program: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0x40000582) (async) inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0x40000582) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) (async) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000ffc000/0x2000)=nil) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x2c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @remote={0xac, 0x3}}}}]}]}, 0x2c}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x1, 0xdddd0000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@loopback, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={""/10, ""/2, @multicast2}}, 0x0, @in=@private}}, &(0x7f0000000000)=0xe8) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000400)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@dax_inode}, {@resuid={'resuid', 0x3d, 0xee00}}, {@nodelalloc}, {@dioread_lock}, {@noinit_itable}], [{@subj_role={'subj_role', 0x3d, 'nodelalloc'}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@permit_directio}, {@dont_appraise}, {@uid_gt={'uid>', r2}}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") (async) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000400)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@dax_inode}, {@resuid={'resuid', 0x3d, 0xee00}}, {@nodelalloc}, {@dioread_lock}, {@noinit_itable}], [{@subj_role={'subj_role', 0x3d, 'nodelalloc'}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@permit_directio}, {@dont_appraise}, {@uid_gt={'uid>', r2}}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") chdir(&(0x7f0000000080)='./file0\x00') (async) chdir(&(0x7f0000000080)='./file0\x00') rename(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file1\x00') openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x20001, 0x0) (async) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x20001, 0x0) [ 67.750462][ T5303] Bluetooth: hci0: command tx timeout [ 67.818125][ T5323] loop0: detected capacity change from 0 to 1024 [ 67.895696][ T5325] hfsplus: request for non-existent node 134217728 in B*Tree [ 67.899996][ T5325] hfsplus: request for non-existent node 134217728 in B*Tree [ 67.913907][ T5323] ================================================================== [ 67.917600][ T5323] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0 [ 67.921632][ T5323] Read of size 8 at addr ffff888000f8c6e0 by task syz.0.0/5323 [ 67.925413][ T5323] [ 67.926602][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 67.926617][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.926623][ T5323] Call Trace: [ 67.926632][ T5323] [ 67.926637][ T5323] dump_stack_lvl+0x189/0x250 [ 67.926659][ T5323] ? __kasan_check_byte+0x12/0x40 [ 67.926671][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 67.926686][ T5323] ? lock_release+0x4b/0x3e0 [ 67.926704][ T5323] ? __virt_addr_valid+0x4a5/0x5c0 [ 67.926715][ T5323] print_report+0xd2/0x2b0 [ 67.926729][ T5323] ? hfsplus_bnode_read+0xc0/0x2a0 [ 67.926743][ T5323] kasan_report+0x118/0x150 [ 67.926754][ T5323] ? hfsplus_bnode_read+0xc0/0x2a0 [ 67.926769][ T5323] hfsplus_bnode_read+0xc0/0x2a0 [ 67.926783][ T5323] hfsplus_bnode_dump+0x300/0x450 [ 67.926800][ T5323] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 67.926815][ T5323] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 67.926830][ T5323] ? hfsplus_bnode_move+0x393/0xb90 [ 67.926844][ T5323] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 67.926855][ T5323] hfsplus_brec_remove+0x480/0x550 [ 67.926879][ T5323] __hfsplus_delete_attr+0x1d4/0x360 [ 67.926892][ T5323] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 67.926904][ T5323] ? hfsplus_attr_build_key+0xee/0x260 [ 67.926914][ T5323] hfsplus_delete_attr+0x231/0x2d0 [ 67.926925][ T5323] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 67.926942][ T5323] ? hfsplus_find_init+0x8c/0x1d0 [ 67.926962][ T5323] ? hfsplus_find_init+0x15a/0x1d0 [ 67.926977][ T5323] __hfsplus_setxattr+0x71c/0x1f40 [ 67.926990][ T5323] ? do_raw_spin_lock+0x121/0x290 [ 67.927003][ T5323] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 67.927098][ T5323] ? lockdep_hardirqs_on+0x9c/0x150 [ 67.927114][ T5323] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 67.927125][ T5323] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 67.927155][ T5323] ? __kasan_kmalloc+0x93/0xb0 [ 67.927165][ T5323] ? hfsplus_setxattr+0x102/0x180 [ 67.927176][ T5323] hfsplus_setxattr+0x11e/0x180 [ 67.927189][ T5323] hfsplus_user_setxattr+0x40/0x60 [ 67.927201][ T5323] ? __pfx_hfsplus_user_setxattr+0x10/0x10 [ 67.927213][ T5323] __vfs_removexattr+0x42e/0x470 [ 67.927228][ T5323] __vfs_removexattr_locked+0x1ed/0x230 [ 67.927249][ T5323] vfs_removexattr+0x80/0x1b0 [ 67.927261][ T5323] path_removexattrat+0x35d/0x690 [ 67.927277][ T5323] ? __pfx_path_removexattrat+0x10/0x10 [ 67.927298][ T5323] ? rcu_is_watching+0x15/0xb0 [ 67.927315][ T5323] __x64_sys_removexattr+0x62/0x70 [ 67.927327][ T5323] do_syscall_64+0xfa/0x3b0 [ 67.927337][ T5323] ? lockdep_hardirqs_on+0x9c/0x150 [ 67.927351][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.927362][ T5323] ? clear_bhb_loop+0x60/0xb0 [ 67.927373][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.927383][ T5323] RIP: 0033:0x7fe38b78e929 [ 67.927396][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.927406][ T5323] RSP: 002b:00007fe38c6b4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5 [ 67.927420][ T5323] RAX: ffffffffffffffda RBX: 00007fe38b9b5fa0 RCX: 00007fe38b78e929 [ 67.927428][ T5323] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040 [ 67.927435][ T5323] RBP: 00007fe38b810b39 R08: 0000000000000000 R09: 0000000000000000 [ 67.927441][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.927448][ T5323] R13: 0000000000000000 R14: 00007fe38b9b5fa0 R15: 00007ffd3ab6fc18 [ 67.927458][ T5323] [ 67.927463][ T5323] [ 68.084639][ T5323] Allocated by task 5324: [ 68.087022][ T5323] kasan_save_track+0x3e/0x80 [ 68.089110][ T5323] __kasan_kmalloc+0x93/0xb0 [ 68.091248][ T5323] __kmalloc_noprof+0x27a/0x4f0 [ 68.093437][ T5323] __hfs_bnode_create+0xf3/0x810 [ 68.095631][ T5323] hfsplus_bnode_find+0x224/0xd20 [ 68.097841][ T5323] hfsplus_brec_find+0x15c/0x500 [ 68.100030][ T5323] hfsplus_attr_exists+0x163/0x1d0 [ 68.102509][ T5323] __hfsplus_setxattr+0x33e/0x1f40 [ 68.105230][ T5323] hfsplus_setxattr+0x11e/0x180 [ 68.108102][ T5323] hfsplus_user_setxattr+0x40/0x60 [ 68.110428][ T5323] __vfs_setxattr+0x43c/0x480 [ 68.112535][ T5323] __vfs_setxattr_noperm+0x12d/0x660 [ 68.114848][ T5323] vfs_setxattr+0x16b/0x2f0 [ 68.116918][ T5323] filename_setxattr+0x274/0x600 [ 68.119103][ T5323] path_setxattrat+0x364/0x3a0 [ 68.121400][ T5323] __x64_sys_setxattr+0xbc/0xe0 [ 68.123981][ T5323] do_syscall_64+0xfa/0x3b0 [ 68.126353][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.128868][ T5323] [ 68.129986][ T5323] The buggy address belongs to the object at ffff888000f8c600 [ 68.129986][ T5323] which belongs to the cache kmalloc-192 of size 192 [ 68.136354][ T5323] The buggy address is located 72 bytes to the right of [ 68.136354][ T5323] allocated 152-byte region [ffff888000f8c600, ffff888000f8c698) [ 68.142854][ T5323] [ 68.143997][ T5323] The buggy address belongs to the physical page: [ 68.147128][ T5323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf8c [ 68.151525][ T5323] flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff) [ 68.154649][ T5323] page_type: f5(slab) [ 68.156324][ T5323] raw: 007ff00000000000 ffff88801a4413c0 ffffea00006cc7c0 dead000000000004 [ 68.160147][ T5323] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 68.164405][ T5323] page dumped because: kasan: bad access detected [ 68.167272][ T5323] page_owner tracks the page as allocated [ 68.169960][ T5323] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 8807127029, free_ts 0 [ 68.178224][ T5323] post_alloc_hook+0x240/0x2a0 [ 68.180388][ T5323] get_page_from_freelist+0x21e4/0x22c0 [ 68.182844][ T5323] __alloc_frozen_pages_noprof+0x181/0x370 [ 68.185355][ T5323] alloc_pages_mpol+0x232/0x4a0 [ 68.187593][ T5323] allocate_slab+0x8a/0x3b0 [ 68.189713][ T5323] ___slab_alloc+0xbfc/0x1480 [ 68.192064][ T5323] __kmalloc_cache_noprof+0x296/0x3d0 [ 68.194930][ T5323] call_usermodehelper_setup+0x8e/0x270 [ 68.197454][ T5323] kobject_uevent_env+0x65c/0x8c0 [ 68.199738][ T5323] tty_register_device_attr+0x541/0x8f0 [ 68.202154][ T5323] tty_register_driver+0x5a8/0xb20 [ 68.204487][ T5323] legacy_pty_init+0x3b6/0x620 [ 68.206842][ T5323] pty_init+0xe/0x20 [ 68.208721][ T5323] do_one_initcall+0x233/0x820 [ 68.211013][ T5323] do_initcall_level+0x137/0x1f0 [ 68.213352][ T5323] do_initcalls+0x69/0xd0 [ 68.215328][ T5323] page_owner free stack trace missing [ 68.218278][ T5323] [ 68.219629][ T5323] Memory state around the buggy address: [ 68.222629][ T5323] ffff888000f8c580: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.226223][ T5323] ffff888000f8c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.229602][ T5323] >ffff888000f8c680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.233028][ T5323] ^ [ 68.236264][ T5323] ffff888000f8c700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.240247][ T5323] ffff888000f8c780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 68.243815][ T5323] ================================================================== [ 68.309100][ T5323] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.312464][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 68.316655][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.321509][ T5323] Call Trace: [ 68.323436][ T5323] [ 68.324944][ T5323] dump_stack_lvl+0x99/0x250 [ 68.327228][ T5323] ? __asan_memcpy+0x40/0x70 [ 68.329314][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.331605][ T5323] ? __pfx__printk+0x10/0x10 [ 68.333629][ T5323] panic+0x2db/0x790 [ 68.335369][ T5323] ? __pfx_preempt_schedule+0x10/0x10 [ 68.337991][ T5323] ? __pfx_panic+0x10/0x10 [ 68.340520][ T5323] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 68.343287][ T5323] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.345932][ T5323] ? hfsplus_bnode_read+0xc0/0x2a0 [ 68.348057][ T5323] check_panic_on_warn+0x89/0xb0 [ 68.350342][ T5323] ? hfsplus_bnode_read+0xc0/0x2a0 [ 68.352798][ T5323] end_report+0x78/0x160 [ 68.355020][ T5323] kasan_report+0x129/0x150 [ 68.357019][ T5323] ? hfsplus_bnode_read+0xc0/0x2a0 [ 68.359631][ T5323] hfsplus_bnode_read+0xc0/0x2a0 [ 68.361984][ T5323] hfsplus_bnode_dump+0x300/0x450 [ 68.364394][ T5323] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 68.367010][ T5323] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 68.369499][ T5323] ? hfsplus_bnode_move+0x393/0xb90 [ 68.371826][ T5323] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 68.374564][ T5323] hfsplus_brec_remove+0x480/0x550 [ 68.377167][ T5323] __hfsplus_delete_attr+0x1d4/0x360 [ 68.379638][ T5323] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 68.382159][ T5323] ? hfsplus_attr_build_key+0xee/0x260 [ 68.384541][ T5323] hfsplus_delete_attr+0x231/0x2d0 [ 68.386794][ T5323] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 68.389024][ T5323] ? hfsplus_find_init+0x8c/0x1d0 [ 68.391167][ T5323] ? hfsplus_find_init+0x15a/0x1d0 [ 68.393225][ T5323] __hfsplus_setxattr+0x71c/0x1f40 [ 68.395180][ T5323] ? do_raw_spin_lock+0x121/0x290 [ 68.397287][ T5323] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 68.399972][ T5323] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.402273][ T5323] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 68.404364][ T5323] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 68.406880][ T5323] ? __kasan_kmalloc+0x93/0xb0 [ 68.408910][ T5323] ? hfsplus_setxattr+0x102/0x180 [ 68.411550][ T5323] hfsplus_setxattr+0x11e/0x180 [ 68.414084][ T5323] hfsplus_user_setxattr+0x40/0x60 [ 68.416376][ T5323] ? __pfx_hfsplus_user_setxattr+0x10/0x10 [ 68.418926][ T5323] __vfs_removexattr+0x42e/0x470 [ 68.421131][ T5323] __vfs_removexattr_locked+0x1ed/0x230 [ 68.423424][ T5323] vfs_removexattr+0x80/0x1b0 [ 68.425507][ T5323] path_removexattrat+0x35d/0x690 [ 68.427727][ T5323] ? __pfx_path_removexattrat+0x10/0x10 [ 68.430244][ T5323] ? rcu_is_watching+0x15/0xb0 [ 68.432273][ T5323] __x64_sys_removexattr+0x62/0x70 [ 68.434581][ T5323] do_syscall_64+0xfa/0x3b0 [ 68.436514][ T5323] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.438854][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.441666][ T5323] ? clear_bhb_loop+0x60/0xb0 [ 68.443755][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.446339][ T5323] RIP: 0033:0x7fe38b78e929 [ 68.448347][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.456457][ T5323] RSP: 002b:00007fe38c6b4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5 [ 68.460101][ T5323] RAX: ffffffffffffffda RBX: 00007fe38b9b5fa0 RCX: 00007fe38b78e929 [ 68.463703][ T5323] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040 [ 68.467216][ T5323] RBP: 00007fe38b810b39 R08: 0000000000000000 R09: 0000000000000000 [ 68.470476][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.473728][ T5323] R13: 0000000000000000 R14: 00007fe38b9b5fa0 R15: 00007ffd3ab6fc18 [ 68.477076][ T5323] [ 68.478770][ T5323] Kernel Offset: disabled [ 68.480773][ T5323] Rebooting in 86400 seconds..