program:
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001840)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x5}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x84}]}}}]}]}], {0x14}}, 0xe8}, 0x1, 0x0, 0x0, 0x4000000}, 0x8090)
sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0x40000582) (async)
inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) (async)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
socketpair(0x23, 0x3, 0x2, &(0x7f0000000040))
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[   69.367644][ T4663] Bluetooth: hci0: command tx timeout
[   69.450343][ T5318] loop0: detected capacity change from 0 to 1024
[   69.497821][ T5319] hfsplus: request for non-existent node 134217728 in B*Tree
[   69.503936][ T5319] hfsplus: request for non-existent node 134217728 in B*Tree
[   69.507400][ T5318] ==================================================================
[   69.510393][ T5318] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   69.515023][ T5318] Read of size 2 at addr 000508800000103e by task syz.0.0/5318
[   69.517755][ T5318] 
[   69.518710][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0
[   69.518723][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.518731][ T5318] Call Trace:
[   69.518737][ T5318]  <TASK>
[   69.518743][ T5318]  dump_stack_lvl+0x241/0x360
[   69.518757][ T5318]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.518767][ T5318]  ? __pfx__printk+0x10/0x10
[   69.518783][ T5318]  ? _printk+0xd5/0x120
[   69.518798][ T5318]  print_report+0xe8/0x550
[   69.518814][ T5318]  ? __virt_addr_valid+0x58/0x530
[   69.518829][ T5318]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.518844][ T5318]  kasan_report+0x143/0x180
[   69.518859][ T5318]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.518873][ T5318]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.518887][ T5318]  kasan_check_range+0x282/0x290
[   69.518901][ T5318]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.518915][ T5318]  __asan_memcpy+0x29/0x70
[   69.518928][ T5318]  hfsplus_bnode_dump+0x403/0xbb0
[   69.518945][ T5318]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   69.518959][ T5318]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   69.518973][ T5318]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   69.518987][ T5318]  ? rcu_is_watching+0x15/0xb0
[   69.518997][ T5318]  ? hfsplus_bnode_move+0x2da/0x910
[   69.519015][ T5318]  ? __mark_inode_dirty+0x3db/0xe90
[   69.519027][ T5318]  hfsplus_brec_remove+0x42c/0x4f0
[   69.519044][ T5318]  __hfsplus_delete_attr+0x275/0x450
[   69.519056][ T5318]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   69.519067][ T5318]  ? hfsplus_find_init+0x85/0x1c0
[   69.519082][ T5318]  hfsplus_delete_attr+0x353/0x4b0
[   69.519093][ T5318]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   69.519104][ T5318]  ? hfsplus_find_init+0x85/0x1c0
[   69.519120][ T5318]  ? hfsplus_find_init+0x14a/0x1c0
[   69.519134][ T5318]  __hfsplus_setxattr+0x801/0x22d0
[   69.519146][ T5318]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.519160][ T5318]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   69.519211][ T5318]  ? lockdep_hardirqs_on+0x99/0x150
[   69.519223][ T5318]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   69.519233][ T5318]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.519247][ T5318]  ? stack_depot_save_flags+0x7b4/0x940
[   69.519268][ T5318]  ? __kasan_kmalloc+0x98/0xb0
[   69.519282][ T5318]  ? __kmalloc_cache_noprof+0x243/0x390
[   69.519293][ T5318]  ? hfsplus_setxattr+0x68/0xe0
[   69.519310][ T5318]  hfsplus_setxattr+0xb0/0xe0
[   69.519322][ T5318]  hfsplus_user_setxattr+0x40/0x60
[   69.519335][ T5318]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   69.519345][ T5318]  __vfs_removexattr+0x42a/0x460
[   69.519363][ T5318]  __vfs_removexattr_locked+0x206/0x450
[   69.519380][ T5318]  vfs_removexattr+0x103/0x2b0
[   69.519395][ T5318]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   69.519408][ T5318]  ? __pfx_vfs_removexattr+0x10/0x10
[   69.519425][ T5318]  path_removexattrat+0x32e/0x670
[   69.519439][ T5318]  ? __pfx_path_removexattrat+0x10/0x10
[   69.519450][ T5318]  ? do_futex+0x33b/0x560
[   69.519468][ T5318]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.519482][ T5318]  ? do_syscall_64+0x100/0x230
[   69.519495][ T5318]  __x64_sys_removexattr+0x62/0x70
[   69.519507][ T5318]  do_syscall_64+0xf3/0x230
[   69.519519][ T5318]  ? clear_bhb_loop+0x35/0x90
[   69.519534][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.519552][ T5318] RIP: 0033:0x7f128fb8cd29
[   69.519564][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.519572][ T5318] RSP: 002b:00007f1290931038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   69.519585][ T5318] RAX: ffffffffffffffda RBX: 00007f128fda5fa0 RCX: 00007f128fb8cd29
[   69.519593][ T5318] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[   69.519600][ T5318] RBP: 00007f128fc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.519606][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.519613][ T5318] R13: 0000000000000000 R14: 00007f128fda5fa0 R15: 00007ffce38ed4b8
[   69.519622][ T5318]  </TASK>
[   69.519626][ T5318] ==================================================================
[   69.675624][ T5318] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.678196][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0
[   69.681841][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.685671][ T5318] Call Trace:
[   69.686950][ T5318]  <TASK>
[   69.688114][ T5318]  dump_stack_lvl+0x241/0x360
[   69.689782][ T5318]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.691552][ T5318]  ? __pfx__printk+0x10/0x10
[   69.693161][ T5318]  ? preempt_schedule+0xe1/0xf0
[   69.694910][ T5318]  ? vscnprintf+0x5d/0x90
[   69.696430][ T5318]  panic+0x349/0x880
[   69.697799][ T5318]  ? check_panic_on_warn+0x21/0xb0
[   69.699657][ T5318]  ? __pfx_panic+0x10/0x10
[   69.701313][ T5318]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   69.703494][ T5318]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.705893][ T5318]  ? print_report+0xe8/0x550
[   69.707640][ T5318]  check_panic_on_warn+0x86/0xb0
[   69.709554][ T5318]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.711471][ T5318]  end_report+0x77/0x160
[   69.713119][ T5318]  kasan_report+0x154/0x180
[   69.714858][ T5318]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.716883][ T5318]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.718824][ T5318]  kasan_check_range+0x282/0x290
[   69.720599][ T5318]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.722488][ T5318]  __asan_memcpy+0x29/0x70
[   69.724159][ T5318]  hfsplus_bnode_dump+0x403/0xbb0
[   69.726022][ T5318]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   69.728008][ T5318]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   69.729960][ T5318]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   69.731974][ T5318]  ? rcu_is_watching+0x15/0xb0
[   69.733724][ T5318]  ? hfsplus_bnode_move+0x2da/0x910
[   69.735634][ T5318]  ? __mark_inode_dirty+0x3db/0xe90
[   69.737573][ T5318]  hfsplus_brec_remove+0x42c/0x4f0
[   69.739565][ T5318]  __hfsplus_delete_attr+0x275/0x450
[   69.741582][ T5318]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   69.743713][ T5318]  ? hfsplus_find_init+0x85/0x1c0
[   69.745581][ T5318]  hfsplus_delete_attr+0x353/0x4b0
[   69.747489][ T5318]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   69.749627][ T5318]  ? hfsplus_find_init+0x85/0x1c0
[   69.751518][ T5318]  ? hfsplus_find_init+0x14a/0x1c0
[   69.753449][ T5318]  __hfsplus_setxattr+0x801/0x22d0
[   69.755313][ T5318]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.757679][ T5318]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   69.759952][ T5318]  ? lockdep_hardirqs_on+0x99/0x150
[   69.761930][ T5318]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   69.763958][ T5318]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.766170][ T5318]  ? stack_depot_save_flags+0x7b4/0x940
[   69.768264][ T5318]  ? __kasan_kmalloc+0x98/0xb0
[   69.770175][ T5318]  ? __kmalloc_cache_noprof+0x243/0x390
[   69.772295][ T5318]  ? hfsplus_setxattr+0x68/0xe0
[   69.774048][ T5318]  hfsplus_setxattr+0xb0/0xe0
[   69.775782][ T5318]  hfsplus_user_setxattr+0x40/0x60
[   69.777661][ T5318]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   69.779762][ T5318]  __vfs_removexattr+0x42a/0x460
[   69.781599][ T5318]  __vfs_removexattr_locked+0x206/0x450
[   69.783566][ T5318]  vfs_removexattr+0x103/0x2b0
[   69.785321][ T5318]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   69.787454][ T5318]  ? __pfx_vfs_removexattr+0x10/0x10
[   69.789441][ T5318]  path_removexattrat+0x32e/0x670
[   69.791271][ T5318]  ? __pfx_path_removexattrat+0x10/0x10
[   69.793408][ T5318]  ? do_futex+0x33b/0x560
[   69.795066][ T5318]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.797396][ T5318]  ? do_syscall_64+0x100/0x230
[   69.799140][ T5318]  __x64_sys_removexattr+0x62/0x70
[   69.800992][ T5318]  do_syscall_64+0xf3/0x230
[   69.802659][ T5318]  ? clear_bhb_loop+0x35/0x90
[   69.804374][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.806336][ T5318] RIP: 0033:0x7f128fb8cd29
[   69.807766][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.814749][ T5318] RSP: 002b:00007f1290931038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   69.818033][ T5318] RAX: ffffffffffffffda RBX: 00007f128fda5fa0 RCX: 00007f128fb8cd29
[   69.821788][ T5318] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[   69.825506][ T5318] RBP: 00007f128fc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.829150][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.832120][ T5318] R13: 0000000000000000 R14: 00007f128fda5fa0 R15: 00007ffce38ed4b8
[   69.834994][ T5318]  </TASK>
[   69.836452][ T5318] Kernel Offset: disabled
[   69.838026][ T5318] Rebooting in 86400 seconds..