Warning: Permanently added '[localhost]:42255' (ED25519) to the list of known hosts.
2025/07/18 06:22:12 ignoring optional flag "sandboxArg"="0"
2025/07/18 06:22:14 parsed 1 programs
syzkaller login: [ 89.729820][ T5331] cgroup: Unknown subsys name 'net'
[ 89.799951][ T5331] cgroup: Unknown subsys name 'cpuset'
[ 89.807430][ T5331] cgroup: Unknown subsys name 'rlimit'
[ 91.720255][ T5331] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.902019][ T54] cfg80211: failed to load regulatory.db
[ 97.095556][ T5347] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 98.205429][ T5363] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 98.212890][ T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 98.216950][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 98.221162][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 98.224547][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 99.201488][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.204833][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.267322][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.271578][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.421134][ T5402] chnl_net:caif_netlink_parms(): no params data found
[ 102.529845][ T5402] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.533800][ T5402] bridge0: port 1(bridge_slave_0) entered disabled state
[ 102.537829][ T5402] bridge_slave_0: entered allmulticast mode
[ 102.546050][ T5402] bridge_slave_0: entered promiscuous mode
[ 102.557890][ T5402] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.561965][ T5402] bridge0: port 2(bridge_slave_1) entered disabled state
[ 102.565172][ T5402] bridge_slave_1: entered allmulticast mode
[ 102.578868][ T5402] bridge_slave_1: entered promiscuous mode
[ 102.628109][ T5402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 102.634799][ T5402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 102.663368][ T5402] team0: Port device team_slave_0 added
[ 102.668389][ T5402] team0: Port device team_slave_1 added
[ 102.689352][ T5402] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 102.694159][ T5402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 102.707211][ T5402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 102.715227][ T5402] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 102.720903][ T5402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 102.733386][ T5402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 102.771308][ T5402] hsr_slave_0: entered promiscuous mode
[ 102.774784][ T5402] hsr_slave_1: entered promiscuous mode
[ 102.945354][ T5402] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 102.957453][ T5402] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 102.965328][ T5402] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 102.973310][ T5402] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 103.012067][ T5402] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.015224][ T5402] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.019593][ T5402] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.023249][ T5402] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.085391][ T5402] 8021q: adding VLAN 0 to HW filter on device bond0
[ 103.102592][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.110531][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.123814][ T5402] 8021q: adding VLAN 0 to HW filter on device team0
[ 103.134059][ T1039] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.137314][ T1039] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.151357][ T1039] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.154773][ T1039] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.400515][ T5402] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 103.450142][ T5402] veth0_vlan: entered promiscuous mode
[ 103.460658][ T5402] veth1_vlan: entered promiscuous mode
[ 103.494652][ T5402] veth0_macvtap: entered promiscuous mode
[ 103.502893][ T5402] veth1_macvtap: entered promiscuous mode
[ 103.521649][ T5402] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 103.535648][ T5402] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 103.544868][ T5402] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.551979][ T5402] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.557850][ T5402] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.561699][ T5402] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.774937][ T1039] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.813031][ T1039] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.862602][ T1039] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.924255][ T1039] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/07/18 06:22:32 executed programs: 0
[ 105.743832][ T4688] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 105.751060][ T4688] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 105.755034][ T4688] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 105.767029][ T4688] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 105.772009][ T4688] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 106.148969][ T1039] bridge_slave_1: left allmulticast mode
[ 106.152211][ T1039] bridge_slave_1: left promiscuous mode
[ 106.155685][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[ 106.190555][ T1039] bridge_slave_0: left allmulticast mode
[ 106.193795][ T1039] bridge_slave_0: left promiscuous mode
[ 106.207302][ T1039] bridge0: port 1(bridge_slave_0) entered disabled state
[ 106.947163][ T1039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 106.959185][ T1039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 106.978877][ T1039] bond0 (unregistering): Released all slaves
[ 107.001378][ T5437] chnl_net:caif_netlink_parms(): no params data found
[ 107.089189][ T1039] hsr_slave_0: left promiscuous mode
[ 107.092011][ T1039] hsr_slave_1: left promiscuous mode
[ 107.095056][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 107.099399][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 107.103329][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 107.108737][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 107.120199][ T1039] veth1_macvtap: left promiscuous mode
[ 107.122910][ T1039] veth0_macvtap: left promiscuous mode
[ 107.125419][ T1039] veth1_vlan: left promiscuous mode
[ 107.130100][ T1039] veth0_vlan: left promiscuous mode
[ 107.430392][ T1039] team0 (unregistering): Port device team_slave_1 removed
[ 107.458134][ T1039] team0 (unregistering): Port device team_slave_0 removed
[ 107.808120][ T4688] Bluetooth: hci0: command tx timeout
[ 107.919122][ T5437] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.928647][ T5437] bridge0: port 1(bridge_slave_0) entered disabled state
[ 107.932285][ T5437] bridge_slave_0: entered allmulticast mode
[ 107.952029][ T5437] bridge_slave_0: entered promiscuous mode
[ 107.967252][ T5437] bridge0: port 2(bridge_slave_1) entered blocking state
[ 107.975524][ T5437] bridge0: port 2(bridge_slave_1) entered disabled state
[ 107.983437][ T5437] bridge_slave_1: entered allmulticast mode
[ 107.996231][ T5437] bridge_slave_1: entered promiscuous mode
[ 108.079009][ T5437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 108.099191][ T5437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 108.370593][ T5437] team0: Port device team_slave_0 added
[ 108.418576][ T5437] team0: Port device team_slave_1 added
[ 108.498506][ T5437] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 108.511557][ T5437] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 108.536284][ T5437] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 108.558461][ T5437] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 108.561577][ T5437] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 108.595054][ T5437] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 108.677422][ T5437] hsr_slave_0: entered promiscuous mode
[ 108.680844][ T5437] hsr_slave_1: entered promiscuous mode
[ 109.319309][ T5437] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 109.343472][ T5437] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 109.353633][ T5437] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 109.371005][ T5437] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 109.522875][ T5437] 8021q: adding VLAN 0 to HW filter on device bond0
[ 109.564238][ T5437] 8021q: adding VLAN 0 to HW filter on device team0
[ 109.581358][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.584658][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 109.619080][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.622986][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 109.892146][ T4688] Bluetooth: hci0: command tx timeout
[ 109.979374][ T5437] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 110.043024][ T5437] veth0_vlan: entered promiscuous mode
[ 110.062480][ T5437] veth1_vlan: entered promiscuous mode
[ 110.114663][ T5437] veth0_macvtap: entered promiscuous mode
[ 110.128938][ T5437] veth1_macvtap: entered promiscuous mode
[ 110.160569][ T5437] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 110.179307][ T5437] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 110.197698][ T5437] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.201452][ T5437] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.205417][ T5437] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.221942][ T5437] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.339314][ T1048] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.342657][ T1048] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.393289][ T1039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 110.398931][ T1039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 110.547345][ T5494] loop0: detected capacity change from 0 to 1024
[ 110.673996][ T5494] hfsplus: request for non-existent node 134217728 in B*Tree
[ 110.686814][ T5494] hfsplus: request for non-existent node 134217728 in B*Tree
[ 110.691807][ T5494] ==================================================================
[ 110.695451][ T5494] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[ 110.699108][ T5494] Read of size 8 at addr ffff888036764fe0 by task syz.0.16/5494
[ 110.703561][ T5494]
[ 110.704638][ T5494] CPU: 0 UID: 0 PID: 5494 Comm: syz.0.16 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full)
[ 110.704655][ T5494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 110.704661][ T5494] Call Trace:
[ 110.704669][ T5494]
[ 110.704682][ T5494] dump_stack_lvl+0x189/0x250
[ 110.704700][ T5494] ? __virt_addr_valid+0x1c8/0x5c0
[ 110.704714][ T5494] ? rcu_is_watching+0x15/0xb0
[ 110.704725][ T5494] ? __kasan_check_byte+0x12/0x40
[ 110.704737][ T5494] ? __pfx_dump_stack_lvl+0x10/0x10
[ 110.704748][ T5494] ? rcu_is_watching+0x15/0xb0
[ 110.704758][ T5494] ? lock_release+0x4b/0x3e0
[ 110.704768][ T5494] ? __virt_addr_valid+0x1c8/0x5c0
[ 110.704780][ T5494] ? __virt_addr_valid+0x4a5/0x5c0
[ 110.704792][ T5494] print_report+0xca/0x230
[ 110.704801][ T5494] ? hfsplus_bnode_read+0xc0/0x2a0
[ 110.704814][ T5494] kasan_report+0x118/0x150
[ 110.704825][ T5494] ? hfsplus_bnode_read+0xc0/0x2a0
[ 110.704835][ T5494] hfsplus_bnode_read+0xc0/0x2a0
[ 110.704846][ T5494] hfsplus_bnode_dump+0x300/0x450
[ 110.704858][ T5494] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 110.704867][ T5494] ? hfsplus_bnode_write_u16+0x8b/0xd0
[ 110.704877][ T5494] ? hfsplus_bnode_move+0x393/0xb90
[ 110.704887][ T5494] ? __pfx___hfsplus_brec_find+0x10/0x10
[ 110.704899][ T5494] hfsplus_brec_remove+0x480/0x550
[ 110.704913][ T5494] __hfsplus_delete_attr+0x1d4/0x360
[ 110.704926][ T5494] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 110.704939][ T5494] ? hfsplus_attr_build_key+0xee/0x260
[ 110.704950][ T5494] hfsplus_delete_attr+0x231/0x2d0
[ 110.704962][ T5494] ? __pfx_hfsplus_delete_attr+0x10/0x10
[ 110.704975][ T5494] ? hfsplus_find_init+0x8c/0x1d0
[ 110.704987][ T5494] ? hfsplus_find_init+0x15a/0x1d0
[ 110.704997][ T5494] __hfsplus_setxattr+0x71c/0x1f40
[ 110.705009][ T5494] ? is_bpf_text_address+0x26/0x2b0
[ 110.705021][ T5494] ? kernel_text_address+0xa5/0xe0
[ 110.705031][ T5494] ? __kernel_text_address+0xd/0x40
[ 110.705040][ T5494] ? unwind_get_return_address+0x4d/0x90
[ 110.705052][ T5494] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 110.705065][ T5494] ? arch_stack_walk+0xfc/0x150
[ 110.705076][ T5494] ? __pfx___hfsplus_setxattr+0x10/0x10
[ 110.705090][ T5494] ? stack_trace_save+0x9c/0xe0
[ 110.705103][ T5494] ? __pfx_hfsplus_compare_dentry+0x10/0x10
[ 110.705129][ T5494] ? __kasan_kmalloc+0x93/0xb0
[ 110.705140][ T5494] ? hfsplus_setxattr+0x102/0x180
[ 110.705150][ T5494] hfsplus_setxattr+0x11e/0x180
[ 110.705159][ T5494] hfsplus_user_setxattr+0x40/0x60
[ 110.705166][ T5494] ? __pfx_hfsplus_user_setxattr+0x10/0x10
[ 110.705174][ T5494] __vfs_removexattr+0x42e/0x470
[ 110.705185][ T5494] __vfs_removexattr_locked+0x1ed/0x230
[ 110.705194][ T5494] vfs_removexattr+0x80/0x1b0
[ 110.705202][ T5494] path_removexattrat+0x35d/0x690
[ 110.705209][ T5494] ? __pfx_path_removexattrat+0x10/0x10
[ 110.705215][ T5494] ? do_futex+0x395/0x420
[ 110.705233][ T5494] ? __pfx___se_sys_futex+0x10/0x10
[ 110.705245][ T5494] ? rcu_is_watching+0x15/0xb0
[ 110.705256][ T5494] __x64_sys_removexattr+0x62/0x70
[ 110.705271][ T5494] do_syscall_64+0xfa/0x3b0
[ 110.705347][ T5494] ? lockdep_hardirqs_on+0x9c/0x150
[ 110.705354][ T5494] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.705361][ T5494] ? clear_bhb_loop+0x60/0xb0
[ 110.705368][ T5494] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.705375][ T5494] RIP: 0033:0x7f8c0b18e9a9
[ 110.705385][ T5494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 110.705393][ T5494] RSP: 002b:00007ffdc7c33988 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[ 110.705404][ T5494] RAX: ffffffffffffffda RBX: 00007f8c0b3b5fa0 RCX: 00007f8c0b18e9a9
[ 110.705411][ T5494] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[ 110.705418][ T5494] RBP: 00007f8c0b210ca1 R08: 0000000000000000 R09: 0000000000000000
[ 110.705424][ T5494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 110.705430][ T5494] R13: 00007f8c0b3b5fa0 R14: 00007f8c0b3b5fa0 R15: 0000000000000002
[ 110.705440][ T5494]
[ 110.705444][ T5494]
[ 110.884143][ T5494] Allocated by task 5494:
[ 110.885992][ T5494] kasan_save_track+0x3e/0x80
[ 110.888052][ T5494] __kasan_kmalloc+0x93/0xb0
[ 110.889933][ T5494] __kmalloc_noprof+0x27a/0x4f0
[ 110.892123][ T5494] __hfs_bnode_create+0xf3/0x810
[ 110.894271][ T5494] hfsplus_bnode_find+0x224/0xd20
[ 110.896495][ T5494] hfsplus_brec_find+0x15c/0x500
[ 110.898857][ T5494] hfsplus_attr_exists+0x163/0x1d0
[ 110.901228][ T5494] __hfsplus_setxattr+0x33e/0x1f40
[ 110.903521][ T5494] hfsplus_setxattr+0x11e/0x180
[ 110.905944][ T5494] hfsplus_user_setxattr+0x40/0x60
[ 110.908718][ T5494] __vfs_setxattr+0x43c/0x480
[ 110.911213][ T5494] __vfs_setxattr_noperm+0x12d/0x660
[ 110.914300][ T5494] vfs_setxattr+0x16b/0x2f0
[ 110.916831][ T5494] filename_setxattr+0x274/0x600
[ 110.919568][ T5494] path_setxattrat+0x364/0x3a0
[ 110.922044][ T5494] __x64_sys_setxattr+0xbc/0xe0
[ 110.924166][ T5494] do_syscall_64+0xfa/0x3b0
[ 110.926179][ T5494] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.928669][ T5494]
[ 110.929617][ T5494] The buggy address belongs to the object at ffff888036764f00
[ 110.929617][ T5494] which belongs to the cache kmalloc-192 of size 192
[ 110.935935][ T5494] The buggy address is located 72 bytes to the right of
[ 110.935935][ T5494] allocated 152-byte region [ffff888036764f00, ffff888036764f98)
[ 110.942046][ T5494]
[ 110.943107][ T5494] The buggy address belongs to the physical page:
[ 110.945652][ T5494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36764
[ 110.949321][ T5494] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 110.952305][ T5494] page_type: f5(slab)
[ 110.954192][ T5494] raw: 04fff00000000000 ffff88801a4413c0 ffffea000103ccc0 dead000000000004
[ 110.958209][ T5494] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 110.961901][ T5494] page dumped because: kasan: bad access detected
[ 110.964696][ T5494] page_owner tracks the page as allocated
[ 110.967254][ T5494] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 19276228078, free_ts 0
[ 110.975638][ T5494] post_alloc_hook+0x240/0x2a0
[ 110.977772][ T5494] get_page_from_freelist+0x21e4/0x22c0
[ 110.980368][ T5494] __alloc_frozen_pages_noprof+0x181/0x370
[ 110.983133][ T5494] alloc_pages_mpol+0x232/0x4a0
[ 110.985458][ T5494] allocate_slab+0x8a/0x3b0
[ 110.987734][ T5494] ___slab_alloc+0xbfc/0x1480
[ 110.989901][ T5494] __kmalloc_noprof+0x305/0x4f0
[ 110.992030][ T5494] usb_alloc_urb+0x46/0x150
[ 110.994080][ T5494] hub_probe+0x235f/0x37f0
[ 110.996145][ T5494] usb_probe_interface+0x641/0xbc0
[ 110.998482][ T5494] really_probe+0x26a/0x9a0
[ 111.000491][ T5494] __driver_probe_device+0x18c/0x2f0
[ 111.002872][ T5494] driver_probe_device+0x4f/0x430
[ 111.005199][ T5494] __device_attach_driver+0x2ce/0x530
[ 111.008010][ T5494] bus_for_each_drv+0x251/0x2e0
[ 111.010543][ T5494] __device_attach+0x2b8/0x400
[ 111.012990][ T5494] page_owner free stack trace missing
[ 111.015381][ T5494]
[ 111.016439][ T5494] Memory state around the buggy address:
[ 111.019008][ T5494] ffff888036764e80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.022580][ T5494] ffff888036764f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 111.026049][ T5494] >ffff888036764f80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.029493][ T5494] ^
[ 111.032708][ T5494] ffff888036765000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 111.036861][ T5494] ffff888036765080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc 00 00
[ 111.040394][ T5494] ==================================================================
[ 111.410847][ T5494] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 111.414349][ T5494] CPU: 0 UID: 0 PID: 5494 Comm: syz.0.16 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full)
[ 111.419739][ T5494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 111.424385][ T5494] Call Trace:
[ 111.425861][ T5494]
[ 111.427202][ T5494] dump_stack_lvl+0x99/0x250
[ 111.429254][ T5494] ? __asan_memcpy+0x40/0x70
[ 111.431261][ T5494] ? __pfx_dump_stack_lvl+0x10/0x10
[ 111.433467][ T5494] ? __pfx__printk+0x10/0x10
[ 111.435560][ T5494] panic+0x2db/0x790
[ 111.437308][ T5494] ? __pfx_preempt_schedule+0x10/0x10
[ 111.439748][ T5494] ? __pfx_panic+0x10/0x10
[ 111.441740][ T5494] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 111.444097][ T5494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 111.446830][ T5494] ? hfsplus_bnode_read+0xc0/0x2a0
[ 111.449078][ T5494] check_panic_on_warn+0x89/0xb0
[ 111.451322][ T5494] ? hfsplus_bnode_read+0xc0/0x2a0
[ 111.453632][ T5494] end_report+0x78/0x160
[ 111.455554][ T5494] kasan_report+0x129/0x150
[ 111.457606][ T5494] ? hfsplus_bnode_read+0xc0/0x2a0
[ 111.460056][ T5494] hfsplus_bnode_read+0xc0/0x2a0
[ 111.462258][ T5494] hfsplus_bnode_dump+0x300/0x450
[ 111.464460][ T5494] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 111.466763][ T5494] ? hfsplus_bnode_write_u16+0x8b/0xd0
[ 111.469084][ T5494] ? hfsplus_bnode_move+0x393/0xb90
[ 111.471085][ T5494] ? __pfx___hfsplus_brec_find+0x10/0x10
[ 111.473266][ T5494] hfsplus_brec_remove+0x480/0x550
[ 111.475423][ T5494] __hfsplus_delete_attr+0x1d4/0x360
[ 111.477832][ T5494] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 111.480741][ T5494] ? hfsplus_attr_build_key+0xee/0x260
[ 111.483184][ T5494] hfsplus_delete_attr+0x231/0x2d0
[ 111.485495][ T5494] ? __pfx_hfsplus_delete_attr+0x10/0x10
[ 111.488021][ T5494] ? hfsplus_find_init+0x8c/0x1d0
[ 111.490410][ T5494] ? hfsplus_find_init+0x15a/0x1d0
[ 111.493010][ T5494] __hfsplus_setxattr+0x71c/0x1f40
[ 111.495664][ T5494] ? is_bpf_text_address+0x26/0x2b0
[ 111.497832][ T5494] ? kernel_text_address+0xa5/0xe0
[ 111.499904][ T5494] ? __kernel_text_address+0xd/0x40
[ 111.502178][ T5494] ? unwind_get_return_address+0x4d/0x90
[ 111.504743][ T5494] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 111.507544][ T5494] ? arch_stack_walk+0xfc/0x150
[ 111.509713][ T5494] ? __pfx___hfsplus_setxattr+0x10/0x10
[ 111.512164][ T5494] ? stack_trace_save+0x9c/0xe0
[ 111.514229][ T5494] ? __pfx_hfsplus_compare_dentry+0x10/0x10
[ 111.516770][ T5494] ? __kasan_kmalloc+0x93/0xb0
[ 111.518908][ T5494] ? hfsplus_setxattr+0x102/0x180
[ 111.521213][ T5494] hfsplus_setxattr+0x11e/0x180
[ 111.523429][ T5494] hfsplus_user_setxattr+0x40/0x60
[ 111.525621][ T5494] ? __pfx_hfsplus_user_setxattr+0x10/0x10
[ 111.528148][ T5494] __vfs_removexattr+0x42e/0x470
[ 111.530371][ T5494] __vfs_removexattr_locked+0x1ed/0x230
[ 111.532741][ T5494] vfs_removexattr+0x80/0x1b0
[ 111.534940][ T5494] path_removexattrat+0x35d/0x690
[ 111.537128][ T5494] ? __pfx_path_removexattrat+0x10/0x10
[ 111.539515][ T5494] ? do_futex+0x395/0x420
[ 111.541337][ T5494] ? __pfx___se_sys_futex+0x10/0x10
[ 111.543623][ T5494] ? rcu_is_watching+0x15/0xb0
[ 111.545711][ T5494] __x64_sys_removexattr+0x62/0x70
[ 111.548071][ T5494] do_syscall_64+0xfa/0x3b0
[ 111.550054][ T5494] ? lockdep_hardirqs_on+0x9c/0x150
[ 111.552400][ T5494] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.555085][ T5494] ? clear_bhb_loop+0x60/0xb0
[ 111.557283][ T5494] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.559857][ T5494] RIP: 0033:0x7f8c0b18e9a9
[ 111.561867][ T5494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 111.570082][ T5494] RSP: 002b:00007ffdc7c33988 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[ 111.573724][ T5494] RAX: ffffffffffffffda RBX: 00007f8c0b3b5fa0 RCX: 00007f8c0b18e9a9
[ 111.577187][ T5494] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[ 111.580605][ T5494] RBP: 00007f8c0b210ca1 R08: 0000000000000000 R09: 0000000000000000
[ 111.584217][ T5494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 111.587671][ T5494] R13: 00007f8c0b3b5fa0 R14: 00007f8c0b3b5fa0 R15: 0000000000000002
[ 111.591103][ T5494]
[ 111.592818][ T5494] Kernel Offset: disabled
[ 111.594789][ T5494] Rebooting in 86400 seconds..
VM DIAGNOSIS:
06:22:37 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002a1eb70
R8 =ffff8880339a8237 R9 =1ffff11006735046 R10=dffffc0000000000 R11=ffffffff854796e0
R12=dffffc0000000000 R13=ffffffff99afa8a4 R14=ffffffff99dff700 R15=0000000000000000
RIP=ffffffff8547975c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055556688e500 ffffffff 00c00000
GS =0000 ffff88808d21a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f716dd78fe8 CR3=000000001181d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000ff00000f Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0061746164617465 6d2e7366636e692e
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc7c33030 00007ffdc7c32eb0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc7c32ef0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc7c33030
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc7c33030 00007ffdc7c32eb0
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc7c32ef0 00007ffdc7c32ed0
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8c0b211d1b
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8c0b211df9
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0073756c70736668
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000500060006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3531363135353930 3733373034343736 3434383100000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 26071ca2ffff0000 0dff6b383813b576 032c3ded8acf5ed4 1d6ef6bfa863de7e
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 a06496325ebd66f5 eac38df29d9ab69d d3f36cf93f37b38b 87cfd41c5735768c
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 97b48dc9c7c5261f 8a48d1a499b253bd 274b956e98dcdf5c a26d71393229839a
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 78dcd4e700000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000