program:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file2\x00', &(0x7f0000000200), 0x1, &(0x7f0000000480)=ANY=[@ANYBLOB='grpquotaimit=kt,\x00'])
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") (async)
r0 = syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
r1 = inotify_init1(0x0)
fcntl$setlease(r0, 0x400, 0x1) (async)
fcntl$setlease(r0, 0x400, 0x1)
inotify_add_watch(r1, &(0x7f0000000140)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
socket$netlink(0x10, 0x3, 0x0) (async)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'netdevsim0\x00'})
ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[   68.535877][ T4684] Bluetooth: hci0: command tx timeout
[   68.549929][ T5336] tmpfs: Unknown parameter 'grpquotaimit'
[   68.589242][ T5337] loop0: detected capacity change from 0 to 1024
[   68.660707][ T5337] hfsplus: request for non-existent node 134217728 in B*Tree
[   68.664082][ T5337] hfsplus: request for non-existent node 134217728 in B*Tree
[   68.682267][ T5336] ==================================================================
[   68.686020][ T5336] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc0/0x2a0
[   68.689543][ T5336] Read of size 8 at addr ffff8880358b43e0 by task syz.0.0/5336
[   68.693045][ T5336] 
[   68.694146][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[   68.694160][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.694167][ T5336] Call Trace:
[   68.694175][ T5336]  <TASK>
[   68.694182][ T5336]  dump_stack_lvl+0x189/0x250
[   68.694199][ T5336]  ? __virt_addr_valid+0x1c8/0x5c0
[   68.694213][ T5336]  ? rcu_is_watching+0x15/0xb0
[   68.694225][ T5336]  ? __kasan_check_byte+0x12/0x40
[   68.694238][ T5336]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.694250][ T5336]  ? rcu_is_watching+0x15/0xb0
[   68.694261][ T5336]  ? lock_release+0x4b/0x3e0
[   68.694273][ T5336]  ? __virt_addr_valid+0x1c8/0x5c0
[   68.694286][ T5336]  ? __virt_addr_valid+0x4a5/0x5c0
[   68.694300][ T5336]  print_report+0xca/0x230
[   68.694310][ T5336]  ? hfsplus_bnode_read+0xc0/0x2a0
[   68.694321][ T5336]  kasan_report+0x118/0x150
[   68.694334][ T5336]  ? hfsplus_bnode_read+0xc0/0x2a0
[   68.694346][ T5336]  hfsplus_bnode_read+0xc0/0x2a0
[   68.694358][ T5336]  hfsplus_bnode_dump+0x300/0x450
[   68.694371][ T5336]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   68.694382][ T5336]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   68.694393][ T5336]  ? hfsplus_bnode_move+0x393/0xb90
[   68.694429][ T5336]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   68.694442][ T5336]  hfsplus_brec_remove+0x480/0x550
[   68.694458][ T5336]  __hfsplus_delete_attr+0x1d4/0x360
[   68.694472][ T5336]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   68.694487][ T5336]  ? hfsplus_attr_build_key+0xee/0x260
[   68.694500][ T5336]  hfsplus_delete_attr+0x231/0x2d0
[   68.694514][ T5336]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   68.694528][ T5336]  ? hfsplus_find_init+0x8c/0x1d0
[   68.694540][ T5336]  ? hfsplus_find_init+0x15a/0x1d0
[   68.694552][ T5336]  __hfsplus_setxattr+0x71c/0x1f40
[   68.694567][ T5336]  ? is_bpf_text_address+0x26/0x2b0
[   68.694580][ T5336]  ? kernel_text_address+0xa5/0xe0
[   68.694590][ T5336]  ? __kernel_text_address+0xd/0x40
[   68.694599][ T5336]  ? unwind_get_return_address+0x4d/0x90
[   68.694611][ T5336]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   68.694626][ T5336]  ? arch_stack_walk+0xfc/0x150
[   68.694639][ T5336]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   68.694654][ T5336]  ? stack_trace_save+0x9c/0xe0
[   68.694683][ T5336]  ? __kasan_kmalloc+0x93/0xb0
[   68.694695][ T5336]  ? hfsplus_setxattr+0x102/0x180
[   68.694710][ T5336]  hfsplus_setxattr+0x11e/0x180
[   68.694724][ T5336]  hfsplus_user_setxattr+0x40/0x60
[   68.694738][ T5336]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   68.694752][ T5336]  __vfs_removexattr+0x42e/0x470
[   68.694770][ T5336]  __vfs_removexattr_locked+0x1ed/0x230
[   68.694784][ T5336]  vfs_removexattr+0x80/0x1b0
[   68.694799][ T5336]  path_removexattrat+0x35d/0x690
[   68.694811][ T5336]  ? __pfx_path_removexattrat+0x10/0x10
[   68.694829][ T5336]  ? rcu_is_watching+0x15/0xb0
[   68.694843][ T5336]  __x64_sys_removexattr+0x62/0x70
[   68.694859][ T5336]  do_syscall_64+0xfa/0x3b0
[   68.696855][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.696866][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.696877][ T5336]  ? clear_bhb_loop+0x60/0xb0
[   68.696889][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.696900][ T5336] RIP: 0033:0x7fcd05f8e9a9
[   68.696912][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.696927][ T5336] RSP: 002b:00007fcd06e53038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   68.696939][ T5336] RAX: ffffffffffffffda RBX: 00007fcd061b5fa0 RCX: 00007fcd05f8e9a9
[   68.696947][ T5336] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[   68.696954][ T5336] RBP: 00007fcd06010d69 R08: 0000000000000000 R09: 0000000000000000
[   68.696961][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.696967][ T5336] R13: 0000000000000000 R14: 00007fcd061b5fa0 R15: 00007ffd1f8e8498
[   68.696976][ T5336]  </TASK>
[   68.696980][ T5336] 
[   68.863237][ T5336] Allocated by task 5336:
[   68.865057][ T5336]  kasan_save_track+0x3e/0x80
[   68.867168][ T5336]  __kasan_kmalloc+0x93/0xb0
[   68.869199][ T5336]  __kmalloc_noprof+0x27a/0x4f0
[   68.871309][ T5336]  __hfs_bnode_create+0xf3/0x810
[   68.873389][ T5336]  hfsplus_bnode_find+0x224/0xd20
[   68.875687][ T5336]  hfsplus_brec_find+0x15c/0x500
[   68.877770][ T5336]  hfsplus_attr_exists+0x163/0x1d0
[   68.880067][ T5336]  __hfsplus_setxattr+0x33e/0x1f40
[   68.882254][ T5336]  hfsplus_setxattr+0x11e/0x180
[   68.884302][ T5336]  hfsplus_user_setxattr+0x40/0x60
[   68.886545][ T5336]  __vfs_setxattr+0x43c/0x480
[   68.888695][ T5336]  __vfs_setxattr_noperm+0x12d/0x660
[   68.890983][ T5336]  vfs_setxattr+0x16b/0x2f0
[   68.892960][ T5336]  filename_setxattr+0x274/0x600
[   68.895144][ T5336]  path_setxattrat+0x364/0x3a0
[   68.897290][ T5336]  __x64_sys_setxattr+0xbc/0xe0
[   68.899442][ T5336]  do_syscall_64+0xfa/0x3b0
[   68.901374][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.903841][ T5336] 
[   68.904849][ T5336] The buggy address belongs to the object at ffff8880358b4300
[   68.904849][ T5336]  which belongs to the cache kmalloc-192 of size 192
[   68.910893][ T5336] The buggy address is located 72 bytes to the right of
[   68.910893][ T5336]  allocated 152-byte region [ffff8880358b4300, ffff8880358b4398)
[   68.916934][ T5336] 
[   68.918047][ T5336] The buggy address belongs to the physical page:
[   68.920769][ T5336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x358b4
[   68.924448][ T5336] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   68.927673][ T5336] page_type: f5(slab)
[   68.929504][ T5336] raw: 04fff00000000000 ffff88801a4413c0 ffffea0000cbee00 dead000000000002
[   68.933111][ T5336] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   68.937079][ T5336] page dumped because: kasan: bad access detected
[   68.939757][ T5336] page_owner tracks the page as allocated
[   68.942240][ T5336] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 10910015268, free_ts 0
[   68.950415][ T5336]  post_alloc_hook+0x240/0x2a0
[   68.952672][ T5336]  get_page_from_freelist+0x21e4/0x22c0
[   68.955239][ T5336]  __alloc_frozen_pages_noprof+0x181/0x370
[   68.957774][ T5336]  alloc_pages_mpol+0x232/0x4a0
[   68.959982][ T5336]  allocate_slab+0x8a/0x3b0
[   68.962023][ T5336]  ___slab_alloc+0xbfc/0x1480
[   68.964091][ T5336]  __kmalloc_cache_noprof+0x296/0x3d0
[   68.966490][ T5336]  call_usermodehelper_setup+0x8e/0x270
[   68.969102][ T5336]  kobject_uevent_env+0x65c/0x8c0
[   68.971478][ T5336]  kset_register+0x1aa/0x210
[   68.973526][ T5336]  class_register+0x22c/0x380
[   68.975534][ T5336]  nvme_core_init+0x148/0x1e0
[   68.977719][ T5336]  do_one_initcall+0x233/0x820
[   68.979879][ T5336]  do_initcall_level+0x137/0x1f0
[   68.981984][ T5336]  do_initcalls+0x69/0xd0
[   68.983941][ T5336]  kernel_init_freeable+0x3d9/0x570
[   68.986301][ T5336] page_owner free stack trace missing
[   68.988833][ T5336] 
[   68.990002][ T5336] Memory state around the buggy address:
[   68.992535][ T5336]  ffff8880358b4280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   68.995928][ T5336]  ffff8880358b4300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   68.999457][ T5336] >ffff8880358b4380: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   69.002917][ T5336]                                                        ^
[   69.006038][ T5336]  ffff8880358b4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   69.010120][ T5336]  ffff8880358b4480: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   69.013758][ T5336] ==================================================================
[   69.047702][ T5337] bridge0: port 3(netdevsim0) entered blocking state
[   69.051172][ T5337] bridge0: port 3(netdevsim0) entered disabled state
[   69.057167][ T5337] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[   69.063044][ T5337] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[   69.069349][ T5337] bridge0: port 3(netdevsim0) entered blocking state
[   69.072459][ T5337] bridge0: port 3(netdevsim0) entered forwarding state
[   69.078187][ T5336] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.081507][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) 
[   69.087328][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.092186][ T5336] Call Trace:
[   69.093717][ T5336]  <TASK>
[   69.095080][ T5336]  dump_stack_lvl+0x99/0x250
[   69.097607][ T5336]  ? __asan_memcpy+0x40/0x70
[   69.099687][ T5336]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.101792][ T5336]  ? __pfx__printk+0x10/0x10
[   69.104395][ T5336]  panic+0x2db/0x790
[   69.106584][ T5336]  ? __pfx_preempt_schedule+0x10/0x10
[   69.109576][ T5336]  ? __pfx_panic+0x10/0x10
[   69.111988][ T5336]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   69.115023][ T5336]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.118356][ T5336]  ? hfsplus_bnode_read+0xc0/0x2a0
[   69.120766][ T5336]  check_panic_on_warn+0x89/0xb0
[   69.123670][ T5336]  ? hfsplus_bnode_read+0xc0/0x2a0
[   69.126062][ T5336]  end_report+0x78/0x160
[   69.128023][ T5336]  kasan_report+0x129/0x150
[   69.130053][ T5336]  ? hfsplus_bnode_read+0xc0/0x2a0
[   69.132357][ T5336]  hfsplus_bnode_read+0xc0/0x2a0
[   69.134599][ T5336]  hfsplus_bnode_dump+0x300/0x450
[   69.136788][ T5336]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   69.139229][ T5336]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   69.141665][ T5336]  ? hfsplus_bnode_move+0x393/0xb90
[   69.144196][ T5336]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   69.146626][ T5336]  hfsplus_brec_remove+0x480/0x550
[   69.148861][ T5336]  __hfsplus_delete_attr+0x1d4/0x360
[   69.151237][ T5336]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   69.153774][ T5336]  ? hfsplus_attr_build_key+0xee/0x260
[   69.156242][ T5336]  hfsplus_delete_attr+0x231/0x2d0
[   69.158601][ T5336]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   69.161140][ T5336]  ? hfsplus_find_init+0x8c/0x1d0
[   69.163309][ T5336]  ? hfsplus_find_init+0x15a/0x1d0
[   69.165549][ T5336]  __hfsplus_setxattr+0x71c/0x1f40
[   69.167956][ T5336]  ? is_bpf_text_address+0x26/0x2b0
[   69.170646][ T5336]  ? kernel_text_address+0xa5/0xe0
[   69.173094][ T5336]  ? __kernel_text_address+0xd/0x40
[   69.175485][ T5336]  ? unwind_get_return_address+0x4d/0x90
[   69.178100][ T5336]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   69.180892][ T5336]  ? arch_stack_walk+0xfc/0x150
[   69.183105][ T5336]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   69.185624][ T5336]  ? stack_trace_save+0x9c/0xe0
[   69.187858][ T5336]  ? __kasan_kmalloc+0x93/0xb0
[   69.189971][ T5336]  ? hfsplus_setxattr+0x102/0x180
[   69.192161][ T5336]  hfsplus_setxattr+0x11e/0x180
[   69.194171][ T5336]  hfsplus_user_setxattr+0x40/0x60
[   69.196399][ T5336]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   69.198975][ T5336]  __vfs_removexattr+0x42e/0x470
[   69.201181][ T5336]  __vfs_removexattr_locked+0x1ed/0x230
[   69.203626][ T5336]  vfs_removexattr+0x80/0x1b0
[   69.205586][ T5336]  path_removexattrat+0x35d/0x690
[   69.207867][ T5336]  ? __pfx_path_removexattrat+0x10/0x10
[   69.210200][ T5336]  ? rcu_is_watching+0x15/0xb0
[   69.212401][ T5336]  __x64_sys_removexattr+0x62/0x70
[   69.214732][ T5336]  do_syscall_64+0xfa/0x3b0
[   69.216770][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.219073][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.221868][ T5336]  ? clear_bhb_loop+0x60/0xb0
[   69.223913][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.226519][ T5336] RIP: 0033:0x7fcd05f8e9a9
[   69.228506][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.236722][ T5336] RSP: 002b:00007fcd06e53038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   69.240468][ T5336] RAX: ffffffffffffffda RBX: 00007fcd061b5fa0 RCX: 00007fcd05f8e9a9
[   69.243739][ T5336] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[   69.247349][ T5336] RBP: 00007fcd06010d69 R08: 0000000000000000 R09: 0000000000000000
[   69.251551][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.254909][ T5336] R13: 0000000000000000 R14: 00007fcd061b5fa0 R15: 00007ffd1f8e8498
[   69.258272][ T5336]  </TASK>
[   69.259943][ T5336] Kernel Offset: disabled
[   69.261748][ T5336] Rebooting in 86400 seconds..