program: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000e00)={[{@jqfmt_vfsold}, {@nouid32}, {@bh}, {@jqfmt_vfsold}, {@data_err_ignore}, {@data_writeback}, {@dax_always}, {@data_err_abort}, {@dioread_lock}, {@grpid}, {@oldalloc}, {@data_err_ignore}], [{@obj_role={'obj_role', 0x3d, '---'}}]}, 0xfe, 0x444, &(0x7f0000000980)="$eJzs3MtvG8UfAPDv2nHS5y/5lfJoaCFQEBGPpEkf9MAFBBIHkJC4FHEKSVqFpg1qgkSrCAKHcESVuCOOSPwFnOCCgBMSV7ijShXKpYWT0dq7qZvYaZw4del+PtLGM96xZr67O/bsjJ0ACmso/ZNE7IuI3yOiv569vcBQ/eHmyuLk3yuLk0lUq2//ldTK3VhZnMyL5q/bW89Uq1m+r0m9y+9GTMzOTl/K8qMLFz4Ynb985YWZCxPnps9NXxw/ffrE8SO9p8ZPdiTONK4bgx/PHT70+jtX35w8c/W9n79N27sv298YR6cM1Y9uU09XOl1bd+1vSCc9XWwIbSlHRHq6KrX+3x/l2L26rz9e+6yrjQN2VLVarTb7fM4sVYH7WBLdbgHQHfkHfXr/m293aehxT7j+cv0GKI37ZrbV9/REKStTWXN/20lDEXFm6Z+v0i12aB4CAKDR9+n45/lm479SPNRQ7n/ZGspARPw/Ig5ExAMRcTAiHoyolX04Ih5ps/61KyTrxz+la1sKbJPS8d9L2drW7eO/fPQXA+Ust78WfyU5OzM7fSw7JsNR6UvzYxvU8cOrv33Ral/j+C/d0vrzsWDWjms9aybopiYWJrYTc6Prn0YM9jSLP4l8GSeJiEMRMbjFOmae/eZwq313jn8DHVhnqn4d8Uz9/C/FmvhzScv1ybEXT42fHN0Vs9PHRvOrYr1ffl1+q1X924q/A9Lzv6fp9b8a/0CyK2L+8pXztfXa+fbrWP7j85b3NFu7/mdWG9ebPX40sbBwaSyiN3lj/fPjt16b5/PyafzDR5v3/wNx60g8GhHpRXwkIh6LiMeztj8REU9GxNEN4v/plafebz/+DWblOyiNf+pO5z8az3/7ifL5H79rP/5cev5P1FLD2TObef/bbAO3c+wAAADgv6JU+w58UhpZTZdKIyP17/AfjD1LMTe/8NzZuQ8vTtW/Kz8QlVI+09XfMB86ls0N5/nxNfnj2bzxl+XdtfzI5NzsVLeDh4Lb26L/p/4sd7t1wI7zey0oLv0fikv/h+LS/6G49H8ormb9/5MutAO4+3z+Q3Hp/1Bc+j8Ul/4PhdTyt/Glbf3kf7uJpBuVSrSTiNI90Yz7P9Gz6X9mscVEX9Nd3X5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Ix/AwAA//+UFuN0") syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x28408e, &(0x7f0000000100)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x31}}, {@errors_remount}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@inlinecrypt}, {@errors_remount}, {@journal_dev}]}, 0x0, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=") mount$bind(&(0x7f0000000200)='./file0\x00', &(0x7f0000000000)='./file1\x00', 0x0, 0x101091, 0x0) (async) mount$bind(&(0x7f0000000200)='./file0\x00', &(0x7f0000000000)='./file1\x00', 0x0, 0x101091, 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x20, &(0x7f0000000140)='usrjquota=') (async) mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x20, &(0x7f0000000140)='usrjquota=') r0 = getpgid(0x0) syz_create_resource$binfmt(&(0x7f00000000c0)='./file1\x00') (async) syz_create_resource$binfmt(&(0x7f00000000c0)='./file1\x00') syz_pidfd_open(r0, 0x0) (async) r1 = syz_pidfd_open(r0, 0x0) pidfd_getfd(r1, r1, 0x0) (async) r2 = pidfd_getfd(r1, r1, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xfffffd93, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x90) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000001140)={0x1, "21afa8b1cb67a80ce85f8f00344d914ddd05b68827540394100a9029a81e2c50"}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_STATION(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="010000000000fddbdf251200000008000300", @ANYRES32=r12, @ANYBLOB="0a00060008021100000100000c00430002"], 0x34}}, 0x44) sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r8, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r7, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) close_range(r2, 0xffffffffffffffff, 0x2) (async) close_range(r2, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000840)={@cgroup=r2, 0x10, 0x1, 0x58, &(0x7f0000000240)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000880)={r3, r5, 0x25, 0x0, @val=@netkit={@void, @value=r2, @void, @void, r15}}, 0x1c) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0xfe, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) (async) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) (async) setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$security_capability(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f00000003c0)=@v3={0x3000000, [{0x9, 0x38}, {0xfffffff7, 0xffffffff}]}, 0x18, 0x1) splice(r14, &(0x7f00000008c0)=0x10001000, 0xffffffffffffffff, &(0x7f0000000900)=0x1c00000000000, 0x100000001, 0x9) [ 67.819456][ T4673] Bluetooth: hci0: command tx timeout [ 67.855615][ T5323] loop0: detected capacity change from 0 to 512 [ 67.887388][ T5323] EXT4-fs: Ignoring removed bh option [ 67.905259][ T5323] EXT4-fs: Ignoring removed oldalloc option [ 67.907721][ T5323] ext4: Unknown parameter 'obj_role' [ 67.986645][ T5323] loop0: detected capacity change from 0 to 1024 [ 68.044591][ T5323] hfsplus: request for non-existent node 134217728 in B*Tree [ 68.047921][ T5323] hfsplus: request for non-existent node 134217728 in B*Tree [ 68.070106][ T5324] ================================================================== [ 68.073449][ T5324] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0 [ 68.076783][ T5324] Read of size 8 at addr ffff88803441c898 by task syz.0.0/5324 [ 68.079537][ T5324] [ 68.080554][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 68.080567][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.080574][ T5324] Call Trace: [ 68.080581][ T5324] [ 68.080587][ T5324] dump_stack_lvl+0x189/0x250 [ 68.080606][ T5324] ? __kasan_check_byte+0x12/0x40 [ 68.080617][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.080640][ T5324] ? lock_release+0x4b/0x3e0 [ 68.080656][ T5324] ? __virt_addr_valid+0x4a5/0x5c0 [ 68.080668][ T5324] print_report+0xd2/0x2b0 [ 68.080680][ T5324] ? hfsplus_bnode_read+0xc0/0x2a0 [ 68.080691][ T5324] kasan_report+0x118/0x150 [ 68.080701][ T5324] ? hfsplus_bnode_read+0xc0/0x2a0 [ 68.080715][ T5324] hfsplus_bnode_read+0xc0/0x2a0 [ 68.080730][ T5324] hfsplus_bnode_dump+0x300/0x450 [ 68.080745][ T5324] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 68.080758][ T5324] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 68.080772][ T5324] ? hfsplus_bnode_move+0x393/0xb90 [ 68.080785][ T5324] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 68.080796][ T5324] hfsplus_brec_remove+0x480/0x550 [ 68.080814][ T5324] __hfsplus_delete_attr+0x1d4/0x360 [ 68.080825][ T5324] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 68.080836][ T5324] ? hfsplus_attr_build_key+0xee/0x260 [ 68.080847][ T5324] hfsplus_delete_attr+0x231/0x2d0 [ 68.080857][ T5324] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 68.080868][ T5324] ? hfsplus_find_init+0x8c/0x1d0 [ 68.080883][ T5324] ? hfsplus_find_init+0x15a/0x1d0 [ 68.080898][ T5324] __hfsplus_setxattr+0x37a/0x1f40 [ 68.080910][ T5324] ? is_bpf_text_address+0x26/0x2b0 [ 68.080925][ T5324] ? kernel_text_address+0xa5/0xe0 [ 68.080938][ T5324] ? unwind_get_return_address+0x4d/0x90 [ 68.080951][ T5324] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 68.080962][ T5324] ? arch_stack_walk+0xfc/0x150 [ 68.080971][ T5324] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 68.080984][ T5324] ? stack_trace_save+0x9c/0xe0 [ 68.081011][ T5324] ? __kasan_kmalloc+0x93/0xb0 [ 68.081019][ T5324] ? hfsplus_setxattr+0x102/0x180 [ 68.081030][ T5324] hfsplus_setxattr+0x11e/0x180 [ 68.081042][ T5324] hfsplus_trusted_setxattr+0x40/0x60 [ 68.081053][ T5324] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 68.081065][ T5324] __vfs_setxattr+0x43c/0x480 [ 68.081078][ T5324] __vfs_setxattr_noperm+0x12d/0x660 [ 68.081089][ T5324] vfs_setxattr+0x16b/0x2f0 [ 68.081100][ T5324] ? __pfx_vfs_setxattr+0x10/0x10 [ 68.081109][ T5324] ? mnt_get_write_access+0x223/0x2a0 [ 68.081126][ T5324] filename_setxattr+0x274/0x600 [ 68.081139][ T5324] ? __pfx_filename_setxattr+0x10/0x10 [ 68.081150][ T5324] ? getname_flags+0x1e5/0x540 [ 68.081163][ T5324] path_setxattrat+0x364/0x3a0 [ 68.081178][ T5324] ? __pfx_path_setxattrat+0x10/0x10 [ 68.081198][ T5324] ? rcu_is_watching+0x15/0xb0 [ 68.081214][ T5324] __x64_sys_setxattr+0xbc/0xe0 [ 68.081233][ T5324] do_syscall_64+0xfa/0x3b0 [ 68.081297][ T5324] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.081311][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.081320][ T5324] ? clear_bhb_loop+0x60/0xb0 [ 68.081331][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.081341][ T5324] RIP: 0033:0x7f8b63f8e929 [ 68.081352][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.081361][ T5324] RSP: 002b:00007f8b64d2d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 68.081374][ T5324] RAX: ffffffffffffffda RBX: 00007f8b641b6080 RCX: 00007f8b63f8e929 [ 68.081380][ T5324] RDX: 0000200000001400 RSI: 00002000000001c0 RDI: 0000200000000200 [ 68.081387][ T5324] RBP: 00007f8b64010b39 R08: 0000000000000000 R09: 0000000000000000 [ 68.081393][ T5324] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000 [ 68.081400][ T5324] R13: 0000000000000000 R14: 00007f8b641b6080 R15: 00007ffd1bd09bb8 [ 68.081409][ T5324] [ 68.081413][ T5324] [ 68.257313][ T5324] Allocated by task 5324: [ 68.259298][ T5324] kasan_save_track+0x3e/0x80 [ 68.261635][ T5324] __kasan_kmalloc+0x93/0xb0 [ 68.263953][ T5324] __kmalloc_noprof+0x27a/0x4f0 [ 68.266204][ T5324] __hfs_bnode_create+0xf3/0x810 [ 68.268428][ T5324] hfsplus_bnode_find+0x224/0xd20 [ 68.270660][ T5324] hfsplus_brec_find+0x15c/0x500 [ 68.272915][ T5324] hfsplus_attr_exists+0x163/0x1d0 [ 68.275165][ T5324] __hfsplus_setxattr+0x33e/0x1f40 [ 68.277427][ T5324] hfsplus_setxattr+0x11e/0x180 [ 68.279630][ T5324] hfsplus_trusted_setxattr+0x40/0x60 [ 68.282200][ T5324] __vfs_setxattr+0x43c/0x480 [ 68.284443][ T5324] __vfs_setxattr_noperm+0x12d/0x660 [ 68.286883][ T5324] vfs_setxattr+0x16b/0x2f0 [ 68.288985][ T5324] filename_setxattr+0x274/0x600 [ 68.291450][ T5324] path_setxattrat+0x364/0x3a0 [ 68.293913][ T5324] __x64_sys_setxattr+0xbc/0xe0 [ 68.296148][ T5324] do_syscall_64+0xfa/0x3b0 [ 68.298298][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.301012][ T5324] [ 68.302151][ T5324] The buggy address belongs to the object at ffff88803441c800 [ 68.302151][ T5324] which belongs to the cache kmalloc-192 of size 192 [ 68.308381][ T5324] The buggy address is located 0 bytes to the right of [ 68.308381][ T5324] allocated 152-byte region [ffff88803441c800, ffff88803441c898) [ 68.315041][ T5324] [ 68.316183][ T5324] The buggy address belongs to the physical page: [ 68.319100][ T5324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3441c [ 68.322972][ T5324] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 68.326303][ T5324] page_type: f5(slab) [ 68.328293][ T5324] raw: 04fff00000000000 ffff88801a4413c0 ffffea0000d9df80 dead000000000004 [ 68.332750][ T5324] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 68.336901][ T5324] page dumped because: kasan: bad access detected [ 68.339831][ T5324] page_owner tracks the page as allocated [ 68.342422][ T5324] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 55, tgid 55 (kworker/0:2), ts 10191743411, free_ts 0 [ 68.350583][ T5324] post_alloc_hook+0x240/0x2a0 [ 68.352856][ T5324] get_page_from_freelist+0x21e4/0x22c0 [ 68.355380][ T5324] __alloc_frozen_pages_noprof+0x181/0x370 [ 68.358092][ T5324] alloc_pages_mpol+0x232/0x4a0 [ 68.360534][ T5324] allocate_slab+0x8a/0x3b0 [ 68.362674][ T5324] ___slab_alloc+0xbfc/0x1480 [ 68.364927][ T5324] __kmalloc_noprof+0x305/0x4f0 [ 68.367128][ T5324] virtio_gpu_array_alloc+0x26/0xc0 [ 68.369534][ T5324] virtio_gpu_primary_plane_update+0x382/0x1380 [ 68.372467][ T5324] drm_atomic_helper_commit_planes+0x60f/0xec0 [ 68.375283][ T5324] drm_atomic_helper_commit_tail+0x5d/0x520 [ 68.377926][ T5324] commit_tail+0x29a/0x3a0 [ 68.379936][ T5324] drm_atomic_helper_commit+0xa6b/0xb10 [ 68.382727][ T5324] drm_atomic_commit+0x262/0x2c0 [ 68.385393][ T5324] drm_atomic_helper_dirtyfb+0xd7b/0xee0 [ 68.387927][ T5324] drm_fbdev_shmem_helper_fb_dirty+0x160/0x2f0 [ 68.390703][ T5324] page_owner free stack trace missing [ 68.393133][ T5324] [ 68.394249][ T5324] Memory state around the buggy address: [ 68.396795][ T5324] ffff88803441c780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 68.400450][ T5324] ffff88803441c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.404082][ T5324] >ffff88803441c880: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.407633][ T5324] ^ [ 68.409752][ T5324] ffff88803441c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.413230][ T5324] ffff88803441c980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 68.416761][ T5324] ================================================================== [ 68.460150][ T5324] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.463408][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 68.467641][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.473143][ T5324] Call Trace: [ 68.474864][ T5324] [ 68.476388][ T5324] dump_stack_lvl+0x99/0x250 [ 68.478558][ T5324] ? __asan_memcpy+0x40/0x70 [ 68.480751][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.483219][ T5324] ? __pfx__printk+0x10/0x10 [ 68.485485][ T5324] panic+0x2db/0x790 [ 68.487326][ T5324] ? __pfx_preempt_schedule+0x10/0x10 [ 68.489844][ T5324] ? __pfx_panic+0x10/0x10 [ 68.491843][ T5324] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 68.494436][ T5324] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.497436][ T5324] ? hfsplus_bnode_read+0xc0/0x2a0 [ 68.499845][ T5324] check_panic_on_warn+0x89/0xb0 [ 68.502288][ T5324] ? hfsplus_bnode_read+0xc0/0x2a0 [ 68.504727][ T5324] end_report+0x78/0x160 [ 68.506807][ T5324] kasan_report+0x129/0x150 [ 68.508858][ T5324] ? hfsplus_bnode_read+0xc0/0x2a0 [ 68.511117][ T5324] hfsplus_bnode_read+0xc0/0x2a0 [ 68.513316][ T5324] hfsplus_bnode_dump+0x300/0x450 [ 68.515530][ T5324] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 68.518218][ T5324] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 68.520967][ T5324] ? hfsplus_bnode_move+0x393/0xb90 [ 68.523449][ T5324] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 68.526125][ T5324] hfsplus_brec_remove+0x480/0x550 [ 68.528417][ T5324] __hfsplus_delete_attr+0x1d4/0x360 [ 68.530771][ T5324] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 68.533389][ T5324] ? hfsplus_attr_build_key+0xee/0x260 [ 68.535808][ T5324] hfsplus_delete_attr+0x231/0x2d0 [ 68.538179][ T5324] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 68.540836][ T5324] ? hfsplus_find_init+0x8c/0x1d0 [ 68.543167][ T5324] ? hfsplus_find_init+0x15a/0x1d0 [ 68.545456][ T5324] __hfsplus_setxattr+0x37a/0x1f40 [ 68.547858][ T5324] ? is_bpf_text_address+0x26/0x2b0 [ 68.550142][ T5324] ? kernel_text_address+0xa5/0xe0 [ 68.552403][ T5324] ? unwind_get_return_address+0x4d/0x90 [ 68.555042][ T5324] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 68.557887][ T5324] ? arch_stack_walk+0xfc/0x150 [ 68.560172][ T5324] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 68.562772][ T5324] ? stack_trace_save+0x9c/0xe0 [ 68.565090][ T5324] ? __kasan_kmalloc+0x93/0xb0 [ 68.567387][ T5324] ? hfsplus_setxattr+0x102/0x180 [ 68.569769][ T5324] hfsplus_setxattr+0x11e/0x180 [ 68.571906][ T5324] hfsplus_trusted_setxattr+0x40/0x60 [ 68.574128][ T5324] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 68.576577][ T5324] __vfs_setxattr+0x43c/0x480 [ 68.578543][ T5324] __vfs_setxattr_noperm+0x12d/0x660 [ 68.580772][ T5324] vfs_setxattr+0x16b/0x2f0 [ 68.582700][ T5324] ? __pfx_vfs_setxattr+0x10/0x10 [ 68.584926][ T5324] ? mnt_get_write_access+0x223/0x2a0 [ 68.587284][ T5324] filename_setxattr+0x274/0x600 [ 68.589502][ T5324] ? __pfx_filename_setxattr+0x10/0x10 [ 68.591971][ T5324] ? getname_flags+0x1e5/0x540 [ 68.594234][ T5324] path_setxattrat+0x364/0x3a0 [ 68.596492][ T5324] ? __pfx_path_setxattrat+0x10/0x10 [ 68.598953][ T5324] ? rcu_is_watching+0x15/0xb0 [ 68.601395][ T5324] __x64_sys_setxattr+0xbc/0xe0 [ 68.603918][ T5324] do_syscall_64+0xfa/0x3b0 [ 68.606160][ T5324] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.608476][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.611263][ T5324] ? clear_bhb_loop+0x60/0xb0 [ 68.613474][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.616073][ T5324] RIP: 0033:0x7f8b63f8e929 [ 68.618034][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.626445][ T5324] RSP: 002b:00007f8b64d2d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 68.630287][ T5324] RAX: ffffffffffffffda RBX: 00007f8b641b6080 RCX: 00007f8b63f8e929 [ 68.633963][ T5324] RDX: 0000200000001400 RSI: 00002000000001c0 RDI: 0000200000000200 [ 68.637467][ T5324] RBP: 00007f8b64010b39 R08: 0000000000000000 R09: 0000000000000000 [ 68.641062][ T5324] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000 [ 68.644735][ T5324] R13: 0000000000000000 R14: 00007f8b641b6080 R15: 00007ffd1bd09bb8 [ 68.648371][ T5324] [ 68.650422][ T5324] Kernel Offset: disabled [ 68.652860][ T5324] Rebooting in 86400 seconds..