program:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") (async)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
perf_event_open(&(0x7f0000000280)={0x4, 0x80, 0x0, 0x8, 0x0, 0x80, 0x0, 0x0, 0x24400, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x6, @perf_config_ext={0x9, 0xb92}, 0x482, 0x81, 0x7ff, 0x0, 0x0, 0x7, 0x7fff, 0x0, 0x2, 0x0, 0x6}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000700)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r0, 0x18000000000002a0, 0x12, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f088a8", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0x8, 0x1, 'udp\x00'}, @NFTA_MATCH_INFO={0xe, 0x3, "7acc6338a90000b03bd9"}, @NFTA_MATCH_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x355c32cef104cbbc}, @NFTA_RULE_COMPAT_FLAGS={0x8}]}]}], {0x14}}, 0xa0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')

[   68.247487][ T4690] Bluetooth: hci0: command tx timeout
[   68.317440][ T5340] loop0: detected capacity change from 0 to 1024
[   68.444440][ T5342] hfsplus: request for non-existent node 211 in B*Tree
[   68.447854][ T5342] hfsplus: request for non-existent node 211 in B*Tree
[   68.451835][ T5340] ==================================================================
[   68.455109][ T5340] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[   68.458225][ T5340] Read of size 8 at addr ffff88803652bac8 by task syz.0.0/5340
[   68.461038][ T5340] 
[   68.462012][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[   68.462026][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.462033][ T5340] Call Trace:
[   68.462041][ T5340]  <TASK>
[   68.462048][ T5340]  dump_stack_lvl+0x189/0x250
[   68.462062][ T5340]  ? __kasan_check_byte+0x12/0x40
[   68.462072][ T5340]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.462081][ T5340]  ? lock_release+0x4b/0x3e0
[   68.462089][ T5340]  ? __virt_addr_valid+0x4a5/0x5c0
[   68.462099][ T5340]  print_report+0xd2/0x2b0
[   68.462106][ T5340]  ? hfsplus_bnode_read+0xc0/0x2a0
[   68.462114][ T5340]  kasan_report+0x118/0x150
[   68.462123][ T5340]  ? hfsplus_bnode_read+0xc0/0x2a0
[   68.462131][ T5340]  hfsplus_bnode_read+0xc0/0x2a0
[   68.462138][ T5340]  hfsplus_bnode_dump+0x300/0x450
[   68.462147][ T5340]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   68.462154][ T5340]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   68.462162][ T5340]  ? hfsplus_bnode_move+0x393/0xb90
[   68.462173][ T5340]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   68.462184][ T5340]  hfsplus_brec_remove+0x480/0x550
[   68.462199][ T5340]  __hfsplus_delete_attr+0x1d4/0x360
[   68.462212][ T5340]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   68.462227][ T5340]  ? hfsplus_attr_build_key+0xee/0x260
[   68.462240][ T5340]  hfsplus_delete_attr+0x231/0x2d0
[   68.462254][ T5340]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   68.462268][ T5340]  ? hfsplus_find_init+0x8c/0x1d0
[   68.462277][ T5340]  ? hfsplus_find_init+0x15a/0x1d0
[   68.462285][ T5340]  __hfsplus_setxattr+0x71c/0x1f40
[   68.462300][ T5340]  ? do_raw_spin_lock+0x121/0x290
[   68.462311][ T5340]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   68.462359][ T5340]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.462375][ T5340]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   68.462388][ T5340]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   68.462421][ T5340]  ? hfsplus_setxattr+0x68/0x180
[   68.462434][ T5340]  ? __kasan_kmalloc+0x93/0xb0
[   68.462446][ T5340]  ? hfsplus_setxattr+0x102/0x180
[   68.462460][ T5340]  hfsplus_setxattr+0x11e/0x180
[   68.462475][ T5340]  hfsplus_trusted_setxattr+0x40/0x60
[   68.462489][ T5340]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   68.462504][ T5340]  __vfs_removexattr+0x431/0x470
[   68.462520][ T5340]  __vfs_removexattr_locked+0x1ed/0x230
[   68.462530][ T5340]  vfs_removexattr+0x80/0x1b0
[   68.462540][ T5340]  path_removexattrat+0x35d/0x690
[   68.462551][ T5340]  ? __pfx_path_removexattrat+0x10/0x10
[   68.462568][ T5340]  ? rcu_is_watching+0x15/0xb0
[   68.462582][ T5340]  __x64_sys_lremovexattr+0x65/0x80
[   68.462598][ T5340]  do_syscall_64+0xfa/0x3b0
[   68.462609][ T5340]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.462624][ T5340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.462634][ T5340]  ? clear_bhb_loop+0x60/0xb0
[   68.462646][ T5340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.462655][ T5340] RIP: 0033:0x7f825cb8e929
[   68.462667][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.462677][ T5340] RSP: 002b:00007f8258ff5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   68.462690][ T5340] RAX: ffffffffffffffda RBX: 00007f825cdb5fa0 RCX: 00007f825cb8e929
[   68.462698][ T5340] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240
[   68.462706][ T5340] RBP: 00007f825cc10b39 R08: 0000000000000000 R09: 0000000000000000
[   68.462712][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.462718][ T5340] R13: 0000000000000000 R14: 00007f825cdb5fa0 R15: 00007fff7e548be8
[   68.462728][ T5340]  </TASK>
[   68.462732][ T5340] 
[   68.613195][ T5340] Allocated by task 5340:
[   68.615010][ T5340]  kasan_save_track+0x3e/0x80
[   68.617019][ T5340]  __kasan_kmalloc+0x93/0xb0
[   68.619059][ T5340]  __kmalloc_noprof+0x27a/0x4f0
[   68.621321][ T5340]  __hfs_bnode_create+0xf3/0x810
[   68.623696][ T5340]  hfsplus_bnode_find+0x224/0xd20
[   68.625591][ T5340]  hfsplus_brec_find+0x15c/0x500
[   68.627972][ T5340]  hfsplus_attr_exists+0x163/0x1d0
[   68.630661][ T5340]  __hfsplus_setxattr+0x33e/0x1f40
[   68.632914][ T5340]  hfsplus_setxattr+0x11e/0x180
[   68.635073][ T5340]  hfsplus_trusted_setxattr+0x40/0x60
[   68.637470][ T5340]  __vfs_setxattr+0x439/0x480
[   68.639637][ T5340]  __vfs_setxattr_noperm+0x12d/0x660
[   68.642069][ T5340]  vfs_setxattr+0x16b/0x2f0
[   68.644010][ T5340]  filename_setxattr+0x274/0x600
[   68.646110][ T5340]  path_setxattrat+0x364/0x3a0
[   68.648115][ T5340]  __x64_sys_setxattr+0xbc/0xe0
[   68.650108][ T5340]  do_syscall_64+0xfa/0x3b0
[   68.652056][ T5340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.654468][ T5340] 
[   68.655507][ T5340] The buggy address belongs to the object at ffff88803652ba00
[   68.655507][ T5340]  which belongs to the cache kmalloc-192 of size 192
[   68.661152][ T5340] The buggy address is located 48 bytes to the right of
[   68.661152][ T5340]  allocated 152-byte region [ffff88803652ba00, ffff88803652ba98)
[   68.667432][ T5340] 
[   68.668472][ T5340] The buggy address belongs to the physical page:
[   68.671051][ T5340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3652b
[   68.674415][ T5340] ksm flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   68.677572][ T5340] page_type: f5(slab)
[   68.679329][ T5340] raw: 04fff00000000000 ffff88801a4413c0 ffffea0000c16b80 dead000000000003
[   68.682998][ T5340] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   68.686580][ T5340] page dumped because: kasan: bad access detected
[   68.689675][ T5340] page_owner tracks the page as allocated
[   68.691928][ T5340] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 18197597350, free_ts 0
[   68.698563][ T5340]  post_alloc_hook+0x240/0x2a0
[   68.700338][ T5340]  get_page_from_freelist+0x21e4/0x22c0
[   68.702459][ T5340]  __alloc_frozen_pages_noprof+0x181/0x370
[   68.704809][ T5340]  alloc_pages_mpol+0x232/0x4a0
[   68.707058][ T5340]  allocate_slab+0x8a/0x3b0
[   68.709253][ T5340]  ___slab_alloc+0xbfc/0x1480
[   68.711518][ T5340]  __kmalloc_noprof+0x305/0x4f0
[   68.713582][ T5340]  usb_alloc_urb+0x46/0x150
[   68.715511][ T5340]  usb_control_msg+0x118/0x3e0
[   68.717538][ T5340]  hub_hub_status+0xcb/0x570
[   68.719453][ T5340]  hub_probe+0x21af/0x37f0
[   68.721320][ T5340]  usb_probe_interface+0x641/0xbc0
[   68.723521][ T5340]  really_probe+0x26a/0x9a0
[   68.725307][ T5340]  __driver_probe_device+0x18c/0x2f0
[   68.727507][ T5340]  driver_probe_device+0x4f/0x430
[   68.729470][ T5340]  __device_attach_driver+0x2ce/0x530
[   68.731657][ T5340] page_owner free stack trace missing
[   68.733784][ T5340] 
[   68.734816][ T5340] Memory state around the buggy address:
[   68.737208][ T5340]  ffff88803652b980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   68.740732][ T5340]  ffff88803652ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   68.744068][ T5340] >ffff88803652ba80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   68.747424][ T5340]                                               ^
[   68.750137][ T5340]  ffff88803652bb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.753470][ T5340]  ffff88803652bb80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   68.756796][ T5340] ==================================================================
[   68.773796][ T5340] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   68.776817][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[   68.781869][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.786241][ T5340] Call Trace:
[   68.787763][ T5340]  <TASK>
[   68.789118][ T5340]  dump_stack_lvl+0x99/0x250
[   68.790959][ T5340]  ? __asan_memcpy+0x40/0x70
[   68.792734][ T5340]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.794871][ T5340]  ? __pfx__printk+0x10/0x10
[   68.796810][ T5340]  panic+0x2db/0x790
[   68.798386][ T5340]  ? __pfx_preempt_schedule+0x10/0x10
[   68.800415][ T5340]  ? __pfx_panic+0x10/0x10
[   68.802412][ T5340]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   68.805005][ T5340]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.807789][ T5340]  ? hfsplus_bnode_read+0xc0/0x2a0
[   68.809918][ T5340]  check_panic_on_warn+0x89/0xb0
[   68.812067][ T5340]  ? hfsplus_bnode_read+0xc0/0x2a0
[   68.814314][ T5340]  end_report+0x78/0x160
[   68.816055][ T5340]  kasan_report+0x129/0x150
[   68.818074][ T5340]  ? hfsplus_bnode_read+0xc0/0x2a0
[   68.820253][ T5340]  hfsplus_bnode_read+0xc0/0x2a0
[   68.822310][ T5340]  hfsplus_bnode_dump+0x300/0x450
[   68.824431][ T5340]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   68.826727][ T5340]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   68.828873][ T5340]  ? hfsplus_bnode_move+0x393/0xb90
[   68.831056][ T5340]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   68.833405][ T5340]  hfsplus_brec_remove+0x480/0x550
[   68.835426][ T5340]  __hfsplus_delete_attr+0x1d4/0x360
[   68.837596][ T5340]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   68.840072][ T5340]  ? hfsplus_attr_build_key+0xee/0x260
[   68.842410][ T5340]  hfsplus_delete_attr+0x231/0x2d0
[   68.844621][ T5340]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   68.847350][ T5340]  ? hfsplus_find_init+0x8c/0x1d0
[   68.849717][ T5340]  ? hfsplus_find_init+0x15a/0x1d0
[   68.851939][ T5340]  __hfsplus_setxattr+0x71c/0x1f40
[   68.854630][ T5340]  ? do_raw_spin_lock+0x121/0x290
[   68.857143][ T5340]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   68.859846][ T5340]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.862535][ T5340]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   68.865485][ T5340]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   68.868456][ T5340]  ? hfsplus_setxattr+0x68/0x180
[   68.870577][ T5340]  ? __kasan_kmalloc+0x93/0xb0
[   68.872571][ T5340]  ? hfsplus_setxattr+0x102/0x180
[   68.874763][ T5340]  hfsplus_setxattr+0x11e/0x180
[   68.877030][ T5340]  hfsplus_trusted_setxattr+0x40/0x60
[   68.879631][ T5340]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   68.882446][ T5340]  __vfs_removexattr+0x431/0x470
[   68.884784][ T5340]  __vfs_removexattr_locked+0x1ed/0x230
[   68.887316][ T5340]  vfs_removexattr+0x80/0x1b0
[   68.889442][ T5340]  path_removexattrat+0x35d/0x690
[   68.891691][ T5340]  ? __pfx_path_removexattrat+0x10/0x10
[   68.894130][ T5340]  ? rcu_is_watching+0x15/0xb0
[   68.896300][ T5340]  __x64_sys_lremovexattr+0x65/0x80
[   68.898613][ T5340]  do_syscall_64+0xfa/0x3b0
[   68.900659][ T5340]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.902979][ T5340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.905714][ T5340]  ? clear_bhb_loop+0x60/0xb0
[   68.907850][ T5340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.910451][ T5340] RIP: 0033:0x7f825cb8e929
[   68.912451][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.921252][ T5340] RSP: 002b:00007f8258ff5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   68.924683][ T5340] RAX: ffffffffffffffda RBX: 00007f825cdb5fa0 RCX: 00007f825cb8e929
[   68.928541][ T5340] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240
[   68.933194][ T5340] RBP: 00007f825cc10b39 R08: 0000000000000000 R09: 0000000000000000
[   68.937665][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.941895][ T5340] R13: 0000000000000000 R14: 00007f825cdb5fa0 R15: 00007fff7e548be8
[   68.945898][ T5340]  </TASK>
[   68.947969][ T5340] Kernel Offset: disabled
[   68.950252][ T5340] Rebooting in 86400 seconds..