program:
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1200800, &(0x7f0000000000)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030303031302c6e6c733d69736f383835392d332c747970653d78fa42012c666f7263652c6769643d", @ANYRESHEX=0x0, @ANYBLOB="00000000f589dabc65392e7a5498c3de55076790ad5e20b37e1bd7fc5110aa5c6d96134140186a776c2a5a64f8ffffff7b041630307fc88de5462cf4a7dfac62030ac0277ec3c7c8ee1499332770b81542b3c65838103dde38697074", @ANYRESHEX, @ANYBLOB="056c"], 0x3, 0x6c5, &(0x7f0000000100)="$eJzs3U9sHFcZAPBv1uu110iu26ZpQEi1GqmCRiS2VyVBQmpACPkQoQguvVqJ01jZpJXtIjdCZAMUpJ44oR44FCFz6AkhhFQOqKKckZC4cPKNQyRuHHIAFs2/3bG92XiJ7TXt7yeN571989775sv82R3H2gA+tZZfi8lOJLF87spWWt/ZbrV3tlu3y3JETEVELaKeryJpRiQfR1yOfInPpi8WwyWPmueVBx8m9fc+aOW1erFk29eG9dtn4JadiOleZSIi5vPivw487L7xsiUb51p/vEebGtaY9OJOE3a2TByMW3efTr+x9tjuBz9vgRPrXn7f3GcuYibyu2t2iyuuDo+/Mozf0GtT5/jiAAAAgKMy8LN81VMP42FsxezxhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfDEn+nYFJsdTK8nwk5ff/Nyrfqd8Yc7gV706N3uedG9nq208dfjgAAAAAAAAAcIxeeBgPYytmy3o3yX7n/2JWOfX3j7qZ2IjVWI/zsRUrsRmbsR6LETFXGaixtbK5ub5Y9sx+fibeio2fRdqz2+3eK3ouDey5tDuuzt5AB/1Pg30bAQAAAAAAAMCn1g9iuf/7fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAmSiIl8lS2nyvJc1OoRMR0RjWS+t3ljrMEego/GHQAAAAAcvWaxnk3+kxe6SfaZ/3T2uX863oo7sRlrsRntWI3r2bOA/FN/7S+dVntnu3U7XfYP/LV/jBRHNmLkzx4Gz7yQbfFcr8dyfDO+E+diPq7GeqzFd2MlNmM15uMbWWklkpgrnl7M7Ww3o4x1f7yXd9Wu7o3thUo5je9MFkkzbsRaFtv5uNYoQ68V252pzPa7RsSeGe+n2UleLRwwR9eLdbpHPy3Wme7EAUc4KnPZnk/2MrJQ5D7NxtPVvO/P/YjHyd6ZFqPWewZ1qj9LWt070/+U85lineb6x9WcH74RH6XtzkTn3bRWHn2nh+c84ot//ePVm7U7t27e2Dh3hLt0PPYeE61KJp4/UCbaaSY6T5CJ6SeJ//A0imzk14PRrpYvZn1nYy2+FW/E9ViNi7EQi3EpFuIrsRStWKrk9bnhec3Otdpo59rZLxSF9J70k8q96dhMPaohzevTlbxWr3RzWVv1lX6WnjlAlpJGDM7S3waGUv9cUUjn+GHljjN+ezOxWMnEs8Mz8Yt/dyNio33n1vrNlTeHzHH3DzMvleWykJ627+y+Nv/yMPdrBMXupsfLM+k/VuS3jerRkbY9W7bl+Urq0e93qte2+z7XaER2PudtjztT05FO3x80Ut72/MBZWlnbmUrbrnc58Ua0e+9CADiJircyMy/PNJoPmn9uvt/8UfNm88r016cuTX2+EZN/qv9+4te1X9W+mrwc78f3Y3bcAQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCfBxtt3b62026vrJ7AQtUMe8P7ApjIV+SuNJ5li8qSkbmyFqWFH1G8iYkj3xjhibkbEiUhd1I9hrqkY0HSl90ozotaLJyJunZAvuAOOwoXN229e2Hj77pfWbq+8vvr66p2lSxdfvdj68uK9CzfW2qsL+c9xRwkchf7bgHFHAgAAAAAAAAAAABzUcfx5w4Bpk84Y9hUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4/7T8Wkx2IonFhfMLaX1nu9VOl7Lc37IeEbWISL4XkXwccTnyJeYqwyWPmueVBx/+/KX3Pmj1x6qX29f29PvtP7vdEfeiUywxHxETxfrxpg403rXKeJ0RA8slvT1ME3a2TByM238DAAD//9lIEB0=")
listxattr(&(0x7f0000000940)='./file1\x00', 0x0, 0x0)
[ 85.255910][ T5327] loop0: detected capacity change from 0 to 1024
[ 85.269461][ T5301] Bluetooth: hci0: command tx timeout
[ 85.386897][ T5327] ==================================================================
[ 85.390252][ T5327] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x680/0x1270
[ 85.393696][ T5327] Read of size 2 at addr ffff8880115a0a18 by task syz.0.0/5327
[ 85.396967][ T5327]
[ 85.398049][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full)
[ 85.398065][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.398073][ T5327] Call Trace:
[ 85.398080][ T5327]
[ 85.398085][ T5327] dump_stack_lvl+0x189/0x250
[ 85.398107][ T5327] ? __kasan_check_byte+0x12/0x40
[ 85.398119][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.398135][ T5327] ? lock_release+0x4b/0x3e0
[ 85.398153][ T5327] ? __virt_addr_valid+0x4a5/0x5c0
[ 85.398166][ T5327] print_report+0xd2/0x2b0
[ 85.398179][ T5327] ? hfsplus_uni2asc+0x680/0x1270
[ 85.398191][ T5327] kasan_report+0x118/0x150
[ 85.398208][ T5327] ? hfsplus_uni2asc+0x680/0x1270
[ 85.398220][ T5327] hfsplus_uni2asc+0x680/0x1270
[ 85.398231][ T5327] ? hfsplus_bnode_read+0x255/0x2a0
[ 85.398249][ T5327] hfsplus_listxattr+0x58e/0xb80
[ 85.398264][ T5327] ? __pfx_hfsplus_listxattr+0x10/0x10
[ 85.398278][ T5327] ? __asan_memset+0x22/0x50
[ 85.398294][ T5327] ? path_lookupat+0x30d/0x430
[ 85.398309][ T5327] ? filename_lookup+0x3d1/0x570
[ 85.398329][ T5327] ? strncpy_from_user+0x150/0x290
[ 85.398342][ T5327] ? __pfx_hfsplus_listxattr+0x10/0x10
[ 85.398353][ T5327] listxattr+0x10a/0x2a0
[ 85.398367][ T5327] path_listxattrat+0x179/0x3a0
[ 85.398382][ T5327] ? __pfx_path_listxattrat+0x10/0x10
[ 85.398395][ T5327] ? rcu_is_watching+0x15/0xb0
[ 85.398412][ T5327] ? do_syscall_64+0xbe/0x3b0
[ 85.398473][ T5327] do_syscall_64+0xfa/0x3b0
[ 85.398494][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.398509][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.398520][ T5327] ? clear_bhb_loop+0x60/0xb0
[ 85.398531][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.398541][ T5327] RIP: 0033:0x7fbced38e929
[ 85.398552][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.398562][ T5327] RSP: 002b:00007fbcee16f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2
[ 85.398576][ T5327] RAX: ffffffffffffffda RBX: 00007fbced5b5fa0 RCX: 00007fbced38e929
[ 85.398584][ T5327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000940
[ 85.398592][ T5327] RBP: 00007fbced410b39 R08: 0000000000000000 R09: 0000000000000000
[ 85.398600][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 85.398606][ T5327] R13: 0000000000000000 R14: 00007fbced5b5fa0 R15: 00007ffe6df11918
[ 85.398617][ T5327]
[ 85.398621][ T5327]
[ 85.502470][ T5327] Allocated by task 5327:
[ 85.504422][ T5327] kasan_save_track+0x3e/0x80
[ 85.506417][ T5327] __kasan_kmalloc+0x93/0xb0
[ 85.508494][ T5327] __kmalloc_noprof+0x27a/0x4f0
[ 85.510751][ T5327] hfsplus_find_init+0x8c/0x1d0
[ 85.512957][ T5327] hfsplus_listxattr+0x38f/0xb80
[ 85.515200][ T5327] listxattr+0x10a/0x2a0
[ 85.517041][ T5327] path_listxattrat+0x179/0x3a0
[ 85.519188][ T5327] do_syscall_64+0xfa/0x3b0
[ 85.521132][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.523581][ T5327]
[ 85.524557][ T5327] The buggy address belongs to the object at ffff8880115a0800
[ 85.524557][ T5327] which belongs to the cache kmalloc-1k of size 1024
[ 85.530444][ T5327] The buggy address is located 0 bytes to the right of
[ 85.530444][ T5327] allocated 536-byte region [ffff8880115a0800, ffff8880115a0a18)
[ 85.536767][ T5327]
[ 85.537841][ T5327] The buggy address belongs to the physical page:
[ 85.540606][ T5327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115a0
[ 85.544543][ T5327] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 85.548315][ T5327] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 85.552145][ T5327] page_type: f5(slab)
[ 85.554010][ T5327] raw: 00fff00000000040 ffff88801a441dc0 dead000000000122 0000000000000000
[ 85.557815][ T5327] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 85.561423][ T5327] head: 00fff00000000040 ffff88801a441dc0 dead000000000122 0000000000000000
[ 85.564980][ T5327] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 85.568692][ T5327] head: 00fff00000000002 ffffea0000456801 00000000ffffffff 00000000ffffffff
[ 85.572354][ T5327] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 85.576085][ T5327] page dumped because: kasan: bad access detected
[ 85.578820][ T5327] page_owner tracks the page as allocated
[ 85.581204][ T5327] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5327, tgid 5324 (syz.0.0), ts 85383144408, free_ts 28412865832
[ 85.589713][ T5327] post_alloc_hook+0x240/0x2a0
[ 85.592361][ T5327] get_page_from_freelist+0x21e4/0x22c0
[ 85.594896][ T5327] __alloc_pages_slowpath+0x2fe/0xce0
[ 85.597246][ T5327] __alloc_frozen_pages_noprof+0x319/0x370
[ 85.599659][ T5327] allocate_slab+0x65/0x3b0
[ 85.601659][ T5327] ___slab_alloc+0xbfc/0x1480
[ 85.604286][ T5327] __kmalloc_node_noprof+0x2fd/0x4e0
[ 85.607000][ T5327] alloc_slab_obj_exts+0x39/0xa0
[ 85.609098][ T5327] __memcg_slab_post_alloc_hook+0x31e/0x7f0
[ 85.611793][ T5327] __kmalloc_node_track_caller_noprof+0x335/0x4e0
[ 85.614600][ T5327] kstrdup+0x42/0x100
[ 85.616409][ T5327] alloc_vfsmnt+0xeb/0x4e0
[ 85.618380][ T5327] vfs_create_mount+0x6c/0x3d0
[ 85.620499][ T5327] do_new_mount+0x35a/0xa40
[ 85.622578][ T5327] __se_sys_mount+0x317/0x410
[ 85.625083][ T5327] do_syscall_64+0xfa/0x3b0
[ 85.627166][ T5327] page last free pid 4718 tgid 4718 stack trace:
[ 85.629913][ T5327] __free_frozen_pages+0xc71/0xe70
[ 85.632143][ T5327] __put_partials+0x161/0x1c0
[ 85.634331][ T5327] put_cpu_partial+0x17c/0x250
[ 85.636535][ T5327] __slab_free+0x2f7/0x400
[ 85.638309][ T5327] qlist_free_all+0x97/0x140
[ 85.640356][ T5327] kasan_quarantine_reduce+0x148/0x160
[ 85.642674][ T5327] __kasan_slab_alloc+0x22/0x80
[ 85.644898][ T5327] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 85.647256][ T5327] getname_flags+0xb8/0x540
[ 85.649312][ T5327] do_readlinkat+0xbc/0x500
[ 85.651300][ T5327] __x64_sys_readlink+0x7f/0x90
[ 85.653800][ T5327] do_syscall_64+0xfa/0x3b0
[ 85.656262][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.659025][ T5327]
[ 85.660135][ T5327] Memory state around the buggy address:
[ 85.662728][ T5327] ffff8880115a0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.666531][ T5327] ffff8880115a0980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.669974][ T5327] >ffff8880115a0a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 85.673480][ T5327] ^
[ 85.675620][ T5327] ffff8880115a0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 85.679113][ T5327] ffff8880115a0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 85.682207][ T5327] ==================================================================
[ 85.742304][ T5327] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 85.745768][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full)
[ 85.750765][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.755382][ T5327] Call Trace:
[ 85.756822][ T5327]
[ 85.758146][ T5327] dump_stack_lvl+0x99/0x250
[ 85.760178][ T5327] ? __asan_memcpy+0x40/0x70
[ 85.762207][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.764530][ T5327] ? __pfx__printk+0x10/0x10
[ 85.766629][ T5327] panic+0x2db/0x790
[ 85.768267][ T5327] ? __pfx_preempt_schedule+0x10/0x10
[ 85.770589][ T5327] ? __pfx_panic+0x10/0x10
[ 85.772527][ T5327] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 85.775045][ T5327] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 85.777705][ T5327] ? hfsplus_uni2asc+0x680/0x1270
[ 85.779832][ T5327] check_panic_on_warn+0x89/0xb0
[ 85.782044][ T5327] ? hfsplus_uni2asc+0x680/0x1270
[ 85.784327][ T5327] end_report+0x78/0x160
[ 85.786360][ T5327] kasan_report+0x129/0x150
[ 85.788477][ T5327] ? hfsplus_uni2asc+0x680/0x1270
[ 85.790702][ T5327] hfsplus_uni2asc+0x680/0x1270
[ 85.792802][ T5327] ? hfsplus_bnode_read+0x255/0x2a0
[ 85.795025][ T5327] hfsplus_listxattr+0x58e/0xb80
[ 85.797246][ T5327] ? __pfx_hfsplus_listxattr+0x10/0x10
[ 85.799633][ T5327] ? __asan_memset+0x22/0x50
[ 85.801640][ T5327] ? path_lookupat+0x30d/0x430
[ 85.803750][ T5327] ? filename_lookup+0x3d1/0x570
[ 85.805974][ T5327] ? strncpy_from_user+0x150/0x290
[ 85.808184][ T5327] ? __pfx_hfsplus_listxattr+0x10/0x10
[ 85.810531][ T5327] listxattr+0x10a/0x2a0
[ 85.812601][ T5327] path_listxattrat+0x179/0x3a0
[ 85.814850][ T5327] ? __pfx_path_listxattrat+0x10/0x10
[ 85.817151][ T5327] ? rcu_is_watching+0x15/0xb0
[ 85.819272][ T5327] ? do_syscall_64+0xbe/0x3b0
[ 85.821315][ T5327] do_syscall_64+0xfa/0x3b0
[ 85.823353][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.825716][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.828205][ T5327] ? clear_bhb_loop+0x60/0xb0
[ 85.830274][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.832816][ T5327] RIP: 0033:0x7fbced38e929
[ 85.834774][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.842888][ T5327] RSP: 002b:00007fbcee16f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2
[ 85.846621][ T5327] RAX: ffffffffffffffda RBX: 00007fbced5b5fa0 RCX: 00007fbced38e929
[ 85.850149][ T5327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000940
[ 85.853447][ T5327] RBP: 00007fbced410b39 R08: 0000000000000000 R09: 0000000000000000
[ 85.856886][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 85.860330][ T5327] R13: 0000000000000000 R14: 00007fbced5b5fa0 R15: 00007ffe6df11918
[ 85.863863][ T5327]
[ 85.865602][ T5327] Kernel Offset: disabled
[ 85.867577][ T5327] Rebooting in 86400 seconds..