program:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x705, 0x70bd2b, 0x5, {0x0, 0x0, 0x0, 0x0, {0x1, 0xffe0}, {0x10, 0x8}, {0xfff2, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000001980)="d527"})
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0xfe, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
setxattr$security_capability(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f00000003c0)=@v3={0x3000000, [{0x9, 0x9}, {0xffff, 0xffffffff}]}, 0x18, 0x1)
recvmmsg(0xffffffffffffffff, &(0x7f00000019c0)=[{{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/47, 0x2f}, {&(0x7f0000001380)=""/206, 0xce}, {&(0x7f0000001480)=""/253, 0xfd}, {&(0x7f0000001580)=""/99, 0x63}, {&(0x7f0000001600)=""/242, 0xf2}, {&(0x7f0000001780)=""/109, 0x6d}, {&(0x7f0000000300)=""/41, 0x29}], 0x8}, 0x6}], 0x1, 0x100, 0x0) (async)
recvmmsg(0xffffffffffffffff, &(0x7f00000019c0)=[{{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/47, 0x2f}, {&(0x7f0000001380)=""/206, 0xce}, {&(0x7f0000001480)=""/253, 0xfd}, {&(0x7f0000001580)=""/99, 0x63}, {&(0x7f0000001600)=""/242, 0xf2}, {&(0x7f0000001780)=""/109, 0x6d}, {&(0x7f0000000300)=""/41, 0x29}], 0x8}, 0x6}], 0x1, 0x100, 0x0)
open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) (async)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000200)={0xa, 0x0, @multicast1}, 0x10)
r2 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0)
ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000080)=0x3f)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x1, &(0x7f0000000000)={[{@norecovery}, {@errors_continue}, {@nobarrier}, {@errors_remount_ro}, {@order_strict}, {@order_relaxed}]}, 0x1, 0xa07, &(0x7f0000000b00)="$eJzs3U1sHFcdAPA3a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWqq3ipVXKI0LRFpQKQStOohyYkbrapw5UOceqkAIdELinriUolG4tJT4cCBKEiVOEAhMbL93nr9z65m10m8We/vJ43fzvzf7nuznp2dnZn3XgLGVmPp7/z8dJXSxXfePPKPh/6+eXHJ4+0craW/kx1zzZRSlecnw+t9OLGcXvvotRPd0irNLf0t8+npq+3nbk0pnUt706XUSrsvXn7jvbmnjp0/emHf+28dunJ71h4AAMbLM5cOze/665/v2/Hx2/cfTpvay8vxeSvPb8vH/YfzgX85/m+k1fNVx9RpKuSbzFMj5Jvokq+znGbIN9mj/Knwus0e+TbVlD/RsazbesMoK9txK1WNmVXzjcbMzPJv8rT0u36qmjlz6vQLZ4dUUeCW+9cDKaW9JpNpHKeF7cPeAwEsi9cLb3Aunlm4Oe1Xm+yv/KtPNLo/H26B9d7+lT9a5f/6vD0Ot85G3ZrKepXP0bY8H68jxPuXBv38l9eL1yOafdaz13WEUbm+0KueE+tcj7XqVf+4XWxU38xpeR++FeKdn5/4Px2V/zHQ3b+d/zeZxnZaGPYOCLhjxfvmFrISj/f1xfimmvhdNfHNNfEtNfGtNXEYZ797+afp9Wrld378TT/o+bBynu3unH5iwPrE85GDlh/v+x3UzZYf7yeGO9kfjj978mvPP3d5+f7/qr39X8/b+94838qfrUs5QzlfGM+rr9z7/8yqcho98t0T6nN3l/xLj3euzlftXHmd1LGfuaEe06uft71Xvj2r87VCvs15uivUNx6fbAnPK8cfZb9a3q/JsL7NsB5ToR5lv7Ijp7EesBZle+x1/3/ZPqdTs3rh1OmTj+X5sp3+aaK5aXH5/nWuN3Dz+m3/M51Wt//Z1l7ebHTuF7avLK869wutsHyux/IDeb58z313YvPS8pkT3z/9/K1eeRhzZ1959XvHT58++UMPPPDAg/aDYe+ZgNtt9uWXfjB79pVXHz310vEXT7548syBgwcPzM0d/PqB+dml4/rZzqN7YCNZ+dIfdk0AAAAAAAAAAACAfv3o6JHLf3n3qx8st/9faf9X2v+XO39L+/+fhPb/sZ18aQdf2gHu6BJfyhM6WJ0K+Zp5+mSo785Qzq7wvE/ltD2OX27/X4qL/bqW+twblsf+e0u+0J3ADf2lTIU+SOJ4gZ/N6YWc/irBEFWbuy/OaV3/1mVbL/1T6JdiNJX/W9kaSj8mpf13r36dyv5/xzrUkVtvPZoTDnsdge7+qf9vk2lsp4UFo3gAd4Zhj/9ZznuW9Mwfv33X4lSyXX1i9f4y9l8KN+NOH39S+Rtr/M/2+Hd97//CiHmttZX7n59f+aCj2LS73/Lj+pd+oHcOVv7HufyyNg+n/spf+GUoP14Q6tN/Q/lb+iz/hvXfs7by/5fLL2/bIw/2W/5yjavG6nrE88bl+l88b1xcC+tf+vYceP3XOFDj9Vw+jLNRGWd2UKMy/m8v8T6Mr+T5siMs9znE8U4GrX+5v6J8D+wKr1/VfL8Z/3e0fSOndZ+HMv5v2R5bXeYbHfPNLu/tRt3XwKj60PU/k2lsp4WFhdt7QqvGUAtn6O//sH8nDLv8Yb//deL4v/EYPo7/G+Nx/N8Yj+P/xngcXy/G4/i/8f2M4//G+L3hdeP4wNM18U/XxHfXxO+rie+piX+mJr6vJn5/TfyBmvg9NfEHa+Kfq4l/vib+UE38kZr4F2riG11pjzKu6w/jLLbP8/mH8VGu//T6/O+siQOj62dv73/yud9+p7Xc/n+qfT6kXMc73JF38bfzj/PjeN07dcwvxt7N838L8Tv9fAeMk9h/Rvx+f7gmDoyucp+XzzeMoap7jz399lvV6zif0fLFnH4pp1/O6aM5ncnpbE7353RunerH7fHkb35/6PVq5ff+9hDv937y2B4o9hN1oM/6xPMDg97PHvvxG9TNlr/G5mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABD01j6Oz8/XaV08Z03jzx77NTs4pLH2zlaS38nO+aa7eel9FhOJ3L6i/zg2kevnehMr+e0SnOpSlV7eXr6arukrSmlc2lvupRaaffFy2+8N/fUsfNHL+x7/61DV27fOwAAAAAb3/8DAAD//1zdDdg=") (async)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x1, &(0x7f0000000000)={[{@norecovery}, {@errors_continue}, {@nobarrier}, {@errors_remount_ro}, {@order_strict}, {@order_relaxed}]}, 0x1, 0xa07, &(0x7f0000000b00)="$eJzs3U1sHFcdAPA3a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWqq3ipVXKI0LRFpQKQStOohyYkbrapw5UOceqkAIdELinriUolG4tJT4cCBKEiVOEAhMbL93nr9z65m10m8We/vJ43fzvzf7nuznp2dnZn3XgLGVmPp7/z8dJXSxXfePPKPh/6+eXHJ4+0craW/kx1zzZRSlecnw+t9OLGcXvvotRPd0irNLf0t8+npq+3nbk0pnUt706XUSrsvXn7jvbmnjp0/emHf+28dunJ71h4AAMbLM5cOze/665/v2/Hx2/cfTpvay8vxeSvPb8vH/YfzgX85/m+k1fNVx9RpKuSbzFMj5Jvokq+znGbIN9mj/Knwus0e+TbVlD/RsazbesMoK9txK1WNmVXzjcbMzPJv8rT0u36qmjlz6vQLZ4dUUeCW+9cDKaW9JpNpHKeF7cPeAwEsi9cLb3Aunlm4Oe1Xm+yv/KtPNLo/H26B9d7+lT9a5f/6vD0Ot85G3ZrKepXP0bY8H68jxPuXBv38l9eL1yOafdaz13WEUbm+0KueE+tcj7XqVf+4XWxU38xpeR++FeKdn5/4Px2V/zHQ3b+d/zeZxnZaGPYOCLhjxfvmFrISj/f1xfimmvhdNfHNNfEtNfGtNXEYZ797+afp9Wrld378TT/o+bBynu3unH5iwPrE85GDlh/v+x3UzZYf7yeGO9kfjj978mvPP3d5+f7/qr39X8/b+94838qfrUs5QzlfGM+rr9z7/8yqcho98t0T6nN3l/xLj3euzlftXHmd1LGfuaEe06uft71Xvj2r87VCvs15uivUNx6fbAnPK8cfZb9a3q/JsL7NsB5ToR5lv7Ijp7EesBZle+x1/3/ZPqdTs3rh1OmTj+X5sp3+aaK5aXH5/nWuN3Dz+m3/M51Wt//Z1l7ebHTuF7avLK869wutsHyux/IDeb58z313YvPS8pkT3z/9/K1eeRhzZ1959XvHT58++UMPPPDAg/aDYe+ZgNtt9uWXfjB79pVXHz310vEXT7548syBgwcPzM0d/PqB+dml4/rZzqN7YCNZ+dIfdk0AAAAAAAAAAACAfv3o6JHLf3n3qx8st/9faf9X2v+XO39L+/+fhPb/sZ18aQdf2gHu6BJfyhM6WJ0K+Zp5+mSo785Qzq7wvE/ltD2OX27/X4qL/bqW+twblsf+e0u+0J3ADf2lTIU+SOJ4gZ/N6YWc/irBEFWbuy/OaV3/1mVbL/1T6JdiNJX/W9kaSj8mpf13r36dyv5/xzrUkVtvPZoTDnsdge7+qf9vk2lsp4UFo3gAd4Zhj/9ZznuW9Mwfv33X4lSyXX1i9f4y9l8KN+NOH39S+Rtr/M/2+Hd97//CiHmttZX7n59f+aCj2LS73/Lj+pd+oHcOVv7HufyyNg+n/spf+GUoP14Q6tN/Q/lb+iz/hvXfs7by/5fLL2/bIw/2W/5yjavG6nrE88bl+l88b1xcC+tf+vYceP3XOFDj9Vw+jLNRGWd2UKMy/m8v8T6Mr+T5siMs9znE8U4GrX+5v6J8D+wKr1/VfL8Z/3e0fSOndZ+HMv5v2R5bXeYbHfPNLu/tRt3XwKj60PU/k2lsp4WFhdt7QqvGUAtn6O//sH8nDLv8Yb//deL4v/EYPo7/G+Nx/N8Yj+P/xngcXy/G4/i/8f2M4//G+L3hdeP4wNM18U/XxHfXxO+rie+piX+mJr6vJn5/TfyBmvg9NfEHa+Kfq4l/vib+UE38kZr4F2riG11pjzKu6w/jLLbP8/mH8VGu//T6/O+siQOj62dv73/yud9+p7Xc/n+qfT6kXMc73JF38bfzj/PjeN07dcwvxt7N838L8Tv9fAeMk9h/Rvx+f7gmDoyucp+XzzeMoap7jz399lvV6zif0fLFnH4pp1/O6aM5ncnpbE7353RunerH7fHkb35/6PVq5ff+9hDv937y2B4o9hN1oM/6xPMDg97PHvvxG9TNlr/G5mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABD01j6Oz8/XaV08Z03jzx77NTs4pLH2zlaS38nO+aa7eel9FhOJ3L6i/zg2kevnehMr+e0SnOpSlV7eXr6arukrSmlc2lvupRaaffFy2+8N/fUsfNHL+x7/61DV27fOwAAAAAb3/8DAAD//1zdDdg=")

[   75.735927][ T4685] Bluetooth: hci0: command tx timeout
[   75.805458][ T5336] binder: 5335:5336 ioctl 4018620d 0 returned -22
[   75.816447][ T5336] binder: 5335:5336 ioctl c0306201 200000001a80 returned -11
[   75.833482][ T5336] loop0: detected capacity change from 0 to 1024
[   75.889141][ T5336] hfsplus: request for non-existent node 134217728 in B*Tree
[   75.892350][ T5336] hfsplus: request for non-existent node 134217728 in B*Tree
[   75.901303][ T5337] ==================================================================
[   75.904857][ T5337] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[   75.908253][ T5337] Read of size 8 at addr ffff888036d1b6c8 by task syz.0.0/5337
[   75.911625][ T5337] 
[   75.912784][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[   75.912798][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.912804][ T5337] Call Trace:
[   75.912812][ T5337]  <TASK>
[   75.912818][ T5337]  dump_stack_lvl+0x189/0x250
[   75.912834][ T5337]  ? __virt_addr_valid+0x1c8/0x5c0
[   75.912847][ T5337]  ? rcu_is_watching+0x15/0xb0
[   75.912860][ T5337]  ? __kasan_check_byte+0x12/0x40
[   75.912872][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.912884][ T5337]  ? rcu_is_watching+0x15/0xb0
[   75.912896][ T5337]  ? lock_release+0x4b/0x3e0
[   75.912910][ T5337]  ? __virt_addr_valid+0x1c8/0x5c0
[   75.912922][ T5337]  ? __virt_addr_valid+0x4a5/0x5c0
[   75.912935][ T5337]  print_report+0xca/0x230
[   75.912945][ T5337]  ? hfsplus_bnode_read+0xc0/0x2a0
[   75.912956][ T5337]  kasan_report+0x118/0x150
[   75.912969][ T5337]  ? hfsplus_bnode_read+0xc0/0x2a0
[   75.912980][ T5337]  hfsplus_bnode_read+0xc0/0x2a0
[   75.912992][ T5337]  hfsplus_bnode_dump+0x300/0x450
[   75.913017][ T5337]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   75.913029][ T5337]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   75.913042][ T5337]  ? hfsplus_bnode_move+0x393/0xb90
[   75.913055][ T5337]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   75.913068][ T5337]  hfsplus_brec_remove+0x480/0x550
[   75.913086][ T5337]  __hfsplus_delete_attr+0x1d4/0x360
[   75.913101][ T5337]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   75.913116][ T5337]  ? hfsplus_attr_build_key+0xee/0x260
[   75.913129][ T5337]  hfsplus_delete_attr+0x231/0x2d0
[   75.913142][ T5337]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   75.913151][ T5337]  ? hfsplus_find_init+0x8c/0x1d0
[   75.913162][ T5337]  ? hfsplus_find_init+0x15a/0x1d0
[   75.913174][ T5337]  __hfsplus_setxattr+0x37a/0x1f40
[   75.913188][ T5337]  ? is_bpf_text_address+0x26/0x2b0
[   75.913201][ T5337]  ? kernel_text_address+0xa5/0xe0
[   75.913210][ T5337]  ? unwind_get_return_address+0x4d/0x90
[   75.913222][ T5337]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   75.913237][ T5337]  ? arch_stack_walk+0xfc/0x150
[   75.913249][ T5337]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   75.913264][ T5337]  ? stack_trace_save+0x9c/0xe0
[   75.913291][ T5337]  ? __kasan_kmalloc+0x93/0xb0
[   75.913303][ T5337]  ? hfsplus_setxattr+0x102/0x180
[   75.913318][ T5337]  hfsplus_setxattr+0x11e/0x180
[   75.913333][ T5337]  hfsplus_trusted_setxattr+0x40/0x60
[   75.913347][ T5337]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   75.913361][ T5337]  __vfs_setxattr+0x43c/0x480
[   75.913377][ T5337]  __vfs_setxattr_noperm+0x12d/0x660
[   75.913392][ T5337]  vfs_setxattr+0x16b/0x2f0
[   75.913407][ T5337]  ? __pfx_vfs_setxattr+0x10/0x10
[   75.913418][ T5337]  ? mnt_get_write_access+0x223/0x2a0
[   75.913430][ T5337]  filename_setxattr+0x274/0x600
[   75.913447][ T5337]  ? __pfx_filename_setxattr+0x10/0x10
[   75.913462][ T5337]  ? getname_flags+0x1e5/0x540
[   75.913477][ T5337]  path_setxattrat+0x364/0x3a0
[   75.913490][ T5337]  ? __pfx_path_setxattrat+0x10/0x10
[   75.913508][ T5337]  ? rcu_is_watching+0x15/0xb0
[   75.913521][ T5337]  __x64_sys_setxattr+0xbc/0xe0
[   75.913537][ T5337]  do_syscall_64+0xfa/0x3b0
[   75.913598][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.913610][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.913620][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   75.913632][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.913643][ T5337] RIP: 0033:0x7fd74498e9a9
[   75.913655][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.913664][ T5337] RSP: 002b:00007fd740dd4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   75.913677][ T5337] RAX: ffffffffffffffda RBX: 00007fd744bb6080 RCX: 00007fd74498e9a9
[   75.913684][ T5337] RDX: 0000200000001400 RSI: 00002000000001c0 RDI: 0000200000000200
[   75.913691][ T5337] RBP: 00007fd744a10d69 R08: 0000000000000000 R09: 0000000000000000
[   75.913697][ T5337] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000
[   75.913703][ T5337] R13: 0000000000000000 R14: 00007fd744bb6080 R15: 00007ffc5dfdc278
[   75.913714][ T5337]  </TASK>
[   75.913718][ T5337] 
[   76.091246][ T5337] Allocated by task 5337:
[   76.093114][ T5337]  kasan_save_track+0x3e/0x80
[   76.095111][ T5337]  __kasan_kmalloc+0x93/0xb0
[   76.097206][ T5337]  __kmalloc_noprof+0x27a/0x4f0
[   76.099348][ T5337]  __hfs_bnode_create+0xf3/0x810
[   76.101516][ T5337]  hfsplus_bnode_find+0x224/0xd20
[   76.103707][ T5337]  hfsplus_brec_find+0x15c/0x500
[   76.105813][ T5337]  hfsplus_attr_exists+0x163/0x1d0
[   76.108019][ T5337]  __hfsplus_setxattr+0x33e/0x1f40
[   76.110315][ T5337]  hfsplus_setxattr+0x11e/0x180
[   76.112680][ T5337]  hfsplus_trusted_setxattr+0x40/0x60
[   76.115053][ T5337]  __vfs_setxattr+0x43c/0x480
[   76.117095][ T5337]  __vfs_setxattr_noperm+0x12d/0x660
[   76.119597][ T5337]  vfs_setxattr+0x16b/0x2f0
[   76.121758][ T5337]  filename_setxattr+0x274/0x600
[   76.124224][ T5337]  path_setxattrat+0x364/0x3a0
[   76.126559][ T5337]  __x64_sys_setxattr+0xbc/0xe0
[   76.128816][ T5337]  do_syscall_64+0xfa/0x3b0
[   76.130790][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.133377][ T5337] 
[   76.134490][ T5337] The buggy address belongs to the object at ffff888036d1b600
[   76.134490][ T5337]  which belongs to the cache kmalloc-192 of size 192
[   76.140617][ T5337] The buggy address is located 48 bytes to the right of
[   76.140617][ T5337]  allocated 152-byte region [ffff888036d1b600, ffff888036d1b698)
[   76.146828][ T5337] 
[   76.148063][ T5337] The buggy address belongs to the physical page:
[   76.151174][ T5337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36d1b
[   76.155074][ T5337] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   76.158159][ T5337] page_type: f5(slab)
[   76.159843][ T5337] raw: 04fff00000000000 ffff88801a4413c0 dead000000000100 dead000000000122
[   76.163416][ T5337] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   76.167653][ T5337] page dumped because: kasan: bad access detected
[   76.170571][ T5337] page_owner tracks the page as allocated
[   76.172832][ T5337] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 17696481783, free_ts 0
[   76.180364][ T5337]  post_alloc_hook+0x240/0x2a0
[   76.182587][ T5337]  get_page_from_freelist+0x21e4/0x22c0
[   76.185431][ T5337]  __alloc_frozen_pages_noprof+0x181/0x370
[   76.188385][ T5337]  alloc_pages_mpol+0x232/0x4a0
[   76.190896][ T5337]  allocate_slab+0x8a/0x3b0
[   76.193229][ T5337]  ___slab_alloc+0xbfc/0x1480
[   76.195405][ T5337]  __kmalloc_cache_noprof+0x296/0x3d0
[   76.197815][ T5337]  mon_bus_init+0x50/0x2a0
[   76.199842][ T5337]  mon_notify+0x112/0x3f0
[   76.201777][ T5337]  notifier_call_chain+0x1b3/0x3e0
[   76.204047][ T5337]  blocking_notifier_call_chain+0x6a/0x90
[   76.206566][ T5337]  usb_register_bus+0xcf/0x150
[   76.208700][ T5337]  usb_add_hcd+0x451/0x1050
[   76.210834][ T5337]  vhci_hcd_probe+0x1c1/0x380
[   76.213302][ T5337]  platform_probe+0x148/0x1d0
[   76.216065][ T5337]  really_probe+0x26a/0x9a0
[   76.218231][ T5337] page_owner free stack trace missing
[   76.220659][ T5337] 
[   76.221741][ T5337] Memory state around the buggy address:
[   76.224054][ T5337]  ffff888036d1b580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   76.227270][ T5337]  ffff888036d1b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.230857][ T5337] >ffff888036d1b680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.234736][ T5337]                                               ^
[   76.237687][ T5337]  ffff888036d1b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.241157][ T5337]  ffff888036d1b780: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.245085][ T5337] ==================================================================
[   76.259349][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   76.262252][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   76.277259][ T5337] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   76.280474][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[   76.284811][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.289442][ T5337] Call Trace:
[   76.290815][ T5337]  <TASK>
[   76.292111][ T5337]  dump_stack_lvl+0x99/0x250
[   76.294246][ T5337]  ? __asan_memcpy+0x40/0x70
[   76.296383][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.298613][ T5337]  ? __pfx__printk+0x10/0x10
[   76.300618][ T5337]  panic+0x2db/0x790
[   76.302296][ T5337]  ? __pfx_preempt_schedule+0x10/0x10
[   76.304598][ T5337]  ? __pfx_panic+0x10/0x10
[   76.306603][ T5337]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   76.309364][ T5337]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.312377][ T5337]  ? hfsplus_bnode_read+0xc0/0x2a0
[   76.314678][ T5337]  check_panic_on_warn+0x89/0xb0
[   76.316970][ T5337]  ? hfsplus_bnode_read+0xc0/0x2a0
[   76.319215][ T5337]  end_report+0x78/0x160
[   76.321089][ T5337]  kasan_report+0x129/0x150
[   76.323116][ T5337]  ? hfsplus_bnode_read+0xc0/0x2a0
[   76.325421][ T5337]  hfsplus_bnode_read+0xc0/0x2a0
[   76.327229][ T5337]  hfsplus_bnode_dump+0x300/0x450
[   76.329180][ T5337]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   76.331465][ T5337]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   76.333739][ T5337]  ? hfsplus_bnode_move+0x393/0xb90
[   76.335669][ T5337]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   76.337902][ T5337]  hfsplus_brec_remove+0x480/0x550
[   76.340491][ T5337]  __hfsplus_delete_attr+0x1d4/0x360
[   76.343059][ T5337]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   76.345496][ T5337]  ? hfsplus_attr_build_key+0xee/0x260
[   76.347874][ T5337]  hfsplus_delete_attr+0x231/0x2d0
[   76.350192][ T5337]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   76.352659][ T5337]  ? hfsplus_find_init+0x8c/0x1d0
[   76.354931][ T5337]  ? hfsplus_find_init+0x15a/0x1d0
[   76.357165][ T5337]  __hfsplus_setxattr+0x37a/0x1f40
[   76.359378][ T5337]  ? is_bpf_text_address+0x26/0x2b0
[   76.361722][ T5337]  ? kernel_text_address+0xa5/0xe0
[   76.364124][ T5337]  ? unwind_get_return_address+0x4d/0x90
[   76.366678][ T5337]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   76.369499][ T5337]  ? arch_stack_walk+0xfc/0x150
[   76.371819][ T5337]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   76.374105][ T5337]  ? stack_trace_save+0x9c/0xe0
[   76.376122][ T5337]  ? __kasan_kmalloc+0x93/0xb0
[   76.378339][ T5337]  ? hfsplus_setxattr+0x102/0x180
[   76.380893][ T5337]  hfsplus_setxattr+0x11e/0x180
[   76.383332][ T5337]  hfsplus_trusted_setxattr+0x40/0x60
[   76.385691][ T5337]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   76.388290][ T5337]  __vfs_setxattr+0x43c/0x480
[   76.390414][ T5337]  __vfs_setxattr_noperm+0x12d/0x660
[   76.392775][ T5337]  vfs_setxattr+0x16b/0x2f0
[   76.394827][ T5337]  ? __pfx_vfs_setxattr+0x10/0x10
[   76.397116][ T5337]  ? mnt_get_write_access+0x223/0x2a0
[   76.399529][ T5337]  filename_setxattr+0x274/0x600
[   76.401697][ T5337]  ? __pfx_filename_setxattr+0x10/0x10
[   76.404153][ T5337]  ? getname_flags+0x1e5/0x540
[   76.406272][ T5337]  path_setxattrat+0x364/0x3a0
[   76.408319][ T5337]  ? __pfx_path_setxattrat+0x10/0x10
[   76.410624][ T5337]  ? rcu_is_watching+0x15/0xb0
[   76.412874][ T5337]  __x64_sys_setxattr+0xbc/0xe0
[   76.415030][ T5337]  do_syscall_64+0xfa/0x3b0
[   76.417060][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.419222][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.421928][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   76.424236][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.427128][ T5337] RIP: 0033:0x7fd74498e9a9
[   76.429203][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.437537][ T5337] RSP: 002b:00007fd740dd4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   76.441337][ T5337] RAX: ffffffffffffffda RBX: 00007fd744bb6080 RCX: 00007fd74498e9a9
[   76.444860][ T5337] RDX: 0000200000001400 RSI: 00002000000001c0 RDI: 0000200000000200
[   76.448580][ T5337] RBP: 00007fd744a10d69 R08: 0000000000000000 R09: 0000000000000000
[   76.452292][ T5337] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000
[   76.455725][ T5337] R13: 0000000000000000 R14: 00007fd744bb6080 R15: 00007ffc5dfdc278
[   76.458898][ T5337]  </TASK>
[   76.460561][ T5337] Kernel Offset: disabled
[   76.462482][ T5337] Rebooting in 86400 seconds..