program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08802, &(0x7f0000000140)=ANY=[], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e04003520"], 0x7) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e04003520"], 0x7) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180), &(0x7f00000002c0)=ANY=[], 0xb2, 0x0) (async) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180), &(0x7f00000002c0)=ANY=[], 0xb2, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{}, {0x3, 0xc9, "b2b5dc27f567213b"}}}, 0xf0) r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0xfffffffffffffff7, 0x480000) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) open(&(0x7f0000000340)='./file0\x00', 0x24440, 0x140) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f4060000", @ANYRESOCT=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) (async) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f4060000", @ANYRESOCT=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x40, r2, 0x400, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x3, 0x2e}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x4004000) [ 57.788865][ T5319] loop0: detected capacity change from 0 to 1024 [ 57.842947][ T5321] hfsplus: request for non-existent node 211 in B*Tree [ 57.845796][ T5321] hfsplus: request for non-existent node 211 in B*Tree [ 57.857555][ T5319] ================================================================== [ 57.860742][ T5319] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0 [ 57.863594][ T5319] Read of size 2 at addr 000508800000103e by task syz.0.0/5319 [ 57.866126][ T5319] [ 57.867040][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 57.870967][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 57.875044][ T5319] Call Trace: [ 57.876380][ T5319] [ 57.877527][ T5319] dump_stack_lvl+0x241/0x360 [ 57.879323][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 57.881370][ T5319] ? __pfx__printk+0x10/0x10 [ 57.883153][ T5319] ? _printk+0xd5/0x120 [ 57.884815][ T5319] print_report+0xe8/0x550 [ 57.886586][ T5319] ? __virt_addr_valid+0x58/0x530 [ 57.888508][ T5319] ? hfsplus_bnode_dump+0x403/0xbb0 [ 57.890502][ T5319] kasan_report+0x143/0x180 [ 57.892273][ T5319] ? hfsplus_bnode_dump+0x403/0xbb0 [ 57.894344][ T5319] ? hfsplus_bnode_dump+0x403/0xbb0 [ 57.896408][ T5319] kasan_check_range+0x282/0x290 [ 57.898322][ T5319] ? hfsplus_bnode_dump+0x403/0xbb0 [ 57.900366][ T5319] __asan_memcpy+0x29/0x70 [ 57.902101][ T5319] hfsplus_bnode_dump+0x403/0xbb0 [ 57.903960][ T5319] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 57.906139][ T5319] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 57.908262][ T5319] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10 [ 57.910558][ T5319] ? rcu_is_watching+0x15/0xb0 [ 57.912422][ T5319] ? hfsplus_bnode_move+0x2da/0x910 [ 57.914437][ T5319] ? __mark_inode_dirty+0x3db/0xe90 [ 57.916530][ T5319] hfsplus_brec_remove+0x42c/0x4f0 [ 57.918495][ T5319] __hfsplus_delete_attr+0x275/0x450 [ 57.920521][ T5319] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 57.922757][ T5319] ? hfsplus_find_init+0x85/0x1c0 [ 57.924713][ T5319] hfsplus_delete_attr+0x353/0x4b0 [ 57.926718][ T5319] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 57.928867][ T5319] ? hfsplus_find_init+0x85/0x1c0 [ 57.930812][ T5319] ? hfsplus_find_init+0x14a/0x1c0 [ 57.932774][ T5319] __hfsplus_setxattr+0x4ad/0x22d0 [ 57.934733][ T5319] ? kernel_text_address+0xa7/0xe0 [ 57.936723][ T5319] ? arch_stack_walk+0xfd/0x150 [ 57.938624][ T5319] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 57.940902][ T5319] ? stack_trace_save+0x118/0x1d0 [ 57.942850][ T5319] ? __pfx_stack_trace_save+0x10/0x10 [ 57.944953][ T5319] ? stack_depot_save_flags+0x37/0x940 [ 57.947108][ T5319] ? __kasan_kmalloc+0x98/0xb0 [ 57.948944][ T5319] ? __kmalloc_cache_noprof+0x243/0x390 [ 57.951063][ T5319] ? hfsplus_setxattr+0x68/0xe0 [ 57.952939][ T5319] hfsplus_setxattr+0xb0/0xe0 [ 57.954737][ T5319] hfsplus_trusted_setxattr+0x40/0x60 [ 57.956647][ T5319] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 57.958856][ T5319] __vfs_setxattr+0x468/0x4a0 [ 57.960678][ T5319] __vfs_setxattr_noperm+0x12e/0x660 [ 57.962709][ T5319] vfs_setxattr+0x221/0x430 [ 57.964485][ T5319] ? __pfx_vfs_setxattr+0x10/0x10 [ 57.966423][ T5319] filename_setxattr+0x2af/0x430 [ 57.968271][ T5319] ? __phys_addr_symbol+0x2f/0x70 [ 57.970215][ T5319] ? __pfx_filename_setxattr+0x10/0x10 [ 57.972294][ T5319] ? getname_flags+0x1e3/0x540 [ 57.974153][ T5319] path_setxattrat+0x440/0x510 [ 57.976089][ T5319] ? __pfx_path_setxattrat+0x10/0x10 [ 57.978066][ T5319] ? vfs_write+0x737/0xd30 [ 57.979819][ T5319] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 57.982145][ T5319] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 57.984561][ T5319] __x64_sys_lsetxattr+0xbf/0xe0 [ 57.986502][ T5319] do_syscall_64+0xf3/0x230 [ 57.988254][ T5319] ? clear_bhb_loop+0x35/0x90 [ 57.990041][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.992241][ T5319] RIP: 0033:0x7f6e5697ff19 [ 57.993932][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.001196][ T5319] RSP: 002b:00007f6e5770e058 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 58.004325][ T5319] RAX: ffffffffffffffda RBX: 00007f6e56b45fa0 RCX: 00007f6e5697ff19 [ 58.007417][ T5319] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040 [ 58.010390][ T5319] RBP: 00007f6e569f3cc8 R08: 0000000000000000 R09: 0000000000000000 [ 58.013354][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.016428][ T5319] R13: 0000000000000000 R14: 00007f6e56b45fa0 R15: 00007ffe21a48298 [ 58.019497][ T5319] [ 58.020700][ T5319] ================================================================== [ 58.053202][ T5305] Bluetooth: hci0: unexpected event 0x0b length: 237 > 11 [ 58.055937][ T5319] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.061012][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 58.064745][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.069059][ T5319] Call Trace: [ 58.070540][ T5319] [ 58.071728][ T5319] dump_stack_lvl+0x241/0x360 [ 58.073593][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.075532][ T5319] ? __pfx__printk+0x10/0x10 [ 58.077301][ T5319] ? preempt_schedule+0xe1/0xf0 [ 58.079137][ T5319] ? vscnprintf+0x5d/0x90 [ 58.081252][ T5319] panic+0x349/0x880 [ 58.083066][ T5319] ? check_panic_on_warn+0x21/0xb0 [ 58.085109][ T5319] ? __pfx_panic+0x10/0x10 [ 58.086898][ T5319] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 58.089155][ T5319] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 58.091578][ T5319] ? print_report+0xe8/0x550 [ 58.093356][ T5319] check_panic_on_warn+0x86/0xb0 [ 58.095263][ T5319] ? hfsplus_bnode_dump+0x403/0xbb0 [ 58.097276][ T5319] end_report+0x77/0x160 [ 58.098894][ T5319] kasan_report+0x154/0x180 [ 58.100540][ T5319] ? hfsplus_bnode_dump+0x403/0xbb0 [ 58.102322][ T5319] ? hfsplus_bnode_dump+0x403/0xbb0 [ 58.104161][ T5319] kasan_check_range+0x282/0x290 [ 58.105996][ T5319] ? hfsplus_bnode_dump+0x403/0xbb0 [ 58.107877][ T5319] __asan_memcpy+0x29/0x70 [ 58.109499][ T5319] hfsplus_bnode_dump+0x403/0xbb0 [ 58.111293][ T5319] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 58.113285][ T5319] ? hfsplus_bnode_write_u16+0x9b/0xf0 [ 58.115291][ T5319] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10 [ 58.117568][ T5319] ? rcu_is_watching+0x15/0xb0 [ 58.119475][ T5319] ? hfsplus_bnode_move+0x2da/0x910 [ 58.121640][ T5319] ? __mark_inode_dirty+0x3db/0xe90 [ 58.123792][ T5319] hfsplus_brec_remove+0x42c/0x4f0 [ 58.125693][ T5319] __hfsplus_delete_attr+0x275/0x450 [ 58.127708][ T5319] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 58.130099][ T5319] ? hfsplus_find_init+0x85/0x1c0 [ 58.131992][ T5319] hfsplus_delete_attr+0x353/0x4b0 [ 58.134071][ T5319] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 58.136264][ T5319] ? hfsplus_find_init+0x85/0x1c0 [ 58.138313][ T5319] ? hfsplus_find_init+0x14a/0x1c0 [ 58.140213][ T5319] __hfsplus_setxattr+0x4ad/0x22d0 [ 58.142192][ T5319] ? kernel_text_address+0xa7/0xe0 [ 58.144177][ T5319] ? arch_stack_walk+0xfd/0x150 [ 58.146096][ T5319] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 58.148347][ T5319] ? stack_trace_save+0x118/0x1d0 [ 58.150202][ T5319] ? __pfx_stack_trace_save+0x10/0x10 [ 58.152170][ T5319] ? stack_depot_save_flags+0x37/0x940 [ 58.154233][ T5319] ? __kasan_kmalloc+0x98/0xb0 [ 58.156107][ T5319] ? __kmalloc_cache_noprof+0x243/0x390 [ 58.158102][ T5319] ? hfsplus_setxattr+0x68/0xe0 [ 58.159965][ T5319] hfsplus_setxattr+0xb0/0xe0 [ 58.161742][ T5319] hfsplus_trusted_setxattr+0x40/0x60 [ 58.163710][ T5319] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 58.166013][ T5319] __vfs_setxattr+0x468/0x4a0 [ 58.167733][ T5319] __vfs_setxattr_noperm+0x12e/0x660 [ 58.169548][ T5319] vfs_setxattr+0x221/0x430 [ 58.171283][ T5319] ? __pfx_vfs_setxattr+0x10/0x10 [ 58.173110][ T5319] filename_setxattr+0x2af/0x430 [ 58.174997][ T5319] ? __phys_addr_symbol+0x2f/0x70 [ 58.176862][ T5319] ? __pfx_filename_setxattr+0x10/0x10 [ 58.178841][ T5319] ? getname_flags+0x1e3/0x540 [ 58.180552][ T5319] path_setxattrat+0x440/0x510 [ 58.182290][ T5319] ? __pfx_path_setxattrat+0x10/0x10 [ 58.184234][ T5319] ? vfs_write+0x737/0xd30 [ 58.185986][ T5319] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.188294][ T5319] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.190616][ T5319] __x64_sys_lsetxattr+0xbf/0xe0 [ 58.192454][ T5319] do_syscall_64+0xf3/0x230 [ 58.194161][ T5319] ? clear_bhb_loop+0x35/0x90 [ 58.195911][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.198067][ T5319] RIP: 0033:0x7f6e5697ff19 [ 58.199836][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.206865][ T5319] RSP: 002b:00007f6e5770e058 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 58.209910][ T5319] RAX: ffffffffffffffda RBX: 00007f6e56b45fa0 RCX: 00007f6e5697ff19 [ 58.212758][ T5319] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040 [ 58.216716][ T5319] RBP: 00007f6e569f3cc8 R08: 0000000000000000 R09: 0000000000000000 [ 58.219607][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.222384][ T5319] R13: 0000000000000000 R14: 00007f6e56b45fa0 R15: 00007ffe21a48298 [ 58.225308][ T5319] [ 58.226704][ T5319] Kernel Offset: disabled [ 58.228307][ T5319] Rebooting in 86400 seconds..