program:
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x244, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, {0x9}}}]}}]}}, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000ec0)={'syz0\x00', {0x0, 0x0, 0x0, 0x9}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x4, 0x0, 0x0, 0x1, 0x7, 0x0, 0x0, 0x0, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x8, 0xb16, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x1000, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0xfffffffa, 0x0, 0x80000000, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xe], [0x7, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffc, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x7, 0x4], [0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc045, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xa53, 0x0, 0x0, 0x5]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501) (async)
ioctl$UI_DEV_CREATE(r0, 0x5501)
write$uinput_user_dev(r0, &(0x7f0000000a40)={'syz1\x00', {0xfffd, 0xd}, 0x4d, [0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0xffff, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0xffffffff, 0x3, 0x3, 0x0, 0x0, 0x6, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x400000, 0x1, 0x0, 0x0, 0xfffffffe, 0x0, 0x4, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xffffffff, 0x0, 0x2000, 0x0, 0x0, 0xfd5], [0x0, 0x80000000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x3bfd, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7fffffc, 0x0, 0x0, 0x7fff, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffeffd, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, 0x4000000], [0x81, 0x0, 0x5d30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfc2, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xbf3, 0x3, 0x7, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xe58b, 0xe, 0x0, 0x3, 0x0, 0x1, 0x1ff]}, 0x45c)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r1, 0xa, 0x13) (async)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) (async)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) (async)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000140)='./file0\x00', 0x0)

[   92.475762][ T4685] Bluetooth: hci0: command tx timeout
[   92.480634][   T54] cfg80211: failed to load regulatory.db
[   92.783826][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   92.932533][   T10] usb 5-1: Using ep0 maxpacket: 16
[   92.938819][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   92.946008][   T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[   92.950438][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.962946][   T10] usb 5-1: config 0 descriptor??
[   92.980933][   T10] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input5
[   93.186760][ T5344] input: syz0 as /devices/virtual/input/input6
[   93.244503][ T5343] loop0: detected capacity change from 0 to 1024
[   93.318015][ T5343] hfsplus: request for non-existent node 134217728 in B*Tree
[   93.321602][ T5343] hfsplus: request for non-existent node 134217728 in B*Tree
[   93.335481][ T5344] ==================================================================
[   93.339128][ T5344] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[   93.342752][ T5344] Read of size 8 at addr ffff8880359b07e0 by task syz.0.0/5344
[   93.345956][ T5344] 
[   93.347061][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[   93.347076][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.347083][ T5344] Call Trace:
[   93.347091][ T5344]  <TASK>
[   93.347096][ T5344]  dump_stack_lvl+0x189/0x250
[   93.347111][ T5344]  ? __virt_addr_valid+0x1c8/0x5c0
[   93.347125][ T5344]  ? rcu_is_watching+0x15/0xb0
[   93.347140][ T5344]  ? __kasan_check_byte+0x12/0x40
[   93.347154][ T5344]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.347165][ T5344]  ? rcu_is_watching+0x15/0xb0
[   93.347175][ T5344]  ? lock_release+0x4b/0x3e0
[   93.347187][ T5344]  ? __virt_addr_valid+0x1c8/0x5c0
[   93.347199][ T5344]  ? __virt_addr_valid+0x4a5/0x5c0
[   93.347211][ T5344]  print_report+0xca/0x240
[   93.347220][ T5344]  ? hfsplus_bnode_read+0xc0/0x2a0
[   93.347230][ T5344]  kasan_report+0x118/0x150
[   93.347243][ T5344]  ? hfsplus_bnode_read+0xc0/0x2a0
[   93.347255][ T5344]  hfsplus_bnode_read+0xc0/0x2a0
[   93.347266][ T5344]  hfsplus_bnode_dump+0x300/0x450
[   93.347278][ T5344]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   93.347288][ T5344]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   93.347298][ T5344]  ? hfsplus_bnode_move+0x393/0xb90
[   93.347309][ T5344]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   93.347320][ T5344]  hfsplus_brec_remove+0x480/0x550
[   93.347334][ T5344]  __hfsplus_delete_attr+0x1d4/0x360
[   93.347355][ T5344]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   93.347369][ T5344]  ? hfsplus_attr_build_key+0xee/0x260
[   93.347382][ T5344]  hfsplus_delete_attr+0x231/0x2d0
[   93.347394][ T5344]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   93.347404][ T5344]  ? hfsplus_find_init+0x8c/0x1d0
[   93.347412][ T5344]  ? hfsplus_find_init+0x15a/0x1d0
[   93.347419][ T5344]  __hfsplus_setxattr+0x71c/0x1f40
[   93.347428][ T5344]  ? do_raw_spin_lock+0x121/0x290
[   93.347438][ T5344]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   93.347498][ T5344]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.347508][ T5344]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   93.347520][ T5344]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.347548][ T5344]  ? __kasan_kmalloc+0x93/0xb0
[   93.347558][ T5344]  ? hfsplus_setxattr+0x102/0x180
[   93.347571][ T5344]  hfsplus_setxattr+0x11e/0x180
[   93.347586][ T5344]  hfsplus_user_setxattr+0x40/0x60
[   93.347599][ T5344]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   93.347613][ T5344]  __vfs_removexattr+0x431/0x470
[   93.347628][ T5344]  __vfs_removexattr_locked+0x1ed/0x230
[   93.347638][ T5344]  vfs_removexattr+0x80/0x1b0
[   93.347651][ T5344]  path_removexattrat+0x35d/0x690
[   93.347661][ T5344]  ? __pfx_path_removexattrat+0x10/0x10
[   93.347677][ T5344]  ? rcu_is_watching+0x15/0xb0
[   93.347689][ T5344]  __x64_sys_removexattr+0x62/0x70
[   93.347704][ T5344]  do_syscall_64+0xfa/0x3b0
[   93.347715][ T5344]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.347725][ T5344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.347735][ T5344]  ? clear_bhb_loop+0x60/0xb0
[   93.347746][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.347755][ T5344] RIP: 0033:0x7fceec98e9a9
[   93.347763][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.347772][ T5344] RSP: 002b:00007fceed89e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   93.347782][ T5344] RAX: ffffffffffffffda RBX: 00007fceecbb6080 RCX: 00007fceec98e9a9
[   93.347789][ T5344] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[   93.347796][ T5344] RBP: 00007fceeca10d69 R08: 0000000000000000 R09: 0000000000000000
[   93.347803][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.347809][ T5344] R13: 0000000000000000 R14: 00007fceecbb6080 R15: 00007ffefb25df58
[   93.347820][ T5344]  </TASK>
[   93.347824][ T5344] 
[   93.512795][ T5344] Allocated by task 5344:
[   93.514878][ T5344]  kasan_save_track+0x3e/0x80
[   93.517083][ T5344]  __kasan_kmalloc+0x93/0xb0
[   93.519806][ T5344]  __kmalloc_noprof+0x27a/0x4f0
[   93.522048][ T5344]  __hfs_bnode_create+0xf3/0x810
[   93.524242][ T5344]  hfsplus_bnode_find+0x224/0xd20
[   93.526510][ T5344]  hfsplus_brec_find+0x15c/0x500
[   93.528932][ T5344]  hfsplus_attr_exists+0x163/0x1d0
[   93.531381][ T5344]  __hfsplus_setxattr+0x33e/0x1f40
[   93.533880][ T5344]  hfsplus_setxattr+0x11e/0x180
[   93.536192][ T5344]  hfsplus_user_setxattr+0x40/0x60
[   93.538503][ T5344]  __vfs_setxattr+0x439/0x480
[   93.540538][ T5344]  __vfs_setxattr_noperm+0x12d/0x660
[   93.542809][ T5344]  vfs_setxattr+0x16b/0x2f0
[   93.544842][ T5344]  filename_setxattr+0x274/0x600
[   93.547002][ T5344]  path_setxattrat+0x364/0x3a0
[   93.549118][ T5344]  __x64_sys_setxattr+0xbc/0xe0
[   93.551391][ T5344]  do_syscall_64+0xfa/0x3b0
[   93.553525][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.556477][ T5344] 
[   93.557595][ T5344] The buggy address belongs to the object at ffff8880359b0700
[   93.557595][ T5344]  which belongs to the cache kmalloc-192 of size 192
[   93.563579][ T5344] The buggy address is located 72 bytes to the right of
[   93.563579][ T5344]  allocated 152-byte region [ffff8880359b0700, ffff8880359b0798)
[   93.569581][ T5344] 
[   93.570650][ T5344] The buggy address belongs to the physical page:
[   93.573268][ T5344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x359b0
[   93.576932][ T5344] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   93.579921][ T5344] page_type: f5(slab)
[   93.581698][ T5344] raw: 04fff00000000000 ffff88801a4413c0 dead000000000100 dead000000000122
[   93.585485][ T5344] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   93.589139][ T5344] page dumped because: kasan: bad access detected
[   93.592174][ T5344] page_owner tracks the page as allocated
[   93.594771][ T5344] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1038, tgid 1038 (kworker/u4:6), ts 13553084002, free_ts 13537115933
[   93.603621][ T5344]  post_alloc_hook+0x240/0x2a0
[   93.606134][ T5344]  get_page_from_freelist+0x21e4/0x22c0
[   93.608649][ T5344]  __alloc_frozen_pages_noprof+0x181/0x370
[   93.611208][ T5344]  alloc_pages_mpol+0x232/0x4a0
[   93.613364][ T5344]  allocate_slab+0x8a/0x3b0
[   93.615473][ T5344]  ___slab_alloc+0xbfc/0x1480
[   93.617464][ T5344]  __kmalloc_noprof+0x305/0x4f0
[   93.619544][ T5344]  blk_rq_map_kern+0x2a7/0x650
[   93.621557][ T5344]  scsi_execute_cmd+0x2fb/0x1130
[   93.623652][ T5344]  scsi_get_vpd_size+0x16b/0x400
[   93.626130][ T5344]  scsi_get_vpd_page+0x14d/0x450
[   93.629430][ T5344]  sd_revalidate_disk+0x6bc6/0xa7c0
[   93.631989][ T5344]  sd_open+0x204/0x610
[   93.633755][ T5344]  blkdev_get_whole+0x98/0x510
[   93.635863][ T5344]  bdev_open+0x31e/0xd30
[   93.637716][ T5344]  bdev_file_open_by_dev+0x1be/0x240
[   93.639965][ T5344] page last free pid 169 tgid 169 stack trace:
[   93.642656][ T5344]  __free_frozen_pages+0xc71/0xe70
[   93.644906][ T5344]  bio_free_pages+0x17a/0x240
[   93.646883][ T5344]  bio_copy_kern_endio_read+0x2c3/0x300
[   93.649255][ T5344]  blk_update_request+0x5eb/0xe70
[   93.651489][ T5344]  scsi_end_request+0x7c/0x830
[   93.653615][ T5344]  scsi_io_completion+0x131/0x390
[   93.655821][ T5344]  atapi_qc_complete+0x2da/0x5e0
[   93.657977][ T5344]  ata_qc_complete_multiple+0x1ae/0x280
[   93.660376][ T5344]  ahci_handle_port_interrupt+0x3d5/0x610
[   93.662851][ T5344]  ahci_handle_port_intr+0x19f/0x2e0
[   93.665079][ T5344]  ahci_single_level_irq_intr+0x9b/0xe0
[   93.667456][ T5344]  __handle_irq_event_percpu+0x28c/0x980
[   93.669796][ T5344]  handle_irq_event+0x8b/0x1e0
[   93.671869][ T5344]  handle_edge_irq+0x267/0x9c0
[   93.673859][ T5344]  __common_interrupt+0x140/0x250
[   93.675987][ T5344]  common_interrupt+0xb6/0xe0
[   93.677986][ T5344] 
[   93.679090][ T5344] Memory state around the buggy address:
[   93.681549][ T5344]  ffff8880359b0680: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   93.684907][ T5344]  ffff8880359b0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   93.688356][ T5344] >ffff8880359b0780: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   93.691840][ T5344]                                                        ^
[   93.694967][ T5344]  ffff8880359b0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   93.698452][ T5344]  ffff8880359b0880: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   93.702018][ T5344] ==================================================================
[   93.737476][ T5344] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   93.740806][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[   93.745752][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.750607][ T5344] Call Trace:
[   93.752362][ T5344]  <TASK>
[   93.754516][ T5344]  dump_stack_lvl+0x99/0x250
[   93.756719][ T5344]  ? __asan_memcpy+0x40/0x70
[   93.758922][ T5344]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.761129][ T5344]  ? __pfx__printk+0x10/0x10
[   93.763102][ T5344]  panic+0x2db/0x790
[   93.765083][ T5344]  ? __pfx_preempt_schedule+0x10/0x10
[   93.767509][ T5344]  ? __pfx_panic+0x10/0x10
[   93.769382][ T5344]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   93.771993][ T5344]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.774739][ T5344]  ? hfsplus_bnode_read+0xc0/0x2a0
[   93.776923][ T5344]  check_panic_on_warn+0x89/0xb0
[   93.778945][ T5344]  ? hfsplus_bnode_read+0xc0/0x2a0
[   93.781146][ T5344]  end_report+0x78/0x160
[   93.783411][ T5344]  kasan_report+0x129/0x150
[   93.785887][ T5344]  ? hfsplus_bnode_read+0xc0/0x2a0
[   93.788579][ T5344]  hfsplus_bnode_read+0xc0/0x2a0
[   93.790653][ T5344]  hfsplus_bnode_dump+0x300/0x450
[   93.792789][ T5344]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   93.795128][ T5344]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   93.797539][ T5344]  ? hfsplus_bnode_move+0x393/0xb90
[   93.799740][ T5344]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   93.802159][ T5344]  hfsplus_brec_remove+0x480/0x550
[   93.804220][ T5344]  __hfsplus_delete_attr+0x1d4/0x360
[   93.806268][ T5344]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   93.808787][ T5344]  ? hfsplus_attr_build_key+0xee/0x260
[   93.811162][ T5344]  hfsplus_delete_attr+0x231/0x2d0
[   93.813384][ T5344]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   93.816527][ T5344]  ? hfsplus_find_init+0x8c/0x1d0
[   93.819251][ T5344]  ? hfsplus_find_init+0x15a/0x1d0
[   93.821355][ T5344]  __hfsplus_setxattr+0x71c/0x1f40
[   93.823482][ T5344]  ? do_raw_spin_lock+0x121/0x290
[   93.825539][ T5344]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   93.827984][ T5344]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.830266][ T5344]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   93.832827][ T5344]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.835949][ T5344]  ? __kasan_kmalloc+0x93/0xb0
[   93.838332][ T5344]  ? hfsplus_setxattr+0x102/0x180
[   93.840798][ T5344]  hfsplus_setxattr+0x11e/0x180
[   93.842965][ T5344]  hfsplus_user_setxattr+0x40/0x60
[   93.845062][ T5344]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   93.847447][ T5344]  __vfs_removexattr+0x431/0x470
[   93.849653][ T5344]  __vfs_removexattr_locked+0x1ed/0x230
[   93.852079][ T5344]  vfs_removexattr+0x80/0x1b0
[   93.854001][ T5344]  path_removexattrat+0x35d/0x690
[   93.856060][ T5344]  ? __pfx_path_removexattrat+0x10/0x10
[   93.858478][ T5344]  ? rcu_is_watching+0x15/0xb0
[   93.861006][ T5344]  __x64_sys_removexattr+0x62/0x70
[   93.863597][ T5344]  do_syscall_64+0xfa/0x3b0
[   93.865683][ T5344]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.867932][ T5344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.870486][ T5344]  ? clear_bhb_loop+0x60/0xb0
[   93.872544][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.875342][ T5344] RIP: 0033:0x7fceec98e9a9
[   93.877419][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.885647][ T5344] RSP: 002b:00007fceed89e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   93.888923][ T5344] RAX: ffffffffffffffda RBX: 00007fceecbb6080 RCX: 00007fceec98e9a9
[   93.892158][ T5344] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[   93.895310][ T5344] RBP: 00007fceeca10d69 R08: 0000000000000000 R09: 0000000000000000
[   93.898491][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.901792][ T5344] R13: 0000000000000000 R14: 00007fceecbb6080 R15: 00007ffefb25df58
[   93.905133][ T5344]  </TASK>
[   93.906834][ T5344] Kernel Offset: disabled
[   93.908718][ T5344] Rebooting in 86400 seconds..