program:
r0 = syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000340), 0x4)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) (async)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) (async)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000200)={0x1, 0x1}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r2=>r0, {0xffffffffffffffff, 0xffffffffffffffff}}, './file3\x00'})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, 0x0, 0x30, 0x70bd27, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x2eb6}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x6}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x80000000}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0xfff}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x9ae5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')

[   62.174817][ T4663] Bluetooth: hci0: command tx timeout
[   62.256023][ T5315] loop0: detected capacity change from 0 to 1024
[   62.315589][ T5315] hfsplus: request for non-existent node 211 in B*Tree
[   62.319543][ T5315] hfsplus: request for non-existent node 211 in B*Tree
[   62.322768][ T5316] ==================================================================
[   62.325942][ T5316] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   62.328979][ T5316] Read of size 2 at addr 000508800000103e by task syz.0.0/5316
[   62.331520][ T5316] 
[   62.332417][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07632-gaa22f4da2a46 #0
[   62.332426][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   62.332431][ T5316] Call Trace:
[   62.332435][ T5316]  <TASK>
[   62.332439][ T5316]  dump_stack_lvl+0x241/0x360
[   62.332450][ T5316]  ? __pfx_dump_stack_lvl+0x10/0x10
[   62.332457][ T5316]  ? __pfx__printk+0x10/0x10
[   62.332467][ T5316]  ? _printk+0xd5/0x120
[   62.332476][ T5316]  print_report+0xe8/0x550
[   62.332489][ T5316]  ? __virt_addr_valid+0x58/0x530
[   62.332505][ T5316]  ? hfsplus_bnode_dump+0x403/0xbb0
[   62.332520][ T5316]  kasan_report+0x143/0x180
[   62.332535][ T5316]  ? hfsplus_bnode_dump+0x403/0xbb0
[   62.332549][ T5316]  ? hfsplus_bnode_dump+0x403/0xbb0
[   62.332564][ T5316]  kasan_check_range+0x282/0x290
[   62.332577][ T5316]  ? hfsplus_bnode_dump+0x403/0xbb0
[   62.332585][ T5316]  __asan_memcpy+0x29/0x70
[   62.332593][ T5316]  hfsplus_bnode_dump+0x403/0xbb0
[   62.332607][ T5316]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   62.332621][ T5316]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   62.332635][ T5316]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   62.332648][ T5316]  ? rcu_is_watching+0x15/0xb0
[   62.332658][ T5316]  ? hfsplus_bnode_move+0x2da/0x910
[   62.332671][ T5316]  ? __mark_inode_dirty+0x3db/0xe90
[   62.332683][ T5316]  hfsplus_brec_remove+0x42c/0x4f0
[   62.332698][ T5316]  __hfsplus_delete_attr+0x275/0x450
[   62.332709][ T5316]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   62.332720][ T5316]  ? hfsplus_find_init+0x85/0x1c0
[   62.332735][ T5316]  hfsplus_delete_attr+0x353/0x4b0
[   62.332748][ T5316]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   62.332759][ T5316]  ? hfsplus_find_init+0x85/0x1c0
[   62.332774][ T5316]  ? hfsplus_find_init+0x14a/0x1c0
[   62.332790][ T5316]  __hfsplus_setxattr+0x801/0x22d0
[   62.332800][ T5316]  ? kernel_text_address+0xa7/0xe0
[   62.332813][ T5316]  ? arch_stack_walk+0xfd/0x150
[   62.332832][ T5316]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   62.332844][ T5316]  ? __pfx_stack_trace_save+0x10/0x10
[   62.332858][ T5316]  ? stack_depot_save_flags+0x37/0x940
[   62.332880][ T5316]  ? __kasan_kmalloc+0x98/0xb0
[   62.332894][ T5316]  ? __kmalloc_cache_noprof+0x243/0x390
[   62.332905][ T5316]  ? hfsplus_setxattr+0x68/0xe0
[   62.332917][ T5316]  hfsplus_setxattr+0xb0/0xe0
[   62.332929][ T5316]  hfsplus_trusted_setxattr+0x40/0x60
[   62.332941][ T5316]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   62.332951][ T5316]  __vfs_removexattr+0x42a/0x460
[   62.332969][ T5316]  __vfs_removexattr_locked+0x206/0x450
[   62.332986][ T5316]  vfs_removexattr+0x103/0x2b0
[   62.333001][ T5316]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   62.333013][ T5316]  ? __pfx_vfs_removexattr+0x10/0x10
[   62.333024][ T5316]  path_removexattrat+0x32e/0x670
[   62.333031][ T5316]  ? __pfx_path_removexattrat+0x10/0x10
[   62.333038][ T5316]  ? do_futex+0x392/0x560
[   62.333048][ T5316]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   62.333058][ T5316]  ? do_syscall_64+0x100/0x230
[   62.333108][ T5316]  __x64_sys_lremovexattr+0x65/0x80
[   62.333115][ T5316]  do_syscall_64+0xf3/0x230
[   62.333124][ T5316]  ? clear_bhb_loop+0x35/0x90
[   62.333138][ T5316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.333151][ T5316] RIP: 0033:0x7f645d38cd29
[   62.333161][ T5316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.333169][ T5316] RSP: 002b:00007f645e18c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   62.333182][ T5316] RAX: ffffffffffffffda RBX: 00007f645d5a6080 RCX: 00007f645d38cd29
[   62.333192][ T5316] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000240
[   62.333198][ T5316] RBP: 00007f645d40e2a0 R08: 0000000000000000 R09: 0000000000000000
[   62.333205][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   62.333212][ T5316] R13: 0000000000000000 R14: 00007f645d5a6080 R15: 00007ffef0841548
[   62.333224][ T5316]  </TASK>
[   62.333228][ T5316] ==================================================================
[   62.488653][ T5316] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   62.491506][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07632-gaa22f4da2a46 #0
[   62.495292][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   62.499370][ T5316] Call Trace:
[   62.500605][ T5316]  <TASK>
[   62.501874][ T5316]  dump_stack_lvl+0x241/0x360
[   62.503877][ T5316]  ? __pfx_dump_stack_lvl+0x10/0x10
[   62.506283][ T5316]  ? __pfx__printk+0x10/0x10
[   62.508440][ T5316]  ? preempt_schedule+0xe1/0xf0
[   62.510741][ T5316]  ? vscnprintf+0x5d/0x90
[   62.512832][ T5316]  panic+0x349/0x880
[   62.515409][ T5316]  ? check_panic_on_warn+0x21/0xb0
[   62.517696][ T5316]  ? __pfx_panic+0x10/0x10
[   62.519724][ T5316]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   62.522373][ T5316]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   62.525195][ T5316]  ? print_report+0xe8/0x550
[   62.527070][ T5316]  check_panic_on_warn+0x86/0xb0
[   62.529103][ T5316]  ? hfsplus_bnode_dump+0x403/0xbb0
[   62.531028][ T5316]  end_report+0x77/0x160
[   62.532666][ T5316]  kasan_report+0x154/0x180
[   62.534379][ T5316]  ? hfsplus_bnode_dump+0x403/0xbb0
[   62.536237][ T5316]  ? hfsplus_bnode_dump+0x403/0xbb0
[   62.538159][ T5316]  kasan_check_range+0x282/0x290
[   62.539995][ T5316]  ? hfsplus_bnode_dump+0x403/0xbb0
[   62.541949][ T5316]  __asan_memcpy+0x29/0x70
[   62.543651][ T5316]  hfsplus_bnode_dump+0x403/0xbb0
[   62.545521][ T5316]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   62.547526][ T5316]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   62.549541][ T5316]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   62.551820][ T5316]  ? rcu_is_watching+0x15/0xb0
[   62.553615][ T5316]  ? hfsplus_bnode_move+0x2da/0x910
[   62.555537][ T5316]  ? __mark_inode_dirty+0x3db/0xe90
[   62.557664][ T5316]  hfsplus_brec_remove+0x42c/0x4f0
[   62.559602][ T5316]  __hfsplus_delete_attr+0x275/0x450
[   62.561687][ T5316]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   62.563898][ T5316]  ? hfsplus_find_init+0x85/0x1c0
[   62.565698][ T5316]  hfsplus_delete_attr+0x353/0x4b0
[   62.567408][ T5316]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   62.569262][ T5316]  ? hfsplus_find_init+0x85/0x1c0
[   62.571029][ T5316]  ? hfsplus_find_init+0x14a/0x1c0
[   62.572791][ T5316]  __hfsplus_setxattr+0x801/0x22d0
[   62.574695][ T5316]  ? kernel_text_address+0xa7/0xe0
[   62.576551][ T5316]  ? arch_stack_walk+0xfd/0x150
[   62.578302][ T5316]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   62.580311][ T5316]  ? __pfx_stack_trace_save+0x10/0x10
[   62.582268][ T5316]  ? stack_depot_save_flags+0x37/0x940
[   62.584254][ T5316]  ? __kasan_kmalloc+0x98/0xb0
[   62.586069][ T5316]  ? __kmalloc_cache_noprof+0x243/0x390
[   62.588112][ T5316]  ? hfsplus_setxattr+0x68/0xe0
[   62.589929][ T5316]  hfsplus_setxattr+0xb0/0xe0
[   62.591526][ T5316]  hfsplus_trusted_setxattr+0x40/0x60
[   62.593392][ T5316]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   62.595571][ T5316]  __vfs_removexattr+0x42a/0x460
[   62.597401][ T5316]  __vfs_removexattr_locked+0x206/0x450
[   62.599401][ T5316]  vfs_removexattr+0x103/0x2b0
[   62.601092][ T5316]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   62.603267][ T5316]  ? __pfx_vfs_removexattr+0x10/0x10
[   62.605139][ T5316]  path_removexattrat+0x32e/0x670
[   62.606955][ T5316]  ? __pfx_path_removexattrat+0x10/0x10
[   62.608876][ T5316]  ? do_futex+0x392/0x560
[   62.610418][ T5316]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   62.612599][ T5316]  ? do_syscall_64+0x100/0x230
[   62.614434][ T5316]  __x64_sys_lremovexattr+0x65/0x80
[   62.616495][ T5316]  do_syscall_64+0xf3/0x230
[   62.618160][ T5316]  ? clear_bhb_loop+0x35/0x90
[   62.619812][ T5316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.621960][ T5316] RIP: 0033:0x7f645d38cd29
[   62.623471][ T5316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.630048][ T5316] RSP: 002b:00007f645e18c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   62.633126][ T5316] RAX: ffffffffffffffda RBX: 00007f645d5a6080 RCX: 00007f645d38cd29
[   62.636116][ T5316] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000240
[   62.639244][ T5316] RBP: 00007f645d40e2a0 R08: 0000000000000000 R09: 0000000000000000
[   62.642293][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   62.645183][ T5316] R13: 0000000000000000 R14: 00007f645d5a6080 R15: 00007ffef0841548
[   62.648150][ T5316]  </TASK>
[   62.649625][ T5316] Kernel Offset: disabled
[   62.651267][ T5316] Rebooting in 86400 seconds..