program: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000200)) (async) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000200)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") r1 = inotify_init1(0x0) lsm_list_modules(0x0, 0x0, 0x0) (async) lsm_list_modules(0x0, 0x0, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000140)={[{0x5, 0x3, 0x6, 0xf9, 0x7, 0x81, 0x3, 0x83, 0x3, 0x10, 0x2, 0x8, 0x785f}, {0xff, 0x1000, 0x2, 0x5, 0x80, 0x0, 0xef, 0x10, 0x8, 0x80, 0x70, 0x9, 0x8}, {0x6, 0x9, 0x5, 0x8, 0x96, 0x9, 0x8, 0x0, 0x7, 0x7f, 0x54, 0x2, 0x4}], 0x6}) inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0x40000582) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x24443, 0x0) write$cgroup_int(r2, &(0x7f00000001c0)=0x6, 0x12) removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async) removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 76.452810][ T5303] Bluetooth: hci0: command tx timeout [ 76.463069][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.465389][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.563750][ T5319] loop0: detected capacity change from 0 to 1024 [ 76.617900][ T5319] hfsplus: request for non-existent node 134217728 in B*Tree [ 76.620876][ T5319] hfsplus: request for non-existent node 134217728 in B*Tree [ 76.625882][ T5320] ================================================================== [ 76.629021][ T5320] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0 [ 76.631866][ T5320] Read of size 2 at addr 000508800000103e by task syz.0.0/5320 [ 76.634593][ T5320] [ 76.635469][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-09485-g72deda0abee6 #0 [ 76.635483][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.635490][ T5320] Call Trace: [ 76.635496][ T5320] [ 76.635501][ T5320] dump_stack_lvl+0x241/0x360 [ 76.635518][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.635528][ T5320] ? __pfx__printk+0x10/0x10 [ 76.635543][ T5320] ? _printk+0xd5/0x120 [ 76.635558][ T5320] print_report+0xe8/0x550 [ 76.635574][ T5320] ? __virt_addr_valid+0x58/0x530 [ 76.635590][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 76.635605][ T5320] kasan_report+0x143/0x180 [ 76.635618][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 76.635632][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 76.635645][ T5320] kasan_check_range+0x282/0x290 [ 76.635659][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 76.635673][ T5320] __asan_memcpy+0x29/0x70 [ 76.635683][ T5320] hfsplus_bnode_dump+0x403/0xbb0 [ 76.635692][ T5320] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 76.635703][ T5320] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 76.635716][ T5320] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10 [ 76.635729][ T5320] ? rcu_is_watching+0x15/0xb0 [ 76.635738][ T5320] ? hfsplus_bnode_move+0x2da/0x910 [ 76.635752][ T5320] ? __mark_inode_dirty+0x3db/0xe90 [ 76.635763][ T5320] hfsplus_brec_remove+0x42c/0x4f0 [ 76.635775][ T5320] __hfsplus_delete_attr+0x275/0x450 [ 76.635788][ T5320] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 76.635798][ T5320] ? hfsplus_find_init+0x85/0x1c0 [ 76.635809][ T5320] hfsplus_delete_attr+0x353/0x4b0 [ 76.635819][ T5320] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 76.635830][ T5320] ? hfsplus_find_init+0x85/0x1c0 [ 76.635840][ T5320] ? hfsplus_find_init+0x14a/0x1c0 [ 76.635849][ T5320] __hfsplus_setxattr+0x801/0x22d0 [ 76.635860][ T5320] ? kernel_text_address+0xa7/0xe0 [ 76.635872][ T5320] ? arch_stack_walk+0xfd/0x150 [ 76.635889][ T5320] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 76.635901][ T5320] ? __pfx_stack_trace_save+0x10/0x10 [ 76.635913][ T5320] ? stack_depot_save_flags+0x37/0x940 [ 76.635935][ T5320] ? __kasan_kmalloc+0x98/0xb0 [ 76.635949][ T5320] ? __kmalloc_cache_noprof+0x243/0x390 [ 76.635959][ T5320] ? hfsplus_setxattr+0x68/0xe0 [ 76.635970][ T5320] hfsplus_setxattr+0xb0/0xe0 [ 76.635982][ T5320] hfsplus_user_setxattr+0x40/0x60 [ 76.635994][ T5320] ? __pfx_hfsplus_user_setxattr+0x10/0x10 [ 76.636004][ T5320] __vfs_removexattr+0x42a/0x460 [ 76.636016][ T5320] __vfs_removexattr_locked+0x206/0x450 [ 76.636027][ T5320] vfs_removexattr+0x103/0x2b0 [ 76.636037][ T5320] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 76.636048][ T5320] ? __pfx_vfs_removexattr+0x10/0x10 [ 76.636059][ T5320] path_removexattrat+0x32e/0x670 [ 76.636072][ T5320] ? __pfx_path_removexattrat+0x10/0x10 [ 76.636083][ T5320] ? do_futex+0x392/0x560 [ 76.636125][ T5320] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.636140][ T5320] ? do_syscall_64+0x100/0x230 [ 76.636199][ T5320] __x64_sys_removexattr+0x62/0x70 [ 76.636210][ T5320] do_syscall_64+0xf3/0x230 [ 76.636222][ T5320] ? clear_bhb_loop+0x35/0x90 [ 76.636237][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.636251][ T5320] RIP: 0033:0x7efe6418cda9 [ 76.636262][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.636270][ T5320] RSP: 002b:00007efe605f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5 [ 76.636283][ T5320] RAX: ffffffffffffffda RBX: 00007efe643a6080 RCX: 00007efe6418cda9 [ 76.636290][ T5320] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040 [ 76.636296][ T5320] RBP: 00007efe6420e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 76.636307][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.636313][ T5320] R13: 0000000000000000 R14: 00007efe643a6080 R15: 00007fff8f3fc148 [ 76.636323][ T5320] [ 76.636327][ T5320] ================================================================== [ 76.794891][ T5320] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 76.797651][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-09485-g72deda0abee6 #0 [ 76.801324][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.805258][ T5320] Call Trace: [ 76.806619][ T5320] [ 76.807742][ T5320] dump_stack_lvl+0x241/0x360 [ 76.809463][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.811363][ T5320] ? __pfx__printk+0x10/0x10 [ 76.813126][ T5320] ? preempt_schedule+0xe1/0xf0 [ 76.814866][ T5320] ? vscnprintf+0x5d/0x90 [ 76.816535][ T5320] panic+0x349/0x880 [ 76.818113][ T5320] ? check_panic_on_warn+0x21/0xb0 [ 76.820046][ T5320] ? __pfx_panic+0x10/0x10 [ 76.821764][ T5320] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 76.824015][ T5320] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.826368][ T5320] ? print_report+0xe8/0x550 [ 76.828128][ T5320] check_panic_on_warn+0x86/0xb0 [ 76.830024][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 76.831969][ T5320] end_report+0x77/0x160 [ 76.833688][ T5320] kasan_report+0x154/0x180 [ 76.835414][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 76.837312][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 76.839310][ T5320] kasan_check_range+0x282/0x290 [ 76.841147][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0 [ 76.843160][ T5320] __asan_memcpy+0x29/0x70 [ 76.844826][ T5320] hfsplus_bnode_dump+0x403/0xbb0 [ 76.846728][ T5320] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 76.848840][ T5320] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 76.850870][ T5320] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10 [ 76.853325][ T5320] ? rcu_is_watching+0x15/0xb0 [ 76.855142][ T5320] ? hfsplus_bnode_move+0x2da/0x910 [ 76.857123][ T5320] ? __mark_inode_dirty+0x3db/0xe90 [ 76.859167][ T5320] hfsplus_brec_remove+0x42c/0x4f0 [ 76.861152][ T5320] __hfsplus_delete_attr+0x275/0x450 [ 76.863154][ T5320] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 76.865329][ T5320] ? hfsplus_find_init+0x85/0x1c0 [ 76.867336][ T5320] hfsplus_delete_attr+0x353/0x4b0 [ 76.869308][ T5320] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 76.871462][ T5320] ? hfsplus_find_init+0x85/0x1c0 [ 76.873438][ T5320] ? hfsplus_find_init+0x14a/0x1c0 [ 76.875450][ T5320] __hfsplus_setxattr+0x801/0x22d0 [ 76.877417][ T5320] ? kernel_text_address+0xa7/0xe0 [ 76.879250][ T5320] ? arch_stack_walk+0xfd/0x150 [ 76.881103][ T5320] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 76.883175][ T5320] ? __pfx_stack_trace_save+0x10/0x10 [ 76.885241][ T5320] ? stack_depot_save_flags+0x37/0x940 [ 76.887338][ T5320] ? __kasan_kmalloc+0x98/0xb0 [ 76.889258][ T5320] ? __kmalloc_cache_noprof+0x243/0x390 [ 76.891460][ T5320] ? hfsplus_setxattr+0x68/0xe0 [ 76.893924][ T5320] hfsplus_setxattr+0xb0/0xe0 [ 76.895775][ T5320] hfsplus_user_setxattr+0x40/0x60 [ 76.897725][ T5320] ? __pfx_hfsplus_user_setxattr+0x10/0x10 [ 76.899905][ T5320] __vfs_removexattr+0x42a/0x460 [ 76.901793][ T5320] __vfs_removexattr_locked+0x206/0x450 [ 76.903902][ T5320] vfs_removexattr+0x103/0x2b0 [ 76.905748][ T5320] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 76.907951][ T5320] ? __pfx_vfs_removexattr+0x10/0x10 [ 76.910026][ T5320] path_removexattrat+0x32e/0x670 [ 76.911915][ T5320] ? __pfx_path_removexattrat+0x10/0x10 [ 76.913975][ T5320] ? do_futex+0x392/0x560 [ 76.915928][ T5320] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.918925][ T5320] ? do_syscall_64+0x100/0x230 [ 76.921515][ T5320] __x64_sys_removexattr+0x62/0x70 [ 76.924025][ T5320] do_syscall_64+0xf3/0x230 [ 76.926294][ T5320] ? clear_bhb_loop+0x35/0x90 [ 76.928790][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.931679][ T5320] RIP: 0033:0x7efe6418cda9 [ 76.933809][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.941156][ T5320] RSP: 002b:00007efe605f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5 [ 76.944427][ T5320] RAX: ffffffffffffffda RBX: 00007efe643a6080 RCX: 00007efe6418cda9 [ 76.947667][ T5320] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040 [ 76.950621][ T5320] RBP: 00007efe6420e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 76.953536][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.956553][ T5320] R13: 0000000000000000 R14: 00007efe643a6080 R15: 00007fff8f3fc148 [ 76.959480][ T5320] [ 76.960979][ T5320] Kernel Offset: disabled [ 76.962705][ T5320] Rebooting in 86400 seconds..