program:
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000000, &(0x7f00000022c0)=ANY=[], 0x1, 0x6c7, &(0x7f00000002c0)="$eJzs3c1vHGcdB/DvrNeON1TBaROIUBFWIhWkiMSJlUK4YBBCOVSoKoeercRprG6SKnFRWiFwAMEJiUP/gILkGweExD0oXLiUW68+VkLiEnGIelk0s7PrXXv9lvgt9POJxs/z7PMyv3n2mZnddawN8IV17Xyaj1Lk2vk3HpTl1ZXZ9urK7LG6up2kzDeSZjdJcScpHidzZX0xsGUg3eCjxatvffpk9bNuqVlvVfuxrfqNMKLtcr1luh5vemTP8Z3uYrkOLy8luV6nwyZ2OtZQw3LSztUpHLrOBsu76b6b8xY4Ynp3p6J739xgKjmeZLJ+HZD66tA4uAif28hYd3WVAwAAgBfKw37uk7uHGggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8kOrv/y/qrVGnmU7R+/7/id5jdf4Imttxy0f7GgcAAAAAAAAAHIxvPM3TPMiJXrlTVL/zP1sVTuXzTvKlvJ/7Wci9XMiDzGcpS7mXS0mmBgaaeDC/tHTvUr9naXTPyyN7Xj6oIwYAAAAAAACA/0u/Smvt9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAUFMlYN6m2U3WaqTSaWavLcvKvJBOHHe8uFIcdAAAAAOyFyWfo8+WneZoHOdErd4rqPf9XqvfLk3k/d7KUxSylnYXcqN9Dl+/6G6srs+3Vldnb5VaWh8f9wX92FcZEPcJYVRq15zNVi1ZuZrF65EKuV8HcSKO773PJmV48A3ENeFjGVHy/tsPImvW0ljv7w75+ivBoqNTYomVrLbikPyMzdWxlz5PdGSiqD2qS9TOx7bPTHCpNVaOO9/d0KY3+Jz+n9mHOj9dpeTy/PVKf3PRnopFqJi73Vl95zmw9E8k3//bnt2+177x76+b980fnkLYxtsnj69fEbG8melehF3YmmrtsP1PNxOl++Vp+nJ/mfKbzZu5lMT/LfJaykE5dP1+v5/Ln1NZrZm6o9OZ2kUzUz0v3OdtJTNP5UZWbz9mq74kspsjd3MhCXq/+Xc6lfCdXciVXB9b66U3jro6tOusb68/63jP995HBn/tWnSmvbr9bu8rNbXXEm63OvdJdzOW8nhyY1+6qf9JvdXLgPJgZmKWXe7MzPnLwZ7k2Nr9WZ8p9/Hqb+8TBmqpnojyBeneJXnSvdGeiWd2LNq7zP3bKfmnf6XRuzb+3yfjL68qv1Wm5rFa+vl3rntFPxd4q18vLmayvJMOro6x7pX+VGajrrK3lbt3wHbfsd7qqK4remfqT3K0WwMYzdaJ+DbdxpMtV3VdH1s1WdWcG6oZeb+Vu2rlxAPMHwLP459v97FSOT7T+3fqk9XHrN61brTcmf3jsu8dencj4P8a/15wZe63xavHXfJxfrL3/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnt39Dz58d77dXrg3OtPYvGoo08r6R7YbeV2mqL/QZ3e99j7TSrIX40yuH6f6nqMjeDidXyYHPs+9LxEc3eb3Zaa5YUWNyswNPfKXjQM+3GWExc7Oi33MNHKwOx3L6AVwiBcl4EBcXLr93sX7H3z47cXb8+8svLNwZ/zKlaszV6+8Pnvx5mJ7Yab787CjBPbD2k3/sCMBAAAAAAAAAAAAdmrUHwacfWkv/gZmwv8sBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPbEtfNpPkqRSzMXZsry6spsu9x6+bWWzSSNRlL8PCkeJ3PpbpkaGK7Inx6nM2I/Hy1efevTJ6ufrY3V7LZPGnW6ua1rkyzXW6aTjNXpcxga7/pzj1f8t3cM5YR93ul05p4vPtgb/wsAAP//9Xrw+A==")
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf64(r0, &(0x7f0000000140)={{0x7f, 0x45, 0x4c, 0x46, 0x50, 0x7, 0x5, 0x6, 0x7, 0x2, 0x3e, 0x7, 0x1fa, 0x40, 0xc4, 0x7ff, 0x400, 0x38, 0x4, 0xa, 0x100, 0xfffc}, [{0x70000000, 0x2, 0x401, 0x4, 0x2, 0x800, 0x3, 0xce4}, {0x2, 0x3ff, 0x2, 0x7, 0x4, 0x3, 0x4, 0x7}, {0x440b3ef1a0759dad, 0xe4, 0x1, 0x6af, 0x1, 0x81, 0x8, 0x2}, {0x70000000, 0x4, 0x8, 0x0, 0x81, 0x7, 0xc1e, 0x6}]}, 0x120)
r1 = fanotify_init(0x8, 0x40000)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
fanotify_mark(r1, 0x1, 0x100018, r2, 0x0)
close(r0)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

[   85.646112][ T4676] Bluetooth: hci0: command tx timeout
[   85.768478][ T5332] loop0: detected capacity change from 0 to 1024
[   85.919813][ T5332] hfsplus: new node 0 already hashed?
[   85.939598][ T5332] ------------[ cut here ]------------
[   85.942053][ T5332] WARNING: fs/hfsplus/bnode.c:631 at hfsplus_bnode_create+0x461/0x4f0, CPU#0: syz.0.0/5332
[   85.946504][ T5332] Modules linked in:
[   85.948335][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.952218][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.956367][ T5332] RIP: 0010:hfsplus_bnode_create+0x461/0x4f0
[   85.958758][ T5332] Code: a2 8b 89 ee e8 00 c8 85 fe e9 cf fc ff ff e8 46 de 1f ff 4c 89 ef e8 ce 6b be 08 48 c7 c7 00 97 a2 8b 89 ee e8 e0 c7 85 fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff
[   85.967728][ T5332] RSP: 0018:ffffc9000e91ef80 EFLAGS: 00010246
[   85.970201][ T5332] RAX: 0000000000000023 RBX: ffff888037da6000 RCX: d9fdb46249e22600
[   85.973755][ T5332] RDX: ffffc900206b1000 RSI: 0000000000006b70 RDI: 0000000000006b71
[   85.977268][ T5332] RBP: 0000000000000000 R08: ffffc9000e91eca7 R09: 1ffff92001d23d94
[   85.980716][ T5332] R10: dffffc0000000000 R11: fffff52001d23d95 R12: 0000000000000000
[   85.984287][ T5332] R13: ffff888037da60e0 R14: ffff888011d80600 R15: dffffc0000000000
[   85.987762][ T5332] FS:  00007f19979e06c0(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000
[   85.991436][ T5332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.994450][ T5332] CR2: 000055d82dc544b0 CR3: 00000000122a6000 CR4: 0000000000352ef0
[   85.997879][ T5332] Call Trace:
[   85.999691][ T5332]  <TASK>
[   86.001067][ T5332]  ? do_raw_spin_unlock+0x4d/0x240
[   86.003601][ T5332]  hfsplus_bmap_alloc+0x746/0xaf0
[   86.005760][ T5332]  ? __pfx_hfsplus_bmap_alloc+0x10/0x10
[   86.008141][ T5332]  ? hfsplus_bnode_read+0x1e5/0x7a0
[   86.010431][ T5332]  ? hfsplus_bnode_read+0x1e5/0x7a0
[   86.012718][ T5332]  hfs_bnode_split+0xcc/0x1080
[   86.014754][ T5332]  ? hfsplus_bnode_read+0x2f0/0x7a0
[   86.016857][ T5332]  ? hfsplus_bnode_read+0x1e5/0x7a0
[   86.019072][ T5332]  ? __asan_memcpy+0x40/0x70
[   86.021075][ T5332]  ? hfsplus_bnode_read+0x2f0/0x7a0
[   86.023807][ T5332]  ? hfsplus_bnode_read_u16+0x87/0xd0
[   86.026062][ T5332]  ? __pfx_hfs_bnode_split+0x10/0x10
[   86.028341][ T5332]  hfsplus_brec_insert+0x3b6/0xd70
[   86.030512][ T5332]  ? __pfx_hfsplus_brec_insert+0x10/0x10
[   86.032944][ T5332]  hfsplus_create_cat+0x3b1/0x10d0
[   86.035216][ T5332]  ? __pfx_hfsplus_create_cat+0x10/0x10
[   86.037535][ T5332]  ? do_raw_spin_unlock+0x4d/0x240
[   86.039748][ T5332]  ? do_raw_spin_unlock+0x4d/0x240
[   86.042010][ T5332]  ? _raw_spin_unlock+0x28/0x50
[   86.044165][ T5332]  ? hfsplus_new_inode+0x643/0x820
[   86.046363][ T5332]  hfsplus_fill_super+0x120e/0x1930
[   86.048683][ T5332]  ? __pfx_hfsplus_fill_super+0x10/0x10
[   86.051387][ T5332]  ? string+0x279/0x2b0
[   86.053987][ T5332]  ? snprintf+0xda/0x120
[   86.056226][ T5332]  ? sb_set_blocksize+0x155/0x240
[   86.058911][ T5332]  ? setup_bdev_super+0x4c1/0x5b0
[   86.061637][ T5332]  get_tree_bdev_flags+0x40e/0x4d0
[   86.063943][ T5332]  ? __pfx_hfsplus_fill_super+0x10/0x10
[   86.066527][ T5332]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   86.069558][ T5332]  vfs_get_tree+0x92/0x2a0
[   86.071650][ T5332]  do_new_mount+0x302/0xa10
[   86.073502][ T5332]  ? apparmor_capable+0x137/0x1a0
[   86.075667][ T5332]  ? __pfx_do_new_mount+0x10/0x10
[   86.077832][ T5332]  ? ns_capable+0x8a/0xf0
[   86.079759][ T5332]  ? kmem_cache_free+0x197/0x620
[   86.082116][ T5332]  __se_sys_mount+0x313/0x410
[   86.084006][ T5332]  ? __pfx___se_sys_mount+0x10/0x10
[   86.086322][ T5332]  ? do_syscall_64+0xbe/0xf80
[   86.088520][ T5332]  ? __x64_sys_mount+0x20/0xc0
[   86.090404][ T5332]  do_syscall_64+0xfa/0xf80
[   86.092514][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.094988][ T5332]  ? clear_bhb_loop+0x60/0xb0
[   86.097091][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.099670][ T5332] RIP: 0033:0x7f1996b90f6a
[   86.102123][ T5332] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.111125][ T5332] RSP: 002b:00007f19979dfe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   86.115206][ T5332] RAX: ffffffffffffffda RBX: 00007f19979dfef0 RCX: 00007f1996b90f6a
[   86.118490][ T5332] RDX: 0000200000000100 RSI: 0000200000002900 RDI: 00007f19979dfeb0
[   86.122204][ T5332] RBP: 0000200000000100 R08: 00007f19979dfef0 R09: 0000000002000000
[   86.125681][ T5332] R10: 0000000002000000 R11: 0000000000000246 R12: 0000200000002900
[   86.129132][ T5332] R13: 00007f19979dfeb0 R14: 00000000000006c7 R15: 00002000000022c0
[   86.132669][ T5332]  </TASK>
[   86.134041][ T5332] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.137135][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.141052][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.145525][ T5332] Call Trace:
[   86.147010][ T5332]  <TASK>
[   86.148247][ T5332]  dump_stack_lvl+0x99/0x250
[   86.150299][ T5332]  ? __asan_memcpy+0x40/0x70
[   86.152248][ T5332]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.154469][ T5332]  ? __pfx__printk+0x10/0x10
[   86.156463][ T5332]  vpanic+0x237/0x6d0
[   86.158290][ T5332]  ? __pfx_vpanic+0x10/0x10
[   86.160193][ T5332]  ? is_bpf_text_address+0x292/0x2b0
[   86.162524][ T5332]  ? is_bpf_text_address+0x26/0x2b0
[   86.165102][ T5332]  panic+0xb9/0xc0
[   86.166756][ T5332]  ? __pfx_panic+0x10/0x10
[   86.168627][ T5332]  __warn+0x317/0x4b0
[   86.170357][ T5332]  ? hfsplus_bnode_create+0x461/0x4f0
[   86.172588][ T5332]  ? hfsplus_bnode_create+0x461/0x4f0
[   86.174788][ T5332]  __report_bug+0x288/0x500
[   86.176730][ T5332]  ? irq_work_queue+0xbc/0x140
[   86.178811][ T5332]  ? hfsplus_bnode_create+0x461/0x4f0
[   86.181078][ T5332]  ? __pfx___report_bug+0x10/0x10
[   86.183283][ T5332]  ? __pfx_vprintk_emit+0x10/0x10
[   86.185459][ T5332]  ? hfsplus_bnode_create+0x461/0x4f0
[   86.187771][ T5332]  report_bug+0x16a/0x220
[   86.189644][ T5332]  ? hfsplus_bnode_create+0x461/0x4f0
[   86.192028][ T5332]  ? hfsplus_bnode_create+0x463/0x4f0
[   86.194502][ T5332]  handle_bug+0x98/0x200
[   86.196360][ T5332]  exc_invalid_op+0x1a/0x50
[   86.198249][ T5332]  asm_exc_invalid_op+0x1a/0x20
[   86.200322][ T5332] RIP: 0010:hfsplus_bnode_create+0x461/0x4f0
[   86.202950][ T5332] Code: a2 8b 89 ee e8 00 c8 85 fe e9 cf fc ff ff e8 46 de 1f ff 4c 89 ef e8 ce 6b be 08 48 c7 c7 00 97 a2 8b 89 ee e8 e0 c7 85 fe 90 <0f> 0b 90 eb b0 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c d6 fb ff ff
[   86.210709][ T5332] RSP: 0018:ffffc9000e91ef80 EFLAGS: 00010246
[   86.213187][ T5332] RAX: 0000000000000023 RBX: ffff888037da6000 RCX: d9fdb46249e22600
[   86.216984][ T5332] RDX: ffffc900206b1000 RSI: 0000000000006b70 RDI: 0000000000006b71
[   86.220692][ T5332] RBP: 0000000000000000 R08: ffffc9000e91eca7 R09: 1ffff92001d23d94
[   86.224323][ T5332] R10: dffffc0000000000 R11: fffff52001d23d95 R12: 0000000000000000
[   86.227458][ T5332] R13: ffff888037da60e0 R14: ffff888011d80600 R15: dffffc0000000000
[   86.230679][ T5332]  ? do_raw_spin_unlock+0x4d/0x240
[   86.232792][ T5332]  hfsplus_bmap_alloc+0x746/0xaf0
[   86.234832][ T5332]  ? __pfx_hfsplus_bmap_alloc+0x10/0x10
[   86.237040][ T5332]  ? hfsplus_bnode_read+0x1e5/0x7a0
[   86.239148][ T5332]  ? hfsplus_bnode_read+0x1e5/0x7a0
[   86.241180][ T5332]  hfs_bnode_split+0xcc/0x1080
[   86.243078][ T5332]  ? hfsplus_bnode_read+0x2f0/0x7a0
[   86.245277][ T5332]  ? hfsplus_bnode_read+0x1e5/0x7a0
[   86.247438][ T5332]  ? __asan_memcpy+0x40/0x70
[   86.249367][ T5332]  ? hfsplus_bnode_read+0x2f0/0x7a0
[   86.251690][ T5332]  ? hfsplus_bnode_read_u16+0x87/0xd0
[   86.254085][ T5332]  ? __pfx_hfs_bnode_split+0x10/0x10
[   86.256122][ T5332]  hfsplus_brec_insert+0x3b6/0xd70
[   86.258424][ T5332]  ? __pfx_hfsplus_brec_insert+0x10/0x10
[   86.260751][ T5332]  hfsplus_create_cat+0x3b1/0x10d0
[   86.262960][ T5332]  ? __pfx_hfsplus_create_cat+0x10/0x10
[   86.265605][ T5332]  ? do_raw_spin_unlock+0x4d/0x240
[   86.267884][ T5332]  ? do_raw_spin_unlock+0x4d/0x240
[   86.270088][ T5332]  ? _raw_spin_unlock+0x28/0x50
[   86.272276][ T5332]  ? hfsplus_new_inode+0x643/0x820
[   86.274575][ T5332]  hfsplus_fill_super+0x120e/0x1930
[   86.276867][ T5332]  ? __pfx_hfsplus_fill_super+0x10/0x10
[   86.279315][ T5332]  ? string+0x279/0x2b0
[   86.281178][ T5332]  ? snprintf+0xda/0x120
[   86.283050][ T5332]  ? sb_set_blocksize+0x155/0x240
[   86.285055][ T5332]  ? setup_bdev_super+0x4c1/0x5b0
[   86.287192][ T5332]  get_tree_bdev_flags+0x40e/0x4d0
[   86.289345][ T5332]  ? __pfx_hfsplus_fill_super+0x10/0x10
[   86.291742][ T5332]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   86.294166][ T5332]  vfs_get_tree+0x92/0x2a0
[   86.296062][ T5332]  do_new_mount+0x302/0xa10
[   86.298070][ T5332]  ? apparmor_capable+0x137/0x1a0
[   86.300161][ T5332]  ? __pfx_do_new_mount+0x10/0x10
[   86.302218][ T5332]  ? ns_capable+0x8a/0xf0
[   86.304111][ T5332]  ? kmem_cache_free+0x197/0x620
[   86.306376][ T5332]  __se_sys_mount+0x313/0x410
[   86.308361][ T5332]  ? __pfx___se_sys_mount+0x10/0x10
[   86.310848][ T5332]  ? do_syscall_64+0xbe/0xf80
[   86.312870][ T5332]  ? __x64_sys_mount+0x20/0xc0
[   86.314936][ T5332]  do_syscall_64+0xfa/0xf80
[   86.316946][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.319636][ T5332]  ? clear_bhb_loop+0x60/0xb0
[   86.321623][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.324081][ T5332] RIP: 0033:0x7f1996b90f6a
[   86.325953][ T5332] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.334068][ T5332] RSP: 002b:00007f19979dfe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   86.337690][ T5332] RAX: ffffffffffffffda RBX: 00007f19979dfef0 RCX: 00007f1996b90f6a
[   86.341327][ T5332] RDX: 0000200000000100 RSI: 0000200000002900 RDI: 00007f19979dfeb0
[   86.344716][ T5332] RBP: 0000200000000100 R08: 00007f19979dfef0 R09: 0000000002000000
[   86.347989][ T5332] R10: 0000000002000000 R11: 0000000000000246 R12: 0000200000002900
[   86.351375][ T5332] R13: 00007f19979dfeb0 R14: 00000000000006c7 R15: 00002000000022c0
[   86.354592][ T5332]  </TASK>
[   86.356234][ T5332] Kernel Offset: disabled
[   86.358158][ T5332] Rebooting in 86400 seconds..