program: syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./file1\x00', 0x84, &(0x7f0000000000)=ANY=[], 0x8b, 0x2d5, &(0x7f0000025dc0)="$eJzs3c9OE10Yx/HfmSlteeHFUTAmxoVBia4M4Ma4aWKI1+BGI9KaEBqIiImysXFtvAD3bLwAL8KVMXGNK1deALsxZ3pKz7QzbYHQAfl+ktrO9Px5zsy0c56RZgTgwnq0sr93/7d9GClUKOmhFNi3bqok6aquVd9s7qzvNBv1QQ2FUlXJw0hJTdNXZm2zkVXV1ktqOJFdKmnaX4fTEcdx/KvoIFCkqnsOs94MpIr7dIZ+4bOs0rM80bPcCqXWGOM5i8yBDvRWM0XHAQAolmmf3wN3np928/cgkBbcad8////8v+B4T+aODooOoWDe+T/JsmJj9++l5K1uvmc06cp3ssSj9mPnYmW1j6zUBNOks8r+ZDGJJZh8ud5s3FvbatYDfVAtYfy8cE5STXWXs2ZF29/0fMa6tLK/sD+sdK6pZAwTdgzL3fhrNa/IbFanx93aozDfzHfzzET6rPrh/K8UG3/Mbk89nujGv5jX3Narp/Y5apfKGeVluxtK19MbduAow7yMRG5LxaHSFwiidJzlzFpl9dRqj24pryfXzmxmreUhteZsrS9ere7RnF/ztJlP5omZ1x991Yo3/w/s1l5Q/yczu5GkpDsyBo6nlJSM/FWtG5klg6OPBUfU3cYf9UIPNPP63e7GarPZ2B73CxvD2Du9mC8i9a7pHARnJcLjvbDfsf4aRY3t0nh6L59401XdTrGTmf4yld2N1YpfuD3Szgmxt8HOx3qE3jsX8IZGOMZvJRSmu9Pzy7wX/xPzD7NfHqad/3n5ymKS9Nh/ogHz9HjYtM1rcSkjN+heqv/Pa8m46/P5GdBUZgbX0mg5V1L31l3ptrdyf68yKOeKdEWH2fD5Z1b0Q8+5/g8AAAAAAAAAAAAAAAAAAHDejOPXGl53/B05AAAAAAAAAAAAAAAAAAAAAADHkH//36pO8f6/qd8BjHz/394bewI4kb8BAAD//+jIZ98=") r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x1013}) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x2, 0x4000000000000001, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r1 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], 0x4}) ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f0000000400)=[0x0], &(0x7f0000000080)=[0x2], &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1}) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x40441, 0x106) [ 85.004999][ T5281] Bluetooth: hci0: command tx timeout [ 85.078515][ T5316] loop0: detected capacity change from 0 to 64 [ 85.127450][ T5316] hfs: hfs: Invalid key length: 94 [ 85.203613][ T12] ------------[ cut here ]------------ [ 85.206209][ T12] kernel BUG at fs/hfs/inode.c:476! [ 85.227658][ T12] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 85.230598][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted syzkaller #0 PREEMPT(full) [ 85.235368][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.240047][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 85.242536][ T12] RIP: 0010:hfs_write_inode+0x95e/0x990 [ 85.244795][ T12] Code: 89 de 81 e6 00 00 00 40 31 ff e8 fd 4c 10 ff 81 e3 00 00 00 40 75 15 e8 b0 48 10 ff 4c 89 f3 e9 b1 f7 ff ff e8 a3 48 10 ff 90 <0f> 0b e8 9b 48 10 ff e8 06 d5 7c fe eb e4 44 89 e1 80 e1 07 80 c1 [ 85.252645][ T12] RSP: 0018:ffffc9000025f120 EFLAGS: 00010293 [ 85.255490][ T12] RAX: ffffffff82b5ec1d RBX: f8f8f8f8f8f8f8f8 RCX: ffff88801b354a80 [ 85.258887][ T12] RDX: 0000000000000000 RSI: ffffffff8ebce990 RDI: 0000000000000000 [ 85.262195][ T12] RBP: ffffc9000025f2a8 R08: ffff88801b354a80 R09: 0000000000000003 [ 85.265685][ T12] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000000 [ 85.269809][ T12] R13: dffffc0000000000 R14: ffff888040503500 R15: 1ffff9200004be28 [ 85.273397][ T12] FS: 0000000000000000(0000) GS:ffff88808c84f000(0000) knlGS:0000000000000000 [ 85.277240][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.280407][ T12] CR2: 00007fffbb432f52 CR3: 000000004226a000 CR4: 0000000000352ef0 [ 85.284775][ T12] Call Trace: [ 85.286401][ T12] [ 85.287772][ T12] ? __pfx_hfs_write_inode+0x10/0x10 [ 85.290094][ T12] ? do_raw_spin_unlock+0x4d/0x210 [ 85.292353][ T12] ? __pfx_hfs_writepages+0x10/0x10 [ 85.294959][ T12] ? do_raw_spin_unlock+0x4d/0x210 [ 85.297627][ T12] __writeback_single_inode+0x6ac/0xf90 [ 85.300248][ T12] writeback_sb_inodes+0x9de/0x1b00 [ 85.302568][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 85.305106][ T12] ? __pfx_down_read_trylock+0x10/0x10 [ 85.307331][ T12] ? __pfx___up_read+0x10/0x10 [ 85.309557][ T12] ? lock_release+0x4b/0x3c0 [ 85.311517][ T12] __writeback_inodes_wb+0x114/0x240 [ 85.313656][ T12] wb_writeback+0x42f/0xad0 [ 85.315540][ T12] ? queue_io+0x221/0x470 [ 85.317725][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 85.320132][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.322516][ T12] ? process_scheduled_works+0xa20/0x14e0 [ 85.325080][ T12] ? rcu_is_watching+0x15/0xb0 [ 85.327319][ T12] wb_workfn+0x980/0x10f0 [ 85.329741][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 85.332331][ T12] ? rcu_is_watching+0x15/0xb0 [ 85.334674][ T12] ? trace_hrtimer_start+0x82/0x200 [ 85.337062][ T12] ? hrtimer_start_range_ns_common+0x83b/0xb90 [ 85.339987][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.342132][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 85.344819][ T12] ? rcu_is_watching+0x15/0xb0 [ 85.347529][ T12] ? process_scheduled_works+0xa20/0x14e0 [ 85.350219][ T12] ? rcu_is_watching+0x15/0xb0 [ 85.352301][ T12] ? rcu_is_watching+0x15/0xb0 [ 85.354433][ T12] ? process_scheduled_works+0xa20/0x14e0 [ 85.356825][ T12] process_scheduled_works+0xa8e/0x14e0 [ 85.359544][ T12] ? rcu_is_watching+0x15/0xb0 [ 85.362138][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.364876][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.366897][ T12] ? assign_work+0x3cf/0x5d0 [ 85.368964][ T12] worker_thread+0xa47/0xfb0 [ 85.370874][ T12] kthread+0x388/0x470 [ 85.372690][ T12] ? __pfx_worker_thread+0x10/0x10 [ 85.375032][ T12] ? __pfx_kthread+0x10/0x10 [ 85.377381][ T12] ret_from_fork+0x514/0xb70 [ 85.379657][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 85.381658][ T12] ? __switch_to+0xc89/0x1420 [ 85.383725][ T12] ? __pfx_kthread+0x10/0x10 [ 85.385789][ T12] ret_from_fork_asm+0x1a/0x30 [ 85.388234][ T12] [ 85.389912][ T12] Modules linked in: [ 85.392290][ T12] ---[ end trace 0000000000000000 ]---