program:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000400)={0xf0f01e, 0x2})
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')
[ 74.659708][ T5306] Bluetooth: hci0: command tx timeout
[ 74.781424][ T5320] loop0: detected capacity change from 0 to 1024
[ 74.842177][ T5321] hfsplus: request for non-existent node 211 in B*Tree
[ 74.846820][ T5321] hfsplus: request for non-existent node 211 in B*Tree
[ 74.850149][ T5320] ==================================================================
[ 74.852942][ T5320] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[ 74.855886][ T5320] Read of size 2 at addr 000508800000103e by task syz.0.0/5320
[ 74.858743][ T5320]
[ 74.859666][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-05252-gbc8198dc7ebc #0
[ 74.859679][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 74.859686][ T5320] Call Trace:
[ 74.859692][ T5320]
[ 74.859698][ T5320] dump_stack_lvl+0x241/0x360
[ 74.859720][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.859735][ T5320] ? __pfx__printk+0x10/0x10
[ 74.859750][ T5320] ? _printk+0xd5/0x120
[ 74.859765][ T5320] print_report+0xe8/0x550
[ 74.859780][ T5320] ? __virt_addr_valid+0x58/0x530
[ 74.859795][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0
[ 74.859809][ T5320] kasan_report+0x143/0x180
[ 74.859823][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0
[ 74.859836][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0
[ 74.859850][ T5320] kasan_check_range+0x282/0x290
[ 74.859863][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0
[ 74.859877][ T5320] __asan_memcpy+0x29/0x70
[ 74.859888][ T5320] hfsplus_bnode_dump+0x403/0xbb0
[ 74.859904][ T5320] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 74.859918][ T5320] ? hfsplus_bnode_write_u16+0x9b/0xf0
[ 74.859931][ T5320] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[ 74.859944][ T5320] ? rcu_is_watching+0x15/0xb0
[ 74.859959][ T5320] ? hfsplus_bnode_move+0x2da/0x910
[ 74.859972][ T5320] ? __mark_inode_dirty+0x3db/0xe90
[ 74.859990][ T5320] hfsplus_brec_remove+0x42c/0x4f0
[ 74.860007][ T5320] __hfsplus_delete_attr+0x275/0x450
[ 74.860024][ T5320] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 74.860040][ T5320] ? hfsplus_find_init+0x85/0x1c0
[ 74.860056][ T5320] hfsplus_delete_attr+0x353/0x4b0
[ 74.860073][ T5320] ? __pfx_hfsplus_delete_attr+0x10/0x10
[ 74.860089][ T5320] ? hfsplus_find_init+0x85/0x1c0
[ 74.860103][ T5320] ? hfsplus_find_init+0x14a/0x1c0
[ 74.860118][ T5320] __hfsplus_setxattr+0x801/0x22d0
[ 74.860157][ T5320] ? kernel_text_address+0xa7/0xe0
[ 74.860174][ T5320] ? arch_stack_walk+0xfd/0x150
[ 74.860190][ T5320] ? __pfx___hfsplus_setxattr+0x10/0x10
[ 74.860207][ T5320] ? __pfx_stack_trace_save+0x10/0x10
[ 74.860225][ T5320] ? stack_depot_save_flags+0x37/0x940
[ 74.860257][ T5320] ? __kasan_kmalloc+0x98/0xb0
[ 74.860270][ T5320] ? __kmalloc_cache_noprof+0x243/0x390
[ 74.860285][ T5320] ? hfsplus_setxattr+0x68/0xe0
[ 74.860302][ T5320] hfsplus_setxattr+0xb0/0xe0
[ 74.860318][ T5320] hfsplus_trusted_setxattr+0x40/0x60
[ 74.860329][ T5320] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[ 74.860339][ T5320] __vfs_removexattr+0x42a/0x460
[ 74.860357][ T5320] __vfs_removexattr_locked+0x206/0x450
[ 74.860373][ T5320] vfs_removexattr+0x103/0x2b0
[ 74.860386][ T5320] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 74.860404][ T5320] ? __pfx_vfs_removexattr+0x10/0x10
[ 74.860420][ T5320] path_removexattrat+0x32e/0x670
[ 74.860432][ T5320] ? __pfx_path_removexattrat+0x10/0x10
[ 74.860442][ T5320] ? do_futex+0x392/0x560
[ 74.860459][ T5320] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 74.860472][ T5320] ? do_syscall_64+0x100/0x230
[ 74.860525][ T5320] __x64_sys_lremovexattr+0x65/0x80
[ 74.860542][ T5320] do_syscall_64+0xf3/0x230
[ 74.860554][ T5320] ? clear_bhb_loop+0x35/0x90
[ 74.860568][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.860586][ T5320] RIP: 0033:0x7f9c41d8cd29
[ 74.860597][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 74.860607][ T5320] RSP: 002b:00007f9c42b41038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[ 74.860620][ T5320] RAX: ffffffffffffffda RBX: 00007f9c41fa5fa0 RCX: 00007f9c41d8cd29
[ 74.860628][ T5320] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000240
[ 74.860636][ T5320] RBP: 00007f9c41e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 74.860643][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 74.860650][ T5320] R13: 0000000000000000 R14: 00007f9c41fa5fa0 R15: 00007ffe7fb023f8
[ 74.860661][ T5320]
[ 74.860666][ T5320] ==================================================================
[ 75.018980][ T5320] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 75.021599][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-05252-gbc8198dc7ebc #0
[ 75.025266][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.029160][ T5320] Call Trace:
[ 75.030244][ T5320]
[ 75.031178][ T5320] dump_stack_lvl+0x241/0x360
[ 75.032687][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.034550][ T5320] ? __pfx__printk+0x10/0x10
[ 75.036343][ T5320] ? preempt_schedule+0xe1/0xf0
[ 75.038182][ T5320] ? vscnprintf+0x5d/0x90
[ 75.039877][ T5320] panic+0x349/0x880
[ 75.041212][ T5320] ? check_panic_on_warn+0x21/0xb0
[ 75.042869][ T5320] ? __pfx_panic+0x10/0x10
[ 75.044554][ T5320] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 75.046817][ T5320] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 75.049200][ T5320] ? print_report+0xe8/0x550
[ 75.050976][ T5320] check_panic_on_warn+0x86/0xb0
[ 75.052819][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0
[ 75.054716][ T5320] end_report+0x77/0x160
[ 75.056310][ T5320] kasan_report+0x154/0x180
[ 75.057967][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0
[ 75.059908][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0
[ 75.061838][ T5320] kasan_check_range+0x282/0x290
[ 75.063625][ T5320] ? hfsplus_bnode_dump+0x403/0xbb0
[ 75.065518][ T5320] __asan_memcpy+0x29/0x70
[ 75.067096][ T5320] hfsplus_bnode_dump+0x403/0xbb0
[ 75.068899][ T5320] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 75.070878][ T5320] ? hfsplus_bnode_write_u16+0x9b/0xf0
[ 75.072772][ T5320] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[ 75.074882][ T5320] ? rcu_is_watching+0x15/0xb0
[ 75.076590][ T5320] ? hfsplus_bnode_move+0x2da/0x910
[ 75.078430][ T5320] ? __mark_inode_dirty+0x3db/0xe90
[ 75.080281][ T5320] hfsplus_brec_remove+0x42c/0x4f0
[ 75.082113][ T5320] __hfsplus_delete_attr+0x275/0x450
[ 75.083928][ T5320] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 75.085984][ T5320] ? hfsplus_find_init+0x85/0x1c0
[ 75.087702][ T5320] hfsplus_delete_attr+0x353/0x4b0
[ 75.089563][ T5320] ? __pfx_hfsplus_delete_attr+0x10/0x10
[ 75.091552][ T5320] ? hfsplus_find_init+0x85/0x1c0
[ 75.093348][ T5320] ? hfsplus_find_init+0x14a/0x1c0
[ 75.095203][ T5320] __hfsplus_setxattr+0x801/0x22d0
[ 75.097045][ T5320] ? kernel_text_address+0xa7/0xe0
[ 75.098908][ T5320] ? arch_stack_walk+0xfd/0x150
[ 75.100658][ T5320] ? __pfx___hfsplus_setxattr+0x10/0x10
[ 75.102640][ T5320] ? __pfx_stack_trace_save+0x10/0x10
[ 75.104564][ T5320] ? stack_depot_save_flags+0x37/0x940
[ 75.106507][ T5320] ? __kasan_kmalloc+0x98/0xb0
[ 75.108231][ T5320] ? __kmalloc_cache_noprof+0x243/0x390
[ 75.110311][ T5320] ? hfsplus_setxattr+0x68/0xe0
[ 75.112049][ T5320] hfsplus_setxattr+0xb0/0xe0
[ 75.113734][ T5320] hfsplus_trusted_setxattr+0x40/0x60
[ 75.115630][ T5320] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[ 75.117829][ T5320] __vfs_removexattr+0x42a/0x460
[ 75.119622][ T5320] __vfs_removexattr_locked+0x206/0x450
[ 75.121553][ T5320] vfs_removexattr+0x103/0x2b0
[ 75.123033][ T5320] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 75.124914][ T5320] ? __pfx_vfs_removexattr+0x10/0x10
[ 75.126675][ T5320] path_removexattrat+0x32e/0x670
[ 75.128442][ T5320] ? __pfx_path_removexattrat+0x10/0x10
[ 75.130562][ T5320] ? do_futex+0x392/0x560
[ 75.132192][ T5320] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 75.134548][ T5320] ? do_syscall_64+0x100/0x230
[ 75.136276][ T5320] __x64_sys_lremovexattr+0x65/0x80
[ 75.138188][ T5320] do_syscall_64+0xf3/0x230
[ 75.139868][ T5320] ? clear_bhb_loop+0x35/0x90
[ 75.141607][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.143690][ T5320] RIP: 0033:0x7f9c41d8cd29
[ 75.145321][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 75.152411][ T5320] RSP: 002b:00007f9c42b41038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[ 75.155479][ T5320] RAX: ffffffffffffffda RBX: 00007f9c41fa5fa0 RCX: 00007f9c41d8cd29
[ 75.158438][ T5320] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000020000240
[ 75.161339][ T5320] RBP: 00007f9c41e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 75.164314][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 75.167260][ T5320] R13: 0000000000000000 R14: 00007f9c41fa5fa0 R15: 00007ffe7fb023f8
[ 75.170565][ T5320]
[ 75.171991][ T5320] Kernel Offset: disabled
[ 75.173578][ T5320] Rebooting in 86400 seconds..