program:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000100)={0x3, 'veth1_to_team\x00', {0x8}, 0x1ff})
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r1, 0x89e3, &(0x7f00000001c0)={0x64, 0x4, 0x5, 0x2, 0x0, 0x8100})
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (async)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000100)={0x3, 'veth1_to_team\x00', {0x8}, 0x1ff}) (async)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") (async)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async)
syz_init_net_socket$x25(0x9, 0x5, 0x0) (async)
ioctl$SIOCX25SFACILITIES(r1, 0x89e3, &(0x7f00000001c0)={0x64, 0x4, 0x5, 0x2, 0x0, 0x8100}) (async)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async)

[   74.705956][ T4685] Bluetooth: hci0: command tx timeout
[   74.783660][ T5336] loop0: detected capacity change from 0 to 1024
[   74.861292][ T5336] hfsplus: request for non-existent node 211 in B*Tree
[   74.864882][ T5336] hfsplus: request for non-existent node 211 in B*Tree
[   74.882899][ T5337] ==================================================================
[   74.886546][ T5337] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[   74.890385][ T5337] Read of size 8 at addr ffff8880347036c8 by task syz.0.0/5337
[   74.893799][ T5337] 
[   74.895049][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[   74.895066][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.895074][ T5337] Call Trace:
[   74.895082][ T5337]  <TASK>
[   74.895088][ T5337]  dump_stack_lvl+0x189/0x250
[   74.895142][ T5337]  ? __virt_addr_valid+0x1c8/0x5c0
[   74.895186][ T5337]  ? rcu_is_watching+0x15/0xb0
[   74.895202][ T5337]  ? __kasan_check_byte+0x12/0x40
[   74.895235][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.895248][ T5337]  ? rcu_is_watching+0x15/0xb0
[   74.895261][ T5337]  ? lock_release+0x4b/0x3e0
[   74.895277][ T5337]  ? __virt_addr_valid+0x1c8/0x5c0
[   74.895291][ T5337]  ? __virt_addr_valid+0x4a5/0x5c0
[   74.895306][ T5337]  print_report+0xca/0x230
[   74.895317][ T5337]  ? hfsplus_bnode_read+0xc0/0x2a0
[   74.895329][ T5337]  kasan_report+0x118/0x150
[   74.895344][ T5337]  ? hfsplus_bnode_read+0xc0/0x2a0
[   74.895357][ T5337]  hfsplus_bnode_read+0xc0/0x2a0
[   74.895370][ T5337]  hfsplus_bnode_dump+0x300/0x450
[   74.895384][ T5337]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   74.895398][ T5337]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   74.895409][ T5337]  ? hfsplus_bnode_move+0x393/0xb90
[   74.895427][ T5337]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   74.895441][ T5337]  hfsplus_brec_remove+0x480/0x550
[   74.895458][ T5337]  __hfsplus_delete_attr+0x1d4/0x360
[   74.895475][ T5337]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   74.895490][ T5337]  ? hfsplus_attr_build_key+0xee/0x260
[   74.895505][ T5337]  hfsplus_delete_attr+0x231/0x2d0
[   74.895528][ T5337]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   74.895544][ T5337]  ? hfsplus_find_init+0x8c/0x1d0
[   74.895563][ T5337]  ? hfsplus_find_init+0x15a/0x1d0
[   74.895577][ T5337]  __hfsplus_setxattr+0x37a/0x1f40
[   74.895593][ T5337]  ? is_bpf_text_address+0x26/0x2b0
[   74.895608][ T5337]  ? kernel_text_address+0xa5/0xe0
[   74.895621][ T5337]  ? unwind_get_return_address+0x4d/0x90
[   74.895634][ T5337]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   74.895649][ T5337]  ? arch_stack_walk+0xfc/0x150
[   74.895663][ T5337]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   74.895679][ T5337]  ? stack_trace_save+0x9c/0xe0
[   74.895709][ T5337]  ? __kasan_kmalloc+0x93/0xb0
[   74.895722][ T5337]  ? hfsplus_setxattr+0x102/0x180
[   74.895738][ T5337]  hfsplus_setxattr+0x11e/0x180
[   74.895754][ T5337]  hfsplus_trusted_setxattr+0x40/0x60
[   74.895771][ T5337]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   74.895787][ T5337]  __vfs_setxattr+0x439/0x480
[   74.895806][ T5337]  __vfs_setxattr_noperm+0x12d/0x660
[   74.895823][ T5337]  vfs_setxattr+0x16b/0x2f0
[   74.895841][ T5337]  ? __pfx_vfs_setxattr+0x10/0x10
[   74.895855][ T5337]  ? mnt_get_write_access+0x223/0x2a0
[   74.895869][ T5337]  filename_setxattr+0x274/0x600
[   74.895887][ T5337]  ? __pfx_filename_setxattr+0x10/0x10
[   74.895905][ T5337]  ? getname_flags+0x1e5/0x540
[   74.895925][ T5337]  path_setxattrat+0x364/0x3a0
[   74.895941][ T5337]  ? __pfx_path_setxattrat+0x10/0x10
[   74.895961][ T5337]  ? rcu_is_watching+0x15/0xb0
[   74.895978][ T5337]  __x64_sys_setxattr+0xbc/0xe0
[   74.896039][ T5337]  do_syscall_64+0xfa/0x3b0
[   74.896182][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.896226][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.896253][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   74.896266][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.896278][ T5337] RIP: 0033:0x7f068e38e929
[   74.896292][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.896302][ T5337] RSP: 002b:00007f068f128038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   74.896317][ T5337] RAX: ffffffffffffffda RBX: 00007f068e5b6080 RCX: 00007f068e38e929
[   74.896325][ T5337] RDX: 0000200000001400 RSI: 0000200000000240 RDI: 0000200000000280
[   74.896333][ T5337] RBP: 00007f068e410b39 R08: 0000000000000000 R09: 0000000000000000
[   74.896341][ T5337] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000
[   74.896348][ T5337] R13: 0000000000000000 R14: 00007f068e5b6080 R15: 00007fff7378bd98
[   74.896360][ T5337]  </TASK>
[   74.896365][ T5337] 
[   75.075610][ T5337] Allocated by task 5336:
[   75.077647][ T5337]  kasan_save_track+0x3e/0x80
[   75.079736][ T5337]  __kasan_kmalloc+0x93/0xb0
[   75.081810][ T5337]  __kmalloc_noprof+0x27a/0x4f0
[   75.084009][ T5337]  __hfs_bnode_create+0xf3/0x810
[   75.086167][ T5337]  hfsplus_bnode_find+0x224/0xd20
[   75.088293][ T5337]  hfsplus_brec_find+0x15c/0x500
[   75.090601][ T5337]  hfsplus_attr_exists+0x163/0x1d0
[   75.093049][ T5337]  __hfsplus_setxattr+0x33e/0x1f40
[   75.095449][ T5337]  hfsplus_setxattr+0x11e/0x180
[   75.097734][ T5337]  hfsplus_trusted_setxattr+0x40/0x60
[   75.099713][ T5337]  __vfs_setxattr+0x439/0x480
[   75.101533][ T5337]  __vfs_setxattr_noperm+0x12d/0x660
[   75.103639][ T5337]  vfs_setxattr+0x16b/0x2f0
[   75.105514][ T5337]  filename_setxattr+0x274/0x600
[   75.107640][ T5337]  path_setxattrat+0x364/0x3a0
[   75.109919][ T5337]  __x64_sys_setxattr+0xbc/0xe0
[   75.112163][ T5337]  do_syscall_64+0xfa/0x3b0
[   75.114073][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.116434][ T5337] 
[   75.117318][ T5337] The buggy address belongs to the object at ffff888034703600
[   75.117318][ T5337]  which belongs to the cache kmalloc-192 of size 192
[   75.122543][ T5337] The buggy address is located 48 bytes to the right of
[   75.122543][ T5337]  allocated 152-byte region [ffff888034703600, ffff888034703698)
[   75.128262][ T5337] 
[   75.129231][ T5337] The buggy address belongs to the physical page:
[   75.131466][ T5337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34703
[   75.134561][ T5337] anon flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   75.137685][ T5337] page_type: f5(slab)
[   75.139531][ T5337] raw: 04fff00000000000 ffff88801a4413c0 ffffea0000da7cc0 dead000000000005
[   75.143557][ T5337] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   75.146801][ T5337] page dumped because: kasan: bad access detected
[   75.149041][ T5337] page_owner tracks the page as allocated
[   75.151036][ T5337] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 10766144343, free_ts 0
[   75.157028][ T5337]  post_alloc_hook+0x240/0x2a0
[   75.159019][ T5337]  get_page_from_freelist+0x21e4/0x22c0
[   75.161282][ T5337]  __alloc_frozen_pages_noprof+0x181/0x370
[   75.163577][ T5337]  alloc_pages_mpol+0x232/0x4a0
[   75.165352][ T5337]  allocate_slab+0x8a/0x3b0
[   75.166983][ T5337]  ___slab_alloc+0xbfc/0x1480
[   75.168798][ T5337]  __kmalloc_cache_noprof+0x296/0x3d0
[   75.170715][ T5337]  virtio_gpu_plane_duplicate_state+0x72/0xb0
[   75.173055][ T5337]  drm_atomic_get_plane_state+0x25a/0x5a0
[   75.175435][ T5337]  drm_client_modeset_commit_atomic+0x1e7/0x760
[   75.177958][ T5337]  drm_client_modeset_commit_locked+0xcb/0x4d0
[   75.180305][ T5337]  drm_fb_helper_pan_display+0x3e7/0xbd0
[   75.182241][ T5337]  fb_pan_display+0x39b/0x680
[   75.184083][ T5337]  bit_update_start+0x4d/0x1e0
[   75.185906][ T5337]  fbcon_switch+0x1568/0x2040
[   75.187726][ T5337]  redraw_screen+0x56a/0xe90
[   75.189427][ T5337] page_owner free stack trace missing
[   75.191348][ T5337] 
[   75.192443][ T5337] Memory state around the buggy address:
[   75.194824][ T5337]  ffff888034703580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   75.198387][ T5337]  ffff888034703600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   75.201288][ T5337] >ffff888034703680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.204353][ T5337]                                               ^
[   75.206898][ T5337]  ffff888034703700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   75.210047][ T5337]  ffff888034703780: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   75.214191][ T5337] ==================================================================
[   75.261155][ T5337] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   75.264408][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[   75.268525][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.272952][ T5337] Call Trace:
[   75.274562][ T5337]  <TASK>
[   75.276367][ T5337]  dump_stack_lvl+0x99/0x250
[   75.278764][ T5337]  ? __asan_memcpy+0x40/0x70
[   75.280782][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.282873][ T5337]  ? __pfx__printk+0x10/0x10
[   75.284654][ T5337]  panic+0x2db/0x790
[   75.286186][ T5337]  ? __pfx_preempt_schedule+0x10/0x10
[   75.288385][ T5337]  ? __pfx_panic+0x10/0x10
[   75.290120][ T5337]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   75.292358][ T5337]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.295678][ T5337]  ? hfsplus_bnode_read+0xc0/0x2a0
[   75.298497][ T5337]  check_panic_on_warn+0x89/0xb0
[   75.300938][ T5337]  ? hfsplus_bnode_read+0xc0/0x2a0
[   75.302934][ T5337]  end_report+0x78/0x160
[   75.304717][ T5337]  kasan_report+0x129/0x150
[   75.306641][ T5337]  ? hfsplus_bnode_read+0xc0/0x2a0
[   75.308823][ T5337]  hfsplus_bnode_read+0xc0/0x2a0
[   75.310761][ T5337]  hfsplus_bnode_dump+0x300/0x450
[   75.312774][ T5337]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   75.314882][ T5337]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   75.317042][ T5337]  ? hfsplus_bnode_move+0x393/0xb90
[   75.319350][ T5337]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   75.322066][ T5337]  hfsplus_brec_remove+0x480/0x550
[   75.324489][ T5337]  __hfsplus_delete_attr+0x1d4/0x360
[   75.326857][ T5337]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   75.329413][ T5337]  ? hfsplus_attr_build_key+0xee/0x260
[   75.331884][ T5337]  hfsplus_delete_attr+0x231/0x2d0
[   75.333949][ T5337]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   75.335970][ T5337]  ? hfsplus_find_init+0x8c/0x1d0
[   75.338240][ T5337]  ? hfsplus_find_init+0x15a/0x1d0
[   75.340552][ T5337]  __hfsplus_setxattr+0x37a/0x1f40
[   75.342943][ T5337]  ? is_bpf_text_address+0x26/0x2b0
[   75.345147][ T5337]  ? kernel_text_address+0xa5/0xe0
[   75.347356][ T5337]  ? unwind_get_return_address+0x4d/0x90
[   75.349710][ T5337]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   75.352233][ T5337]  ? arch_stack_walk+0xfc/0x150
[   75.354369][ T5337]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   75.356753][ T5337]  ? stack_trace_save+0x9c/0xe0
[   75.358944][ T5337]  ? __kasan_kmalloc+0x93/0xb0
[   75.360811][ T5337]  ? hfsplus_setxattr+0x102/0x180
[   75.363118][ T5337]  hfsplus_setxattr+0x11e/0x180
[   75.365553][ T5337]  hfsplus_trusted_setxattr+0x40/0x60
[   75.367960][ T5337]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   75.370564][ T5337]  __vfs_setxattr+0x439/0x480
[   75.372551][ T5337]  __vfs_setxattr_noperm+0x12d/0x660
[   75.374663][ T5337]  vfs_setxattr+0x16b/0x2f0
[   75.376742][ T5337]  ? __pfx_vfs_setxattr+0x10/0x10
[   75.379256][ T5337]  ? mnt_get_write_access+0x223/0x2a0
[   75.381967][ T5337]  filename_setxattr+0x274/0x600
[   75.384136][ T5337]  ? __pfx_filename_setxattr+0x10/0x10
[   75.386476][ T5337]  ? getname_flags+0x1e5/0x540
[   75.388615][ T5337]  path_setxattrat+0x364/0x3a0
[   75.390705][ T5337]  ? __pfx_path_setxattrat+0x10/0x10
[   75.393030][ T5337]  ? rcu_is_watching+0x15/0xb0
[   75.395162][ T5337]  __x64_sys_setxattr+0xbc/0xe0
[   75.397828][ T5337]  do_syscall_64+0xfa/0x3b0
[   75.400373][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.402943][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.405539][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   75.407629][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.410201][ T5337] RIP: 0033:0x7f068e38e929
[   75.412197][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.420989][ T5337] RSP: 002b:00007f068f128038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   75.424663][ T5337] RAX: ffffffffffffffda RBX: 00007f068e5b6080 RCX: 00007f068e38e929
[   75.428279][ T5337] RDX: 0000200000001400 RSI: 0000200000000240 RDI: 0000200000000280
[   75.432369][ T5337] RBP: 00007f068e410b39 R08: 0000000000000000 R09: 0000000000000000
[   75.436204][ T5337] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000
[   75.439552][ T5337] R13: 0000000000000000 R14: 00007f068e5b6080 R15: 00007fff7378bd98
[   75.442952][ T5337]  </TASK>
[   75.444627][ T5337] Kernel Offset: disabled
[   75.446483][ T5337] Rebooting in 86400 seconds..