program: r0 = syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYBLOB="23341129bfb4fcc388a80c49b4f4d96254cb9356759776b03b581050240d2d9a5cf3440e76c886f1e5c860656a3648101223fc288fc5274f0e609cfed0fc738d84eb544791dd1cb959421db9fbcb634df876aa2133fd62e245fb6b1ead07ca04772d78564af8f42015e5be557ab3bd60824768691005cbd3d295402693d934226595deeba1ff748b7dde9c617749aa38096ef667700a6b3668cb7296b024fbcf9f74e50bf0f834159f51737baac184f94dd13a9793b76946208f290637d8def94e5f56f1181da3eed500440f", @ANYBLOB="2b86cc0866f043ae112177e8d069d03a337454fddb71ccf58cf87c0c9166ec375c1658949bd54b1b401001d954", @ANYRESDEC=0x0, @ANYRESHEX], 0x11, 0x2d3, &(0x7f0000000680)="$eJzs3U9r1E4cx/HPZLft9telv9hWBI/Vgl6k1ot42SL7IMSDqN0ViktFW0G9WMWTiN69+xR8CoIXxSegJ08+gApCZCbZ7GabP3Vpk66+X+CSTfLNfCfJZGYWbATgn3W1/fXdpe/2n5Fqqkkvr0iepIZUl3RSpxoPt3Y2d3rdTs5x9gLHRhmFkWbfThtb3bTYhqKIiG+/1dUcXoejEQTB+jdJ21Ungkq51p/Ck2ai1um2N0rPLN+zMeN2DzmPSWP2tKdHmq86DwBAtaL+34v6+WY0fvc8aSXq9o9l/z+u1MHOXyXI3TrU/7tZVmDsKfnfbRrM99wUzm73+rNEabqw5KmR7y7CGznnpmhW6XLxZu9s9roXNu71Op6eqxUZ2m3JfXbCW7dvkG2q5ZS5aY6CoylsK2kjyjlXhylbh7WM/BfHLHFs5qP5bG4YX2/Vicd/9cDYy+SulD9ypcL8V7OP6Grp270UPTZarZaX2OWEK+R08u4pqGUju5FOR8dM/EDgF+XpohZGosLaXSyIWgyj1mcTUWv9bxlRS4mybG3iuzm7vKNmXptrZlk/9F7tofG/Z/NbUW7LHLQasxJ2Be6Mh/WZVi+tuLo7pr+v59jV9WZyTXwWZ7JS/5n/TMOIpznbXum2Lmt++/GTu7Ver/vALtxKWbjfjNdMvZBS96lgwdNgjXYHm2YU/hC5L6rfKZWZ6vlDPaB9fhTubFtZKRU8NndCFQvtT+XeSFUslPSMQqUGF71w1w+lJISyuXFXOP8bmq+susGe/fBzxumFA7LoiIEdY8czoEYifsEt/fdHM7i57BncQedcZ85JZ+NVv4KCEv0oz8kQ5A39LNPWF93k938AAAAAAAAAAAAAAAAAAIBJU8Z/J6i6jgAAAAAAAAAAAAAAAAAAAAAATLr4/b/qv/9XB3v/7+hf/q6Fb3g5lPf/vtkS7/8Fjt7vAAAA//8bDYnK") move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000060000008000000042000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000540), &(0x7f0000000080), 0x619, r1}, 0x38) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000)=0x6, 0x4) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000340), 0xa8b40, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0) socketpair(0x22, 0x1, 0x1, &(0x7f0000000080)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$FS_IOC_GETFSSYSFSPATH(r0, 0x80811501, &(0x7f0000000140)={0x80}) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000060a090400000000000000000200000004801c0001800a000100696e6e65720000000c000280080003400000000c0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x74}}, 0x0) ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(r3, 0xc0106450, &(0x7f0000000240)={0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_PANTHOR_BO_MMAP_OFFSET(r3, 0xc0106446, &(0x7f0000000380)={r5}) [ 84.612064][ T45] Bluetooth: hci0: command tx timeout [ 84.869200][ T5318] loop0: detected capacity change from 0 to 64 [ 84.978622][ T5318] hfs: new node 0 already hashed? [ 84.981534][ T5318] ------------[ cut here ]------------ [ 84.983720][ T5318] 1 [ 84.983731][ T5318] WARNING: fs/hfs/bnode.c:520 at hfs_bnode_create+0x461/0x4f0, CPU#0: syz.0.0/5318 [ 84.991367][ T5318] Modules linked in: [ 84.993220][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.996984][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.001769][ T5318] RIP: 0010:hfs_bnode_create+0x461/0x4f0 [ 85.004215][ T5318] Code: e7 8b 89 ee e8 50 16 78 fe e9 cf fc ff ff e8 06 f4 15 ff 4c 89 ef e8 9e fc ff 08 48 c7 c7 00 e3 e7 8b 89 ee e8 30 16 78 fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff [ 85.012676][ T5318] RSP: 0018:ffffc9000e18f320 EFLAGS: 00010246 [ 85.015279][ T5318] RAX: 000000000000001f RBX: ffff8880369d2000 RCX: 6f274646e23f3400 [ 85.018858][ T5318] RDX: ffffc9000ef52000 RSI: 0000000000001afe RDI: 0000000000001aff [ 85.022576][ T5318] RBP: 0000000000000000 R08: ffffc9000e18f0a7 R09: 1ffff92001c31e14 [ 85.026077][ T5318] R10: dffffc0000000000 R11: fffff52001c31e15 R12: 0000000000000000 [ 85.029901][ T5318] R13: ffff8880369d20e0 R14: ffff8880122f3c00 R15: dffffc0000000000 [ 85.033747][ T5318] FS: 00007f4daf40c6c0(0000) GS:ffff88808ca67000(0000) knlGS:0000000000000000 [ 85.037725][ T5318] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.041080][ T5318] CR2: 0000200000000280 CR3: 000000000bb3f000 CR4: 0000000000352ef0 [ 85.044782][ T5318] Call Trace: [ 85.047306][ T5318] [ 85.048753][ T5318] ? do_raw_spin_unlock+0x4d/0x210 [ 85.051341][ T5318] hfs_bmap_alloc+0x5c1/0x650 [ 85.053474][ T5318] ? __pfx_hfs_bmap_alloc+0x10/0x10 [ 85.055835][ T5318] ? hfsplus_listxattr+0x88/0xe70 [ 85.058287][ T5318] ? __asan_memcpy+0x40/0x70 [ 85.060534][ T5318] hfs_bnode_split+0xd4/0x1090 [ 85.062652][ T5318] ? hfs_bnode_read+0x22d/0x7f0 [ 85.064829][ T5318] ? __asan_memcpy+0x40/0x70 [ 85.066857][ T5318] ? hfs_bnode_read+0x391/0x7f0 [ 85.069183][ T5318] ? hfs_bnode_read_u16+0x8d/0xe0 [ 85.071574][ T5318] ? __pfx_hfs_bnode_split+0x10/0x10 [ 85.073923][ T5318] ? __hfs_brec_find+0x31e/0x510 [ 85.076129][ T5318] hfs_brec_insert+0x3a1/0xc90 [ 85.078258][ T5318] ? __pfx_hfs_brec_insert+0x10/0x10 [ 85.080660][ T5318] ? __asan_memset+0x22/0x50 [ 85.082691][ T5318] ? hfs_cat_build_record+0x237/0x9f0 [ 85.085138][ T5318] hfs_cat_create+0x518/0x800 [ 85.087173][ T5318] ? __pfx_hfs_cat_create+0x10/0x10 [ 85.089669][ T5318] ? _raw_spin_unlock+0x28/0x50 [ 85.092155][ T5318] ? hfs_new_inode+0x92d/0xc70 [ 85.094411][ T5318] hfs_create+0x75/0xe0 [ 85.096150][ T5318] ? __pfx_hfs_create+0x10/0x10 [ 85.098125][ T5318] path_openat+0x1395/0x3860 [ 85.100146][ T5318] ? __pfx_path_openat+0x10/0x10 [ 85.102066][ T5318] ? __lock_acquire+0x6b5/0x2cf0 [ 85.104047][ T5318] do_file_open+0x23e/0x4a0 [ 85.105959][ T5318] ? __pfx_do_file_open+0x10/0x10 [ 85.108129][ T5318] ? _raw_spin_unlock+0x28/0x50 [ 85.112483][ T5318] ? alloc_fd+0x64b/0x6c0 [ 85.114405][ T5318] do_sys_openat2+0x113/0x200 [ 85.116472][ T5318] ? __se_sys_futex+0x3a8/0x450 [ 85.118598][ T5318] ? __pfx_do_sys_openat2+0x10/0x10 [ 85.120975][ T5318] ? rcu_is_watching+0x15/0xb0 [ 85.122982][ T5318] __x64_sys_openat+0x138/0x170 [ 85.125163][ T5318] do_syscall_64+0x14d/0xf80 [ 85.127165][ T5318] ? trace_irq_disable+0x3b/0x150 [ 85.129479][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.132149][ T5318] ? clear_bhb_loop+0x40/0x90 [ 85.134180][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.137147][ T5318] RIP: 0033:0x7f4dae59bf79 [ 85.139734][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.147976][ T5318] RSP: 002b:00007f4daf40c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 85.156105][ T5318] RAX: ffffffffffffffda RBX: 00007f4dae815fa0 RCX: 00007f4dae59bf79 [ 85.159845][ T5318] RDX: 000000000000275a RSI: 0000200000000280 RDI: ffffffffffffff9c [ 85.163161][ T5318] RBP: 00007f4dae6327e0 R08: 0000000000000000 R09: 0000000000000000 [ 85.166484][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.170130][ T5318] R13: 00007f4dae816038 R14: 00007f4dae815fa0 R15: 00007ffd5a38a308 [ 85.173204][ T5318] [ 85.174471][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.177803][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.181667][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.186004][ T5318] Call Trace: [ 85.187513][ T5318] [ 85.189410][ T5318] vpanic+0x56c/0xa60 [ 85.191215][ T5318] ? __pfx__printk+0x10/0x10 [ 85.193275][ T5318] ? __pfx_vpanic+0x10/0x10 [ 85.195366][ T5318] ? is_bpf_text_address+0x292/0x2b0 [ 85.197883][ T5318] ? is_bpf_text_address+0x26/0x2b0 [ 85.200323][ T5318] panic+0xc5/0xd0 [ 85.201941][ T5318] ? __pfx_panic+0x10/0x10 [ 85.203931][ T5318] __warn+0x315/0x4f0 [ 85.205810][ T5318] ? hfs_bnode_create+0x461/0x4f0 [ 85.208065][ T5318] ? hfs_bnode_create+0x461/0x4f0 [ 85.210332][ T5318] __report_bug+0x29a/0x540 [ 85.212356][ T5318] ? preempt_schedule_thunk+0x16/0x30 [ 85.214688][ T5318] ? hfs_bnode_create+0x461/0x4f0 [ 85.216947][ T5318] ? __pfx___report_bug+0x10/0x10 [ 85.219285][ T5318] ? __wake_up_klogd+0xe6/0x120 [ 85.221335][ T5318] ? vprintk_emit+0x4eb/0x560 [ 85.223193][ T5318] ? __pfx_vprintk_emit+0x10/0x10 [ 85.225151][ T5318] ? hfs_bnode_create+0x461/0x4f0 [ 85.227116][ T5318] report_bug+0x16a/0x220 [ 85.228879][ T5318] ? hfs_bnode_create+0x461/0x4f0 [ 85.230784][ T5318] ? hfs_bnode_create+0x463/0x4f0 [ 85.232631][ T5318] handle_bug+0x98/0x200 [ 85.234253][ T5318] exc_invalid_op+0x1a/0x50 [ 85.236056][ T5318] asm_exc_invalid_op+0x1a/0x20 [ 85.238241][ T5318] RIP: 0010:hfs_bnode_create+0x461/0x4f0 [ 85.240740][ T5318] Code: e7 8b 89 ee e8 50 16 78 fe e9 cf fc ff ff e8 06 f4 15 ff 4c 89 ef e8 9e fc ff 08 48 c7 c7 00 e3 e7 8b 89 ee e8 30 16 78 fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff [ 85.248704][ T5318] RSP: 0018:ffffc9000e18f320 EFLAGS: 00010246 [ 85.251165][ T5318] RAX: 000000000000001f RBX: ffff8880369d2000 RCX: 6f274646e23f3400 [ 85.254166][ T5318] RDX: ffffc9000ef52000 RSI: 0000000000001afe RDI: 0000000000001aff [ 85.257464][ T5318] RBP: 0000000000000000 R08: ffffc9000e18f0a7 R09: 1ffff92001c31e14 [ 85.260667][ T5318] R10: dffffc0000000000 R11: fffff52001c31e15 R12: 0000000000000000 [ 85.263836][ T5318] R13: ffff8880369d20e0 R14: ffff8880122f3c00 R15: dffffc0000000000 [ 85.267326][ T5318] ? do_raw_spin_unlock+0x4d/0x210 [ 85.269465][ T5318] hfs_bmap_alloc+0x5c1/0x650 [ 85.271388][ T5318] ? __pfx_hfs_bmap_alloc+0x10/0x10 [ 85.273506][ T5318] ? hfsplus_listxattr+0x88/0xe70 [ 85.275604][ T5318] ? __asan_memcpy+0x40/0x70 [ 85.277540][ T5318] hfs_bnode_split+0xd4/0x1090 [ 85.279543][ T5318] ? hfs_bnode_read+0x22d/0x7f0 [ 85.281592][ T5318] ? __asan_memcpy+0x40/0x70 [ 85.283617][ T5318] ? hfs_bnode_read+0x391/0x7f0 [ 85.285722][ T5318] ? hfs_bnode_read_u16+0x8d/0xe0 [ 85.287876][ T5318] ? __pfx_hfs_bnode_split+0x10/0x10 [ 85.290168][ T5318] ? __hfs_brec_find+0x31e/0x510 [ 85.292284][ T5318] hfs_brec_insert+0x3a1/0xc90 [ 85.294436][ T5318] ? __pfx_hfs_brec_insert+0x10/0x10 [ 85.296310][ T5318] ? __asan_memset+0x22/0x50 [ 85.298190][ T5318] ? hfs_cat_build_record+0x237/0x9f0 [ 85.300289][ T5318] hfs_cat_create+0x518/0x800 [ 85.302174][ T5318] ? __pfx_hfs_cat_create+0x10/0x10 [ 85.304085][ T5318] ? _raw_spin_unlock+0x28/0x50 [ 85.305935][ T5318] ? hfs_new_inode+0x92d/0xc70 [ 85.307647][ T5318] hfs_create+0x75/0xe0 [ 85.309715][ T5318] ? __pfx_hfs_create+0x10/0x10 [ 85.312204][ T5318] path_openat+0x1395/0x3860 [ 85.314573][ T5318] ? __pfx_path_openat+0x10/0x10 [ 85.316799][ T5318] ? __lock_acquire+0x6b5/0x2cf0 [ 85.319257][ T5318] do_file_open+0x23e/0x4a0 [ 85.321330][ T5318] ? __pfx_do_file_open+0x10/0x10 [ 85.323575][ T5318] ? _raw_spin_unlock+0x28/0x50 [ 85.325849][ T5318] ? alloc_fd+0x64b/0x6c0 [ 85.327805][ T5318] do_sys_openat2+0x113/0x200 [ 85.329933][ T5318] ? __se_sys_futex+0x3a8/0x450 [ 85.332157][ T5318] ? __pfx_do_sys_openat2+0x10/0x10 [ 85.334366][ T5318] ? rcu_is_watching+0x15/0xb0 [ 85.336421][ T5318] __x64_sys_openat+0x138/0x170 [ 85.338561][ T5318] do_syscall_64+0x14d/0xf80 [ 85.340753][ T5318] ? trace_irq_disable+0x3b/0x150 [ 85.343089][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.345861][ T5318] ? clear_bhb_loop+0x40/0x90 [ 85.348120][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.350668][ T5318] RIP: 0033:0x7f4dae59bf79 [ 85.353407][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.361820][ T5318] RSP: 002b:00007f4daf40c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 85.365533][ T5318] RAX: ffffffffffffffda RBX: 00007f4dae815fa0 RCX: 00007f4dae59bf79 [ 85.369154][ T5318] RDX: 000000000000275a RSI: 0000200000000280 RDI: ffffffffffffff9c [ 85.372618][ T5318] RBP: 00007f4dae6327e0 R08: 0000000000000000 R09: 0000000000000000 [ 85.376185][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.379681][ T5318] R13: 00007f4dae816038 R14: 00007f4dae815fa0 R15: 00007ffd5a38a308 [ 85.383114][ T5318] [ 85.384778][ T5318] Kernel Offset: disabled [ 85.386640][ T5318] Rebooting in 86400 seconds..