program:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYRES64, @ANYRESOCT=0x0], 0x1, 0x6a0, &(0x7f0000000b00)="$eJzs3c1rJGkZAPCnqjud9Aiz2d2Z2VUWDDuwisGZJE1WI8KOHiSHRZYRXAQvzUxmJ0xPdkmykhlE4/fVw/4B6yEHwYuC94EVPKkHYfHWepAFwct6yS1SH93pfHS2O5OkE/39hup6q97Peqrq7VQ3Qwfwf2txOqpPIonF6dc3su32VqPV3mqMl9mtiMjSaUS1WEWyEpF8EHEriiU+ne0syyf9+nlveeH2hx+3Pyq2quWSl0+PqjeYzXKJqYiolOuDxo7V3p2+7R3uq+W62d2TdI8wC9j1TuBg1HYO2Bym+lPet8B5kBTvmwdMRlyKiIny74AoZ4f0bEd3XON9c4aa5QAAAOCCemY7tmMjLo96HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCRJFGv5KtiSTvpqUg6v/9fK/dFmb6djnjMT+PJqAcAAAAAAAAAACfgs9uxHRtxOSL+mm3vFN/sv5y/XslfPxXvxlosxWrciI1oxnqsx2rMRsRkT0O1jeb6+ursADXnDq05d7zx//Z41QAAAAAAAADgf82PYzH//h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM6NJKJSrPLlSic9GWk1IiYiopaV24z4Syd9QSSH7Xxy9uMAAACApzJxjDrPbMd2bMTlzvZOkj/zX8uflyfi3ViJ9ViO9WjFUtwtn6Gzp/60vdVotbcaD9tbjbzj7+4Uina+9u+hhpG3GMVnD4f3/GJeoh73YjnfcyPu5IO5G2leM/NiOZ7usreTH2Vjqr9WGnBkd8t11tkv+32KcBLSYStM5pXGuhGZKceWNfTs0ZH4xLNTPbKn2Ui7n/xcOaKnziElQ8b8UqdeRPx8X8xf++evvzNgM6egG4k08kjM9Vx919pbjUr0jXnE537/mzfvt1Ye3L+3Nn1ql9FZ2X9NNHoi8cLRV985j0R1yPIzeSSudrcX4xvxrZiOqXgjVmM5vhfNWI+lKGfGaJbXc/Y62ROliAORurVn641PGkmtPC/FLDrImKZiPE814+W87uVYjiTejruxFK/m/+ZiNr4U8zEfCz1n+GrfM5wfWz7TpsPd9dc/H7u3+i+ymXqwehF/HLTg8Iq31Cyuz/bEtXfOnczzevfsRum5Ad6Phpwbq58pE1kfPznO28ap2R+J2Z5IPH90JH6V3xtrrZUHq/eb7/Rpf3Pf9itju+mfneY789Cy6+W5mChnkr1XR5b3fHeW2RuvWvmNS5GXHsi7muclSedO/eYhd2oW8YW89LVDW5rL8144mFcpR/63f/Tk7fl7K97+U+9Rnp8rD4B9Ln3hUq3+r/qf6+/Xf1q/X3994uvjXx5/qRZjfxj7SnWm8kr6UvK7eD9+sPv8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHN/ao8cPmq3W0urhibR/1skmkvKHfPqVqUY9Onv+Xo79TAZ2qoe82dqpnGzLMfrjGiBRO6Ez+Oatc3E4FzpRiYhyzw8jdq+f8hQVv4T27f+MZHYCTtPN9Yfv3Fx79PiLyw+bby29tbQyNj+/MLMw/2rj5r3l1tJM8TrqUQKnYffvgVGPBAAAAAAAAAAAABjU2qPHY2Xy1P6nQU93UyM6TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOACW5yO6lgkMTtzYybbbm81WtnSSXfKVbs1ku9HJB9E3Ipiicme5pJ+/by3vHD7w4/bH+22Vu2UT4+qN5jNcompiKiU6wNqx2vvTr/2BpZ0jzAL2PVO4GDU/hsAAP//mh4CJA==")
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x9)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')

[   73.297277][ T5324] loop0: detected capacity change from 0 to 1024
[   73.321103][ T4672] Bluetooth: hci0: command tx timeout
[   73.378679][ T5324] hfsplus: request for non-existent node 211 in B*Tree
[   73.388285][ T5324] hfsplus: request for non-existent node 211 in B*Tree
[   73.393659][ T5325] ==================================================================
[   73.397133][ T5325] BUG: KASAN: wild-memory-access in hfsplus_bnode_read+0x135/0x2a0
[   73.400713][ T5325] Read of size 1 at addr ffe72887de40a9ff by task syz.0.0/5325
[   73.404245][ T5325] 
[   73.405530][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 PREEMPT(full) 
[   73.405546][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   73.405554][ T5325] Call Trace:
[   73.405564][ T5325]  <TASK>
[   73.405570][ T5325]  dump_stack_lvl+0x189/0x250
[   73.405672][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.405691][ T5325]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[   73.405746][ T5325]  ? hfsplus_bnode_read+0x135/0x2a0
[   73.405766][ T5325]  ? hfsplus_bnode_read+0x135/0x2a0
[   73.405782][ T5325]  kasan_report+0x118/0x150
[   73.405818][ T5325]  ? hfsplus_bnode_read+0x135/0x2a0
[   73.405834][ T5325]  ? hfsplus_bnode_read+0x135/0x2a0
[   73.405850][ T5325]  kasan_check_range+0x2b0/0x2c0
[   73.405862][ T5325]  ? hfsplus_bnode_read+0x135/0x2a0
[   73.405879][ T5325]  __asan_memcpy+0x29/0x70
[   73.405896][ T5325]  hfsplus_bnode_read+0x135/0x2a0
[   73.405915][ T5325]  hfsplus_bnode_dump+0x300/0x450
[   73.405934][ T5325]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   73.405952][ T5325]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   73.405976][ T5325]  ? hfsplus_bnode_move+0x393/0xb90
[   73.405995][ T5325]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   73.406008][ T5325]  hfsplus_brec_remove+0x480/0x550
[   73.406029][ T5325]  __hfsplus_delete_attr+0x1d4/0x360
[   73.406042][ T5325]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   73.406057][ T5325]  ? hfsplus_attr_build_key+0xee/0x260
[   73.406070][ T5325]  hfsplus_delete_attr+0x231/0x2d0
[   73.406084][ T5325]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   73.406097][ T5325]  ? hfsplus_find_init+0x8c/0x1d0
[   73.406108][ T5325]  ? hfsplus_find_init+0x15a/0x1d0
[   73.406118][ T5325]  __hfsplus_setxattr+0x71c/0x1f40
[   73.406132][ T5325]  ? do_raw_spin_lock+0x121/0x290
[   73.406166][ T5325]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   73.406182][ T5325]  ? lockdep_hardirqs_on+0x9c/0x150
[   73.406200][ T5325]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   73.406211][ T5325]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   73.406246][ T5325]  ? hfsplus_setxattr+0x68/0x180
[   73.406258][ T5325]  ? __kasan_kmalloc+0x93/0xb0
[   73.406268][ T5325]  ? hfsplus_setxattr+0x102/0x180
[   73.406280][ T5325]  hfsplus_setxattr+0x11e/0x180
[   73.406293][ T5325]  hfsplus_trusted_setxattr+0x40/0x60
[   73.406306][ T5325]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   73.406319][ T5325]  __vfs_removexattr+0x431/0x470
[   73.406337][ T5325]  __vfs_removexattr_locked+0x1ed/0x230
[   73.406349][ T5325]  vfs_removexattr+0x80/0x1b0
[   73.406361][ T5325]  path_removexattrat+0x35d/0x690
[   73.406379][ T5325]  ? __pfx_path_removexattrat+0x10/0x10
[   73.406400][ T5325]  ? rcu_is_watching+0x15/0xb0
[   73.406420][ T5325]  __x64_sys_lremovexattr+0x65/0x80
[   73.406435][ T5325]  do_syscall_64+0xfa/0x3b0
[   73.406445][ T5325]  ? lockdep_hardirqs_on+0x9c/0x150
[   73.406461][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.406473][ T5325]  ? clear_bhb_loop+0x60/0xb0
[   73.406487][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.406499][ T5325] RIP: 0033:0x7f3fa178e929
[   73.406534][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.406544][ T5325] RSP: 002b:00007f3fa25e0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   73.406559][ T5325] RAX: ffffffffffffffda RBX: 00007f3fa19b6080 RCX: 00007f3fa178e929
[   73.406568][ T5325] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240
[   73.406575][ T5325] RBP: 00007f3fa1810b39 R08: 0000000000000000 R09: 0000000000000000
[   73.406581][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.406589][ T5325] R13: 0000000000000000 R14: 00007f3fa19b6080 R15: 00007ffea65e02a8
[   73.406600][ T5325]  </TASK>
[   73.406605][ T5325] ==================================================================
[   73.607143][ T5325] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   73.610464][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 PREEMPT(full) 
[   73.615765][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   73.620784][ T5325] Call Trace:
[   73.622356][ T5325]  <TASK>
[   73.623643][ T5325]  dump_stack_lvl+0x99/0x250
[   73.625940][ T5325]  ? __asan_memcpy+0x40/0x70
[   73.628309][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.630851][ T5325]  ? __pfx__printk+0x10/0x10
[   73.633029][ T5325]  panic+0x2db/0x790
[   73.634843][ T5325]  ? __pfx_preempt_schedule+0x10/0x10
[   73.637103][ T5325]  ? __pfx_panic+0x10/0x10
[   73.639095][ T5325]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   73.642152][ T5325]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   73.645757][ T5325]  ? hfsplus_bnode_read+0x135/0x2a0
[   73.648112][ T5325]  check_panic_on_warn+0x89/0xb0
[   73.650269][ T5325]  ? hfsplus_bnode_read+0x135/0x2a0
[   73.652712][ T5325]  end_report+0x78/0x160
[   73.654824][ T5325]  kasan_report+0x129/0x150
[   73.657326][ T5325]  ? hfsplus_bnode_read+0x135/0x2a0
[   73.660236][ T5325]  ? hfsplus_bnode_read+0x135/0x2a0
[   73.662710][ T5325]  kasan_check_range+0x2b0/0x2c0
[   73.664979][ T5325]  ? hfsplus_bnode_read+0x135/0x2a0
[   73.667245][ T5325]  __asan_memcpy+0x29/0x70
[   73.669471][ T5325]  hfsplus_bnode_read+0x135/0x2a0
[   73.672264][ T5325]  hfsplus_bnode_dump+0x300/0x450
[   73.674791][ T5325]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   73.677327][ T5325]  ? hfsplus_bnode_write_u16+0x8b/0xd0
[   73.679770][ T5325]  ? hfsplus_bnode_move+0x393/0xb90
[   73.682253][ T5325]  ? __pfx___hfsplus_brec_find+0x10/0x10
[   73.685377][ T5325]  hfsplus_brec_remove+0x480/0x550
[   73.688347][ T5325]  __hfsplus_delete_attr+0x1d4/0x360
[   73.690794][ T5325]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   73.693398][ T5325]  ? hfsplus_attr_build_key+0xee/0x260
[   73.696091][ T5325]  hfsplus_delete_attr+0x231/0x2d0
[   73.698765][ T5325]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   73.701291][ T5325]  ? hfsplus_find_init+0x8c/0x1d0
[   73.703530][ T5325]  ? hfsplus_find_init+0x15a/0x1d0
[   73.705756][ T5325]  __hfsplus_setxattr+0x71c/0x1f40
[   73.707985][ T5325]  ? do_raw_spin_lock+0x121/0x290
[   73.710382][ T5325]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   73.713438][ T5325]  ? lockdep_hardirqs_on+0x9c/0x150
[   73.715860][ T5325]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   73.718780][ T5325]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   73.722145][ T5325]  ? hfsplus_setxattr+0x68/0x180
[   73.724816][ T5325]  ? __kasan_kmalloc+0x93/0xb0
[   73.727123][ T5325]  ? hfsplus_setxattr+0x102/0x180
[   73.729330][ T5325]  hfsplus_setxattr+0x11e/0x180
[   73.731387][ T5325]  hfsplus_trusted_setxattr+0x40/0x60
[   73.733954][ T5325]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   73.736487][ T5325]  __vfs_removexattr+0x431/0x470
[   73.738676][ T5325]  __vfs_removexattr_locked+0x1ed/0x230
[   73.740993][ T5325]  vfs_removexattr+0x80/0x1b0
[   73.743047][ T5325]  path_removexattrat+0x35d/0x690
[   73.745151][ T5325]  ? __pfx_path_removexattrat+0x10/0x10
[   73.747485][ T5325]  ? rcu_is_watching+0x15/0xb0
[   73.749520][ T5325]  __x64_sys_lremovexattr+0x65/0x80
[   73.751645][ T5325]  do_syscall_64+0xfa/0x3b0
[   73.753604][ T5325]  ? lockdep_hardirqs_on+0x9c/0x150
[   73.755809][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.758328][ T5325]  ? clear_bhb_loop+0x60/0xb0
[   73.760323][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.762883][ T5325] RIP: 0033:0x7f3fa178e929
[   73.764651][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.772757][ T5325] RSP: 002b:00007f3fa25e0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   73.776207][ T5325] RAX: ffffffffffffffda RBX: 00007f3fa19b6080 RCX: 00007f3fa178e929
[   73.779940][ T5325] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000240
[   73.783927][ T5325] RBP: 00007f3fa1810b39 R08: 0000000000000000 R09: 0000000000000000
[   73.787283][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.790431][ T5325] R13: 0000000000000000 R14: 00007f3fa19b6080 R15: 00007ffea65e02a8
[   73.793805][ T5325]  </TASK>
[   73.795595][ T5325] Kernel Offset: disabled
[   73.797895][ T5325] Rebooting in 86400 seconds..