program: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) execve(&(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') setxattr$trusted_overlay_upper(&(0x7f00000003c0)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) r0 = socket$inet6(0xa, 0x80803, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x547b31180522e14c, 0x80}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x33}, 0x0, @in6=@private1}}, 0xe8) connect$inet6(r0, &(0x7f00000000c0), 0x1c) r1 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x1, 0x4, 0x10, 0x15, "9e959f16deab7b08aa26e66c4056a516950600000000000000eef4fb0efcc1d8a6078ed98e5e6bd5f8643902dd8f6fac274de9d940ffa5e592bbd48685450d00", "f625c10e6e4c36c800dee96015e0fb7e904dc8df62a3a893ec00347f41be5a08", [0x6, 0x9]}) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendmmsg(r2, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000004c0)='k', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x12, &(0x7f0000000040)=0xfffffffd, 0x4) r3 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00') socket$nl_route(0x10, 0x3, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r5}, 0x8) ioctl$SIOCSIFHWADDR(r4, 0x89f7, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) ioctl$SG_NEXT_CMD_LEN(r3, 0x2283, &(0x7f0000000000)=0x21) write$binfmt_aout(r3, &(0x7f0000002780)={{0x107, 0x7, 0x3e, 0x34e, 0x24a, 0x1, 0xf5, 0x6c}, "", ['\x00']}, 0x120) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) [ 69.565554][ T4674] Bluetooth: hci0: command tx timeout [ 69.651786][ T5325] loop0: detected capacity change from 0 to 1024 [ 69.713334][ T5325] hfsplus: request for non-existent node 211 in B*Tree [ 69.716159][ T5325] hfsplus: request for non-existent node 211 in B*Tree [ 69.719578][ T5325] ================================================================== [ 69.722668][ T5325] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0 [ 69.725993][ T5325] Read of size 2 at addr 000508800000103e by task syz.0.0/5325 [ 69.728811][ T5325] [ 69.729763][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 69.729778][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.729786][ T5325] Call Trace: [ 69.729794][ T5325] [ 69.729800][ T5325] dump_stack_lvl+0x241/0x360 [ 69.729818][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.729830][ T5325] ? __pfx__printk+0x10/0x10 [ 69.729849][ T5325] ? _printk+0xd5/0x120 [ 69.729866][ T5325] print_report+0xe8/0x550 [ 69.729883][ T5325] ? __virt_addr_valid+0x58/0x530 [ 69.729899][ T5325] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.729915][ T5325] kasan_report+0x143/0x180 [ 69.729930][ T5325] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.729944][ T5325] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.729959][ T5325] kasan_check_range+0x282/0x290 [ 69.729976][ T5325] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.729992][ T5325] __asan_memcpy+0x29/0x70 [ 69.730007][ T5325] hfsplus_bnode_dump+0x403/0xbb0 [ 69.730023][ T5325] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 69.730038][ T5325] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 69.730052][ T5325] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10 [ 69.730066][ T5325] ? rcu_is_watching+0x15/0xb0 [ 69.730076][ T5325] ? hfsplus_bnode_move+0x2da/0x910 [ 69.730090][ T5325] ? __mark_inode_dirty+0x3db/0xe90 [ 69.730102][ T5325] hfsplus_brec_remove+0x42c/0x4f0 [ 69.730114][ T5325] __hfsplus_delete_attr+0x275/0x450 [ 69.730128][ T5325] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 69.730139][ T5325] ? hfsplus_find_init+0x85/0x1c0 [ 69.730151][ T5325] hfsplus_delete_attr+0x353/0x4b0 [ 69.730164][ T5325] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 69.730176][ T5325] ? hfsplus_find_init+0x85/0x1c0 [ 69.730185][ T5325] ? hfsplus_find_init+0x14a/0x1c0 [ 69.730194][ T5325] __hfsplus_setxattr+0x4ad/0x22d0 [ 69.730204][ T5325] ? kernel_text_address+0xa7/0xe0 [ 69.730214][ T5325] ? arch_stack_walk+0xfd/0x150 [ 69.730230][ T5325] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 69.730242][ T5325] ? stack_trace_save+0x118/0x1d0 [ 69.730253][ T5325] ? __pfx_stack_trace_save+0x10/0x10 [ 69.730264][ T5325] ? stack_depot_save_flags+0x37/0x940 [ 69.730290][ T5325] ? __kasan_kmalloc+0x98/0xb0 [ 69.730303][ T5325] ? __kmalloc_cache_noprof+0x243/0x390 [ 69.730314][ T5325] ? hfsplus_setxattr+0x68/0xe0 [ 69.730325][ T5325] hfsplus_setxattr+0xb0/0xe0 [ 69.730337][ T5325] hfsplus_trusted_setxattr+0x40/0x60 [ 69.730350][ T5325] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 69.730363][ T5325] __vfs_setxattr+0x468/0x4a0 [ 69.730382][ T5325] __vfs_setxattr_noperm+0x12e/0x660 [ 69.730393][ T5325] vfs_setxattr+0x221/0x430 [ 69.730403][ T5325] ? __pfx_vfs_setxattr+0x10/0x10 [ 69.730414][ T5325] filename_setxattr+0x2af/0x430 [ 69.730420][ T5325] ? __phys_addr_symbol+0x2f/0x70 [ 69.730433][ T5325] ? __pfx_filename_setxattr+0x10/0x10 [ 69.730442][ T5325] ? getname_flags+0x1e3/0x540 [ 69.730453][ T5325] path_setxattrat+0x440/0x510 [ 69.730467][ T5325] ? __pfx_path_setxattrat+0x10/0x10 [ 69.730479][ T5325] ? path_removexattrat+0x4be/0x670 [ 69.730497][ T5325] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.730512][ T5325] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.730527][ T5325] __x64_sys_setxattr+0xbc/0xe0 [ 69.730538][ T5325] do_syscall_64+0xf3/0x230 [ 69.730606][ T5325] ? clear_bhb_loop+0x35/0x90 [ 69.730624][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.730640][ T5325] RIP: 0033:0x7f3773d8cda9 [ 69.730651][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.730660][ T5325] RSP: 002b:00007f3774ba7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 69.730672][ T5325] RAX: ffffffffffffffda RBX: 00007f3773fa5fa0 RCX: 00007f3773d8cda9 [ 69.730681][ T5325] RDX: 0000000020001400 RSI: 00000000200001c0 RDI: 00000000200003c0 [ 69.730688][ T5325] RBP: 00007f3773e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 69.730695][ T5325] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000 [ 69.730701][ T5325] R13: 0000000000000000 R14: 00007f3773fa5fa0 R15: 00007fff4bfd6178 [ 69.730713][ T5325] [ 69.730723][ T5325] ================================================================== [ 69.895931][ T5325] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.898684][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 69.902556][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.906374][ T5325] Call Trace: [ 69.907520][ T5325] [ 69.908431][ T5325] dump_stack_lvl+0x241/0x360 [ 69.910116][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.911972][ T5325] ? __pfx__printk+0x10/0x10 [ 69.913662][ T5325] ? preempt_schedule+0xe1/0xf0 [ 69.915206][ T5325] ? vscnprintf+0x5d/0x90 [ 69.916510][ T5325] panic+0x349/0x880 [ 69.917805][ T5325] ? check_panic_on_warn+0x21/0xb0 [ 69.919364][ T5325] ? __pfx_panic+0x10/0x10 [ 69.920773][ T5325] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 69.922850][ T5325] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.925181][ T5325] ? print_report+0xe8/0x550 [ 69.926720][ T5325] check_panic_on_warn+0x86/0xb0 [ 69.928224][ T5325] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.929817][ T5325] end_report+0x77/0x160 [ 69.931317][ T5325] kasan_report+0x154/0x180 [ 69.932979][ T5325] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.934979][ T5325] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.937289][ T5325] kasan_check_range+0x282/0x290 [ 69.939152][ T5325] ? hfsplus_bnode_dump+0x403/0xbb0 [ 69.941125][ T5325] __asan_memcpy+0x29/0x70 [ 69.942883][ T5325] hfsplus_bnode_dump+0x403/0xbb0 [ 69.944825][ T5325] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 69.946956][ T5325] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 69.948932][ T5325] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10 [ 69.950962][ T5325] ? rcu_is_watching+0x15/0xb0 [ 69.952698][ T5325] ? hfsplus_bnode_move+0x2da/0x910 [ 69.954680][ T5325] ? __mark_inode_dirty+0x3db/0xe90 [ 69.956598][ T5325] hfsplus_brec_remove+0x42c/0x4f0 [ 69.958507][ T5325] __hfsplus_delete_attr+0x275/0x450 [ 69.960362][ T5325] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 69.962336][ T5325] ? hfsplus_find_init+0x85/0x1c0 [ 69.964234][ T5325] hfsplus_delete_attr+0x353/0x4b0 [ 69.966191][ T5325] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 69.968328][ T5325] ? hfsplus_find_init+0x85/0x1c0 [ 69.970209][ T5325] ? hfsplus_find_init+0x14a/0x1c0 [ 69.972211][ T5325] __hfsplus_setxattr+0x4ad/0x22d0 [ 69.974001][ T5325] ? kernel_text_address+0xa7/0xe0 [ 69.975750][ T5325] ? arch_stack_walk+0xfd/0x150 [ 69.977503][ T5325] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 69.979452][ T5325] ? stack_trace_save+0x118/0x1d0 [ 69.981164][ T5325] ? __pfx_stack_trace_save+0x10/0x10 [ 69.983012][ T5325] ? stack_depot_save_flags+0x37/0x940 [ 69.984956][ T5325] ? __kasan_kmalloc+0x98/0xb0 [ 69.986756][ T5325] ? __kmalloc_cache_noprof+0x243/0x390 [ 69.988884][ T5325] ? hfsplus_setxattr+0x68/0xe0 [ 69.990717][ T5325] hfsplus_setxattr+0xb0/0xe0 [ 69.992381][ T5325] hfsplus_trusted_setxattr+0x40/0x60 [ 69.994345][ T5325] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 69.996643][ T5325] __vfs_setxattr+0x468/0x4a0 [ 69.998534][ T5325] __vfs_setxattr_noperm+0x12e/0x660 [ 70.000443][ T5325] vfs_setxattr+0x221/0x430 [ 70.002136][ T5325] ? __pfx_vfs_setxattr+0x10/0x10 [ 70.004240][ T5325] filename_setxattr+0x2af/0x430 [ 70.006076][ T5325] ? __phys_addr_symbol+0x2f/0x70 [ 70.008002][ T5325] ? __pfx_filename_setxattr+0x10/0x10 [ 70.009950][ T5325] ? getname_flags+0x1e3/0x540 [ 70.011664][ T5325] path_setxattrat+0x440/0x510 [ 70.013419][ T5325] ? __pfx_path_setxattrat+0x10/0x10 [ 70.015497][ T5325] ? path_removexattrat+0x4be/0x670 [ 70.017510][ T5325] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.019592][ T5325] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.021921][ T5325] __x64_sys_setxattr+0xbc/0xe0 [ 70.023789][ T5325] do_syscall_64+0xf3/0x230 [ 70.025381][ T5325] ? clear_bhb_loop+0x35/0x90 [ 70.027104][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.029274][ T5325] RIP: 0033:0x7f3773d8cda9 [ 70.030950][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.038060][ T5325] RSP: 002b:00007f3774ba7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 70.041074][ T5325] RAX: ffffffffffffffda RBX: 00007f3773fa5fa0 RCX: 00007f3773d8cda9 [ 70.043783][ T5325] RDX: 0000000020001400 RSI: 00000000200001c0 RDI: 00000000200003c0 [ 70.046819][ T5325] RBP: 00007f3773e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 70.049708][ T5325] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000 [ 70.052531][ T5325] R13: 0000000000000000 R14: 00007f3773fa5fa0 R15: 00007fff4bfd6178 [ 70.055261][ T5325] [ 70.056684][ T5325] Kernel Offset: disabled [ 70.058324][ T5325] Rebooting in 86400 seconds..