 Not tainted syzkaller #0 PREEMPT(full) [ 109.267995][ T24] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.272286][ T24] Workqueue: writeback wb_workfn (flush-7:0) [ 109.274992][ T24] RIP: 0010:hfs_write_inode+0x934/0x960 [ 109.277481][ T24] Code: 40 31 ff e8 7e e2 12 ff 81 e3 00 00 00 40 75 1c e8 31 de 12 ff 48 bb f8 f8 f8 f8 f8 f8 f8 f8 e9 dc f7 ff ff e8 1d de 12 ff 90 <0f> 0b e8 15 de 12 ff e8 50 02 80 fe eb dd 44 89 f1 80 e1 07 80 c1 [ 109.285885][ T24] RSP: 0000:ffffc9000031f120 EFLAGS: 00010293 [ 109.288507][ T24] RAX: ffffffff82b2ec93 RBX: ffff8880380279d0 RCX: ffff88801b70ca00 [ 109.291738][ T24] RDX: 0000000000000000 RSI: ffffffff8ebcd4b0 RDI: 0000000000000000 [ 109.295057][ T24] RBP: ffffc9000031f2a8 R08: ffff88801b70ca00 R09: 0000000000000003 [ 109.298270][ T24] R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000 [ 109.301364][ T24] R13: 1ffff92000063e28 R14: 0000000000000000 R15: ffff888038027990 [ 109.304456][ T24] FS: 0000000000000000(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000 [ 109.308133][ T24] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.310457][ T24] CR2: 00007fb70d9456a0 CR3: 000000000e4c5000 CR4: 0000000000352ef0 [ 109.313593][ T24] Call Trace: [ 109.314823][ T24] [ 109.315868][ T24] ? __lock_acquire+0x6b5/0x2cf0 [ 109.317593][ T24] ? __pfx_hfs_write_inode+0x10/0x10 [ 109.319427][ T24] ? do_raw_spin_unlock+0x4d/0x210 [ 109.321213][ T24] __writeback_single_inode+0x75a/0x10e0 [ 109.323186][ T24] writeback_sb_inodes+0x979/0x19d0 [ 109.325306][ T24] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 109.327511][ T24] ? __pfx_down_read_trylock+0x10/0x10 [ 109.329717][ T24] ? __pfx_move_expired_inodes+0x10/0x10 [ 109.331925][ T24] __writeback_inodes_wb+0x111/0x240 [ 109.333958][ T24] wb_writeback+0x459/0xb00 [ 109.335645][ T24] ? queue_io+0x271/0x470 [ 109.337190][ T24] ? __pfx_wb_writeback+0x10/0x10 [ 109.339118][ T24] ? do_raw_spin_lock+0x12b/0x2f0 [ 109.341305][ T24] wb_workfn+0x921/0xf10 [ 109.342997][ T24] ? __lock_acquire+0x6b5/0x2cf0 [ 109.344930][ T24] ? look_up_lock_class+0x57/0x110 [ 109.347011][ T24] ? __pfx_wb_workfn+0x10/0x10 [ 109.349183][ T24] ? do_raw_spin_lock+0x12b/0x2f0 [ 109.351232][ T24] ? lock_acquire+0x106/0x350 [ 109.353164][ T24] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 109.355372][ T24] ? process_scheduled_works+0xa70/0x1860 [ 109.357826][ T24] ? process_scheduled_works+0xa70/0x1860 [ 109.360053][ T24] ? process_scheduled_works+0xa70/0x1860 [ 109.362409][ T24] process_scheduled_works+0xb5d/0x1860 [ 109.364711][ T24] ? __pfx_process_scheduled_works+0x10/0x10 [ 109.366998][ T24] ? assign_work+0x3d5/0x5e0 [ 109.368956][ T24] worker_thread+0xa53/0xfc0 [ 109.370915][ T24] kthread+0x388/0x470 [ 109.372534][ T24] ? __pfx_worker_thread+0x10/0x10 [ 109.374489][ T24] ? __pfx_kthread+0x10/0x10 [ 109.376147][ T24] ret_from_fork+0x514/0xb70 [ 109.377803][ T24] ? __pfx_ret_from_fork+0x10/0x10 [ 109.379990][ T24] ? __switch_to+0xc79/0x1410 [ 109.382048][ T24] ? __pfx_kthread+0x10/0x10 [ 109.384052][ T24] ret_from_fork_asm+0x1a/0x30 [ 109.385954][ T24] [ 109.387347][ T24] Modules linked in: [ 109.389695][ T24] ---[ end trace 0000000000000000 ]---