program:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400200142603600e122f00160006000300a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xfb}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000280)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="070600400000000000002d00000009f701007770616e31000000d2ffff000000000000737c82f9fbcfe9ac448778df9c914d2d338c7df2dd17bd2ea023672ea95fdcfd880fa5d40243443c88cfd30427b06e345a159608843e517387a062a759f69c6fecb94c367a555e4d4aaa8c52258141ec0d8280cb7147252895437e4c4eef461b1d8642b511b3e54800000000000000052bad9bd79d9683bc61ccfc0000"], 0x20}}, 0x0)
r3 = socket$igmp6(0xa, 0x3, 0x2)
sendmmsg$unix(r3, &(0x7f00000090c0)=[{{&(0x7f0000004180)=@abs={0x0, 0x0, 0x4e23}, 0x6e, 0x0, 0x0, &(0x7f0000004380)=[@cred={{0x1c}}], 0x20, 0x880}}], 0x1, 0x40010)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000200)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@max_dir_size_kb}, {@nodelalloc}, {@noauto_da_alloc}, {@bsdgroups}, {@oldalloc}, {@nombcache}]}, 0x2, 0x44a, &(0x7f0000000880)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c")
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") (async)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async)
socket$kcm(0x10, 0x2, 0x0) (async)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400200142603600e122f00160006000300a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xfb}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000280)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="070600400000000000002d00000009f701007770616e31000000d2ffff000000000000737c82f9fbcfe9ac448778df9c914d2d338c7df2dd17bd2ea023672ea95fdcfd880fa5d40243443c88cfd30427b06e345a159608843e517387a062a759f69c6fecb94c367a555e4d4aaa8c52258141ec0d8280cb7147252895437e4c4eef461b1d8642b511b3e54800000000000000052bad9bd79d9683bc61ccfc0000"], 0x20}}, 0x0) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
sendmmsg$unix(r3, &(0x7f00000090c0)=[{{&(0x7f0000004180)=@abs={0x0, 0x0, 0x4e23}, 0x6e, 0x0, 0x0, &(0x7f0000004380)=[@cred={{0x1c}}], 0x20, 0x880}}], 0x1, 0x40010) (async)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000200)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@max_dir_size_kb}, {@nodelalloc}, {@noauto_da_alloc}, {@bsdgroups}, {@oldalloc}, {@nombcache}]}, 0x2, 0x44a, &(0x7f0000000880)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") (async)

[   75.389056][ T4687] Bluetooth: hci0: command tx timeout
[   75.524889][ T5338] loop0: detected capacity change from 0 to 1024
[   75.855924][ T5338] hfsplus: request for non-existent node 211 in B*Tree
[   75.872558][ T5338] hfsplus: request for non-existent node 211 in B*Tree
[   75.887952][ T5338] netlink: 'syz.0.0': attribute type 21 has an invalid length.
[   75.897575][ T5338] netlink: 128 bytes leftover after parsing attributes in process `syz.0.0'.
[   75.908307][ T5338] netlink: 'syz.0.0': attribute type 3 has an invalid length.
[   75.918196][ T5338] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'.
[   75.971434][ T5338] ==================================================================
[   75.975305][ T5338] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[   75.978936][ T5338] Read of size 8 at addr ffff888035c036c8 by task syz.0.0/5338
[   75.993722][ T5338] 
[   75.994930][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[   75.994948][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.994956][ T5338] Call Trace:
[   75.994963][ T5338]  <TASK>
[   75.994969][ T5338]  dump_stack_lvl+0x189/0x250
[   75.994987][ T5338]  ? __virt_addr_valid+0x1c8/0x5c0
[   75.995015][ T5338]  ? rcu_is_watching+0x15/0xb0
[   75.995038][ T5338]  ? __kasan_check_byte+0x12/0x40
[   75.995052][ T5338]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.995064][ T5338]  ? rcu_is_watching+0x15/0xb0
[   75.995075][ T5338]  ? lock_release+0x4b/0x3e0
[   75.995088][ T5338]  ? __virt_addr_valid+0x1c8/0x5c0
[   75.995101][ T5338]  ? __virt_addr_valid+0x4a5/0x5c0
[   75.995115][ T5338]  print_report+0xca/0x230
[   75.995127][ T5338]  ? hfsplus_bnode_read+0xc0/0x2a0
[   75.995139][ T5338]  kasan_report+0x118/0x150
[   75.995161][ T5338]  ? hfsplus_bnode_read+0xc0/0x2a0
[   75.995174][ T5338]  hfsplus_bnode_read+0xc0/0x2a0
[   75.995187][ T5338]  hfsplus_bnode_dump+0x300/0x450
[   75.995201][ T5338]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   75.995214][ T5338]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   75.995227][ T5338]  ? hfsplus_bnode_move+0x393/0xb90
[   75.995240][ T5338]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   75.995254][ T5338]  hfsplus_brec_remove+0x480/0x550
[   75.995271][ T5338]  __hfsplus_delete_attr+0x1d4/0x360
[   75.995287][ T5338]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   75.995304][ T5338]  ? hfsplus_attr_build_key+0xee/0x260
[   75.995319][ T5338]  hfsplus_delete_attr+0x231/0x2d0
[   75.995335][ T5338]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   75.995350][ T5338]  ? hfsplus_find_init+0x8c/0x1d0
[   75.995363][ T5338]  ? hfsplus_find_init+0x15a/0x1d0
[   75.995374][ T5338]  __hfsplus_setxattr+0x71c/0x1f40
[   75.995387][ T5338]  ? is_bpf_text_address+0x26/0x2b0
[   75.995400][ T5338]  ? kernel_text_address+0xa5/0xe0
[   75.995411][ T5338]  ? __kernel_text_address+0xd/0x40
[   75.995420][ T5338]  ? unwind_get_return_address+0x4d/0x90
[   75.995433][ T5338]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   75.995449][ T5338]  ? arch_stack_walk+0xfc/0x150
[   75.995463][ T5338]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   75.995479][ T5338]  ? stack_trace_save+0x9c/0xe0
[   75.995495][ T5338]  ? __pfx_hfsplus_compare_dentry+0x10/0x10
[   75.995526][ T5338]  ? __kasan_kmalloc+0x93/0xb0
[   75.995539][ T5338]  ? hfsplus_setxattr+0x102/0x180
[   75.995554][ T5338]  hfsplus_setxattr+0x11e/0x180
[   75.995571][ T5338]  hfsplus_trusted_setxattr+0x40/0x60
[   75.995587][ T5338]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   75.995603][ T5338]  __vfs_removexattr+0x431/0x470
[   75.995622][ T5338]  __vfs_removexattr_locked+0x1ed/0x230
[   75.995638][ T5338]  vfs_removexattr+0x80/0x1b0
[   75.995652][ T5338]  path_removexattrat+0x35d/0x690
[   75.995664][ T5338]  ? __pfx_path_removexattrat+0x10/0x10
[   75.995683][ T5338]  ? rcu_is_watching+0x15/0xb0
[   75.995730][ T5338]  __x64_sys_lremovexattr+0x65/0x80
[   75.995747][ T5338]  do_syscall_64+0xfa/0x3b0
[   75.995800][ T5338]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.995812][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.995824][ T5338]  ? clear_bhb_loop+0x60/0xb0
[   75.995836][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.995848][ T5338] RIP: 0033:0x7f9189f8e9a9
[   75.995861][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.995872][ T5338] RSP: 002b:00007f918adc0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   75.995885][ T5338] RAX: ffffffffffffffda RBX: 00007f918a1b5fa0 RCX: 00007f9189f8e9a9
[   75.995894][ T5338] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240
[   75.995902][ T5338] RBP: 00007f918a010d69 R08: 0000000000000000 R09: 0000000000000000
[   75.995909][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.995916][ T5338] R13: 0000000000000000 R14: 00007f918a1b5fa0 R15: 00007ffd3af11ce8
[   75.995929][ T5338]  </TASK>
[   75.995934][ T5338] 
[   76.384170][ T5338] Allocated by task 5338:
[   76.386188][ T5338]  kasan_save_track+0x3e/0x80
[   76.388419][ T5338]  __kasan_kmalloc+0x93/0xb0
[   76.401090][ T5338]  __kmalloc_noprof+0x27a/0x4f0
[   76.403344][ T5338]  __hfs_bnode_create+0xf3/0x810
[   76.405570][ T5338]  hfsplus_bnode_find+0x224/0xd20
[   76.407935][ T5338]  hfsplus_brec_find+0x15c/0x500
[   76.428836][ T5338]  hfsplus_attr_exists+0x163/0x1d0
[   76.431246][ T5338]  __hfsplus_setxattr+0x33e/0x1f40
[   76.433540][ T5338]  hfsplus_setxattr+0x11e/0x180
[   76.435762][ T5338]  hfsplus_trusted_setxattr+0x40/0x60
[   76.452504][ T5338]  __vfs_setxattr+0x43c/0x480
[   76.454723][ T5338]  __vfs_setxattr_noperm+0x12d/0x660
[   76.457077][ T5338]  vfs_setxattr+0x16b/0x2f0
[   76.459052][ T5338]  filename_setxattr+0x274/0x600
[   76.461594][ T5338]  path_setxattrat+0x364/0x3a0
[   76.464243][ T5338]  __x64_sys_setxattr+0xbc/0xe0
[   76.471022][ T5338]  do_syscall_64+0xfa/0x3b0
[   76.479538][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.482214][ T5338] 
[   76.483280][ T5338] The buggy address belongs to the object at ffff888035c03600
[   76.483280][ T5338]  which belongs to the cache kmalloc-192 of size 192
[   76.505515][ T5338] The buggy address is located 48 bytes to the right of
[   76.505515][ T5338]  allocated 152-byte region [ffff888035c03600, ffff888035c03698)
[   76.512318][ T5338] 
[   76.513510][ T5338] The buggy address belongs to the physical page:
[   76.516472][ T5338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35c03
[   76.531118][ T5338] anon flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   76.535424][ T5338] page_type: f5(slab)
[   76.538118][ T5338] raw: 04fff00000000000 ffff88801a4413c0 0000000000000000 dead000000000001
[   76.551998][ T5338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   76.556498][ T5338] page dumped because: kasan: bad access detected
[   76.571805][ T5338] page_owner tracks the page as allocated
[   76.574637][ T5338] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 12976153708, free_ts 0
[   76.591539][ T5338]  post_alloc_hook+0x240/0x2a0
[   76.596534][ T5338]  get_page_from_freelist+0x21e4/0x22c0
[   76.601105][ T5338]  __alloc_frozen_pages_noprof+0x181/0x370
[   76.608574][ T5338]  alloc_pages_mpol+0x232/0x4a0
[   76.613232][ T5338]  allocate_slab+0x8a/0x3b0
[   76.615737][ T5338]  ___slab_alloc+0xbfc/0x1480
[   76.619240][ T5338]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[   76.622236][ T5338]  kmemdup_noprof+0x2b/0x70
[   76.624159][ T5338]  neigh_parms_alloc+0x87/0x510
[   76.626215][ T5338]  inetdev_init+0x128/0x500
[   76.628187][ T5338]  inetdev_event+0x301/0x15b0
[   76.635225][ T5338]  notifier_call_chain+0x1b3/0x3e0
[   76.637819][ T5338]  register_netdevice+0x1608/0x1ae0
[   76.650507][ T5338]  cfg80211_register_netdevice+0x150/0x2f0
[   76.653547][ T5338]  ieee80211_if_add+0xe60/0x1390
[   76.656026][ T5338]  ieee80211_register_hw+0x350d/0x4120
[   76.658607][ T5338] page_owner free stack trace missing
[   76.680360][ T5338] 
[   76.681449][ T5338] Memory state around the buggy address:
[   76.684310][ T5338]  ffff888035c03580: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   76.687895][ T5338]  ffff888035c03600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.701150][ T5338] >ffff888035c03680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.705087][ T5338]                                               ^
[   76.710371][ T5338]  ffff888035c03700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.722686][ T5338]  ffff888035c03780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   76.726597][ T5338] ==================================================================
[   76.762747][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[   76.766009][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[   76.883318][ T5338] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   76.886682][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[   76.902889][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.908603][ T5338] Call Trace:
[   76.910058][ T5338]  <TASK>
[   76.911286][ T5338]  dump_stack_lvl+0x99/0x250
[   76.913217][ T5338]  ? __asan_memcpy+0x40/0x70
[   76.915171][ T5338]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.917516][ T5338]  ? __pfx__printk+0x10/0x10
[   76.927746][ T5338]  panic+0x2db/0x790
[   76.944700][ T5338]  ? __pfx_preempt_schedule+0x10/0x10
[   76.948011][ T5338]  ? __pfx_panic+0x10/0x10
[   76.950672][ T5338]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   76.953481][ T5338]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.956548][ T5338]  ? hfsplus_bnode_read+0xc0/0x2a0
[   76.972093][ T5338]  check_panic_on_warn+0x89/0xb0
[   76.974758][ T5338]  ? hfsplus_bnode_read+0xc0/0x2a0
[   76.978610][ T5338]  end_report+0x78/0x160
[   76.982963][ T5338]  kasan_report+0x129/0x150
[   76.985644][ T5338]  ? hfsplus_bnode_read+0xc0/0x2a0
[   76.989434][ T5338]  hfsplus_bnode_read+0xc0/0x2a0
[   76.991558][ T5338]  hfsplus_bnode_dump+0x300/0x450
[   76.994490][ T5338]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   76.998093][ T5338]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   77.004852][ T5338]  ? hfsplus_bnode_move+0x393/0xb90
[   77.007220][ T5338]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   77.013031][ T5338]  hfsplus_brec_remove+0x480/0x550
[   77.015242][ T5338]  __hfsplus_delete_attr+0x1d4/0x360
[   77.029959][ T5338]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   77.033022][ T5338]  ? hfsplus_attr_build_key+0xee/0x260
[   77.035633][ T5338]  hfsplus_delete_attr+0x231/0x2d0
[   77.040891][ T5338]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   77.050764][ T5338]  ? hfsplus_find_init+0x8c/0x1d0
[   77.053325][ T5338]  ? hfsplus_find_init+0x15a/0x1d0
[   77.059642][ T5338]  __hfsplus_setxattr+0x71c/0x1f40
[   77.062306][ T5338]  ? is_bpf_text_address+0x26/0x2b0
[   77.064831][ T5338]  ? kernel_text_address+0xa5/0xe0
[   77.071503][ T5338]  ? __kernel_text_address+0xd/0x40
[   77.073661][ T5338]  ? unwind_get_return_address+0x4d/0x90
[   77.076125][ T5338]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   77.078644][ T5338]  ? arch_stack_walk+0xfc/0x150
[   77.093430][ T5338]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   77.095909][ T5338]  ? stack_trace_save+0x9c/0xe0
[   77.098111][ T5338]  ? __pfx_hfsplus_compare_dentry+0x10/0x10
[   77.113586][ T5338]  ? __kasan_kmalloc+0x93/0xb0
[   77.115866][ T5338]  ? hfsplus_setxattr+0x102/0x180
[   77.118314][ T5338]  hfsplus_setxattr+0x11e/0x180
[   77.133119][ T5338]  hfsplus_trusted_setxattr+0x40/0x60
[   77.135719][ T5338]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   77.138637][ T5338]  __vfs_removexattr+0x431/0x470
[   77.141069][ T5338]  __vfs_removexattr_locked+0x1ed/0x230
[   77.143594][ T5338]  vfs_removexattr+0x80/0x1b0
[   77.146101][ T5338]  path_removexattrat+0x35d/0x690
[   77.161428][ T5338]  ? __pfx_path_removexattrat+0x10/0x10
[   77.163970][ T5338]  ? rcu_is_watching+0x15/0xb0
[   77.166136][ T5338]  __x64_sys_lremovexattr+0x65/0x80
[   77.168527][ T5338]  do_syscall_64+0xfa/0x3b0
[   77.181524][ T5338]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.190440][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.193360][ T5338]  ? clear_bhb_loop+0x60/0xb0
[   77.200062][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.204446][ T5338] RIP: 0033:0x7f9189f8e9a9
[   77.211729][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.239390][ T5338] RSP: 002b:00007f918adc0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   77.256273][ T5338] RAX: ffffffffffffffda RBX: 00007f918a1b5fa0 RCX: 00007f9189f8e9a9
[   77.264723][ T5338] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240
[   77.271235][ T5338] RBP: 00007f918a010d69 R08: 0000000000000000 R09: 0000000000000000
[   77.276940][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.280860][ T5338] R13: 0000000000000000 R14: 00007f918a1b5fa0 R15: 00007ffd3af11ce8
[   77.286703][ T5338]  </TASK>
[   77.289199][ T5338] Kernel Offset: disabled
[   77.292070][ T5338] Rebooting in 86400 seconds..