program:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_emit_vhci(&(0x7f0000000480)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_PERIODIC_INQ={{0x3}, 0x8}}}, 0x7)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x23c, 0x19, 0x1, 0x0, 0x0, {{@in=@private, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x3c, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x100000000, 0xca8}, {0x3}, 0x0, 0x0, 0x1}, [@tmpl={0x184, 0x5, [{{@in=@local, 0x4d5, 0x3c}, 0x0, @in6=@mcast2}, {{@in6=@remote, 0x4d4, 0x3c}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x1}, {{@in=@remote, 0x0, 0x6c}, 0x0, @in=@local}, {{@in6=@local, 0x0, 0x33}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x3, 0x0, 0x0, 0x81}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xfffffffe, 0x6c}, 0x0, @in=@multicast1, 0x0, 0x0, 0x0, 0x3}, {{@in6=@mcast1, 0x0, 0x6d}, 0xa, @in6=@private1, 0x0, 0x4, 0x0, 0x2}]}]}, 0x23c}}, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
syz_emit_vhci(&(0x7f0000000480)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_PERIODIC_INQ={{0x3}, 0x8}}}, 0x7) (async)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x23c, 0x19, 0x1, 0x0, 0x0, {{@in=@private, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x3c, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x100000000, 0xca8}, {0x3}, 0x0, 0x0, 0x1}, [@tmpl={0x184, 0x5, [{{@in=@local, 0x4d5, 0x3c}, 0x0, @in6=@mcast2}, {{@in6=@remote, 0x4d4, 0x3c}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x1}, {{@in=@remote, 0x0, 0x6c}, 0x0, @in=@local}, {{@in6=@local, 0x0, 0x33}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x3, 0x0, 0x0, 0x81}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xfffffffe, 0x6c}, 0x0, @in=@multicast1, 0x0, 0x0, 0x0, 0x3}, {{@in6=@mcast1, 0x0, 0x6d}, 0xa, @in6=@private1, 0x0, 0x4, 0x0, 0x2}]}]}, 0x23c}}, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async)
[ 87.270350][ T5342] loop0: detected capacity change from 0 to 1024
[ 87.285907][ T5319] Bluetooth: hci0: command tx timeout
[ 87.292022][ T54] cfg80211: failed to load regulatory.db
[ 87.450500][ T5342] hfsplus: request for non-existent node 211 in B*Tree
[ 87.453976][ T5342] hfsplus: request for non-existent node 211 in B*Tree
[ 87.479352][ T5343] ==================================================================
[ 87.482946][ T5343] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[ 87.486377][ T5343] Read of size 8 at addr ffff888035e753c8 by task syz.0.0/5343
[ 87.489630][ T5343]
[ 87.490790][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full)
[ 87.490806][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.490814][ T5343] Call Trace:
[ 87.490822][ T5343]
[ 87.490829][ T5343] dump_stack_lvl+0x189/0x250
[ 87.490847][ T5343] ? __virt_addr_valid+0x1c8/0x5c0
[ 87.490863][ T5343] ? rcu_is_watching+0x15/0xb0
[ 87.490876][ T5343] ? __kasan_check_byte+0x12/0x40
[ 87.490892][ T5343] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.490905][ T5343] ? rcu_is_watching+0x15/0xb0
[ 87.490918][ T5343] ? lock_release+0x4b/0x3e0
[ 87.490932][ T5343] ? __virt_addr_valid+0x1c8/0x5c0
[ 87.490946][ T5343] ? __virt_addr_valid+0x4a5/0x5c0
[ 87.490961][ T5343] print_report+0xca/0x230
[ 87.490973][ T5343] ? hfsplus_bnode_read+0xc0/0x2a0
[ 87.490986][ T5343] kasan_report+0x118/0x150
[ 87.491000][ T5343] ? hfsplus_bnode_read+0xc0/0x2a0
[ 87.491014][ T5343] hfsplus_bnode_read+0xc0/0x2a0
[ 87.491028][ T5343] hfsplus_bnode_dump+0x300/0x450
[ 87.491042][ T5343] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 87.491055][ T5343] ? hfsplus_bnode_write_u16+0x8b/0xd0
[ 87.491068][ T5343] ? hfsplus_bnode_move+0x393/0xb90
[ 87.491080][ T5343] ? __pfx___hfsplus_brec_find+0x10/0x10
[ 87.491095][ T5343] hfsplus_brec_remove+0x480/0x550
[ 87.491113][ T5343] __hfsplus_delete_attr+0x1d4/0x360
[ 87.491129][ T5343] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 87.491146][ T5343] ? hfsplus_attr_build_key+0xee/0x260
[ 87.491162][ T5343] hfsplus_delete_attr+0x231/0x2d0
[ 87.491177][ T5343] ? __pfx_hfsplus_delete_attr+0x10/0x10
[ 87.491193][ T5343] ? hfsplus_find_init+0x8c/0x1d0
[ 87.491214][ T5343] ? hfsplus_find_init+0x15a/0x1d0
[ 87.491228][ T5343] __hfsplus_setxattr+0x37a/0x1f40
[ 87.491244][ T5343] ? is_bpf_text_address+0x26/0x2b0
[ 87.491258][ T5343] ? kernel_text_address+0xa5/0xe0
[ 87.491270][ T5343] ? unwind_get_return_address+0x4d/0x90
[ 87.491284][ T5343] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 87.491299][ T5343] ? arch_stack_walk+0xfc/0x150
[ 87.491314][ T5343] ? __pfx___hfsplus_setxattr+0x10/0x10
[ 87.491330][ T5343] ? stack_trace_save+0x9c/0xe0
[ 87.491363][ T5343] ? __kasan_kmalloc+0x93/0xb0
[ 87.491376][ T5343] ? hfsplus_setxattr+0x102/0x180
[ 87.491392][ T5343] hfsplus_setxattr+0x11e/0x180
[ 87.491408][ T5343] hfsplus_trusted_setxattr+0x40/0x60
[ 87.491424][ T5343] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[ 87.491440][ T5343] __vfs_setxattr+0x43c/0x480
[ 87.491458][ T5343] __vfs_setxattr_noperm+0x12d/0x660
[ 87.491475][ T5343] vfs_setxattr+0x16b/0x2f0
[ 87.491493][ T5343] ? __pfx_vfs_setxattr+0x10/0x10
[ 87.491506][ T5343] ? mnt_get_write_access+0x223/0x2a0
[ 87.491520][ T5343] filename_setxattr+0x274/0x600
[ 87.491538][ T5343] ? __pfx_filename_setxattr+0x10/0x10
[ 87.491555][ T5343] ? getname_flags+0x1e5/0x540
[ 87.491572][ T5343] path_setxattrat+0x364/0x3a0
[ 87.491587][ T5343] ? __pfx_path_setxattrat+0x10/0x10
[ 87.491607][ T5343] ? rcu_is_watching+0x15/0xb0
[ 87.491621][ T5343] __x64_sys_setxattr+0xbc/0xe0
[ 87.491638][ T5343] do_syscall_64+0xfa/0x3b0
[ 87.491708][ T5343] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.491720][ T5343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.491732][ T5343] ? clear_bhb_loop+0x60/0xb0
[ 87.491745][ T5343] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.491757][ T5343] RIP: 0033:0x7fae37b8e9a9
[ 87.491771][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 87.491781][ T5343] RSP: 002b:00007fae3896a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[ 87.491796][ T5343] RAX: ffffffffffffffda RBX: 00007fae37db6080 RCX: 00007fae37b8e9a9
[ 87.491806][ T5343] RDX: 0000200000001400 RSI: 0000200000000240 RDI: 0000200000000280
[ 87.491818][ T5343] RBP: 00007fae37c10d69 R08: 0000000000000000 R09: 0000000000000000
[ 87.491826][ T5343] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000
[ 87.491835][ T5343] R13: 0000000000000000 R14: 00007fae37db6080 R15: 00007ffce99f91b8
[ 87.491849][ T5343]
[ 87.491854][ T5343]
[ 87.668059][ T5343] Allocated by task 5342:
[ 87.670089][ T5343] kasan_save_track+0x3e/0x80
[ 87.671978][ T5343] __kasan_kmalloc+0x93/0xb0
[ 87.674026][ T5343] __kmalloc_noprof+0x27a/0x4f0
[ 87.676148][ T5343] __hfs_bnode_create+0xf3/0x810
[ 87.678519][ T5343] hfsplus_bnode_find+0x224/0xd20
[ 87.680931][ T5343] hfsplus_brec_find+0x15c/0x500
[ 87.683326][ T5343] hfsplus_attr_exists+0x163/0x1d0
[ 87.685588][ T5343] __hfsplus_setxattr+0x33e/0x1f40
[ 87.687826][ T5343] hfsplus_setxattr+0x11e/0x180
[ 87.689854][ T5343] hfsplus_trusted_setxattr+0x40/0x60
[ 87.692109][ T5343] __vfs_setxattr+0x43c/0x480
[ 87.694169][ T5343] __vfs_setxattr_noperm+0x12d/0x660
[ 87.696684][ T5343] vfs_setxattr+0x16b/0x2f0
[ 87.698782][ T5343] filename_setxattr+0x274/0x600
[ 87.701063][ T5343] path_setxattrat+0x364/0x3a0
[ 87.703191][ T5343] __x64_sys_setxattr+0xbc/0xe0
[ 87.705355][ T5343] do_syscall_64+0xfa/0x3b0
[ 87.707508][ T5343] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.710094][ T5343]
[ 87.711217][ T5343] The buggy address belongs to the object at ffff888035e75300
[ 87.711217][ T5343] which belongs to the cache kmalloc-192 of size 192
[ 87.717711][ T5343] The buggy address is located 48 bytes to the right of
[ 87.717711][ T5343] allocated 152-byte region [ffff888035e75300, ffff888035e75398)
[ 87.723960][ T5343]
[ 87.725009][ T5343] The buggy address belongs to the physical page:
[ 87.727968][ T5343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35e75
[ 87.732006][ T5343] ksm flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 87.735224][ T5343] page_type: f5(slab)
[ 87.737010][ T5343] raw: 04fff00000000000 ffff88801a4413c0 ffffea0000daf140 dead000000000003
[ 87.740661][ T5343] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 87.744387][ T5343] page dumped because: kasan: bad access detected
[ 87.747566][ T5343] page_owner tracks the page as allocated
[ 87.750213][ T5343] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 11870048183, free_ts 11817188776
[ 87.758114][ T5343] post_alloc_hook+0x240/0x2a0
[ 87.760268][ T5343] get_page_from_freelist+0x21e4/0x22c0
[ 87.762639][ T5343] __alloc_frozen_pages_noprof+0x181/0x370
[ 87.765240][ T5343] alloc_pages_mpol+0x232/0x4a0
[ 87.767407][ T5343] allocate_slab+0x8a/0x3b0
[ 87.769463][ T5343] ___slab_alloc+0xbfc/0x1480
[ 87.771538][ T5343] __kmalloc_cache_noprof+0x296/0x3d0
[ 87.774023][ T5343] call_usermodehelper_setup+0x8e/0x270
[ 87.776707][ T5343] kobject_uevent_env+0x65c/0x8c0
[ 87.779247][ T5343] driver_register+0x2d4/0x320
[ 87.781415][ T5343] phy_driver_register+0x19c/0x2e0
[ 87.783718][ T5343] phy_drivers_register+0x3f/0xd0
[ 87.785910][ T5343] do_one_initcall+0x233/0x820
[ 87.788107][ T5343] do_initcall_level+0x137/0x1f0
[ 87.790319][ T5343] do_initcalls+0x69/0xd0
[ 87.792176][ T5343] kernel_init_freeable+0x3d9/0x570
[ 87.794474][ T5343] page last free pid 54 tgid 54 stack trace:
[ 87.797074][ T5343] __free_frozen_pages+0xc71/0xe70
[ 87.799323][ T5343] vfree+0x25a/0x400
[ 87.801115][ T5343] delayed_vfree_work+0x55/0x80
[ 87.803500][ T5343] process_scheduled_works+0xae1/0x17b0
[ 87.805842][ T5343] worker_thread+0x8a0/0xda0
[ 87.807839][ T5343] kthread+0x70e/0x8a0
[ 87.809559][ T5343] ret_from_fork+0x3fc/0x770
[ 87.811299][ T5343] ret_from_fork_asm+0x1a/0x30
[ 87.813250][ T5343]
[ 87.814356][ T5343] Memory state around the buggy address:
[ 87.816835][ T5343] ffff888035e75280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 87.820854][ T5343] ffff888035e75300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 87.824694][ T5343] >ffff888035e75380: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.828232][ T5343] ^
[ 87.831023][ T5343] ffff888035e75400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.834724][ T5343] ffff888035e75480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 87.838770][ T5343] ==================================================================
[ 87.912968][ T5343] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 87.916068][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full)
[ 87.920090][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.924639][ T5343] Call Trace:
[ 87.926097][ T5343]
[ 87.927431][ T5343] dump_stack_lvl+0x99/0x250
[ 87.929628][ T5343] ? __asan_memcpy+0x40/0x70
[ 87.932299][ T5343] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.934649][ T5343] ? __pfx__printk+0x10/0x10
[ 87.936779][ T5343] panic+0x2db/0x790
[ 87.938795][ T5343] ? __pfx_preempt_schedule+0x10/0x10
[ 87.941303][ T5343] ? __pfx_panic+0x10/0x10
[ 87.943370][ T5343] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 87.946017][ T5343] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 87.948918][ T5343] ? hfsplus_bnode_read+0xc0/0x2a0
[ 87.951315][ T5343] check_panic_on_warn+0x89/0xb0
[ 87.953441][ T5343] ? hfsplus_bnode_read+0xc0/0x2a0
[ 87.955882][ T5343] end_report+0x78/0x160
[ 87.958097][ T5343] kasan_report+0x129/0x150
[ 87.960204][ T5343] ? hfsplus_bnode_read+0xc0/0x2a0
[ 87.962464][ T5343] hfsplus_bnode_read+0xc0/0x2a0
[ 87.964715][ T5343] hfsplus_bnode_dump+0x300/0x450
[ 87.966927][ T5343] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 87.969340][ T5343] ? hfsplus_bnode_write_u16+0x8b/0xd0
[ 87.971799][ T5343] ? hfsplus_bnode_move+0x393/0xb90
[ 87.974106][ T5343] ? __pfx___hfsplus_brec_find+0x10/0x10
[ 87.976583][ T5343] hfsplus_brec_remove+0x480/0x550
[ 87.978863][ T5343] __hfsplus_delete_attr+0x1d4/0x360
[ 87.981122][ T5343] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 87.983684][ T5343] ? hfsplus_attr_build_key+0xee/0x260
[ 87.986105][ T5343] hfsplus_delete_attr+0x231/0x2d0
[ 87.988427][ T5343] ? __pfx_hfsplus_delete_attr+0x10/0x10
[ 87.990883][ T5343] ? hfsplus_find_init+0x8c/0x1d0
[ 87.993100][ T5343] ? hfsplus_find_init+0x15a/0x1d0
[ 87.995317][ T5343] __hfsplus_setxattr+0x37a/0x1f40
[ 87.997772][ T5343] ? is_bpf_text_address+0x26/0x2b0
[ 88.000086][ T5343] ? kernel_text_address+0xa5/0xe0
[ 88.002343][ T5343] ? unwind_get_return_address+0x4d/0x90
[ 88.004687][ T5343] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 88.007277][ T5343] ? arch_stack_walk+0xfc/0x150
[ 88.009427][ T5343] ? __pfx___hfsplus_setxattr+0x10/0x10
[ 88.011833][ T5343] ? stack_trace_save+0x9c/0xe0
[ 88.014078][ T5343] ? __kasan_kmalloc+0x93/0xb0
[ 88.016250][ T5343] ? hfsplus_setxattr+0x102/0x180
[ 88.018443][ T5343] hfsplus_setxattr+0x11e/0x180
[ 88.020521][ T5343] hfsplus_trusted_setxattr+0x40/0x60
[ 88.022869][ T5343] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[ 88.025487][ T5343] __vfs_setxattr+0x43c/0x480
[ 88.027598][ T5343] __vfs_setxattr_noperm+0x12d/0x660
[ 88.029869][ T5343] vfs_setxattr+0x16b/0x2f0
[ 88.031922][ T5343] ? __pfx_vfs_setxattr+0x10/0x10
[ 88.034080][ T5343] ? mnt_get_write_access+0x223/0x2a0
[ 88.036336][ T5343] filename_setxattr+0x274/0x600
[ 88.038667][ T5343] ? __pfx_filename_setxattr+0x10/0x10
[ 88.041255][ T5343] ? getname_flags+0x1e5/0x540
[ 88.043380][ T5343] path_setxattrat+0x364/0x3a0
[ 88.045545][ T5343] ? __pfx_path_setxattrat+0x10/0x10
[ 88.047944][ T5343] ? rcu_is_watching+0x15/0xb0
[ 88.050008][ T5343] __x64_sys_setxattr+0xbc/0xe0
[ 88.052109][ T5343] do_syscall_64+0xfa/0x3b0
[ 88.054119][ T5343] ? lockdep_hardirqs_on+0x9c/0x150
[ 88.056359][ T5343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.058948][ T5343] ? clear_bhb_loop+0x60/0xb0
[ 88.061046][ T5343] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.063540][ T5343] RIP: 0033:0x7fae37b8e9a9
[ 88.065437][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 88.073361][ T5343] RSP: 002b:00007fae3896a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[ 88.076793][ T5343] RAX: ffffffffffffffda RBX: 00007fae37db6080 RCX: 00007fae37b8e9a9
[ 88.080155][ T5343] RDX: 0000200000001400 RSI: 0000200000000240 RDI: 0000200000000280
[ 88.083550][ T5343] RBP: 00007fae37c10d69 R08: 0000000000000000 R09: 0000000000000000
[ 88.086773][ T5343] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000
[ 88.090048][ T5343] R13: 0000000000000000 R14: 00007fae37db6080 R15: 00007ffce99f91b8
[ 88.093319][ T5343]
[ 88.094993][ T5343] Kernel Offset: disabled
[ 88.096837][ T5343] Rebooting in 86400 seconds..