program: perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xcf}, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x402000a, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x23, &(0x7f0000000040), 0xcf) (async) setsockopt$sock_attach_bpf(r0, 0x29, 0x23, &(0x7f0000000040), 0xcf) r1 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r0}, 0x8) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff, 0xee01}}, './file1\x00'}) (async) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff, 0xee01}}, './file1\x00'}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000006c0)={r2, 0x0, 0xf6, 0x45, &(0x7f0000000440)="d2def98ef9a59234adfe11e67d334ab9d5506fe5c61330629da061f5392f8fe1f537928c3a241d7e7e073a4f27f623d944b89dfece4df2dfb4883bc93c84ac87982c411f332eacd29d098d6163f4623961f016d12fee0026582e000c9d1ca6d576941403f04f6d9116455e3a7b94d741af2103f331fd0b635bd1cdbec8eec37b1b3281253390a703757d4e3eb676adebb86e572de1dcbd9986c7d3b2a056079d26d44c135e42e1a6a9ca0daf3b052786eb9cce83da8904c87037e3eed0d18ac7a1506ce18245b65cf74d96c7e3c370373de3cdc027b3942f7b5caefd95aea505605b824a3849dda65ee567eeb632a4122b3f3aa5680d", &(0x7f0000000380)=""/69, 0x1, 0x0, 0xc7, 0x4, &(0x7f0000000540)="bbe02176128b8f59aa91704dab7524ef42c4bf3754f850fb293a8d464f9273382d81e69bb672c7bfac3626492bd84c1c218c41936705e99dce8f256e5ff7d759f72516b69a7422c324cd44c026f29a85342e44b78f1cdcb423dd50ef73c36200a8c1e1d5483de7565ab450f7af479c1db25ba4698469386e0f1894d777079dca4f49d18223e73d3578fe30bbd11adc622db4591248cf274a4cfed8153b368f8fb483fe37d48d43080f8bc3e76acf40d57a47b33df6886fc1e087083ddb96abd28136c54065a264", &(0x7f0000000640)='1)z*', 0x4, 0x0, 0x4}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$kcm(0xa, 0x2, 0x0) (async) r3 = socket$kcm(0xa, 0x2, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0406618, &(0x7f0000000180)={@desc={0x1, 0x0, @desc1}}) setsockopt$sock_attach_bpf(r3, 0x29, 0x23, &(0x7f0000000040), 0xcf) (async) setsockopt$sock_attach_bpf(r3, 0x29, 0x23, &(0x7f0000000040), 0xcf) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async) lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') close(r5) ioctl$BSG_GET_COMMAND_Q(r2, 0x2270, &(0x7f0000000740)) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCVHANGUP(r6, 0x5437, 0x0) syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000bfe000/0x400000)=nil) openat$tun(0xffffffffffffff9c, &(0x7f0000000880), 0xa00, 0x0) (async) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000880), 0xa00, 0x0) r8 = accept$inet6(0xffffffffffffffff, &(0x7f0000000780)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000007c0)=0x1c) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r8, 0x84, 0x21, &(0x7f0000000800)=0x3, 0x4) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000140)={'macvlan0\x00', 0x100}) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f00000001c0)={0x1fd, 0x4, 0xdddd0000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f00000001c0)={0x1fd, 0x4, 0xdddd0000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) socket$kcm(0x10, 0x0, 0x0) (async) r10 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r10, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x4000000) [ 86.027428][ T4689] Bluetooth: hci0: command tx timeout [ 86.139863][ T5349] loop0: detected capacity change from 0 to 1024 [ 86.199765][ T5350] hfsplus: request for non-existent node 211 in B*Tree [ 86.202852][ T5350] hfsplus: request for non-existent node 211 in B*Tree [ 86.215740][ T5349] ================================================================== [ 86.218862][ T5349] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0 [ 86.222079][ T5349] Read of size 8 at addr ffff8880367f15c8 by task syz.0.0/5349 [ 86.225337][ T5349] [ 86.226442][ T5349] CPU: 0 UID: 0 PID: 5349 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 86.226458][ T5349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.226467][ T5349] Call Trace: [ 86.226476][ T5349] [ 86.226487][ T5349] dump_stack_lvl+0x189/0x250 [ 86.226506][ T5349] ? __virt_addr_valid+0x1c8/0x5c0 [ 86.226522][ T5349] ? rcu_is_watching+0x15/0xb0 [ 86.226536][ T5349] ? __kasan_check_byte+0x12/0x40 [ 86.226550][ T5349] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.226562][ T5349] ? rcu_is_watching+0x15/0xb0 [ 86.226574][ T5349] ? lock_release+0x4b/0x3e0 [ 86.226586][ T5349] ? __virt_addr_valid+0x1c8/0x5c0 [ 86.226598][ T5349] ? __virt_addr_valid+0x4a5/0x5c0 [ 86.226611][ T5349] print_report+0xca/0x230 [ 86.226622][ T5349] ? hfsplus_bnode_read+0xc0/0x2a0 [ 86.226635][ T5349] kasan_report+0x118/0x150 [ 86.226649][ T5349] ? hfsplus_bnode_read+0xc0/0x2a0 [ 86.226661][ T5349] hfsplus_bnode_read+0xc0/0x2a0 [ 86.226673][ T5349] hfsplus_bnode_dump+0x300/0x450 [ 86.226693][ T5349] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 86.226705][ T5349] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 86.226717][ T5349] ? hfsplus_bnode_move+0x393/0xb90 [ 86.226729][ T5349] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 86.226744][ T5349] hfsplus_brec_remove+0x480/0x550 [ 86.226761][ T5349] __hfsplus_delete_attr+0x1d4/0x360 [ 86.226777][ T5349] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 86.226792][ T5349] ? hfsplus_attr_build_key+0xee/0x260 [ 86.226806][ T5349] hfsplus_delete_attr+0x231/0x2d0 [ 86.226820][ T5349] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 86.226835][ T5349] ? hfsplus_find_init+0x8c/0x1d0 [ 86.226848][ T5349] ? hfsplus_find_init+0x15a/0x1d0 [ 86.226860][ T5349] __hfsplus_setxattr+0x71c/0x1f40 [ 86.226875][ T5349] ? is_bpf_text_address+0x26/0x2b0 [ 86.226889][ T5349] ? kernel_text_address+0xa5/0xe0 [ 86.226900][ T5349] ? __kernel_text_address+0xd/0x40 [ 86.226910][ T5349] ? unwind_get_return_address+0x4d/0x90 [ 86.226924][ T5349] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 86.226941][ T5349] ? arch_stack_walk+0xfc/0x150 [ 86.226956][ T5349] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 86.226972][ T5349] ? stack_trace_save+0x9c/0xe0 [ 86.227003][ T5349] ? hfsplus_setxattr+0x68/0x180 [ 86.227017][ T5349] ? __kasan_kmalloc+0x93/0xb0 [ 86.227029][ T5349] ? hfsplus_setxattr+0x102/0x180 [ 86.227045][ T5349] hfsplus_setxattr+0x11e/0x180 [ 86.227060][ T5349] hfsplus_trusted_setxattr+0x40/0x60 [ 86.227075][ T5349] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 86.227089][ T5349] __vfs_removexattr+0x42e/0x470 [ 86.227107][ T5349] __vfs_removexattr_locked+0x1ed/0x230 [ 86.227122][ T5349] vfs_removexattr+0x80/0x1b0 [ 86.227137][ T5349] path_removexattrat+0x35d/0x690 [ 86.227149][ T5349] ? __pfx_path_removexattrat+0x10/0x10 [ 86.227166][ T5349] ? rcu_is_watching+0x15/0xb0 [ 86.227180][ T5349] __x64_sys_lremovexattr+0x65/0x80 [ 86.227197][ T5349] do_syscall_64+0xfa/0x3b0 [ 86.227265][ T5349] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.227283][ T5349] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.227295][ T5349] ? clear_bhb_loop+0x60/0xb0 [ 86.227307][ T5349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.227319][ T5349] RIP: 0033:0x7feab7d8e929 [ 86.227332][ T5349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.227343][ T5349] RSP: 002b:00007feab8b47038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6 [ 86.227358][ T5349] RAX: ffffffffffffffda RBX: 00007feab7fb5fa0 RCX: 00007feab7d8e929 [ 86.227367][ T5349] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240 [ 86.227374][ T5349] RBP: 00007feab7e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 86.227381][ T5349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.227388][ T5349] R13: 0000000000000000 R14: 00007feab7fb5fa0 R15: 00007ffe9f6f8958 [ 86.227401][ T5349] [ 86.227406][ T5349] [ 86.405633][ T5349] Allocated by task 5349: [ 86.408372][ T5349] kasan_save_track+0x3e/0x80 [ 86.411243][ T5349] __kasan_kmalloc+0x93/0xb0 [ 86.413209][ T5349] __kmalloc_noprof+0x27a/0x4f0 [ 86.415263][ T5349] __hfs_bnode_create+0xf3/0x810 [ 86.417395][ T5349] hfsplus_bnode_find+0x224/0xd20 [ 86.419555][ T5349] hfsplus_brec_find+0x15c/0x500 [ 86.421565][ T5349] hfsplus_attr_exists+0x163/0x1d0 [ 86.423834][ T5349] __hfsplus_setxattr+0x33e/0x1f40 [ 86.426149][ T5349] hfsplus_setxattr+0x11e/0x180 [ 86.428352][ T5349] hfsplus_trusted_setxattr+0x40/0x60 [ 86.431099][ T5349] __vfs_setxattr+0x439/0x480 [ 86.433351][ T5349] __vfs_setxattr_noperm+0x12d/0x660 [ 86.435621][ T5349] vfs_setxattr+0x16b/0x2f0 [ 86.437625][ T5349] filename_setxattr+0x274/0x600 [ 86.439702][ T5349] path_setxattrat+0x364/0x3a0 [ 86.441754][ T5349] __x64_sys_setxattr+0xbc/0xe0 [ 86.443969][ T5349] do_syscall_64+0xfa/0x3b0 [ 86.445883][ T5349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.448135][ T5349] [ 86.449112][ T5349] The buggy address belongs to the object at ffff8880367f1500 [ 86.449112][ T5349] which belongs to the cache kmalloc-192 of size 192 [ 86.454693][ T5349] The buggy address is located 48 bytes to the right of [ 86.454693][ T5349] allocated 152-byte region [ffff8880367f1500, ffff8880367f1598) [ 86.460488][ T5349] [ 86.462357][ T5349] The buggy address belongs to the physical page: [ 86.465037][ T5349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x367f1 [ 86.468536][ T5349] anon flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 86.471592][ T5349] page_type: f5(slab) [ 86.474170][ T5349] raw: 04fff00000000000 ffff88801a4413c0 0000000000000000 dead000000000001 [ 86.477804][ T5349] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 86.481349][ T5349] page dumped because: kasan: bad access detected [ 86.484146][ T5349] page_owner tracks the page as allocated [ 86.486837][ T5349] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 16912249786, free_ts 0 [ 86.494221][ T5349] post_alloc_hook+0x240/0x2a0 [ 86.496371][ T5349] get_page_from_freelist+0x21e4/0x22c0 [ 86.498911][ T5349] __alloc_frozen_pages_noprof+0x181/0x370 [ 86.501889][ T5349] alloc_pages_mpol+0x232/0x4a0 [ 86.504974][ T5349] allocate_slab+0x8a/0x3b0 [ 86.507657][ T5349] ___slab_alloc+0xbfc/0x1480 [ 86.509850][ T5349] __kmalloc_noprof+0x305/0x4f0 [ 86.512070][ T5349] usb_alloc_urb+0x46/0x150 [ 86.514096][ T5349] usb_control_msg+0x118/0x3e0 [ 86.516179][ T5349] usb_get_descriptor+0xb1/0x3e0 [ 86.518333][ T5349] usb_get_configuration+0x2bc/0x52c0 [ 86.520842][ T5349] usb_new_device+0x146/0x16c0 [ 86.523096][ T5349] register_root_hub+0x275/0x590 [ 86.525744][ T5349] usb_add_hcd+0xba1/0x1050 [ 86.528141][ T5349] vhci_hcd_probe+0x144/0x380 [ 86.530472][ T5349] platform_probe+0x148/0x1d0 [ 86.532599][ T5349] page_owner free stack trace missing [ 86.534966][ T5349] [ 86.536046][ T5349] Memory state around the buggy address: [ 86.538488][ T5349] ffff8880367f1480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 86.542032][ T5349] ffff8880367f1500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.545580][ T5349] >ffff8880367f1580: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.549641][ T5349] ^ [ 86.552807][ T5349] ffff8880367f1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.556412][ T5349] ffff8880367f1680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.559869][ T5349] ================================================================== [ 86.660288][ T10] cfg80211: failed to load regulatory.db [ 86.703816][ T5349] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 86.707140][ T5349] CPU: 0 UID: 0 PID: 5349 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 86.712223][ T5349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.717005][ T5349] Call Trace: [ 86.718597][ T5349] [ 86.719928][ T5349] dump_stack_lvl+0x99/0x250 [ 86.724148][ T5349] ? __asan_memcpy+0x40/0x70 [ 86.727280][ T5349] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.729463][ T5349] ? __pfx__printk+0x10/0x10 [ 86.731517][ T5349] panic+0x2db/0x790 [ 86.733434][ T5349] ? __pfx_preempt_schedule+0x10/0x10 [ 86.736779][ T5349] ? __pfx_panic+0x10/0x10 [ 86.738781][ T5349] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 86.741365][ T5349] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.744154][ T5349] ? hfsplus_bnode_read+0xc0/0x2a0 [ 86.746506][ T5349] check_panic_on_warn+0x89/0xb0 [ 86.748764][ T5349] ? hfsplus_bnode_read+0xc0/0x2a0 [ 86.751112][ T5349] end_report+0x78/0x160 [ 86.753349][ T5349] kasan_report+0x129/0x150 [ 86.755465][ T5349] ? hfsplus_bnode_read+0xc0/0x2a0 [ 86.757564][ T5349] hfsplus_bnode_read+0xc0/0x2a0 [ 86.759680][ T5349] hfsplus_bnode_dump+0x300/0x450 [ 86.761936][ T5349] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 86.764657][ T5349] ? hfsplus_bnode_write_u16+0x8b/0xd0 [ 86.767435][ T5349] ? hfsplus_bnode_move+0x393/0xb90 [ 86.769857][ T5349] ? __pfx___hfsplus_brec_find+0x10/0x10 [ 86.772238][ T5349] hfsplus_brec_remove+0x480/0x550 [ 86.774621][ T5349] __hfsplus_delete_attr+0x1d4/0x360 [ 86.776864][ T5349] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 86.779422][ T5349] ? hfsplus_attr_build_key+0xee/0x260 [ 86.781811][ T5349] hfsplus_delete_attr+0x231/0x2d0 [ 86.784197][ T5349] ? __pfx_hfsplus_delete_attr+0x10/0x10 [ 86.786757][ T5349] ? hfsplus_find_init+0x8c/0x1d0 [ 86.788967][ T5349] ? hfsplus_find_init+0x15a/0x1d0 [ 86.791222][ T5349] __hfsplus_setxattr+0x71c/0x1f40 [ 86.793440][ T5349] ? is_bpf_text_address+0x26/0x2b0 [ 86.795608][ T5349] ? kernel_text_address+0xa5/0xe0 [ 86.797776][ T5349] ? __kernel_text_address+0xd/0x40 [ 86.800037][ T5349] ? unwind_get_return_address+0x4d/0x90 [ 86.802464][ T5349] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 86.804975][ T5349] ? arch_stack_walk+0xfc/0x150 [ 86.806949][ T5349] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 86.809608][ T5349] ? stack_trace_save+0x9c/0xe0 [ 86.812378][ T5349] ? hfsplus_setxattr+0x68/0x180 [ 86.815027][ T5349] ? __kasan_kmalloc+0x93/0xb0 [ 86.817086][ T5349] ? hfsplus_setxattr+0x102/0x180 [ 86.819098][ T5349] hfsplus_setxattr+0x11e/0x180 [ 86.821242][ T5349] hfsplus_trusted_setxattr+0x40/0x60 [ 86.823461][ T5349] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 86.826224][ T5349] __vfs_removexattr+0x42e/0x470 [ 86.828387][ T5349] __vfs_removexattr_locked+0x1ed/0x230 [ 86.830721][ T5349] vfs_removexattr+0x80/0x1b0 [ 86.832694][ T5349] path_removexattrat+0x35d/0x690 [ 86.834963][ T5349] ? __pfx_path_removexattrat+0x10/0x10 [ 86.837208][ T5349] ? rcu_is_watching+0x15/0xb0 [ 86.839230][ T5349] __x64_sys_lremovexattr+0x65/0x80 [ 86.841692][ T5349] do_syscall_64+0xfa/0x3b0 [ 86.844085][ T5349] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.846584][ T5349] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.849327][ T5349] ? clear_bhb_loop+0x60/0xb0 [ 86.851377][ T5349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.853982][ T5349] RIP: 0033:0x7feab7d8e929 [ 86.855960][ T5349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.864677][ T5349] RSP: 002b:00007feab8b47038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6 [ 86.868675][ T5349] RAX: ffffffffffffffda RBX: 00007feab7fb5fa0 RCX: 00007feab7d8e929 [ 86.872210][ T5349] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240 [ 86.875632][ T5349] RBP: 00007feab7e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 86.879088][ T5349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.882639][ T5349] R13: 0000000000000000 R14: 00007feab7fb5fa0 R15: 00007ffe9f6f8958 [ 86.886272][ T5349] [ 86.887912][ T5349] Kernel Offset: disabled [ 86.889736][ T5349] Rebooting in 86400 seconds..