program: syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x21, 0x6d2, &(0x7f0000000880)="$eJzs3cFvHFcdB/DvrNeON1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeKitEKQAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQVUKLZnZ2vWuv43USrxP6+UTjeW/ezJvf/ObNjHed1Qb4wrp0Os17KXLp9Ot3yvrG+mJ7Y33xUN3cTlKWG0mzO0txIynuJ0tlezEwZWC+zUerF9/89MHGZ91as56q9af6282OFfKIfdytp8zX/c2P3HJ6rP67fVXh5YUkl+v5sJlx+xpasUzaqXoOB66zzd29bL7j9Q48+3pPp6L73NxmLjlcP5mr3wnqu0NjchHujz3d5QAAAOA59cnNg44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnj/19/8X9dSo55lP0fv+/5nesrr8DFoae817+xoHAAAAAAAAAEzG1x/mYe7kSK/eKaq/+Z+sKsfyeSf5Ut7L7azkVs7kTpazlrXcyrkkcwMdzdxZXlu7da6/ZWn0ludHbnl+UkcMAAAAAAAAAP+XfpnW5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgWVAkU91ZNR2r55lLo5nNttxN/plk5qDj3YNi1MJ7k48DAAAAnsjsY2zz5YfTyZ0c6dU7RfWa/yvV6+XZvJcbWctq1tLOSq7Ur6HLV/2NjfXF9sb64vVyKuvD/X7/33sKY6buYaqqjdrziWqNVq5mtVpyJperYK6k0d33qeREL56BuAZ8WMZUfK82ZmTNOq3lzn6/07sIT8XwWxGNR6zZ2gwu6WdkoY6t3PJoNwNF9UZNsjUTu52d/zaHqnNVr9P9PZ1Lo//Oz7F9yPnhel4ez2/2Ned71c9EI1UmzvdGX3nNPDoTyTf++qe3rrVvvHPt6u3Tz84h7WJqh+Vbx8TiQCZefq4z0dzj+gtVJo7365fyo/wkpzOfN3Irq/lplrOWlXTq9uV6PJc/5x6dqaWh2hu7RTJTn5fuORsnpvn8sCot52S17ZGspsjNXMlKXqv+nc+5fDsXciEXB87w8R3jro6tuuobW6/63pn+28jgT32zLpR3t99u3uWWHnXEO43Op6V77y/zenQgr91R/6C/1tGB62BhIEsv9rIzPbLzx7k3Nr9aF8p9/GqX58RkzdWZKC+g3lOiF91L3Uw0q2fR9nH+h065Xdo3Op1ry+/u0P/dLfVX63k5rNa/ttvaPaNPxdNVjpcXM1vfSYZHR9n2Uv8uM9DW2RzL3bbhJ2653fGqrSh6V+qPc7MaANuv1Jn6d7jtPZ2v2l4e2bZYtZ0YaBv6fSs3086VCeQPgMfxj7f6xbkcnmn9q/VJ6+PWr1vXWq/P/uDQdw69MpPpv09/t7kw9WrjleIv+Tg/33z9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPL7b73/wznK7vXJrdKGxc9NQoZWtS3bq+dDofor6C33G2NdzUZhNMrSk+p6jiYfR2hrGtkLnF8nE89P7EsHR6/yuLDS3jahRhaWhJX/e3uGHe4ywGO+62MdCI5Pd6VRGD4ADvCkBE3F27fq7Z2+//8G3Vq8vv73y9sqN6QsXLi5cvPDa4tmrq+2Vhe7Pg44S2A+bD/2DjgQAAAAAAAAAAAAY16gPBpx8YbcPjYz1GQ//sxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Ki6dTvNeipxbOLNQ1jfWF9vl1CtvrtlM0mgkxc+S4n6ylO6UuYHuivzxfjoj9vPR6sU3P32w8dlmX83u+kmjnu/s0a1J7tZT5pNM1fMnMNTf5Sfur/hP7xjKhH3e6XSWniw+eDr+FwAA//8ejfS+") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000600)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000880)={0x7, 0x8, 0xfa00, {r1, 0xac6}}, 0x10) open(&(0x7f0000000000)='./file0\x00', 0x143042, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) mmap(&(0x7f0000867000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x800000) mmap(&(0x7f0000692000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000004) ioctl$FS_IOC_RESVSP(r4, 0x40305829, &(0x7f0000000540)={0x1100, 0x0, 0x52, 0x10000}) listxattr(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 75.793281][ T5299] Bluetooth: hci0: command tx timeout [ 75.880810][ T5319] loop0: detected capacity change from 0 to 1024 [ 75.922032][ T5319] hfsplus: new node 0 already hashed? [ 75.926161][ T5319] ------------[ cut here ]------------ [ 75.928605][ T5319] WARNING: CPU: 0 PID: 5319 at fs/hfsplus/bnode.c:579 hfsplus_bnode_create+0x461/0x4f0 [ 75.933317][ T5319] Modules linked in: [ 75.935963][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 75.941084][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.946865][ T5319] RIP: 0010:hfsplus_bnode_create+0x461/0x4f0 [ 75.949425][ T5319] Code: a1 8b 89 ee e8 c0 91 8f fe e9 cf fc ff ff e8 66 51 28 ff 4c 89 ef e8 4e 37 d1 08 48 c7 c7 e0 b2 a1 8b 89 ee e8 a0 91 8f fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff [ 75.957994][ T5319] RSP: 0018:ffffc9000d37f040 EFLAGS: 00010246 [ 75.960590][ T5319] RAX: 0000000000000023 RBX: ffff888042178000 RCX: 907e507e44a7b800 [ 75.963887][ T5319] RDX: ffffc9000dc7a000 RSI: 0000000000005d7b RDI: 0000000000005d7c [ 75.967685][ T5319] RBP: 0000000000000000 R08: ffffc9000d37ed67 R09: 1ffff92001a6fdac [ 75.971527][ T5319] R10: dffffc0000000000 R11: fffff52001a6fdad R12: 0000000000000000 [ 75.975277][ T5319] R13: ffff8880421780e0 R14: ffff8880363fa900 R15: dffffc0000000000 [ 75.978610][ T5319] FS: 00007f16005ce6c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 75.982286][ T5319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.985302][ T5319] CR2: 00007f206545a000 CR3: 0000000043da8000 CR4: 0000000000352ef0 [ 75.988681][ T5319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.992431][ T5319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.995915][ T5319] Call Trace: [ 75.997385][ T5319] [ 75.998736][ T5319] ? do_raw_spin_unlock+0x4d/0x240 [ 76.001055][ T5319] hfsplus_bmap_alloc+0x5af/0x640 [ 76.003265][ T5319] ? __pfx_hfsplus_bmap_alloc+0x10/0x10 [ 76.005881][ T5319] ? hfsplus_bnode_read+0x135/0x2a0 [ 76.008166][ T5319] ? hfsplus_bnode_read+0x135/0x2a0 [ 76.010564][ T5319] hfs_bnode_split+0xcc/0xef0 [ 76.012861][ T5319] ? hfsplus_bnode_read+0x255/0x2a0 [ 76.015286][ T5319] ? hfsplus_bnode_read+0x135/0x2a0 [ 76.017629][ T5319] ? __asan_memcpy+0x40/0x70 [ 76.019644][ T5319] ? hfsplus_bnode_read_u16+0x87/0xd0 [ 76.022066][ T5319] ? __pfx_hfs_bnode_split+0x10/0x10 [ 76.024586][ T5319] hfsplus_brec_insert+0x38f/0xcc0 [ 76.026994][ T5319] ? __pfx_hfsplus_brec_insert+0x10/0x10 [ 76.030232][ T5319] hfsplus_create_cat+0x3b6/0x1000 [ 76.032887][ T5319] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 76.035665][ T5319] ? do_raw_spin_unlock+0x4d/0x240 [ 76.038053][ T5319] ? do_raw_spin_unlock+0x4d/0x240 [ 76.040400][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 76.042590][ T5319] ? hfsplus_new_inode+0x643/0x820 [ 76.045037][ T5319] hfsplus_fill_super+0x1314/0x1b70 [ 76.047449][ T5319] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 76.050217][ T5319] ? string+0x279/0x2b0 [ 76.052317][ T5319] ? snprintf+0xda/0x120 [ 76.054396][ T5319] ? sb_set_blocksize+0x104/0x180 [ 76.056644][ T5319] ? setup_bdev_super+0x4c1/0x5b0 [ 76.058679][ T5319] get_tree_bdev_flags+0x40e/0x4d0 [ 76.060764][ T5319] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 76.063112][ T5319] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 76.065778][ T5319] vfs_get_tree+0x92/0x2b0 [ 76.067878][ T5319] do_new_mount+0x24a/0xa40 [ 76.070037][ T5319] __se_sys_mount+0x317/0x410 [ 76.072117][ T5319] ? __pfx___se_sys_mount+0x10/0x10 [ 76.074538][ T5319] ? do_syscall_64+0xbe/0x3b0 [ 76.076752][ T5319] ? __x64_sys_mount+0x20/0xc0 [ 76.078894][ T5319] do_syscall_64+0xfa/0x3b0 [ 76.080895][ T5319] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.083209][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.086048][ T5319] ? clear_bhb_loop+0x60/0xb0 [ 76.087875][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.090198][ T5319] RIP: 0033:0x7f15ff7900ca [ 76.091894][ T5319] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.099226][ T5319] RSP: 002b:00007f16005cde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 76.102490][ T5319] RAX: ffffffffffffffda RBX: 00007f16005cdef0 RCX: 00007f15ff7900ca [ 76.105991][ T5319] RDX: 0000200000000100 RSI: 0000200000002900 RDI: 00007f16005cdeb0 [ 76.109311][ T5319] RBP: 0000200000000100 R08: 00007f16005cdef0 R09: 0000000002000010 [ 76.112568][ T5319] R10: 0000000002000010 R11: 0000000000000246 R12: 0000200000002900 [ 76.116220][ T5319] R13: 00007f16005cdeb0 R14: 00000000000006d2 R15: 00002000000022c0 [ 76.119671][ T5319] [ 76.120968][ T5319] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.123822][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 76.128981][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.134006][ T5319] Call Trace: [ 76.135717][ T5319] [ 76.136987][ T5319] dump_stack_lvl+0x99/0x250 [ 76.139145][ T5319] ? __asan_memcpy+0x40/0x70 [ 76.141179][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.143347][ T5319] ? __pfx__printk+0x10/0x10 [ 76.145266][ T5319] panic+0x2db/0x790 [ 76.146941][ T5319] ? __pfx_panic+0x10/0x10 [ 76.148881][ T5319] ? show_trace_log_lvl+0x4fb/0x550 [ 76.151306][ T5319] __warn+0x31b/0x4b0 [ 76.153294][ T5319] ? hfsplus_bnode_create+0x461/0x4f0 [ 76.155642][ T5319] ? hfsplus_bnode_create+0x461/0x4f0 [ 76.157931][ T5319] report_bug+0x2be/0x4f0 [ 76.159796][ T5319] ? hfsplus_bnode_create+0x461/0x4f0 [ 76.162223][ T5319] ? hfsplus_bnode_create+0x461/0x4f0 [ 76.164556][ T5319] ? hfsplus_bnode_create+0x463/0x4f0 [ 76.166881][ T5319] handle_bug+0x84/0x160 [ 76.168702][ T5319] exc_invalid_op+0x1a/0x50 [ 76.170800][ T5319] asm_exc_invalid_op+0x1a/0x20 [ 76.172898][ T5319] RIP: 0010:hfsplus_bnode_create+0x461/0x4f0 [ 76.175600][ T5319] Code: a1 8b 89 ee e8 c0 91 8f fe e9 cf fc ff ff e8 66 51 28 ff 4c 89 ef e8 4e 37 d1 08 48 c7 c7 e0 b2 a1 8b 89 ee e8 a0 91 8f fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff [ 76.184118][ T5319] RSP: 0018:ffffc9000d37f040 EFLAGS: 00010246 [ 76.186705][ T5319] RAX: 0000000000000023 RBX: ffff888042178000 RCX: 907e507e44a7b800 [ 76.190050][ T5319] RDX: ffffc9000dc7a000 RSI: 0000000000005d7b RDI: 0000000000005d7c [ 76.193659][ T5319] RBP: 0000000000000000 R08: ffffc9000d37ed67 R09: 1ffff92001a6fdac [ 76.197710][ T5319] R10: dffffc0000000000 R11: fffff52001a6fdad R12: 0000000000000000 [ 76.201243][ T5319] R13: ffff8880421780e0 R14: ffff8880363fa900 R15: dffffc0000000000 [ 76.204674][ T5319] ? do_raw_spin_unlock+0x4d/0x240 [ 76.207472][ T5319] hfsplus_bmap_alloc+0x5af/0x640 [ 76.209818][ T5319] ? __pfx_hfsplus_bmap_alloc+0x10/0x10 [ 76.212542][ T5319] ? hfsplus_bnode_read+0x135/0x2a0 [ 76.215243][ T5319] ? hfsplus_bnode_read+0x135/0x2a0 [ 76.217927][ T5319] hfs_bnode_split+0xcc/0xef0 [ 76.220078][ T5319] ? hfsplus_bnode_read+0x255/0x2a0 [ 76.222367][ T5319] ? hfsplus_bnode_read+0x135/0x2a0 [ 76.224698][ T5319] ? __asan_memcpy+0x40/0x70 [ 76.226791][ T5319] ? hfsplus_bnode_read_u16+0x87/0xd0 [ 76.229240][ T5319] ? __pfx_hfs_bnode_split+0x10/0x10 [ 76.231707][ T5319] hfsplus_brec_insert+0x38f/0xcc0 [ 76.234140][ T5319] ? __pfx_hfsplus_brec_insert+0x10/0x10 [ 76.237078][ T5319] hfsplus_create_cat+0x3b6/0x1000 [ 76.239537][ T5319] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 76.242021][ T5319] ? do_raw_spin_unlock+0x4d/0x240 [ 76.244428][ T5319] ? do_raw_spin_unlock+0x4d/0x240 [ 76.246780][ T5319] ? _raw_spin_unlock+0x28/0x50 [ 76.249073][ T5319] ? hfsplus_new_inode+0x643/0x820 [ 76.251436][ T5319] hfsplus_fill_super+0x1314/0x1b70 [ 76.253988][ T5319] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 76.256828][ T5319] ? string+0x279/0x2b0 [ 76.258829][ T5319] ? snprintf+0xda/0x120 [ 76.260712][ T5319] ? sb_set_blocksize+0x104/0x180 [ 76.262937][ T5319] ? setup_bdev_super+0x4c1/0x5b0 [ 76.265261][ T5319] get_tree_bdev_flags+0x40e/0x4d0 [ 76.267738][ T5319] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 76.270411][ T5319] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 76.272969][ T5319] vfs_get_tree+0x92/0x2b0 [ 76.275003][ T5319] do_new_mount+0x24a/0xa40 [ 76.277107][ T5319] __se_sys_mount+0x317/0x410 [ 76.279321][ T5319] ? __pfx___se_sys_mount+0x10/0x10 [ 76.281894][ T5319] ? do_syscall_64+0xbe/0x3b0 [ 76.284256][ T5319] ? __x64_sys_mount+0x20/0xc0 [ 76.286556][ T5319] do_syscall_64+0xfa/0x3b0 [ 76.288619][ T5319] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.290905][ T5319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.293687][ T5319] ? clear_bhb_loop+0x60/0xb0 [ 76.296031][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.298996][ T5319] RIP: 0033:0x7f15ff7900ca [ 76.301047][ T5319] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.309515][ T5319] RSP: 002b:00007f16005cde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 76.313294][ T5319] RAX: ffffffffffffffda RBX: 00007f16005cdef0 RCX: 00007f15ff7900ca [ 76.316970][ T5319] RDX: 0000200000000100 RSI: 0000200000002900 RDI: 00007f16005cdeb0 [ 76.320865][ T5319] RBP: 0000200000000100 R08: 00007f16005cdef0 R09: 0000000002000010 [ 76.324462][ T5319] R10: 0000000002000010 R11: 0000000000000246 R12: 0000200000002900 [ 76.327933][ T5319] R13: 00007f16005cdeb0 R14: 00000000000006d2 R15: 00002000000022c0 [ 76.331294][ T5319] [ 76.333011][ T5319] Kernel Offset: disabled [ 76.334991][ T5319] Rebooting in 86400 seconds..