program: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) (async) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x80000c, &(0x7f0000000400)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRESOCT, @ANYRESHEX=0x0, @ANYRES8, @ANYRES64, @ANYRES32, @ANYRESDEC, @ANYRES16, @ANYRESHEX=0x0, @ANYRES8, @ANYBLOB="b19bb3a3b3758a76d18d41c8a29fd5be259cea3fee8413d07f010545de60951925b4be1fcad9de530612d629c75fd82c4caf456f323b8061a6c78ec612da642c88aa75115f19f43bf20af1b0a0d3b5ef197c99dc61cbd6c6acd37cada6"], 0x1, 0x6f0, &(0x7f0000001540)="$eJzs3UtoHOcdAPD/rHZXuyo4cuJHWgIRMaSlorZkIbfqpW4pRYdQQnroebHlWHgtB0kpsimN3Me9h5x6Sg+6hR5Keje054ZAyVXHQCGXnHRTmdnZl/ZtWY+kv5+YmW/me85/dmb2gZgA/m+tzkfxWSSxOv/WTrq+v7dUn9pbms6z6xFRjohCRLGxiGQjstzb+RTfTjfm5ZNB/Xy4vvLO51/tf9FYK+ZTVj4ZVq+Pcu+m3XyKuYiYype9SgNa/ORo913t3RnY3rjae5gG7FozcPGXY7UKx3bYY7eV9/F/svmw6pOct8A5lTTumz3n82zETERUIhp3/d24Ffkbga+13bMeAAAAAEyqOnmVlw7iIHbiwkkMBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL6pOp7/n+TP98/Sc5E0n/9fzko0lM90sAONfhDiZ9ON5bOTHwwAAAAAAAAAnLjXD+IgduJCc/0wyX7zfyP/3T/1rXg/tmItNuN67EQttmM7NmMxImY7Girv1La3NxezmhGXhtS8GZ/2qXlz8Bhvv+B9BgAAAAAAAIBzrjIi/0Gpd9vvY7X9+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJwHScRUY5FNl5rp2SgUI6LSLLcb8WlElM92tBNJ+m18dvrjAAAAgGOpdK8mlTHqvPRBHMROXGiuHybZZ/4r2eflSrwfG7Ed67Ed9ViLu/ln6PRTf2F/b6m+v7f0MJ162/3plxMNPWsxGt899O/51axENe7FerbletyJJA4zhbyVV/f3ltLlw/7jepqOKflJbshopjrSd9PZ1U+y9J+7v0UoTrSLz6kwMGc2yy21IrKQjy2tcbEZgf6RGHl0ikN7WoxC65ufS8N76h/zp0M7fzpzpFTfb27OxNFI3IxC6whdGR6JiO/+4+Nf369vPLh/b2v+/OxSXx+MLHE0Eksdkbj6DYrEaAtZJC631lfjF/GrmI8vp9+OzViP30QttmNtrplfy1/P6Xx2eKQ+m+lce3vcETWuX/3GNBddY4q5+HmWqsUb2TG9EOuRxKOIWItb2d/NWGxdDdpH+PIYZ31hjCtth2vfyxatMEV1cNm/jdfki5Je6y52xLXzmjub5XVuaUfp5b5Rat7rxr8fdSh+J0+kLfxh6P3htB2NxGJHJF4Z9HpphPSvh+l8q77xYPN+7b0x+3szX6bn0Z/O1V0iPcIvRyXfuYvZPMnOqYUs75XWHbY7XuX8F5eGQk/e5Va9xpn6y3gUd7vO1B/GcizHSlb6Sla61HPHSvOutlrqvoaneek7rWLrh53O91uPot54PwTA+Tbz/Zly9b/Vf1c/qv6xer/6VuVn0z+afq0cpX+VflxcmHqz8Fry9/goftf+/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy/rcdPHtTq9bXN/olC/6xkeK1a/bD5ILEhZboSSf6onDEKJ1uPnxyObHB4Yjof3gS1CuNFbOJE82mNHVlTEdGn8NyL67QnkewePV6V0XvaDMkYXSQ9AU8rP/eYmz23t5RG1jos9Y3qCSbmjlG92L2l+YLtKDPRqzdLVPsdrwEvtvqIC8fUca88wFm7sf3wvRtbj5/8YP1h7d21d9c2SsvLKwsry7eWbtxbr68tNOYdFU7l4bfAaeh8O9FSjojXR9cd8qBWAAAAAAAAAAAA4ASdxv9CnPU+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9vq/NRfBZJLC5cX0jX9/eW6unUTLdLFiOiEBHJbyOSf0bcjsYUsx3NJYP6+XB95Z3Pv9r/ot1WsVm+ELE7sN54dvMp5iJiKl++qPbujG6v3E5O98lOWpFJA3atGbjK8QYJx/a/AAAA//9Vrea8") r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) ftruncate(r3, 0x8ca) (async) r4 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) ftruncate(r4, 0x2088002) r5 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) pwritev2(r5, &(0x7f0000001100)=[{&(0x7f0000001080)="08e9", 0xff86}], 0x1, 0x7000, 0x0, 0x3) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) (async) r7 = socket$netlink(0x10, 0x3, 0x0) (async) r8 = socket(0x10, 0x803, 0x0) bind$netlink(r8, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r8, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r9, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0) (async) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000180)={r9, 0x1, 0x6, @random="bb2a016e5b90"}, 0x10) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007663616e000000000400028008000a00", @ANYRES32=r9], 0x3c}}, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) [ 59.206586][ T4674] Bluetooth: hci0: command tx timeout [ 59.261705][ T5325] loop0: detected capacity change from 0 to 1024 [ 59.435685][ T24] audit: type=1800 audit(1731867111.331:2): pid=5327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=28 res=0 errno=0 [ 59.466614][ T5327] hfsplus: inconsistency in B*Tree (1,0,1,0,1) [ 59.471616][ T5325] hfsplus: inconsistency in B*Tree (1,0,1,0,1) [ 59.489451][ T5326] ------------[ cut here ]------------ [ 59.491637][ T5326] WARNING: CPU: 0 PID: 5326 at fs/hfsplus/extents.c:346 hfsplus_free_extents+0x708/0xae0 [ 59.495472][ T5326] Modules linked in: [ 59.496883][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0 [ 59.500683][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.521549][ T5326] RIP: 0010:hfsplus_free_extents+0x708/0xae0 [ 59.524293][ T5326] Code: cb 44 89 ef 89 de e8 c7 26 0f ff 41 39 dd 75 22 49 83 c7 28 e8 f9 24 0f ff 41 bc 05 00 00 00 e9 de f9 ff ff e8 e9 24 0f ff 90 <0f> 0b 90 e9 7d f9 ff ff 44 89 ef 89 de e8 96 26 0f ff 41 29 dd 73 [ 59.531730][ T5326] RSP: 0018:ffffc9000d2d7ab0 EFLAGS: 00010293 [ 59.550211][ T5326] RAX: ffffffff8285c527 RBX: ffff8880432cc820 RCX: ffff888000de0000 [ 59.554557][ T5326] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88800024e048 [ 59.557475][ T5326] RBP: ffff88800024c000 R08: ffff88800024e04f R09: 1ffff11000049c09 [ 59.566658][ T5326] R10: dffffc0000000000 R11: ffffed1000049c0a R12: dffffc0000000000 [ 59.569738][ T5326] R13: 0000000000000006 R14: 0000000000000006 R15: ffff8880420c6f58 [ 59.587607][ T5326] FS: 00007ff380a226c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 59.591217][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.593856][ T5326] CR2: 00007ffe4a3f2e00 CR3: 0000000042cf4000 CR4: 0000000000352ef0 [ 59.596878][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.600522][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.619827][ T5326] Call Trace: [ 59.621283][ T5326] [ 59.622429][ T5326] ? __warn+0x168/0x4e0 [ 59.624298][ T5326] ? hfsplus_free_extents+0x708/0xae0 [ 59.626505][ T5326] ? report_bug+0x2b3/0x500 [ 59.628227][ T5326] ? hfsplus_free_extents+0x708/0xae0 [ 59.630455][ T5326] ? handle_bug+0x60/0x90 [ 59.646330][ T5326] ? exc_invalid_op+0x1a/0x50 [ 59.648285][ T5326] ? asm_exc_invalid_op+0x1a/0x20 [ 59.650331][ T5326] ? hfsplus_free_extents+0x707/0xae0 [ 59.652484][ T5326] ? hfsplus_free_extents+0x708/0xae0 [ 59.654728][ T5326] ? hfsplus_find_init+0x14a/0x1c0 [ 59.656737][ T5326] hfsplus_file_truncate+0x86c/0xc70 [ 59.658908][ T5326] ? __pfx___up_read+0x10/0x10 [ 59.660744][ T5326] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 59.667500][ T5326] ? unmap_mapping_range+0xf8/0x290 [ 59.669616][ T5326] ? __pfx_unmap_mapping_range+0x10/0x10 [ 59.671836][ T5326] ? current_time+0x1e0/0x2b0 [ 59.673871][ T5326] ? truncate_setsize+0xcf/0xf0 [ 59.675836][ T5326] hfsplus_setattr+0x1bd/0x270 [ 59.693890][ T5326] ? __pfx_hfsplus_setattr+0x10/0x10 [ 59.695879][ T5326] notify_change+0xbca/0xe90 [ 59.697683][ T5326] do_ftruncate+0x462/0x580 [ 59.713856][ T5326] ? __pfx_do_ftruncate+0x10/0x10 [ 59.715800][ T5326] ? __fget_files+0x29/0x470 [ 59.717831][ T5326] __x64_sys_ftruncate+0x95/0xf0 [ 59.720016][ T5326] do_syscall_64+0xf3/0x230 [ 59.721841][ T5326] ? clear_bhb_loop+0x35/0x90 [ 59.724015][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.726409][ T5326] RIP: 0033:0x7ff37fb7e719 [ 59.728112][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.750766][ T5326] RSP: 002b:00007ff380a22038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 59.770907][ T5326] RAX: ffffffffffffffda RBX: 00007ff37fd36058 RCX: 00007ff37fb7e719 [ 59.774587][ T5326] RDX: 0000000000000000 RSI: 00000000000008ca RDI: 0000000000000007 [ 59.777971][ T5326] RBP: 00007ff37fbf175e R08: 0000000000000000 R09: 0000000000000000 [ 59.781402][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.798034][ T5326] R13: 0000000000000000 R14: 00007ff37fd36058 R15: 00007ffe4a3f37e8 [ 59.800702][ T5326] [ 59.801950][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 59.804882][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0 [ 59.808779][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.812903][ T5326] Call Trace: [ 59.830159][ T5326] [ 59.831310][ T5326] dump_stack_lvl+0x241/0x360 [ 59.833152][ T5326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.835210][ T5326] ? __pfx__printk+0x10/0x10 [ 59.837045][ T5326] ? _printk+0xd5/0x120 [ 59.838731][ T5326] ? __init_begin+0x41000/0x41000 [ 59.840806][ T5326] ? vscnprintf+0x5d/0x90 [ 59.843129][ T5326] panic+0x349/0x880 [ 59.844732][ T5326] ? __warn+0x177/0x4e0 [ 59.846305][ T5326] ? __pfx_panic+0x10/0x10 [ 59.862753][ T5326] ? show_trace_log_lvl+0x3b2/0x410 [ 59.864795][ T5326] __warn+0x34b/0x4e0 [ 59.866455][ T5326] ? hfsplus_free_extents+0x708/0xae0 [ 59.868507][ T5326] report_bug+0x2b3/0x500 [ 59.870247][ T5326] ? hfsplus_free_extents+0x708/0xae0 [ 59.872417][ T5326] handle_bug+0x60/0x90 [ 59.889992][ T5326] exc_invalid_op+0x1a/0x50 [ 59.891532][ T5326] asm_exc_invalid_op+0x1a/0x20 [ 59.893176][ T5326] RIP: 0010:hfsplus_free_extents+0x708/0xae0 [ 59.898106][ T5326] Code: cb 44 89 ef 89 de e8 c7 26 0f ff 41 39 dd 75 22 49 83 c7 28 e8 f9 24 0f ff 41 bc 05 00 00 00 e9 de f9 ff ff e8 e9 24 0f ff 90 <0f> 0b 90 e9 7d f9 ff ff 44 89 ef 89 de e8 96 26 0f ff 41 29 dd 73 [ 59.933179][ T5326] RSP: 0018:ffffc9000d2d7ab0 EFLAGS: 00010293 [ 59.936763][ T5326] RAX: ffffffff8285c527 RBX: ffff8880432cc820 RCX: ffff888000de0000 [ 59.941484][ T5326] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88800024e048 [ 59.944755][ T5326] RBP: ffff88800024c000 R08: ffff88800024e04f R09: 1ffff11000049c09 [ 59.947587][ T5326] R10: dffffc0000000000 R11: ffffed1000049c0a R12: dffffc0000000000 [ 59.950362][ T5326] R13: 0000000000000006 R14: 0000000000000006 R15: ffff8880420c6f58 [ 59.953213][ T5326] ? hfsplus_free_extents+0x707/0xae0 [ 59.970881][ T5326] ? hfsplus_find_init+0x14a/0x1c0 [ 59.973662][ T5326] hfsplus_file_truncate+0x86c/0xc70 [ 59.976441][ T5326] ? __pfx___up_read+0x10/0x10 [ 59.978610][ T5326] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 59.980927][ T5326] ? unmap_mapping_range+0xf8/0x290 [ 59.982940][ T5326] ? __pfx_unmap_mapping_range+0x10/0x10 [ 59.984938][ T5326] ? current_time+0x1e0/0x2b0 [ 59.986660][ T5326] ? truncate_setsize+0xcf/0xf0 [ 59.988410][ T5326] hfsplus_setattr+0x1bd/0x270 [ 59.990172][ T5326] ? __pfx_hfsplus_setattr+0x10/0x10 [ 59.992124][ T5326] notify_change+0xbca/0xe90 [ 60.010377][ T5326] do_ftruncate+0x462/0x580 [ 60.012182][ T5326] ? __pfx_do_ftruncate+0x10/0x10 [ 60.014191][ T5326] ? __fget_files+0x29/0x470 [ 60.016023][ T5326] __x64_sys_ftruncate+0x95/0xf0 [ 60.017931][ T5326] do_syscall_64+0xf3/0x230 [ 60.019790][ T5326] ? clear_bhb_loop+0x35/0x90 [ 60.057708][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.060089][ T5326] RIP: 0033:0x7ff37fb7e719 [ 60.061878][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.082465][ T5326] RSP: 002b:00007ff380a22038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 60.086516][ T5326] RAX: ffffffffffffffda RBX: 00007ff37fd36058 RCX: 00007ff37fb7e719 [ 60.090845][ T5326] RDX: 0000000000000000 RSI: 00000000000008ca RDI: 0000000000000007 [ 60.110059][ T5326] RBP: 00007ff37fbf175e R08: 0000000000000000 R09: 0000000000000000 [ 60.112774][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.115486][ T5326] R13: 0000000000000000 R14: 00007ff37fd36058 R15: 00007ffe4a3f37e8 [ 60.118413][ T5326] [ 60.119968][ T5326] Kernel Offset: disabled [ 60.121875][ T5326] Rebooting in 86400 seconds..