general protection fault, probably for non-canonical address 0xffe72898192e6fff: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: maybe wild-memory-access in range [0xff3964c0c9737ff8-0xff3964c0c9737fff] CPU: 1 PID: 6936 Comm: syz-executor.1 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:memcpy_orig+0x115/0x140 arch/x86/lib/memcpy_64.S:160 Code: 0f 1f 44 00 00 83 fa 04 72 1b 8b 0e 44 8b 44 16 fc 89 0f 44 89 44 17 fc c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 83 ea 01 72 19 <0f> b6 0e 74 12 4c 0f b6 46 01 4c 0f b6 0c 16 44 88 47 01 44 88 0c RSP: 0018:ffffc900039df170 EFLAGS: 00010246 RAX: ffffc900039df208 RBX: 0000000000000fff RCX: ffffffff826aea57 RDX: 0000000000000000 RSI: ffe72898192e6fff RDI: ffffc900039df208 RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000001000 R10: 0000000000001000 R11: 0000000000000004 R12: 0000000000001000 R13: 0000000000000001 R14: 0000000000000001 R15: ffff8880173b8f00 FS: 00007f8ac3b4f6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5c5e259d58 CR3: 0000000055bd0000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: memcpy_from_page include/linux/highmem.h:417 [inline] hfsplus_bnode_read+0x100/0x240 fs/hfsplus/bnode.c:32 hfsplus_bnode_read_u16 fs/hfsplus/bnode.c:45 [inline] hfsplus_bnode_dump+0x2a2/0x3e0 fs/hfsplus/bnode.c:321 hfsplus_brec_remove+0x3e2/0x4f0 fs/hfsplus/brec.c:229 __hfsplus_delete_attr+0x2a2/0x3b0 fs/hfsplus/attributes.c:299 hfsplus_delete_attr+0x27e/0x310 fs/hfsplus/attributes.c:345 __hfsplus_setxattr+0x66f/0x2180 fs/hfsplus/xattr.c:342 hfsplus_setxattr+0x10c/0x180 fs/hfsplus/xattr.c:434 __vfs_setxattr+0x173/0x1e0 fs/xattr.c:200 __vfs_setxattr_noperm+0x127/0x5e0 fs/xattr.c:234 __vfs_setxattr_locked+0x182/0x260 fs/xattr.c:295 vfs_setxattr+0x146/0x350 fs/xattr.c:321 do_setxattr+0x146/0x170 fs/xattr.c:629 setxattr+0x15d/0x180 fs/xattr.c:652 path_setxattr+0x179/0x1e0 fs/xattr.c:671 __do_sys_setxattr fs/xattr.c:687 [inline] __se_sys_setxattr fs/xattr.c:683 [inline] __x64_sys_setxattr+0xc4/0x160 fs/xattr.c:683 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f8ac2e7dd69 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8ac3b4f0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc RAX: ffffffffffffffda RBX: 00007f8ac2fac120 RCX: 00007f8ac2e7dd69 RDX: 0000000020001400 RSI: 00000000200001c0 RDI: 0000000020000200 RBP: 00007f8ac2eca49e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f8ac2fac120 R15: 00007ffcdb66a8a8 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:memcpy_orig+0x115/0x140 arch/x86/lib/memcpy_64.S:160 Code: 0f 1f 44 00 00 83 fa 04 72 1b 8b 0e 44 8b 44 16 fc 89 0f 44 89 44 17 fc c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 83 ea 01 72 19 <0f> b6 0e 74 12 4c 0f b6 46 01 4c 0f b6 0c 16 44 88 47 01 44 88 0c RSP: 0018:ffffc900039df170 EFLAGS: 00010246 RAX: ffffc900039df208 RBX: 0000000000000fff RCX: ffffffff826aea57 RDX: 0000000000000000 RSI: ffe72898192e6fff RDI: ffffc900039df208 RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000001000 R10: 0000000000001000 R11: 0000000000000004 R12: 0000000000001000 R13: 0000000000000001 R14: 0000000000000001 R15: ffff8880173b8f00 FS: 00007f8ac3b4f6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fffbc90cff8 CR3: 0000000055bd0000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 5: 83 fa 04 cmp $0x4,%edx 8: 72 1b jb 0x25 a: 8b 0e mov (%rsi),%ecx c: 44 8b 44 16 fc mov -0x4(%rsi,%rdx,1),%r8d 11: 89 0f mov %ecx,(%rdi) 13: 44 89 44 17 fc mov %r8d,-0x4(%rdi,%rdx,1) 18: c3 ret 19: cc int3 1a: cc int3 1b: cc int3 1c: cc int3 1d: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 24: 00 25: 83 ea 01 sub $0x1,%edx 28: 72 19 jb 0x43 * 2a: 0f b6 0e movzbl (%rsi),%ecx <-- trapping instruction 2d: 74 12 je 0x41 2f: 4c 0f b6 46 01 movzbq 0x1(%rsi),%r8 34: 4c 0f b6 0c 16 movzbq (%rsi,%rdx,1),%r9 39: 44 88 47 01 mov %r8b,0x1(%rdi) 3d: 44 rex.R 3e: 88 .byte 0x88 3f: 0c .byte 0xc