program: r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000613000/0x3000)=nil, 0x3) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f00000002c0)=ANY=[@ANYRESHEX=r1, @ANYBLOB="fd9bbfc59722154caec1864a7e82f4dc16088855d4ddc75f36366ef21d38a0d3851f6735f6ba71474f4e24a9", @ANYRESOCT, @ANYRES64=r1, @ANYRESHEX=r1, @ANYRESHEX, @ANYBLOB="3334bad88692efdc947e3f58f4c21a1ee8ac3173c637b9c80cfaa57d32cecc045082dbe29970c11408fb9e4c64ceac92bdb4955b75df4b3df6235bd71f77862d393f786b431479f0", @ANYRES32=r1], 0x841, 0x0) lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000100), 0x10800, 0x0) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000200)={0x0, @remote, @multicast2}, &(0x7f00000003c0)=0xc) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000440)={'syztnl2\x00', 0x0, 0x80, 0x20, 0x89b6, 0x9, {{0xe, 0x4, 0x1, 0x1, 0x38, 0x64, 0x0, 0xe9, 0x29, 0x0, @local, @broadcast, {[@rr={0x7, 0x23, 0xef, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @dev={0xac, 0x14, 0x14, 0x30}, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1]}, @noop]}}}}}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wg0\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000580)={0x8c, r3, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xe44}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8}, @ETHTOOL_A_LINKMODES_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_LINKMODES_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) userfaultfd(0x80001) (async) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) (async) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) (async) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000613000/0x3000)=nil, 0x3) (async) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) (async) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) (async) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") (async) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f00000002c0)=ANY=[@ANYRESHEX=r1, @ANYBLOB="fd9bbfc59722154caec1864a7e82f4dc16088855d4ddc75f36366ef21d38a0d3851f6735f6ba71474f4e24a9", @ANYRESOCT, @ANYRES64=r1, @ANYRESHEX=r1, @ANYRESHEX, @ANYBLOB="3334bad88692efdc947e3f58f4c21a1ee8ac3173c637b9c80cfaa57d32cecc045082dbe29970c11408fb9e4c64ceac92bdb4955b75df4b3df6235bd71f77862d393f786b431479f0", @ANYRES32=r1], 0x841, 0x0) (async) lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async) openat$full(0xffffffffffffff9c, &(0x7f0000000100), 0x10800, 0x0) (async) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) (async) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000200)={0x0, @remote, @multicast2}, &(0x7f00000003c0)=0xc) (async) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000440)={'syztnl2\x00', 0x0, 0x80, 0x20, 0x89b6, 0x9, {{0xe, 0x4, 0x1, 0x1, 0x38, 0x64, 0x0, 0xe9, 0x29, 0x0, @local, @broadcast, {[@rr={0x7, 0x23, 0xef, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @dev={0xac, 0x14, 0x14, 0x30}, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1]}, @noop]}}}}}) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000500)) (async) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wg0\x00'}) (async) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000580)={0x8c, r3, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xe44}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8}, @ETHTOOL_A_LINKMODES_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_LINKMODES_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) (async) [ 68.458822][ T4664] Bluetooth: hci0: command tx timeout [ 68.545401][ T5325] loop0: detected capacity change from 0 to 1024 [ 68.607595][ T5325] hfsplus: request for non-existent node 211 in B*Tree [ 68.615207][ T5325] hfsplus: request for non-existent node 211 in B*Tree [ 68.626737][ T5325] ================================================================== [ 68.630290][ T5325] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc1/0x1e0 [ 68.633767][ T5325] Read of size 8 at addr ffff888033c129a0 by task syz.0.0/5325 [ 68.636856][ T5325] [ 68.637914][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.14.0-rc5-syzkaller-00268-g1110ce6a1e34 #0 [ 68.637927][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.637934][ T5325] Call Trace: [ 68.637941][ T5325] [ 68.637947][ T5325] dump_stack_lvl+0x241/0x360 [ 68.637962][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.637972][ T5325] ? __pfx__printk+0x10/0x10 [ 68.637981][ T5325] ? _printk+0xd5/0x120 [ 68.637990][ T5325] ? __virt_addr_valid+0x183/0x530 [ 68.638000][ T5325] ? __virt_addr_valid+0x183/0x530 [ 68.638009][ T5325] print_report+0x16e/0x5b0 [ 68.638021][ T5325] ? __virt_addr_valid+0x183/0x530 [ 68.638029][ T5325] ? __virt_addr_valid+0x183/0x530 [ 68.638037][ T5325] ? __virt_addr_valid+0x45f/0x530 [ 68.638045][ T5325] ? __phys_addr+0xba/0x170 [ 68.638054][ T5325] ? hfsplus_bnode_read+0xc1/0x1e0 [ 68.638067][ T5325] kasan_report+0x143/0x180 [ 68.638078][ T5325] ? block_dirty_folio+0x15d/0x1e0 [ 68.638092][ T5325] ? hfsplus_bnode_read+0xc1/0x1e0 [ 68.638105][ T5325] hfsplus_bnode_read+0xc1/0x1e0 [ 68.638119][ T5325] hfsplus_bnode_dump+0x289/0x6a0 [ 68.638140][ T5325] ? block_dirty_folio+0x167/0x1e0 [ 68.638155][ T5325] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 68.638167][ T5325] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 68.638181][ T5325] ? hfsplus_bnode_move+0x2da/0x900 [ 68.638194][ T5325] ? __mark_inode_dirty+0x3db/0xe90 [ 68.638209][ T5325] hfsplus_brec_remove+0x42c/0x4f0 [ 68.638225][ T5325] __hfsplus_delete_attr+0x275/0x450 [ 68.638237][ T5325] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 68.638248][ T5325] ? hfsplus_attr_build_key+0xef/0x260 [ 68.638258][ T5325] hfsplus_delete_attr+0x25b/0x2f0 [ 68.638268][ T5325] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 68.638278][ T5325] ? hfsplus_find_init+0x85/0x1c0 [ 68.638292][ T5325] ? hfsplus_find_init+0x14a/0x1c0 [ 68.638307][ T5325] __hfsplus_setxattr+0x4ad/0x2310 [ 68.638317][ T5325] ? kernel_text_address+0xa7/0xe0 [ 68.638329][ T5325] ? arch_stack_walk+0xfd/0x150 [ 68.638340][ T5325] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 68.638350][ T5325] ? stack_trace_save+0x118/0x1d0 [ 68.638363][ T5325] ? __pfx_stack_trace_save+0x10/0x10 [ 68.638388][ T5325] ? __kasan_kmalloc+0x98/0xb0 [ 68.638399][ T5325] hfsplus_setxattr+0x11c/0x180 [ 68.638410][ T5325] hfsplus_trusted_setxattr+0x40/0x60 [ 68.638421][ T5325] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 68.638433][ T5325] __vfs_setxattr+0x468/0x4a0 [ 68.638448][ T5325] __vfs_setxattr_noperm+0x12e/0x660 [ 68.638461][ T5325] vfs_setxattr+0x221/0x430 [ 68.638476][ T5325] ? __pfx_vfs_setxattr+0x10/0x10 [ 68.638491][ T5325] filename_setxattr+0x2af/0x430 [ 68.638503][ T5325] ? __phys_addr_symbol+0x2f/0x70 [ 68.638512][ T5325] ? __pfx_filename_setxattr+0x10/0x10 [ 68.638525][ T5325] ? getname_flags+0x1e3/0x540 [ 68.638539][ T5325] path_setxattrat+0x440/0x510 [ 68.638550][ T5325] ? __pfx_path_setxattrat+0x10/0x10 [ 68.638565][ T5325] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 68.638580][ T5325] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 68.638594][ T5325] __x64_sys_setxattr+0xbc/0xe0 [ 68.638607][ T5325] do_syscall_64+0xf3/0x230 [ 68.638678][ T5325] ? clear_bhb_loop+0x35/0x90 [ 68.638692][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.638706][ T5325] RIP: 0033:0x7f14cf18d169 [ 68.638716][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.638725][ T5325] RSP: 002b:00007f14cb5f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 68.638737][ T5325] RAX: ffffffffffffffda RBX: 00007f14cf3a5fa0 RCX: 00007f14cf18d169 [ 68.638744][ T5325] RDX: 00004000000002c0 RSI: 0000400000000240 RDI: 0000400000000280 [ 68.638751][ T5325] RBP: 00007f14cf20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 68.638758][ T5325] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000 [ 68.638764][ T5325] R13: 0000000000000000 R14: 00007f14cf3a5fa0 R15: 00007ffdb6225a08 [ 68.638772][ T5325] [ 68.638776][ T5325] [ 68.802364][ T5325] Allocated by task 5325: [ 68.804153][ T5325] kasan_save_track+0x3f/0x80 [ 68.806137][ T5325] __kasan_kmalloc+0x98/0xb0 [ 68.808034][ T5325] __kmalloc_noprof+0x285/0x4c0 [ 68.809975][ T5325] __hfs_bnode_create+0xf8/0x770 [ 68.812023][ T5325] hfsplus_bnode_find+0x22b/0xe40 [ 68.814107][ T5325] hfsplus_brec_find+0x183/0x570 [ 68.816184][ T5325] hfsplus_attr_exists+0x15f/0x1d0 [ 68.818241][ T5325] __hfsplus_setxattr+0x476/0x2310 [ 68.820381][ T5325] hfsplus_setxattr+0x11c/0x180 [ 68.822276][ T5325] hfsplus_trusted_setxattr+0x40/0x60 [ 68.824461][ T5325] __vfs_setxattr+0x468/0x4a0 [ 68.826448][ T5325] __vfs_setxattr_noperm+0x12e/0x660 [ 68.828697][ T5325] vfs_setxattr+0x221/0x430 [ 68.830623][ T5325] filename_setxattr+0x2af/0x430 [ 68.832610][ T5325] path_setxattrat+0x440/0x510 [ 68.834712][ T5325] __x64_sys_setxattr+0xbc/0xe0 [ 68.836774][ T5325] do_syscall_64+0xf3/0x230 [ 68.838773][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.841372][ T5325] [ 68.842433][ T5325] The buggy address belongs to the object at ffff888033c12900 [ 68.842433][ T5325] which belongs to the cache kmalloc-192 of size 192 [ 68.848053][ T5325] The buggy address is located 8 bytes to the right of [ 68.848053][ T5325] allocated 152-byte region [ffff888033c12900, ffff888033c12998) [ 68.853804][ T5325] [ 68.854790][ T5325] The buggy address belongs to the physical page: [ 68.857227][ T5325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33c12 [ 68.860512][ T5325] anon flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 68.863492][ T5325] page_type: f5(slab) [ 68.865104][ T5325] raw: 04fff00000000000 ffff88801b0413c0 0000000000000000 dead000000000001 [ 68.868529][ T5325] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 68.872018][ T5325] page dumped because: kasan: bad access detected [ 68.874672][ T5325] page_owner tracks the page as allocated [ 68.877115][ T5325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 7449155796, free_ts 0 [ 68.884053][ T5325] post_alloc_hook+0x1f4/0x240 [ 68.886015][ T5325] get_page_from_freelist+0x365c/0x37a0 [ 68.888241][ T5325] __alloc_frozen_pages_noprof+0x292/0x710 [ 68.890615][ T5325] alloc_pages_mpol+0x311/0x660 [ 68.892624][ T5325] allocate_slab+0x8f/0x3a0 [ 68.894461][ T5325] ___slab_alloc+0xc27/0x14a0 [ 68.896365][ T5325] __slab_alloc+0x58/0xa0 [ 68.898189][ T5325] __kmalloc_cache_noprof+0x27b/0x390 [ 68.900398][ T5325] call_usermodehelper_setup+0x8e/0x270 [ 68.902567][ T5325] kobject_uevent_env+0x680/0x8e0 [ 68.904643][ T5325] tty_register_device_attr+0x583/0x960 [ 68.906980][ T5325] tty_register_driver+0x5f6/0xc30 [ 68.909070][ T5325] legacy_pty_init+0x3c7/0x610 [ 68.910982][ T5325] pty_init+0xe/0x20 [ 68.912570][ T5325] do_one_initcall+0x248/0x930 [ 68.914511][ T5325] do_initcall_level+0x157/0x210 [ 68.916540][ T5325] page_owner free stack trace missing [ 68.918681][ T5325] [ 68.919656][ T5325] Memory state around the buggy address: [ 68.921917][ T5325] ffff888033c12880: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.925119][ T5325] ffff888033c12900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.928388][ T5325] >ffff888033c12980: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.931577][ T5325] ^ [ 68.933556][ T5325] ffff888033c12a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.936646][ T5325] ffff888033c12a80: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc [ 68.939979][ T5325] ================================================================== [ 68.970270][ T5325] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.973146][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.14.0-rc5-syzkaller-00268-g1110ce6a1e34 #0 [ 68.977016][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.981419][ T5325] Call Trace: [ 68.982861][ T5325] [ 68.984147][ T5325] dump_stack_lvl+0x241/0x360 [ 68.986142][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.988303][ T5325] ? __pfx__printk+0x10/0x10 [ 68.990310][ T5325] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 68.992795][ T5325] ? vscnprintf+0x5d/0x90 [ 68.994531][ T5325] panic+0x349/0x880 [ 68.996097][ T5325] ? check_panic_on_warn+0x21/0xb0 [ 68.998180][ T5325] ? __pfx_panic+0x10/0x10 [ 69.000054][ T5325] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 69.002484][ T5325] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.005156][ T5325] check_panic_on_warn+0x86/0xb0 [ 69.007155][ T5325] ? hfsplus_bnode_read+0xc1/0x1e0 [ 69.009155][ T5325] end_report+0x77/0x160 [ 69.010877][ T5325] kasan_report+0x154/0x180 [ 69.012715][ T5325] ? block_dirty_folio+0x15d/0x1e0 [ 69.014791][ T5325] ? hfsplus_bnode_read+0xc1/0x1e0 [ 69.016824][ T5325] hfsplus_bnode_read+0xc1/0x1e0 [ 69.018869][ T5325] hfsplus_bnode_dump+0x289/0x6a0 [ 69.020934][ T5325] ? block_dirty_folio+0x167/0x1e0 [ 69.023056][ T5325] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 69.025330][ T5325] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 69.027645][ T5325] ? hfsplus_bnode_move+0x2da/0x900 [ 69.029741][ T5325] ? __mark_inode_dirty+0x3db/0xe90 [ 69.031861][ T5325] hfsplus_brec_remove+0x42c/0x4f0 [ 69.033859][ T5325] __hfsplus_delete_attr+0x275/0x450 [ 69.036028][ T5325] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 69.038449][ T5325] ? hfsplus_attr_build_key+0xef/0x260 [ 69.040680][ T5325] hfsplus_delete_attr+0x25b/0x2f0 [ 69.042745][ T5325] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 69.045005][ T5325] ? hfsplus_find_init+0x85/0x1c0 [ 69.046981][ T5325] ? hfsplus_find_init+0x14a/0x1c0 [ 69.048966][ T5325] __hfsplus_setxattr+0x4ad/0x2310 [ 69.051057][ T5325] ? kernel_text_address+0xa7/0xe0 [ 69.053110][ T5325] ? arch_stack_walk+0xfd/0x150 [ 69.055233][ T5325] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 69.057459][ T5325] ? stack_trace_save+0x118/0x1d0 [ 69.059517][ T5325] ? __pfx_stack_trace_save+0x10/0x10 [ 69.061751][ T5325] ? __kasan_kmalloc+0x98/0xb0 [ 69.063756][ T5325] hfsplus_setxattr+0x11c/0x180 [ 69.065774][ T5325] hfsplus_trusted_setxattr+0x40/0x60 [ 69.068104][ T5325] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 69.070718][ T5325] __vfs_setxattr+0x468/0x4a0 [ 69.072674][ T5325] __vfs_setxattr_noperm+0x12e/0x660 [ 69.074898][ T5325] vfs_setxattr+0x221/0x430 [ 69.076850][ T5325] ? __pfx_vfs_setxattr+0x10/0x10 [ 69.078949][ T5325] filename_setxattr+0x2af/0x430 [ 69.080986][ T5325] ? __phys_addr_symbol+0x2f/0x70 [ 69.082870][ T5325] ? __pfx_filename_setxattr+0x10/0x10 [ 69.084877][ T5325] ? getname_flags+0x1e3/0x540 [ 69.086695][ T5325] path_setxattrat+0x440/0x510 [ 69.088558][ T5325] ? __pfx_path_setxattrat+0x10/0x10 [ 69.090544][ T5325] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.093071][ T5325] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.095668][ T5325] __x64_sys_setxattr+0xbc/0xe0 [ 69.097876][ T5325] do_syscall_64+0xf3/0x230 [ 69.099830][ T5325] ? clear_bhb_loop+0x35/0x90 [ 69.101806][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.104251][ T5325] RIP: 0033:0x7f14cf18d169 [ 69.106082][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.113684][ T5325] RSP: 002b:00007f14cb5f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 69.116952][ T5325] RAX: ffffffffffffffda RBX: 00007f14cf3a5fa0 RCX: 00007f14cf18d169 [ 69.120014][ T5325] RDX: 00004000000002c0 RSI: 0000400000000240 RDI: 0000400000000280 [ 69.123066][ T5325] RBP: 00007f14cf20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 69.126359][ T5325] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000 [ 69.129557][ T5325] R13: 0000000000000000 R14: 00007f14cf3a5fa0 R15: 00007ffdb6225a08 [ 69.133049][ T5325] [ 69.134676][ T5325] Kernel Offset: disabled [ 69.136532][ T5325] Rebooting in 86400 seconds..