program: syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f00000003c0)='./bus\x00', 0x4680, &(0x7f0000000000)=ANY=[@ANYRES8=0x0, @ANYRESHEX], 0xfd, 0x2a1, &(0x7f0000000100)="$eJzs3b9u01wYx/HfcdI270tV3D8ICTEVKjGhtgwglkqod8DChChNkKpaRYIi0U6BGXEB7NwCF8DIVDEjsTExMBaWoHN8Quw0jpMoqZP0+5ESJfZ57OfYxz1+UrURgAvrwfb3j3d+2IeRSipJui8FkipSWdIVXa28OjjcO4xq1W4bKrkI+zClrDa7B7VOi22c25cX2ndlzSeXYTQq31QvOgcUz139HQTSnL863frKuWc2Ghd90JtTneq1ForOAwBQLD//B36en48XKQikNT/tp+f/yZ5Aza+GU3QeI/M5Z31i/ndVVsPY83vZrWrVe3YI6K4PcVWi9KfvgzareGSlbjBNXlXpcgn+e7YX1W7vPo+qgd5qy5tpNVtxz9V46DY1a1r7+s3ZTa/GHfOZ5UpurT+XXB9mbB82g5NW/okmy8PdYz7zxZyYxybUB1X/3f+VG8YeDHc8wrYzFee/nr1F18tZuVbJs5Rosuh2ci19xLv2sqSMikTN87ao9AcEYV6eLmqpLSru3UZO1HLHqM2cqJX2qNZozo4cNfPePDKr+qlP2k7c/wf2aK+plyvTtnEt/cjo2p+yaxm6+cRfdfXrHVsGg/YIA3inp7qnhZdHx/s7UVR7MbUv7JU4BmkcHe//boxFGjtR1BwE45LP1L6wB7mQvTfnncG3U9hPJpyj1knvM5DfzUwLe99l4vovUa+su5s1+xSm79PnkrG5tWBiixsZtcGSe/4/u4JLMVJdjczKoK3m6rxHV3PduCXd7GWPsdDnOX62Bgky2/qqJ3z+DwAAAAAAAAAAAAAAAAAAMGmG9ycHFWWtKrqPAAAAAAAAAAAAAAAAAAAAAABMulF8/6//7/DmTJtevv/3oeJ3Zc1rZhg9BJDlbwAAAP//e1SAFg==") mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5e) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x20041, 0x100) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') syz_mount_image$udf(&(0x7f0000000e00), &(0x7f0000000180)='./file0\x00', 0x400007, &(0x7f0000000ec0)={[{@volume={'volume', 0x3d, 0x3f}}, {@iocharset={'iocharset', 0x3d, 'cp864'}}, {@session}, {@uid_forget}, {@undelete}, {}, {@longad}, {@uid_forget}, {@utf8}]}, 0x1, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1e4047c, &(0x7f0000000ec0)=ANY=[], 0x1, 0x0, &(0x7f0000000000)) r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f0000000080)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='exfat\x00', 0x2800080, &(0x7f00000001c0)='discard') [ 86.132343][ T5340] Bluetooth: hci0: command tx timeout [ 86.185227][ T5367] loop0: detected capacity change from 0 to 64 [ 86.298999][ T1037] ------------[ cut here ]------------ [ 86.301077][ T1037] kernel BUG at fs/hfs/inode.c:444! [ 86.304641][ T1037] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 86.307278][ T1037] CPU: 0 UID: 0 PID: 1037 Comm: kworker/u4:5 Not tainted syzkaller #0 PREEMPT(full) [ 86.310963][ T1037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.315002][ T1037] Workqueue: writeback wb_workfn (flush-7:0) [ 86.318047][ T1037] RIP: 0010:hfs_write_inode+0x7c8/0x7d0 [ 86.320754][ T1037] Code: c1 40 a2 b0 99 80 e1 07 80 c1 03 38 c1 0f 8c 7d fe ff ff 48 c7 c7 40 a2 b0 99 e8 43 16 88 ff e9 6c fe ff ff e8 b9 29 23 ff 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 86.329696][ T1037] RSP: 0018:ffffc9000252f180 EFLAGS: 00010293 [ 86.332095][ T1037] RAX: ffffffff829c9187 RBX: ffff888036f50e98 RCX: ffff888035b54880 [ 86.335395][ T1037] RDX: 0000000000000000 RSI: ffffffff8e361d40 RDI: 0000000000000000 [ 86.338693][ T1037] RBP: ffffc9000252f310 R08: ffff888035b54880 R09: 0000000000000003 [ 86.342375][ T1037] R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000 [ 86.346075][ T1037] R13: 1ffff920004a5e34 R14: ffff888036f50e58 R15: 0000000000000000 [ 86.349645][ T1037] FS: 0000000000000000(0000) GS:ffff88808d20f000(0000) knlGS:0000000000000000 [ 86.353404][ T1037] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.356224][ T1037] CR2: 00007f41c34ffe00 CR3: 0000000012207000 CR4: 0000000000352ef0 [ 86.359695][ T1037] Call Trace: [ 86.361147][ T1037] [ 86.362420][ T1037] ? __pfx_hfs_write_inode+0x10/0x10 [ 86.364670][ T1037] __writeback_single_inode+0x6ee/0xff0 [ 86.367096][ T1037] writeback_sb_inodes+0x6c7/0x1010 [ 86.369342][ T1037] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 86.371958][ T1037] ? rcu_is_watching+0x15/0xb0 [ 86.374121][ T1037] wb_writeback+0x43b/0xaf0 [ 86.376127][ T1037] ? queue_io+0x371/0x590 [ 86.378003][ T1037] ? __pfx_wb_writeback+0x10/0x10 [ 86.380114][ T1037] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.382512][ T1037] wb_workfn+0x409/0xef0 [ 86.384547][ T1037] ? __pfx_wb_workfn+0x10/0x10 [ 86.386786][ T1037] ? __lock_acquire+0xab9/0xd20 [ 86.389341][ T1037] ? process_scheduled_works+0x9ef/0x17b0 [ 86.391844][ T1037] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.394237][ T1037] ? process_scheduled_works+0x9ef/0x17b0 [ 86.396825][ T1037] ? process_scheduled_works+0x9ef/0x17b0 [ 86.399367][ T1037] process_scheduled_works+0xae1/0x17b0 [ 86.402002][ T1037] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.404817][ T1037] worker_thread+0x8a0/0xda0 [ 86.407196][ T1037] kthread+0x70e/0x8a0 [ 86.409052][ T1037] ? __pfx_worker_thread+0x10/0x10 [ 86.411325][ T1037] ? __pfx_kthread+0x10/0x10 [ 86.413418][ T1037] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.415862][ T1037] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.418406][ T1037] ? __pfx_kthread+0x10/0x10 [ 86.420632][ T1037] ret_from_fork+0x3f9/0x770 [ 86.422717][ T1037] ? __pfx_ret_from_fork+0x10/0x10 [ 86.425017][ T1037] ? __pfx_kthread+0x10/0x10 [ 86.427031][ T1037] ret_from_fork_asm+0x1a/0x30 [ 86.429312][ T1037] [ 86.430859][ T1037] Modules linked in: [ 86.433323][ T1037] ---[ end trace 0000000000000000 ]--- [ 86.440755][ T1037] RIP: 0010:hfs_write_inode+0x7c8/0x7d0 [ 86.443755][ T1037] Code: c1 40 a2 b0 99 80 e1 07 80 c1 03 38 c1 0f 8c 7d fe ff ff 48 c7 c7 40 a2 b0 99 e8 43 16 88 ff e9 6c fe ff ff e8 b9 29 23 ff 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 86.453048][ T1037] RSP: 0018:ffffc9000252f180 EFLAGS: 00010293 [ 86.455697][ T1037] RAX: ffffffff829c9187 RBX: ffff888036f50e98 RCX: ffff888035b54880 [ 86.459149][ T1037] RDX: 0000000000000000 RSI: ffffffff8e361d40 RDI: 0000000000000000 [ 86.463589][ T1037] RBP: ffffc9000252f310 R08: ffff888035b54880 R09: 0000000000000003 [ 86.466933][ T1037] R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000 [ 86.470142][ T1037] R13: 1ffff920004a5e34 R14: ffff888036f50e58 R15: 0000000000000000 [ 86.474112][ T1037] FS: 0000000000000000(0000) GS:ffff88808d20f000(0000) knlGS:0000000000000000 [ 86.477923][ T1037] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.480798][ T1037] CR2: 00007f41c34ffe00 CR3: 0000000012207000 CR4: 0000000000352ef0 [ 86.485363][ T1037] Kernel panic - not syncing: Fatal exception [ 86.488460][ T1037] Kernel Offset: disabled [ 86.490376][ T1037] Rebooting in 86400 seconds..