program:
ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000000))
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0x1, <r0=>0xffffffffffffffff}, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0x40000582) (async)
inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) (async)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000005980)={'ip6_vti0\x00', 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x7, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000000000000711143000000000018180000", @ANYRES32=r0, @ANYBLOB="0000000000002010850000007d00000095000000000000009500a505ac370000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

[   70.791054][ T5303] Bluetooth: hci0: command tx timeout
[   70.877992][ T5318] loop0: detected capacity change from 0 to 1024
[   70.993514][ T5321] hfsplus: request for non-existent node 134217728 in B*Tree
[   71.000054][ T5321] hfsplus: request for non-existent node 134217728 in B*Tree
[   71.003531][ T5319] ==================================================================
[   71.006754][ T5319] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   71.010163][ T5319] Read of size 2 at addr 000508800000103e by task syz.0.0/5319
[   71.013359][ T5319] 
[   71.014602][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.14.0-rc2-syzkaller #0
[   71.014620][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.014631][ T5319] Call Trace:
[   71.014639][ T5319]  <TASK>
[   71.014646][ T5319]  dump_stack_lvl+0x241/0x360
[   71.014663][ T5319]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.014677][ T5319]  ? __pfx__printk+0x10/0x10
[   71.014694][ T5319]  ? _printk+0xd5/0x120
[   71.014719][ T5319]  print_report+0xe8/0x550
[   71.014744][ T5319]  ? __virt_addr_valid+0x58/0x530
[   71.014761][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   71.014777][ T5319]  kasan_report+0x143/0x180
[   71.014795][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   71.014810][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   71.014826][ T5319]  kasan_check_range+0x282/0x290
[   71.014835][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   71.014850][ T5319]  __asan_memcpy+0x29/0x70
[   71.014865][ T5319]  hfsplus_bnode_dump+0x403/0xbb0
[   71.014883][ T5319]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   71.014900][ T5319]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   71.014914][ T5319]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   71.014930][ T5319]  ? rcu_is_watching+0x15/0xb0
[   71.014942][ T5319]  ? hfsplus_bnode_move+0x2da/0x910
[   71.014957][ T5319]  ? __mark_inode_dirty+0x3db/0xe90
[   71.014971][ T5319]  hfsplus_brec_remove+0x42c/0x4f0
[   71.014986][ T5319]  __hfsplus_delete_attr+0x275/0x450
[   71.015000][ T5319]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   71.015011][ T5319]  ? hfsplus_find_init+0x85/0x1c0
[   71.015023][ T5319]  hfsplus_delete_attr+0x353/0x4b0
[   71.015039][ T5319]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   71.015051][ T5319]  ? hfsplus_find_init+0x85/0x1c0
[   71.015062][ T5319]  ? hfsplus_find_init+0x14a/0x1c0
[   71.015074][ T5319]  __hfsplus_setxattr+0x801/0x22d0
[   71.015089][ T5319]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.015105][ T5319]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   71.015165][ T5319]  ? lockdep_hardirqs_on+0x99/0x150
[   71.015180][ T5319]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   71.015192][ T5319]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.015211][ T5319]  ? stack_depot_save_flags+0x7b4/0x940
[   71.015252][ T5319]  ? __kasan_kmalloc+0x98/0xb0
[   71.015268][ T5319]  ? __kmalloc_cache_noprof+0x243/0x390
[   71.015279][ T5319]  ? hfsplus_setxattr+0x68/0xe0
[   71.015292][ T5319]  hfsplus_setxattr+0xb0/0xe0
[   71.015304][ T5319]  hfsplus_user_setxattr+0x40/0x60
[   71.015316][ T5319]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   71.015329][ T5319]  __vfs_removexattr+0x42a/0x460
[   71.015343][ T5319]  __vfs_removexattr_locked+0x206/0x450
[   71.015354][ T5319]  vfs_removexattr+0x103/0x2b0
[   71.015363][ T5319]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   71.015376][ T5319]  ? __pfx_vfs_removexattr+0x10/0x10
[   71.015387][ T5319]  path_removexattrat+0x32e/0x670
[   71.015401][ T5319]  ? __pfx_path_removexattrat+0x10/0x10
[   71.015413][ T5319]  ? do_futex+0x33b/0x560
[   71.015431][ T5319]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.015444][ T5319]  ? do_syscall_64+0x100/0x230
[   71.015467][ T5319]  __x64_sys_removexattr+0x62/0x70
[   71.015478][ T5319]  do_syscall_64+0xf3/0x230
[   71.015491][ T5319]  ? clear_bhb_loop+0x35/0x90
[   71.015507][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.015521][ T5319] RIP: 0033:0x7f716df8cde9
[   71.015533][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.015541][ T5319] RSP: 002b:00007f716a3d4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   71.015553][ T5319] RAX: ffffffffffffffda RBX: 00007f716e1a6080 RCX: 00007f716df8cde9
[   71.015560][ T5319] RDX: 0000000000000000 RSI: 0000400000000080 RDI: 0000400000000040
[   71.015566][ T5319] RBP: 00007f716e00e2a0 R08: 0000000000000000 R09: 0000000000000000
[   71.015572][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.015577][ T5319] R13: 0000000000000000 R14: 00007f716e1a6080 R15: 00007ffc44565a78
[   71.015587][ T5319]  </TASK>
[   71.015592][ T5319] ==================================================================
[   71.188131][ T5319] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.191246][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.14.0-rc2-syzkaller #0
[   71.194664][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.198837][ T5319] Call Trace:
[   71.200096][ T5319]  <TASK>
[   71.201313][ T5319]  dump_stack_lvl+0x241/0x360
[   71.203417][ T5319]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.206181][ T5319]  ? __pfx__printk+0x10/0x10
[   71.208400][ T5319]  ? preempt_schedule+0xe1/0xf0
[   71.210446][ T5319]  ? vscnprintf+0x5d/0x90
[   71.212261][ T5319]  panic+0x349/0x880
[   71.213923][ T5319]  ? check_panic_on_warn+0x21/0xb0
[   71.215689][ T5319]  ? __pfx_panic+0x10/0x10
[   71.217063][ T5319]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   71.219106][ T5319]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   71.221364][ T5319]  ? print_report+0xe8/0x550
[   71.223296][ T5319]  check_panic_on_warn+0x86/0xb0
[   71.226005][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   71.228934][ T5319]  end_report+0x77/0x160
[   71.230799][ T5319]  kasan_report+0x154/0x180
[   71.232820][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   71.234659][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   71.236458][ T5319]  kasan_check_range+0x282/0x290
[   71.238359][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   71.240412][ T5319]  __asan_memcpy+0x29/0x70
[   71.242252][ T5319]  hfsplus_bnode_dump+0x403/0xbb0
[   71.244253][ T5319]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   71.246372][ T5319]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   71.248431][ T5319]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   71.251788][ T5319]  ? rcu_is_watching+0x15/0xb0
[   71.254533][ T5319]  ? hfsplus_bnode_move+0x2da/0x910
[   71.256715][ T5319]  ? __mark_inode_dirty+0x3db/0xe90
[   71.258758][ T5319]  hfsplus_brec_remove+0x42c/0x4f0
[   71.260678][ T5319]  __hfsplus_delete_attr+0x275/0x450
[   71.263045][ T5319]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   71.265425][ T5319]  ? hfsplus_find_init+0x85/0x1c0
[   71.267335][ T5319]  hfsplus_delete_attr+0x353/0x4b0
[   71.269279][ T5319]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   71.271347][ T5319]  ? hfsplus_find_init+0x85/0x1c0
[   71.273384][ T5319]  ? hfsplus_find_init+0x14a/0x1c0
[   71.275243][ T5319]  __hfsplus_setxattr+0x801/0x22d0
[   71.277180][ T5319]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.279567][ T5319]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   71.282034][ T5319]  ? lockdep_hardirqs_on+0x99/0x150
[   71.284348][ T5319]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   71.286784][ T5319]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.288947][ T5319]  ? stack_depot_save_flags+0x7b4/0x940
[   71.291345][ T5319]  ? __kasan_kmalloc+0x98/0xb0
[   71.293200][ T5319]  ? __kmalloc_cache_noprof+0x243/0x390
[   71.295353][ T5319]  ? hfsplus_setxattr+0x68/0xe0
[   71.297218][ T5319]  hfsplus_setxattr+0xb0/0xe0
[   71.299171][ T5319]  hfsplus_user_setxattr+0x40/0x60
[   71.301399][ T5319]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   71.304352][ T5319]  __vfs_removexattr+0x42a/0x460
[   71.306639][ T5319]  __vfs_removexattr_locked+0x206/0x450
[   71.309018][ T5319]  vfs_removexattr+0x103/0x2b0
[   71.310667][ T5319]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   71.312777][ T5319]  ? __pfx_vfs_removexattr+0x10/0x10
[   71.314732][ T5319]  path_removexattrat+0x32e/0x670
[   71.316453][ T5319]  ? __pfx_path_removexattrat+0x10/0x10
[   71.318720][ T5319]  ? do_futex+0x33b/0x560
[   71.320252][ T5319]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.323019][ T5319]  ? do_syscall_64+0x100/0x230
[   71.325278][ T5319]  __x64_sys_removexattr+0x62/0x70
[   71.327852][ T5319]  do_syscall_64+0xf3/0x230
[   71.330333][ T5319]  ? clear_bhb_loop+0x35/0x90
[   71.332265][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.334686][ T5319] RIP: 0033:0x7f716df8cde9
[   71.336443][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.344570][ T5319] RSP: 002b:00007f716a3d4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   71.348576][ T5319] RAX: ffffffffffffffda RBX: 00007f716e1a6080 RCX: 00007f716df8cde9
[   71.352104][ T5319] RDX: 0000000000000000 RSI: 0000400000000080 RDI: 0000400000000040
[   71.355320][ T5319] RBP: 00007f716e00e2a0 R08: 0000000000000000 R09: 0000000000000000
[   71.358181][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.361173][ T5319] R13: 0000000000000000 R14: 00007f716e1a6080 R15: 00007ffc44565a78
[   71.364529][ T5319]  </TASK>
[   71.366301][ T5319] Kernel Offset: disabled
[   71.368424][ T5319] Rebooting in 86400 seconds..