program:
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x9d})
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000008c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2810880, &(0x7f0000000000)=ANY=[], 0x1, 0x2c6, &(0x7f0000000c80)="$eJzs3U1rE0Ecx/Hf7KZpamtdbaUgHqRa9CRtvYiXghRfgxdFbVIohha1gk9g8Sy+AO9F8AX4IjyJ4FlPnnwBva3MZpLMNrtJm5psgt8PRCfZefjPZrM7/0C6AvDfur3+c//Gb/swUqhQ0i0psJsuqSTpvBYqz7d3t3brtWq3jkKpouRhpKSl6aizsV3LamrbJS2cyD4racZ/DYMRx3H8q+ggUKSK+z/M2hhIk+7TGfqVx9leKO0VHUTBzIEO9EKzRccBACiWaVzfA3edn3Hr9yCQltxl37/+/zhdcLwnc1UHRYdQMO/6n2RZsbHv75lkUzvfS1I4uz1oZonHHccuHstqHFmpBaZJZ5WdyWISSzC1uVWvXd/YqVcDvdOa41Wbl7SmqstZnR7RLmYMl1bW0Xtr+vRmYfPQS9PJHCbsHFZz4p/LGrTfvX0U5qv5Zu6bSB9Vba3/SnF7j0Std+rORDv+5bzudp7cS1o1auXM8mwyyIX0ju06yzAvI5HbU3Go9BcEUTrOcmarsg61asxuJW8k189cZqvVHq3mbavPXqv20ZzfctDMB3PXLOqPvmjdW/8Hdm8vqfOTmd1JUtMdGc35ZOaGpaRm5L+0dzGzz6C/+SDNP05zP0DSez3STc0+e/nq8cN6vfa0s1DK3/QPCjaGwfQ8eoXX5ZEIo11oHgSjEk9/BXuOHe5B2yqUT7zrKjpW5c6Z+oXmqfMIHTZP0j0HHczZCaOl/abn13k7zIAwbPbkYRr5n5evLCcJgf0n6rJOj3st27weVzJyg8lWxVNeT8Z9P5+fAU3nZ3Ddcq59r97la9IV73mPnCvSOWmq61zHiVnXdz3g+38AAAAAAAAAAAAAAAAAAIBxM4xfa3jD8Rd9AAAAAAAAAAAAAAAAAAAAAADoQ/79fysa4P1/U78DOMH9f7vc4ARAL38DAAD//0EVdWo=")
syz_mount_image$udf(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x14444, &(0x7f0000000280)=ANY=[@ANYBLOB="696f636861727365743d6b6f69382d72752c766f6c756d653d3030303030303030303030300000000063686f723d30303030303030303030303030303030303030342c6e6f6164696e6963622c6769643d69676e6f72652c7569643d6967ee6f7200006769643dc7865530221d5cf1ffa33f314577d414dd0f02989f344aa1daf1517b816480770a92f1eaeab3d78957fc83df545faf189820845d1a3ae48728ee6ed8684b4f3acff28b7d51848813c91e8e6278a3cfa72eec120ebbc7baaaf78c062300000000000000", @ANYRESDEC, @ANYRESDEC], 0xfe, 0xc17, &(0x7f0000001180)="$eJzs3UFsHNd9B+D/Gy1FSm4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkI22ZXnroIUBR9JATgdYokKKB0RRBj2zrAsnFhyKnnogWNoKiB7YIkJPBYGbfikuKsmRTpEj7+2zqNzv73ux7b9YzsqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN97+dKZ59KjbgUAsJ+ujH/1zFn3fwD4RLnq//8BAAAAAAAAAAAAAOCgS1HE45Fi/sp6mqxedwxcbs/euj0xMrpztWOpqnmkKl/+DDx39tz5Lz0/fKGbH1z/YXsyXh2/eqn+0tzN+YXW4mJruj4x256am2498BF2W3+7oWoA6jdfuzV9/fpi/eyz57a8fXvwvf7HTg5eHH769FPdshMjo6PjPWVqfR/50+9yrxkeR6OI05Hime/9JDUjoojdj8V9vjt77VjViaGqExMjo1VHZtrN2aXyzbHuQBQR9Z5Kje4Y7cO52JVGxHLZ/LLBQ2X3xuebC81rM636WHNhqb3UnpsdS53Wlv2pRxEXUsRKRKz13324viiiFim+c2I9XYuII91x+GI1Mfje7Sj2sI8PoGxnvS9ipTgE5+wA648iXokUP327iKlyzPJPfCHilTJ/EPFmmS9GpPKLcT7i3R2+RxxOtSjiL8rzf3E9TVfXg+515fLX6l+ZvT7XU7Z7XTn094f9dMCvTQNRRLO64q+nj/6bHQAAAAAAAAAAAAAAAAAetmNRxJOR4uX/+KNqXnFU89JPXBz+/cFf7J0z/sR9jlOWfTYilosHm5N7NE8hHktjKT3iucSfZANRxB/n+X/fetSNAQAAAAAAAAAAAAAAAAAA+EQr4seR4oV3TqWV6F1TvD17o361eW2msypsd+3f7prpGxsbG/XUyUbOyZzLOVdyruZcyxlFrp+zkXMy53LOlZyrOddyxpFcP2cj52TO5ZwrOVdzruWMWq6fs5FzMudyzpWcqznXcsYBWbsXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODjpIgi3o8U3/7GeooUEY2Iyejkan+3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKPWnIr4fKep/0LizrxYRqfq341T5y/loHC3z09EYLvPFaFzK2ayy1vjWI2g/u9OXivhRpOgfeOvOCc/nv6/z6s7XIN785uarX6l18kj3zcH3+h87eeLi8OivPXGv7bRTA4Yut2dv3a5PjIyOjvfsruVP/3TPvsH8ucXD6ToRsfj6G681Z2ZaCzY+GRu1zkYtDkh79msjX6/ioLRn+0bjYDRjc+MRX5jYF+X9/91I8dvv/Gf3ht+9//9C59WdO3z87E827/8vbD/QHt3/H+/Z90L+3UhfLWJg6eZ838mIgcXX3zjdvtm80brRmj1/5syXh4e/fO5M39GIgevtmVbP1q6HCgAAAAAAAAAAAAAAAGB/pSJ+N1I0f7Se6hFxu5qvNXhx+OnTTx2JI9V8qy3ztl4dv3qp/tLczfmF1uJia7o+MduemptuPejHDVTTvSZGRvekM/d1bI/bf2zgpbn51xfaN/5wacf3jw9cura4tNCc2vntOBZFRKN3z1DV4ImR0arRM+3mbFV1bMfJdB9eXyrivyLF1Pl6+nzel+f/bZ/hv2X+//L2A+3R/L9P9ewrPzOlIn4WKX7rL5+Iz1ftPB53jVku97eRYujC53K5OFqW67ah81yBzszAsuz/RYp/fH9r2e58yMc3yz73wAN7SJTn/0Sk+P6ffzd+Pe/b+vyHnc//8e0H2qPz/5mefce3PK9g110nn//TkeLFx9+K38j7Puj5H0VsbGz8acSpXPjO8zn26Px/tmffYHQ+9zcfXvcBAAAAAAAAAAAOrb5UxN9FiqdGa+n5vO9B/v7f9PYD7dHf//rlnn3T+7Re0a4HFQAAAAAOiL5UxI8jxY2lt+7Mod46/7tn/ufvbK69PpK2vVv9Od8vVc8NeJh//tdrMH/u5O67DQAAAAAAAAAAAAAAAAAAAAdKSkU8n9dTn7zPeuqrkeLl/3kml0sny3LddeAHq18HrszNnr40MzM31VxqXptp1cfnm1Otsu5nIsX633wu1y2q9dW768131ngf2Oiuxb4QKUb/vlu2sxZ7d23yznrgnbXYy7KfihT//Q9by3bXsf7sZtmzZdm/jhRf/+edy57cLHuuLPvdSPHDr9e7ZY+XZbvPR+08k3SgFjOtZ6fmZu56FCoAAAAAAAAAAAAAAAAAAAB8WH2piD+LFP97cyWW87T/vP5/dwX+Wrfsm9/sWe9/m9vVOv+D1fr/99r+KOv/Dz60ngIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOGRoog3IsX8lfW02l++7hi43J69dXtiZHTnasdSVfNIVb78GXju7LnzX3p++EI3P7j+w/ZkvDp+9VL9pbmb8wutxcXWdH1itj01N9164CPstv7m0HUMVQNQv/narenr1xfrZ589t+Xt24Pv9T92cvDi8NOnn+qWnRgZHR3vKVPr+xCf/qEat+loFPFXkeKZ7/0k/Ut/RBG7H4v7fHf22rGqE0NVJyZGRquOzLSbs0vlm2PdgSgi6j2VGt0x2odzsSuNiOWy+WWDh8rujc83F5rXZlr1sebCUnupPTc7ljqtLftTjyIupIiViFjrv/twfVHEa5HiOyfW07/2RxzpjsMXr4x/9czZe7ej2MM+PoCynfW+iJXiEJyzA6w/ivinSPHTt0/Fv/VH1KLzE1+IeKXMH0S8WeaLEan8YpyPeHeH7xGHUy2K+P/y/F9cT2/3l9eD7nXl8tfqX5m9PtdTtntdOfT3h/10wK9NA1HED6sr/nr6d/9dAwAAAAAAAAAAAAAAABwgRfxqpHjhnVOpmh98Z05xe/ZG/Wrz2kxnWl937l93zvTGxsZGPXWykXMy53LOlZyrOddyRpHr52zknMy5nHMl52rOtZxxJNfP2cg5mXM550rO1ZxrOaOW6+ds5JzMuZxzJedqzrWccUDm7gEAAAAAAAAAAAAAAAAAAB8vRfVPim9/Yz1t9HfWl56MTq5aD/Rj7+cBAAD//1vO/Qs=")
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x400000000000003, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private0}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x18}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0x70}}, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_SET_PHYS(r1, 0x4008556c, 0x0)
rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000780)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fsync(r1)
[ 69.195963][ T4673] Bluetooth: hci0: command tx timeout
[ 69.235310][ T5328] loop0: detected capacity change from 0 to 64
[ 69.383688][ T5328] ==================================================================
[ 69.386806][ T5328] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read+0x16a/0x200
[ 69.389949][ T5328] Write of size 94 at addr ffff888012246080 by task syz.0.0/5328
[ 69.393068][ T5328]
[ 69.394075][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full)
[ 69.394091][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.394100][ T5328] Call Trace:
[ 69.394107][ T5328]
[ 69.394112][ T5328] dump_stack_lvl+0x241/0x360
[ 69.394136][ T5328] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.394154][ T5328] ? rcu_is_watching+0x15/0xb0
[ 69.394175][ T5328] ? __virt_addr_valid+0x183/0x530
[ 69.394192][ T5328] ? lock_release+0x4e/0x3e0
[ 69.394206][ T5328] ? __virt_addr_valid+0x183/0x530
[ 69.394222][ T5328] ? __virt_addr_valid+0x183/0x530
[ 69.394238][ T5328] print_report+0x16e/0x5b0
[ 69.394253][ T5328] ? __virt_addr_valid+0x183/0x530
[ 69.394267][ T5328] ? __virt_addr_valid+0x183/0x530
[ 69.394281][ T5328] ? __virt_addr_valid+0x45f/0x530
[ 69.394295][ T5328] ? __phys_addr+0xba/0x170
[ 69.394310][ T5328] ? hfs_bnode_read+0x16a/0x200
[ 69.394321][ T5328] kasan_report+0x143/0x180
[ 69.394336][ T5328] ? hfs_bnode_read+0x16a/0x200
[ 69.394348][ T5328] kasan_check_range+0x28f/0x2a0
[ 69.394363][ T5328] ? hfs_bnode_read+0x16a/0x200
[ 69.394373][ T5328] __asan_memcpy+0x40/0x70
[ 69.394385][ T5328] hfs_bnode_read+0x16a/0x200
[ 69.394397][ T5328] hfs_bnode_read_key+0x174/0x240
[ 69.394408][ T5328] ? do_raw_spin_unlock+0x58/0x8b0
[ 69.394424][ T5328] ? __pfx_hfs_bnode_read_key+0x10/0x10
[ 69.394436][ T5328] ? _raw_spin_unlock+0x28/0x50
[ 69.394488][ T5328] ? block_dirty_folio+0x167/0x1e0
[ 69.394508][ T5328] hfs_brec_insert+0x6a5/0xbe0
[ 69.394522][ T5328] ? __pfx_hfs_brec_insert+0x10/0x10
[ 69.394535][ T5328] hfs_cat_create+0x3de/0x760
[ 69.394549][ T5328] ? __pfx_hfs_cat_create+0x10/0x10
[ 69.394565][ T5328] ? _raw_spin_unlock+0x28/0x50
[ 69.394575][ T5328] ? hfs_new_inode+0x8df/0xba0
[ 69.394588][ T5328] hfs_mkdir+0x6c/0xe0
[ 69.394601][ T5328] vfs_mkdir+0x2f9/0x500
[ 69.394616][ T5328] do_mkdirat+0x273/0x3f0
[ 69.394629][ T5328] ? __pfx_do_mkdirat+0x10/0x10
[ 69.394641][ T5328] ? strncpy_from_user+0x143/0x280
[ 69.394654][ T5328] ? getname_flags+0x1e2/0x530
[ 69.394672][ T5328] __x64_sys_mkdir+0x6c/0x80
[ 69.394685][ T5328] do_syscall_64+0xf3/0x230
[ 69.394700][ T5328] ? clear_bhb_loop+0x45/0xa0
[ 69.394713][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.394725][ T5328] RIP: 0033:0x7f0cded8d169
[ 69.394738][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 69.394747][ T5328] RSP: 002b:00007f0cdfb2e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 69.394762][ T5328] RAX: ffffffffffffffda RBX: 00007f0cdefa5fa0 RCX: 00007f0cded8d169
[ 69.394771][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000004c0
[ 69.394778][ T5328] RBP: 00007f0cdee0e990 R08: 0000000000000000 R09: 0000000000000000
[ 69.394786][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 69.394793][ T5328] R13: 0000000000000000 R14: 00007f0cdefa5fa0 R15: 00007ffed1255c88
[ 69.394807][ T5328]
[ 69.394812][ T5328]
[ 69.511755][ T5328] Allocated by task 5328:
[ 69.513392][ T5328] kasan_save_track+0x3f/0x80
[ 69.515022][ T5328] __kasan_kmalloc+0x9d/0xb0
[ 69.516921][ T5328] __kmalloc_noprof+0x28e/0x4d0
[ 69.518869][ T5328] hfs_find_init+0x92/0x1f0
[ 69.520706][ T5328] hfs_cat_create+0x181/0x760
[ 69.522618][ T5328] hfs_mkdir+0x6c/0xe0
[ 69.524280][ T5328] vfs_mkdir+0x2f9/0x500
[ 69.526030][ T5328] do_mkdirat+0x273/0x3f0
[ 69.527818][ T5328] __x64_sys_mkdir+0x6c/0x80
[ 69.529706][ T5328] do_syscall_64+0xf3/0x230
[ 69.531586][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.534004][ T5328]
[ 69.535016][ T5328] The buggy address belongs to the object at ffff888012246080
[ 69.535016][ T5328] which belongs to the cache kmalloc-96 of size 96
[ 69.540326][ T5328] The buggy address is located 0 bytes inside of
[ 69.540326][ T5328] allocated 78-byte region [ffff888012246080, ffff8880122460ce)
[ 69.545563][ T5328]
[ 69.546450][ T5328] The buggy address belongs to the physical page:
[ 69.549027][ T5328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12246
[ 69.552476][ T5328] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 69.555344][ T5328] page_type: f5(slab)
[ 69.556927][ T5328] raw: 00fff00000000000 ffff88801b041280 dead000000000100 dead000000000122
[ 69.560285][ T5328] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[ 69.563740][ T5328] page dumped because: kasan: bad access detected
[ 69.566279][ T5328] page_owner tracks the page as allocated
[ 69.568618][ T5328] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5328, tgid 5327 (syz.0.0), ts 69325846939, free_ts 69292972083
[ 69.575924][ T5328] post_alloc_hook+0x1f4/0x240
[ 69.577801][ T5328] get_page_from_freelist+0x352b/0x36c0
[ 69.579778][ T5328] __alloc_pages_slowpath+0x436/0x1080
[ 69.581887][ T5328] __alloc_frozen_pages_noprof+0x40d/0x5b0
[ 69.584200][ T5328] allocate_slab+0x66/0x3a0
[ 69.586042][ T5328] ___slab_alloc+0xc3b/0x1500
[ 69.587894][ T5328] __slab_alloc+0x58/0xa0
[ 69.589588][ T5328] __kmalloc_node_noprof+0x2f4/0x4d0
[ 69.591613][ T5328] alloc_slab_obj_exts+0x3a/0xa0
[ 69.593265][ T5328] __memcg_slab_post_alloc_hook+0x31c/0x7e0
[ 69.595175][ T5328] kmem_cache_alloc_noprof+0x28f/0x390
[ 69.597350][ T5328] alloc_empty_file+0x56/0x1d0
[ 69.599205][ T5328] alloc_file_pseudo+0x206/0x320
[ 69.601175][ T5328] __shmem_file_setup+0x237/0x2c0
[ 69.603129][ T5328] __se_sys_memfd_create+0x328/0x7d0
[ 69.605239][ T5328] do_syscall_64+0xf3/0x230
[ 69.607058][ T5328] page last free pid 5309 tgid 5309 stack trace:
[ 69.609632][ T5328] __free_frozen_pages+0xde8/0x10a0
[ 69.611686][ T5328] __slab_free+0x2c6/0x390
[ 69.613474][ T5328] qlist_free_all+0x9a/0x140
[ 69.615365][ T5328] kasan_quarantine_reduce+0x14f/0x170
[ 69.617538][ T5328] __kasan_slab_alloc+0x23/0x80
[ 69.619407][ T5328] __kmalloc_noprof+0x238/0x4d0
[ 69.621300][ T5328] tomoyo_realpath_from_path+0xcf/0x5e0
[ 69.623503][ T5328] tomoyo_path_perm+0x2be/0x640
[ 69.625446][ T5328] security_inode_getattr+0x130/0x330
[ 69.627556][ T5328] vfs_fstatat+0xa5/0x150
[ 69.629253][ T5328] __x64_sys_newfstatat+0x11f/0x1a0
[ 69.631280][ T5328] do_syscall_64+0xf3/0x230
[ 69.633790][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.636230][ T5328]
[ 69.637258][ T5328] Memory state around the buggy address:
[ 69.639516][ T5328] ffff888012245f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.642737][ T5328] ffff888012246000: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[ 69.645879][ T5328] >ffff888012246080: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
[ 69.649022][ T5328] ^
[ 69.651515][ T5328] ffff888012246100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 69.654380][ T5328] ffff888012246180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 69.657266][ T5328] ==================================================================
[ 69.678276][ T5328] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.681297][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full)
[ 69.685675][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.689872][ T5328] Call Trace:
[ 69.691235][ T5328]
[ 69.692441][ T5328] dump_stack_lvl+0x241/0x360
[ 69.694227][ T5328] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.696178][ T5328] ? __pfx__printk+0x10/0x10
[ 69.698063][ T5328] ? vscnprintf+0x5d/0x90
[ 69.699907][ T5328] panic+0x349/0x880
[ 69.701521][ T5328] ? check_panic_on_warn+0x21/0xb0
[ 69.703603][ T5328] ? __pfx_panic+0x10/0x10
[ 69.705341][ T5328] ? _raw_spin_unlock_irqrestore+0x134/0x140
[ 69.707506][ T5328] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 69.709904][ T5328] ? print_report+0x519/0x5b0
[ 69.711856][ T5328] check_panic_on_warn+0x86/0xb0
[ 69.713782][ T5328] ? hfs_bnode_read+0x16a/0x200
[ 69.715664][ T5328] end_report+0x77/0x160
[ 69.717349][ T5328] kasan_report+0x154/0x180
[ 69.719205][ T5328] ? hfs_bnode_read+0x16a/0x200
[ 69.721227][ T5328] kasan_check_range+0x28f/0x2a0
[ 69.723271][ T5328] ? hfs_bnode_read+0x16a/0x200
[ 69.725202][ T5328] __asan_memcpy+0x40/0x70
[ 69.726989][ T5328] hfs_bnode_read+0x16a/0x200
[ 69.728884][ T5328] hfs_bnode_read_key+0x174/0x240
[ 69.730928][ T5328] ? do_raw_spin_unlock+0x58/0x8b0
[ 69.733033][ T5328] ? __pfx_hfs_bnode_read_key+0x10/0x10
[ 69.735283][ T5328] ? _raw_spin_unlock+0x28/0x50
[ 69.737281][ T5328] ? block_dirty_folio+0x167/0x1e0
[ 69.739253][ T5328] hfs_brec_insert+0x6a5/0xbe0
[ 69.741058][ T5328] ? __pfx_hfs_brec_insert+0x10/0x10
[ 69.743015][ T5328] hfs_cat_create+0x3de/0x760
[ 69.744754][ T5328] ? __pfx_hfs_cat_create+0x10/0x10
[ 69.746646][ T5328] ? _raw_spin_unlock+0x28/0x50
[ 69.748466][ T5328] ? hfs_new_inode+0x8df/0xba0
[ 69.750413][ T5328] hfs_mkdir+0x6c/0xe0
[ 69.752065][ T5328] vfs_mkdir+0x2f9/0x500
[ 69.753858][ T5328] do_mkdirat+0x273/0x3f0
[ 69.755632][ T5328] ? __pfx_do_mkdirat+0x10/0x10
[ 69.757664][ T5328] ? strncpy_from_user+0x143/0x280
[ 69.759671][ T5328] ? getname_flags+0x1e2/0x530
[ 69.761483][ T5328] __x64_sys_mkdir+0x6c/0x80
[ 69.763205][ T5328] do_syscall_64+0xf3/0x230
[ 69.764982][ T5328] ? clear_bhb_loop+0x45/0xa0
[ 69.766915][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.769109][ T5328] RIP: 0033:0x7f0cded8d169
[ 69.770781][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 69.778277][ T5328] RSP: 002b:00007f0cdfb2e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 69.781649][ T5328] RAX: ffffffffffffffda RBX: 00007f0cdefa5fa0 RCX: 00007f0cded8d169
[ 69.784884][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000004c0
[ 69.788061][ T5328] RBP: 00007f0cdee0e990 R08: 0000000000000000 R09: 0000000000000000
[ 69.791225][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 69.794447][ T5328] R13: 0000000000000000 R14: 00007f0cdefa5fa0 R15: 00007ffed1255c88
[ 69.797691][ T5328]
[ 69.799228][ T5328] Kernel Offset: disabled
[ 69.801034][ T5328] Rebooting in 86400 seconds..