program: syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000000)={[{@nobarrier}, {@nobarrier}, {@creator={'creator', 0x3d, "bd3c66f5"}}, {@nls={'nls', 0x3d, 'koi8-u'}}, {@umask={'umask', 0x3d, 0x1f}}, {@umask={'umask', 0x3d, 0xde5}}]}, 0x3, 0x6a4, &(0x7f0000000100)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") setxattr$incfs_metadata(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000800)={@initdev, @empty, 0x0}, &(0x7f0000000840)=0xc) sendmsg$nl_route_sched(r0, &(0x7f0000000940)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)=@getqdisc={0x4c, 0x26, 0x4, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x8, 0xc}, {0xffe0, 0xd}, {0xa, 0x8}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004}, 0x800) setxattr$incfs_metadata(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f00000003c0)="3b210268fed2e2fc82fcd529ced215", 0xff39, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x40000) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_SECURITY_KEY(r4, 0x110, 0x1, &(0x7f0000000040)='-\x00', 0xff2a) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000440)={0x53, 0x0, 0x10, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380)="851666ce20db", 0x0, 0x10, 0x39, 0x0, 0x0}) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000000)={[{@nobarrier}, {@nobarrier}, {@creator={'creator', 0x3d, "bd3c66f5"}}, {@nls={'nls', 0x3d, 'koi8-u'}}, {@umask={'umask', 0x3d, 0x1f}}, {@umask={'umask', 0x3d, 0xde5}}]}, 0x3, 0x6a4, &(0x7f0000000100)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") (async) setxattr$incfs_metadata(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x1) (async) socket$nl_route(0x10, 0x3, 0x0) (async) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000800)={@initdev, @empty}, &(0x7f0000000840)=0xc) (async) sendmsg$nl_route_sched(r0, &(0x7f0000000940)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)=@getqdisc={0x4c, 0x26, 0x4, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x8, 0xc}, {0xffe0, 0xd}, {0xa, 0x8}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004}, 0x800) (async) setxattr$incfs_metadata(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f00000003c0)="3b210268fed2e2fc82fcd529ced215", 0xff39, 0x0) (async) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x40000) (async) gettid() (async) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) (async) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) socket$rxrpc(0x21, 0x2, 0xa) (async) setsockopt$RXRPC_SECURITY_KEY(r4, 0x110, 0x1, &(0x7f0000000040)='-\x00', 0xff2a) (async) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000440)={0x53, 0x0, 0x10, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380)="851666ce20db", 0x0, 0x10, 0x39, 0x0, 0x0}) (async) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) (async) [ 84.962852][ T46] Bluetooth: hci0: command tx timeout [ 85.060309][ T5343] loop0: detected capacity change from 0 to 1024 [ 85.185123][ T5345] hfsplus: trying to free free bnode 0(1) [ 85.234060][ T5346] hfsplus: new node 0 already hashed? [ 85.240477][ T5346] ------------[ cut here ]------------ [ 85.242659][ T5346] WARNING: fs/hfsplus/bnode.c:631 at hfsplus_bnode_create+0x461/0x4f0, CPU#0: syz.0.0/5346 [ 85.247057][ T5346] Modules linked in: [ 85.248919][ T5346] CPU: 0 UID: 0 PID: 5346 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.252596][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.257447][ T5346] RIP: 0010:hfsplus_bnode_create+0x461/0x4f0 [ 85.260139][ T5346] Code: a2 8b 89 ee e8 00 c8 85 fe e9 cf fc ff ff e8 46 de 1f ff 4c 89 ef e8 ce 6b be 08 48 c7 c7 00 97 a2 8b 89 ee e8 e0 c7 85 fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff [ 85.268756][ T5346] RSP: 0018:ffffc9000e726f20 EFLAGS: 00010246 [ 85.271520][ T5346] RAX: 0000000000000023 RBX: ffff888041548000 RCX: 4d4781c9569d0f00 [ 85.274964][ T5346] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 85.278214][ T5346] RBP: 0000000000000000 R08: ffffc9000e726c47 R09: 1ffff92001ce4d88 [ 85.281427][ T5346] R10: dffffc0000000000 R11: fffff52001ce4d89 R12: 0000000000000000 [ 85.285056][ T5346] R13: ffff8880415480e0 R14: ffff8880231a0e00 R15: dffffc0000000000 [ 85.288890][ T5346] FS: 00007fbda2c156c0(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000 [ 85.292788][ T5346] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.295943][ T5346] CR2: 0000000000000000 CR3: 000000003f6dc000 CR4: 0000000000352ef0 [ 85.299361][ T5346] Call Trace: [ 85.300871][ T5346] [ 85.302196][ T5346] ? do_raw_spin_unlock+0x4d/0x240 [ 85.304397][ T5346] hfsplus_bmap_alloc+0x746/0xaf0 [ 85.306849][ T5346] ? __pfx_hfsplus_bmap_alloc+0x10/0x10 [ 85.309479][ T5346] hfs_btree_inc_height+0xf6/0xb60 [ 85.311793][ T5346] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.314448][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.317337][ T5346] ? rcu_is_watching+0x15/0xb0 [ 85.319409][ T5346] ? __pfx_hfs_btree_inc_height+0x10/0x10 [ 85.321903][ T5346] ? trace_contention_end+0x39/0x100 [ 85.324134][ T5346] ? __mutex_lock+0x335/0x1350 [ 85.326362][ T5346] hfsplus_brec_insert+0x12e/0xd70 [ 85.328642][ T5346] ? hfsplus_asc2uni+0x848/0x940 [ 85.331223][ T5346] ? __asan_memset+0x22/0x50 [ 85.333264][ T5346] ? hfsplus_brec_find+0x1a9/0x510 [ 85.335953][ T5346] ? hfsplus_bmap_reserve+0x4c9/0x510 [ 85.338268][ T5346] ? __pfx_hfs_find_rec_by_key+0x10/0x10 [ 85.340692][ T5346] ? __pfx_hfsplus_brec_insert+0x10/0x10 [ 85.342981][ T5346] ? __asan_memcpy+0x40/0x70 [ 85.345037][ T5346] ? hfsplus_attr_build_record+0xcc/0x180 [ 85.347589][ T5346] hfsplus_create_attr+0x30a/0x470 [ 85.349900][ T5346] ? __pfx_hfsplus_create_attr+0x10/0x10 [ 85.352258][ T5346] ? hfsplus_find_init+0x168/0x2d0 [ 85.354439][ T5346] __hfsplus_setxattr+0x66b/0x2170 [ 85.357081][ T5346] ? is_bpf_text_address+0x292/0x2b0 [ 85.359793][ T5346] ? is_bpf_text_address+0x26/0x2b0 [ 85.362168][ T5346] ? kernel_text_address+0xa5/0xe0 [ 85.364648][ T5346] ? __kernel_text_address+0xd/0x40 [ 85.367128][ T5346] ? unwind_get_return_address+0x4d/0x90 [ 85.369676][ T5346] ? arch_stack_walk+0xfc/0x150 [ 85.371900][ T5346] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 85.374495][ T5346] ? stack_trace_save+0x9c/0xe0 [ 85.376950][ T5346] ? __pfx_stack_trace_save+0x10/0x10 [ 85.379472][ T5346] ? __kasan_kmalloc+0x93/0xb0 [ 85.381685][ T5346] ? __kmalloc_cache_noprof+0x3e2/0x700 [ 85.384271][ T5346] ? hfsplus_setxattr+0x102/0x180 [ 85.386776][ T5346] hfsplus_setxattr+0x11e/0x180 [ 85.388857][ T5346] hfsplus_user_setxattr+0x40/0x60 [ 85.390976][ T5346] ? __pfx_hfsplus_user_setxattr+0x10/0x10 [ 85.393511][ T5346] __vfs_setxattr+0x43c/0x480 [ 85.395835][ T5346] __vfs_setxattr_noperm+0x12d/0x660 [ 85.398122][ T5346] vfs_setxattr+0x16b/0x2f0 [ 85.400145][ T5346] ? __pfx_vfs_setxattr+0x10/0x10 [ 85.402406][ T5346] filename_setxattr+0x274/0x600 [ 85.404747][ T5346] ? __pfx_filename_setxattr+0x10/0x10 [ 85.407411][ T5346] ? getname_flags+0x1e5/0x540 [ 85.409424][ T5346] path_setxattrat+0x364/0x3a0 [ 85.411547][ T5346] ? __pfx_path_setxattrat+0x10/0x10 [ 85.413872][ T5346] ? exc_page_fault+0x82/0x100 [ 85.416089][ T5346] __x64_sys_setxattr+0xbc/0xe0 [ 85.418299][ T5346] do_syscall_64+0xfa/0xf80 [ 85.420341][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.423102][ T5346] ? clear_bhb_loop+0x60/0xb0 [ 85.425126][ T5346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.427769][ T5346] RIP: 0033:0x7fbda1d8f7c9 [ 85.429823][ T5346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.438421][ T5346] RSP: 002b:00007fbda2c15038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 85.442028][ T5346] RAX: ffffffffffffffda RBX: 00007fbda1fe6180 RCX: 00007fbda1d8f7c9 [ 85.445807][ T5346] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000200000000000 [ 85.449099][ T5346] RBP: 00007fbda1e13f91 R08: 0000000000000001 R09: 0000000000000000 [ 85.452424][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.456203][ T5346] R13: 00007fbda1fe6218 R14: 00007fbda1fe6180 R15: 00007ffc3e6b3e98 [ 85.459698][ T5346] [ 85.461094][ T5346] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.464186][ T5346] CPU: 0 UID: 0 PID: 5346 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.468157][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.473268][ T5346] Call Trace: [ 85.474708][ T5346] [ 85.476029][ T5346] dump_stack_lvl+0x99/0x250 [ 85.478044][ T5346] ? __asan_memcpy+0x40/0x70 [ 85.480033][ T5346] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.482392][ T5346] ? __pfx__printk+0x10/0x10 [ 85.484429][ T5346] vpanic+0x237/0x6d0 [ 85.486170][ T5346] ? __pfx_vpanic+0x10/0x10 [ 85.488061][ T5346] ? is_bpf_text_address+0x292/0x2b0 [ 85.490167][ T5346] ? is_bpf_text_address+0x26/0x2b0 [ 85.492282][ T5346] panic+0xb9/0xc0 [ 85.493871][ T5346] ? __pfx_panic+0x10/0x10 [ 85.495557][ T5346] __warn+0x317/0x4b0 [ 85.497197][ T5346] ? hfsplus_bnode_create+0x461/0x4f0 [ 85.499305][ T5346] ? hfsplus_bnode_create+0x461/0x4f0 [ 85.501439][ T5346] __report_bug+0x288/0x500 [ 85.503363][ T5346] ? irq_work_queue+0xbc/0x140 [ 85.505460][ T5346] ? hfsplus_bnode_create+0x461/0x4f0 [ 85.507828][ T5346] ? __pfx___report_bug+0x10/0x10 [ 85.510102][ T5346] ? __pfx_vprintk_emit+0x10/0x10 [ 85.512315][ T5346] ? hfsplus_bnode_create+0x461/0x4f0 [ 85.514690][ T5346] report_bug+0x16a/0x220 [ 85.516623][ T5346] ? hfsplus_bnode_create+0x461/0x4f0 [ 85.518997][ T5346] ? hfsplus_bnode_create+0x463/0x4f0 [ 85.521245][ T5346] handle_bug+0x98/0x200 [ 85.523122][ T5346] exc_invalid_op+0x1a/0x50 [ 85.525052][ T5346] asm_exc_invalid_op+0x1a/0x20 [ 85.527238][ T5346] RIP: 0010:hfsplus_bnode_create+0x461/0x4f0 [ 85.530001][ T5346] Code: a2 8b 89 ee e8 00 c8 85 fe e9 cf fc ff ff e8 46 de 1f ff 4c 89 ef e8 ce 6b be 08 48 c7 c7 00 97 a2 8b 89 ee e8 e0 c7 85 fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff [ 85.538447][ T5346] RSP: 0018:ffffc9000e726f20 EFLAGS: 00010246 [ 85.540897][ T5346] RAX: 0000000000000023 RBX: ffff888041548000 RCX: 4d4781c9569d0f00 [ 85.544131][ T5346] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 85.547413][ T5346] RBP: 0000000000000000 R08: ffffc9000e726c47 R09: 1ffff92001ce4d88 [ 85.550838][ T5346] R10: dffffc0000000000 R11: fffff52001ce4d89 R12: 0000000000000000 [ 85.554241][ T5346] R13: ffff8880415480e0 R14: ffff8880231a0e00 R15: dffffc0000000000 [ 85.557709][ T5346] ? do_raw_spin_unlock+0x4d/0x240 [ 85.559866][ T5346] hfsplus_bmap_alloc+0x746/0xaf0 [ 85.562032][ T5346] ? __pfx_hfsplus_bmap_alloc+0x10/0x10 [ 85.564436][ T5346] hfs_btree_inc_height+0xf6/0xb60 [ 85.566708][ T5346] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.569089][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.571720][ T5346] ? rcu_is_watching+0x15/0xb0 [ 85.573751][ T5346] ? __pfx_hfs_btree_inc_height+0x10/0x10 [ 85.576293][ T5346] ? trace_contention_end+0x39/0x100 [ 85.578613][ T5346] ? __mutex_lock+0x335/0x1350 [ 85.580641][ T5346] hfsplus_brec_insert+0x12e/0xd70 [ 85.582831][ T5346] ? hfsplus_asc2uni+0x848/0x940 [ 85.584982][ T5346] ? __asan_memset+0x22/0x50 [ 85.587211][ T5346] ? hfsplus_brec_find+0x1a9/0x510 [ 85.589380][ T5346] ? hfsplus_bmap_reserve+0x4c9/0x510 [ 85.591739][ T5346] ? __pfx_hfs_find_rec_by_key+0x10/0x10 [ 85.594191][ T5346] ? __pfx_hfsplus_brec_insert+0x10/0x10 [ 85.596697][ T5346] ? __asan_memcpy+0x40/0x70 [ 85.598775][ T5346] ? hfsplus_attr_build_record+0xcc/0x180 [ 85.601376][ T5346] hfsplus_create_attr+0x30a/0x470 [ 85.603638][ T5346] ? __pfx_hfsplus_create_attr+0x10/0x10 [ 85.606139][ T5346] ? hfsplus_find_init+0x168/0x2d0 [ 85.608429][ T5346] __hfsplus_setxattr+0x66b/0x2170 [ 85.610678][ T5346] ? is_bpf_text_address+0x292/0x2b0 [ 85.613017][ T5346] ? is_bpf_text_address+0x26/0x2b0 [ 85.615556][ T5346] ? kernel_text_address+0xa5/0xe0 [ 85.617829][ T5346] ? __kernel_text_address+0xd/0x40 [ 85.620004][ T5346] ? unwind_get_return_address+0x4d/0x90 [ 85.622529][ T5346] ? arch_stack_walk+0xfc/0x150 [ 85.624704][ T5346] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 85.627122][ T5346] ? stack_trace_save+0x9c/0xe0 [ 85.629251][ T5346] ? __pfx_stack_trace_save+0x10/0x10 [ 85.631645][ T5346] ? __kasan_kmalloc+0x93/0xb0 [ 85.633831][ T5346] ? __kmalloc_cache_noprof+0x3e2/0x700 [ 85.636246][ T5346] ? hfsplus_setxattr+0x102/0x180 [ 85.638479][ T5346] hfsplus_setxattr+0x11e/0x180 [ 85.640610][ T5346] hfsplus_user_setxattr+0x40/0x60 [ 85.642895][ T5346] ? __pfx_hfsplus_user_setxattr+0x10/0x10 [ 85.645401][ T5346] __vfs_setxattr+0x43c/0x480 [ 85.647394][ T5346] __vfs_setxattr_noperm+0x12d/0x660 [ 85.649711][ T5346] vfs_setxattr+0x16b/0x2f0 [ 85.651532][ T5346] ? __pfx_vfs_setxattr+0x10/0x10 [ 85.653661][ T5346] filename_setxattr+0x274/0x600 [ 85.655777][ T5346] ? __pfx_filename_setxattr+0x10/0x10 [ 85.658073][ T5346] ? getname_flags+0x1e5/0x540 [ 85.659982][ T5346] path_setxattrat+0x364/0x3a0 [ 85.662015][ T5346] ? __pfx_path_setxattrat+0x10/0x10 [ 85.664257][ T5346] ? exc_page_fault+0x82/0x100 [ 85.666263][ T5346] __x64_sys_setxattr+0xbc/0xe0 [ 85.668237][ T5346] do_syscall_64+0xfa/0xf80 [ 85.670095][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.672529][ T5346] ? clear_bhb_loop+0x60/0xb0 [ 85.674422][ T5346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.676862][ T5346] RIP: 0033:0x7fbda1d8f7c9 [ 85.678744][ T5346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.687087][ T5346] RSP: 002b:00007fbda2c15038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 85.690648][ T5346] RAX: ffffffffffffffda RBX: 00007fbda1fe6180 RCX: 00007fbda1d8f7c9 [ 85.694119][ T5346] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000200000000000 [ 85.697614][ T5346] RBP: 00007fbda1e13f91 R08: 0000000000000001 R09: 0000000000000000 [ 85.701400][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.704901][ T5346] R13: 00007fbda1fe6218 R14: 00007fbda1fe6180 R15: 00007ffc3e6b3e98 [ 85.708253][ T5346] [ 85.709975][ T5346] Kernel Offset: disabled [ 85.711829][ T5346] Rebooting in 86400 seconds..