program: syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[], 0x1, 0x5ec, &(0x7f0000000680)="$eJzs3U9sHFcdB/DvbDaON0jptk3agCphNVJBWErsrFwwFwJCyIcKVeXA2Uo2jZWNW9lbZDig8P/KoQeO5eAbJyTukcoZbr0hHyshcenJt6CZnbW39uLaiePd0M8nevvemzfz5je/2Zn9Y0Ub4EtrZT7NRymyMv/WVtnf2e70drY7D4btJBeSNJLmoEqxnhQfJ7cyKPlqubCervhf+/lwbfmdTz7b+XTQa9alWr9x1HbH87AumUtyrq5Pa77bTz1fUZXZundtmDiYtMeHPDzJ5k953QLToBi8bh7STi4m1WtX+T4g9d2hcbbRnb4T3eUAAABgev3rT0cMvrCb3Wzl0hnGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+tTv2r//Xv/xd1aQzbcymGv/8/Uy9L3X6uPZp0AAAAAAAAAABwCr6+m91s5dKw/7io/ub/etW5XD1+JR9kM91s5Hq2spp++tnIYpL2yEQzW6v9/sbiMba8OXbLm2dzvAAAAAAAAADwf+rXWdn/+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEyDIjk3qKrycNhup9FMMptkJoOBfw7bz7NHkw4AAAAAnlz78KILY1d8YTe72cqlYf9xkctJXqk+98/mg6ynn7X000s3d6rvAgaf+hs7253eznbnQVkOz/v9/5wo3mrGDL57GL/nq9UardzNWrXkem7nvfRyJ41qy9LVYTzj4/pVGVPxvdoxI7tT1+WR/7Guz8z4c1ZrVxk5v5eRhTq2MhsvHp2JE56dg3taTGPvm5/LzyDnF+u6PJ7fn3XOj3QwEzdHnn2vHJ2J5Bt/+8tP7/XW79+7uzk/PYf0hA5mojOSiVe/VJlYqDJxZa+/kh/lJ5nPXN7ORtbys6ymn27m8sOqtVo/n8vH9tGZuvW53ttfFMlMfV4Gd9GTxfR6te2lrOXHeS930s2b1b+bWcy3s5SlLI+c4SvHuOobJ7vqr32zbrSS/KGup0OZ1xdH8jp6z21XY6NL9rP00unfG5tfqxvlPn5T19PhYCYWRzLx8tGZ+PPj8nGzt35/497q+8fc3xt1XV5Hv5uqV4ny+fJSebKq3uefHeXYy2PHFquxy3tjjUNjV/bGvuhKnanfwx2aaXYQ3atj99Kpxq6OjI17vwXA1Lv4rYszrX+3/tH6qPXb1r3WW7M/uPCdC6/N5Pzfz3+3uXDujcZrxV/zUX65//kfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4cps//8X91V6vu6GhccaN80mmIAyNsY1J35mAZ+1G/8H7NzZbSR6svtt9t7u+vLS0vLC89Gbnxt21Xndh8DjpKIFnYf9Ff9KRAAAAAAAAAAAAAMd1Fv+dYNLHCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADzfVubTfJQiiwvXF8r+znanV5Zhe3/NZpKibhcfJ7cyKGmPTFccmP7csPHh2vI7n3y28+n+XM3h+o0x253Qw7pkrt7n3CnOd/up5yv2jrBM2LVh4mDS/hsAAP//XBwN0w==") r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) syz_emit_ethernet(0x42, &(0x7f00000000c0)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x1, 0x31, 0x34, 0x65, 0x0, 0x9, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@generic={0x7, 0x4, '\x009'}]}}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x1, 0x5, 0x0, 0x65, 0x174, 0xd, 0x73, 0x6, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r1, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x3}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_L2SPEC_TYPE, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @udp6=r2}]}, 0x3c}}, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r3, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x3a) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x14, r6, 0xd53e21c379c34371}, 0x14}}, 0x0) removexattr(&(0x7f00000000c0)='./file1\x00', &(0x7f00000002c0)=@random={'osx.', '.]\x00'}) setxattr$incfs_metadata(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), &(0x7f0000000400)="7d7814736e422bbee43e9b8b598fd36082ef9c4f7f11b9f71abf40e8d15a8faf1b9aca39a9614d846a91874664cbe6edcf4fe32f0ff0711dc968dad9f58ce0437eaaf81eb26383e27aafb4d2a5ea3b82c72a70dd40f4a3a971f61426eb4f482ba15549965ec4ba5c85b40c47660dafddf89e192fa20a99d051fe3d69ce13479bb7d5612bd103bb950188e1654bf507c82bc3c7780337cc91df95ecc9fd8f2e614b7e9032aac1c1cbd35468e870adc0f8670a351fdede258f9252a95fc7e0c8fae9a213cd095de957870310b5938d61cb9d63", 0xd2, 0x1) [ 87.391065][ T4674] Bluetooth: hci0: command tx timeout [ 87.465332][ T5332] loop0: detected capacity change from 0 to 1024 [ 87.523960][ T5332] netlink: 40 bytes leftover after parsing attributes in process `syz.0.0'. [ 87.549827][ T5332] ------------[ cut here ]------------ [ 87.552399][ T5332] kernel BUG at fs/hfsplus/xattr.c:175! [ 87.554776][ T5332] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 87.557644][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 87.562790][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.567206][ T5332] RIP: 0010:__hfsplus_setxattr+0x1f2a/0x1f40 [ 87.569938][ T5332] Code: e9 75 fb ff ff e8 d6 5e 27 ff 48 89 df 48 c7 c6 20 c1 a1 8b e8 67 04 6f ff 90 0f 0b e8 bf 5e 27 ff 90 0f 0b e8 b7 5e 27 ff 90 <0f> 0b e8 af 5e 27 ff e9 9e f4 ff ff 66 2e 0f 1f 84 00 00 00 00 00 [ 87.577993][ T5332] RSP: 0018:ffffc9000d387440 EFLAGS: 00010287 [ 87.580641][ T5332] RAX: ffffffff8298ee69 RBX: 0000000000010000 RCX: 0000000000100000 [ 87.583879][ T5332] RDX: ffffc9000e1c2000 RSI: 00000000000002f9 RDI: 00000000000002fa [ 87.587059][ T5332] RBP: ffffc9000d3878f8 R08: ffff888053016ab3 R09: 1ffff1100a602d56 [ 87.590500][ T5332] R10: dffffc0000000000 R11: ffffed100a602d57 R12: 1ffff92001a70ea4 [ 87.593840][ T5332] R13: ffff888053016370 R14: ffff88805300b800 R15: dffffc0000000000 [ 87.597134][ T5332] FS: 00007f51d46d66c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 87.600999][ T5332] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.603415][ T5332] CR2: 00007f865e7909c0 CR3: 000000003f1d7000 CR4: 0000000000352ef0 [ 87.606463][ T5332] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 87.609401][ T5332] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 87.612367][ T5332] Call Trace: [ 87.613690][ T5332] [ 87.614956][ T5332] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 87.617233][ T5332] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.619201][ T5332] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 87.621255][ T5332] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 87.623515][ T5332] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 87.625842][ T5332] ? __kasan_kmalloc+0x93/0xb0 [ 87.627665][ T5332] ? hfsplus_setxattr+0x102/0x180 [ 87.629432][ T5332] hfsplus_setxattr+0x11e/0x180 [ 87.631206][ T5332] hfsplus_user_setxattr+0x40/0x60 [ 87.633164][ T5332] ? __pfx_hfsplus_user_setxattr+0x10/0x10 [ 87.635445][ T5332] __vfs_setxattr+0x439/0x480 [ 87.637215][ T5332] __vfs_setxattr_noperm+0x12d/0x660 [ 87.639135][ T5332] vfs_setxattr+0x16b/0x2f0 [ 87.640837][ T5332] ? __pfx_vfs_setxattr+0x10/0x10 [ 87.642662][ T5332] ? mnt_get_write_access+0x223/0x2a0 [ 87.644684][ T5332] filename_setxattr+0x274/0x600 [ 87.646732][ T5332] ? __pfx_filename_setxattr+0x10/0x10 [ 87.648710][ T5332] ? getname_flags+0x1e5/0x540 [ 87.650496][ T5332] path_setxattrat+0x364/0x3a0 [ 87.652265][ T5332] ? __pfx_path_setxattrat+0x10/0x10 [ 87.654454][ T5332] ? rcu_is_watching+0x15/0xb0 [ 87.656435][ T5332] __x64_sys_setxattr+0xbc/0xe0 [ 87.658343][ T5332] do_syscall_64+0xfa/0x3b0 [ 87.660142][ T5332] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.662175][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.664462][ T5332] ? clear_bhb_loop+0x60/0xb0 [ 87.666503][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.669213][ T5332] RIP: 0033:0x7f51d378e929 [ 87.670977][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.678080][ T5332] RSP: 002b:00007f51d46d6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 87.681097][ T5332] RAX: ffffffffffffffda RBX: 00007f51d39b5fa0 RCX: 00007f51d378e929 [ 87.684262][ T5332] RDX: 0000200000000400 RSI: 0000200000000040 RDI: 0000200000000000 [ 87.687505][ T5332] RBP: 00007f51d3810b39 R08: 0000000000000001 R09: 0000000000000000 [ 87.691202][ T5332] R10: 00000000000000d2 R11: 0000000000000246 R12: 0000000000000000 [ 87.694528][ T5332] R13: 0000000000000000 R14: 00007f51d39b5fa0 R15: 00007fff026c3018 [ 87.697422][ T5332] [ 87.698573][ T5332] Modules linked in: [ 87.700865][ T5332] ---[ end trace 0000000000000000 ]--- [ 87.708150][ T5332] RIP: 0010:__hfsplus_setxattr+0x1f2a/0x1f40 [ 87.710835][ T5332] Code: e9 75 fb ff ff e8 d6 5e 27 ff 48 89 df 48 c7 c6 20 c1 a1 8b e8 67 04 6f ff 90 0f 0b e8 bf 5e 27 ff 90 0f 0b e8 b7 5e 27 ff 90 <0f> 0b e8 af 5e 27 ff e9 9e f4 ff ff 66 2e 0f 1f 84 00 00 00 00 00 [ 87.718433][ T5332] RSP: 0018:ffffc9000d387440 EFLAGS: 00010287 [ 87.722220][ T5332] RAX: ffffffff8298ee69 RBX: 0000000000010000 RCX: 0000000000100000 [ 87.725207][ T5332] RDX: ffffc9000e1c2000 RSI: 00000000000002f9 RDI: 00000000000002fa [ 87.728456][ T5332] RBP: ffffc9000d3878f8 R08: ffff888053016ab3 R09: 1ffff1100a602d56 [ 87.732346][ T5332] R10: dffffc0000000000 R11: ffffed100a602d57 R12: 1ffff92001a70ea4 [ 87.735693][ T5332] R13: ffff888053016370 R14: ffff88805300b800 R15: dffffc0000000000 [ 87.738679][ T5332] FS: 00007f51d46d66c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 87.743780][ T5332] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.746360][ T5332] CR2: 00007f865e7909c0 CR3: 000000003f1d7000 CR4: 0000000000352ef0 [ 87.750022][ T5332] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 87.753354][ T5332] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 87.756477][ T5332] Kernel panic - not syncing: Fatal exception [ 87.759103][ T5332] Kernel Offset: disabled [ 87.760820][ T5332] Rebooting in 86400 seconds..