program:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000000080)=ANY=[], 0x841, 0x0)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')

[   87.818099][ T4685] Bluetooth: hci0: command tx timeout
[   87.944027][ T5343] loop0: detected capacity change from 0 to 1024
[   88.014582][ T5344] hfsplus: request for non-existent node 211 in B*Tree
[   88.038297][ T5344] hfsplus: request for non-existent node 211 in B*Tree
[   88.046010][ T5343] ==================================================================
[   88.049882][ T5343] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[   88.053422][ T5343] Read of size 8 at addr ffff88803672fca0 by task syz.0.0/5343
[   88.056755][ T5343] 
[   88.057793][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[   88.057806][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.057813][ T5343] Call Trace:
[   88.057820][ T5343]  <TASK>
[   88.057825][ T5343]  dump_stack_lvl+0x189/0x250
[   88.057853][ T5343]  ? __virt_addr_valid+0x1c8/0x5c0
[   88.057862][ T5343]  ? rcu_is_watching+0x15/0xb0
[   88.057872][ T5343]  ? __kasan_check_byte+0x12/0x40
[   88.057884][ T5343]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.057894][ T5343]  ? rcu_is_watching+0x15/0xb0
[   88.057906][ T5343]  ? lock_release+0x4b/0x3e0
[   88.057917][ T5343]  ? __virt_addr_valid+0x1c8/0x5c0
[   88.057929][ T5343]  ? __virt_addr_valid+0x4a5/0x5c0
[   88.057942][ T5343]  print_report+0xca/0x240
[   88.057952][ T5343]  ? hfsplus_bnode_read+0xc0/0x2a0
[   88.057963][ T5343]  kasan_report+0x118/0x150
[   88.057975][ T5343]  ? hfsplus_bnode_read+0xc0/0x2a0
[   88.057986][ T5343]  hfsplus_bnode_read+0xc0/0x2a0
[   88.057998][ T5343]  hfsplus_bnode_dump+0x300/0x450
[   88.058010][ T5343]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   88.058022][ T5343]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   88.058033][ T5343]  ? hfsplus_bnode_move+0x393/0xb90
[   88.058043][ T5343]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   88.058055][ T5343]  hfsplus_brec_remove+0x480/0x550
[   88.058070][ T5343]  __hfsplus_delete_attr+0x1d4/0x360
[   88.058083][ T5343]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   88.058097][ T5343]  ? hfsplus_attr_build_key+0xee/0x260
[   88.058109][ T5343]  hfsplus_delete_attr+0x231/0x2d0
[   88.058122][ T5343]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   88.058136][ T5343]  ? hfsplus_find_init+0x8c/0x1d0
[   88.058148][ T5343]  ? hfsplus_find_init+0x15a/0x1d0
[   88.058159][ T5343]  __hfsplus_setxattr+0x71c/0x1f40
[   88.058171][ T5343]  ? is_bpf_text_address+0x26/0x2b0
[   88.058184][ T5343]  ? kernel_text_address+0xa5/0xe0
[   88.058194][ T5343]  ? __kernel_text_address+0xd/0x40
[   88.058201][ T5343]  ? unwind_get_return_address+0x4d/0x90
[   88.058212][ T5343]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   88.058226][ T5343]  ? arch_stack_walk+0xfc/0x150
[   88.058238][ T5343]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   88.058252][ T5343]  ? stack_trace_save+0x9c/0xe0
[   88.058277][ T5343]  ? __kasan_kmalloc+0x93/0xb0
[   88.058286][ T5343]  ? hfsplus_setxattr+0x102/0x180
[   88.058298][ T5343]  hfsplus_setxattr+0x11e/0x180
[   88.058310][ T5343]  hfsplus_trusted_setxattr+0x40/0x60
[   88.058323][ T5343]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   88.058337][ T5343]  __vfs_removexattr+0x431/0x470
[   88.058353][ T5343]  __vfs_removexattr_locked+0x1ed/0x230
[   88.058367][ T5343]  vfs_removexattr+0x80/0x1b0
[   88.058381][ T5343]  path_removexattrat+0x35d/0x690
[   88.058392][ T5343]  ? __pfx_path_removexattrat+0x10/0x10
[   88.058410][ T5343]  ? rcu_is_watching+0x15/0xb0
[   88.058422][ T5343]  __x64_sys_lremovexattr+0x65/0x80
[   88.058435][ T5343]  do_syscall_64+0xfa/0x3b0
[   88.058496][ T5343]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.058513][ T5343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.058524][ T5343]  ? clear_bhb_loop+0x60/0xb0
[   88.058536][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.058548][ T5343] RIP: 0033:0x7f214a18e9a9
[   88.058557][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.058562][ T5343] RSP: 002b:00007f214b056038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   88.058571][ T5343] RAX: ffffffffffffffda RBX: 00007f214a3b5fa0 RCX: 00007f214a18e9a9
[   88.058576][ T5343] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240
[   88.058581][ T5343] RBP: 00007f214a210d69 R08: 0000000000000000 R09: 0000000000000000
[   88.058585][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.058589][ T5343] R13: 0000000000000000 R14: 00007f214a3b5fa0 R15: 00007fffc7ef17c8
[   88.058596][ T5343]  </TASK>
[   88.058598][ T5343] 
[   88.231023][ T5343] Allocated by task 5343:
[   88.233196][ T5343]  kasan_save_track+0x3e/0x80
[   88.235541][ T5343]  __kasan_kmalloc+0x93/0xb0
[   88.237813][ T5343]  __kmalloc_noprof+0x27a/0x4f0
[   88.240101][ T5343]  __hfs_bnode_create+0xf3/0x810
[   88.242407][ T5343]  hfsplus_bnode_find+0x224/0xd20
[   88.244738][ T5343]  hfsplus_brec_find+0x15c/0x500
[   88.246968][ T5343]  hfsplus_attr_exists+0x163/0x1d0
[   88.249315][ T5343]  __hfsplus_setxattr+0x33e/0x1f40
[   88.251490][ T5343]  hfsplus_setxattr+0x11e/0x180
[   88.253860][ T5343]  hfsplus_trusted_setxattr+0x40/0x60
[   88.256419][ T5343]  __vfs_setxattr+0x439/0x480
[   88.258565][ T5343]  __vfs_setxattr_noperm+0x12d/0x660
[   88.260945][ T5343]  vfs_setxattr+0x16b/0x2f0
[   88.263040][ T5343]  filename_setxattr+0x274/0x600
[   88.265316][ T5343]  path_setxattrat+0x364/0x3a0
[   88.267492][ T5343]  __x64_sys_setxattr+0xbc/0xe0
[   88.269729][ T5343]  do_syscall_64+0xfa/0x3b0
[   88.271833][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.274441][ T5343] 
[   88.275488][ T5343] The buggy address belongs to the object at ffff88803672fc00
[   88.275488][ T5343]  which belongs to the cache kmalloc-192 of size 192
[   88.281086][ T5343] The buggy address is located 8 bytes to the right of
[   88.281086][ T5343]  allocated 152-byte region [ffff88803672fc00, ffff88803672fc98)
[   88.287161][ T5343] 
[   88.288332][ T5343] The buggy address belongs to the physical page:
[   88.291230][ T5343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3672f
[   88.295171][ T5343] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   88.298490][ T5343] page_type: f5(slab)
[   88.300340][ T5343] raw: 04fff00000000000 ffff88801a4413c0 ffffea0000ca5b80 dead000000000004
[   88.304355][ T5343] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   88.308561][ T5343] page dumped because: kasan: bad access detected
[   88.311480][ T5343] page_owner tracks the page as allocated
[   88.314044][ T5343] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 19217999240, free_ts 0
[   88.321657][ T5343]  post_alloc_hook+0x240/0x2a0
[   88.323855][ T5343]  get_page_from_freelist+0x21e4/0x22c0
[   88.326312][ T5343]  __alloc_frozen_pages_noprof+0x181/0x370
[   88.328953][ T5343]  alloc_pages_mpol+0x232/0x4a0
[   88.331105][ T5343]  allocate_slab+0x8a/0x3b0
[   88.333142][ T5343]  ___slab_alloc+0xbfc/0x1480
[   88.335402][ T5343]  __kmalloc_noprof+0x305/0x4f0
[   88.337708][ T5343]  usb_alloc_urb+0x46/0x150
[   88.339941][ T5343]  usb_control_msg+0x118/0x3e0
[   88.342214][ T5343]  hub_suspend+0x773/0x990
[   88.344374][ T5343]  usb_suspend_both+0x28a/0x1060
[   88.346619][ T5343]  usb_runtime_suspend+0x58/0x110
[   88.348844][ T5343]  __rpm_callback+0x2f1/0x7f0
[   88.351018][ T5343]  rpm_suspend+0x848/0x1720
[   88.353171][ T5343]  __pm_runtime_suspend+0x12f/0x1a0
[   88.355559][ T5343]  usb_new_device+0xb8b/0x16c0
[   88.357866][ T5343] page_owner free stack trace missing
[   88.360401][ T5343] 
[   88.361555][ T5343] Memory state around the buggy address:
[   88.364156][ T5343]  ffff88803672fb80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   88.367858][ T5343]  ffff88803672fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   88.371311][ T5343] >ffff88803672fc80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.374893][ T5343]                                ^
[   88.377400][ T5343]  ffff88803672fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   88.381146][ T5343]  ffff88803672fd80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.384649][ T5343] ==================================================================
[   88.443032][ T5343] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   88.446014][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[   88.450685][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.455437][ T5343] Call Trace:
[   88.456973][ T5343]  <TASK>
[   88.458362][ T5343]  dump_stack_lvl+0x99/0x250
[   88.460521][ T5343]  ? __asan_memcpy+0x40/0x70
[   88.462634][ T5343]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.464882][ T5343]  ? __pfx__printk+0x10/0x10
[   88.466925][ T5343]  panic+0x2db/0x790
[   88.468795][ T5343]  ? __pfx_preempt_schedule+0x10/0x10
[   88.471270][ T5343]  ? __pfx_panic+0x10/0x10
[   88.473318][ T5343]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   88.475924][ T5343]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.478714][ T5343]  ? hfsplus_bnode_read+0xc0/0x2a0
[   88.481021][ T5343]  check_panic_on_warn+0x89/0xb0
[   88.483315][ T5343]  ? hfsplus_bnode_read+0xc0/0x2a0
[   88.485700][ T5343]  end_report+0x78/0x160
[   88.487658][ T5343]  kasan_report+0x129/0x150
[   88.489781][ T5343]  ? hfsplus_bnode_read+0xc0/0x2a0
[   88.492134][ T5343]  hfsplus_bnode_read+0xc0/0x2a0
[   88.494329][ T5343]  hfsplus_bnode_dump+0x300/0x450
[   88.496630][ T5343]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   88.499256][ T5343]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   88.501785][ T5343]  ? hfsplus_bnode_move+0x393/0xb90
[   88.503993][ T5343]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   88.506404][ T5343]  hfsplus_brec_remove+0x480/0x550
[   88.508663][ T5343]  __hfsplus_delete_attr+0x1d4/0x360
[   88.510976][ T5343]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   88.513570][ T5343]  ? hfsplus_attr_build_key+0xee/0x260
[   88.515931][ T5343]  hfsplus_delete_attr+0x231/0x2d0
[   88.518211][ T5343]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   88.520679][ T5343]  ? hfsplus_find_init+0x8c/0x1d0
[   88.522902][ T5343]  ? hfsplus_find_init+0x15a/0x1d0
[   88.525063][ T5343]  __hfsplus_setxattr+0x71c/0x1f40
[   88.527136][ T5343]  ? is_bpf_text_address+0x26/0x2b0
[   88.529431][ T5343]  ? kernel_text_address+0xa5/0xe0
[   88.531508][ T5343]  ? __kernel_text_address+0xd/0x40
[   88.533665][ T5343]  ? unwind_get_return_address+0x4d/0x90
[   88.535892][ T5343]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   88.538467][ T5343]  ? arch_stack_walk+0xfc/0x150
[   88.540645][ T5343]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   88.543137][ T5343]  ? stack_trace_save+0x9c/0xe0
[   88.545405][ T5343]  ? __kasan_kmalloc+0x93/0xb0
[   88.547431][ T5343]  ? hfsplus_setxattr+0x102/0x180
[   88.549725][ T5343]  hfsplus_setxattr+0x11e/0x180
[   88.551879][ T5343]  hfsplus_trusted_setxattr+0x40/0x60
[   88.554371][ T5343]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   88.557151][ T5343]  __vfs_removexattr+0x431/0x470
[   88.559400][ T5343]  __vfs_removexattr_locked+0x1ed/0x230
[   88.561786][ T5343]  vfs_removexattr+0x80/0x1b0
[   88.563868][ T5343]  path_removexattrat+0x35d/0x690
[   88.566155][ T5343]  ? __pfx_path_removexattrat+0x10/0x10
[   88.568726][ T5343]  ? rcu_is_watching+0x15/0xb0
[   88.570939][ T5343]  __x64_sys_lremovexattr+0x65/0x80
[   88.573264][ T5343]  do_syscall_64+0xfa/0x3b0
[   88.575181][ T5343]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.577290][ T5343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.579688][ T5343]  ? clear_bhb_loop+0x60/0xb0
[   88.581594][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.583957][ T5343] RIP: 0033:0x7f214a18e9a9
[   88.585881][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.594216][ T5343] RSP: 002b:00007f214b056038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   88.597835][ T5343] RAX: ffffffffffffffda RBX: 00007f214a3b5fa0 RCX: 00007f214a18e9a9
[   88.601362][ T5343] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240
[   88.604835][ T5343] RBP: 00007f214a210d69 R08: 0000000000000000 R09: 0000000000000000
[   88.608340][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.611818][ T5343] R13: 0000000000000000 R14: 00007f214a3b5fa0 R15: 00007fffc7ef17c8
[   88.615330][ T5343]  </TASK>
[   88.617069][ T5343] Kernel Offset: disabled
[   88.619002][ T5343] Rebooting in 86400 seconds..