program:
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6ca, &(0x7f0000000500)="$eJzs3c1vHGcdB/DvrNeuN1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeIit0LgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXXv9lthrBz6faDzPM8/L/OaZZ2a866w2wP+t6xfSfJgi1y+8sVzm11Zn22ursy/Uxe0kZbqRNLurFHeT4lEyV5YXfUv61lt8vHjtrc8er33ezTXrpao/tlO7IYbUXamXTNf9TQ9tOb7XXazU4eXFJDfq9aCJvfY1ULEctPP1Go5cZ4uV/TTfz3ULHDO9p1PRfW5uMZWcSDJZ/x6Q+u7QGF2Eh2NfdzkAAAB4Tn1676gjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdP/f3/Rb006nWmU/S+/3+it61OH0Nze6758FDjAAAAAAAAAIDR+PqTPMlyTvbynaL6m/+5KnM6X3SSL+X9PMhC7udiljOfpSzlfi4nmerraGJ5fmnp/uX1lqXhLa8MbXllVEcMAAAAAAAAAP+TfpnWxt//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgOCiSse6qWk7X60yl0cxGWVaSfyaZOOp496EYtvHh6OMAAACAZzL5FG2+/CRPspyTvXynqF7zf6V6vTyZ93M3S1nMUtpZyM36NXT5qr+xtjrbXludvVMuZX6w3+//e19hTNQ9jFW5YXs+W9Vo5VYWqy0Xc6MK5mYa3X2fT8724umLq89HZUzF92p7jKxZD2u5s99v9y7CgRh8K6KxQ83WRnDJ+ojM1LGVLU91R6Co3qhJNo/ErmenOZCbqnodX9/T5TTW3/k5fQhjfqJel8fzm0Md8/1aH4lGqpG40pt95TWz80gk3/jrn96+3b777u1bDy4cn0Paxdg22zfPidm+kXjluR6J5j7rz1QjcWY9fz0/yk9yIdN5M/ezmJ9mPktZSKcun6/nc/lzaueRmhvIvblbJBP1eemes73ENJ0fVqn5nKvansxiitzLzSzk9erflVzOt3M1V3Ot7wyf2Tbu6tiqq76x+arvnem/DQ3+/DfrRHl3++3GXW5upyPebnYelO69vxzXU33j2p31j9drneq7Dmb6Ruml3uiMD+38ae6Nza/WiXIfv9rlOTFaU/VIlBdQ7ynRi+7l7kg0q2fR1nn+h07ZLu27nc7t+fe26X9lU/61el1Oq9Wv7Va7Z/ipOFjlfHkpk/WdZHB2lGUvr99l+so6G3O5Wzb4xC3bnanKiqJ3pf4496oJsPVKnah/h9va05Wq7JWhZbNV2dm+soHft3Iv7dwcwfgB8DT+8fZ6cionJlr/an3a+qT169bt1huTP3jhOy+8OpHxv49/tzkz9lrj1eIv+SQ/33j9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPL0HH3z47ny7vXB/eKKxfdFAopXNW3breVOiqL/QZ3+tjm9iMsnAlup7jkYeRmtzGFsSnV8kIx+f3pcIDq/zuzLR3DKjhiXmBrb8eWuHH+0zwmJv18UhJhoZ7U7HMnwCHOFNCRiJS0t33rv04IMPv7V4Z/6dhXcW7o5fvXpt5trV12cv3VpsL8x0fx51lMBh2HjoH3UkAAAAAAAAAAAAwF4N+2DAuRd3+9DInj7j4X8WAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfi+oU0H6bI5ZmLM2V+bXW2XS699EbNZpJGIyl+lhSPkrl0l0z1dVfkj4/SGbKfjxevvfXZ47XPN/pqdusnjXq9vZ1Lk6zUS6aTjNXrZzDQ341n7q/4T+8YygH7otPpzD1bfHAw/hsAAP//msX1EQ==")
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x20c01, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$tcp_mem(r3, &(0x7f0000000180)={0x5, 0x20, 0x544c, 0x20, 0x100000001}, 0x48)
lchown(&(0x7f0000000080)='./file0\x00', 0xee01, 0xffffffffffffffff) (fail_nth: 16)

[   68.561019][ T4667] Bluetooth: hci0: command tx timeout
[   68.633269][ T5314] loop0: detected capacity change from 0 to 1024
[   68.712608][ T5314] hfsplus: xattr searching failed
[   68.734103][ T5314] FAULT_INJECTION: forcing a failure.
[   68.734103][ T5314] name failslab, interval 1, probability 0, space 0, times 1
[   68.739783][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-01599-gddddf9d64f73 #0 PREEMPT(full) 
[   68.739800][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.739807][ T5314] Call Trace:
[   68.739815][ T5314]  <TASK>
[   68.739821][ T5314]  dump_stack_lvl+0x189/0x250
[   68.740004][ T5314]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.740019][ T5314]  ? __pfx__printk+0x10/0x10
[   68.740032][ T5314]  ? __pfx___might_resched+0x10/0x10
[   68.740044][ T5314]  ? fs_reclaim_acquire+0x7d/0x100
[   68.740091][ T5314]  should_fail_ex+0x414/0x560
[   68.740109][ T5314]  should_failslab+0xa8/0x100
[   68.740123][ T5314]  __kmalloc_noprof+0xcb/0x4f0
[   68.740134][ T5314]  ? p9_client_prepare_req+0x383/0xeb0
[   68.740180][ T5314]  ? p9_msg_buf_size+0x16aa/0x1ee0
[   68.740193][ T5314]  p9_client_prepare_req+0x383/0xeb0
[   68.740216][ T5314]  ? __pfx_p9_client_prepare_req+0x10/0x10
[   68.740245][ T5314]  p9_client_rpc+0x188/0xa70
[   68.740268][ T5314]  ? __pfx_p9_client_rpc+0x10/0x10
[   68.740281][ T5314]  ? __phys_addr+0xba/0x170
[   68.740298][ T5314]  ? p9_req_put+0x19b/0x1f0
[   68.740309][ T5314]  ? kmem_cache_free+0x301/0x3f0
[   68.740319][ T5314]  ? iov_iter_revert+0x1eb/0x5f0
[   68.740335][ T5314]  ? p9_req_put+0x19b/0x1f0
[   68.740347][ T5314]  p9_client_write+0x33b/0x740
[   68.740374][ T5314]  ? __pfx_p9_client_write+0x10/0x10
[   68.740396][ T5314]  v9fs_issue_write+0xdd/0x180
[   68.740412][ T5314]  ? __pfx_v9fs_issue_write+0x10/0x10
[   68.740429][ T5314]  ? rcu_is_watching+0x15/0xb0
[   68.740443][ T5314]  netfs_advance_write+0x4c1/0xc30
[   68.740463][ T5314]  netfs_write_folio+0x11cb/0x1bb0
[   68.740491][ T5314]  netfs_writepages+0x700/0x8e0
[   68.740509][ T5314]  ? __pfx_netfs_writepages+0x10/0x10
[   68.740518][ T5314]  ? __lock_acquire+0xab9/0xd20
[   68.740533][ T5314]  ? __pfx_netfs_writepages+0x10/0x10
[   68.740544][ T5314]  do_writepages+0x32b/0x550
[   68.740563][ T5314]  ? do_raw_spin_unlock+0x4d/0x240
[   68.740597][ T5314]  filemap_fdatawrite+0x191/0x230
[   68.740612][ T5314]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   68.740644][ T5314]  ? v9fs_fid_lookup+0x1d1/0xb70
[   68.740654][ T5314]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.740670][ T5314]  v9fs_vfs_setattr+0x62d/0xb10
[   68.740690][ T5314]  ? __pfx_v9fs_vfs_setattr+0x10/0x10
[   68.740712][ T5314]  ? try_break_deleg+0x79/0x130
[   68.740726][ T5314]  ? __pfx_v9fs_vfs_setattr+0x10/0x10
[   68.740740][ T5314]  notify_change+0xb36/0xe40
[   68.740762][ T5314]  chown_common+0x40c/0x5c0
[   68.740782][ T5314]  ? __pfx_chown_common+0x10/0x10
[   68.740803][ T5314]  ? mnt_get_write_access+0x223/0x2a0
[   68.740822][ T5314]  do_fchownat+0x161/0x270
[   68.740835][ T5314]  ? __pfx_do_fchownat+0x10/0x10
[   68.740854][ T5314]  __x64_sys_lchown+0x85/0xa0
[   68.740867][ T5314]  do_syscall_64+0xf6/0x210
[   68.740879][ T5314]  ? clear_bhb_loop+0x60/0xb0
[   68.740893][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.740905][ T5314] RIP: 0033:0x7f093338e969
[   68.740916][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.740925][ T5314] RSP: 002b:00007f0934172038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e
[   68.740938][ T5314] RAX: ffffffffffffffda RBX: 00007f09335b5fa0 RCX: 00007f093338e969
[   68.740945][ T5314] RDX: ffffffffffffffff RSI: 000000000000ee01 RDI: 0000200000000080
[   68.740952][ T5314] RBP: 00007f0934172090 R08: 0000000000000000 R09: 0000000000000000
[   68.740958][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   68.740964][ T5314] R13: 0000000000000000 R14: 00007f09335b5fa0 R15: 00007ffc4df9cca8
[   68.740980][ T5314]  </TASK>
[   68.909137][ T1038] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000023: 0000 [#1] SMP KASAN NOPTI
[   68.914124][ T1038] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]
[   68.917723][ T1038] CPU: 0 UID: 0 PID: 1038 Comm: kworker/u4:6 Not tainted 6.15.0-syzkaller-01599-gddddf9d64f73 #0 PREEMPT(full) 
[   68.922630][ T1038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.927268][ T1038] Workqueue: events_unbound netfs_write_collection_worker
[   68.930254][ T1038] RIP: 0010:iov_iter_revert+0x2ec/0x5f0
[   68.932666][ T1038] Code: 74 08 4c 89 e7 e8 24 90 68 fd 4d 8b 24 24 41 bd 1e 00 00 00 bd 1e 00 00 00 4c 01 e5 48 81 c5 00 01 00 00 48 89 e8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 75 65 0f b6 6d 00 bf 40 00 00 00 89 ee e8 fb
[   68.940503][ T1038] RSP: 0018:ffffc900024f7730 EFLAGS: 00010203
[   68.943303][ T1038] RAX: 0000000000000023 RBX: ffffc900024f78c0 RCX: ffff888034e58000
[   68.946646][ T1038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   68.950144][ T1038] RBP: 000000000000011e R08: ffff888034e58000 R09: 0000000000000004
[   68.953687][ T1038] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
[   68.956931][ T1038] R13: 000000000000001e R14: dffffc0000000000 R15: ffffc900024f78c0
[   68.960362][ T1038] FS:  0000000000000000(0000) GS:ffff88808d6b1000(0000) knlGS:0000000000000000
[   68.964357][ T1038] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.967143][ T1038] CR2: 0000200000001900 CR3: 0000000011273000 CR4: 0000000000352ef0
[   68.970401][ T1038] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.974059][ T1038] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.977380][ T1038] Call Trace:
[   68.978805][ T1038]  <TASK>
[   68.980096][ T1038]  netfs_retry_writes+0x1645/0x1840
[   68.982388][ T1038]  ? ret_from_fork_asm+0x1a/0x30
[   68.984704][ T1038]  ? __pfx_stack_trace_save+0x10/0x10
[   68.987131][ T1038]  ? __pfx_netfs_retry_writes+0x10/0x10
[   68.989421][ T1038]  ? __lock_acquire+0xab9/0xd20
[   68.991498][ T1038]  netfs_write_collection_worker+0x2007/0x2bd0
[   68.994342][ T1038]  ? process_scheduled_works+0x9ec/0x17a0
[   68.996882][ T1038]  process_scheduled_works+0xadb/0x17a0
[   68.999237][ T1038]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.001787][ T1038]  worker_thread+0x8a0/0xda0
[   69.003797][ T1038]  kthread+0x711/0x8a0
[   69.005610][ T1038]  ? __pfx_worker_thread+0x10/0x10
[   69.007830][ T1038]  ? __pfx_kthread+0x10/0x10
[   69.009907][ T1038]  ? __pfx_kthread+0x10/0x10
[   69.012100][ T1038]  ? _raw_spin_unlock_irq+0x23/0x50
[   69.014474][ T1038]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.016742][ T1038]  ? __pfx_kthread+0x10/0x10
[   69.018786][ T1038]  ret_from_fork+0x4b/0x80
[   69.020848][ T1038]  ? __pfx_kthread+0x10/0x10
[   69.022967][ T1038]  ret_from_fork_asm+0x1a/0x30
[   69.025067][ T1038]  </TASK>
[   69.026454][ T1038] Modules linked in:
[   69.028751][ T1038] ---[ end trace 0000000000000000 ]---