loop0: detected capacity change from 0 to 1024
==================================================================
BUG: KASAN: out-of-bounds in hfsplus_bnode_move+0x664/0x9e0 fs/hfsplus/bnode.c:228
Read of size 18446744073709551602 at addr ffff80100000104e by task syz-executor.0/6680

CPU: 0 PID: 6680 Comm: syz-executor.0 Tainted: G    B              6.8.0-rc5-syzkaller-00058-g83d49ede4b18 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x178/0x518 mm/kasan/report.c:488
 kasan_report+0xd8/0x138 mm/kasan/report.c:601
 kasan_check_range+0x254/0x294 mm/kasan/generic.c:189
 __asan_memmove+0x3c/0x84 mm/kasan/shadow.c:94
 hfsplus_bnode_move+0x664/0x9e0 fs/hfsplus/bnode.c:228
 hfsplus_brec_insert+0x47c/0xaa0 fs/hfsplus/brec.c:128
 hfsplus_create_attr+0x3b0/0x568 fs/hfsplus/attributes.c:252
 __hfsplus_setxattr+0x980/0x1d00 fs/hfsplus/xattr.c:354
 hfsplus_initxattrs+0x150/0x20c fs/hfsplus/xattr_security.c:59
 security_inode_init_security+0x264/0x428 security/security.c:1753
 hfsplus_init_security+0x40/0x54 fs/hfsplus/xattr_security.c:71
 hfsplus_fill_super+0x1010/0x166c fs/hfsplus/super.c:567
 mount_bdev+0x1d4/0x2a0 fs/super.c:1663
 hfsplus_mount+0x44/0x58 fs/hfsplus/super.c:641
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:662
 vfs_get_tree+0x90/0x288 fs/super.c:1784
 do_new_mount+0x278/0x900 fs/namespace.c:3352
 path_mount+0x590/0xe04 fs/namespace.c:3679
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount fs/namespace.c:3875 [inline]
 __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3875
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

Memory state around the buggy address:
Unable to handle kernel paging request at virtual address ffff7002000001e0
KASAN: probably wild-memory-access in range [0xffff801000000f00-0xffff801000000f07]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001adbc3000
[ffff7002000001e0] pgd=000000023ea61003, p4d=000000023ea61003, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6680 Comm: syz-executor.0 Tainted: G    B              6.8.0-rc5-syzkaller-00058-g83d49ede4b18 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __memcpy+0x24/0x240 arch/arm64/lib/memcpy.S:71
lr : kasan_metadata_fetch_row+0x20/0x2c mm/kasan/report_generic.c:186
sp : ffff800097986a50
x29: ffff800097986a50 x28: 00000000fffffff2 x27: ffff80008e2ddd68
x26: ffff80008e2ddd6f x25: 0000000000000100 x24: ffff801000000f80
x23: 000000000000004e x22: ffff80100000104e x21: ffff801000000f00
x20: ffff80008e2ddd76 x19: ffff80008e2dab04 x18: ffff0000db132018
x17: 0000000000000000 x16: ffff80008ac98380 x15: 0000000000000001
x14: 0000000000000001 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012f30d52 x10: 0000000000ff0100 x9 : e479150c5f91e600
x8 : dfff800000000000 x7 : 0000000000000000 x6 : 000000000000003a
x5 : ffff800097986a78 x4 : ffff7002000001f0 x3 : ffff80008ad08e0c
x2 : 0000000000000010 x1 : ffff7002000001e0 x0 : ffff800097986a68
Call trace:
 __memcpy+0x24/0x240 arch/arm64/lib/memcpy.S:70
 print_memory_metadata mm/kasan/report.c:464 [inline]
 print_report+0x4bc/0x518 mm/kasan/report.c:489
 kasan_report+0xd8/0x138 mm/kasan/report.c:601
 kasan_check_range+0x254/0x294 mm/kasan/generic.c:189
 __asan_memmove+0x3c/0x84 mm/kasan/shadow.c:94
 hfsplus_bnode_move+0x664/0x9e0 fs/hfsplus/bnode.c:228
 hfsplus_brec_insert+0x47c/0xaa0 fs/hfsplus/brec.c:128
 hfsplus_create_attr+0x3b0/0x568 fs/hfsplus/attributes.c:252
 __hfsplus_setxattr+0x980/0x1d00 fs/hfsplus/xattr.c:354
 hfsplus_initxattrs+0x150/0x20c fs/hfsplus/xattr_security.c:59
 security_inode_init_security+0x264/0x428 security/security.c:1753
 hfsplus_init_security+0x40/0x54 fs/hfsplus/xattr_security.c:71
 hfsplus_fill_super+0x1010/0x166c fs/hfsplus/super.c:567
 mount_bdev+0x1d4/0x2a0 fs/super.c:1663
 hfsplus_mount+0x44/0x58 fs/hfsplus/super.c:641
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:662
 vfs_get_tree+0x90/0x288 fs/super.c:1784
 do_new_mount+0x278/0x900 fs/namespace.c:3352
 path_mount+0x590/0xe04 fs/namespace.c:3679
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount fs/namespace.c:3875 [inline]
 __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3875
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
Code: f100805f 540003c8 f100405f 540000c3 (a9401c26) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	f100805f 	cmp	x2, #0x20
   4:	540003c8 	b.hi	0x7c  // b.pmore
   8:	f100405f 	cmp	x2, #0x10
   c:	540000c3 	b.cc	0x24  // b.lo, b.ul, b.last
* 10:	a9401c26 	ldp	x6, x7, [x1] <-- trapping instruction