program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) write(0xffffffffffffffff, &(0x7f0000000500)="c731b805a3b7e029ffc2c10f6bea182bbe26370beeeca5a093f1e8e5ed29a5b06c2d9c6df77a20ec3dce9b755085e6caa49da748b750e2700e42ccd02103c64f632d7d956c6259f413e24ce4f9aa77b6cd33a3c590f16f419cb6f6233b48a336f71bb55221e1482daeae58e6ae62cc11dd6943396e3cff26727fb5d1c6216da061a5603538d14f1b1ba7153d0876fe28f3a6fcdf6e18eb47f5532b1a3570597819fddf15", 0xa4) lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@abs, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000180)=""/164, 0xa4}, {&(0x7f00000002c0)=""/129, 0x81}], 0x2, &(0x7f0000000440)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xa8}, 0x162) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") (async) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async) write(0xffffffffffffffff, &(0x7f0000000500)="c731b805a3b7e029ffc2c10f6bea182bbe26370beeeca5a093f1e8e5ed29a5b06c2d9c6df77a20ec3dce9b755085e6caa49da748b750e2700e42ccd02103c64f632d7d956c6259f413e24ce4f9aa77b6cd33a3c590f16f419cb6f6233b48a336f71bb55221e1482daeae58e6ae62cc11dd6943396e3cff26727fb5d1c6216da061a5603538d14f1b1ba7153d0876fe28f3a6fcdf6e18eb47f5532b1a3570597819fddf15", 0xa4) (async) lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) (async) recvmsg$unix(r0, &(0x7f00000003c0)={&(0x7f0000000100)=@abs, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000180)=""/164, 0xa4}, {&(0x7f00000002c0)=""/129, 0x81}], 0x2, &(0x7f0000000440)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xa8}, 0x162) (async) [ 85.210020][ T5309] Bluetooth: hci0: command tx timeout [ 85.284443][ T5334] loop0: detected capacity change from 0 to 1024 [ 85.340922][ T5334] hfsplus: request for non-existent node 211 in B*Tree [ 85.343897][ T5334] hfsplus: request for non-existent node 211 in B*Tree [ 85.360091][ T5335] ================================================================== [ 85.363733][ T5335] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0 [ 85.367153][ T5335] Read of size 8 at addr ffff8880356f2ec8 by task syz.0.0/5335 [ 85.370576][ T5335] [ 85.371673][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) [ 85.371688][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.371695][ T5335] Call Trace: [ 85.371702][ T5335] [ 85.371708][ T5335] dump_stack_lvl+0x189/0x250 [ 85.371729][ T5335] ? __kasan_check_byte+0x12/0x40 [ 85.371742][ T5335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.371758][ T5335] ? lock_release+0x4b/0x3e0 [ 85.371774][ T5335] ? __virt_addr_valid+0x4a5/0x5c0 [ 85.371786][ T5335] print_report+0xd2/0x2b0 [ 85.371800][ T5335] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.371814][ T5335] kasan_report+0x118/0x150 [ 85.371825][ T5335] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.371840][ T5335] hfsplus_bnode_read+0xc0/0x2a0 [ 85.371856][ T5335] hfsplus_bnode_dump+0x300/0x450 [ 85.371873][ T5335] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 85.371887][ T5335] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 85.371901][ T5335] ? hfsplus_bnode_move+0x393/0xb90 [ 85.371916][ T5335] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 85.371931][ T5335] hfsplus_brec_remove+0x480/0x550 [ 85.371955][ T5335] __hfsplus_delete_attr+0x1d4/0x360 [ 85.371967][ T5335] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 85.371979][ T5335] ? hfsplus_attr_build_key+0xee/0x260 [ 85.371990][ T5335] hfsplus_delete_attr+0x231/0x2d0 [ 85.372002][ T5335] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 85.372013][ T5335] ? hfsplus_find_init+0x8c/0x1d0 [ 85.372029][ T5335] ? hfsplus_find_init+0x15a/0x1d0 [ 85.372044][ T5335] __hfsplus_setxattr+0x37a/0x1f40 [ 85.372055][ T5335] ? is_bpf_text_address+0x26/0x2b0 [ 85.372072][ T5335] ? kernel_text_address+0xa5/0xe0 [ 85.372086][ T5335] ? unwind_get_return_address+0x4d/0x90 [ 85.372102][ T5335] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 85.372114][ T5335] ? arch_stack_walk+0xfc/0x150 [ 85.372124][ T5335] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 85.372137][ T5335] ? stack_trace_save+0x9c/0xe0 [ 85.372163][ T5335] ? __kasan_kmalloc+0x93/0xb0 [ 85.372173][ T5335] ? hfsplus_setxattr+0x102/0x180 [ 85.372185][ T5335] hfsplus_setxattr+0x11e/0x180 [ 85.372197][ T5335] hfsplus_trusted_setxattr+0x40/0x60 [ 85.372209][ T5335] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 85.372220][ T5335] __vfs_setxattr+0x43c/0x480 [ 85.372234][ T5335] __vfs_setxattr_noperm+0x12d/0x660 [ 85.372246][ T5335] vfs_setxattr+0x16b/0x2f0 [ 85.372258][ T5335] ? __pfx_vfs_setxattr+0x10/0x10 [ 85.372268][ T5335] ? mnt_get_write_access+0x223/0x2a0 [ 85.372285][ T5335] filename_setxattr+0x274/0x600 [ 85.372298][ T5335] ? __pfx_filename_setxattr+0x10/0x10 [ 85.372316][ T5335] ? getname_flags+0x1e5/0x540 [ 85.372328][ T5335] path_setxattrat+0x364/0x3a0 [ 85.372344][ T5335] ? __pfx_path_setxattrat+0x10/0x10 [ 85.372362][ T5335] ? exc_page_fault+0x76/0xf0 [ 85.372429][ T5335] ? do_user_addr_fault+0xc8a/0x1390 [ 85.372445][ T5335] __x64_sys_setxattr+0xbc/0xe0 [ 85.372458][ T5335] do_syscall_64+0xfa/0x3b0 [ 85.372474][ T5335] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.372487][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.372498][ T5335] ? clear_bhb_loop+0x60/0xb0 [ 85.372510][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.372521][ T5335] RIP: 0033:0x7f624778e929 [ 85.372532][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.372542][ T5335] RSP: 002b:00007f6248577038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 85.372555][ T5335] RAX: ffffffffffffffda RBX: 00007f62479b6080 RCX: 00007f624778e929 [ 85.372562][ T5335] RDX: 0000200000001400 RSI: 0000200000000240 RDI: 0000200000000280 [ 85.372570][ T5335] RBP: 00007f6247810b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.372577][ T5335] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000 [ 85.372583][ T5335] R13: 0000000000000001 R14: 00007f62479b6080 R15: 00007ffe1e7d2568 [ 85.372593][ T5335] [ 85.372597][ T5335] [ 85.535295][ T5335] Allocated by task 5334: [ 85.537206][ T5335] kasan_save_track+0x3e/0x80 [ 85.539350][ T5335] __kasan_kmalloc+0x93/0xb0 [ 85.541504][ T5335] __kmalloc_noprof+0x27a/0x4f0 [ 85.543492][ T5335] __hfs_bnode_create+0xf3/0x810 [ 85.546375][ T5335] hfsplus_bnode_find+0x224/0xd20 [ 85.548621][ T5335] hfsplus_brec_find+0x15c/0x500 [ 85.550823][ T5335] hfsplus_attr_exists+0x163/0x1d0 [ 85.553220][ T5335] __hfsplus_setxattr+0x33e/0x1f40 [ 85.555461][ T5335] hfsplus_setxattr+0x11e/0x180 [ 85.557536][ T5335] hfsplus_trusted_setxattr+0x40/0x60 [ 85.559973][ T5335] __vfs_setxattr+0x43c/0x480 [ 85.561990][ T5335] __vfs_setxattr_noperm+0x12d/0x660 [ 85.564135][ T5335] vfs_setxattr+0x16b/0x2f0 [ 85.566056][ T5335] filename_setxattr+0x274/0x600 [ 85.568103][ T5335] path_setxattrat+0x364/0x3a0 [ 85.570214][ T5335] __x64_sys_setxattr+0xbc/0xe0 [ 85.572477][ T5335] do_syscall_64+0xfa/0x3b0 [ 85.574571][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.577208][ T5335] [ 85.578313][ T5335] The buggy address belongs to the object at ffff8880356f2e00 [ 85.578313][ T5335] which belongs to the cache kmalloc-192 of size 192 [ 85.584193][ T5335] The buggy address is located 48 bytes to the right of [ 85.584193][ T5335] allocated 152-byte region [ffff8880356f2e00, ffff8880356f2e98) [ 85.590234][ T5335] [ 85.591340][ T5335] The buggy address belongs to the physical page: [ 85.594940][ T5335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x356f2 [ 85.598889][ T5335] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 85.602148][ T5335] page_type: f5(slab) [ 85.603940][ T5335] raw: 04fff00000000000 ffff88801a4413c0 dead000000000100 dead000000000122 [ 85.607397][ T5335] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 85.611233][ T5335] page dumped because: kasan: bad access detected [ 85.613739][ T5335] page_owner tracks the page as allocated [ 85.615830][ T5335] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1038, tgid 1038 (kworker/u4:6), ts 13171621012, free_ts 13171562740 [ 85.623938][ T5335] post_alloc_hook+0x240/0x2a0 [ 85.626042][ T5335] get_page_from_freelist+0x21e4/0x22c0 [ 85.628600][ T5335] __alloc_frozen_pages_noprof+0x181/0x370 [ 85.631183][ T5335] alloc_pages_mpol+0x232/0x4a0 [ 85.633434][ T5335] allocate_slab+0x8a/0x3b0 [ 85.635501][ T5335] ___slab_alloc+0xbfc/0x1480 [ 85.637523][ T5335] __kmalloc_noprof+0x305/0x4f0 [ 85.639673][ T5335] blk_rq_map_kern+0x2a7/0x650 [ 85.641859][ T5335] scsi_execute_cmd+0x2fb/0x1130 [ 85.644071][ T5335] scsi_report_opcode+0x2e1/0x4d0 [ 85.646206][ T5335] sd_revalidate_disk+0x5cab/0xa7c0 [ 85.648450][ T5335] sd_open+0x204/0x610 [ 85.650077][ T5335] blkdev_get_whole+0x9b/0x510 [ 85.652061][ T5335] bdev_open+0x31e/0xd30 [ 85.653993][ T5335] bdev_file_open_by_dev+0x1be/0x240 [ 85.656368][ T5335] disk_scan_partitions+0x1c1/0x2c0 [ 85.658683][ T5335] page last free pid 1038 tgid 1038 stack trace: [ 85.661157][ T5335] __free_frozen_pages+0xc71/0xe70 [ 85.663275][ T5335] bio_free_pages+0x17a/0x240 [ 85.665177][ T5335] bio_copy_kern_endio_read+0x2c3/0x300 [ 85.667626][ T5335] blk_update_request+0x5eb/0xe70 [ 85.669801][ T5335] scsi_end_request+0x7c/0x830 [ 85.671549][ T5335] scsi_io_completion+0x131/0x390 [ 85.673729][ T5335] ata_scsi_simulate+0x2ffb/0x3b50 [ 85.676062][ T5335] __ata_scsi_queuecmd+0x200/0xf60 [ 85.678303][ T5335] ata_scsi_queuecmd+0x3d4/0x5c0 [ 85.680474][ T5335] scsi_queue_rq+0x1c8e/0x2cc0 [ 85.682506][ T5335] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 85.684896][ T5335] __blk_mq_sched_dispatch_requests+0x350/0x1570 [ 85.687616][ T5335] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 85.690059][ T5335] blk_mq_run_hw_queue+0x404/0x4f0 [ 85.692245][ T5335] blk_execute_rq+0x1d9/0x3f0 [ 85.694279][ T5335] scsi_execute_cmd+0x45a/0x1130 [ 85.696372][ T5335] [ 85.697424][ T5335] Memory state around the buggy address: [ 85.699815][ T5335] ffff8880356f2d80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.703142][ T5335] ffff8880356f2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.706393][ T5335] >ffff8880356f2e80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.709927][ T5335] ^ [ 85.712600][ T5335] ffff8880356f2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.715951][ T5335] ffff8880356f2f80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.719234][ T5335] ================================================================== [ 85.753000][ T5335] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.756037][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) [ 85.761017][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.765237][ T5335] Call Trace: [ 85.766679][ T5335] [ 85.767941][ T5335] dump_stack_lvl+0x99/0x250 [ 85.769867][ T5335] ? __asan_memcpy+0x40/0x70 [ 85.771794][ T5335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.773868][ T5335] ? __pfx__printk+0x10/0x10 [ 85.775841][ T5335] panic+0x2db/0x790 [ 85.777437][ T5335] ? __pfx_preempt_schedule+0x10/0x10 [ 85.779781][ T5335] ? __pfx_panic+0x10/0x10 [ 85.781784][ T5335] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 85.784258][ T5335] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.786910][ T5335] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.789026][ T5335] check_panic_on_warn+0x89/0xb0 [ 85.791173][ T5335] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.793166][ T5335] end_report+0x78/0x160 [ 85.794948][ T5335] kasan_report+0x129/0x150 [ 85.796775][ T5335] ? hfsplus_bnode_read+0xc0/0x2a0 [ 85.798926][ T5335] hfsplus_bnode_read+0xc0/0x2a0 [ 85.801024][ T5335] hfsplus_bnode_dump+0x300/0x450 [ 85.803041][ T5335] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 85.805258][ T5335] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 85.807359][ T5335] ? hfsplus_bnode_move+0x393/0xb90 [ 85.809375][ T5335] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 85.811477][ T5335] hfsplus_brec_remove+0x480/0x550 [ 85.813666][ T5335] __hfsplus_delete_attr+0x1d4/0x360 [ 85.815745][ T5335] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 85.818037][ T5335] ? hfsplus_attr_build_key+0xee/0x260 [ 85.820323][ T5335] hfsplus_delete_attr+0x231/0x2d0 [ 85.822297][ T5335] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 85.824491][ T5335] ? hfsplus_find_init+0x8c/0x1d0 [ 85.826203][ T5335] ? hfsplus_find_init+0x15a/0x1d0 [ 85.828243][ T5335] __hfsplus_setxattr+0x37a/0x1f40 [ 85.830247][ T5335] ? is_bpf_text_address+0x26/0x2b0 [ 85.832276][ T5335] ? kernel_text_address+0xa5/0xe0 [ 85.834029][ T5335] ? unwind_get_return_address+0x4d/0x90 [ 85.836369][ T5335] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 85.838941][ T5335] ? arch_stack_walk+0xfc/0x150 [ 85.840912][ T5335] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 85.843054][ T5335] ? stack_trace_save+0x9c/0xe0 [ 85.844899][ T5335] ? __kasan_kmalloc+0x93/0xb0 [ 85.846697][ T5335] ? hfsplus_setxattr+0x102/0x180 [ 85.848726][ T5335] hfsplus_setxattr+0x11e/0x180 [ 85.850851][ T5335] hfsplus_trusted_setxattr+0x40/0x60 [ 85.853264][ T5335] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 85.855687][ T5335] __vfs_setxattr+0x43c/0x480 [ 85.857410][ T5335] __vfs_setxattr_noperm+0x12d/0x660 [ 85.859244][ T5335] vfs_setxattr+0x16b/0x2f0 [ 85.861094][ T5335] ? __pfx_vfs_setxattr+0x10/0x10 [ 85.863113][ T5335] ? mnt_get_write_access+0x223/0x2a0 [ 85.865312][ T5335] filename_setxattr+0x274/0x600 [ 85.867156][ T5335] ? __pfx_filename_setxattr+0x10/0x10 [ 85.869247][ T5335] ? getname_flags+0x1e5/0x540 [ 85.871195][ T5335] path_setxattrat+0x364/0x3a0 [ 85.873103][ T5335] ? __pfx_path_setxattrat+0x10/0x10 [ 85.875094][ T5335] ? exc_page_fault+0x76/0xf0 [ 85.876865][ T5335] ? do_user_addr_fault+0xc8a/0x1390 [ 85.879030][ T5335] __x64_sys_setxattr+0xbc/0xe0 [ 85.881076][ T5335] do_syscall_64+0xfa/0x3b0 [ 85.882856][ T5335] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.884920][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.887302][ T5335] ? clear_bhb_loop+0x60/0xb0 [ 85.889171][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.891499][ T5335] RIP: 0033:0x7f624778e929 [ 85.893288][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.900777][ T5335] RSP: 002b:00007f6248577038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 85.904340][ T5335] RAX: ffffffffffffffda RBX: 00007f62479b6080 RCX: 00007f624778e929 [ 85.907452][ T5335] RDX: 0000200000001400 RSI: 0000200000000240 RDI: 0000200000000280 [ 85.911014][ T5335] RBP: 00007f6247810b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.914357][ T5335] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000 [ 85.917579][ T5335] R13: 0000000000000001 R14: 00007f62479b6080 R15: 00007ffe1e7d2568 [ 85.920856][ T5335] [ 85.922364][ T5335] Kernel Offset: disabled [ 85.924219][ T5335] Rebooting in 86400 seconds..