program:
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r0, 0x891e, &(0x7f0000000140)={'bridge0\x00', @ifru_ivalue=0x4})
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file1\x00', &(0x7f0000000100), &(0x7f0000000440)=ANY=[@ANYBLOB="00fb8003ff11fd3e55556062177e1a521408fe18d313912bdaaa17beb5bdfa788ac9943470f6e7de6cab56ee7d8ce9ebf704cb592ec182f48f6e1b0307fb8a7c814ddb860bcd3090dd989c380b4b4bc4761175990f09982c679ddae76273820ff7b38ccdcf728e742400585ad095bdf4e0f4183f7d0ed76dbb0105d5d30761e11ee6634c96b27647072b47fed27a06ba37b659cdf5bb4afab9d7dffb15a5745bfed56ef027902a9acad3f8ccba7e7007378fa70915405e72106b1f7b7859296af2ae1d63c84dff3f9af48e4320970f5ddf9896b630479694984cc042fc55df48ee2c72a07b1e8a9b08dd9d7ce89df915b238fccf516b476b816c92635b909b0f21b61d786c69b1d80675496b286c3db185e06caa0def10047631a40868314d31378e8890449dcde91d8ce462ee0505eecf3a9e3b642ed71428c7ad6a43dd09dcbb910875538e7bfd6beea14b31863177117d90d4d1cd036272d5dc2aff6fdb98d84aa315c81c8fdf8c99838eb4580f90ed171a86d98eff8bc1681c22087048c7ed2f6c75966605285e2f149f18e413eef0e863fc806a7c3a978fa482d8209160561eb919fa18d392de6c46fbde5fb4789f26fbd1fed3ef96a81ea605fac6acd39fa9003a9d1104d88b9ea5eb14aed7f15f5efa20b0ec43210ea66b19eddba16c8e58886b2d6c783b27067e351cb75d35e55ecb75f3cc4af143c6bd4a986ea90a3c05a70b57b7c0fd88b6c12a04c246da0e367ae347a05924e22e3479a829abaf39b3e8ab440867fc942a475e80d22503802d196310360046f01ffd519109bcd2b2269bb76fabac66e59e536c0bc908c0f228bb9184c9640231136636faf5ac2b45d5e3ca41b8c7363f417d8a2dace149bce90edaa371b7742ea6730dcc8a65a1e31b0efff6739fd5c879f7eed59327dd2a0bd4e4d5c6c127fbae1daf5ecca361251c43a65e55964190938ad53c647d48747fbfda907478f37590f6d7c2ab91d227334a4d55a53d94f396d822e7267e"], 0xd3, 0x0)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')

[   84.467573][   T49] Bluetooth: hci0: command tx timeout
[   84.524974][ T5326] loop0: detected capacity change from 0 to 1024
[   84.576438][ T5326] hfsplus: request for non-existent node 211 in B*Tree
[   84.578924][ T5326] hfsplus: request for non-existent node 211 in B*Tree
[   84.581958][ T5326] ==================================================================
[   84.584770][ T5326] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   84.587625][ T5326] Read of size 2 at addr 000508800000103e by task syz.0.0/5326
[   84.590181][ T5326] 
[   84.591025][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07267-g405057718a1f #0
[   84.591039][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.591046][ T5326] Call Trace:
[   84.591053][ T5326]  <TASK>
[   84.591058][ T5326]  dump_stack_lvl+0x241/0x360
[   84.591074][ T5326]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.591086][ T5326]  ? __pfx__printk+0x10/0x10
[   84.591103][ T5326]  ? _printk+0xd5/0x120
[   84.591118][ T5326]  print_report+0xe8/0x550
[   84.591133][ T5326]  ? __virt_addr_valid+0x58/0x530
[   84.591149][ T5326]  ? hfsplus_bnode_dump+0x403/0xbb0
[   84.591162][ T5326]  kasan_report+0x143/0x180
[   84.591176][ T5326]  ? hfsplus_bnode_dump+0x403/0xbb0
[   84.591190][ T5326]  ? hfsplus_bnode_dump+0x403/0xbb0
[   84.591204][ T5326]  kasan_check_range+0x282/0x290
[   84.591232][ T5326]  ? hfsplus_bnode_dump+0x403/0xbb0
[   84.591246][ T5326]  __asan_memcpy+0x29/0x70
[   84.591259][ T5326]  hfsplus_bnode_dump+0x403/0xbb0
[   84.591275][ T5326]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   84.591288][ T5326]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   84.591302][ T5326]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   84.591317][ T5326]  ? rcu_is_watching+0x15/0xb0
[   84.591326][ T5326]  ? hfsplus_bnode_move+0x2da/0x910
[   84.591340][ T5326]  ? __mark_inode_dirty+0x3db/0xe90
[   84.591352][ T5326]  hfsplus_brec_remove+0x42c/0x4f0
[   84.591369][ T5326]  __hfsplus_delete_attr+0x275/0x450
[   84.591380][ T5326]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   84.591392][ T5326]  ? hfsplus_find_init+0x85/0x1c0
[   84.591414][ T5326]  hfsplus_delete_attr+0x353/0x4b0
[   84.591425][ T5326]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   84.591436][ T5326]  ? hfsplus_find_init+0x85/0x1c0
[   84.591451][ T5326]  ? hfsplus_find_init+0x14a/0x1c0
[   84.591465][ T5326]  __hfsplus_setxattr+0x801/0x22d0
[   84.591477][ T5326]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   84.591492][ T5326]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   84.591539][ T5326]  ? lockdep_hardirqs_on+0x99/0x150
[   84.591551][ T5326]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   84.591562][ T5326]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   84.591576][ T5326]  ? stack_depot_save_flags+0x7b4/0x940
[   84.591601][ T5326]  ? __kasan_kmalloc+0x98/0xb0
[   84.591618][ T5326]  ? __kmalloc_cache_noprof+0x243/0x390
[   84.591629][ T5326]  ? hfsplus_setxattr+0x68/0xe0
[   84.591641][ T5326]  hfsplus_setxattr+0xb0/0xe0
[   84.591653][ T5326]  hfsplus_trusted_setxattr+0x40/0x60
[   84.591664][ T5326]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   84.591676][ T5326]  __vfs_removexattr+0x42a/0x460
[   84.591696][ T5326]  __vfs_removexattr_locked+0x206/0x450
[   84.591711][ T5326]  vfs_removexattr+0x103/0x2b0
[   84.591725][ T5326]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   84.591737][ T5326]  ? __pfx_vfs_removexattr+0x10/0x10
[   84.591753][ T5326]  path_removexattrat+0x32e/0x670
[   84.591766][ T5326]  ? __pfx_path_removexattrat+0x10/0x10
[   84.591777][ T5326]  ? do_futex+0x392/0x560
[   84.591793][ T5326]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   84.591807][ T5326]  ? do_syscall_64+0x100/0x230
[   84.591820][ T5326]  __x64_sys_lremovexattr+0x65/0x80
[   84.591830][ T5326]  do_syscall_64+0xf3/0x230
[   84.591842][ T5326]  ? clear_bhb_loop+0x35/0x90
[   84.591857][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.591870][ T5326] RIP: 0033:0x7fcd45d8cd29
[   84.591880][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.591891][ T5326] RSP: 002b:00007fcd46c63038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   84.591904][ T5326] RAX: ffffffffffffffda RBX: 00007fcd45fa5fa0 RCX: 00007fcd45d8cd29
[   84.591912][ T5326] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000240
[   84.591920][ T5326] RBP: 00007fcd45e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   84.591928][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.591935][ T5326] R13: 0000000000000000 R14: 00007fcd45fa5fa0 R15: 00007ffc1d033898
[   84.591944][ T5326]  </TASK>
[   84.591949][ T5326] ==================================================================
[   84.748675][ T5326] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   84.751427][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07267-g405057718a1f #0
[   84.755122][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.759091][ T5326] Call Trace:
[   84.760303][ T5326]  <TASK>
[   84.761381][ T5326]  dump_stack_lvl+0x241/0x360
[   84.763084][ T5326]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.764911][ T5326]  ? __pfx__printk+0x10/0x10
[   84.766622][ T5326]  ? preempt_schedule+0xe1/0xf0
[   84.768396][ T5326]  ? vscnprintf+0x5d/0x90
[   84.769959][ T5326]  panic+0x349/0x880
[   84.771391][ T5326]  ? check_panic_on_warn+0x21/0xb0
[   84.773187][ T5326]  ? __pfx_panic+0x10/0x10
[   84.774816][ T5326]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   84.776934][ T5326]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   84.779198][ T5326]  ? print_report+0xe8/0x550
[   84.780893][ T5326]  check_panic_on_warn+0x86/0xb0
[   84.782723][ T5326]  ? hfsplus_bnode_dump+0x403/0xbb0
[   84.784591][ T5326]  end_report+0x77/0x160
[   84.786181][ T5326]  kasan_report+0x154/0x180
[   84.787833][ T5326]  ? hfsplus_bnode_dump+0x403/0xbb0
[   84.789725][ T5326]  ? hfsplus_bnode_dump+0x403/0xbb0
[   84.791570][ T5326]  kasan_check_range+0x282/0x290
[   84.793337][ T5326]  ? hfsplus_bnode_dump+0x403/0xbb0
[   84.795167][ T5326]  __asan_memcpy+0x29/0x70
[   84.796735][ T5326]  hfsplus_bnode_dump+0x403/0xbb0
[   84.798547][ T5326]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   84.800469][ T5326]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   84.802403][ T5326]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   84.804477][ T5326]  ? rcu_is_watching+0x15/0xb0
[   84.806164][ T5326]  ? hfsplus_bnode_move+0x2da/0x910
[   84.807992][ T5326]  ? __mark_inode_dirty+0x3db/0xe90
[   84.809857][ T5326]  hfsplus_brec_remove+0x42c/0x4f0
[   84.811678][ T5326]  __hfsplus_delete_attr+0x275/0x450
[   84.813579][ T5326]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   84.815597][ T5326]  ? hfsplus_find_init+0x85/0x1c0
[   84.817427][ T5326]  hfsplus_delete_attr+0x353/0x4b0
[   84.819235][ T5326]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   84.821152][ T5326]  ? hfsplus_find_init+0x85/0x1c0
[   84.822953][ T5326]  ? hfsplus_find_init+0x14a/0x1c0
[   84.824721][ T5326]  __hfsplus_setxattr+0x801/0x22d0
[   84.826540][ T5326]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   84.828747][ T5326]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   84.830830][ T5326]  ? lockdep_hardirqs_on+0x99/0x150
[   84.832674][ T5326]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   84.834742][ T5326]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   84.836911][ T5326]  ? stack_depot_save_flags+0x7b4/0x940
[   84.838887][ T5326]  ? __kasan_kmalloc+0x98/0xb0
[   84.840597][ T5326]  ? __kmalloc_cache_noprof+0x243/0x390
[   84.842683][ T5326]  ? hfsplus_setxattr+0x68/0xe0
[   84.844441][ T5326]  hfsplus_setxattr+0xb0/0xe0
[   84.846165][ T5326]  hfsplus_trusted_setxattr+0x40/0x60
[   84.848054][ T5326]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   84.850242][ T5326]  __vfs_removexattr+0x42a/0x460
[   84.852076][ T5326]  __vfs_removexattr_locked+0x206/0x450
[   84.854089][ T5326]  vfs_removexattr+0x103/0x2b0
[   84.855811][ T5326]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   84.857881][ T5326]  ? __pfx_vfs_removexattr+0x10/0x10
[   84.859777][ T5326]  path_removexattrat+0x32e/0x670
[   84.861574][ T5326]  ? __pfx_path_removexattrat+0x10/0x10
[   84.863577][ T5326]  ? do_futex+0x392/0x560
[   84.865160][ T5326]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   84.867423][ T5326]  ? do_syscall_64+0x100/0x230
[   84.869156][ T5326]  __x64_sys_lremovexattr+0x65/0x80
[   84.871040][ T5326]  do_syscall_64+0xf3/0x230
[   84.872741][ T5326]  ? clear_bhb_loop+0x35/0x90
[   84.874481][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.876635][ T5326] RIP: 0033:0x7fcd45d8cd29
[   84.878264][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.885388][ T5326] RSP: 002b:00007fcd46c63038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   84.888433][ T5326] RAX: ffffffffffffffda RBX: 00007fcd45fa5fa0 RCX: 00007fcd45d8cd29
[   84.891273][ T5326] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000240
[   84.894209][ T5326] RBP: 00007fcd45e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   84.897078][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.900102][ T5326] R13: 0000000000000000 R14: 00007fcd45fa5fa0 R15: 00007ffc1d033898
[   84.903052][ T5326]  </TASK>
[   84.904472][ T5326] Kernel Offset: disabled
[   84.906141][ T5326] Rebooting in 86400 seconds..