program:
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000000)=ANY=[], 0x1, 0x6ca, &(0x7f0000000500)="$eJzs3c1vHGcdB/DvrNeON1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kleMit0LgAoITEof+AQXJNw4IiXtQuHApt159rITEgYhD1MuimZ21d+31W+K30M8nGs/zzPMyv3nmmRnvOqsN8IV142KaD1PkxsXXl8r86sp0e3Vl+kRd3E5SphtJs7tKcS8pHiUzZXnRt6RvvclH89ff/PTx6mfdXLNeqvoj27UbYkjd5XrJZN3f5NCWo7vdxXIdXl5IcrNeDxrbbV8DFctBu1Cv4ch1NlneS/O9XLfAMdN7OhXd5+YmE8nJJOP17wGp7w6Nw4vwYOzpLgcAAADPqU/uH3UEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Pypv/+/qJdGvc5kit73/4/1ttXpY2hm1zUfHmgcAAAAAAAAAHA4vv4kT7KUU718p6j+5n++ypzJ553kS3kvDzKXhVzKUmazmMUs5EqSib6OxpZmFxcXrqy1LA1veXVoy6uHdcQAAAAAAAAA8H/pl2mt//0fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOgyIZ6a6q5Uy9zkQazayXZTn5Z5Kxo453D4qjDgAAAAD2w/hTtPnykzzJUk718p2ies3/ler18njey70sZj6LaWcut+rX0OWr/sbqynR7dWX6brmU+cF+v//vPYUxVvcwUuWG7flcVaOV25mvtlzKzSqYW2l0930hOdeLpy+uPh+WMRXfq+0ysmY9rOXOfn+g7yI8HMg1tqnZWg8uWRuRqTq2suXp7ggU1Rs1ycaR2PHsNAdyE1Wvo2t7upLG2js/Zw5gzE/W6/J4fnOs3rlZG4lGqpG42pt95TWz/Ugk3/jrn9660773zp3bDy4en0PawcgW2zfOiem+kXj5uR6J5h7rT1UjcXYtfyM/yk9yMZN5IwuZz08zm8XMpVOXz9bzufw5sf1IzQzk3tgpkrH6vHTP2W5imswPq9RszldtT2U+Re7nVubyWvXvaq7k27mWa7ned4bPbhl3dWzVVd/YeNX3zvTfhgZ/4Zt1ory7/Xb9Ljez3RFvNTv3S/feX47r6b5x7c76x2u1TvddB1N9o/Rib3RGh3b+NPfG5lfrRLmPX+3wnDhcE/VIlBdQ7ynRi+6l7kg0q2fR5nn+h07ZLu17nc6d2Xd7W/8zWGl5w/5erdfltFr52sZoNtbuGX4q9lc5X17MeH0nGZwdZdlLa3eZvrLO+lzulg0+cct2Z6uyouhdqT/O/WoCbL5Sx+rf4Tb3dLUqe3lo2XRVdq6vbOD3rdxPO7cOYfwAeBr/eGstOZGTY61/tT5pfdz6detO6/XxH5z4zolXxjL699HvNqdGXm28UvwlH+fn66//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp/fg/Q/emW235xaGJxpbFw0kWtm4ZaeeNySK+gt99tbq+CbGkwxsqb7n6NDDaG0MY1Oi84vk0Men9yWCw+v8rkw0N82oYYmZgS1/3tzhh3uMsNjddXGAiUYOd6cjGT4BjvCmBByKy4t337384P0PvjV/d/btubfn7o1eu3Z96vq116Yv355vz011fx51lMBBWH/oH3UkAAAAAAAAAAAAwG4N+2DA+Rd2+tDIrj7j4X8WAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPvixsU0H6bIlalLU2V+dWW6XS699HrNZpJGIyl+lhSPkpl0l0z0dVfkj4/SGbKfj+avv/np49XP1vtqdusnjXq9te1LkyzXSyaTjNTrZzDQ381n7q/4b+8YygH7vNPpzDxbfLA//hcAAP//dqv1Qg==")
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7f454c46057d0a080500000000000000030008000000000000000000380000000b030000bc0000000900200002000100870000040000000051e5746406000000fdfffffff9ffffffbfa10000f7ffffff59860000020000000600000003000000000001000900000006000000ffffff7f01000000ffffffff7db403b2587960915e64bd05a56de3e31de398dade2ccd1440ebc6049f1a07deedf0486f9f5422dda6eb5fe9c97182295d498687c0ee83d441416dadb7f18678c8d42f7dde85a3679ebfbf1602792347362cdc0adbb7e7940febe9dc87bd5e36d0113def476da2b9d116923dab206c5a284f58388b34da6f01d12c60b9655027063efa9768ae757841ed4c37b8e0a84b995d1ed11879c42056363e1c9f52a684042383206af06bc84483d9ce18f7491f6567dec714"], 0x78)
close(r0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r1 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0)
fcntl$setstatus(r1, 0x4, 0x42400)
r2 = syz_usbip_server_init(0x2)
write$usbip_server(r2, &(0x7f0000000140)=@ret_unlink={{0x4, 0x2, 0x0, 0x1, 0x100}}, 0x30)
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000001000000000000010000ffff0f000000000000000000000105000000100000000000000000000003000000000100000002"], 0x0, 0x53}, 0x20)
fcntl$setstatus(r3, 0x4, 0x42000)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448cb, 0x0)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="043c"], 0xa)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r5, 0x4, 0x2400)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

[   74.250493][ T5317] Bluetooth: hci0: command tx timeout
[   74.314996][ T5337] loop0: detected capacity change from 0 to 1024
[   74.392283][ T5337] hfsplus: new node 0 already hashed?
[   74.394771][ T5337] ------------[ cut here ]------------
[   74.397047][ T5337] WARNING: CPU: 0 PID: 5337 at fs/hfsplus/bnode.c:579 hfsplus_bnode_create+0x461/0x4f0
[   74.401349][ T5337] Modules linked in:
[   74.403161][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) 
[   74.408176][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.414266][ T5337] RIP: 0010:hfsplus_bnode_create+0x461/0x4f0
[   74.417482][ T5337] Code: a1 8b 89 ee e8 b0 aa 8f fe e9 cf fc ff ff e8 96 3e 28 ff 4c 89 ef e8 ce 22 da 08 48 c7 c7 20 c0 a1 8b 89 ee e8 90 aa 8f fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff
[   74.425924][ T5337] RSP: 0018:ffffc9000d5ff040 EFLAGS: 00010246
[   74.428788][ T5337] RAX: 0000000000000023 RBX: ffff888033342000 RCX: 1f7fb8ce34a29a00
[   74.432470][ T5337] RDX: ffffc9000df82000 RSI: 00000000000055ae RDI: 00000000000055af
[   74.435689][ T5337] RBP: 0000000000000000 R08: ffffc9000d5fed67 R09: 1ffff92001abfdac
[   74.439234][ T5337] R10: dffffc0000000000 R11: fffff52001abfdad R12: 0000000000000000
[   74.443154][ T5337] R13: ffff8880333420e0 R14: ffff88803662f300 R15: dffffc0000000000
[   74.446542][ T5337] FS:  00007fa8cb5216c0(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000
[   74.450524][ T5337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.453551][ T5337] CR2: 00007fd5e0b909c0 CR3: 0000000035eb8000 CR4: 0000000000352ef0
[   74.457581][ T5337] Call Trace:
[   74.459303][ T5337]  <TASK>
[   74.460622][ T5337]  ? do_raw_spin_unlock+0x4d/0x240
[   74.462831][ T5337]  hfsplus_bmap_alloc+0x5af/0x640
[   74.465060][ T5337]  ? __pfx_hfsplus_bmap_alloc+0x10/0x10
[   74.467835][ T5337]  ? hfsplus_bnode_read+0x135/0x2a0
[   74.470599][ T5337]  ? hfsplus_bnode_read+0x135/0x2a0
[   74.472879][ T5337]  hfs_bnode_split+0xcc/0xef0
[   74.474936][ T5337]  ? hfsplus_bnode_read+0x255/0x2a0
[   74.477251][ T5337]  ? hfsplus_bnode_read+0x135/0x2a0
[   74.479821][ T5337]  ? __asan_memcpy+0x40/0x70
[   74.482399][ T5337]  ? hfsplus_bnode_read_u16+0x87/0xd0
[   74.485380][ T5337]  ? __pfx_hfs_bnode_split+0x10/0x10
[   74.488086][ T5337]  hfsplus_brec_insert+0x38f/0xcc0
[   74.490387][ T5337]  ? __pfx_hfsplus_brec_insert+0x10/0x10
[   74.492738][ T5337]  hfsplus_create_cat+0x3b6/0x1000
[   74.494871][ T5337]  ? __pfx_hfsplus_create_cat+0x10/0x10
[   74.497160][ T5337]  ? do_raw_spin_unlock+0x4d/0x240
[   74.499417][ T5337]  ? do_raw_spin_unlock+0x4d/0x240
[   74.501580][ T5337]  ? _raw_spin_unlock+0x28/0x50
[   74.503766][ T5337]  ? hfsplus_new_inode+0x643/0x820
[   74.506023][ T5337]  hfsplus_fill_super+0x1314/0x1b70
[   74.508493][ T5337]  ? __pfx_hfsplus_fill_super+0x10/0x10
[   74.511054][ T5337]  ? string+0x279/0x2b0
[   74.512944][ T5337]  ? snprintf+0xda/0x120
[   74.514930][ T5337]  ? sb_set_blocksize+0x104/0x180
[   74.517165][ T5337]  ? setup_bdev_super+0x4c1/0x5b0
[   74.519514][ T5337]  get_tree_bdev_flags+0x40e/0x4d0
[   74.521688][ T5337]  ? __pfx_hfsplus_fill_super+0x10/0x10
[   74.524350][ T5337]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   74.526916][ T5337]  vfs_get_tree+0x92/0x2b0
[   74.529024][ T5337]  do_new_mount+0x24a/0xa40
[   74.530970][ T5337]  __se_sys_mount+0x317/0x410
[   74.533035][ T5337]  ? __pfx___se_sys_mount+0x10/0x10
[   74.535312][ T5337]  ? do_syscall_64+0xbe/0x3b0
[   74.537319][ T5337]  ? __x64_sys_mount+0x20/0xc0
[   74.539461][ T5337]  do_syscall_64+0xfa/0x3b0
[   74.541410][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.543815][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.546685][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   74.548766][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.552043][ T5337] RIP: 0033:0x7fa8ca79014a
[   74.554413][ T5337] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.562409][ T5337] RSP: 002b:00007fa8cb520e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   74.566209][ T5337] RAX: ffffffffffffffda RBX: 00007fa8cb520ef0 RCX: 00007fa8ca79014a
[   74.570492][ T5337] RDX: 0000200000000100 RSI: 0000200000002900 RDI: 00007fa8cb520eb0
[   74.574093][ T5337] RBP: 0000200000000100 R08: 00007fa8cb520ef0 R09: 0000000002000010
[   74.577554][ T5337] R10: 0000000002000010 R11: 0000000000000246 R12: 0000200000002900
[   74.581268][ T5337] R13: 00007fa8cb520eb0 R14: 00000000000006ca R15: 0000200000000000
[   74.584649][ T5337]  </TASK>
[   74.585943][ T5337] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.589051][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) 
[   74.594581][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.599268][ T5337] Call Trace:
[   74.600860][ T5337]  <TASK>
[   74.602141][ T5337]  dump_stack_lvl+0x99/0x250
[   74.604160][ T5337]  ? __asan_memcpy+0x40/0x70
[   74.606064][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.608347][ T5337]  ? __pfx__printk+0x10/0x10
[   74.610398][ T5337]  panic+0x2db/0x790
[   74.612305][ T5337]  ? __pfx_panic+0x10/0x10
[   74.614198][ T5337]  ? show_trace_log_lvl+0x4fb/0x550
[   74.616399][ T5337]  __warn+0x31b/0x4b0
[   74.618227][ T5337]  ? hfsplus_bnode_create+0x461/0x4f0
[   74.620566][ T5337]  ? hfsplus_bnode_create+0x461/0x4f0
[   74.622860][ T5337]  report_bug+0x2be/0x4f0
[   74.624788][ T5337]  ? hfsplus_bnode_create+0x461/0x4f0
[   74.626974][ T5337]  ? hfsplus_bnode_create+0x461/0x4f0
[   74.629140][ T5337]  ? hfsplus_bnode_create+0x463/0x4f0
[   74.631519][ T5337]  handle_bug+0x84/0x160
[   74.633474][ T5337]  exc_invalid_op+0x1a/0x50
[   74.635620][ T5337]  asm_exc_invalid_op+0x1a/0x20
[   74.637862][ T5337] RIP: 0010:hfsplus_bnode_create+0x461/0x4f0
[   74.640465][ T5337] Code: a1 8b 89 ee e8 b0 aa 8f fe e9 cf fc ff ff e8 96 3e 28 ff 4c 89 ef e8 ce 22 da 08 48 c7 c7 20 c0 a1 8b 89 ee e8 90 aa 8f fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff
[   74.648362][ T5337] RSP: 0018:ffffc9000d5ff040 EFLAGS: 00010246
[   74.650866][ T5337] RAX: 0000000000000023 RBX: ffff888033342000 RCX: 1f7fb8ce34a29a00
[   74.654080][ T5337] RDX: ffffc9000df82000 RSI: 00000000000055ae RDI: 00000000000055af
[   74.657210][ T5337] RBP: 0000000000000000 R08: ffffc9000d5fed67 R09: 1ffff92001abfdac
[   74.660638][ T5337] R10: dffffc0000000000 R11: fffff52001abfdad R12: 0000000000000000
[   74.664274][ T5337] R13: ffff8880333420e0 R14: ffff88803662f300 R15: dffffc0000000000
[   74.667929][ T5337]  ? do_raw_spin_unlock+0x4d/0x240
[   74.670087][ T5337]  hfsplus_bmap_alloc+0x5af/0x640
[   74.672149][ T5337]  ? __pfx_hfsplus_bmap_alloc+0x10/0x10
[   74.674504][ T5337]  ? hfsplus_bnode_read+0x135/0x2a0
[   74.676611][ T5337]  ? hfsplus_bnode_read+0x135/0x2a0
[   74.678722][ T5337]  hfs_bnode_split+0xcc/0xef0
[   74.680666][ T5337]  ? hfsplus_bnode_read+0x255/0x2a0
[   74.682891][ T5337]  ? hfsplus_bnode_read+0x135/0x2a0
[   74.685116][ T5337]  ? __asan_memcpy+0x40/0x70
[   74.687212][ T5337]  ? hfsplus_bnode_read_u16+0x87/0xd0
[   74.689477][ T5337]  ? __pfx_hfs_bnode_split+0x10/0x10
[   74.691685][ T5337]  hfsplus_brec_insert+0x38f/0xcc0
[   74.693883][ T5337]  ? __pfx_hfsplus_brec_insert+0x10/0x10
[   74.696252][ T5337]  hfsplus_create_cat+0x3b6/0x1000
[   74.698495][ T5337]  ? __pfx_hfsplus_create_cat+0x10/0x10
[   74.700789][ T5337]  ? do_raw_spin_unlock+0x4d/0x240
[   74.703076][ T5337]  ? do_raw_spin_unlock+0x4d/0x240
[   74.705062][ T5337]  ? _raw_spin_unlock+0x28/0x50
[   74.707149][ T5337]  ? hfsplus_new_inode+0x643/0x820
[   74.709396][ T5337]  hfsplus_fill_super+0x1314/0x1b70
[   74.711610][ T5337]  ? __pfx_hfsplus_fill_super+0x10/0x10
[   74.714072][ T5337]  ? string+0x279/0x2b0
[   74.715914][ T5337]  ? snprintf+0xda/0x120
[   74.717722][ T5337]  ? sb_set_blocksize+0x104/0x180
[   74.719842][ T5337]  ? setup_bdev_super+0x4c1/0x5b0
[   74.721870][ T5337]  get_tree_bdev_flags+0x40e/0x4d0
[   74.724029][ T5337]  ? __pfx_hfsplus_fill_super+0x10/0x10
[   74.726476][ T5337]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   74.728920][ T5337]  vfs_get_tree+0x92/0x2b0
[   74.730885][ T5337]  do_new_mount+0x24a/0xa40
[   74.732932][ T5337]  __se_sys_mount+0x317/0x410
[   74.735019][ T5337]  ? __pfx___se_sys_mount+0x10/0x10
[   74.737249][ T5337]  ? do_syscall_64+0xbe/0x3b0
[   74.739270][ T5337]  ? __x64_sys_mount+0x20/0xc0
[   74.741346][ T5337]  do_syscall_64+0xfa/0x3b0
[   74.743372][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.745532][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.748064][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   74.750141][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.752750][ T5337] RIP: 0033:0x7fa8ca79014a
[   74.755675][ T5337] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.764493][ T5337] RSP: 002b:00007fa8cb520e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   74.767990][ T5337] RAX: ffffffffffffffda RBX: 00007fa8cb520ef0 RCX: 00007fa8ca79014a
[   74.771982][ T5337] RDX: 0000200000000100 RSI: 0000200000002900 RDI: 00007fa8cb520eb0
[   74.776423][ T5337] RBP: 0000200000000100 R08: 00007fa8cb520ef0 R09: 0000000002000010
[   74.780018][ T5337] R10: 0000000002000010 R11: 0000000000000246 R12: 0000200000002900
[   74.783298][ T5337] R13: 00007fa8cb520eb0 R14: 00000000000006ca R15: 0000200000000000
[   74.786610][ T5337]  </TASK>
[   74.788276][ T5337] Kernel Offset: disabled
[   74.790171][ T5337] Rebooting in 86400 seconds..