program:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) (async)
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8b14, &(0x7f0000000040)={'wlan1\x00', @random="0100ffffffff"})
ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000000))

[  120.206807][ T5312] Bluetooth: hci0: command tx timeout
[  120.284338][ T5326] loop0: detected capacity change from 0 to 1024
[  120.363041][ T5326] hfsplus: request for non-existent node 211 in B*Tree
[  120.365751][ T5326] hfsplus: request for non-existent node 211 in B*Tree
[  120.370979][ T5327] ==================================================================
[  120.373915][ T5327] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[  120.376864][ T5327] Read of size 2 at addr 000508800000103e by task syz.0.0/5327
[  120.379468][ T5327] 
[  120.380342][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0
[  120.380355][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.380366][ T5327] Call Trace:
[  120.380371][ T5327]  <TASK>
[  120.380376][ T5327]  dump_stack_lvl+0x241/0x360
[  120.380392][ T5327]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.380402][ T5327]  ? __pfx__printk+0x10/0x10
[  120.380422][ T5327]  ? _printk+0xd5/0x120
[  120.380436][ T5327]  print_report+0xe8/0x550
[  120.380454][ T5327]  ? __virt_addr_valid+0x58/0x530
[  120.380473][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[  120.380491][ T5327]  kasan_report+0x143/0x180
[  120.380504][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[  120.380517][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[  120.380529][ T5327]  kasan_check_range+0x282/0x290
[  120.380542][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[  120.380555][ T5327]  __asan_memcpy+0x29/0x70
[  120.380571][ T5327]  hfsplus_bnode_dump+0x403/0xbb0
[  120.380586][ T5327]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[  120.380599][ T5327]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[  120.380611][ T5327]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[  120.380624][ T5327]  ? rcu_is_watching+0x15/0xb0
[  120.380636][ T5327]  ? hfsplus_bnode_move+0x2da/0x910
[  120.380649][ T5327]  ? __mark_inode_dirty+0x3db/0xe90
[  120.380660][ T5327]  hfsplus_brec_remove+0x42c/0x4f0
[  120.380676][ T5327]  __hfsplus_delete_attr+0x275/0x450
[  120.380687][ T5327]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[  120.380697][ T5327]  ? hfsplus_find_init+0x85/0x1c0
[  120.380711][ T5327]  hfsplus_delete_attr+0x353/0x4b0
[  120.380721][ T5327]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[  120.380731][ T5327]  ? hfsplus_find_init+0x85/0x1c0
[  120.380744][ T5327]  ? hfsplus_find_init+0x14a/0x1c0
[  120.380758][ T5327]  __hfsplus_setxattr+0x801/0x22d0
[  120.380769][ T5327]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.380783][ T5327]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  120.380829][ T5327]  ? lockdep_hardirqs_on+0x99/0x150
[  120.380839][ T5327]  ? __pfx___hfsplus_setxattr+0x10/0x10
[  120.380849][ T5327]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  120.380860][ T5327]  ? stack_depot_save_flags+0x7b4/0x940
[  120.380881][ T5327]  ? __kasan_kmalloc+0x98/0xb0
[  120.380893][ T5327]  ? __kmalloc_cache_noprof+0x243/0x390
[  120.380925][ T5327]  ? hfsplus_setxattr+0x68/0xe0
[  120.380936][ T5327]  hfsplus_setxattr+0xb0/0xe0
[  120.380946][ T5327]  hfsplus_trusted_setxattr+0x40/0x60
[  120.380957][ T5327]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[  120.380967][ T5327]  __vfs_removexattr+0x42a/0x460
[  120.380984][ T5327]  __vfs_removexattr_locked+0x206/0x450
[  120.380998][ T5327]  vfs_removexattr+0x103/0x2b0
[  120.381012][ T5327]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  120.381023][ T5327]  ? __pfx_vfs_removexattr+0x10/0x10
[  120.381038][ T5327]  path_removexattrat+0x32e/0x670
[  120.381049][ T5327]  ? __pfx_path_removexattrat+0x10/0x10
[  120.381060][ T5327]  ? do_futex+0x33b/0x560
[  120.381075][ T5327]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.381088][ T5327]  ? do_syscall_64+0x100/0x230
[  120.381101][ T5327]  __x64_sys_lremovexattr+0x65/0x80
[  120.381111][ T5327]  do_syscall_64+0xf3/0x230
[  120.381122][ T5327]  ? clear_bhb_loop+0x35/0x90
[  120.381136][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.381148][ T5327] RIP: 0033:0x7f6e0018cd29
[  120.381159][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.381167][ T5327] RSP: 002b:00007f6e00fc4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[  120.381179][ T5327] RAX: ffffffffffffffda RBX: 00007f6e003a6080 RCX: 00007f6e0018cd29
[  120.381186][ T5327] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000240
[  120.381193][ T5327] RBP: 00007f6e0020e2a0 R08: 0000000000000000 R09: 0000000000000000
[  120.381198][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  120.381204][ T5327] R13: 0000000000000000 R14: 00007f6e003a6080 R15: 00007fffbdf85ff8
[  120.381213][ T5327]  </TASK>
[  120.381217][ T5327] ==================================================================
[  120.541639][ T5327] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  120.544325][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0
[  120.547995][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.552016][ T5327] Call Trace:
[  120.553263][ T5327]  <TASK>
[  120.554314][ T5327]  dump_stack_lvl+0x241/0x360
[  120.556071][ T5327]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.557994][ T5327]  ? __pfx__printk+0x10/0x10
[  120.559737][ T5327]  ? preempt_schedule+0xe1/0xf0
[  120.561527][ T5327]  ? vscnprintf+0x5d/0x90
[  120.563185][ T5327]  panic+0x349/0x880
[  120.564628][ T5327]  ? check_panic_on_warn+0x21/0xb0
[  120.566566][ T5327]  ? __pfx_panic+0x10/0x10
[  120.568232][ T5327]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  120.570438][ T5327]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  120.572771][ T5327]  ? print_report+0xe8/0x550
[  120.574605][ T5327]  check_panic_on_warn+0x86/0xb0
[  120.576401][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[  120.578635][ T5327]  end_report+0x77/0x160
[  120.580302][ T5327]  kasan_report+0x154/0x180
[  120.582001][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[  120.584031][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[  120.585928][ T5327]  kasan_check_range+0x282/0x290
[  120.587767][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[  120.589700][ T5327]  __asan_memcpy+0x29/0x70
[  120.591392][ T5327]  hfsplus_bnode_dump+0x403/0xbb0
[  120.593500][ T5327]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[  120.595481][ T5327]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[  120.597450][ T5327]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[  120.599626][ T5327]  ? rcu_is_watching+0x15/0xb0
[  120.601393][ T5327]  ? hfsplus_bnode_move+0x2da/0x910
[  120.603311][ T5327]  ? __mark_inode_dirty+0x3db/0xe90
[  120.605200][ T5327]  hfsplus_brec_remove+0x42c/0x4f0
[  120.607066][ T5327]  __hfsplus_delete_attr+0x275/0x450
[  120.608991][ T5327]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[  120.611080][ T5327]  ? hfsplus_find_init+0x85/0x1c0
[  120.612991][ T5327]  hfsplus_delete_attr+0x353/0x4b0
[  120.614874][ T5327]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[  120.616869][ T5327]  ? hfsplus_find_init+0x85/0x1c0
[  120.618673][ T5327]  ? hfsplus_find_init+0x14a/0x1c0
[  120.620538][ T5327]  __hfsplus_setxattr+0x801/0x22d0
[  120.622403][ T5327]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.624671][ T5327]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  120.626791][ T5327]  ? lockdep_hardirqs_on+0x99/0x150
[  120.628649][ T5327]  ? __pfx___hfsplus_setxattr+0x10/0x10
[  120.630570][ T5327]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  120.632665][ T5327]  ? stack_depot_save_flags+0x7b4/0x940
[  120.634663][ T5327]  ? __kasan_kmalloc+0x98/0xb0
[  120.636417][ T5327]  ? __kmalloc_cache_noprof+0x243/0x390
[  120.638426][ T5327]  ? hfsplus_setxattr+0x68/0xe0
[  120.640292][ T5327]  hfsplus_setxattr+0xb0/0xe0
[  120.642045][ T5327]  hfsplus_trusted_setxattr+0x40/0x60
[  120.644070][ T5327]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[  120.646279][ T5327]  __vfs_removexattr+0x42a/0x460
[  120.647972][ T5327]  __vfs_removexattr_locked+0x206/0x450
[  120.649775][ T5327]  vfs_removexattr+0x103/0x2b0
[  120.651361][ T5327]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  120.653466][ T5327]  ? __pfx_vfs_removexattr+0x10/0x10
[  120.655344][ T5327]  path_removexattrat+0x32e/0x670
[  120.657144][ T5327]  ? __pfx_path_removexattrat+0x10/0x10
[  120.659108][ T5327]  ? do_futex+0x33b/0x560
[  120.660749][ T5327]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.663062][ T5327]  ? do_syscall_64+0x100/0x230
[  120.664799][ T5327]  __x64_sys_lremovexattr+0x65/0x80
[  120.666724][ T5327]  do_syscall_64+0xf3/0x230
[  120.668405][ T5327]  ? clear_bhb_loop+0x35/0x90
[  120.670184][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.672329][ T5327] RIP: 0033:0x7f6e0018cd29
[  120.673977][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.680822][ T5327] RSP: 002b:00007f6e00fc4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[  120.683866][ T5327] RAX: ffffffffffffffda RBX: 00007f6e003a6080 RCX: 00007f6e0018cd29
[  120.686505][ T5327] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000240
[  120.689407][ T5327] RBP: 00007f6e0020e2a0 R08: 0000000000000000 R09: 0000000000000000
[  120.692129][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  120.694793][ T5327] R13: 0000000000000000 R14: 00007f6e003a6080 R15: 00007fffbdf85ff8
[  120.697626][ T5327]  </TASK>
[  120.698964][ T5327] Kernel Offset: disabled
[  120.700424][ T5327] Rebooting in 86400 seconds..