program: r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)=ANY=[@ANYBLOB="180100002d000100000000000000000006010080140002000000000000000000000000000000000008000100", @ANYRES32=r0, @ANYBLOB="50bb2d6f67d29d6fabadb107d0def49c88eaed50ba12f59504abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf848f897b751c75b8b3f2370e16e489e6af61b9136ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b10850351dc076c08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9ce475f55ac64337803f5eb4e5842f4d90600fa370d47eb640dc5061dc35817c867e3edf571d0923910ae06451e19591e8b8e0a715f43df055aee9fcfc15600"/264], 0x118}], 0x1}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000040000000030a09020000000000000000020000000900010073797a30000000000900030073797a3200000000140004800800014000000000080002400000000014000000110001"], 0x88}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x24, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb0}}, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0xfe, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) (async) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) (async) setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$security_capability(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f00000003c0)=@v3={0x3000000, [{0x9, 0x9}, {0xffff, 0xffffffff}]}, 0x18, 0x1) syz_emit_ethernet(0xbe, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaa2aaaaaaaffffffffffff0800450000b00000000000119078ac141400ac1414aa00000000009c90780100000000000000f4cb985d86dd6266b5efb88aaa87ed9a81bac8b2f9a49d564054f1c9218f47b3cf8743eb4d9e776f94a6a58d36e006ac614f6f7bce9217cbfea31675d4a860cf6003977b1e4dbb16dc31cc76522bf19d5043edd2a8cc8c41345f8feb1a7a8e23043b8a465b1ed5bf8bc91307c7193f7edd1efc4742dc481e6f57f901948177bcc5dea4029ba4683a6bdcd7a188c24371aa41bb8f57"], 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x18, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0xc, 0x1c, 0x0, 0x0, @u64=0x5}]}, @nested={0x4, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x18, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0xc, 0x1c, 0x0, 0x0, @u64=0x5}]}, @nested={0x4, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40841, 0x0) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40841, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800000, 0x2) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901) r9 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r9, 0x0, r8, 0x0, 0x46) (async) move_mount(r9, 0x0, r8, 0x0, 0x46) ppoll(&(0x7f0000000080)=[{r4, 0x200}, {r5, 0xb4}], 0x2, &(0x7f0000000140)={r6, r7+60000000}, &(0x7f0000000400)={[0x2]}, 0x8) (async) ppoll(&(0x7f0000000080)=[{r4, 0x200}, {r5, 0xb4}], 0x2, &(0x7f0000000140)={r6, r7+60000000}, &(0x7f0000000400)={[0x2]}, 0x8) r10 = dup(r5) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r10, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB="2c15542e706c0bac126c3485e8f5b5fc526c3883fc594b61d4164ee776425c5322ab865db2b5d2e3d40fcd59ca366a14ee69a6af7400"/66]) [ 75.562004][ T4689] Bluetooth: hci0: command tx timeout [ 75.595103][ T5341] netlink: 'syz.0.0': attribute type 11 has an invalid length. [ 75.639489][ T5342] loop0: detected capacity change from 0 to 1024 [ 75.703218][ T5341] hfsplus: request for non-existent node 134217728 in B*Tree [ 75.706757][ T5341] hfsplus: request for non-existent node 134217728 in B*Tree [ 75.723883][ T5342] ================================================================== [ 75.727794][ T5342] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0 [ 75.731401][ T5342] Read of size 8 at addr ffff888036d61d98 by task syz.0.0/5342 [ 75.734712][ T5342] [ 75.735656][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 75.735667][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.735672][ T5342] Call Trace: [ 75.735676][ T5342] [ 75.735680][ T5342] dump_stack_lvl+0x189/0x250 [ 75.735700][ T5342] ? __kasan_check_byte+0x12/0x40 [ 75.735714][ T5342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.735726][ T5342] ? lock_release+0x4b/0x3e0 [ 75.735739][ T5342] ? __virt_addr_valid+0x4a5/0x5c0 [ 75.735754][ T5342] print_report+0xd2/0x2b0 [ 75.735765][ T5342] ? hfsplus_bnode_read+0xc0/0x2a0 [ 75.735775][ T5342] kasan_report+0x118/0x150 [ 75.735789][ T5342] ? hfsplus_bnode_read+0xc0/0x2a0 [ 75.735801][ T5342] hfsplus_bnode_read+0xc0/0x2a0 [ 75.735813][ T5342] hfsplus_bnode_dump+0x300/0x450 [ 75.735825][ T5342] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 75.735836][ T5342] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 75.735846][ T5342] ? hfsplus_bnode_move+0x393/0xb90 [ 75.735857][ T5342] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 75.735869][ T5342] hfsplus_brec_remove+0x480/0x550 [ 75.735883][ T5342] __hfsplus_delete_attr+0x1d4/0x360 [ 75.735898][ T5342] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 75.735913][ T5342] ? hfsplus_attr_build_key+0xee/0x260 [ 75.735926][ T5342] hfsplus_delete_attr+0x231/0x2d0 [ 75.735940][ T5342] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 75.735953][ T5342] ? hfsplus_find_init+0x8c/0x1d0 [ 75.735964][ T5342] ? hfsplus_find_init+0x15a/0x1d0 [ 75.735977][ T5342] __hfsplus_setxattr+0x37a/0x1f40 [ 75.735991][ T5342] ? is_bpf_text_address+0x26/0x2b0 [ 75.736004][ T5342] ? kernel_text_address+0xa5/0xe0 [ 75.736014][ T5342] ? unwind_get_return_address+0x4d/0x90 [ 75.736027][ T5342] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 75.736042][ T5342] ? arch_stack_walk+0xfc/0x150 [ 75.736056][ T5342] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 75.736071][ T5342] ? stack_trace_save+0x9c/0xe0 [ 75.736096][ T5342] ? hfsplus_setxattr+0x68/0x180 [ 75.736110][ T5342] ? __kasan_kmalloc+0x93/0xb0 [ 75.736122][ T5342] ? hfsplus_setxattr+0x102/0x180 [ 75.736137][ T5342] hfsplus_setxattr+0x11e/0x180 [ 75.736152][ T5342] hfsplus_trusted_setxattr+0x40/0x60 [ 75.736164][ T5342] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 75.736174][ T5342] __vfs_setxattr+0x439/0x480 [ 75.736185][ T5342] __vfs_setxattr_noperm+0x12d/0x660 [ 75.736195][ T5342] vfs_setxattr+0x16b/0x2f0 [ 75.736204][ T5342] ? __pfx_vfs_setxattr+0x10/0x10 [ 75.736213][ T5342] ? mnt_get_write_access+0x223/0x2a0 [ 75.736224][ T5342] filename_setxattr+0x274/0x600 [ 75.736240][ T5342] ? __pfx_filename_setxattr+0x10/0x10 [ 75.736254][ T5342] ? getname_flags+0x1e5/0x540 [ 75.736271][ T5342] path_setxattrat+0x364/0x3a0 [ 75.736282][ T5342] ? __pfx_path_setxattrat+0x10/0x10 [ 75.736305][ T5342] ? rcu_is_watching+0x15/0xb0 [ 75.736319][ T5342] __x64_sys_setxattr+0xbc/0xe0 [ 75.736333][ T5342] do_syscall_64+0xfa/0x3b0 [ 75.736388][ T5342] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.736405][ T5342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.736416][ T5342] ? clear_bhb_loop+0x60/0xb0 [ 75.736427][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.736434][ T5342] RIP: 0033:0x7fccf658e929 [ 75.736445][ T5342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.736454][ T5342] RSP: 002b:00007fccf7453038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 75.736467][ T5342] RAX: ffffffffffffffda RBX: 00007fccf67b6080 RCX: 00007fccf658e929 [ 75.736475][ T5342] RDX: 0000200000001400 RSI: 00002000000001c0 RDI: 0000200000000200 [ 75.736482][ T5342] RBP: 00007fccf6610b39 R08: 0000000000000000 R09: 0000000000000000 [ 75.736489][ T5342] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000 [ 75.736496][ T5342] R13: 0000000000000000 R14: 00007fccf67b6080 R15: 00007ffc22bb6048 [ 75.736507][ T5342] [ 75.736511][ T5342] [ 75.904840][ T5342] Allocated by task 5341: [ 75.906762][ T5342] kasan_save_track+0x3e/0x80 [ 75.908920][ T5342] __kasan_kmalloc+0x93/0xb0 [ 75.911548][ T5342] __kmalloc_noprof+0x27a/0x4f0 [ 75.914145][ T5342] __hfs_bnode_create+0xf3/0x810 [ 75.916126][ T5342] hfsplus_bnode_find+0x224/0xd20 [ 75.918229][ T5342] hfsplus_brec_find+0x15c/0x500 [ 75.920385][ T5342] hfsplus_attr_exists+0x163/0x1d0 [ 75.923297][ T5342] __hfsplus_setxattr+0x33e/0x1f40 [ 75.926140][ T5342] hfsplus_setxattr+0x11e/0x180 [ 75.928888][ T5342] hfsplus_trusted_setxattr+0x40/0x60 [ 75.931365][ T5342] __vfs_setxattr+0x439/0x480 [ 75.933371][ T5342] __vfs_setxattr_noperm+0x12d/0x660 [ 75.935758][ T5342] vfs_setxattr+0x16b/0x2f0 [ 75.937741][ T5342] filename_setxattr+0x274/0x600 [ 75.940294][ T5342] path_setxattrat+0x364/0x3a0 [ 75.942558][ T5342] __x64_sys_setxattr+0xbc/0xe0 [ 75.944720][ T5342] do_syscall_64+0xfa/0x3b0 [ 75.946639][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.949238][ T5342] [ 75.950309][ T5342] The buggy address belongs to the object at ffff888036d61d00 [ 75.950309][ T5342] which belongs to the cache kmalloc-192 of size 192 [ 75.956154][ T5342] The buggy address is located 0 bytes to the right of [ 75.956154][ T5342] allocated 152-byte region [ffff888036d61d00, ffff888036d61d98) [ 75.962090][ T5342] [ 75.963073][ T5342] The buggy address belongs to the physical page: [ 75.965775][ T5342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36d61 [ 75.969575][ T5342] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 75.972568][ T5342] page_type: f5(slab) [ 75.974275][ T5342] raw: 04fff00000000000 ffff88801a4413c0 ffffea0000d98b40 dead000000000006 [ 75.977858][ T5342] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 75.981415][ T5342] page dumped because: kasan: bad access detected [ 75.984134][ T5342] page_owner tracks the page as allocated [ 75.986518][ T5342] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 16739412996, free_ts 0 [ 75.994392][ T5342] post_alloc_hook+0x240/0x2a0 [ 75.996370][ T5342] get_page_from_freelist+0x21e4/0x22c0 [ 75.998506][ T5342] __alloc_frozen_pages_noprof+0x181/0x370 [ 76.000804][ T5342] alloc_pages_mpol+0x232/0x4a0 [ 76.002695][ T5342] allocate_slab+0x8a/0x3b0 [ 76.004647][ T5342] ___slab_alloc+0xbfc/0x1480 [ 76.006615][ T5342] __kmalloc_noprof+0x305/0x4f0 [ 76.008716][ T5342] usb_alloc_urb+0x46/0x150 [ 76.010766][ T5342] usb_control_msg+0x118/0x3e0 [ 76.012877][ T5342] usb_set_configuration+0x127a/0x20e0 [ 76.015235][ T5342] usb_generic_driver_probe+0x8d/0x150 [ 76.017609][ T5342] usb_probe_device+0x1c4/0x390 [ 76.019694][ T5342] really_probe+0x26a/0x9a0 [ 76.021670][ T5342] __driver_probe_device+0x18c/0x2f0 [ 76.023977][ T5342] driver_probe_device+0x4f/0x430 [ 76.026031][ T5342] __device_attach_driver+0x2ce/0x530 [ 76.028489][ T5342] page_owner free stack trace missing [ 76.030718][ T5342] [ 76.031959][ T5342] Memory state around the buggy address: [ 76.034457][ T5342] ffff888036d61c80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.037879][ T5342] ffff888036d61d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.041214][ T5342] >ffff888036d61d80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.044573][ T5342] ^ [ 76.046703][ T5342] ffff888036d61e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.050141][ T5342] ffff888036d61e80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 76.054378][ T5342] ================================================================== [ 76.127491][ T5342] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 76.130827][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 76.135810][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.140072][ T5342] Call Trace: [ 76.141553][ T5342] [ 76.142836][ T5342] dump_stack_lvl+0x99/0x250 [ 76.144883][ T5342] ? __asan_memcpy+0x40/0x70 [ 76.146860][ T5342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.148983][ T5342] ? __pfx__printk+0x10/0x10 [ 76.150959][ T5342] panic+0x2db/0x790 [ 76.152714][ T5342] ? __pfx_preempt_schedule+0x10/0x10 [ 76.155134][ T5342] ? __pfx_panic+0x10/0x10 [ 76.156952][ T5342] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 76.159324][ T5342] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.161929][ T5342] ? hfsplus_bnode_read+0xc0/0x2a0 [ 76.164009][ T5342] check_panic_on_warn+0x89/0xb0 [ 76.166040][ T5342] ? hfsplus_bnode_read+0xc0/0x2a0 [ 76.168191][ T5342] end_report+0x78/0x160 [ 76.170072][ T5342] kasan_report+0x129/0x150 [ 76.172018][ T5342] ? hfsplus_bnode_read+0xc0/0x2a0 [ 76.174273][ T5342] hfsplus_bnode_read+0xc0/0x2a0 [ 76.176419][ T5342] hfsplus_bnode_dump+0x300/0x450 [ 76.178498][ T5342] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 76.180829][ T5342] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 76.183030][ T5342] ? hfsplus_bnode_move+0x393/0xb90 [ 76.185234][ T5342] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 76.187342][ T5342] hfsplus_brec_remove+0x480/0x550 [ 76.189360][ T5342] __hfsplus_delete_attr+0x1d4/0x360 [ 76.191491][ T5342] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 76.193883][ T5342] ? hfsplus_attr_build_key+0xee/0x260 [ 76.196217][ T5342] hfsplus_delete_attr+0x231/0x2d0 [ 76.198449][ T5342] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 76.200777][ T5342] ? hfsplus_find_init+0x8c/0x1d0 [ 76.202963][ T5342] ? hfsplus_find_init+0x15a/0x1d0 [ 76.205224][ T5342] __hfsplus_setxattr+0x37a/0x1f40 [ 76.207370][ T5342] ? is_bpf_text_address+0x26/0x2b0 [ 76.209543][ T5342] ? kernel_text_address+0xa5/0xe0 [ 76.211623][ T5342] ? unwind_get_return_address+0x4d/0x90 [ 76.213924][ T5342] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 76.216464][ T5342] ? arch_stack_walk+0xfc/0x150 [ 76.218772][ T5342] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 76.221095][ T5342] ? stack_trace_save+0x9c/0xe0 [ 76.223275][ T5342] ? hfsplus_setxattr+0x68/0x180 [ 76.225813][ T5342] ? __kasan_kmalloc+0x93/0xb0 [ 76.227887][ T5342] ? hfsplus_setxattr+0x102/0x180 [ 76.230052][ T5342] hfsplus_setxattr+0x11e/0x180 [ 76.232244][ T5342] hfsplus_trusted_setxattr+0x40/0x60 [ 76.234571][ T5342] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 76.237040][ T5342] __vfs_setxattr+0x439/0x480 [ 76.239087][ T5342] __vfs_setxattr_noperm+0x12d/0x660 [ 76.241283][ T5342] vfs_setxattr+0x16b/0x2f0 [ 76.243239][ T5342] ? __pfx_vfs_setxattr+0x10/0x10 [ 76.245515][ T5342] ? mnt_get_write_access+0x223/0x2a0 [ 76.247823][ T5342] filename_setxattr+0x274/0x600 [ 76.249923][ T5342] ? __pfx_filename_setxattr+0x10/0x10 [ 76.252274][ T5342] ? getname_flags+0x1e5/0x540 [ 76.254498][ T5342] path_setxattrat+0x364/0x3a0 [ 76.256698][ T5342] ? __pfx_path_setxattrat+0x10/0x10 [ 76.258940][ T5342] ? rcu_is_watching+0x15/0xb0 [ 76.261213][ T5342] __x64_sys_setxattr+0xbc/0xe0 [ 76.263279][ T5342] do_syscall_64+0xfa/0x3b0 [ 76.265254][ T5342] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.267663][ T5342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.270297][ T5342] ? clear_bhb_loop+0x60/0xb0 [ 76.272431][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.275025][ T5342] RIP: 0033:0x7fccf658e929 [ 76.276824][ T5342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.284801][ T5342] RSP: 002b:00007fccf7453038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 76.288546][ T5342] RAX: ffffffffffffffda RBX: 00007fccf67b6080 RCX: 00007fccf658e929 [ 76.292036][ T5342] RDX: 0000200000001400 RSI: 00002000000001c0 RDI: 0000200000000200 [ 76.295620][ T5342] RBP: 00007fccf6610b39 R08: 0000000000000000 R09: 0000000000000000 [ 76.299024][ T5342] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000 [ 76.302065][ T5342] R13: 0000000000000000 R14: 00007fccf67b6080 R15: 00007ffc22bb6048 [ 76.305299][ T5342] [ 76.307055][ T5342] Kernel Offset: disabled [ 76.308957][ T5342] Rebooting in 86400 seconds..