program: syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000008c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2810880, &(0x7f0000000000)=ANY=[], 0x1, 0x2c6, &(0x7f0000000c80)="$eJzs3U1rE0Ecx/Hf7KZpamtdbaUgHqRa9CRtvYiXghRfgxdFbVIohha1gk9g8Sy+AO9F8AX4IjyJ4FlPnnwBva3MZpLMNrtJm5psgt8PRCfZefjPZrM7/0C6AvDfur3+c//Gb/swUqhQ0i0psJsuqSTpvBYqz7d3t3brtWq3jkKpouRhpKSl6aizsV3LamrbJS2cyD4racZ/DYMRx3H8q+ggUKSK+z/M2hhIk+7TGfqVx9leKO0VHUTBzIEO9EKzRccBACiWaVzfA3edn3Hr9yCQltxl37/+/zhdcLwnc1UHRYdQMO/6n2RZsbHv75lkUzvfS1I4uz1oZonHHccuHstqHFmpBaZJZ5WdyWISSzC1uVWvXd/YqVcDvdOa41Wbl7SmqstZnR7RLmYMl1bW0Xtr+vRmYfPQS9PJHCbsHFZz4p/LGrTfvX0U5qv5Zu6bSB9Vba3/SnF7j0Std+rORDv+5bzudp7cS1o1auXM8mwyyIX0ju06yzAvI5HbU3Go9BcEUTrOcmarsg61asxuJW8k189cZqvVHq3mbavPXqv20ZzfctDMB3PXLOqPvmjdW/8Hdm8vqfOTmd1JUtMdGc35ZOaGpaRm5L+0dzGzz6C/+SDNP05zP0DSez3STc0+e/nq8cN6vfa0s1DK3/QPCjaGwfQ8eoXX5ZEIo11oHgSjEk9/BXuOHe5B2yqUT7zrKjpW5c6Z+oXmqfMIHTZP0j0HHczZCaOl/abn13k7zIAwbPbkYRr5n5evLCcJgf0n6rJOj3st27weVzJyg8lWxVNeT8Z9P5+fAU3nZ3Ddcq59r97la9IV73mPnCvSOWmq61zHiVnXdz3g+38AAAAAAAAAAAAAAAAAAIBxM4xfa3jD8Rd9AAAAAAAAAAAAAAAAAAAAAADoQ/79fysa4P1/U78DOMH9f7vc4ARAL38DAAD//0EVdWo=") r0 = socket(0x2, 0x80805, 0x0) r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r1, &(0x7f0000000040)={0x90004000}) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @loopback}]}, &(0x7f0000000100)=0x10) pipe(&(0x7f00000001c0)) r4 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) r5 = open(&(0x7f0000000000)='./file2\x00', 0x0, 0x0) fcntl$setstatus(r5, 0x4, 0x4400) dup3(r5, r4, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000180)=0x8) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000003feffff720a00fef8ffffff71a400fe0000000071302000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffffffffff20, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) r7 = syz_clone(0xa00200, 0x0, 0xfffffffffffffef2, 0x0, 0x0, 0x0) r8 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r8) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r9 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r9, 0x0) syz_open_procfs(r7, &(0x7f0000000180)='attr/fscreate\x00') getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000200)={r6, @in6={{0xa, 0x4e23, 0xef24, @empty, 0xfffffbff}}, 0x1ff, 0x201}, &(0x7f0000000400)=0x90) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r10, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r10, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) r11 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r11, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="280100001700010425bd7000fedbdf25ffffffff000000000000000000000000000004d63c000000fe8000000000000000000000000000bbffffffff0000d1000000000000000000ac1414aa0000000000000000000000004e2000054e2300800a008080ff000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="7f000001000000000000000000000000fe8000000000000000000000000000134e2100084e2400030a00a07087000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0101000000000000050000000000000000000000000090000300000000000000f20c00000000000001000000000000000000000000000000020000000000000003000000000000000800000000000000040000000000000006000000000000000d00000001000000010100020000000040000000070000000200000026bd7000"], 0x128}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000) sendmmsg$inet6(r10, &(0x7f00000016c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)="8252", 0x2}, {&(0x7f0000000300)="ecc3d0210fd6a8af700c07f8d32ace418310acfbe568c1c9162de258bab532c3ee591848ba39dc1c", 0x28}], 0x2}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000280)="01a5", 0x2}], 0x1}}], 0x2, 0x0) rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000780)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') [ 76.034159][ T49] Bluetooth: hci0: command tx timeout [ 76.069729][ T5325] loop0: detected capacity change from 0 to 64 [ 76.140521][ T5325] ================================================================== [ 76.143737][ T5325] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read+0x16a/0x200 [ 76.146713][ T5325] Write of size 94 at addr ffff88801321eb00 by task syz.0.0/5325 [ 76.149841][ T5325] [ 76.150844][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00095-g2eb959eeecc6 #0 PREEMPT(full) [ 76.150861][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.150867][ T5325] Call Trace: [ 76.150874][ T5325] [ 76.150880][ T5325] dump_stack_lvl+0x241/0x360 [ 76.150900][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.150916][ T5325] ? rcu_is_watching+0x15/0xb0 [ 76.150930][ T5325] ? __virt_addr_valid+0x183/0x530 [ 76.150949][ T5325] ? lock_release+0x4e/0x3e0 [ 76.150957][ T5325] ? __virt_addr_valid+0x183/0x530 [ 76.150965][ T5325] ? __virt_addr_valid+0x183/0x530 [ 76.150978][ T5325] print_report+0x16e/0x5b0 [ 76.150990][ T5325] ? __virt_addr_valid+0x183/0x530 [ 76.151002][ T5325] ? __virt_addr_valid+0x183/0x530 [ 76.151015][ T5325] ? __virt_addr_valid+0x45f/0x530 [ 76.151027][ T5325] ? __phys_addr+0xba/0x170 [ 76.151040][ T5325] ? hfs_bnode_read+0x16a/0x200 [ 76.151050][ T5325] kasan_report+0x143/0x180 [ 76.151064][ T5325] ? hfs_bnode_read+0x16a/0x200 [ 76.151075][ T5325] kasan_check_range+0x28f/0x2a0 [ 76.151089][ T5325] ? hfs_bnode_read+0x16a/0x200 [ 76.151098][ T5325] __asan_memcpy+0x40/0x70 [ 76.151108][ T5325] hfs_bnode_read+0x16a/0x200 [ 76.151118][ T5325] hfs_bnode_read_key+0x174/0x240 [ 76.151128][ T5325] ? do_raw_spin_unlock+0x58/0x8b0 [ 76.151142][ T5325] ? __pfx_hfs_bnode_read_key+0x10/0x10 [ 76.151158][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 76.151211][ T5325] ? block_dirty_folio+0x167/0x1e0 [ 76.151229][ T5325] hfs_brec_insert+0x6a5/0xbe0 [ 76.151245][ T5325] ? __pfx_hfs_brec_insert+0x10/0x10 [ 76.151257][ T5325] hfs_cat_create+0x3de/0x760 [ 76.151268][ T5325] ? __pfx_hfs_cat_create+0x10/0x10 [ 76.151281][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 76.151290][ T5325] ? hfs_new_inode+0x8df/0xba0 [ 76.151305][ T5325] hfs_create+0x66/0xe0 [ 76.151316][ T5325] ? __pfx_hfs_create+0x10/0x10 [ 76.151328][ T5325] path_openat+0x194b/0x35d0 [ 76.151346][ T5325] ? __pfx_path_openat+0x10/0x10 [ 76.151355][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.151369][ T5325] do_filp_open+0x284/0x4e0 [ 76.151381][ T5325] ? __pfx_do_filp_open+0x10/0x10 [ 76.151391][ T5325] ? do_raw_spin_lock+0x151/0x370 [ 76.151413][ T5325] do_sys_openat2+0x12b/0x1d0 [ 76.151428][ T5325] ? __pfx_do_sys_openat2+0x10/0x10 [ 76.151442][ T5325] ? __rseq_handle_notify_resume+0x3c8/0x15d0 [ 76.151461][ T5325] __x64_sys_creat+0x124/0x170 [ 76.151470][ T5325] ? __pfx___x64_sys_creat+0x10/0x10 [ 76.151481][ T5325] ? do_syscall_64+0xb6/0x230 [ 76.151495][ T5325] do_syscall_64+0xf3/0x230 [ 76.151507][ T5325] ? clear_bhb_loop+0x45/0xa0 [ 76.151517][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.151527][ T5325] RIP: 0033:0x7f647298d169 [ 76.151538][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.151548][ T5325] RSP: 002b:00007f646edf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 76.151561][ T5325] RAX: ffffffffffffffda RBX: 00007f6472ba5fa0 RCX: 00007f647298d169 [ 76.151569][ T5325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0 [ 76.151576][ T5325] RBP: 00007f6472a0e730 R08: 0000000000000000 R09: 0000000000000000 [ 76.151582][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.151588][ T5325] R13: 0000000000000000 R14: 00007f6472ba5fa0 R15: 00007ffe255b9418 [ 76.151596][ T5325] [ 76.151599][ T5325] [ 76.290096][ T5325] Allocated by task 5325: [ 76.291784][ T5325] kasan_save_track+0x3f/0x80 [ 76.293694][ T5325] __kasan_kmalloc+0x9d/0xb0 [ 76.295416][ T5325] __kmalloc_noprof+0x28e/0x4d0 [ 76.297434][ T5325] hfs_find_init+0x92/0x1f0 [ 76.299210][ T5325] hfs_cat_create+0x181/0x760 [ 76.301102][ T5325] hfs_create+0x66/0xe0 [ 76.302712][ T5325] path_openat+0x194b/0x35d0 [ 76.304549][ T5325] do_filp_open+0x284/0x4e0 [ 76.306202][ T5325] do_sys_openat2+0x12b/0x1d0 [ 76.308080][ T5325] __x64_sys_creat+0x124/0x170 [ 76.309786][ T5325] do_syscall_64+0xf3/0x230 [ 76.311578][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.313917][ T5325] [ 76.314734][ T5325] The buggy address belongs to the object at ffff88801321eb00 [ 76.314734][ T5325] which belongs to the cache kmalloc-96 of size 96 [ 76.319985][ T5325] The buggy address is located 0 bytes inside of [ 76.319985][ T5325] allocated 78-byte region [ffff88801321eb00, ffff88801321eb4e) [ 76.325300][ T5325] [ 76.326234][ T5325] The buggy address belongs to the physical page: [ 76.328817][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1321e [ 76.332260][ T5325] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 76.335015][ T5325] page_type: f5(slab) [ 76.336614][ T5325] raw: 00fff00000000000 ffff88801b041280 dead000000000100 dead000000000122 [ 76.339867][ T5325] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.343299][ T5325] page dumped because: kasan: bad access detected [ 76.345911][ T5325] page_owner tracks the page as allocated [ 76.348167][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5325, tgid 5324 (syz.0.0), ts 76115311161, free_ts 25009213616 [ 76.355340][ T5325] post_alloc_hook+0x1f4/0x240 [ 76.357255][ T5325] get_page_from_freelist+0x352b/0x36c0 [ 76.359434][ T5325] __alloc_pages_slowpath+0x436/0x1080 [ 76.361552][ T5325] __alloc_frozen_pages_noprof+0x40d/0x5b0 [ 76.363801][ T5325] allocate_slab+0x66/0x3a0 [ 76.365599][ T5325] ___slab_alloc+0xc3b/0x1500 [ 76.367428][ T5325] __slab_alloc+0x58/0xa0 [ 76.369318][ T5325] __kmalloc_node_noprof+0x2f4/0x4d0 [ 76.371478][ T5325] alloc_slab_obj_exts+0x3a/0xa0 [ 76.373429][ T5325] __memcg_slab_post_alloc_hook+0x31c/0x7e0 [ 76.375693][ T5325] kmem_cache_alloc_noprof+0x28f/0x390 [ 76.377841][ T5325] alloc_empty_file+0x56/0x1d0 [ 76.379681][ T5325] path_openat+0x10d/0x35d0 [ 76.381510][ T5325] do_filp_open+0x284/0x4e0 [ 76.383352][ T5325] do_sys_openat2+0x12b/0x1d0 [ 76.385265][ T5325] __x64_sys_openat+0x249/0x2a0 [ 76.387209][ T5325] page last free pid 4731 tgid 4731 stack trace: [ 76.389771][ T5325] __free_frozen_pages+0xde8/0x10a0 [ 76.391738][ T5325] __put_partials+0x160/0x1c0 [ 76.393442][ T5325] put_cpu_partial+0x17e/0x250 [ 76.395040][ T5325] __slab_free+0x294/0x390 [ 76.396806][ T5325] qlist_free_all+0x9a/0x140 [ 76.398642][ T5325] kasan_quarantine_reduce+0x14f/0x170 [ 76.400726][ T5325] __kasan_slab_alloc+0x23/0x80 [ 76.402662][ T5325] kmem_cache_alloc_noprof+0x1e1/0x390 [ 76.404860][ T5325] getname_flags+0xb6/0x530 [ 76.406539][ T5325] vfs_fstatat+0x43/0x150 [ 76.408034][ T5325] __x64_sys_newfstatat+0x11f/0x1a0 [ 76.409870][ T5325] do_syscall_64+0xf3/0x230 [ 76.411366][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.413499][ T5325] [ 76.414453][ T5325] Memory state around the buggy address: [ 76.416599][ T5325] ffff88801321ea00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 76.419574][ T5325] ffff88801321ea80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 76.422700][ T5325] >ffff88801321eb00: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 76.425576][ T5325] ^ [ 76.427849][ T5325] ffff88801321eb80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 76.430815][ T5325] ffff88801321ec00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 76.433761][ T5325] ================================================================== [ 76.441728][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.444669][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.466186][ T5325] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 76.469096][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00095-g2eb959eeecc6 #0 PREEMPT(full) [ 76.473781][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.477900][ T5325] Call Trace: [ 76.479173][ T5325] [ 76.480302][ T5325] dump_stack_lvl+0x241/0x360 [ 76.482115][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.484152][ T5325] ? __pfx__printk+0x10/0x10 [ 76.485894][ T5325] ? vscnprintf+0x5d/0x90 [ 76.487509][ T5325] panic+0x349/0x880 [ 76.489029][ T5325] ? check_panic_on_warn+0x21/0xb0 [ 76.491007][ T5325] ? __pfx_panic+0x10/0x10 [ 76.492850][ T5325] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 76.495172][ T5325] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.497769][ T5325] ? print_report+0x519/0x5b0 [ 76.499580][ T5325] check_panic_on_warn+0x86/0xb0 [ 76.501574][ T5325] ? hfs_bnode_read+0x16a/0x200 [ 76.503572][ T5325] end_report+0x77/0x160 [ 76.505309][ T5325] kasan_report+0x154/0x180 [ 76.507080][ T5325] ? hfs_bnode_read+0x16a/0x200 [ 76.508980][ T5325] kasan_check_range+0x28f/0x2a0 [ 76.510870][ T5325] ? hfs_bnode_read+0x16a/0x200 [ 76.512881][ T5325] __asan_memcpy+0x40/0x70 [ 76.514758][ T5325] hfs_bnode_read+0x16a/0x200 [ 76.516584][ T5325] hfs_bnode_read_key+0x174/0x240 [ 76.518632][ T5325] ? do_raw_spin_unlock+0x58/0x8b0 [ 76.520577][ T5325] ? __pfx_hfs_bnode_read_key+0x10/0x10 [ 76.522891][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 76.524961][ T5325] ? block_dirty_folio+0x167/0x1e0 [ 76.527107][ T5325] hfs_brec_insert+0x6a5/0xbe0 [ 76.529074][ T5325] ? __pfx_hfs_brec_insert+0x10/0x10 [ 76.531178][ T5325] hfs_cat_create+0x3de/0x760 [ 76.533195][ T5325] ? __pfx_hfs_cat_create+0x10/0x10 [ 76.535346][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 76.537364][ T5325] ? hfs_new_inode+0x8df/0xba0 [ 76.539279][ T5325] hfs_create+0x66/0xe0 [ 76.540999][ T5325] ? __pfx_hfs_create+0x10/0x10 [ 76.543054][ T5325] path_openat+0x194b/0x35d0 [ 76.545036][ T5325] ? __pfx_path_openat+0x10/0x10 [ 76.547105][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.549685][ T5325] do_filp_open+0x284/0x4e0 [ 76.551618][ T5325] ? __pfx_do_filp_open+0x10/0x10 [ 76.553676][ T5325] ? do_raw_spin_lock+0x151/0x370 [ 76.555744][ T5325] do_sys_openat2+0x12b/0x1d0 [ 76.557659][ T5325] ? __pfx_do_sys_openat2+0x10/0x10 [ 76.559762][ T5325] ? __rseq_handle_notify_resume+0x3c8/0x15d0 [ 76.562315][ T5325] __x64_sys_creat+0x124/0x170 [ 76.564247][ T5325] ? __pfx___x64_sys_creat+0x10/0x10 [ 76.566348][ T5325] ? do_syscall_64+0xb6/0x230 [ 76.568301][ T5325] do_syscall_64+0xf3/0x230 [ 76.570193][ T5325] ? clear_bhb_loop+0x45/0xa0 [ 76.572145][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.574612][ T5325] RIP: 0033:0x7f647298d169 [ 76.576463][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.584383][ T5325] RSP: 002b:00007f646edf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 76.587706][ T5325] RAX: ffffffffffffffda RBX: 00007f6472ba5fa0 RCX: 00007f647298d169 [ 76.590982][ T5325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0 [ 76.594152][ T5325] RBP: 00007f6472a0e730 R08: 0000000000000000 R09: 0000000000000000 [ 76.597440][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.600634][ T5325] R13: 0000000000000000 R14: 00007f6472ba5fa0 R15: 00007ffe255b9418 [ 76.603977][ T5325] [ 76.605607][ T5325] Kernel Offset: disabled [ 76.607360][ T5325] Rebooting in 86400 seconds..