program:
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
socket$netlink(0x10, 0x3, 0x1) (async)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000100)=@arm64={0x2, 0x7, 0x80, '\x00', 0xffff})
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async, rerun: 32)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="14010000330001000000000000000000010100800c000300000600000000fdff130008002001000000000000000000000000000050bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd00000065c0a4a07b9c67ee7906211f99dd8f24e5403b3a6ffe9dab4b178f371b21388bd8f00a7e091cfbf440f14a4554d7c0aaaa2ae1dd0189e94d29717a9b1918a42309bc7b07548b2d1514eb23c9a1fa1e080bd116dce45054349a968fa8838d039ab2d6ff2eebf0bbfd75e4833e18a6a2788c6c1ab0b6f98e2dc3b065990c4d29cbd74b8d8b25d978e8d36857b1a92a4d1910d53d47a0a1879837de995b7a7a15a60ba360e85a14a24992ba3052e9082528bc33ddfcb4ad45"], 0x114}], 0x1, 0x0, 0x0, 0x24040040}, 0x0) (rerun: 32)

[   82.651315][ T5307] Bluetooth: hci0: command tx timeout
[   82.741973][ T5323] loop0: detected capacity change from 0 to 1024
[   82.794959][ T5322] hfsplus: request for non-existent node 211 in B*Tree
[   82.799707][ T5322] hfsplus: request for non-existent node 211 in B*Tree
[   82.803283][ T5322] ==================================================================
[   82.806227][ T5322] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   82.809163][ T5322] Read of size 2 at addr 000508800000103e by task syz.0.0/5322
[   82.811957][ T5322] 
[   82.812879][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07267-g405057718a1f #0
[   82.812893][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   82.812901][ T5322] Call Trace:
[   82.812907][ T5322]  <TASK>
[   82.812918][ T5322]  dump_stack_lvl+0x241/0x360
[   82.812936][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   82.812948][ T5322]  ? __pfx__printk+0x10/0x10
[   82.812966][ T5322]  ? _printk+0xd5/0x120
[   82.812984][ T5322]  print_report+0xe8/0x550
[   82.813003][ T5322]  ? __virt_addr_valid+0x58/0x530
[   82.813021][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   82.813038][ T5322]  kasan_report+0x143/0x180
[   82.813054][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   82.813071][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   82.813087][ T5322]  kasan_check_range+0x282/0x290
[   82.813102][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   82.813118][ T5322]  __asan_memcpy+0x29/0x70
[   82.813133][ T5322]  hfsplus_bnode_dump+0x403/0xbb0
[   82.813151][ T5322]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   82.813167][ T5322]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   82.813182][ T5322]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   82.813198][ T5322]  ? rcu_is_watching+0x15/0xb0
[   82.813209][ T5322]  ? hfsplus_bnode_move+0x2da/0x910
[   82.813224][ T5322]  ? __mark_inode_dirty+0x3db/0xe90
[   82.813238][ T5322]  hfsplus_brec_remove+0x42c/0x4f0
[   82.813258][ T5322]  __hfsplus_delete_attr+0x275/0x450
[   82.813272][ T5322]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   82.813284][ T5322]  ? hfsplus_find_init+0x85/0x1c0
[   82.813302][ T5322]  hfsplus_delete_attr+0x353/0x4b0
[   82.813316][ T5322]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   82.813328][ T5322]  ? hfsplus_find_init+0x85/0x1c0
[   82.813346][ T5322]  ? hfsplus_find_init+0x14a/0x1c0
[   82.813363][ T5322]  __hfsplus_setxattr+0x801/0x22d0
[   82.813375][ T5322]  ? kernel_text_address+0xa7/0xe0
[   82.813388][ T5322]  ? arch_stack_walk+0xfd/0x150
[   82.813406][ T5322]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   82.813420][ T5322]  ? __pfx_stack_trace_save+0x10/0x10
[   82.813434][ T5322]  ? stack_depot_save_flags+0x37/0x940
[   82.813461][ T5322]  ? __kasan_kmalloc+0x98/0xb0
[   82.813477][ T5322]  ? __kmalloc_cache_noprof+0x243/0x390
[   82.813488][ T5322]  ? hfsplus_setxattr+0x68/0xe0
[   82.813501][ T5322]  hfsplus_setxattr+0xb0/0xe0
[   82.813514][ T5322]  hfsplus_trusted_setxattr+0x40/0x60
[   82.813528][ T5322]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   82.813540][ T5322]  __vfs_removexattr+0x42a/0x460
[   82.813560][ T5322]  __vfs_removexattr_locked+0x206/0x450
[   82.813578][ T5322]  vfs_removexattr+0x103/0x2b0
[   82.813594][ T5322]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   82.813608][ T5322]  ? __pfx_vfs_removexattr+0x10/0x10
[   82.813627][ T5322]  path_removexattrat+0x32e/0x670
[   82.813642][ T5322]  ? __pfx_path_removexattrat+0x10/0x10
[   82.813663][ T5322]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   82.813679][ T5322]  ? do_syscall_64+0x100/0x230
[   82.813736][ T5322]  __x64_sys_lremovexattr+0x65/0x80
[   82.813749][ T5322]  do_syscall_64+0xf3/0x230
[   82.813763][ T5322]  ? clear_bhb_loop+0x35/0x90
[   82.813780][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.813796][ T5322] RIP: 0033:0x7fe19238cd29
[   82.813807][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.813817][ T5322] RSP: 002b:00007fe193145038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   82.813833][ T5322] RAX: ffffffffffffffda RBX: 00007fe1925a5fa0 RCX: 00007fe19238cd29
[   82.813841][ T5322] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000240
[   82.813849][ T5322] RBP: 00007fe19240e2a0 R08: 0000000000000000 R09: 0000000000000000
[   82.813856][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   82.813864][ T5322] R13: 0000000000000000 R14: 00007fe1925a5fa0 R15: 00007ffc4f0b9a28
[   82.813875][ T5322]  </TASK>
[   82.813880][ T5322] ==================================================================
[   82.964027][ T5323] netlink: 'syz.0.0': attribute type 8 has an invalid length.
[   82.969262][ T5323] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'.
[   82.973733][ T5323] netlink: 'syz.0.0': attribute type 8 has an invalid length.
[   82.977248][ T5323] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'.
[   82.980610][ T5323] netlink: 'syz.0.0': attribute type 8 has an invalid length.
[   82.983442][ T5323] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'.
[   82.988276][ T5323] netlink: 'syz.0.0': attribute type 8 has an invalid length.
[   82.991164][ T5323] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'.
[   82.994617][ T5323] netlink: 'syz.0.0': attribute type 8 has an invalid length.
[   82.998066][ T5323] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'.
[   83.001355][ T5323] netlink: 'syz.0.0': attribute type 8 has an invalid length.
[   83.004019][ T5323] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'.
[   83.009608][ T5323] netlink: 'syz.0.0': attribute type 8 has an invalid length.
[   83.012422][ T5323] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'.
[   83.015866][ T5323] netlink: 'syz.0.0': attribute type 8 has an invalid length.
[   83.019449][ T5323] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'.
[   83.022715][ T5323] netlink: 'syz.0.0': attribute type 8 has an invalid length.
[   83.025470][ T5323] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'.
[   83.030019][ T5323] netlink: 'syz.0.0': attribute type 8 has an invalid length.
[   83.032749][ T5323] netlink: 224 bytes leftover after parsing attributes in process `syz.0.0'.
[   83.038017][ T5322] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   83.040737][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07267-g405057718a1f #0
[   83.044475][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.048752][ T5322] Call Trace:
[   83.049906][ T5322]  <TASK>
[   83.051105][ T5322]  dump_stack_lvl+0x241/0x360
[   83.052852][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   83.054826][ T5322]  ? __pfx__printk+0x10/0x10
[   83.056693][ T5322]  ? preempt_schedule+0xe1/0xf0
[   83.058486][ T5322]  ? vscnprintf+0x5d/0x90
[   83.060098][ T5322]  panic+0x349/0x880
[   83.061619][ T5322]  ? check_panic_on_warn+0x21/0xb0
[   83.063518][ T5322]  ? __pfx_panic+0x10/0x10
[   83.065190][ T5322]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   83.067497][ T5322]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   83.069877][ T5322]  ? print_report+0xe8/0x550
[   83.071670][ T5322]  check_panic_on_warn+0x86/0xb0
[   83.073531][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   83.075613][ T5322]  end_report+0x77/0x160
[   83.077277][ T5322]  kasan_report+0x154/0x180
[   83.079219][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   83.081297][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   83.083253][ T5322]  kasan_check_range+0x282/0x290
[   83.085080][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   83.086947][ T5322]  __asan_memcpy+0x29/0x70
[   83.088682][ T5322]  hfsplus_bnode_dump+0x403/0xbb0
[   83.090561][ T5322]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   83.092626][ T5322]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   83.094684][ T5322]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   83.096932][ T5322]  ? rcu_is_watching+0x15/0xb0
[   83.098851][ T5322]  ? hfsplus_bnode_move+0x2da/0x910
[   83.100857][ T5322]  ? __mark_inode_dirty+0x3db/0xe90
[   83.102793][ T5322]  hfsplus_brec_remove+0x42c/0x4f0
[   83.104726][ T5322]  __hfsplus_delete_attr+0x275/0x450
[   83.106722][ T5322]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   83.109076][ T5322]  ? hfsplus_find_init+0x85/0x1c0
[   83.110992][ T5322]  hfsplus_delete_attr+0x353/0x4b0
[   83.112871][ T5322]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   83.114971][ T5322]  ? hfsplus_find_init+0x85/0x1c0
[   83.116793][ T5322]  ? hfsplus_find_init+0x14a/0x1c0
[   83.118801][ T5322]  __hfsplus_setxattr+0x801/0x22d0
[   83.120808][ T5322]  ? kernel_text_address+0xa7/0xe0
[   83.122688][ T5322]  ? arch_stack_walk+0xfd/0x150
[   83.124486][ T5322]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   83.126581][ T5322]  ? __pfx_stack_trace_save+0x10/0x10
[   83.128644][ T5322]  ? stack_depot_save_flags+0x37/0x940
[   83.130612][ T5322]  ? __kasan_kmalloc+0x98/0xb0
[   83.132530][ T5322]  ? __kmalloc_cache_noprof+0x243/0x390
[   83.134439][ T5322]  ? hfsplus_setxattr+0x68/0xe0
[   83.136073][ T5322]  hfsplus_setxattr+0xb0/0xe0
[   83.137539][ T5322]  hfsplus_trusted_setxattr+0x40/0x60
[   83.139382][ T5322]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   83.141387][ T5322]  __vfs_removexattr+0x42a/0x460
[   83.143001][ T5322]  __vfs_removexattr_locked+0x206/0x450
[   83.144788][ T5322]  vfs_removexattr+0x103/0x2b0
[   83.146387][ T5322]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   83.148524][ T5322]  ? __pfx_vfs_removexattr+0x10/0x10
[   83.150435][ T5322]  path_removexattrat+0x32e/0x670
[   83.152368][ T5322]  ? __pfx_path_removexattrat+0x10/0x10
[   83.154397][ T5322]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   83.156700][ T5322]  ? do_syscall_64+0x100/0x230
[   83.158501][ T5322]  __x64_sys_lremovexattr+0x65/0x80
[   83.160232][ T5322]  do_syscall_64+0xf3/0x230
[   83.161922][ T5322]  ? clear_bhb_loop+0x35/0x90
[   83.163642][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.165743][ T5322] RIP: 0033:0x7fe19238cd29
[   83.167333][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.173974][ T5322] RSP: 002b:00007fe193145038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   83.176643][ T5322] RAX: ffffffffffffffda RBX: 00007fe1925a5fa0 RCX: 00007fe19238cd29
[   83.179505][ T5322] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000240
[   83.182313][ T5322] RBP: 00007fe19240e2a0 R08: 0000000000000000 R09: 0000000000000000
[   83.185120][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   83.187667][ T5322] R13: 0000000000000000 R14: 00007fe1925a5fa0 R15: 00007ffc4f0b9a28
[   83.190107][ T5322]  </TASK>
[   83.191395][ T5322] Kernel Offset: disabled
[   83.192774][ T5322] Rebooting in 86400 seconds..