program: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_mount_image$hfsplus(&(0x7f0000000180), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x11, 0x6c7, &(0x7f0000000a80)="$eJzs3U1oHPfdB/DvrFYv64CsJI7jBwLRk0BaampbFkrrXuyWUlwIJbjQnkUsx8Ky48pKcXKolbbQaw+9FtKDe2lPLaVQKBjSc3sLvYmeAoVecnJy6JSZnZVWyq5erFiS28/HjOb/MvOf3/zmbVdYTID/WZdPp/0gnVw+/drdqr52f3Zp7f7szW65tZRkPEkraXdnKW4lxQfJpXSn/F/V2AxXDNvOLxYvXPnw47WPurV2NsarfnSGB9jezV6sNlOmk4w0833YNN4bjzbe+EaxWM9MlbCXe4mDwzaapNzkByc3egYpR/oqQ6934MlRdJ+bfbrX/1RyLMlE74G22u1sHXyEO9rTvWj18cUBAAAAR8bxh/eSu5k87DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgSdK8/79oplavPJ2i9/7/sb537I8dcrjDbR/ZRK/woHUQwQAAAAAAAADA4/Xiw/zmSllO9uplkdb3RppKp5m/nTtZaCdncjfzWclKljOTZKpvoLG78ysryzN5qa6d+LQsyzzVXTPLm9Y8P3DN87sMuLPfPQYAAAAAAACA/yoX58br+Y9zOZOHHQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPQrkpHurJ5O9MpTabWTTCQZq5ZbTf7WKz/JHhx2AAAAAHAAjj/Mw9zNZK9eFvV3/pP19/6JvJ1bWcliVrKUhVytfxfQ/dbfWrs/u7R2f/ZmNX123K//a6P8+8kdw6hHTPd3D4O3fKpeopNrWaxbzuSNvJWlXE2rXrNyqhfP4Ljeq2IqLnaVZcZ3k6Crzbza858386Nhqs7I6HpGzlWxFd08Pr19JvqPziNsaSat9d/8nBi+pXav0Mv5xW23Uvy7LLulY72W5Klv75zz0T3tzL5szcT5vrPv5PY5T77wh99+//rSrRvXi9XTR+c0GuTFwc3j/+gdoV4mulazkNm+TDy/60xcu3PEMzFUe1OtlefWy5fzrXw3pzOd17Ocxfww81nJQqbzzbo035zP1c+p7TN1aVPt9Z1iGmuOy8iWmP7/eHe+XUwv1etOZjHfyVu5moW8Wv87n5l8JXOZy4W+I/zcLu60rQFX/R+HB//yF5tCJ8nPmvnRUOX16b689t9zp+q+/pZWyubJ8swenkfb3xt7Nh5Z1ZH4Sd81ePjWMzGR9adEL7pnexkYHZiJX9W3lTtLt24sX5+/vWXcYnXw9l7J5t0/OjeS6nx5Zv0esfnsqPqeHdg3U/edWO9rbe37dWe9b6crdaz5DPfZkc7Xfc8n+WUTbdVXqe7hVd+pvvWqz1sTdd+nZVl2P28BcOQd+9Kxsc4/O3/tvN/5aed657WJb4x/dfyFsYz+ZfRr7XMjr7ReKH6X9/Oj7PwNHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2NGdd969Mb+0tLC8pVCW5b0hXY+lkHayqeXPf+pbpn7XWJLdD1gtfamV1C3tNIW9BXbv0XbnvUdNwt+bY3IgCf9cChNDz5+thU/KsjzwCHvvatvz6mXjqOR5v4XeK7L2stah3I6AA3R25ebts3feeffLizfn31x4c+HWhbm5C+cuzL06e/ba4tLEYYcHPEb1s77+nHPYkQAAAAAAAAAAAAC7tbs/zinWW9p7/CsC/7MQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2K/Lp9N+kCIz586cq+pr92eXqqlX3ljykyStJMV0UnyQXEp3ylTfcMWw7awmVz78eO2jbq3dTPXyrf3vxWozZTrJSDMfYGJQY3lv2HhFPc7t4ePtUtFMI+stl/Y1HnxO/hMAAP//dfAMcQ==") mknod$loop(&(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, 0x1) creat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x9) creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10) setxattr$trusted_overlay_redirect(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000600), 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00'}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value, &(0x7f0000000200)=0x8) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@weak_binder={0x77622a85, 0xb, 0x3}, @fd={0x66642a85, 0x0, r4}, @flat=@weak_handle={0x77682a85, 0x1115}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000880)="4a8e464b3d4657499ea54e5c7d563ff8776074ae642a55558dbfd1df9462b1259816b613ea02f9c5a2a4cc3bf701b7f4fa887e4ce6d2045a432a7b060f115097ae0e0e07f3f3704a688c03fccef3e273"}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f00000006c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f00000005c0)={@flat=@binder={0x73622a85, 0x1, 0x1}, @flat=@binder={0x73622a85, 0x190b, 0x3}, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x1000000000000, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x54, 0x0, &(0x7f0000000740)="38eef39a9470e520a675d696d62d357d2dff6aa91ce585589f5a86b334887eccd0cf6d8e735499c5da5a4d563ad1b35f80fa0b64a2aff75617b3b1c35b8d3141773af29a42fdf17084264e7834faf8d112fffc49"}) sendmsg$nl_xfrm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@migrate={0x70, 0x21, 0x1, 0x0, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x20}, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@encap={0x1c, 0x4, {0x0, 0x2, 0x0, @in=@broadcast}}, @migrate={0x4}]}, 0x70}}, 0x0) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r7, 0x11b, 0x6, &(0x7f0000000240)=0x1, 0x4) socket$inet6_udplite(0xa, 0x2, 0x88) [ 68.935443][ T5297] Bluetooth: hci0: command tx timeout [ 69.023424][ T5316] loop0: detected capacity change from 0 to 1024 [ 69.109810][ T14] ------------[ cut here ]------------ [ 69.112502][ T14] kernel BUG at fs/hfsplus/bnode.c:675! [ 69.129262][ T14] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 69.132181][ T14] CPU: 0 UID: 0 PID: 14 Comm: kworker/u4:1 Not tainted syzkaller #0 PREEMPT(full) [ 69.136452][ T14] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.141085][ T14] Workqueue: writeback wb_workfn (flush-7:0) [ 69.143865][ T14] RIP: 0010:hfsplus_bnode_put+0x515/0x590 [ 69.146326][ T14] Code: 8b 41 b8 a2 02 00 00 49 c7 c1 60 14 82 8b 50 53 41 54 e8 8e 11 2b 02 48 83 c4 18 4c 8b 3c 24 e9 42 fb ff ff e8 3c 78 22 ff 90 <0f> 0b 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 35 ff ff ff 4c 89 ff [ 69.154402][ T14] RSP: 0018:ffffc9000040f178 EFLAGS: 00010293 [ 69.157136][ T14] RAX: ffffffff829ddb54 RBX: 1ffff11006830720 RCX: ffff88801af12480 [ 69.160659][ T14] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 69.163885][ T14] RBP: 0000000000000000 R08: ffff888034183983 R09: 1ffff11006830730 [ 69.167495][ T14] R10: dffffc0000000000 R11: ffffed1006830731 R12: ffff888034183980 [ 69.170983][ T14] R13: ffff888034183900 R14: dffffc0000000000 R15: ffff8880122ba000 [ 69.174455][ T14] FS: 0000000000000000(0000) GS:ffff88808d301000(0000) knlGS:0000000000000000 [ 69.178337][ T14] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.181036][ T14] CR2: 000055da279ac278 CR3: 000000003f0cf000 CR4: 0000000000352ef0 [ 69.184250][ T14] Call Trace: [ 69.185731][ T14] [ 69.186971][ T14] ? block_dirty_folio+0x163/0x1d0 [ 69.189136][ T14] hfsplus_btree_write+0x379/0x7b0 [ 69.191466][ T14] hfsplus_write_inode+0x482/0x630 [ 69.194081][ T14] __writeback_single_inode+0x6f1/0xff0 [ 69.196799][ T14] writeback_sb_inodes+0x6c7/0x1010 [ 69.199423][ T14] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 69.201927][ T14] ? __pfx_down_read_trylock+0x10/0x10 [ 69.204199][ T14] ? __pfx_move_expired_inodes+0x10/0x10 [ 69.206446][ T14] __writeback_inodes_wb+0x111/0x240 [ 69.208315][ T14] wb_writeback+0x44f/0xaf0 [ 69.210013][ T14] ? queue_io+0x301/0x590 [ 69.211592][ T14] ? __pfx_wb_writeback+0x10/0x10 [ 69.213403][ T14] wb_workfn+0x90b/0xef0 [ 69.214953][ T14] ? __pfx_wb_workfn+0x10/0x10 [ 69.216687][ T14] ? __lock_acquire+0xab9/0xd20 [ 69.218493][ T14] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.220399][ T14] ? process_scheduled_works+0x9ef/0x17b0 [ 69.222413][ T14] ? process_scheduled_works+0x9ef/0x17b0 [ 69.224622][ T14] process_scheduled_works+0xae1/0x17b0 [ 69.226714][ T14] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.228900][ T14] worker_thread+0x8a0/0xda0 [ 69.230616][ T14] kthread+0x711/0x8a0 [ 69.232060][ T14] ? __pfx_worker_thread+0x10/0x10 [ 69.233961][ T14] ? __pfx_kthread+0x10/0x10 [ 69.235826][ T14] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.238104][ T14] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.240428][ T14] ? __pfx_kthread+0x10/0x10 [ 69.242639][ T14] ret_from_fork+0x4bc/0x870 [ 69.244781][ T14] ? __pfx_ret_from_fork+0x10/0x10 [ 69.247100][ T14] ? __pfx_kthread+0x10/0x10 [ 69.249171][ T14] ret_from_fork_asm+0x1a/0x30 [ 69.251405][ T14] [ 69.252755][ T14] Modules linked in: [ 69.255183][ T14] ---[ end trace 0000000000000000 ]--- [ 69.269745][ T5316] hfsplus: invalid catalog entry type [ 69.303061][ T5316] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list