program:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0x40000582) (async)
inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
semget$private(0x0, 0x0, 0x80)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
[ 74.711454][ T5304] Bluetooth: hci0: command tx timeout
[ 74.841564][ T5320] loop0: detected capacity change from 0 to 1024
[ 74.898468][ T5321] hfsplus: request for non-existent node 134217728 in B*Tree
[ 74.903333][ T5321] hfsplus: request for non-existent node 134217728 in B*Tree
[ 74.914496][ T5323] ==================================================================
[ 74.917622][ T5323] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[ 74.931112][ T5323] Read of size 2 at addr 000508800000103e by task syz.0.0/5323
[ 74.934418][ T5323]
[ 74.935518][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00028-g5c8c229261f1 #0
[ 74.935533][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 74.935540][ T5323] Call Trace:
[ 74.935548][ T5323]
[ 74.935554][ T5323] dump_stack_lvl+0x241/0x360
[ 74.935571][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.935582][ T5323] ? __pfx__printk+0x10/0x10
[ 74.935597][ T5323] ? _printk+0xd5/0x120
[ 74.935611][ T5323] print_report+0xe8/0x550
[ 74.935628][ T5323] ? __virt_addr_valid+0x58/0x530
[ 74.935644][ T5323] ? hfsplus_bnode_dump+0x403/0xbb0
[ 74.935659][ T5323] kasan_report+0x143/0x180
[ 74.935674][ T5323] ? hfsplus_bnode_dump+0x403/0xbb0
[ 74.935689][ T5323] ? hfsplus_bnode_dump+0x403/0xbb0
[ 74.935703][ T5323] kasan_check_range+0x282/0x290
[ 74.935713][ T5323] ? hfsplus_bnode_dump+0x403/0xbb0
[ 74.935757][ T5323] __asan_memcpy+0x29/0x70
[ 74.935771][ T5323] hfsplus_bnode_dump+0x403/0xbb0
[ 74.935788][ T5323] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 74.935802][ T5323] ? hfsplus_bnode_write_u16+0x9b/0xf0
[ 74.935816][ T5323] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[ 74.935830][ T5323] ? rcu_is_watching+0x15/0xb0
[ 74.935846][ T5323] ? hfsplus_bnode_move+0x2da/0x910
[ 74.935859][ T5323] ? __mark_inode_dirty+0x3db/0xe90
[ 74.935876][ T5323] hfsplus_brec_remove+0x42c/0x4f0
[ 74.935888][ T5323] __hfsplus_delete_attr+0x275/0x450
[ 74.935901][ T5323] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 74.935911][ T5323] ? hfsplus_find_init+0x85/0x1c0
[ 74.935922][ T5323] hfsplus_delete_attr+0x353/0x4b0
[ 74.935934][ T5323] ? __pfx_hfsplus_delete_attr+0x10/0x10
[ 74.935945][ T5323] ? hfsplus_find_init+0x85/0x1c0
[ 74.935955][ T5323] ? hfsplus_find_init+0x14a/0x1c0
[ 74.935965][ T5323] __hfsplus_setxattr+0x801/0x22d0
[ 74.935975][ T5323] ? kernel_text_address+0xa7/0xe0
[ 74.935986][ T5323] ? arch_stack_walk+0xfd/0x150
[ 74.936004][ T5323] ? __pfx___hfsplus_setxattr+0x10/0x10
[ 74.936016][ T5323] ? __pfx_stack_trace_save+0x10/0x10
[ 74.936029][ T5323] ? stack_depot_save_flags+0x37/0x940
[ 74.936053][ T5323] ? __kasan_kmalloc+0x98/0xb0
[ 74.936068][ T5323] ? __kmalloc_cache_noprof+0x243/0x390
[ 74.936079][ T5323] ? hfsplus_setxattr+0x68/0xe0
[ 74.936090][ T5323] hfsplus_setxattr+0xb0/0xe0
[ 74.936102][ T5323] hfsplus_user_setxattr+0x40/0x60
[ 74.936115][ T5323] ? __pfx_hfsplus_user_setxattr+0x10/0x10
[ 74.936126][ T5323] __vfs_removexattr+0x42a/0x460
[ 74.936139][ T5323] __vfs_removexattr_locked+0x206/0x450
[ 74.936150][ T5323] vfs_removexattr+0x103/0x2b0
[ 74.936160][ T5323] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 74.936173][ T5323] ? __pfx_vfs_removexattr+0x10/0x10
[ 74.936184][ T5323] path_removexattrat+0x32e/0x670
[ 74.936199][ T5323] ? __pfx_path_removexattrat+0x10/0x10
[ 74.936217][ T5323] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 74.936232][ T5323] ? exc_page_fault+0x590/0x8b0
[ 74.936302][ T5323] __x64_sys_removexattr+0x62/0x70
[ 74.936315][ T5323] do_syscall_64+0xf3/0x230
[ 74.936329][ T5323] ? clear_bhb_loop+0x35/0x90
[ 74.936345][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.936358][ T5323] RIP: 0033:0x7f4220d8cde9
[ 74.936370][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 74.936379][ T5323] RSP: 002b:00007f421d1f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[ 74.936392][ T5323] RAX: ffffffffffffffda RBX: 00007f4220fa6160 RCX: 00007f4220d8cde9
[ 74.936400][ T5323] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[ 74.936406][ T5323] RBP: 00007f4220e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 74.936413][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 74.936419][ T5323] R13: 0000000000000001 R14: 00007f4220fa6160 R15: 00007ffc9b2b4e68
[ 74.936429][ T5323]
[ 74.936434][ T5323] ==================================================================
[ 75.293028][ T5323] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 75.295753][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00028-g5c8c229261f1 #0
[ 75.299509][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.330544][ T5323] Call Trace:
[ 75.331980][ T5323]
[ 75.333192][ T5323] dump_stack_lvl+0x241/0x360
[ 75.335153][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.337445][ T5323] ? __pfx__printk+0x10/0x10
[ 75.353136][ T5323] ? preempt_schedule+0xe1/0xf0
[ 75.355175][ T5323] ? vscnprintf+0x5d/0x90
[ 75.356994][ T5323] panic+0x349/0x880
[ 75.358678][ T5323] ? check_panic_on_warn+0x21/0xb0
[ 75.361025][ T5323] ? __pfx_panic+0x10/0x10
[ 75.363146][ T5323] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 75.365923][ T5323] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 75.392424][ T5323] ? print_report+0xe8/0x550
[ 75.394336][ T5323] check_panic_on_warn+0x86/0xb0
[ 75.396294][ T5323] ? hfsplus_bnode_dump+0x403/0xbb0
[ 75.398309][ T5323] end_report+0x77/0x160
[ 75.400072][ T5323] kasan_report+0x154/0x180
[ 75.419247][ T5323] ? hfsplus_bnode_dump+0x403/0xbb0
[ 75.427492][ T5323] ? hfsplus_bnode_dump+0x403/0xbb0
[ 75.429567][ T5323] kasan_check_range+0x282/0x290
[ 75.439297][ T5323] ? hfsplus_bnode_dump+0x403/0xbb0
[ 75.445976][ T5323] __asan_memcpy+0x29/0x70
[ 75.447833][ T5323] hfsplus_bnode_dump+0x403/0xbb0
[ 75.449894][ T5323] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 75.469468][ T5323] ? hfsplus_bnode_write_u16+0x9b/0xf0
[ 75.480981][ T5323] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[ 75.483600][ T5323] ? rcu_is_watching+0x15/0xb0
[ 75.485664][ T5323] ? hfsplus_bnode_move+0x2da/0x910
[ 75.487834][ T5323] ? __mark_inode_dirty+0x3db/0xe90
[ 75.490130][ T5323] hfsplus_brec_remove+0x42c/0x4f0
[ 75.505496][ T5323] __hfsplus_delete_attr+0x275/0x450
[ 75.508768][ T5323] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 75.512251][ T5323] ? hfsplus_find_init+0x85/0x1c0
[ 75.515052][ T5323] hfsplus_delete_attr+0x353/0x4b0
[ 75.518246][ T5323] ? __pfx_hfsplus_delete_attr+0x10/0x10
[ 75.521648][ T5323] ? hfsplus_find_init+0x85/0x1c0
[ 75.531025][ T5323] ? hfsplus_find_init+0x14a/0x1c0
[ 75.535000][ T5323] __hfsplus_setxattr+0x801/0x22d0
[ 75.537730][ T5323] ? kernel_text_address+0xa7/0xe0
[ 75.539690][ T5323] ? arch_stack_walk+0xfd/0x150
[ 75.541619][ T5323] ? __pfx___hfsplus_setxattr+0x10/0x10
[ 75.543653][ T5323] ? __pfx_stack_trace_save+0x10/0x10
[ 75.545653][ T5323] ? stack_depot_save_flags+0x37/0x940
[ 75.547721][ T5323] ? __kasan_kmalloc+0x98/0xb0
[ 75.557878][ T5323] ? __kmalloc_cache_noprof+0x243/0x390
[ 75.566635][ T5323] ? hfsplus_setxattr+0x68/0xe0
[ 75.568642][ T5323] hfsplus_setxattr+0xb0/0xe0
[ 75.570524][ T5323] hfsplus_user_setxattr+0x40/0x60
[ 75.580862][ T5323] ? __pfx_hfsplus_user_setxattr+0x10/0x10
[ 75.589665][ T5323] __vfs_removexattr+0x42a/0x460
[ 75.594226][ T5323] __vfs_removexattr_locked+0x206/0x450
[ 75.596436][ T5323] vfs_removexattr+0x103/0x2b0
[ 75.598420][ T5323] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 75.604231][ T5323] ? __pfx_vfs_removexattr+0x10/0x10
[ 75.622053][ T5323] path_removexattrat+0x32e/0x670
[ 75.637545][ T5323] ? __pfx_path_removexattrat+0x10/0x10
[ 75.640023][ T5323] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 75.643025][ T5323] ? exc_page_fault+0x590/0x8b0
[ 75.645979][ T5323] __x64_sys_removexattr+0x62/0x70
[ 75.648495][ T5323] do_syscall_64+0xf3/0x230
[ 75.650652][ T5323] ? clear_bhb_loop+0x35/0x90
[ 75.665951][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.669563][ T5323] RIP: 0033:0x7f4220d8cde9
[ 75.672902][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 75.696686][ T5323] RSP: 002b:00007f421d1f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[ 75.700201][ T5323] RAX: ffffffffffffffda RBX: 00007f4220fa6160 RCX: 00007f4220d8cde9
[ 75.703874][ T5323] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[ 75.707231][ T5323] RBP: 00007f4220e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 75.722908][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 75.725799][ T5323] R13: 0000000000000001 R14: 00007f4220fa6160 R15: 00007ffc9b2b4e68
[ 75.728599][ T5323]
[ 75.730012][ T5323] Kernel Offset: disabled
[ 75.739673][ T5323] Rebooting in 86400 seconds..