program:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08802, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESOCT], 0x1, 0x695, &(0x7f0000000440)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIRTNDxfxkt16SXz4S81f+9dvvDdjMIdiKRCNVJC71nH1nN9bnxtI35skX/vi712+1796+dfPe+UM7jY7Ko+fEXE8kntv77HvCI9EcsvxMFYkzW9tX8618J+czndeynKX8IAtZyWLqmTEL9flcvk71RCnZEakrD2299kkjmajfl84sOsiYpnOiSi3kxaruqSylyJu5kcW8XP27lNl8JZdzOfM97/CZvu9wdWzVTNsYbqY998VsX+q/Kmfqweolfx604PA6t9Qyrk/3xLV3zp2q8nr3bEfpmQHuR8VwUWp+rk6UffxsP7eNQ/NoJGZ7IvHs3pH4TXVt3Gvfvb18a+GtPu2vPbL90vh2+heHeWceWnm+PJPJeiZ5+Owo857dmmUejtdE/Y1LJ6+xI+9MlVcU3Sv127tcqY1WMl+VPrtrS5eqvOd25o3VI//HP3vyHvp7K2/+ZTTxBGBIJ790cqL179ZfW++3ft661Xp18psnvnrihYmM/2n8a82ZsZcaLxR/yPv50fbzPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsH/33nn39kK7vbi8e6LRP+tgE0X9Qz79yjTTyhEM4ygTRbLWfjB2sC1n9Mc1QKL7I4KP287rV56IwznWibEk9Z4fJ9vnT/0WdX4J7bv/HdkMBRyWiyt33rp47513v7x0Z+GNxTcW745fvjw/M3/55bmLN5faizOd11GPEjgM238PjHokAAAAAAAAAAAAwKCO4n8a9HQ3PcJDBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI6pq+fTHE+R2ZkLM+X2xvpcu1y66e2SzSSNRlL8MCk+SK6ks2Sqp7miXz/vLc1f+/DjjY+222p2yzf2qjeYtXrJdJKxer3DxP7au96vvYEVW0dYBuxcN3Awav8LAAD//6wlB58=")
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')

[   74.645688][ T5320] Bluetooth: hci0: command tx timeout
[   74.734650][ T5341] loop0: detected capacity change from 0 to 1024
[   74.811280][ T5341] hfsplus: request for non-existent node 211 in B*Tree
[   74.814343][ T5341] hfsplus: request for non-existent node 211 in B*Tree
[   74.827776][ T5342] ==================================================================
[   74.831360][ T5342] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[   74.834470][ T5342] Read of size 8 at addr ffff88801a30b300 by task syz.0.0/5342
[   74.837792][ T5342] 
[   74.838851][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[   74.838866][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.838873][ T5342] Call Trace:
[   74.838881][ T5342]  <TASK>
[   74.838888][ T5342]  dump_stack_lvl+0x189/0x250
[   74.838904][ T5342]  ? __virt_addr_valid+0x1c8/0x5c0
[   74.838919][ T5342]  ? rcu_is_watching+0x15/0xb0
[   74.838932][ T5342]  ? __kasan_check_byte+0x12/0x40
[   74.838945][ T5342]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.838957][ T5342]  ? rcu_is_watching+0x15/0xb0
[   74.838968][ T5342]  ? lock_release+0x4b/0x3e0
[   74.838980][ T5342]  ? __virt_addr_valid+0x1c8/0x5c0
[   74.838993][ T5342]  ? __virt_addr_valid+0x4a5/0x5c0
[   74.839006][ T5342]  print_report+0xca/0x230
[   74.839017][ T5342]  ? hfsplus_bnode_read+0xc0/0x2a0
[   74.839028][ T5342]  kasan_report+0x118/0x150
[   74.839042][ T5342]  ? hfsplus_bnode_read+0xc0/0x2a0
[   74.839054][ T5342]  hfsplus_bnode_read+0xc0/0x2a0
[   74.839066][ T5342]  hfsplus_bnode_dump+0x300/0x450
[   74.839079][ T5342]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   74.839091][ T5342]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   74.839102][ T5342]  ? hfsplus_bnode_move+0x393/0xb90
[   74.839114][ T5342]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   74.839126][ T5342]  hfsplus_brec_remove+0x480/0x550
[   74.839140][ T5342]  __hfsplus_delete_attr+0x1d4/0x360
[   74.839156][ T5342]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   74.839171][ T5342]  ? hfsplus_attr_build_key+0xee/0x260
[   74.839184][ T5342]  hfsplus_delete_attr+0x231/0x2d0
[   74.839198][ T5342]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   74.839212][ T5342]  ? hfsplus_find_init+0x8c/0x1d0
[   74.839231][ T5342]  ? hfsplus_find_init+0x15a/0x1d0
[   74.839244][ T5342]  __hfsplus_setxattr+0x71c/0x1f40
[   74.839258][ T5342]  ? do_raw_spin_lock+0x121/0x290
[   74.839274][ T5342]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   74.839336][ T5342]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.839344][ T5342]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   74.839353][ T5342]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   74.839374][ T5342]  ? __kasan_kmalloc+0x93/0xb0
[   74.839382][ T5342]  ? hfsplus_setxattr+0x102/0x180
[   74.839391][ T5342]  hfsplus_setxattr+0x11e/0x180
[   74.839401][ T5342]  hfsplus_trusted_setxattr+0x40/0x60
[   74.839411][ T5342]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   74.839420][ T5342]  __vfs_removexattr+0x431/0x470
[   74.839431][ T5342]  __vfs_removexattr_locked+0x1ed/0x230
[   74.839441][ T5342]  vfs_removexattr+0x80/0x1b0
[   74.839450][ T5342]  path_removexattrat+0x35d/0x690
[   74.839458][ T5342]  ? __pfx_path_removexattrat+0x10/0x10
[   74.839469][ T5342]  ? rcu_is_watching+0x15/0xb0
[   74.839478][ T5342]  __x64_sys_lremovexattr+0x65/0x80
[   74.839489][ T5342]  do_syscall_64+0xfa/0x3b0
[   74.839498][ T5342]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.839504][ T5342]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.839511][ T5342]  ? clear_bhb_loop+0x60/0xb0
[   74.839519][ T5342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.839526][ T5342] RIP: 0033:0x7fbbd158e9a9
[   74.839534][ T5342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.839540][ T5342] RSP: 002b:00007fbbd248f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   74.839549][ T5342] RAX: ffffffffffffffda RBX: 00007fbbd17b6080 RCX: 00007fbbd158e9a9
[   74.839554][ T5342] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240
[   74.839559][ T5342] RBP: 00007fbbd1610d69 R08: 0000000000000000 R09: 0000000000000000
[   74.839565][ T5342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.839571][ T5342] R13: 0000000000000000 R14: 00007fbbd17b6080 R15: 00007ffea913ade8
[   74.839581][ T5342]  </TASK>
[   74.839585][ T5342] 
[   74.995427][ T5342] The buggy address belongs to the object at ffff88801a30b300
[   74.995427][ T5342]  which belongs to the cache kmalloc-192 of size 192
[   75.001313][ T5342] The buggy address is located 0 bytes inside of
[   75.001313][ T5342]  allocated 192-byte region [ffff88801a30b300, ffff88801a30b3c0)
[   75.007307][ T5342] 
[   75.008439][ T5342] The buggy address belongs to the physical page:
[   75.011262][ T5342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801a30b300 pfn:0x1a30b
[   75.015239][ T5342] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff)
[   75.018075][ T5342] page_type: f5(slab)
[   75.019508][ T5342] raw: 00fff00000000200 ffff88801a4413c0 ffff88801a440288 ffff88801a440288
[   75.022325][ T5342] raw: ffff88801a30b300 0000000000100003 00000000f5000000 0000000000000000
[   75.025281][ T5342] page dumped because: kasan: bad access detected
[   75.027721][ T5342] page_owner tracks the page as allocated
[   75.030400][ T5342] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5341, tgid 5340 (syz.0.0), ts 74787035175, free_ts 72819500638
[   75.038388][ T5342]  post_alloc_hook+0x240/0x2a0
[   75.040490][ T5342]  get_page_from_freelist+0x21e4/0x22c0
[   75.042704][ T5342]  __alloc_pages_slowpath+0x2fe/0xce0
[   75.044675][ T5342]  __alloc_frozen_pages_noprof+0x319/0x370
[   75.047137][ T5342]  allocate_slab+0x65/0x3b0
[   75.049138][ T5342]  ___slab_alloc+0xbfc/0x1480
[   75.051223][ T5342]  __kmalloc_node_noprof+0x2fd/0x4e0
[   75.053535][ T5342]  alloc_slab_obj_exts+0x39/0xa0
[   75.055919][ T5342]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[   75.058918][ T5342]  kmem_cache_alloc_noprof+0x2bf/0x3c0
[   75.061497][ T5342]  alloc_buffer_head+0x2a/0x270
[   75.063693][ T5342]  folio_alloc_buffers+0x32d/0x640
[   75.065908][ T5342]  create_empty_buffers+0x3a/0x530
[   75.068085][ T5342]  block_read_full_folio+0x116/0x830
[   75.070308][ T5342]  filemap_read_folio+0x117/0x380
[   75.072403][ T5342]  do_read_cache_folio+0x350/0x590
[   75.074585][ T5342] page last free pid 54 tgid 54 stack trace:
[   75.077024][ T5342]  __free_frozen_pages+0xc71/0xe70
[   75.079240][ T5342]  rcu_core+0xca5/0x1710
[   75.081093][ T5342]  handle_softirqs+0x286/0x870
[   75.083209][ T5342]  do_softirq+0xec/0x180
[   75.085141][ T5342]  __local_bh_enable_ip+0x17d/0x1c0
[   75.087444][ T5342]  ipv6_get_lladdr+0x2aa/0x3f0
[   75.089301][ T5342]  mld_newpack+0x420/0xc40
[   75.090910][ T5342]  add_grhead+0x5a/0x2a0
[   75.092463][ T5342]  add_grec+0x13b2/0x1670
[   75.094198][ T5342]  mld_ifc_work+0x6e6/0xde0
[   75.096158][ T5342]  process_scheduled_works+0xae1/0x17b0
[   75.098509][ T5342]  worker_thread+0x8a0/0xda0
[   75.100399][ T5342]  kthread+0x70e/0x8a0
[   75.102066][ T5342]  ret_from_fork+0x3fc/0x770
[   75.103849][ T5342]  ret_from_fork_asm+0x1a/0x30
[   75.105818][ T5342] 
[   75.106877][ T5342] Memory state around the buggy address:
[   75.109404][ T5342]  ffff88801a30b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   75.113133][ T5342]  ffff88801a30b280: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.116700][ T5342] >ffff88801a30b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.120134][ T5342]                    ^
[   75.121934][ T5342]  ffff88801a30b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.125539][ T5342]  ffff88801a30b400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.128974][ T5342] ==================================================================
[   75.181508][ T5342] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   75.185398][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[   75.190269][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.195039][ T5342] Call Trace:
[   75.196508][ T5342]  <TASK>
[   75.197876][ T5342]  dump_stack_lvl+0x99/0x250
[   75.200150][ T5342]  ? __asan_memcpy+0x40/0x70
[   75.202277][ T5342]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.204780][ T5342]  ? __pfx__printk+0x10/0x10
[   75.207146][ T5342]  panic+0x2db/0x790
[   75.209106][ T5342]  ? __pfx_preempt_schedule+0x10/0x10
[   75.211813][ T5342]  ? __pfx_panic+0x10/0x10
[   75.214024][ T5342]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   75.216610][ T5342]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.220097][ T5342]  ? hfsplus_bnode_read+0xc0/0x2a0
[   75.222671][ T5342]  check_panic_on_warn+0x89/0xb0
[   75.225094][ T5342]  ? hfsplus_bnode_read+0xc0/0x2a0
[   75.227775][ T5342]  end_report+0x78/0x160
[   75.230134][ T5342]  kasan_report+0x129/0x150
[   75.232641][ T5342]  ? hfsplus_bnode_read+0xc0/0x2a0
[   75.235100][ T5342]  hfsplus_bnode_read+0xc0/0x2a0
[   75.237327][ T5342]  hfsplus_bnode_dump+0x300/0x450
[   75.239803][ T5342]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   75.242531][ T5342]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   75.245025][ T5342]  ? hfsplus_bnode_move+0x393/0xb90
[   75.247239][ T5342]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   75.249568][ T5342]  hfsplus_brec_remove+0x480/0x550
[   75.251772][ T5342]  __hfsplus_delete_attr+0x1d4/0x360
[   75.254004][ T5342]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   75.256456][ T5342]  ? hfsplus_attr_build_key+0xee/0x260
[   75.258749][ T5342]  hfsplus_delete_attr+0x231/0x2d0
[   75.260884][ T5342]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   75.263552][ T5342]  ? hfsplus_find_init+0x8c/0x1d0
[   75.265926][ T5342]  ? hfsplus_find_init+0x15a/0x1d0
[   75.268244][ T5342]  __hfsplus_setxattr+0x71c/0x1f40
[   75.270700][ T5342]  ? do_raw_spin_lock+0x121/0x290
[   75.273035][ T5342]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.276282][ T5342]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.278760][ T5342]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   75.281171][ T5342]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.283724][ T5342]  ? __kasan_kmalloc+0x93/0xb0
[   75.285725][ T5342]  ? hfsplus_setxattr+0x102/0x180
[   75.287818][ T5342]  hfsplus_setxattr+0x11e/0x180
[   75.290084][ T5342]  hfsplus_trusted_setxattr+0x40/0x60
[   75.292511][ T5342]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   75.295760][ T5342]  __vfs_removexattr+0x431/0x470
[   75.298217][ T5342]  __vfs_removexattr_locked+0x1ed/0x230
[   75.300726][ T5342]  vfs_removexattr+0x80/0x1b0
[   75.302850][ T5342]  path_removexattrat+0x35d/0x690
[   75.305466][ T5342]  ? __pfx_path_removexattrat+0x10/0x10
[   75.308203][ T5342]  ? rcu_is_watching+0x15/0xb0
[   75.310888][ T5342]  __x64_sys_lremovexattr+0x65/0x80
[   75.313354][ T5342]  do_syscall_64+0xfa/0x3b0
[   75.315412][ T5342]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.317526][ T5342]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.320243][ T5342]  ? clear_bhb_loop+0x60/0xb0
[   75.322145][ T5342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.325026][ T5342] RIP: 0033:0x7fbbd158e9a9
[   75.327411][ T5342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.336744][ T5342] RSP: 002b:00007fbbd248f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   75.340758][ T5342] RAX: ffffffffffffffda RBX: 00007fbbd17b6080 RCX: 00007fbbd158e9a9
[   75.344355][ T5342] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240
[   75.348077][ T5342] RBP: 00007fbbd1610d69 R08: 0000000000000000 R09: 0000000000000000
[   75.351973][ T5342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.355542][ T5342] R13: 0000000000000000 R14: 00007fbbd17b6080 R15: 00007ffea913ade8
[   75.359259][ T5342]  </TASK>
[   75.361221][ T5342] Kernel Offset: disabled
[   75.363119][ T5342] Rebooting in 86400 seconds..