program:
syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x1008400, &(0x7f0000000100)=ANY=[], 0x85, 0x683, &(0x7f00000012c0)="$eJzs3ctvXFcZAPDvjsdjTyipmyZtiirFaiRAWCS2Ry6YTQNCyIsKVWXB2komySiTtNhT5FaImve2i/wBZeEdC4TEPqJs2MCuWy8rIdh0g2Ez6D5mPPF4xuMk9tju71cdn3Pvuef1zb1z59FoAvjCWpmL8qNIYmXuzY10e3ur1tzeqt3vlCNiKiJKEeU8i+Q/7Xb7k4gbkad4Jd1ZdJcMGudhY/ntTz/f/izfKhcpO740rN1oNosUsxExUeTPqr+bB/U3fVB3SXeFacCudgIH4zYZEe3Mvx7me37yt+e6NT2q+7U+8MwHToEkv2/2mYk4V1zo6euA/K6Y37NPtc1xTwAAAACOwfM7sRMbcX7c8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDTpPj9/6RIpU55NpLO7/9Xin1RlE+WK4c7/NFRzQMAAAAAAAAAjtGVndiJjTjf2W4n2Xf+r2UbF7O/X4r3Yj3qsRbXYiNWoxWtWIuFiJjp6aiysdpqrS10W3b+z4D+lov7tlw8YKJTRV59FqsGAAAAAAAAgDPnl7Gy+/0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcBEnERJ5l6WKnPBOlckRMR0QlPW4z4h+d8mn2aNwTAAAAgKfQHvG453dKO7ER57vtkuw9/0vZ+/7peC8eRCsa0Ypm1ONW9llA/q6/tL1Va25v1e6nqb/f7/77UNPNeoz8s4f9R76cHVGN29HI9lyLm/FOJMmtKGUtU5c789l/Xr9I55S8kZsccWa3ijxd+UdF3ufDQy12kEN+mDKTRWSyG5H5Ym5pNF4YHolDPjp7R1qIUneyF/eMtGcRj8X8jRHHO1fk6Xp+OyjmY7E3Eos9Z99Lw2Me8bU//+HHd5sP7t29vT53cpY0mokiz59Xqv2RqPVE4uWzHIk+81kkLnW3V+IH8aOYi9l4K9aiET+N1WhFPWbj+1lptTifk55LfkCkbjy29dZBM6kUZ2j+YD0+pzhgTq9lbc9HI34Y78StqMfr2X+LsRDfiqVYiuWeR/jSCM+0pQFXffvL+07+6teLQjUiflfkmTvlgxZ+xNK4vtAT197n3JmsrnfPbpQuHOJ+1InSH4dPpfyVopCO8asiPxn2RmKhJxIvDo/E77OnlfXmg3trd1ffHW24Cx8VhfQ6+s2Jukuk58uF9MHKth4/O9K6F4u6ySztxqtSfOOStyv11V3q1uVX6ubAK7VSvIbr72kxq3t537paVne5p27v661m9/XQWfjyB+DMOveNc5XqP6t/r35c/XX1bvXN6e9NfXvq1UpM/nXyO+X5ia+WXk3+FB/Hz3ff/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE9u/f0P7q02m/W1PYV2u/3hgKrTXOj8nNkxDvrKcxFP3LzydKNXIuKJmv+vnXtm0fhvu90u9iQn4kwYWsjWPhXtgcckQ5v/JSJGG6scEftVXRl/EMb8xAQcueut++9eX3//g2827q/eqd+pP1heWlqeX156vXb9dqNZn8//jnuWwFHYvemPeyYAAAAAAAAAAADAqI7jnxMMHn36OJcKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnFIrc1F+FEkszF+bT7e3t2rNNHXKu0eWI6IUEcnPIpJPIm5EnmKmp7tk0DgPG8tvf/r59me7fZU7x5eGtRvNZpFiNiImivxZ9XfzqftLuitMA3a1EzgYt/8HAAD//6K7Ccs=")
chdir(&(0x7f00000001c0)='./file0\x00')
r0 = creat(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000004b80), 0x103882, 0x0)
ioctl$CDROM_MEDIA_CHANGED(r1, 0x5325, 0x6)
pwritev2(r0, &(0x7f0000000200)=[{&(0x7f0000001280)='*', 0x1}], 0x1, 0x0, 0x0, 0x6)

[   86.900147][   T45] Bluetooth: hci0: command tx timeout
[   86.910726][   T55] cfg80211: failed to load regulatory.db
[   86.992675][ T5365] loop0: detected capacity change from 0 to 1024
[   87.077322][ T5365] hfsplus: new node 0 already hashed?
[   87.080315][ T5365] ------------[ cut here ]------------
[   87.082921][ T5365] WARNING: CPU: 0 PID: 5365 at fs/hfsplus/bnode.c:671 hfsplus_bnode_create+0x461/0x4f0
[   87.087848][ T5365] Modules linked in:
[   87.089781][ T5365] CPU: 0 UID: 0 PID: 5365 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[   87.095886][ T5365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.100129][ T5365] RIP: 0010:hfsplus_bnode_create+0x461/0x4f0
[   87.102543][ T5365] Code: a1 8b 89 ee e8 c0 f9 8d fe e9 cf fc ff ff e8 76 15 26 ff 4c 89 ef e8 be 97 e3 08 48 c7 c7 00 cb a1 8b 89 ee e8 a0 f9 8d fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff
[   87.110916][ T5365] RSP: 0018:ffffc9000d43f1a0 EFLAGS: 00010246
[   87.114115][ T5365] RAX: 0000000000000023 RBX: ffff888000244000 RCX: d5baf64816431a00
[   87.118754][ T5365] RDX: ffffc9000e4aa000 RSI: 0000000000003f5d RDI: 0000000000003f5e
[   87.122314][ T5365] RBP: 0000000000000000 R08: ffffc9000d43eec7 R09: 1ffff92001a87dd8
[   87.126381][ T5365] R10: dffffc0000000000 R11: fffff52001a87dd9 R12: 0000000000000000
[   87.129847][ T5365] R13: ffff8880002440e0 R14: ffff888036af1100 R15: dffffc0000000000
[   87.133410][ T5365] FS:  00007fa44987b6c0(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000
[   87.137774][ T5365] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.141049][ T5365] CR2: 00007fa448ba6c48 CR3: 0000000011821000 CR4: 0000000000352ef0
[   87.145290][ T5365] Call Trace:
[   87.146833][ T5365]  <TASK>
[   87.148173][ T5365]  ? do_raw_spin_unlock+0x4d/0x240
[   87.150294][ T5365]  hfsplus_bmap_alloc+0x5af/0x640
[   87.152551][ T5365]  ? __pfx_hfsplus_bmap_alloc+0x10/0x10
[   87.155242][ T5365]  ? hfsplus_bnode_read+0x223/0x800
[   87.157716][ T5365]  ? hfsplus_bnode_read+0x223/0x800
[   87.160303][ T5365]  hfs_bnode_split+0xcc/0xef0
[   87.162486][ T5365]  ? hfsplus_bnode_read+0x344/0x800
[   87.164755][ T5365]  ? hfsplus_bnode_read+0x223/0x800
[   87.166865][ T5365]  ? __asan_memcpy+0x40/0x70
[   87.168743][ T5365]  ? hfsplus_bnode_read_u16+0x87/0xd0
[   87.170870][ T5365]  ? __pfx_hfs_bnode_split+0x10/0x10
[   87.173015][ T5365]  hfsplus_brec_insert+0x38f/0xcc0
[   87.175436][ T5365]  ? __pfx_hfsplus_brec_insert+0x10/0x10
[   87.178018][ T5365]  ? hfsplus_bnode_read+0x344/0x800
[   87.180359][ T5365]  hfsplus_rename_cat+0x51c/0xde0
[   87.182730][ T5365]  ? down_read_non_owner+0x1d0/0x320
[   87.185435][ T5365]  ? __pfx_hfsplus_rename_cat+0x10/0x10
[   87.188042][ T5365]  ? __pfx___mutex_lock+0x10/0x10
[   87.190341][ T5365]  ? __pfx_sprintf+0x10/0x10
[   87.192325][ T5365]  hfsplus_unlink+0x2e7/0x730
[   87.194475][ T5365]  ? __pfx_hfsplus_unlink+0x10/0x10
[   87.196768][ T5365]  ? down_write_nested+0x169/0x200
[   87.199142][ T5365]  ? __pfx_down_write_nested+0x10/0x10
[   87.201660][ T5365]  hfsplus_rename+0xcb/0x1c0
[   87.203821][ T5365]  ? __pfx_hfsplus_rename+0x10/0x10
[   87.206520][ T5365]  vfs_rename+0xbd7/0xf00
[   87.208578][ T5365]  ? __pfx_vfs_rename+0x10/0x10
[   87.210775][ T5365]  ? bpf_lsm_path_rename+0x9/0x20
[   87.212996][ T5365]  ? security_path_rename+0x17d/0x490
[   87.216033][ T5365]  do_renameat2+0x6ce/0xa80
[   87.218414][ T5365]  ? __pfx_do_renameat2+0x10/0x10
[   87.221085][ T5365]  ? strncpy_from_user+0x150/0x290
[   87.223535][ T5365]  ? getname_flags+0x1e5/0x540
[   87.226075][ T5365]  __x64_sys_rename+0x82/0x90
[   87.228278][ T5365]  do_syscall_64+0xfa/0x3b0
[   87.230481][ T5365]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.232869][ T5365]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.235840][ T5365]  ? clear_bhb_loop+0x60/0xb0
[   87.238012][ T5365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.240913][ T5365] RIP: 0033:0x7fa44898ebe9
[   87.243132][ T5365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.252105][ T5365] RSP: 002b:00007fa44987b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[   87.256382][ T5365] RAX: ffffffffffffffda RBX: 00007fa448bb5fa0 RCX: 00007fa44898ebe9
[   87.260307][ T5365] RDX: 0000000000000000 RSI: 0000200000000f40 RDI: 00002000000003c0
[   87.263950][ T5365] RBP: 00007fa448a11e19 R08: 0000000000000000 R09: 0000000000000000
[   87.268247][ T5365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.272155][ T5365] R13: 00007fa448bb6038 R14: 00007fa448bb5fa0 R15: 00007ffddb61b1b8
[   87.276163][ T5365]  </TASK>
[   87.277537][ T5365] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.280701][ T5365] CPU: 0 UID: 0 PID: 5365 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[   87.285666][ T5365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.290230][ T5365] Call Trace:
[   87.291786][ T5365]  <TASK>
[   87.293116][ T5365]  dump_stack_lvl+0x99/0x250
[   87.295295][ T5365]  ? __asan_memcpy+0x40/0x70
[   87.297398][ T5365]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.299794][ T5365]  ? __pfx__printk+0x10/0x10
[   87.301992][ T5365]  vpanic+0x281/0x750
[   87.303899][ T5365]  ? __pfx__printk+0x10/0x10
[   87.306067][ T5365]  ? __pfx_vpanic+0x10/0x10
[   87.308115][ T5365]  ? is_bpf_text_address+0x26/0x2b0
[   87.310441][ T5365]  panic+0xb9/0xc0
[   87.312122][ T5365]  ? __pfx_panic+0x10/0x10
[   87.314132][ T5365]  __warn+0x31b/0x4b0
[   87.316023][ T5365]  ? hfsplus_bnode_create+0x461/0x4f0
[   87.318516][ T5365]  ? hfsplus_bnode_create+0x461/0x4f0
[   87.321049][ T5365]  report_bug+0x2be/0x4f0
[   87.323155][ T5365]  ? hfsplus_bnode_create+0x461/0x4f0
[   87.325839][ T5365]  ? hfsplus_bnode_create+0x461/0x4f0
[   87.328542][ T5365]  ? hfsplus_bnode_create+0x463/0x4f0
[   87.330972][ T5365]  handle_bug+0x84/0x160
[   87.332988][ T5365]  exc_invalid_op+0x1a/0x50
[   87.335038][ T5365]  asm_exc_invalid_op+0x1a/0x20
[   87.337349][ T5365] RIP: 0010:hfsplus_bnode_create+0x461/0x4f0
[   87.340570][ T5365] Code: a1 8b 89 ee e8 c0 f9 8d fe e9 cf fc ff ff e8 76 15 26 ff 4c 89 ef e8 be 97 e3 08 48 c7 c7 00 cb a1 8b 89 ee e8 a0 f9 8d fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff
[   87.351763][ T5365] RSP: 0018:ffffc9000d43f1a0 EFLAGS: 00010246
[   87.354612][ T5365] RAX: 0000000000000023 RBX: ffff888000244000 RCX: d5baf64816431a00
[   87.358098][ T5365] RDX: ffffc9000e4aa000 RSI: 0000000000003f5d RDI: 0000000000003f5e
[   87.361953][ T5365] RBP: 0000000000000000 R08: ffffc9000d43eec7 R09: 1ffff92001a87dd8
[   87.366007][ T5365] R10: dffffc0000000000 R11: fffff52001a87dd9 R12: 0000000000000000
[   87.369497][ T5365] R13: ffff8880002440e0 R14: ffff888036af1100 R15: dffffc0000000000
[   87.372937][ T5365]  ? do_raw_spin_unlock+0x4d/0x240
[   87.375229][ T5365]  hfsplus_bmap_alloc+0x5af/0x640
[   87.377803][ T5365]  ? __pfx_hfsplus_bmap_alloc+0x10/0x10
[   87.380575][ T5365]  ? hfsplus_bnode_read+0x223/0x800
[   87.383288][ T5365]  ? hfsplus_bnode_read+0x223/0x800
[   87.385732][ T5365]  hfs_bnode_split+0xcc/0xef0
[   87.387965][ T5365]  ? hfsplus_bnode_read+0x344/0x800
[   87.390341][ T5365]  ? hfsplus_bnode_read+0x223/0x800
[   87.392772][ T5365]  ? __asan_memcpy+0x40/0x70
[   87.395001][ T5365]  ? hfsplus_bnode_read_u16+0x87/0xd0
[   87.397413][ T5365]  ? __pfx_hfs_bnode_split+0x10/0x10
[   87.399733][ T5365]  hfsplus_brec_insert+0x38f/0xcc0
[   87.402215][ T5365]  ? __pfx_hfsplus_brec_insert+0x10/0x10
[   87.405057][ T5365]  ? hfsplus_bnode_read+0x344/0x800
[   87.407529][ T5365]  hfsplus_rename_cat+0x51c/0xde0
[   87.409668][ T5365]  ? down_read_non_owner+0x1d0/0x320
[   87.411749][ T5365]  ? __pfx_hfsplus_rename_cat+0x10/0x10
[   87.414342][ T5365]  ? __pfx___mutex_lock+0x10/0x10
[   87.416435][ T5365]  ? __pfx_sprintf+0x10/0x10
[   87.418198][ T5365]  hfsplus_unlink+0x2e7/0x730
[   87.420178][ T5365]  ? __pfx_hfsplus_unlink+0x10/0x10
[   87.422453][ T5365]  ? down_write_nested+0x169/0x200
[   87.424749][ T5365]  ? __pfx_down_write_nested+0x10/0x10
[   87.427118][ T5365]  hfsplus_rename+0xcb/0x1c0
[   87.429206][ T5365]  ? __pfx_hfsplus_rename+0x10/0x10
[   87.431495][ T5365]  vfs_rename+0xbd7/0xf00
[   87.433401][ T5365]  ? __pfx_vfs_rename+0x10/0x10
[   87.435425][ T5365]  ? bpf_lsm_path_rename+0x9/0x20
[   87.437494][ T5365]  ? security_path_rename+0x17d/0x490
[   87.439727][ T5365]  do_renameat2+0x6ce/0xa80
[   87.441591][ T5365]  ? __pfx_do_renameat2+0x10/0x10
[   87.443680][ T5365]  ? strncpy_from_user+0x150/0x290
[   87.446042][ T5365]  ? getname_flags+0x1e5/0x540
[   87.448240][ T5365]  __x64_sys_rename+0x82/0x90
[   87.450484][ T5365]  do_syscall_64+0xfa/0x3b0
[   87.452698][ T5365]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.455225][ T5365]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.457925][ T5365]  ? clear_bhb_loop+0x60/0xb0
[   87.460042][ T5365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.462714][ T5365] RIP: 0033:0x7fa44898ebe9
[   87.464802][ T5365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.473053][ T5365] RSP: 002b:00007fa44987b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[   87.477126][ T5365] RAX: ffffffffffffffda RBX: 00007fa448bb5fa0 RCX: 00007fa44898ebe9
[   87.480797][ T5365] RDX: 0000000000000000 RSI: 0000200000000f40 RDI: 00002000000003c0
[   87.484360][ T5365] RBP: 00007fa448a11e19 R08: 0000000000000000 R09: 0000000000000000
[   87.488236][ T5365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.492508][ T5365] R13: 00007fa448bb6038 R14: 00007fa448bb5fa0 R15: 00007ffddb61b1b8
[   87.496544][ T5365]  </TASK>
[   87.498271][ T5365] Kernel Offset: disabled
[   87.500276][ T5365] Rebooting in 86400 seconds..