program:
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x400}) (async)
r1 = io_uring_setup(0x3eaf, &(0x7f0000000100))
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") (rerun: 32)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0x40000582) (async, rerun: 64)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) (rerun: 64)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000})
madvise(&(0x7f0000573000/0x4000)=nil, 0x4000, 0x8) (async)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x68042, 0x62)
r4 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
write$dsp(r3, &(0x7f0000000100)='n', 0x1) (async)
ftruncate(r4, 0x2007ffb) (async)
sendfile(r3, r4, 0x0, 0x1000000201005) (async)
statx(r4, &(0x7f0000000180)='./file1\x00', 0x1000, 0x4, &(0x7f00000001c0))

[   68.909533][ T5307] Bluetooth: hci0: command tx timeout
[   69.082747][ T5324] loop0: detected capacity change from 0 to 1024
[   69.410215][ T5324] hfsplus: request for non-existent node 134217728 in B*Tree
[   69.412782][ T5324] hfsplus: request for non-existent node 134217728 in B*Tree
[   69.415804][ T5324] ==================================================================
[   69.418546][ T5324] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   69.421825][ T5324] Read of size 2 at addr 000508800000103e by task syz.0.0/5324
[   69.424473][ T5324] 
[   69.425345][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-04541-gdf60eac9efe8 #0
[   69.425370][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.425376][ T5324] Call Trace:
[   69.425383][ T5324]  <TASK>
[   69.425389][ T5324]  dump_stack_lvl+0x241/0x360
[   69.425408][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.425424][ T5324]  ? __pfx__printk+0x10/0x10
[   69.425441][ T5324]  ? _printk+0xd5/0x120
[   69.425455][ T5324]  print_report+0xe8/0x550
[   69.425470][ T5324]  ? __virt_addr_valid+0x58/0x530
[   69.425484][ T5324]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.425496][ T5324]  kasan_report+0x143/0x180
[   69.425513][ T5324]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.425525][ T5324]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.425537][ T5324]  kasan_check_range+0x282/0x290
[   69.425549][ T5324]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.425562][ T5324]  __asan_memcpy+0x29/0x70
[   69.425575][ T5324]  hfsplus_bnode_dump+0x403/0xbb0
[   69.425590][ T5324]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   69.425602][ T5324]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   69.425613][ T5324]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   69.425626][ T5324]  ? rcu_is_watching+0x15/0xb0
[   69.425641][ T5324]  ? hfsplus_bnode_move+0x2da/0x910
[   69.425654][ T5324]  ? __mark_inode_dirty+0x3db/0xe90
[   69.425669][ T5324]  hfsplus_brec_remove+0x42c/0x4f0
[   69.425685][ T5324]  __hfsplus_delete_attr+0x275/0x450
[   69.425744][ T5324]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   69.425762][ T5324]  ? hfsplus_find_init+0x85/0x1c0
[   69.425776][ T5324]  hfsplus_delete_attr+0x353/0x4b0
[   69.425791][ T5324]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   69.425806][ T5324]  ? hfsplus_find_init+0x85/0x1c0
[   69.425820][ T5324]  ? hfsplus_find_init+0x14a/0x1c0
[   69.425832][ T5324]  __hfsplus_setxattr+0x4ad/0x22d0
[   69.425846][ T5324]  ? kernel_text_address+0xa7/0xe0
[   69.425862][ T5324]  ? arch_stack_walk+0xfd/0x150
[   69.425877][ T5324]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   69.425891][ T5324]  ? stack_trace_save+0x118/0x1d0
[   69.425901][ T5324]  ? __pfx_stack_trace_save+0x10/0x10
[   69.425912][ T5324]  ? stack_depot_save_flags+0x37/0x940
[   69.425936][ T5324]  ? __kasan_kmalloc+0x98/0xb0
[   69.425947][ T5324]  ? __kmalloc_cache_noprof+0x243/0x390
[   69.425962][ T5324]  ? hfsplus_setxattr+0x68/0xe0
[   69.425972][ T5324]  hfsplus_setxattr+0xb0/0xe0
[   69.425982][ T5324]  hfsplus_user_setxattr+0x40/0x60
[   69.425992][ T5324]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   69.426003][ T5324]  __vfs_setxattr+0x468/0x4a0
[   69.426017][ T5324]  __vfs_setxattr_noperm+0x12e/0x660
[   69.426030][ T5324]  vfs_setxattr+0x221/0x430
[   69.426045][ T5324]  ? __pfx_vfs_setxattr+0x10/0x10
[   69.426060][ T5324]  filename_setxattr+0x2af/0x430
[   69.426073][ T5324]  ? __phys_addr_symbol+0x2f/0x70
[   69.426087][ T5324]  ? __pfx_filename_setxattr+0x10/0x10
[   69.426101][ T5324]  ? getname_flags+0x1e3/0x540
[   69.426115][ T5324]  path_setxattrat+0x440/0x510
[   69.426128][ T5324]  ? __pfx_path_setxattrat+0x10/0x10
[   69.426144][ T5324]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.426158][ T5324]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.426171][ T5324]  __x64_sys_setxattr+0xbc/0xe0
[   69.426185][ T5324]  do_syscall_64+0xf3/0x230
[   69.426229][ T5324]  ? clear_bhb_loop+0x35/0x90
[   69.426242][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.426253][ T5324] RIP: 0033:0x7f51aef8cd29
[   69.426264][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.426272][ T5324] RSP: 002b:00007f51afd10038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   69.426284][ T5324] RAX: ffffffffffffffda RBX: 00007f51af1a6080 RCX: 00007f51aef8cd29
[   69.426292][ T5324] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000020000340
[   69.426298][ T5324] RBP: 00007f51af00e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.426305][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.426311][ T5324] R13: 0000000000000000 R14: 00007f51af1a6080 R15: 00007ffe8e5fd958
[   69.426321][ T5324]  </TASK>
[   69.426325][ T5324] ==================================================================
[   69.627960][ T5324] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.630720][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-04541-gdf60eac9efe8 #0
[   69.634446][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.638398][ T5324] Call Trace:
[   69.639738][ T5324]  <TASK>
[   69.640838][ T5324]  dump_stack_lvl+0x241/0x360
[   69.642639][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.644597][ T5324]  ? __pfx__printk+0x10/0x10
[   69.646430][ T5324]  ? preempt_schedule+0xe1/0xf0
[   69.648300][ T5324]  ? vscnprintf+0x5d/0x90
[   69.650168][ T5324]  panic+0x349/0x880
[   69.651604][ T5324]  ? check_panic_on_warn+0x21/0xb0
[   69.653489][ T5324]  ? __pfx_panic+0x10/0x10
[   69.655252][ T5324]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   69.657338][ T5324]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.659718][ T5324]  ? print_report+0xe8/0x550
[   69.661399][ T5324]  check_panic_on_warn+0x86/0xb0
[   69.663244][ T5324]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.665200][ T5324]  end_report+0x77/0x160
[   69.666781][ T5324]  kasan_report+0x154/0x180
[   69.668526][ T5324]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.670355][ T5324]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.672230][ T5324]  kasan_check_range+0x282/0x290
[   69.674004][ T5324]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.675935][ T5324]  __asan_memcpy+0x29/0x70
[   69.677575][ T5324]  hfsplus_bnode_dump+0x403/0xbb0
[   69.679505][ T5324]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   69.681514][ T5324]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   69.683580][ T5324]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   69.685823][ T5324]  ? rcu_is_watching+0x15/0xb0
[   69.687730][ T5324]  ? hfsplus_bnode_move+0x2da/0x910
[   69.689569][ T5324]  ? __mark_inode_dirty+0x3db/0xe90
[   69.691491][ T5324]  hfsplus_brec_remove+0x42c/0x4f0
[   69.693459][ T5324]  __hfsplus_delete_attr+0x275/0x450
[   69.695556][ T5324]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   69.697696][ T5324]  ? hfsplus_find_init+0x85/0x1c0
[   69.699559][ T5324]  hfsplus_delete_attr+0x353/0x4b0
[   69.701309][ T5324]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   69.703274][ T5324]  ? hfsplus_find_init+0x85/0x1c0
[   69.705181][ T5324]  ? hfsplus_find_init+0x14a/0x1c0
[   69.707155][ T5324]  __hfsplus_setxattr+0x4ad/0x22d0
[   69.709091][ T5324]  ? kernel_text_address+0xa7/0xe0
[   69.711053][ T5324]  ? arch_stack_walk+0xfd/0x150
[   69.712941][ T5324]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   69.714982][ T5324]  ? stack_trace_save+0x118/0x1d0
[   69.716930][ T5324]  ? __pfx_stack_trace_save+0x10/0x10
[   69.718991][ T5324]  ? stack_depot_save_flags+0x37/0x940
[   69.720990][ T5324]  ? __kasan_kmalloc+0x98/0xb0
[   69.722751][ T5324]  ? __kmalloc_cache_noprof+0x243/0x390
[   69.724832][ T5324]  ? hfsplus_setxattr+0x68/0xe0
[   69.726641][ T5324]  hfsplus_setxattr+0xb0/0xe0
[   69.728464][ T5324]  hfsplus_user_setxattr+0x40/0x60
[   69.730270][ T5324]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   69.732432][ T5324]  __vfs_setxattr+0x468/0x4a0
[   69.733991][ T5324]  __vfs_setxattr_noperm+0x12e/0x660
[   69.735761][ T5324]  vfs_setxattr+0x221/0x430
[   69.737472][ T5324]  ? __pfx_vfs_setxattr+0x10/0x10
[   69.739203][ T5324]  filename_setxattr+0x2af/0x430
[   69.741051][ T5324]  ? __phys_addr_symbol+0x2f/0x70
[   69.742912][ T5324]  ? __pfx_filename_setxattr+0x10/0x10
[   69.745007][ T5324]  ? getname_flags+0x1e3/0x540
[   69.746904][ T5324]  path_setxattrat+0x440/0x510
[   69.748805][ T5324]  ? __pfx_path_setxattrat+0x10/0x10
[   69.750814][ T5324]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.753009][ T5324]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.755306][ T5324]  __x64_sys_setxattr+0xbc/0xe0
[   69.757099][ T5324]  do_syscall_64+0xf3/0x230
[   69.758785][ T5324]  ? clear_bhb_loop+0x35/0x90
[   69.760662][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.763052][ T5324] RIP: 0033:0x7f51aef8cd29
[   69.764758][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.771995][ T5324] RSP: 002b:00007f51afd10038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   69.775168][ T5324] RAX: ffffffffffffffda RBX: 00007f51af1a6080 RCX: 00007f51aef8cd29
[   69.778409][ T5324] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000020000340
[   69.781355][ T5324] RBP: 00007f51af00e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.784245][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.787147][ T5324] R13: 0000000000000000 R14: 00007f51af1a6080 R15: 00007ffe8e5fd958
[   69.790082][ T5324]  </TASK>
[   69.791570][ T5324] Kernel Offset: disabled
[   69.793150][ T5324] Rebooting in 86400 seconds..