program: syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x8f, 0x2b9, &(0x7f0000000700)="$eJzs3T9v00AYx/Hf2WmS0lIMLUJCDKhQwYTasiCWSqjiNbCAgCZIFVErSpGAhYgZ8QLYWXgBvAgmhMQMExMvoJvROZfm3Nhxk6p2K74fKY1j35/nHMe+J1JqAfhv3Vv/9fn2H/swUqhQ0l0psJuuqibpoi41X23tbu522q1RDYVSU8nDSElNM1RmY6udVdXWS2o4kX1V06y/DscjjuP4d9VBoEpN9xxmbQykhvt0hn7h02TqwOtuKHUriuWkMHva02vNVR0HAKBapnd9D9x1ftbN34NAWnKXff/6//NsxfEezQ3tVR1Cxbzrf5Jlxca+v+eSTYN8L0nh7PagnyWO24+dPNbVO7JSE0yTziqHk8UklmD62WanfWtju9MK9F5rjldsQdKaWi5ndVLRDje9mLEura681sYyk4xhyo5hNSf++axOJ++xmPlmvptHJtIntfbnf7XY+GN279T9qUH8y3nNbb94aJ+jXqmcUZ5POrmc3rEjRxnmZSRyeyoOlf6CIErHWc+sVdeBWr3RreT15NqZz6y1WlBrwdb64tUaHM35NY+b+WgemEX91Vete/P/wO7tJQ1/MrMbSUq6I6M/nszcsJaUjPxV3SuZbQaTjQdjGOzjD3qqO5p7+ebt8yedTnun7AUbQ+mdstBb6B8EJyWeyRbsOdZfo6i9Uyun9/qRd11TRWUafuH0SA8u9D/Wh+i9f5IujLDkMxMqMXjT88u8KzMglM2ePEwv//PyleUkRbJ/ohHz9Lho2ua1uJKRGzT2C57xWjLu+/n8DGgmM4Praoyc69pN6bq3siDninRBmh451tPErOuHHvP9PwAAAAAAAAAAAAAAAAAAwGlTxq81vO74jz4AAAAAAAAAAAAAAAAAAAAAAEwg//6/TR3j/X9TvwM49P1/G0cYKIAh/wIAAP//7nlzRQ==") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000300)=0x10, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x9, @loopback, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e24, 0x2, @empty, 0xffff8b96}, 0x1c) sendmmsg$inet(r0, &(0x7f0000001a80)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000001c0)=' ', 0x1}], 0x1}}], 0x1, 0x880) recvfrom$inet6(r0, 0x0, 0x0, 0x10040, 0x0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x7) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/46, 0x304000, 0x1000}, 0x20) mremap(&(0x7f00007fd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f00008d7000/0x2000)=nil) madvise(&(0x7f00003c1000/0x1000)=nil, 0x1000, 0x14) ioctl$FITRIM(0xffffffffffffffff, 0x40406f06, &(0x7f00000000c0)={0x0, 0x0, 0x86fb}) sendmsg$qrtr(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f00000000c0)={0x2a, 0xffffffff, 0x4001}, 0xc, &(0x7f0000000a00)=[{&(0x7f00000005c0)="7e28d7c450811b2511e68ea6078634c40496ceed2e78d36b7f4080c0d6c9654ef1e6fda363f11788ff456094ffc15ccfad8e8bb642abf4c26c9fbf8d26fe61264d4e44f82720148ca4c226a87ec81ae29b539ce836766289c54fc6166ffc19fc79390cb4a5104aac11e70ea0557e140357a9006da895477bce9490ae725f787760b21d0ccd4e9a531987978a72b1aeed2034ef3eeaaee30efd4b8ad99cd7457f04ff0b3cd41a1d8ddd52cf196931c28305ea7e782611e0d4b49539f2983026836a03fb976d239308e29a61162cbe555c2a92cb7cc88d34f554355870e4e58294c4114ca96f5875c40c101ad92ddce95e6362aa1e1cbcc132bc043a2e88b663", 0xff}, {&(0x7f00000009c0)="5847d798ddf93ec41daedfc6b755f5d0fc2f48c344", 0x15}], 0x2, &(0x7f0000000d40)=[{0xf8, 0x10d, 0x0, "e49eb6a8b3dafda8a4cc2fca6143c16d6caaa3062d60a2d94aea3e6b3cc752cc0c48233b85bebbe0097d9afd018ee0d56b44d2668cab5577f0e07e0ba628369f89f9222a0c9cc7360f1a26667543d2f5c2f682a99f13c8c1da429a10a5f608187606e56ba0bfe4c2589f58c641cd70f363da66fdd1ce721a590bf7db68500b4725eccb6d626c904daa0c67642507fc8e7800335bfce8433cda4269956a0dc6dcdc818c7244bf61ccf4ba04bbc6c0d1c970df1e91203d32638e795bdb087e112f348e408e5c2f27d446dfb0493834c51d3fd6d440a780364695f1e14f85ee62b2867a54"}, {0xc8, 0x107, 0x2, "a7622b400e7de3767b450e4d65822c7994a336ba886f96d4c9a95d27d46a24696b70dc66f4ecf2bc7402153555e73a9d6b89227a24c8b0435b243a9c8b8ba35613604e9ec5fccf603e9e55c7347c1825d95230578669e34c1b515dfe24a482a2751665185d64a26a8d5d9eff7469174c73e636e6da7e82ee00a8c8823612479f31ac4bc46ac9510a5f4d0bc0bac5a61485c5981477670bc0f876f1e274ed932f053941be877590bd2982ff49c409e09d32bca1"}, {0x100, 0x115, 0x5, "46c03f6b7a6e7224fc5b06d46dd42b6d32656de4cd9e170a333718b7c8a4153d677c10f7bdfbdd189c3ed9e709c4ac8b5fb54844719a385c64b292779aa0785875e63a036688c3674f092a7e4e4f5b2b6bb6f4ae3fd04ed4175f7dd79172cca2c2acbf44116cc4ee7dc4cb2c3a8e43a9682f35b614e034dbb8f803d64d2ff11eb44a9d4889a6df3b5684b47d89acf1fff358b9ae5b37e77cbe3a937ded7e1c7f8a72e822099bf49b786767be71fe9c6cba05e69159fa03cf06187c6835016b2f3fcb5b0de152e18ae0ace291daf3b3c1a24e0ff1feb994e7a54e0fc63f56885ab7c734f55a31dce6def3b7167066"}, {0xf8, 0x29, 0x3, "b2822d84609119702a7f2370277e97226b4c580ccc63dc55feebb74783f175578f9c1bea97c67384347332ded831797e0804058bd221b00d18cfcc1c3fe2e8a886ffaa6934b3d113f085bd44d2e99a6cb8609bd6b374e2e1eddff300e0430a50d994c88c4a43095fe63276c578b0b06d65379daf3b20ec287eca2bd07346fa047cd9f4f201806ef3f2a164fbd454b7091b6079391ce321d26e3939fffb102034d09be06aa88e943df0a6001bd99b46645f34b6d98b3ae49fac03078b58c32364314d30111c98d207912471576dbfefefc1c28c7e7d6b57526add36e4305b77a93a"}], 0x3b8, 0x40}, 0x38) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='bridge0\x00', 0x10) sendmmsg$inet(r4, &(0x7f0000001a80)=[{{&(0x7f0000000000)={0x2, 0x4e25, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4000014) splice(r1, 0x0, r2, 0x0, 0x7ffff000, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000059c0)='./bus\x00', 0x1400e, &(0x7f0000000540)={[{@jqfmt_vfsv0}]}, 0x1, 0x439, &(0x7f0000000100)="$eJzs28tvG8UfAPDvrp3219cvpiqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCgJC5YgqcUcckfgLOMEFASckrnBHlSqUSwsno7V3G8exncY4ccGfj7TtzO5EM1/PTjyzkw1gaI1l/yQRuyPi14gYbWRXFxhr/Hdr+crMn8tXZpKo1d74I6mXu7l8ZaYoWvzcriJTjkg/SeJgm3oXLl0+N12tzl3M8xOL59+dWLh0+Zmz56fPzJ2ZuzB18uTxY5PPnZh6ti9xZnHdPPDB/KH9r7x17bWZU9fe/vHrpIi/JY4+Get28fFarc/VDdaepnRSHmBD2JBSY5jGSH38j0YpVjpvNF7+eKCNAzZVrVar3df58lIN+A9LYtAtAAaj+KLP1r/FsUVTj7vCjRcaC6As7lv50bhSjjQvM9Kyvu2nsYg4tfTXF9kRm/McAgBglW+z+c/T7eZ/aTQ/F/p/vodSiYh7ImJvRJyIiH0RcW9Evez9EfHAButv3SRZO/9Jr/cU2B3K5n/P53tbq+d/xewvKqU8t6ce/0hy+mx17mj+mRyJke1ZfrJLHd+99Mtnna41z/+yI6u/mAvm7bhe3t6nYNu48VHEgXK7+JPbOwFJROyPiAM91nH2ya8Odbq2fvxd9GGfqfZlxBON/l+KlvgLSff9yYn/RXXu6ERxV6z1089XX+9U/z+Kvw+y/t/Z9v4v4t9TSZr3axc2XsfV3z7tuKbp5f6fnV6c3pa8uerc+9OLixcnI7Ylr9bzlebzUy3lplbKZ/EfOdx+/O+NlU/iYERkN/GDEfFQRDyct/2RiHg0Ig53if+HFx97p/f4N1cW/2zX/o+W/l9JbIvWM+0TpXPff7Oq0spG4s/6/3g9dSQ/k/X/enHdSbt6u5sBAADg3yeNiN2RpOO302k6Pt74G/59sTOtzi8sPnV6/r0Ls413BCoxkhZPukabnodO5sv6Ij/Vkj+WPzf+vLSjnh+fma/ODjp4GHK7Ooz/zO+lQbcO2HTe14LhZfzD8DL+YXgZ/zC82oz/HYNoB7D12n3/fziAdgBbr2X82/aDIWL9D8OrbL0PQ8v3PwylhR2x/kvyEhJrEpHeFc2Q6DGRRkS3MoP+zQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAffwcAAP//KvHjlA==") syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") creat(&(0x7f0000001700)='./file0\x00', 0x191) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f0000000080)) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000000)='./bus/file0\x00', 0x0) renameat2(r5, &(0x7f0000000240)='./bus/file0\x00', r5, &(0x7f00000001c0)='./file0\x00', 0x2) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) [ 73.046621][ T4663] Bluetooth: hci0: command tx timeout [ 73.130073][ T5322] loop0: detected capacity change from 0 to 64 [ 73.212226][ T5322] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 73.230495][ T5322] ================================================================== [ 73.233572][ T5322] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 [ 73.236611][ T5322] Write of size 94 at addr ffff888011cd7300 by task syz.0.0/5322 [ 73.239422][ T5322] [ 73.240273][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00181-g7ee983c850b4 #0 [ 73.240283][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.240288][ T5322] Call Trace: [ 73.240292][ T5322] [ 73.240296][ T5322] dump_stack_lvl+0x241/0x360 [ 73.240308][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.240315][ T5322] ? __pfx__printk+0x10/0x10 [ 73.240325][ T5322] ? _printk+0xd5/0x120 [ 73.240335][ T5322] ? __virt_addr_valid+0x183/0x530 [ 73.240346][ T5322] ? __virt_addr_valid+0x183/0x530 [ 73.240356][ T5322] print_report+0x169/0x550 [ 73.240368][ T5322] ? __virt_addr_valid+0x183/0x530 [ 73.240378][ T5322] ? __virt_addr_valid+0x183/0x530 [ 73.240387][ T5322] ? __virt_addr_valid+0x45f/0x530 [ 73.240396][ T5322] ? __phys_addr+0xba/0x170 [ 73.240404][ T5322] ? hfs_bnode_read_key+0x314/0x450 [ 73.240413][ T5322] kasan_report+0x143/0x180 [ 73.240425][ T5322] ? hfs_bnode_read_key+0x314/0x450 [ 73.240438][ T5322] kasan_check_range+0x282/0x290 [ 73.240446][ T5322] ? hfs_bnode_read_key+0x314/0x450 [ 73.240459][ T5322] __asan_memcpy+0x40/0x70 [ 73.240469][ T5322] hfs_bnode_read_key+0x314/0x450 [ 73.240477][ T5322] hfs_brec_insert+0x7f3/0xbd0 [ 73.240488][ T5322] ? __pfx_hfs_brec_insert+0x10/0x10 [ 73.240497][ T5322] hfs_cat_create+0x41d/0xa50 [ 73.240507][ T5322] ? __pfx_hfs_cat_create+0x10/0x10 [ 73.240517][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 73.240561][ T5322] ? hfs_new_inode+0x86e/0xaf0 [ 73.240568][ T5322] hfs_mkdir+0x6c/0xe0 [ 73.240577][ T5322] vfs_mkdir+0x2f9/0x4f0 [ 73.240587][ T5322] do_mkdirat+0x264/0x3a0 [ 73.240596][ T5322] ? __check_object_size+0x47a/0x730 [ 73.240604][ T5322] ? __pfx_do_mkdirat+0x10/0x10 [ 73.240614][ T5322] ? getname_flags+0x1e3/0x540 [ 73.240620][ T5322] __x64_sys_mkdirat+0x87/0xa0 [ 73.240629][ T5322] do_syscall_64+0xf3/0x230 [ 73.240640][ T5322] ? clear_bhb_loop+0x35/0x90 [ 73.240649][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.240657][ T5322] RIP: 0033:0x7fdb37b8cde9 [ 73.240665][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.240670][ T5322] RSP: 002b:00007fdb389d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 73.240678][ T5322] RAX: ffffffffffffffda RBX: 00007fdb37da5fa0 RCX: 00007fdb37b8cde9 [ 73.240683][ T5322] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 000000000000000a [ 73.240687][ T5322] RBP: 00007fdb37c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 73.240690][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.240694][ T5322] R13: 0000000000000000 R14: 00007fdb37da5fa0 R15: 00007ffc1881d108 [ 73.240705][ T5322] [ 73.240707][ T5322] [ 73.348318][ T5322] Allocated by task 5322: [ 73.349780][ T5322] kasan_save_track+0x3f/0x80 [ 73.351491][ T5322] __kasan_kmalloc+0x98/0xb0 [ 73.353131][ T5322] __kmalloc_noprof+0x285/0x4c0 [ 73.355420][ T5322] hfs_find_init+0x90/0x1f0 [ 73.357212][ T5322] hfs_cat_create+0x182/0xa50 [ 73.359028][ T5322] hfs_mkdir+0x6c/0xe0 [ 73.360594][ T5322] vfs_mkdir+0x2f9/0x4f0 [ 73.362238][ T5322] do_mkdirat+0x264/0x3a0 [ 73.363874][ T5322] __x64_sys_mkdirat+0x87/0xa0 [ 73.365719][ T5322] do_syscall_64+0xf3/0x230 [ 73.367425][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.369727][ T5322] [ 73.370841][ T5322] The buggy address belongs to the object at ffff888011cd7300 [ 73.370841][ T5322] which belongs to the cache kmalloc-96 of size 96 [ 73.376227][ T5322] The buggy address is located 0 bytes inside of [ 73.376227][ T5322] allocated 78-byte region [ffff888011cd7300, ffff888011cd734e) [ 73.381444][ T5322] [ 73.382351][ T5322] The buggy address belongs to the physical page: [ 73.384742][ T5322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11cd7 [ 73.387969][ T5322] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 73.390744][ T5322] page_type: f5(slab) [ 73.392241][ T5322] raw: 00fff00000000000 ffff88801ac41280 dead000000000122 0000000000000000 [ 73.395457][ T5322] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 73.398462][ T5322] page dumped because: kasan: bad access detected [ 73.400906][ T5322] page_owner tracks the page as allocated [ 73.403006][ T5322] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5322, tgid 5321 (syz.0.0), ts 73222312863, free_ts 73145204165 [ 73.409737][ T5322] post_alloc_hook+0x1f4/0x240 [ 73.411534][ T5322] get_page_from_freelist+0x365c/0x37a0 [ 73.413703][ T5322] __alloc_pages_slowpath+0x43e/0x10b0 [ 73.415660][ T5322] __alloc_frozen_pages_noprof+0x49b/0x710 [ 73.417782][ T5322] allocate_slab+0x66/0x3a0 [ 73.419471][ T5322] ___slab_alloc+0xc27/0x14a0 [ 73.421273][ T5322] __slab_alloc+0x58/0xa0 [ 73.422897][ T5322] __kmalloc_node_noprof+0x2ee/0x4d0 [ 73.424849][ T5322] alloc_slab_obj_exts+0x3a/0xa0 [ 73.426692][ T5322] __memcg_slab_post_alloc_hook+0x319/0x7e0 [ 73.428850][ T5322] kmem_cache_alloc_noprof+0x287/0x380 [ 73.430843][ T5322] alloc_empty_file+0x9e/0x1d0 [ 73.432590][ T5322] path_openat+0x107/0x3590 [ 73.434303][ T5322] do_filp_open+0x27f/0x4e0 [ 73.435943][ T5322] do_sys_openat2+0x13e/0x1d0 [ 73.437654][ T5322] __x64_sys_openat+0x247/0x2a0 [ 73.439468][ T5322] page last free pid 5324 tgid 5324 stack trace: [ 73.441727][ T5322] free_frozen_pages+0xe0d/0x10e0 [ 73.443610][ T5322] rcu_core+0xaaa/0x17a0 [ 73.445199][ T5322] handle_softirqs+0x2d4/0x9b0 [ 73.447121][ T5322] __irq_exit_rcu+0xf7/0x220 [ 73.448805][ T5322] irq_exit_rcu+0x9/0x30 [ 73.450389][ T5322] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 73.452458][ T5322] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 73.454748][ T5322] [ 73.455695][ T5322] Memory state around the buggy address: [ 73.457843][ T5322] ffff888011cd7200: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 73.460797][ T5322] ffff888011cd7280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 73.463704][ T5322] >ffff888011cd7300: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 73.466505][ T5322] ^ [ 73.468882][ T5322] ffff888011cd7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.471828][ T5322] ffff888011cd7400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.474752][ T5322] ================================================================== [ 73.491205][ T5322] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 73.493909][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00181-g7ee983c850b4 #0 [ 73.497769][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.501754][ T5322] Call Trace: [ 73.502992][ T5322] [ 73.504122][ T5322] dump_stack_lvl+0x241/0x360 [ 73.505955][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.507912][ T5322] ? __pfx__printk+0x10/0x10 [ 73.509677][ T5322] ? preempt_schedule+0xe1/0xf0 [ 73.511458][ T5322] ? vscnprintf+0x5d/0x90 [ 73.513062][ T5322] panic+0x349/0x880 [ 73.514515][ T5322] ? check_panic_on_warn+0x21/0xb0 [ 73.516442][ T5322] ? __pfx_panic+0x10/0x10 [ 73.518070][ T5322] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 73.520230][ T5322] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 73.522459][ T5322] ? print_report+0x502/0x550 [ 73.524141][ T5322] check_panic_on_warn+0x86/0xb0 [ 73.525906][ T5322] ? hfs_bnode_read_key+0x314/0x450 [ 73.527798][ T5322] end_report+0x77/0x160 [ 73.529323][ T5322] kasan_report+0x154/0x180 [ 73.530989][ T5322] ? hfs_bnode_read_key+0x314/0x450 [ 73.532925][ T5322] kasan_check_range+0x282/0x290 [ 73.534779][ T5322] ? hfs_bnode_read_key+0x314/0x450 [ 73.536622][ T5322] __asan_memcpy+0x40/0x70 [ 73.538286][ T5322] hfs_bnode_read_key+0x314/0x450 [ 73.540115][ T5322] hfs_brec_insert+0x7f3/0xbd0 [ 73.541846][ T5322] ? __pfx_hfs_brec_insert+0x10/0x10 [ 73.543833][ T5322] hfs_cat_create+0x41d/0xa50 [ 73.545520][ T5322] ? __pfx_hfs_cat_create+0x10/0x10 [ 73.547408][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 73.549193][ T5322] ? hfs_new_inode+0x86e/0xaf0 [ 73.550933][ T5322] hfs_mkdir+0x6c/0xe0 [ 73.552429][ T5322] vfs_mkdir+0x2f9/0x4f0 [ 73.553960][ T5322] do_mkdirat+0x264/0x3a0 [ 73.555530][ T5322] ? __check_object_size+0x47a/0x730 [ 73.557415][ T5322] ? __pfx_do_mkdirat+0x10/0x10 [ 73.559224][ T5322] ? getname_flags+0x1e3/0x540 [ 73.560924][ T5322] __x64_sys_mkdirat+0x87/0xa0 [ 73.562655][ T5322] do_syscall_64+0xf3/0x230 [ 73.564334][ T5322] ? clear_bhb_loop+0x35/0x90 [ 73.566215][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.568354][ T5322] RIP: 0033:0x7fdb37b8cde9 [ 73.569981][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.576812][ T5322] RSP: 002b:00007fdb389d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 73.579773][ T5322] RAX: ffffffffffffffda RBX: 00007fdb37da5fa0 RCX: 00007fdb37b8cde9 [ 73.582668][ T5322] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 000000000000000a [ 73.585582][ T5322] RBP: 00007fdb37c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 73.588457][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.591218][ T5322] R13: 0000000000000000 R14: 00007fdb37da5fa0 R15: 00007ffc1881d108 [ 73.594049][ T5322] [ 73.595450][ T5322] Kernel Offset: disabled [ 73.597028][ T5322] Rebooting in 86400 seconds..