program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9c0000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0000000000000000000000000000010c0002800500010000000000440001800c00028005000100000000002c00018014000300ff020000000000000000000000000001140004002001000000000000000000000000000106000340000100000800074000000001"], 0x9c}, 0x1, 0x0, 0x0, 0x4041}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000009880)={0x98, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}, 0x1, 0x0, 0x0, 0x400c080}, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x1008400, &(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYRES64], 0x86, 0x680, &(0x7f0000000340)="$eJzs3c1vHGcdB/DvbNZONpTUTZM2RZUSNRIgIhI7Vgrm0oAQyqFCVTlwthInsbJJi+0it0LUvF8rkT+gHHzjgJC4R5QLF7j16mMlBJdeMKdFMzu7Xr/bCfHa4fOJxvPMPPM8z+/57czOvsRygP9bNy6l+ShFblx6c7HcXlmebK8sT97vlZMcT9JImt1Vin93Op1PkuvpLnml3Fl3V2w3zsPZqbc//Xzls+5Ws16q4xs7tdubpXrJhSTH6vXj+e2m/m7u1t+J3fos+jMsE3axlzgYtpEknco/H3b3/Oivz/VrBrS2ar3rmQ8cAUX3vrnJWHKyvtDL1wHdu2L3nn2kLQ07AAAAADgAz69mNYs5New4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Cip//5/US+NXvlCit7f/x+t96UuHy7n93f4o6cVBwAAAAAAAAAcoPOrWc1iTiVZKrc7RfWd/2tV5Znq5xfyXuYzk7lczmKms5CFzGUiydhAR6OL0wsLcxP9lr3/GbC55dUtW17dJdDj9br1v5o5AAAAAAAAADxTfp4b1ff/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwaBTJse6qWs70ymNpNJOcSDJaHreU/L1XPsoeDTsAAAAAeAKdPR73/GpWs5hT/XZF9Z7/pep9/4m8lwdZyGwW0s5MblWfBXTf9TdWlifbK8uT98tlc7/f/te+wq16TPezh61HPlcd0crtzFZ7Ludm3klR3Eqjalk614tn67h+VsZUvNE1slM4A9m7Va/LmX9Urzf5cF+T3c4+P0wZqzIy0s/IeB1bmY0Xds7EPh+djSNNpNEP9syGkTZMYl3O39jjeCfrdTmfX2+X86HYmImrA2ffSzvnPPnKn37/w7vtB/fu3p6/dHimtDe9DwW7V0ZrcyYmBzLx8rOciU3Gq0yc7W/fyPfyg1zKhbyVuczmx5nOQmZyId+tStP1+VwMXPLbZOr6uq23dotktD5Du8+i62PKLjG9VrU9ldl8P+/kVmbyevXvaibyjVzLtUwNPMJn9/BM29jmqu98ccvgL361LrSS/KZeV+40d5v4U1bm9YWBvA4+545VdYN71rJ0eh/3o16W/rBzKM0v1YVyjF/U68NhYyYmBjLx4s6Z+F31tDLffnBv7u70u3sb7vRHdaG8jn51qO4S5flyunywqq31Z0dZ92JdN1Ita/karb9x6bZrbKo726/rXqlL216po/VruM09Xa3qXt6ybrKqOzdQt/H1Vrv/euhZ+PIH4Jl18msnR1v/aP2t9XHrl627rTdPfOf4N4+/OpqRv4x8qzl+7MuNV4s/5uP8dO39PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Pjm3//g3nS7PTO3odDpdD7cpuooF47V0z7AQV95LhnWlEeTHI7M/6fT6dR7isMQz86FTul4Oo/Z/M9J9nZwM8lWVeeHn4QhPzEBT92VhfvvXpl//4Ovz96fvjNzZ+bB1LVrU+NT116fvHJ7tj0z3v057CiBp2Htpj/sSAAAAAAAAAAAAIC9OohfJ9h+9BMHOVUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgiLpxKc1HKTIxfnm83F5ZnmyXS6+8dmQzSSNJ8ZOk+CS5nu6SsYHuiu3GeTg79fann698ttZXs3d8Y6d2W2ps3LFUL7mQ5Fi9fgLr+rv5xP0V/RmWCbvYSxwM238DAAD///NMCDQ=") r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}]}], {0x14}}, 0xb8}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0) syz_emit_ethernet(0x52, &(0x7f00000007c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a27f2", 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x0, 0x0, 0x0, 0xe}], {{0x8000, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) listxattr(&(0x7f0000000a00)='./bus\x00', 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r7], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) sendmsg$IPSET_CMD_TYPE(r0, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, 0xd, 0x6, 0x3, 0x0, 0x0, {0x3, 0x0, 0x9}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x40015) readv(r5, &(0x7f0000000040)=[{&(0x7f00000038c0)=""/4118, 0x1016}], 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000280)) r8 = creat(&(0x7f0000003840)='./bus\x00', 0x0) ftruncate(r8, 0x1f) setsockopt$bt_BT_RCVMTU(r8, 0x112, 0xd, &(0x7f0000000580)=0xa91, 0x2) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40345410, &(0x7f0000000340)={0x3}) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)={0x2, 0x4, 0x8, 0x1, 0x80, r8, 0x0, '\x00', r7, 0x0, 0x0, 0x3}, 0xfffffffffffffdf9) rename(&(0x7f00000009c0)='./bus\x00', &(0x7f0000000a40)='./file1\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xd, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @sock_ops=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) [ 87.213049][ T9] cfg80211: failed to load regulatory.db [ 87.218029][ T4686] Bluetooth: hci0: command tx timeout [ 87.362483][ T5340] loop0: detected capacity change from 0 to 1024 [ 87.542915][ T5341] ALSA: seq fatal error: cannot create timer (-22) [ 87.564470][ T5341] hfsplus: request for non-existent node 128 in B*Tree [ 87.569486][ T5340] team0 (unregistering): Port device team_slave_0 removed [ 87.573097][ T5341] hfsplus: request for non-existent node 128 in B*Tree [ 87.576605][ T5341] ================================================================== [ 87.579969][ T5341] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0 [ 87.583365][ T5341] Read of size 8 at addr ffff8880432773c0 by task syz.0.0/5341 [ 87.586607][ T5341] [ 87.587620][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 87.587636][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.587644][ T5341] Call Trace: [ 87.587652][ T5341] [ 87.587659][ T5341] dump_stack_lvl+0x189/0x250 [ 87.587676][ T5341] ? __virt_addr_valid+0x1c8/0x5c0 [ 87.587693][ T5341] ? rcu_is_watching+0x15/0xb0 [ 87.587707][ T5341] ? __kasan_check_byte+0x12/0x40 [ 87.587721][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.587734][ T5341] ? rcu_is_watching+0x15/0xb0 [ 87.587746][ T5341] ? lock_release+0x4b/0x3e0 [ 87.587759][ T5341] ? __virt_addr_valid+0x1c8/0x5c0 [ 87.587773][ T5341] ? __virt_addr_valid+0x4a5/0x5c0 [ 87.587787][ T5341] print_report+0xca/0x230 [ 87.587798][ T5341] ? hfsplus_bnode_read+0xc0/0x2a0 [ 87.587809][ T5341] kasan_report+0x118/0x150 [ 87.587823][ T5341] ? hfsplus_bnode_read+0xc0/0x2a0 [ 87.587836][ T5341] hfsplus_bnode_read+0xc0/0x2a0 [ 87.587848][ T5341] hfsplus_bnode_dump+0x300/0x450 [ 87.587861][ T5341] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 87.587873][ T5341] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 87.587885][ T5341] ? hfsplus_bnode_move+0x393/0xb90 [ 87.587896][ T5341] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 87.587910][ T5341] hfsplus_brec_remove+0x480/0x550 [ 87.587925][ T5341] __hfsplus_delete_attr+0x1d4/0x360 [ 87.587950][ T5341] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 87.587965][ T5341] ? hfsplus_find_init+0x8c/0x1d0 [ 87.587980][ T5341] hfsplus_delete_all_attrs+0x277/0x410 [ 87.587994][ T5341] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10 [ 87.588008][ T5341] ? rcu_is_watching+0x15/0xb0 [ 87.588021][ T5341] ? __mark_inode_dirty+0x3ab/0xdf0 [ 87.588039][ T5341] hfsplus_delete_cat+0x92c/0xd20 [ 87.588057][ T5341] ? __pfx_hfsplus_delete_cat+0x10/0x10 [ 87.588075][ T5341] ? __pfx___mutex_lock+0x10/0x10 [ 87.588129][ T5341] hfsplus_unlink+0x359/0x730 [ 87.588143][ T5341] ? __pfx_hfsplus_unlink+0x10/0x10 [ 87.588156][ T5341] ? down_write_nested+0x169/0x200 [ 87.588173][ T5341] ? __pfx_down_write_nested+0x10/0x10 [ 87.588189][ T5341] hfsplus_rename+0xcb/0x1c0 [ 87.588198][ T5341] ? __pfx_hfsplus_rename+0x10/0x10 [ 87.588209][ T5341] vfs_rename+0xb9c/0xec0 [ 87.588227][ T5341] ? __pfx_vfs_rename+0x10/0x10 [ 87.588241][ T5341] ? d_alloc+0x144/0x190 [ 87.588257][ T5341] ? bpf_lsm_path_rename+0x9/0x20 [ 87.588272][ T5341] ? security_path_rename+0x17d/0x490 [ 87.588286][ T5341] do_renameat2+0x878/0xc50 [ 87.588303][ T5341] ? __pfx_do_renameat2+0x10/0x10 [ 87.588320][ T5341] ? strncpy_from_user+0x150/0x290 [ 87.588335][ T5341] ? getname_flags+0x1e5/0x540 [ 87.588352][ T5341] __x64_sys_rename+0x82/0x90 [ 87.588365][ T5341] do_syscall_64+0xfa/0x3b0 [ 87.588377][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.588394][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.588405][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 87.588416][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.588427][ T5341] RIP: 0033:0x7fb0d238e929 [ 87.588440][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.588450][ T5341] RSP: 002b:00007fb0d31e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 87.588463][ T5341] RAX: ffffffffffffffda RBX: 00007fb0d25b6080 RCX: 00007fb0d238e929 [ 87.588471][ T5341] RDX: 0000000000000000 RSI: 0000200000000a40 RDI: 00002000000009c0 [ 87.588479][ T5341] RBP: 00007fb0d2410b39 R08: 0000000000000000 R09: 0000000000000000 [ 87.588487][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.588494][ T5341] R13: 0000000000000000 R14: 00007fb0d25b6080 R15: 00007ffc8827f9c8 [ 87.588504][ T5341] [ 87.588509][ T5341] [ 87.737282][ T5341] Allocated by task 5341: [ 87.739033][ T5341] kasan_save_track+0x3e/0x80 [ 87.741177][ T5341] __kasan_kmalloc+0x93/0xb0 [ 87.742907][ T5341] __kmalloc_noprof+0x27a/0x4f0 [ 87.744690][ T5341] __hfs_bnode_create+0xf3/0x810 [ 87.746769][ T5341] hfsplus_bnode_find+0x224/0xd20 [ 87.748862][ T5341] hfsplus_brec_find+0x15c/0x500 [ 87.751014][ T5341] __hfsplus_getxattr+0x301/0x7e0 [ 87.753119][ T5341] hfsplus_getxattr+0x10d/0x180 [ 87.755060][ T5341] __vfs_getxattr+0x3f1/0x430 [ 87.757055][ T5341] cap_inode_need_killpriv+0x45/0x60 [ 87.759215][ T5341] security_inode_need_killpriv+0x89/0x270 [ 87.761538][ T5341] dentry_needs_remove_privs+0x8d/0x100 [ 87.763874][ T5341] do_truncate+0xfe/0x220 [ 87.765690][ T5341] do_ftruncate+0x489/0x540 [ 87.767687][ T5341] __x64_sys_ftruncate+0x92/0xf0 [ 87.769742][ T5341] do_syscall_64+0xfa/0x3b0 [ 87.771584][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.774025][ T5341] [ 87.775082][ T5341] The buggy address belongs to the object at ffff888043277300 [ 87.775082][ T5341] which belongs to the cache kmalloc-192 of size 192 [ 87.780725][ T5341] The buggy address is located 40 bytes to the right of [ 87.780725][ T5341] allocated 152-byte region [ffff888043277300, ffff888043277398) [ 87.786519][ T5341] [ 87.787524][ T5341] The buggy address belongs to the physical page: [ 87.790251][ T5341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43277 [ 87.793663][ T5341] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 87.796763][ T5341] page_type: f5(slab) [ 87.798604][ T5341] raw: 04fff00000000000 ffff88801a4413c0 dead000000000122 0000000000000000 [ 87.802131][ T5341] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 87.805649][ T5341] page dumped because: kasan: bad access detected [ 87.808397][ T5341] page_owner tracks the page as allocated [ 87.810583][ T5341] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5340, tgid 5339 (syz.0.0), ts 87552041450, free_ts 87508265799 [ 87.817947][ T5341] post_alloc_hook+0x240/0x2a0 [ 87.820031][ T5341] get_page_from_freelist+0x21e4/0x22c0 [ 87.822391][ T5341] __alloc_frozen_pages_noprof+0x181/0x370 [ 87.824838][ T5341] alloc_pages_mpol+0x232/0x4a0 [ 87.826792][ T5341] allocate_slab+0x8a/0x3b0 [ 87.828722][ T5341] ___slab_alloc+0xbfc/0x1480 [ 87.830550][ T5341] __kmalloc_cache_noprof+0x296/0x3d0 [ 87.832829][ T5341] netdevice_event+0x3a1/0x8a0 [ 87.834969][ T5341] notifier_call_chain+0x1b3/0x3e0 [ 87.837328][ T5341] unregister_netdevice_many_notify+0x15d8/0x2320 [ 87.840095][ T5341] rtnl_dellink+0x488/0x710 [ 87.842080][ T5341] rtnetlink_rcv_msg+0x7cf/0xb70 [ 87.844267][ T5341] netlink_rcv_skb+0x208/0x470 [ 87.846344][ T5341] netlink_unicast+0x759/0x8e0 [ 87.848441][ T5341] netlink_sendmsg+0x805/0xb30 [ 87.850558][ T5341] __sock_sendmsg+0x219/0x270 [ 87.852615][ T5341] page last free pid 15 tgid 15 stack trace: [ 87.855268][ T5341] __free_frozen_pages+0xc71/0xe70 [ 87.857591][ T5341] rcu_core+0xca8/0x1710 [ 87.859402][ T5341] handle_softirqs+0x286/0x870 [ 87.861556][ T5341] run_ksoftirqd+0x9b/0x100 [ 87.863496][ T5341] smpboot_thread_fn+0x53f/0xa60 [ 87.865609][ T5341] kthread+0x70e/0x8a0 [ 87.867401][ T5341] ret_from_fork+0x3fc/0x770 [ 87.869517][ T5341] ret_from_fork_asm+0x1a/0x30 [ 87.871848][ T5341] [ 87.872904][ T5341] Memory state around the buggy address: [ 87.875195][ T5341] ffff888043277280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 87.878488][ T5341] ffff888043277300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.881780][ T5341] >ffff888043277380: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 87.885393][ T5341] ^ [ 87.887995][ T5341] ffff888043277400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.891427][ T5341] ffff888043277480: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 87.894659][ T5341] ================================================================== [ 87.921016][ T5340] team0 (unregistering): Port device team_slave_1 removed [ 87.943621][ T5341] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 87.946495][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 87.950074][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.954521][ T5341] Call Trace: [ 87.955988][ T5341] [ 87.957345][ T5341] dump_stack_lvl+0x99/0x250 [ 87.959378][ T5341] ? __asan_memcpy+0x40/0x70 [ 87.961481][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.963708][ T5341] ? __pfx__printk+0x10/0x10 [ 87.965776][ T5341] panic+0x2db/0x790 [ 87.967466][ T5341] ? __pfx_preempt_schedule+0x10/0x10 [ 87.969807][ T5341] ? __pfx_panic+0x10/0x10 [ 87.971682][ T5341] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 87.974062][ T5341] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 87.976675][ T5341] ? hfsplus_bnode_read+0xc0/0x2a0 [ 87.978711][ T5341] check_panic_on_warn+0x89/0xb0 [ 87.980617][ T5341] ? hfsplus_bnode_read+0xc0/0x2a0 [ 87.982819][ T5341] end_report+0x78/0x160 [ 87.984809][ T5341] kasan_report+0x129/0x150 [ 87.986722][ T5341] ? hfsplus_bnode_read+0xc0/0x2a0 [ 87.988831][ T5341] hfsplus_bnode_read+0xc0/0x2a0 [ 87.990852][ T5341] hfsplus_bnode_dump+0x300/0x450 [ 87.993281][ T5341] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 87.996105][ T5341] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 87.998481][ T5341] ? hfsplus_bnode_move+0x393/0xb90 [ 88.000646][ T5341] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 88.003007][ T5341] hfsplus_brec_remove+0x480/0x550 [ 88.005188][ T5341] __hfsplus_delete_attr+0x1d4/0x360 [ 88.007493][ T5341] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 88.009493][ T5341] ? hfsplus_find_init+0x8c/0x1d0 [ 88.011360][ T5341] hfsplus_delete_all_attrs+0x277/0x410 [ 88.013359][ T5341] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10 [ 88.015798][ T5341] ? rcu_is_watching+0x15/0xb0 [ 88.017842][ T5341] ? __mark_inode_dirty+0x3ab/0xdf0 [ 88.020002][ T5341] hfsplus_delete_cat+0x92c/0xd20 [ 88.022144][ T5341] ? __pfx_hfsplus_delete_cat+0x10/0x10 [ 88.024508][ T5341] ? __pfx___mutex_lock+0x10/0x10 [ 88.026701][ T5341] hfsplus_unlink+0x359/0x730 [ 88.028743][ T5341] ? __pfx_hfsplus_unlink+0x10/0x10 [ 88.030845][ T5341] ? down_write_nested+0x169/0x200 [ 88.032600][ T5341] ? __pfx_down_write_nested+0x10/0x10 [ 88.034613][ T5341] hfsplus_rename+0xcb/0x1c0 [ 88.036621][ T5341] ? __pfx_hfsplus_rename+0x10/0x10 [ 88.038859][ T5341] vfs_rename+0xb9c/0xec0 [ 88.040692][ T5341] ? __pfx_vfs_rename+0x10/0x10 [ 88.042826][ T5341] ? d_alloc+0x144/0x190 [ 88.044644][ T5341] ? bpf_lsm_path_rename+0x9/0x20 [ 88.046770][ T5341] ? security_path_rename+0x17d/0x490 [ 88.048937][ T5341] do_renameat2+0x878/0xc50 [ 88.050878][ T5341] ? __pfx_do_renameat2+0x10/0x10 [ 88.053029][ T5341] ? strncpy_from_user+0x150/0x290 [ 88.055071][ T5341] ? getname_flags+0x1e5/0x540 [ 88.057118][ T5341] __x64_sys_rename+0x82/0x90 [ 88.059165][ T5341] do_syscall_64+0xfa/0x3b0 [ 88.061148][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.063413][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.065599][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 88.067507][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.069866][ T5341] RIP: 0033:0x7fb0d238e929 [ 88.071810][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.079720][ T5341] RSP: 002b:00007fb0d31e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 88.082963][ T5341] RAX: ffffffffffffffda RBX: 00007fb0d25b6080 RCX: 00007fb0d238e929 [ 88.086380][ T5341] RDX: 0000000000000000 RSI: 0000200000000a40 RDI: 00002000000009c0 [ 88.089718][ T5341] RBP: 00007fb0d2410b39 R08: 0000000000000000 R09: 0000000000000000 [ 88.093090][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 88.096569][ T5341] R13: 0000000000000000 R14: 00007fb0d25b6080 R15: 00007ffc8827f9c8 [ 88.099766][ T5341] [ 88.101320][ T5341] Kernel Offset: disabled [ 88.103208][ T5341] Rebooting in 86400 seconds..