program: r0 = syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000010, &(0x7f00000013c0)=ANY=[], 0xf, 0x6a2, &(0x7f0000000100)="$eJzs3c1vHGcdB/DvrNeuHargtEkboSKiRCpIFolf5IK5EBBCPlSoKgfOVuI0VjZOZbvIrRC4FMEJiUP/gILkGyck7kHhXG69+lgJiUvEIeJiNLOz9tq7ju3Eb4HPJxo/z8zzzDO//e0zM951Vhvg/9bsWJoPU2R27O3Vcn1jfaq1sT71Ut3cSlLWG0mzXaRYTIpHyc2yveha0lX2+HRh5t0vHm982V5r1kvVv/G0/fro03etXnIlyUBd9ho86CF2jHcrycs9XYYOOtaOjmXSrtUlnLrNHmuH2f0w5y1wxnTuTkX7vtljNDmXZLj+PSD11aFxchEej0Nd5QAAAOAF9fmD044AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXjz19/8X9dKoy1xJ0fn+/6HOtrr+Qnt42gEAAAAAAAAAwBH4xpM8yWrOd9Y3i+pv/lerlYv5z2bylXyQ5cxnKdezmrmsZCVLmUgy2jXQ0OrcysrSxNaepf57Tvbdc/KkHjEAAAAAAAAA/E/6dWa3//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnQZEMtItqudipj6bRbFczVP5YS/7Rqb8gin4bH558HAAAAPBchp9hn68+yZOs5nxnfbOoXvO/Vr1eHs4HWcxKFrKSVuZzu34NXb7qb2ysT7U21qful0vvuD/416HCqEZM+72H/ke+XPUYyZ0sVFuu51YVzO00qj1Llzvx9I/r4zKm4vu1A0bWrNNaHuwPe72LcCQO+1bEaBlcspWR8Tq2MhsX2hkoqjdqkt2Z2PfZae4+UhoZ3DrSRBpb7/xcPIacn6vL8vH89lhzflhbmWikysRk1+x77emZSL751z//7G5r8d7dO8tjZ+ch7WNgj+2758RUVyZe75eJ7oHOdCaah+w/XmXi0tb6bH6cn2YsV/JOlrKQn2cuK5nPZt0+V8/n8ufo0+fMzR1r7+wXyVD9vLRTfZCYruRHVW0uV6t9z2chRR7kdubzVvVvMhP5TqYznZmuZ/jSnnFXj6066xu7z/rOM/23vsFf+1ZdGUnyu7rsycEue83Oo9K+9pd5vdCV1/asf7zV60LXeTDelaVXOtkZ7Dv4s1wbm1+rK+UxPqnLs2G0zkR5AnXuEp3oXm1nolndi3rn+R+rc2O5tXhv6e7c+3uMv7Zr/c26LKfV+tcPGmX/p+JolfPllQzXV5Kds6Nse3XrKnNhx111qP6LS7ut0dN2qWoris6Z+pOeM7Wcr+WZOlT/Dtc70mTV9nrftqmq7XJX247ft/Igrdw+gfwB8JxGc25o5J8jn498NvKbkbsjbw//8KXvvvTGUAb/Pvi95vjAm403ir/ks/xy+/U/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw7JY//OjeXKs1v9S/0ti7aZ/KfiPvqhT1F/o807HOYGU4yY4tg+WGIzvEJwfsPLI7jJ7K5q+SE89P50sE+/f5fVlp5iAD3tyvz8enPhPOemUg/SfAKV+YgGN3Y+X++zeWP/zo2wv3596bf29+cXB6emZ8ZvqtqRt3Flrz4+2fpx0lcBy2b/qnHQkAAAAAAAAAAABwUP0+GHD15f0+NHKgz3j4n4UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAkZgdS/NhikyMXx8v1zfWp1rl0qlv92wmaTSS4hdJ8Si5mfaS0a7hivzpUTb7HOfThZl3v3i88eX2WM12/6RRl89hrV5yJclAXR7VeLeee7zi351HWCbsWidxcNr+GwAA///UmvRo") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x4) fallocate(r0, 0x32, 0x10, 0x20000000000000) ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r4, 0x8983, &(0x7f00000000c0)) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x50483, 0x1}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}}]}}}]}, 0x50}}, 0x0) sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @remote, @rand_addr=0x64010100}}}], 0x20}}], 0x1, 0x40) write$binfmt_script(r1, &(0x7f0000000040), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000014c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x5, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {}, {0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0x0, 0xfffb}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008884}, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) r12 = socket(0x1e, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r12, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x24, r11, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r13}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x24}}, 0x0) r14 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r14, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 84.658040][ T5299] Bluetooth: hci0: command tx timeout [ 84.790543][ T5322] loop0: detected capacity change from 0 to 1024 [ 84.973421][ T44] hfsplus: b-tree write err: -5, ino 3 [ 85.009071][ T5323] Zero length message leads to an empty skb [ 85.033774][ T5322] VFS_BUG_ON_INODE(!IS_ANON_FILE(inode)) encountered for inode ffff8880118041b0 [ 85.033774][ T5322] fs hfsplus mode 0 opflags 0x4 flags 0x0 state 0x0 count 2 [ 85.050446][ T5322] ------------[ cut here ]------------ [ 85.052773][ T5322] kernel BUG at fs/namei.c:4210! [ 85.055028][ T5322] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 85.057918][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.061707][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.066050][ T5322] RIP: 0010:may_open+0x4b1/0x4c0 [ 85.068059][ T5322] Code: 38 c1 0f 8c 1e fd ff ff 4c 89 e7 e8 39 70 ea ff e9 11 fd ff ff e8 5f 96 80 ff 4c 89 f7 48 c7 c6 e0 e8 bd 8b e8 a0 56 e4 fe 90 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 85.076447][ T5322] RSP: 0018:ffffc9000e367940 EFLAGS: 00010282 [ 85.079107][ T5322] RAX: 0000000000000087 RBX: dffffc0000000000 RCX: ec073c6ed3f5ef00 [ 85.082441][ T5322] RDX: ffffc9000f402000 RSI: 0000000000001564 RDI: 0000000000001565 [ 85.086012][ T5322] RBP: 0000000000008002 R08: ffffc9000e367667 R09: 1ffff92001c6cecc [ 85.089510][ T5322] R10: dffffc0000000000 R11: fffff52001c6cecd R12: 0000000000000000 [ 85.093101][ T5322] R13: ffffffff8e6e0ac0 R14: ffff8880118041b0 R15: 0000000000000006 [ 85.096643][ T5322] FS: 00007fa7d50256c0(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000 [ 85.100520][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.103483][ T5322] CR2: 00007fa7d4f456a0 CR3: 00000000001fd000 CR4: 0000000000352ef0 [ 85.106950][ T5322] Call Trace: [ 85.108491][ T5322] [ 85.109889][ T5322] path_openat+0x330c/0x3e20 [ 85.111890][ T5322] ? __pfx_path_openat+0x10/0x10 [ 85.113951][ T5322] do_filp_open+0x22d/0x490 [ 85.115713][ T5322] ? __pfx_do_filp_open+0x10/0x10 [ 85.117996][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 85.120216][ T5322] ? alloc_fd+0x64b/0x6c0 [ 85.122112][ T5322] do_sys_openat2+0x12f/0x220 [ 85.124218][ T5322] ? __se_sys_futex+0x3a8/0x450 [ 85.126812][ T5322] ? __pfx_do_sys_openat2+0x10/0x10 [ 85.129206][ T5322] ? rcu_is_watching+0x15/0xb0 [ 85.131400][ T5322] __x64_sys_openat+0x138/0x170 [ 85.133187][ T5322] do_syscall_64+0xe2/0xf80 [ 85.134781][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.137204][ T5322] ? trace_irq_disable+0x37/0x100 [ 85.139461][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 85.141475][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.144024][ T5322] RIP: 0033:0x7fa7d419aeb9 [ 85.145677][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.154065][ T5322] RSP: 002b:00007fa7d5025028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 85.157282][ T5322] RAX: ffffffffffffffda RBX: 00007fa7d4415fa0 RCX: 00007fa7d419aeb9 [ 85.160201][ T5322] RDX: 0000000000000002 RSI: 0000200000000540 RDI: ffffffffffffff9c [ 85.163239][ T5322] RBP: 00007fa7d4208c1f R08: 0000000000000000 R09: 0000000000000000 [ 85.166179][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.169389][ T5322] R13: 00007fa7d4416038 R14: 00007fa7d4415fa0 R15: 00007ffefb68ab28 [ 85.172434][ T5322] [ 85.173791][ T5322] Modules linked in: [ 85.175805][ T5322] ---[ end trace 0000000000000000 ]--- [ 85.198596][ T5322] RIP: 0010:may_open+0x4b1/0x4c0 [ 85.200728][ T5322] Code: 38 c1 0f 8c 1e fd ff ff 4c 89 e7 e8 39 70 ea ff e9 11 fd ff ff e8 5f 96 80 ff 4c 89 f7 48 c7 c6 e0 e8 bd 8b e8 a0 56 e4 fe 90 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 85.211552][ T5322] RSP: 0018:ffffc9000e367940 EFLAGS: 00010282 [ 85.214178][ T5322] RAX: 0000000000000087 RBX: dffffc0000000000 RCX: ec073c6ed3f5ef00 [ 85.217618][ T5322] RDX: ffffc9000f402000 RSI: 0000000000001564 RDI: 0000000000001565 [ 85.239253][ T5322] RBP: 0000000000008002 R08: ffffc9000e367667 R09: 1ffff92001c6cecc [ 85.242279][ T5322] R10: dffffc0000000000 R11: fffff52001c6cecd R12: 0000000000000000 [ 85.245560][ T5322] R13: ffffffff8e6e0ac0 R14: ffff8880118041b0 R15: 0000000000000006 [ 85.266917][ T5322] FS: 00007fa7d50256c0(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000 [ 85.271355][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.274859][ T5322] CR2: 00007ffffffff000 CR3: 00000000001fd000 CR4: 0000000000352ef0 [ 85.282185][ T5322] Kernel panic - not syncing: Fatal exception [ 85.285228][ T5322] Kernel Offset: disabled [ 85.286848][ T5322] Rebooting in 86400 seconds..