program: syz_usb_connect$cdc_ecm(0x3, 0x56, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0xc0, 0x7d, [{{0x9, 0x4, 0x0, 0xfe, 0x16, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x0, 0x8, 0x7f, 0x81}}], {{0x9, 0x5, 0x82, 0x2, 0x260, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x10}}}}}]}}]}}, 0x0) socket(0x10, 0x803, 0x0) (async) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0, 0x68}}, 0x0) (async) sendmsg$nl_route_sched(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0, 0x68}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) (async) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000206050000000000000000000000000005000400000000000900020066797a30000000001c00078008000840000067b8080006400000010008001340fffffff7050005000000000005000100060000000d000300686173683a6d6163"], 0x64}}, 0x0) (async) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000206050000000000000000000000000005000400000000000900020066797a30000000001c00078008000840000067b8080006400000010008001340fffffff7050005000000000005000100060000000d000300686173683a6d6163"], 0x64}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xfffffffffffffeba, 0x3, {0x5, 0x2, 0x80000001}}}}]}, 0x44}}, 0x4040010) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xfff3}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_EMATCHES={0x20, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4}}]}]}}]}, 0x54}}, 0x4000010) socket$netlink(0x10, 0x3, 0x0) (async) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x10000001d, 0x60a0c1) socket$alg(0x26, 0x5, 0x0) (async) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept4(r5, &(0x7f0000000000)=@rc={0x1f, @none}, 0x0, 0x0) bind$alg(r5, &(0x7f00000005c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0xfe, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) (async) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$security_capability(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f00000003c0)=@v3={0x3000000, [{0x9, 0x9}, {0xffff, 0xffffffff}]}, 0x18, 0x1) syz_usb_connect$uac1(0x7, 0xb3, &(0x7f0000000080)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x0, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa1, 0x3, 0x1, 0x9, 0xa0, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xf21f, 0xb}, [@mixer_unit={0xa, 0x24, 0x4, 0x1, 0x45, "c47535c2bc"}, @extension_unit={0x7, 0x24, 0x8, 0x2, 0x1, 0x6}, @feature_unit={0xd, 0x24, 0x6, 0x2, 0x3, 0x3, [0x7, 0x7, 0x2], 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x9, 0x7, 0x1001}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x1, 0xd, 0x77, {0x7, 0x25, 0x1, 0x2, 0x8, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x5, 0x1, 0xb, 0x81, "9cd5f8"}, @as_header={0x7, 0x24, 0x1, 0x6, 0xc, 0x1002}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xe5, 0x3, 0x7f, 0x1, "57d6", "cf"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x93, 0x4, 0x0, {0x7, 0x25, 0x1, 0x1, 0x5, 0x1ca8}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x201, 0x1, 0xf8, 0x4, 0x40}, 0x1a, &(0x7f00000001c0)={0x5, 0xf, 0x1a, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x1, 0x6, 0xfa26}, @wireless={0xb, 0x10, 0x1, 0x4, 0x1, 0x80, 0x9, 0x4, 0x8}]}, 0x7, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1404}}, {0x4, &(0x7f0000000280)=@lang_id={0x4}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x40e}}, {0x33, &(0x7f0000000300)=@string={0x33, 0x3, "b7feffaff889f85fe791bc7f82fe83996c029eaadf0e091a4e4248b26bdf1d0e8ad25c2de61ebc6c3e2b2a3ea76db3b7d1"}}, {0x52, &(0x7f0000000340)=@string={0x52, 0x3, "281b8fc2a17b768d5dbd69d72ead2ba13e21f429d77c5981274f35768b4c5391efbfaad7eb227831336e2067b85ea0f17248f65f828b08265ddf8dcee104d5a7c0035d64531a1c5715f53fb9ceb41b68"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x40b}}, {0x89, &(0x7f0000000400)=@string={0x89, 0x3, "6a0253b032188887f1653086b9aeb1aa65b75bd00927b66c6f681fd4c2e0898320b799b8cca43e0ce5f4197375b25a8d037f039e61135b602452138e03cb517b46eb1ff8614099a4dbfe1fe7e56cc214299ebcd87880845152e1b6dd84fde48954f28f34b543c0b1835941b3c3897d77e6b7457336b99e428db9bd1ab2fc7f2967f71f82fa7999"}}]}) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)=@usbdevfs_connect) [ 85.359985][ T5319] Bluetooth: hci0: command tx timeout [ 85.680808][ T5334] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 85.829823][ T5334] usb 5-1: Using ep0 maxpacket: 32 [ 85.835258][ T5334] usb 5-1: config 1 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 85.840604][ T5334] usb 5-1: config 1 interface 0 altsetting 254 bulk endpoint 0x82 has invalid maxpacket 608 [ 85.845024][ T5334] usb 5-1: config 1 interface 0 altsetting 254 bulk endpoint 0x3 has invalid maxpacket 16 [ 85.849180][ T5334] usb 5-1: config 1 interface 0 altsetting 254 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 85.855409][ T5334] usb 5-1: config 1 interface 0 has no altsetting 0 [ 85.860725][ T5334] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 85.864737][ T5334] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 85.868714][ T5334] usb 5-1: SerialNumber: syz [ 85.882562][ T5344] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 85.886058][ T5344] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 85.892261][ T5334] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 85.896146][ T5334] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -12 [ 86.117205][ T5344] Zero length message leads to an empty skb [ 86.130472][ T5345] loop0: detected capacity change from 0 to 1024 [ 86.182866][ T5345] hfsplus: request for non-existent node 134217728 in B*Tree [ 86.186038][ T5345] hfsplus: request for non-existent node 134217728 in B*Tree [ 86.191537][ T5344] ================================================================== [ 86.194959][ T5344] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0 [ 86.198279][ T5344] Read of size 8 at addr ffff88803310e298 by task syz.0.0/5344 [ 86.201478][ T5344] [ 86.202506][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) [ 86.202520][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.202527][ T5344] Call Trace: [ 86.202534][ T5344] [ 86.202540][ T5344] dump_stack_lvl+0x189/0x250 [ 86.202557][ T5344] ? __virt_addr_valid+0x1c8/0x5c0 [ 86.202570][ T5344] ? rcu_is_watching+0x15/0xb0 [ 86.202581][ T5344] ? __kasan_check_byte+0x12/0x40 [ 86.202594][ T5344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.202604][ T5344] ? rcu_is_watching+0x15/0xb0 [ 86.202615][ T5344] ? lock_release+0x4b/0x3e0 [ 86.202626][ T5344] ? __virt_addr_valid+0x1c8/0x5c0 [ 86.202637][ T5344] ? __virt_addr_valid+0x4a5/0x5c0 [ 86.202649][ T5344] print_report+0xca/0x230 [ 86.202659][ T5344] ? hfsplus_bnode_read+0xc0/0x2a0 [ 86.202669][ T5344] kasan_report+0x118/0x150 [ 86.202681][ T5344] ? hfsplus_bnode_read+0xc0/0x2a0 [ 86.202692][ T5344] hfsplus_bnode_read+0xc0/0x2a0 [ 86.202703][ T5344] hfsplus_bnode_dump+0x300/0x450 [ 86.202714][ T5344] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 86.202724][ T5344] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 86.202734][ T5344] ? hfsplus_bnode_move+0x393/0xb90 [ 86.202745][ T5344] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 86.202756][ T5344] hfsplus_brec_remove+0x480/0x550 [ 86.202771][ T5344] __hfsplus_delete_attr+0x1d4/0x360 [ 86.202784][ T5344] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 86.202797][ T5344] ? hfsplus_attr_build_key+0xee/0x260 [ 86.202809][ T5344] hfsplus_delete_attr+0x231/0x2d0 [ 86.202822][ T5344] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 86.202835][ T5344] ? hfsplus_find_init+0x8c/0x1d0 [ 86.202846][ T5344] ? hfsplus_find_init+0x15a/0x1d0 [ 86.202857][ T5344] __hfsplus_setxattr+0x37a/0x1f40 [ 86.202871][ T5344] ? is_bpf_text_address+0x26/0x2b0 [ 86.202882][ T5344] ? kernel_text_address+0xa5/0xe0 [ 86.202891][ T5344] ? unwind_get_return_address+0x4d/0x90 [ 86.202902][ T5344] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 86.202915][ T5344] ? arch_stack_walk+0xfc/0x150 [ 86.202927][ T5344] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 86.202941][ T5344] ? stack_trace_save+0x9c/0xe0 [ 86.202968][ T5344] ? __kasan_kmalloc+0x93/0xb0 [ 86.202979][ T5344] ? hfsplus_setxattr+0x102/0x180 [ 86.202991][ T5344] hfsplus_setxattr+0x11e/0x180 [ 86.203003][ T5344] hfsplus_trusted_setxattr+0x40/0x60 [ 86.203016][ T5344] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 86.203028][ T5344] __vfs_setxattr+0x43c/0x480 [ 86.203043][ T5344] __vfs_setxattr_noperm+0x12d/0x660 [ 86.203057][ T5344] vfs_setxattr+0x16b/0x2f0 [ 86.203071][ T5344] ? __pfx_vfs_setxattr+0x10/0x10 [ 86.203081][ T5344] ? mnt_get_write_access+0x223/0x2a0 [ 86.203092][ T5344] filename_setxattr+0x274/0x600 [ 86.203110][ T5344] ? __pfx_filename_setxattr+0x10/0x10 [ 86.203124][ T5344] ? getname_flags+0x1e5/0x540 [ 86.203136][ T5344] path_setxattrat+0x364/0x3a0 [ 86.203155][ T5344] ? __pfx_path_setxattrat+0x10/0x10 [ 86.203176][ T5344] ? rcu_is_watching+0x15/0xb0 [ 86.203188][ T5344] __x64_sys_setxattr+0xbc/0xe0 [ 86.203202][ T5344] do_syscall_64+0xfa/0x3b0 [ 86.203261][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.203272][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.203281][ T5344] ? clear_bhb_loop+0x60/0xb0 [ 86.203292][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.203302][ T5344] RIP: 0033:0x7f8a48f8e9a9 [ 86.203314][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.203322][ T5344] RSP: 002b:00007f8a49e27038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 86.203334][ T5344] RAX: ffffffffffffffda RBX: 00007f8a491b5fa0 RCX: 00007f8a48f8e9a9 [ 86.203341][ T5344] RDX: 0000200000001400 RSI: 00002000000001c0 RDI: 0000200000000200 [ 86.203347][ T5344] RBP: 00007f8a49010d69 R08: 0000000000000000 R09: 0000000000000000 [ 86.203353][ T5344] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000 [ 86.203359][ T5344] R13: 0000000000000000 R14: 00007f8a491b5fa0 R15: 00007fff1f197898 [ 86.203369][ T5344] [ 86.203373][ T5344] [ 86.370007][ T5344] Allocated by task 5344: [ 86.371717][ T5344] kasan_save_track+0x3e/0x80 [ 86.373771][ T5344] __kasan_kmalloc+0x93/0xb0 [ 86.375834][ T5344] __kmalloc_noprof+0x27a/0x4f0 [ 86.377937][ T5344] __hfs_bnode_create+0xf3/0x810 [ 86.380019][ T5344] hfsplus_bnode_find+0x224/0xd20 [ 86.381990][ T5344] hfsplus_brec_find+0x15c/0x500 [ 86.383977][ T5344] hfsplus_attr_exists+0x163/0x1d0 [ 86.386056][ T5344] __hfsplus_setxattr+0x33e/0x1f40 [ 86.388246][ T5344] hfsplus_setxattr+0x11e/0x180 [ 86.390332][ T5344] hfsplus_trusted_setxattr+0x40/0x60 [ 86.392660][ T5344] __vfs_setxattr+0x43c/0x480 [ 86.394634][ T5344] __vfs_setxattr_noperm+0x12d/0x660 [ 86.396955][ T5344] vfs_setxattr+0x16b/0x2f0 [ 86.398831][ T5344] filename_setxattr+0x274/0x600 [ 86.400723][ T5344] path_setxattrat+0x364/0x3a0 [ 86.402659][ T5344] __x64_sys_setxattr+0xbc/0xe0 [ 86.404768][ T5344] do_syscall_64+0xfa/0x3b0 [ 86.406742][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.409277][ T5344] [ 86.410325][ T5344] The buggy address belongs to the object at ffff88803310e200 [ 86.410325][ T5344] which belongs to the cache kmalloc-192 of size 192 [ 86.415803][ T5344] The buggy address is located 0 bytes to the right of [ 86.415803][ T5344] allocated 152-byte region [ffff88803310e200, ffff88803310e298) [ 86.421584][ T5344] [ 86.422682][ T5344] The buggy address belongs to the physical page: [ 86.425413][ T5344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3310e [ 86.428944][ T5344] ksm flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 86.432200][ T5344] page_type: f5(slab) [ 86.433919][ T5344] raw: 04fff00000000000 ffff88801a4413c0 ffffea0000d5f2c0 dead000000000003 [ 86.437201][ T5344] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 86.440730][ T5344] page dumped because: kasan: bad access detected [ 86.443579][ T5344] page_owner tracks the page as allocated [ 86.445904][ T5344] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 10314254519, free_ts 0 [ 86.453284][ T5344] post_alloc_hook+0x240/0x2a0 [ 86.455398][ T5344] get_page_from_freelist+0x21e4/0x22c0 [ 86.457682][ T5344] __alloc_frozen_pages_noprof+0x181/0x370 [ 86.460211][ T5344] alloc_pages_mpol+0x232/0x4a0 [ 86.462502][ T5344] allocate_slab+0x8a/0x3b0 [ 86.464507][ T5344] ___slab_alloc+0xbfc/0x1480 [ 86.466618][ T5344] __kmalloc_cache_noprof+0x296/0x3d0 [ 86.469035][ T5344] call_usermodehelper_setup+0x8e/0x270 [ 86.471296][ T5344] kobject_uevent_env+0x65c/0x8c0 [ 86.473291][ T5344] tty_register_device_attr+0x541/0x8f0 [ 86.475584][ T5344] tty_register_driver+0x5a8/0xb20 [ 86.477842][ T5344] legacy_pty_init+0x3d1/0x620 [ 86.480094][ T5344] pty_init+0xe/0x20 [ 86.482151][ T5344] do_one_initcall+0x233/0x820 [ 86.484787][ T5344] do_initcall_level+0x137/0x1f0 [ 86.487418][ T5344] do_initcalls+0x69/0xd0 [ 86.489681][ T5344] page_owner free stack trace missing [ 86.492639][ T5344] [ 86.493993][ T5344] Memory state around the buggy address: [ 86.497120][ T5344] ffff88803310e180: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.500897][ T5344] ffff88803310e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.504601][ T5344] >ffff88803310e280: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.507806][ T5344] ^ [ 86.509757][ T5344] ffff88803310e300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.512934][ T5344] ffff88803310e380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 86.516377][ T5344] ================================================================== [ 86.546278][ T5344] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 86.549342][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) [ 86.554297][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.558582][ T5344] Call Trace: [ 86.560035][ T5344] [ 86.561302][ T5344] dump_stack_lvl+0x99/0x250 [ 86.563386][ T5344] ? __asan_memcpy+0x40/0x70 [ 86.565414][ T5344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.567503][ T5344] ? __pfx__printk+0x10/0x10 [ 86.569305][ T5344] panic+0x2db/0x790 [ 86.570950][ T5344] ? __pfx_preempt_schedule+0x10/0x10 [ 86.573121][ T5344] ? __pfx_panic+0x10/0x10 [ 86.574852][ T5344] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 86.577379][ T5344] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.579957][ T5344] ? hfsplus_bnode_read+0xc0/0x2a0 [ 86.581836][ T5344] check_panic_on_warn+0x89/0xb0 [ 86.583800][ T5344] ? hfsplus_bnode_read+0xc0/0x2a0 [ 86.585826][ T5344] end_report+0x78/0x160 [ 86.587542][ T5344] kasan_report+0x129/0x150 [ 86.589600][ T5344] ? hfsplus_bnode_read+0xc0/0x2a0 [ 86.591768][ T5344] hfsplus_bnode_read+0xc0/0x2a0 [ 86.593917][ T5344] hfsplus_bnode_dump+0x300/0x450 [ 86.597117][ T5344] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 86.599741][ T5344] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 86.602095][ T5344] ? hfsplus_bnode_move+0x393/0xb90 [ 86.604429][ T5344] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 86.606905][ T5344] hfsplus_brec_remove+0x480/0x550 [ 86.609237][ T5344] __hfsplus_delete_attr+0x1d4/0x360 [ 86.611593][ T5344] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 86.614172][ T5344] ? hfsplus_attr_build_key+0xee/0x260 [ 86.616470][ T5344] hfsplus_delete_attr+0x231/0x2d0 [ 86.618599][ T5344] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 86.620457][ T5344] ? hfsplus_find_init+0x8c/0x1d0 [ 86.622102][ T5344] ? hfsplus_find_init+0x15a/0x1d0 [ 86.624601][ T5344] __hfsplus_setxattr+0x37a/0x1f40 [ 86.626994][ T5344] ? is_bpf_text_address+0x26/0x2b0 [ 86.629313][ T5344] ? kernel_text_address+0xa5/0xe0 [ 86.631748][ T5344] ? unwind_get_return_address+0x4d/0x90 [ 86.634245][ T5344] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 86.636984][ T5344] ? arch_stack_walk+0xfc/0x150 [ 86.639058][ T5344] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 86.641277][ T5344] ? stack_trace_save+0x9c/0xe0 [ 86.643347][ T5344] ? __kasan_kmalloc+0x93/0xb0 [ 86.645397][ T5344] ? hfsplus_setxattr+0x102/0x180 [ 86.647654][ T5344] hfsplus_setxattr+0x11e/0x180 [ 86.649794][ T5344] hfsplus_trusted_setxattr+0x40/0x60 [ 86.652117][ T5344] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 86.654861][ T5344] __vfs_setxattr+0x43c/0x480 [ 86.657015][ T5344] __vfs_setxattr_noperm+0x12d/0x660 [ 86.659446][ T5344] vfs_setxattr+0x16b/0x2f0 [ 86.661190][ T5344] ? __pfx_vfs_setxattr+0x10/0x10 [ 86.663323][ T5344] ? mnt_get_write_access+0x223/0x2a0 [ 86.665521][ T5344] filename_setxattr+0x274/0x600 [ 86.667487][ T5344] ? __pfx_filename_setxattr+0x10/0x10 [ 86.669782][ T5344] ? getname_flags+0x1e5/0x540 [ 86.671903][ T5344] path_setxattrat+0x364/0x3a0 [ 86.674122][ T5344] ? __pfx_path_setxattrat+0x10/0x10 [ 86.676564][ T5344] ? rcu_is_watching+0x15/0xb0 [ 86.678509][ T5344] __x64_sys_setxattr+0xbc/0xe0 [ 86.680502][ T5344] do_syscall_64+0xfa/0x3b0 [ 86.682442][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.684614][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.686938][ T5344] ? clear_bhb_loop+0x60/0xb0 [ 86.688846][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.691316][ T5344] RIP: 0033:0x7f8a48f8e9a9 [ 86.693120][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.700763][ T5344] RSP: 002b:00007f8a49e27038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 86.704357][ T5344] RAX: ffffffffffffffda RBX: 00007f8a491b5fa0 RCX: 00007f8a48f8e9a9 [ 86.707674][ T5344] RDX: 0000200000001400 RSI: 00002000000001c0 RDI: 0000200000000200 [ 86.711116][ T5344] RBP: 00007f8a49010d69 R08: 0000000000000000 R09: 0000000000000000 [ 86.714758][ T5344] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000 [ 86.718289][ T5344] R13: 0000000000000000 R14: 00007f8a491b5fa0 R15: 00007fff1f197898 [ 86.721601][ T5344] [ 86.723415][ T5344] Kernel Offset: disabled [ 86.725402][ T5344] Rebooting in 86400 seconds..