program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x0) syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="50000000080211000001ffffffffffff0802110000000000000000000000000064000100000602020202020201010b"], 0x48) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./file1\x00', 0x84, &(0x7f0000000000)=ANY=[], 0x8b, 0x2d5, &(0x7f0000025dc0)="$eJzs3c9OE10Yx/HfmSlteeHFUTAmxoVBia4M4Ma4aWKI1+BGI9KaEBqIiImysXFtvAD3bLwAL8KVMXGNK1deALsxZ3pKz7QzbYHQAfl+ktrO9Px5zsy0c56RZgTgwnq0sr93/7d9GClUKOmhFNi3bqok6aquVd9s7qzvNBv1QQ2FUlXJw0hJTdNXZm2zkVXV1ktqOJFdKmnaX4fTEcdx/KvoIFCkqnsOs94MpIr7dIZ+4bOs0rM80bPcCqXWGOM5i8yBDvRWM0XHAQAolmmf3wN3np928/cgkBbcad8////8v+B4T+aODooOoWDe+T/JsmJj9++l5K1uvmc06cp3ssSj9mPnYmW1j6zUBNOks8r+ZDGJJZh8ud5s3FvbatYDfVAtYfy8cE5STXWXs2ZF29/0fMa6tLK/sD+sdK6pZAwTdgzL3fhrNa/IbFanx93aozDfzHfzzET6rPrh/K8UG3/Mbk89nujGv5jX3Narp/Y5apfKGeVluxtK19MbduAow7yMRG5LxaHSFwiidJzlzFpl9dRqj24pryfXzmxmreUhteZsrS9ere7RnF/ztJlP5omZ1x991Yo3/w/s1l5Q/yczu5GkpDsyBo6nlJSM/FWtG5klg6OPBUfU3cYf9UIPNPP63e7GarPZ2B73CxvD2Du9mC8i9a7pHARnJcLjvbDfsf4aRY3t0nh6L59401XdTrGTmf4yld2N1YpfuD3Szgmxt8HOx3qE3jsX8IZGOMZvJRSmu9Pzy7wX/xPzD7NfHqad/3n5ymKS9Nh/ogHz9HjYtM1rcSkjN+heqv/Pa8m46/P5GdBUZgbX0mg5V1L31l3ptrdyf68yKOeKdEWH2fD5Z1b0Q8+5/g8AAAAAAAAAAAAAAAAAAHDejOPXGl53/B05AAAAAAAAAAAAAAAAAAAAAADHkH//36pO8f6/qd8BjHz/394bewI4kb8BAAD//+jIZ98=") r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000003cc0)={'wlan1\x00'}) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x2a0000a, 0x0, 0x0, 0x0, 0x0) rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000080211000001080211000000080211000000200004a000000c0001"], 0x3c) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r7) sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="000427bd7000fddbdf253000000008000300", @ANYRES32=r5, @ANYBLOB="0c0099000700000072000000060009002d000000"], 0x30}}, 0x840) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) [ 84.217675][ T45] Bluetooth: hci0: command tx timeout [ 84.408118][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 84.455226][ T5322] wlan1: No basic rates, using min rate instead [ 84.460802][ T5322] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 84.466128][ T5322] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 84.486211][ T1047] wlan1: authenticated [ 84.488328][ T5322] wlan1: associating to AP 08:02:11:00:00:00 with corrupt probe response [ 84.492986][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 84.504620][ T1047] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 84.508401][ T5324] loop0: detected capacity change from 0 to 64 [ 84.554730][ T1101] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0xa004 status=0 aid=12) [ 84.558552][ T1101] wlan1: No basic rates, using min rate instead [ 84.566324][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 84.575488][ T1101] wlan1: associated [ 84.586242][ T5324] hfs: hfs: Invalid key length: 94 [ 84.596921][ T5324] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 84.605533][ T5324] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 84.659021][ T5324] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 84.677719][ T1101] ------------[ cut here ]------------ [ 84.681487][ T1101] kernel BUG at fs/hfs/inode.c:474! [ 84.704761][ T1101] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 84.707792][ T1101] CPU: 0 UID: 0 PID: 1101 Comm: kworker/u4:9 Not tainted syzkaller #0 PREEMPT(full) [ 84.712183][ T1101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.717081][ T1101] Workqueue: writeback wb_workfn (flush-7:0) [ 84.720260][ T1101] RIP: 0010:hfs_write_inode+0x934/0x960 [ 84.722768][ T1101] Code: 40 31 ff e8 2e aa 13 ff 81 e3 00 00 00 40 75 1c e8 e1 a5 13 ff 48 bb f8 f8 f8 f8 f8 f8 f8 f8 e9 dc f7 ff ff e8 cd a5 13 ff 90 <0f> 0b e8 c5 a5 13 ff e8 a0 e4 80 fe eb dd 44 89 f1 80 e1 07 80 c1 [ 84.732214][ T1101] RSP: 0018:ffffc900058f7120 EFLAGS: 00010293 [ 84.735030][ T1101] RAX: ffffffff82b21ea3 RBX: ffff888012f4bc18 RCX: ffff888036bda4c0 [ 84.738499][ T1101] RDX: 0000000000000000 RSI: ffffffff8e9c98c0 RDI: 0000000000000000 [ 84.742104][ T1101] RBP: ffffc900058f72a8 R08: ffff888036bda4c0 R09: 0000000000000003 [ 84.746567][ T1101] R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000 [ 84.750772][ T1101] R13: 1ffff92000b1ee28 R14: 0000000000000000 R15: ffff888012f4bbd8 [ 84.754092][ T1101] FS: 0000000000000000(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 84.757901][ T1101] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.760841][ T1101] CR2: 00007fa8b1bdccf0 CR3: 000000000e54c000 CR4: 0000000000352ef0 [ 84.764226][ T1101] Call Trace: [ 84.765853][ T1101] [ 84.767191][ T1101] ? __lock_acquire+0x6b5/0x2cf0 [ 84.770045][ T1101] ? __pfx_hfs_write_inode+0x10/0x10 [ 84.772928][ T1101] ? __pfx_hfs_writepages+0x10/0x10 [ 84.775597][ T1101] ? do_raw_spin_unlock+0x4d/0x210 [ 84.778157][ T1101] __writeback_single_inode+0x75a/0x11a0 [ 84.780606][ T1101] writeback_sb_inodes+0x992/0x1a20 [ 84.783004][ T1101] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 84.785771][ T1101] ? __pfx_down_read_trylock+0x10/0x10 [ 84.788551][ T1101] ? __pfx___up_read+0x10/0x10 [ 84.790857][ T1101] __writeback_inodes_wb+0x111/0x240 [ 84.793366][ T1101] wb_writeback+0x46a/0xb70 [ 84.795374][ T1101] ? queue_io+0x251/0x4a0 [ 84.797345][ T1101] ? __pfx_wb_writeback+0x10/0x10 [ 84.799753][ T1101] ? do_raw_spin_lock+0x12b/0x2f0 [ 84.802409][ T1101] wb_workfn+0x95b/0xf50 [ 84.804469][ T1101] ? __pfx_wb_workfn+0x10/0x10 [ 84.806795][ T1101] ? do_raw_spin_lock+0x12b/0x2f0 [ 84.809136][ T1101] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 84.811452][ T1101] ? process_scheduled_works+0xa8d/0x18c0 [ 84.813817][ T1101] ? process_scheduled_works+0xa8d/0x18c0 [ 84.816454][ T1101] process_scheduled_works+0xb6e/0x18c0 [ 84.819821][ T1101] ? __pfx_process_scheduled_works+0x10/0x10 [ 84.822905][ T1101] ? assign_work+0x3d5/0x5e0 [ 84.824798][ T1101] worker_thread+0xa53/0xfc0 [ 84.826744][ T1101] kthread+0x388/0x470 [ 84.828555][ T1101] ? __pfx_worker_thread+0x10/0x10 [ 84.831105][ T1101] ? __pfx_kthread+0x10/0x10 [ 84.833152][ T1101] ret_from_fork+0x51e/0xb90 [ 84.835043][ T1101] ? __pfx_ret_from_fork+0x10/0x10 [ 84.837253][ T1101] ? __switch_to+0xc7d/0x1450 [ 84.839894][ T1101] ? __pfx_kthread+0x10/0x10 [ 84.842495][ T1101] ret_from_fork_asm+0x1a/0x30 [ 84.844825][ T1101] [ 84.846138][ T1101] Modules linked in: [ 84.848052][ T1101] ---[ end trace 0000000000000000 ]--- [ 84.886602][ T1101] RIP: 0010:hfs_write_inode+0x934/0x960 [ 84.889643][ T1101] Code: 40 31 ff e8 2e aa 13 ff 81 e3 00 00 00 40 75 1c e8 e1 a5 13 ff 48 bb f8 f8 f8 f8 f8 f8 f8 f8 e9 dc f7 ff ff e8 cd a5 13 ff 90 <0f> 0b e8 c5 a5 13 ff e8 a0 e4 80 fe eb dd 44 89 f1 80 e1 07 80 c1 [ 84.899969][ T1101] RSP: 0018:ffffc900058f7120 EFLAGS: 00010293 [ 84.903006][ T1101] RAX: ffffffff82b21ea3 RBX: ffff888012f4bc18 RCX: ffff888036bda4c0 [ 84.906943][ T1101] RDX: 0000000000000000 RSI: ffffffff8e9c98c0 RDI: 0000000000000000 [ 84.911082][ T1101] RBP: ffffc900058f72a8 R08: ffff888036bda4c0 R09: 0000000000000003 [ 84.915662][ T1101] R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000 [ 84.919949][ T1101] R13: 1ffff92000b1ee28 R14: 0000000000000000 R15: ffff888012f4bbd8 [ 84.923769][ T1101] FS: 0000000000000000(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 84.928510][ T1101] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.931381][ T1101] CR2: 00007f6f00ba7120 CR3: 000000001ce01000 CR4: 0000000000352ef0 [ 84.935288][ T1101] Kernel panic - not syncing: Fatal exception [ 84.938134][ T1101] Kernel Offset: disabled [ 84.939978][ T1101] Rebooting in 86400 seconds..