loop0: detected capacity change from 0 to 1024
==================================================================
BUG: KASAN: out-of-bounds in hfsplus_bnode_move+0x664/0x9e0 fs/hfsplus/bnode.c:228
Read of size 18446744073709551602 at addr ffff80100000104e by task syz-executor.0/6740

CPU: 1 UID: 0 PID: 6740 Comm: syz-executor.0 Not tainted 6.12.0-rc1-syzkaller-00005-g3eddb108abe3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:319
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:326
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x198/0x538 mm/kasan/report.c:488
 kasan_report+0xd8/0x138 mm/kasan/report.c:601
 kasan_check_range+0x268/0x2a8 mm/kasan/generic.c:189
 __asan_memmove+0x3c/0x84 mm/kasan/shadow.c:94
 hfsplus_bnode_move+0x664/0x9e0 fs/hfsplus/bnode.c:228
 hfsplus_brec_insert+0x47c/0xaa0 fs/hfsplus/brec.c:128
 hfsplus_create_attr+0x3b0/0x568 fs/hfsplus/attributes.c:252
 __hfsplus_setxattr+0x978/0x1cf4 fs/hfsplus/xattr.c:354
 hfsplus_initxattrs+0x150/0x20c fs/hfsplus/xattr_security.c:59
 security_inode_init_security+0x73c/0x908 security/security.c:1846
 hfsplus_init_security+0x40/0x54 fs/hfsplus/xattr_security.c:71
 hfsplus_fill_super+0x1010/0x166c fs/hfsplus/super.c:573
 mount_bdev+0x1d4/0x2a0 fs/super.c:1679
 hfsplus_mount+0x44/0x58 fs/hfsplus/super.c:647
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:662
 vfs_get_tree+0x90/0x28c fs/super.c:1800
 do_new_mount+0x278/0x900 fs/namespace.c:3507
 path_mount+0x590/0xe04 fs/namespace.c:3834
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4055 [inline]
 __se_sys_mount fs/namespace.c:4032 [inline]
 __arm64_sys_mount+0x45c/0x5a8 fs/namespace.c:4032
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

Memory state around the buggy address:
Unable to handle kernel paging request at virtual address ffff7002000001e0
KASAN: probably wild-memory-access in range [0xffff801000000f00-0xffff801000000f07]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001a5ae6000
[ffff7002000001e0] pgd=0000000000000000, p4d=000000023e887003, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 UID: 0 PID: 6740 Comm: syz-executor.0 Not tainted 6.12.0-rc1-syzkaller-00005-g3eddb108abe3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __memcpy+0x24/0x250 arch/arm64/lib/memcpy.S:71
lr : kasan_metadata_fetch_row+0x20/0x2c mm/kasan/report_generic.c:186
sp : ffff8000a34c6a30
x29: ffff8000a34c6a30 x28: 00000000fffffff2 x27: ffff80008ed8f1a2
x26: ffff80008ed8f1a9 x25: 0000000000000100 x24: ffff801000000f80
x23: 000000000000004e x22: ffff80100000104e x21: ffff801000000f00
x20: ffff80008ed8f1b0 x19: ffff80008ed8b85d x18: 0000000000000008
x17: 0000000000000000 x16: ffff80008b3bd070 x15: 0000000000000001
x14: 0000000000000001 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700014698d4e x10: 0000000000ff0100 x9 : 92e4cea6232b3e00
x8 : dfff800000000000 x7 : 0000000000000000 x6 : 000000000000003a
x5 : ffff8000a34c6a58 x4 : ffff7002000001f0 x3 : ffff80008b4306d0
x2 : 0000000000000010 x1 : ffff7002000001e0 x0 : ffff8000a34c6a48
Call trace:
 __memcpy+0x24/0x250 arch/arm64/lib/memcpy.S:70
 print_memory_metadata mm/kasan/report.c:464 [inline]
 print_report+0x4dc/0x538 mm/kasan/report.c:489
 kasan_report+0xd8/0x138 mm/kasan/report.c:601
 kasan_check_range+0x268/0x2a8 mm/kasan/generic.c:189
 __asan_memmove+0x3c/0x84 mm/kasan/shadow.c:94
 hfsplus_bnode_move+0x664/0x9e0 fs/hfsplus/bnode.c:228
 hfsplus_brec_insert+0x47c/0xaa0 fs/hfsplus/brec.c:128
 hfsplus_create_attr+0x3b0/0x568 fs/hfsplus/attributes.c:252
 __hfsplus_setxattr+0x978/0x1cf4 fs/hfsplus/xattr.c:354
 hfsplus_initxattrs+0x150/0x20c fs/hfsplus/xattr_security.c:59
 security_inode_init_security+0x73c/0x908 security/security.c:1846
 hfsplus_init_security+0x40/0x54 fs/hfsplus/xattr_security.c:71
 hfsplus_fill_super+0x1010/0x166c fs/hfsplus/super.c:573
 mount_bdev+0x1d4/0x2a0 fs/super.c:1679
 hfsplus_mount+0x44/0x58 fs/hfsplus/super.c:647
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:662
 vfs_get_tree+0x90/0x28c fs/super.c:1800
 do_new_mount+0x278/0x900 fs/namespace.c:3507
 path_mount+0x590/0xe04 fs/namespace.c:3834
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4055 [inline]
 __se_sys_mount fs/namespace.c:4032 [inline]
 __arm64_sys_mount+0x45c/0x5a8 fs/namespace.c:4032
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
Code: f100805f 540003c8 f100405f 540000c3 (a9401c26) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	f100805f 	cmp	x2, #0x20
   4:	540003c8 	b.hi	0x7c  // b.pmore
   8:	f100405f 	cmp	x2, #0x10
   c:	540000c3 	b.cc	0x24  // b.lo, b.ul, b.last
* 10:	a9401c26 	ldp	x6, x7, [x1] <-- trapping instruction