program: read$FUSE(0xffffffffffffffff, &(0x7f0000001680)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000700), 0x802, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000073797a31000000000000000000000000000000000000006b8b033dc107f5800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000900800000000180000052a3ffff010000007e"], 0x119) (async) close(0x3) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0x40000582) (async, rerun: 64) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) (async, rerun: 64) removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) (async) setns(r3, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 58.684102][ T5317] hid-generic 0009:0080:8001.0002: item fetching failed at offset 0/1 [ 58.715976][ T5317] hid-generic 0009:0080:8001.0002: probe with driver hid-generic failed with error -22 [ 58.726560][ T5320] loop0: detected capacity change from 0 to 1024 [ 58.785316][ T5319] hfsplus: request for non-existent node 134217728 in B*Tree [ 58.788176][ T5319] hfsplus: request for non-existent node 134217728 in B*Tree [ 58.794860][ T5305] Bluetooth: hci0: command tx timeout [ 58.801974][ T5320] ================================================================== [ 58.804864][ T5320] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0 [ 58.807784][ T5320] Read of size 2 at addr 000508800000103e by task syz.0.0/5320 [ 58.810506][ T5320] [ 58.811416][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00232-g4800575d8c0b #0 [ 58.815110][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.818933][ T5320] Call Trace: [ 58.820213][ T5320] [ 58.821080][ T5320] dump_stack_lvl+0x241/0x360 [ 58.822716][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.824442][ T5320] ? __pfx__printk+0x10/0x10 [ 58.826031][ T5320] ? _printk+0xd5/0x120 [ 58.827519][ T5320] print_report+0xe8/0x550 [ 58.829072][ T5320] ? __virt_addr_valid+0x58/0x530 [ 58.831007][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 58.832941][ T5320] kasan_report+0x143/0x180 [ 58.834679][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 58.836624][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 58.838551][ T5320] kasan_check_range+0x282/0x290 [ 58.840299][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 58.842136][ T5320] __asan_memcpy+0x29/0x70 [ 58.843756][ T5320] hfsplus_bnode_dump+0x403/0xbb0 [ 58.845599][ T5320] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 58.847641][ T5320] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 58.849766][ T5320] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10 [ 58.851939][ T5320] ? rcu_is_watching+0x15/0xb0 [ 58.853722][ T5320] ? hfsplus_bnode_move+0x2da/0x910 [ 58.855691][ T5320] ? __mark_inode_dirty+0x3db/0xe90 [ 58.857711][ T5320] hfsplus_brec_remove+0x42c/0x4f0 [ 58.859741][ T5320] __hfsplus_delete_attr+0x275/0x450 [ 58.861778][ T5320] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 58.864049][ T5320] ? hfsplus_find_init+0x85/0x1c0 [ 58.865916][ T5320] hfsplus_delete_attr+0x353/0x4b0 [ 58.867826][ T5320] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 58.869977][ T5320] ? hfsplus_find_init+0x85/0x1c0 [ 58.871874][ T5320] ? hfsplus_find_init+0x14a/0x1c0 [ 58.873729][ T5320] __hfsplus_setxattr+0x801/0x22d0 [ 58.875705][ T5320] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.878067][ T5320] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 58.880625][ T5320] ? lockdep_hardirqs_on+0x99/0x150 [ 58.882658][ T5320] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 58.884758][ T5320] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.887058][ T5320] ? stack_depot_save_flags+0x7b4/0x940 [ 58.889255][ T5320] ? __kasan_kmalloc+0x98/0xb0 [ 58.891124][ T5320] ? __kmalloc_cache_noprof+0x243/0x390 [ 58.893167][ T5320] ? hfsplus_setxattr+0x68/0xe0 [ 58.894706][ T5320] hfsplus_setxattr+0xb0/0xe0 [ 58.896317][ T5320] hfsplus_user_setxattr+0x40/0x60 [ 58.898262][ T5320] ? __pfx_hfsplus_user_setxattr+0x10/0x10 [ 58.900484][ T5320] __vfs_removexattr+0x42a/0x460 [ 58.902243][ T5320] __vfs_removexattr_locked+0x206/0x450 [ 58.904228][ T5320] vfs_removexattr+0x103/0x2b0 [ 58.905979][ T5320] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 58.908161][ T5320] ? __pfx_vfs_removexattr+0x10/0x10 [ 58.910206][ T5320] path_removexattrat+0x32e/0x670 [ 58.912086][ T5320] ? __pfx_path_removexattrat+0x10/0x10 [ 58.914076][ T5320] ? do_futex+0x33b/0x560 [ 58.915702][ T5320] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.918054][ T5320] ? do_syscall_64+0x100/0x230 [ 58.919994][ T5320] __x64_sys_removexattr+0x62/0x70 [ 58.922160][ T5320] do_syscall_64+0xf3/0x230 [ 58.923857][ T5320] ? clear_bhb_loop+0x35/0x90 [ 58.925534][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.927822][ T5320] RIP: 0033:0x7fecd4185d19 [ 58.929899][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.938756][ T5320] RSP: 002b:00007fecd4ee0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5 [ 58.941992][ T5320] RAX: ffffffffffffffda RBX: 00007fecd4376080 RCX: 00007fecd4185d19 [ 58.944884][ T5320] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040 [ 58.947712][ T5320] RBP: 00007fecd4201a20 R08: 0000000000000000 R09: 0000000000000000 [ 58.950821][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.953619][ T5320] R13: 0000000000000000 R14: 00007fecd4376080 R15: 00007fff9a862708 [ 58.956418][ T5320] [ 58.957531][ T5320] ================================================================== [ 58.972291][ T5320] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.974968][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00232-g4800575d8c0b #0 [ 58.978803][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.982959][ T5320] Call Trace: [ 58.984286][ T5320] [ 58.985394][ T5320] dump_stack_lvl+0x241/0x360 [ 58.987181][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.989189][ T5320] ? __pfx__printk+0x10/0x10 [ 58.990991][ T5320] ? preempt_schedule+0xe1/0xf0 [ 58.992505][ T5320] ? vscnprintf+0x5d/0x90 [ 58.994149][ T5320] panic+0x349/0x880 [ 58.995612][ T5320] ? check_panic_on_warn+0x21/0xb0 [ 58.997548][ T5320] ? __pfx_panic+0x10/0x10 [ 58.999138][ T5320] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 59.001479][ T5320] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 59.004125][ T5320] ? print_report+0xe8/0x550 [ 59.006116][ T5320] check_panic_on_warn+0x86/0xb0 [ 59.008224][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 59.010482][ T5320] end_report+0x77/0x160 [ 59.012269][ T5320] kasan_report+0x154/0x180 [ 59.014324][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 59.016534][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 59.018471][ T5320] kasan_check_range+0x282/0x290 [ 59.020363][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 59.022504][ T5320] __asan_memcpy+0x29/0x70 [ 59.024075][ T5320] hfsplus_bnode_dump+0x403/0xbb0 [ 59.026107][ T5320] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 59.028362][ T5320] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 59.030534][ T5320] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10 [ 59.032697][ T5320] ? rcu_is_watching+0x15/0xb0 [ 59.034211][ T5320] ? hfsplus_bnode_move+0x2da/0x910 [ 59.036040][ T5320] ? __mark_inode_dirty+0x3db/0xe90 [ 59.038103][ T5320] hfsplus_brec_remove+0x42c/0x4f0 [ 59.040084][ T5320] __hfsplus_delete_attr+0x275/0x450 [ 59.042441][ T5320] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 59.044697][ T5320] ? hfsplus_find_init+0x85/0x1c0 [ 59.046794][ T5320] hfsplus_delete_attr+0x353/0x4b0 [ 59.048753][ T5320] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 59.050983][ T5320] ? hfsplus_find_init+0x85/0x1c0 [ 59.052892][ T5320] ? hfsplus_find_init+0x14a/0x1c0 [ 59.054746][ T5320] __hfsplus_setxattr+0x801/0x22d0 [ 59.056718][ T5320] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.059098][ T5320] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 59.061290][ T5320] ? lockdep_hardirqs_on+0x99/0x150 [ 59.063304][ T5320] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 59.065759][ T5320] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 59.068301][ T5320] ? stack_depot_save_flags+0x7b4/0x940 [ 59.070526][ T5320] ? __kasan_kmalloc+0x98/0xb0 [ 59.072332][ T5320] ? __kmalloc_cache_noprof+0x243/0x390 [ 59.074502][ T5320] ? hfsplus_setxattr+0x68/0xe0 [ 59.076281][ T5320] hfsplus_setxattr+0xb0/0xe0 [ 59.077866][ T5320] hfsplus_user_setxattr+0x40/0x60 [ 59.079732][ T5320] ? __pfx_hfsplus_user_setxattr+0x10/0x10 [ 59.081712][ T5320] __vfs_removexattr+0x42a/0x460 [ 59.083517][ T5320] __vfs_removexattr_locked+0x206/0x450 [ 59.085472][ T5320] vfs_removexattr+0x103/0x2b0 [ 59.087008][ T5320] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 59.088809][ T5320] ? __pfx_vfs_removexattr+0x10/0x10 [ 59.090827][ T5320] path_removexattrat+0x32e/0x670 [ 59.092367][ T5320] ? __pfx_path_removexattrat+0x10/0x10 [ 59.094168][ T5320] ? do_futex+0x33b/0x560 [ 59.095819][ T5320] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.097894][ T5320] ? do_syscall_64+0x100/0x230 [ 59.099636][ T5320] __x64_sys_removexattr+0x62/0x70 [ 59.101650][ T5320] do_syscall_64+0xf3/0x230 [ 59.103622][ T5320] ? clear_bhb_loop+0x35/0x90 [ 59.105432][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.107393][ T5320] RIP: 0033:0x7fecd4185d19 [ 59.108899][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.116440][ T5320] RSP: 002b:00007fecd4ee0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5 [ 59.119404][ T5320] RAX: ffffffffffffffda RBX: 00007fecd4376080 RCX: 00007fecd4185d19 [ 59.122253][ T5320] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040 [ 59.125154][ T5320] RBP: 00007fecd4201a20 R08: 0000000000000000 R09: 0000000000000000 [ 59.128112][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.130987][ T5320] R13: 0000000000000000 R14: 00007fecd4376080 R15: 00007fff9a862708 [ 59.134063][ T5320] [ 59.135502][ T5320] Kernel Offset: disabled [ 59.137085][ T5320] Rebooting in 86400 seconds..