program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000240)={r5, 0x5, 0x6, @multicast}, 0x10) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={r5, 0x1, 0x6, @link_local}, 0x10) setsockopt$packet_add_memb(r3, 0x107, 0x2, &(0x7f0000000080)={r5, 0x5, 0x6, @multicast}, 0x10) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000030001c0"]) ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000000)) lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") (async) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async) socket$packet(0x11, 0x3, 0x300) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) (async) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000240)={r5, 0x5, 0x6, @multicast}, 0x10) (async) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={r5, 0x1, 0x6, @link_local}, 0x10) (async) setsockopt$packet_add_memb(r3, 0x107, 0x2, &(0x7f0000000080)={r5, 0x5, 0x6, @multicast}, 0x10) (async) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000030001c0"]) (async) ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000000)) (async) lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) (async) [ 85.117493][ T4688] Bluetooth: hci0: command tx timeout [ 85.167393][ T5349] loop0: detected capacity change from 0 to 1024 [ 85.270371][ T5349] batadv_slave_1: entered promiscuous mode [ 85.273550][ T5349] hfsplus: request for non-existent node 211 in B*Tree [ 85.276674][ T5349] hfsplus: request for non-existent node 211 in B*Tree [ 85.283688][ T5350] ================================================================== [ 85.287243][ T5350] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0 [ 85.290574][ T5350] Read of size 8 at addr ffff888036c1bac8 by task syz.0.0/5350 [ 85.293770][ T5350] [ 85.294867][ T5350] CPU: 0 UID: 0 PID: 5350 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) [ 85.294880][ T5350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.294887][ T5350] Call Trace: [ 85.294894][ T5350] [ 85.294898][ T5350] dump_stack_lvl+0x189/0x250 [ 85.294910][ T5350] ? __virt_addr_valid+0x1c8/0x5c0 [ 85.294919][ T5350] ? rcu_is_watching+0x15/0xb0 [ 85.294926][ T5350] ? __kasan_check_byte+0x12/0x40 [ 85.294934][ T5350] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.294941][ T5350] ? rcu_is_watching+0x15/0xb0 [ 85.294948][ T5350] ? lock_release+0x4b/0x3e0 [ 85.294955][ T5350] ? __virt_addr_valid+0x1c8/0x5c0 [ 85.294963][ T5350] ? __virt_addr_valid+0x4a5/0x5c0 [ 85.294971][ T5350] print_report+0xca/0x230 [ 85.294977][ T5350] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.294984][ T5350] kasan_report+0x118/0x150 [ 85.294992][ T5350] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.294999][ T5350] hfsplus_bnode_read+0xc0/0x2a0 [ 85.295006][ T5350] hfsplus_bnode_dump+0x300/0x450 [ 85.295013][ T5350] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 85.295020][ T5350] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 85.295026][ T5350] ? hfsplus_bnode_move+0x393/0xb90 [ 85.295033][ T5350] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 85.295040][ T5350] hfsplus_brec_remove+0x480/0x550 [ 85.295049][ T5350] __hfsplus_delete_attr+0x1d4/0x360 [ 85.295057][ T5350] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 85.295066][ T5350] ? hfsplus_attr_build_key+0xee/0x260 [ 85.295073][ T5350] hfsplus_delete_attr+0x231/0x2d0 [ 85.295081][ T5350] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 85.295089][ T5350] ? hfsplus_find_init+0x8c/0x1d0 [ 85.295106][ T5350] ? hfsplus_find_init+0x15a/0x1d0 [ 85.295117][ T5350] __hfsplus_setxattr+0x37a/0x1f40 [ 85.295130][ T5350] ? is_bpf_text_address+0x26/0x2b0 [ 85.295138][ T5350] ? kernel_text_address+0xa5/0xe0 [ 85.295145][ T5350] ? unwind_get_return_address+0x4d/0x90 [ 85.295152][ T5350] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 85.295161][ T5350] ? arch_stack_walk+0xfc/0x150 [ 85.295169][ T5350] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 85.295178][ T5350] ? stack_trace_save+0x9c/0xe0 [ 85.295202][ T5350] ? hfsplus_setxattr+0x68/0x180 [ 85.295214][ T5350] ? __kasan_kmalloc+0x93/0xb0 [ 85.295225][ T5350] ? hfsplus_setxattr+0x102/0x180 [ 85.295234][ T5350] hfsplus_setxattr+0x11e/0x180 [ 85.295243][ T5350] hfsplus_trusted_setxattr+0x40/0x60 [ 85.295252][ T5350] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 85.295260][ T5350] __vfs_setxattr+0x43c/0x480 [ 85.295270][ T5350] __vfs_setxattr_noperm+0x12d/0x660 [ 85.295279][ T5350] vfs_setxattr+0x16b/0x2f0 [ 85.295287][ T5350] ? __pfx_vfs_setxattr+0x10/0x10 [ 85.295294][ T5350] ? mnt_get_write_access+0x223/0x2a0 [ 85.295302][ T5350] filename_setxattr+0x274/0x600 [ 85.295311][ T5350] ? __pfx_filename_setxattr+0x10/0x10 [ 85.295319][ T5350] ? getname_flags+0x1e5/0x540 [ 85.295329][ T5350] path_setxattrat+0x364/0x3a0 [ 85.295336][ T5350] ? __pfx_path_setxattrat+0x10/0x10 [ 85.295348][ T5350] ? exc_page_fault+0x76/0xf0 [ 85.295407][ T5350] ? do_user_addr_fault+0xc8a/0x1390 [ 85.295417][ T5350] __x64_sys_setxattr+0xbc/0xe0 [ 85.295429][ T5350] do_syscall_64+0xfa/0x3b0 [ 85.295436][ T5350] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.295442][ T5350] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.295448][ T5350] ? clear_bhb_loop+0x60/0xb0 [ 85.295455][ T5350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.295462][ T5350] RIP: 0033:0x7f10d838e9a9 [ 85.295470][ T5350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.295475][ T5350] RSP: 002b:00007f10d925c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 85.295486][ T5350] RAX: ffffffffffffffda RBX: 00007f10d85b6080 RCX: 00007f10d838e9a9 [ 85.295493][ T5350] RDX: 0000200000001400 RSI: 0000200000000240 RDI: 0000200000000280 [ 85.295499][ T5350] RBP: 00007f10d8410ca1 R08: 0000000000000000 R09: 0000000000000000 [ 85.295505][ T5350] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000 [ 85.295511][ T5350] R13: 0000000000000001 R14: 00007f10d85b6080 R15: 00007ffcbcee99b8 [ 85.295521][ T5350] [ 85.295525][ T5350] [ 85.475518][ T5350] Allocated by task 5349: [ 85.477247][ T5350] kasan_save_track+0x3e/0x80 [ 85.479275][ T5350] __kasan_kmalloc+0x93/0xb0 [ 85.481273][ T5350] __kmalloc_noprof+0x27a/0x4f0 [ 85.483412][ T5350] __hfs_bnode_create+0xf3/0x810 [ 85.485343][ T5350] hfsplus_bnode_find+0x224/0xd20 [ 85.487439][ T5350] hfsplus_brec_find+0x15c/0x500 [ 85.489544][ T5350] hfsplus_attr_exists+0x163/0x1d0 [ 85.491645][ T5350] __hfsplus_setxattr+0x33e/0x1f40 [ 85.493803][ T5350] hfsplus_setxattr+0x11e/0x180 [ 85.496039][ T5350] hfsplus_trusted_setxattr+0x40/0x60 [ 85.498352][ T5350] __vfs_setxattr+0x43c/0x480 [ 85.500369][ T5350] __vfs_setxattr_noperm+0x12d/0x660 [ 85.502532][ T5350] vfs_setxattr+0x16b/0x2f0 [ 85.504655][ T5350] filename_setxattr+0x274/0x600 [ 85.507183][ T5350] path_setxattrat+0x364/0x3a0 [ 85.509301][ T5350] __x64_sys_setxattr+0xbc/0xe0 [ 85.511277][ T5350] do_syscall_64+0xfa/0x3b0 [ 85.513147][ T5350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.515420][ T5350] [ 85.516396][ T5350] The buggy address belongs to the object at ffff888036c1ba00 [ 85.516396][ T5350] which belongs to the cache kmalloc-192 of size 192 [ 85.521778][ T5350] The buggy address is located 48 bytes to the right of [ 85.521778][ T5350] allocated 152-byte region [ffff888036c1ba00, ffff888036c1ba98) [ 85.527412][ T5350] [ 85.528416][ T5350] The buggy address belongs to the physical page: [ 85.531121][ T5350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c1b [ 85.534396][ T5350] anon flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 85.537339][ T5350] page_type: f5(slab) [ 85.538907][ T5350] raw: 04fff00000000000 ffff88801a4413c0 0000000000000000 dead000000000001 [ 85.542371][ T5350] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 85.546193][ T5350] page dumped because: kasan: bad access detected [ 85.548775][ T5350] page_owner tracks the page as allocated [ 85.551028][ T5350] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 17526804538, free_ts 0 [ 85.557983][ T5350] post_alloc_hook+0x240/0x2a0 [ 85.559909][ T5350] get_page_from_freelist+0x21e4/0x22c0 [ 85.562279][ T5350] __alloc_frozen_pages_noprof+0x181/0x370 [ 85.564688][ T5350] alloc_pages_mpol+0x232/0x4a0 [ 85.566729][ T5350] allocate_slab+0x8a/0x3b0 [ 85.568518][ T5350] ___slab_alloc+0xbfc/0x1480 [ 85.570610][ T5350] __kmalloc_noprof+0x305/0x4f0 [ 85.572521][ T5350] usb_alloc_urb+0x46/0x150 [ 85.574504][ T5350] usb_control_msg+0x118/0x3e0 [ 85.576252][ T5350] hub_suspend+0x773/0x990 [ 85.577978][ T5350] usb_suspend_both+0x28d/0x1060 [ 85.579915][ T5350] usb_runtime_suspend+0x58/0x110 [ 85.582086][ T5350] __rpm_callback+0x2ee/0x7f0 [ 85.583984][ T5350] rpm_suspend+0x848/0x1720 [ 85.586327][ T5350] __pm_runtime_suspend+0x12f/0x1a0 [ 85.588555][ T5350] usb_new_device+0xb8b/0x16c0 [ 85.590585][ T5350] page_owner free stack trace missing [ 85.592690][ T5350] [ 85.593745][ T5350] Memory state around the buggy address: [ 85.596172][ T5350] ffff888036c1b980: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 85.599460][ T5350] ffff888036c1ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.602705][ T5350] >ffff888036c1ba80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.606285][ T5350] ^ [ 85.609523][ T5350] ffff888036c1bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.613158][ T5350] ffff888036c1bb80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 85.616729][ T5350] ================================================================== [ 85.644644][ T5350] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.648154][ T5350] CPU: 0 UID: 0 PID: 5350 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) [ 85.653233][ T5350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.657947][ T5350] Call Trace: [ 85.659446][ T5350] [ 85.660789][ T5350] dump_stack_lvl+0x99/0x250 [ 85.662864][ T5350] ? __asan_memcpy+0x40/0x70 [ 85.665148][ T5350] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.667598][ T5350] ? __pfx__printk+0x10/0x10 [ 85.669606][ T5350] panic+0x2db/0x790 [ 85.671386][ T5350] ? __pfx_preempt_schedule+0x10/0x10 [ 85.673885][ T5350] ? __pfx_panic+0x10/0x10 [ 85.675986][ T5350] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 85.678558][ T5350] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.681658][ T5350] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.684160][ T5350] check_panic_on_warn+0x89/0xb0 [ 85.686415][ T5350] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.688610][ T5350] end_report+0x78/0x160 [ 85.690452][ T5350] kasan_report+0x129/0x150 [ 85.692546][ T5350] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.694798][ T5350] hfsplus_bnode_read+0xc0/0x2a0 [ 85.696960][ T5350] hfsplus_bnode_dump+0x300/0x450 [ 85.699231][ T5350] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 85.701783][ T5350] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 85.704250][ T5350] ? hfsplus_bnode_move+0x393/0xb90 [ 85.706537][ T5350] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 85.708952][ T5350] hfsplus_brec_remove+0x480/0x550 [ 85.711187][ T5350] __hfsplus_delete_attr+0x1d4/0x360 [ 85.713574][ T5350] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 85.716312][ T5350] ? hfsplus_attr_build_key+0xee/0x260 [ 85.718758][ T5350] hfsplus_delete_attr+0x231/0x2d0 [ 85.721114][ T5350] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 85.723415][ T5350] ? hfsplus_find_init+0x8c/0x1d0 [ 85.725732][ T5350] ? hfsplus_find_init+0x15a/0x1d0 [ 85.727844][ T5350] __hfsplus_setxattr+0x37a/0x1f40 [ 85.730175][ T5350] ? is_bpf_text_address+0x26/0x2b0 [ 85.732552][ T5350] ? kernel_text_address+0xa5/0xe0 [ 85.734805][ T5350] ? unwind_get_return_address+0x4d/0x90 [ 85.737233][ T5350] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 85.739961][ T5350] ? arch_stack_walk+0xfc/0x150 [ 85.741989][ T5350] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 85.744460][ T5350] ? stack_trace_save+0x9c/0xe0 [ 85.746407][ T5350] ? hfsplus_setxattr+0x68/0x180 [ 85.748731][ T5350] ? __kasan_kmalloc+0x93/0xb0 [ 85.750604][ T5350] ? hfsplus_setxattr+0x102/0x180 [ 85.752856][ T5350] hfsplus_setxattr+0x11e/0x180 [ 85.755420][ T5350] hfsplus_trusted_setxattr+0x40/0x60 [ 85.758025][ T5350] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 85.760760][ T5350] __vfs_setxattr+0x43c/0x480 [ 85.762847][ T5350] __vfs_setxattr_noperm+0x12d/0x660 [ 85.764999][ T5350] vfs_setxattr+0x16b/0x2f0 [ 85.766883][ T5350] ? __pfx_vfs_setxattr+0x10/0x10 [ 85.768919][ T5350] ? mnt_get_write_access+0x223/0x2a0 [ 85.771254][ T5350] filename_setxattr+0x274/0x600 [ 85.773458][ T5350] ? __pfx_filename_setxattr+0x10/0x10 [ 85.775899][ T5350] ? getname_flags+0x1e5/0x540 [ 85.777961][ T5350] path_setxattrat+0x364/0x3a0 [ 85.779912][ T5350] ? __pfx_path_setxattrat+0x10/0x10 [ 85.782565][ T5350] ? exc_page_fault+0x76/0xf0 [ 85.784730][ T5350] ? do_user_addr_fault+0xc8a/0x1390 [ 85.787180][ T5350] __x64_sys_setxattr+0xbc/0xe0 [ 85.789256][ T5350] do_syscall_64+0xfa/0x3b0 [ 85.791242][ T5350] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.793505][ T5350] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.796271][ T5350] ? clear_bhb_loop+0x60/0xb0 [ 85.798548][ T5350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.801523][ T5350] RIP: 0033:0x7f10d838e9a9 [ 85.803559][ T5350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.811960][ T5350] RSP: 002b:00007f10d925c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 85.816072][ T5350] RAX: ffffffffffffffda RBX: 00007f10d85b6080 RCX: 00007f10d838e9a9 [ 85.819788][ T5350] RDX: 0000200000001400 RSI: 0000200000000240 RDI: 0000200000000280 [ 85.823184][ T5350] RBP: 00007f10d8410ca1 R08: 0000000000000000 R09: 0000000000000000 [ 85.826521][ T5350] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000 [ 85.829937][ T5350] R13: 0000000000000001 R14: 00007f10d85b6080 R15: 00007ffcbcee99b8 [ 85.833354][ T5350] [ 85.835232][ T5350] Kernel Offset: disabled [ 85.837181][ T5350] Rebooting in 86400 seconds..