program: syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000140), 0x1, 0x8a, &(0x7f0000000180)="$eJzszqENAkEQBdDPKdQ1gKCD64FSCBIcCkJCRbRCCXSAwGIOsYdZi1hyeS/ZnfwZ8+/v2yp9Ml6TsXI8nffbQ/nDLHXTXCZZ9yU/N2W3mO6P12X3fS27AgAAv+ky1HloVgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgD30CAAD//3lPI0s=") (async) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) (async, rerun: 32) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08802, &(0x7f0000000140)=ANY=[], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") (rerun: 32) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) (async) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000140)={0xc, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r1, 0x3b88, &(0x7f00000001c0)={0xc, r2}) (async, rerun: 64) lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), &(0x7f00000000c0)=ANY=[], 0xb2, 0x2) (async, rerun: 64) lsetxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) [ 69.414107][ T5311] Bluetooth: hci0: command tx timeout [ 69.476008][ T5327] loop0: detected capacity change from 0 to 64 [ 69.520219][ T5329] loop0: detected capacity change from 0 to 1024 [ 69.809180][ T5328] hfsplus: cannot replace xattr [ 69.814397][ T5328] hfsplus: request for non-existent node 211 in B*Tree [ 69.816992][ T5328] hfsplus: request for non-existent node 211 in B*Tree [ 69.820064][ T5328] ================================================================== [ 69.822942][ T5328] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0 [ 69.825800][ T5328] Read of size 2 at addr 000508800000103e by task syz.0.0/5328 [ 69.828690][ T5328] [ 69.829536][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00182-gb8f52214c61a #0 [ 69.833090][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.837109][ T5328] Call Trace: [ 69.838229][ T5328] [ 69.839213][ T5328] dump_stack_lvl+0x241/0x360 [ 69.840897][ T5328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.842643][ T5328] ? __pfx__printk+0x10/0x10 [ 69.844305][ T5328] ? _printk+0xd5/0x120 [ 69.845833][ T5328] print_report+0xe8/0x550 [ 69.847421][ T5328] ? __virt_addr_valid+0x58/0x530 [ 69.849171][ T5328] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.851073][ T5328] kasan_report+0x143/0x180 [ 69.852731][ T5328] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.854438][ T5328] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.856275][ T5328] kasan_check_range+0x282/0x290 [ 69.858079][ T5328] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.859986][ T5328] __asan_memcpy+0x29/0x70 [ 69.861823][ T5328] hfsplus_bnode_dump+0x403/0xbb0 [ 69.863648][ T5328] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 69.865626][ T5328] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 69.867574][ T5328] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10 [ 69.869757][ T5328] ? rcu_is_watching+0x15/0xb0 [ 69.871539][ T5328] ? hfsplus_bnode_move+0x2da/0x910 [ 69.873413][ T5328] ? __mark_inode_dirty+0x3db/0xe90 [ 69.875357][ T5328] hfsplus_brec_remove+0x42c/0x4f0 [ 69.877268][ T5328] __hfsplus_delete_attr+0x275/0x450 [ 69.879236][ T5328] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 69.881441][ T5328] ? hfsplus_find_init+0x85/0x1c0 [ 69.883294][ T5328] hfsplus_delete_attr+0x353/0x4b0 [ 69.885185][ T5328] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 69.887203][ T5328] ? hfsplus_find_init+0x85/0x1c0 [ 69.889094][ T5328] ? hfsplus_find_init+0x14a/0x1c0 [ 69.890981][ T5328] __hfsplus_setxattr+0x4ad/0x22d0 [ 69.892888][ T5328] ? kernel_text_address+0xa7/0xe0 [ 69.894706][ T5328] ? arch_stack_walk+0xfd/0x150 [ 69.896478][ T5328] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 69.898551][ T5328] ? stack_trace_save+0x118/0x1d0 [ 69.900414][ T5328] ? __pfx_stack_trace_save+0x10/0x10 [ 69.902305][ T5328] ? stack_depot_save_flags+0x29/0x830 [ 69.904255][ T5328] ? __kasan_kmalloc+0x98/0xb0 [ 69.906088][ T5328] ? __kmalloc_cache_noprof+0x243/0x390 [ 69.908118][ T5328] ? hfsplus_setxattr+0x68/0xe0 [ 69.909899][ T5328] hfsplus_setxattr+0xb0/0xe0 [ 69.911601][ T5328] hfsplus_trusted_setxattr+0x40/0x60 [ 69.913452][ T5328] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 69.915745][ T5328] __vfs_setxattr+0x468/0x4a0 [ 69.917419][ T5328] __vfs_setxattr_noperm+0x12e/0x660 [ 69.919158][ T5328] vfs_setxattr+0x221/0x430 [ 69.920693][ T5328] ? __pfx_vfs_setxattr+0x10/0x10 [ 69.922448][ T5328] filename_setxattr+0x2af/0x430 [ 69.924350][ T5328] ? __pfx_filename_setxattr+0x10/0x10 [ 69.926422][ T5328] ? getname_flags+0x1e3/0x540 [ 69.928183][ T5328] path_setxattrat+0x440/0x510 [ 69.929875][ T5328] ? __pfx_path_setxattrat+0x10/0x10 [ 69.931713][ T5328] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.933608][ T5328] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.935784][ T5328] __x64_sys_lsetxattr+0xbf/0xe0 [ 69.937625][ T5328] do_syscall_64+0xf3/0x230 [ 69.939479][ T5328] ? clear_bhb_loop+0x35/0x90 [ 69.941257][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.943445][ T5328] RIP: 0033:0x7f42c5d7fed9 [ 69.945027][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.951854][ T5328] RSP: 002b:00007f42c57fe058 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 69.954808][ T5328] RAX: ffffffffffffffda RBX: 00007f42c5f46080 RCX: 00007f42c5d7fed9 [ 69.957737][ T5328] RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00000000200000c0 [ 69.960440][ T5328] RBP: 00007f42c5df3cc8 R08: 0000000000000002 R09: 0000000000000000 [ 69.963152][ T5328] R10: 00000000000000b2 R11: 0000000000000246 R12: 0000000000000000 [ 69.966032][ T5328] R13: 0000000000000000 R14: 00007f42c5f46080 R15: 00007ffebbf17898 [ 69.968804][ T5328] [ 69.969917][ T5328] ================================================================== [ 69.981356][ T5328] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.983857][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00182-gb8f52214c61a #0 [ 69.987453][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.991372][ T5328] Call Trace: [ 69.992577][ T5328] [ 69.993694][ T5328] dump_stack_lvl+0x241/0x360 [ 69.995467][ T5328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.997378][ T5328] ? __pfx__printk+0x10/0x10 [ 69.999224][ T5328] ? preempt_schedule+0xe1/0xf0 [ 70.000971][ T5328] ? vscnprintf+0x5d/0x90 [ 70.002549][ T5328] panic+0x349/0x880 [ 70.003996][ T5328] ? check_panic_on_warn+0x21/0xb0 [ 70.005788][ T5328] ? __pfx_panic+0x10/0x10 [ 70.007227][ T5328] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 70.009246][ T5328] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 70.011232][ T5328] ? print_report+0xe8/0x550 [ 70.012783][ T5328] check_panic_on_warn+0x86/0xb0 [ 70.014542][ T5328] ? hfsplus_bnode_dump+0x403/0xbb0 [ 70.016423][ T5328] end_report+0x77/0x160 [ 70.017868][ T5328] kasan_report+0x154/0x180 [ 70.019463][ T5328] ? hfsplus_bnode_dump+0x403/0xbb0 [ 70.021207][ T5328] ? hfsplus_bnode_dump+0x403/0xbb0 [ 70.023087][ T5328] kasan_check_range+0x282/0x290 [ 70.024839][ T5328] ? hfsplus_bnode_dump+0x403/0xbb0 [ 70.026752][ T5328] __asan_memcpy+0x29/0x70 [ 70.028445][ T5328] hfsplus_bnode_dump+0x403/0xbb0 [ 70.030371][ T5328] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 70.032460][ T5328] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 70.034313][ T5328] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10 [ 70.036465][ T5328] ? rcu_is_watching+0x15/0xb0 [ 70.038325][ T5328] ? hfsplus_bnode_move+0x2da/0x910 [ 70.040340][ T5328] ? __mark_inode_dirty+0x3db/0xe90 [ 70.041749][ T5328] hfsplus_brec_remove+0x42c/0x4f0 [ 70.043117][ T5328] __hfsplus_delete_attr+0x275/0x450 [ 70.044877][ T5328] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 70.046835][ T5328] ? hfsplus_find_init+0x85/0x1c0 [ 70.048286][ T5328] hfsplus_delete_attr+0x353/0x4b0 [ 70.050592][ T5328] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 70.053106][ T5328] ? hfsplus_find_init+0x85/0x1c0 [ 70.055063][ T5328] ? hfsplus_find_init+0x14a/0x1c0 [ 70.057095][ T5328] __hfsplus_setxattr+0x4ad/0x22d0 [ 70.058855][ T5328] ? kernel_text_address+0xa7/0xe0 [ 70.060706][ T5328] ? arch_stack_walk+0xfd/0x150 [ 70.062550][ T5328] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 70.064416][ T5328] ? stack_trace_save+0x118/0x1d0 [ 70.066358][ T5328] ? __pfx_stack_trace_save+0x10/0x10 [ 70.068388][ T5328] ? stack_depot_save_flags+0x29/0x830 [ 70.070358][ T5328] ? __kasan_kmalloc+0x98/0xb0 [ 70.072142][ T5328] ? __kmalloc_cache_noprof+0x243/0x390 [ 70.074215][ T5328] ? hfsplus_setxattr+0x68/0xe0 [ 70.075980][ T5328] hfsplus_setxattr+0xb0/0xe0 [ 70.077699][ T5328] hfsplus_trusted_setxattr+0x40/0x60 [ 70.079615][ T5328] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 70.081753][ T5328] __vfs_setxattr+0x468/0x4a0 [ 70.083605][ T5328] __vfs_setxattr_noperm+0x12e/0x660 [ 70.085546][ T5328] vfs_setxattr+0x221/0x430 [ 70.087155][ T5328] ? __pfx_vfs_setxattr+0x10/0x10 [ 70.089029][ T5328] filename_setxattr+0x2af/0x430 [ 70.090793][ T5328] ? __pfx_filename_setxattr+0x10/0x10 [ 70.092680][ T5328] ? getname_flags+0x1e3/0x540 [ 70.094422][ T5328] path_setxattrat+0x440/0x510 [ 70.096022][ T5328] ? __pfx_path_setxattrat+0x10/0x10 [ 70.097782][ T5328] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.099898][ T5328] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.102038][ T5328] __x64_sys_lsetxattr+0xbf/0xe0 [ 70.103784][ T5328] do_syscall_64+0xf3/0x230 [ 70.105448][ T5328] ? clear_bhb_loop+0x35/0x90 [ 70.107235][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.109440][ T5328] RIP: 0033:0x7f42c5d7fed9 [ 70.111137][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.118058][ T5328] RSP: 002b:00007f42c57fe058 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 70.121188][ T5328] RAX: ffffffffffffffda RBX: 00007f42c5f46080 RCX: 00007f42c5d7fed9 [ 70.124108][ T5328] RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00000000200000c0 [ 70.126945][ T5328] RBP: 00007f42c5df3cc8 R08: 0000000000000002 R09: 0000000000000000 [ 70.129888][ T5328] R10: 00000000000000b2 R11: 0000000000000246 R12: 0000000000000000 [ 70.132726][ T5328] R13: 0000000000000000 R14: 00007f42c5f46080 R15: 00007ffebbf17898 [ 70.135671][ T5328] [ 70.137047][ T5328] Kernel Offset: disabled [ 70.138672][ T5328] Rebooting in 86400 seconds..