program:
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0x40000582) (async)
inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x31}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$inet6_group_source_req(r1, 0x29, 0x1, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f00000016c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108)
syz_emit_ethernet(0x66, &(0x7f0000000200)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x30, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @mcast2, {[], @time_exceed={0x8b, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '%kT', 0x0, 0x0, 0x0, @mcast1, @dev}}}}}}}, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r4, &(0x7f00000004c0)=[{&(0x7f0000000080)="ea", 0x1}, {&(0x7f00000003c0)="8c", 0x1}], 0x2) (async)
writev(r4, &(0x7f00000004c0)=[{&(0x7f0000000080)="ea", 0x1}, {&(0x7f00000003c0)="8c", 0x1}], 0x2)
close_range(r3, 0xffffffffffffffff, 0x0) (async)
close_range(r3, 0xffffffffffffffff, 0x0)
getpid()
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="6c0100003b0007010000000000000000fd7c00004101a3800c110769aa22004d15df94a477cdd91ad6094c3a0200ea7c2012c6cd879616f803e6662e0c7a419a46cd74c121c6b43af032b3e82c2cfda4b1bca986d0507c3d0937a64daec5add1c695ddcac3e669ed60b2f903d3b99a803373a1f29ee000a580128e10cfb38e0f98553125cb0a1b34da7c30e13b3b6052f2a2f7e8c363379b42c51cee83a0061716415080767566ab04a5f4fb6762f092853c8cc318162f6f9311980a38427d279d674be5501d1d890be390df7955b50dd397662cdbddd2f08eb6168f8075a3b20570b58d03948c88c6009e7b66c6071f3ea341fa5ac9830acc09ca8b278e8c037e4b40d19b264186888e7aff0f546a8e823893bc914e07ad25700fdbaa3de3f9915793117d13c6c94c3dfc11e9d6b7ff9907cc676e42a5585e054a0d9a1dbae4b814008400000000000000000000000000000000010000000c00018006000600800a0000080002808d437a57"], 0x16c}}, 0xc000)

[   72.175217][ T4665] Bluetooth: hci0: command tx timeout
[   72.261726][ T5321] loop0: detected capacity change from 0 to 1024
[   72.342496][ T5321] hfsplus: request for non-existent node 134217728 in B*Tree
[   72.348065][ T5321] hfsplus: request for non-existent node 134217728 in B*Tree
[   72.351977][ T5322] ==================================================================
[   72.355399][ T5322] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   72.358340][ T5322] Read of size 2 at addr 000508800000103e by task syz.0.0/5322
[   72.361025][ T5322] 
[   72.362147][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[   72.362165][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.362173][ T5322] Call Trace:
[   72.362182][ T5322]  <TASK>
[   72.362190][ T5322]  dump_stack_lvl+0x241/0x360
[   72.362211][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.362224][ T5322]  ? __pfx__printk+0x10/0x10
[   72.362238][ T5322]  ? _printk+0xd5/0x120
[   72.362249][ T5322]  print_report+0xe8/0x550
[   72.362262][ T5322]  ? __virt_addr_valid+0x58/0x530
[   72.362280][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.362300][ T5322]  kasan_report+0x143/0x180
[   72.362318][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.362335][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.362351][ T5322]  kasan_check_range+0x282/0x290
[   72.362362][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.362379][ T5322]  __asan_memcpy+0x29/0x70
[   72.362393][ T5322]  hfsplus_bnode_dump+0x403/0xbb0
[   72.362415][ T5322]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   72.362433][ T5322]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   72.362450][ T5322]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   72.362466][ T5322]  ? rcu_is_watching+0x15/0xb0
[   72.362480][ T5322]  ? hfsplus_bnode_move+0x2da/0x910
[   72.362496][ T5322]  ? __mark_inode_dirty+0x3db/0xe90
[   72.362512][ T5322]  hfsplus_brec_remove+0x42c/0x4f0
[   72.362528][ T5322]  __hfsplus_delete_attr+0x275/0x450
[   72.362543][ T5322]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   72.362559][ T5322]  ? hfsplus_find_init+0x85/0x1c0
[   72.362572][ T5322]  hfsplus_delete_attr+0x353/0x4b0
[   72.362587][ T5322]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   72.362604][ T5322]  ? hfsplus_find_init+0x85/0x1c0
[   72.362616][ T5322]  ? hfsplus_find_init+0x14a/0x1c0
[   72.362628][ T5322]  __hfsplus_setxattr+0x801/0x22d0
[   72.362643][ T5322]  ? kernel_text_address+0xa7/0xe0
[   72.362656][ T5322]  ? arch_stack_walk+0xfd/0x150
[   72.362676][ T5322]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   72.362689][ T5322]  ? __pfx_stack_trace_save+0x10/0x10
[   72.362707][ T5322]  ? stack_depot_save_flags+0x37/0x940
[   72.362747][ T5322]  ? __kasan_kmalloc+0x98/0xb0
[   72.362764][ T5322]  ? __kmalloc_cache_noprof+0x243/0x390
[   72.362776][ T5322]  ? hfsplus_setxattr+0x68/0xe0
[   72.362790][ T5322]  hfsplus_setxattr+0xb0/0xe0
[   72.362804][ T5322]  hfsplus_user_setxattr+0x40/0x60
[   72.362820][ T5322]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   72.362833][ T5322]  __vfs_removexattr+0x42a/0x460
[   72.362847][ T5322]  __vfs_removexattr_locked+0x206/0x450
[   72.362859][ T5322]  vfs_removexattr+0x103/0x2b0
[   72.362870][ T5322]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   72.362885][ T5322]  ? __pfx_vfs_removexattr+0x10/0x10
[   72.362899][ T5322]  path_removexattrat+0x32e/0x670
[   72.362915][ T5322]  ? __pfx_path_removexattrat+0x10/0x10
[   72.362928][ T5322]  ? do_futex+0x392/0x560
[   72.362949][ T5322]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.362965][ T5322]  ? do_syscall_64+0x100/0x230
[   72.363039][ T5322]  __x64_sys_removexattr+0x62/0x70
[   72.363054][ T5322]  do_syscall_64+0xf3/0x230
[   72.363069][ T5322]  ? clear_bhb_loop+0x35/0x90
[   72.363087][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.363107][ T5322] RIP: 0033:0x7f9543b8cde9
[   72.363124][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.363136][ T5322] RSP: 002b:00007f954498c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   72.363155][ T5322] RAX: ffffffffffffffda RBX: 00007f9543da6080 RCX: 00007f9543b8cde9
[   72.363166][ T5322] RDX: 0000000000000000 RSI: 0000400000000080 RDI: 0000400000000040
[   72.363176][ T5322] RBP: 00007f9543c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   72.363185][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   72.363194][ T5322] R13: 0000000000000000 R14: 00007f9543da6080 R15: 00007ffe325c3568
[   72.363210][ T5322]  </TASK>
[   72.363216][ T5322] ==================================================================
[   72.548568][ T5322] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   72.551395][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[   72.555452][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.559700][ T5322] Call Trace:
[   72.561113][ T5322]  <TASK>
[   72.562520][ T5322]  dump_stack_lvl+0x241/0x360
[   72.564444][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.566918][ T5322]  ? __pfx__printk+0x10/0x10
[   72.569223][ T5322]  ? preempt_schedule+0xe1/0xf0
[   72.571200][ T5322]  ? vscnprintf+0x5d/0x90
[   72.572822][ T5322]  panic+0x349/0x880
[   72.574270][ T5322]  ? check_panic_on_warn+0x21/0xb0
[   72.576141][ T5322]  ? __pfx_panic+0x10/0x10
[   72.577727][ T5322]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   72.579980][ T5322]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   72.582990][ T5322]  ? print_report+0xe8/0x550
[   72.585367][ T5322]  check_panic_on_warn+0x86/0xb0
[   72.587693][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.589633][ T5322]  end_report+0x77/0x160
[   72.591169][ T5322]  kasan_report+0x154/0x180
[   72.592779][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.594702][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.596737][ T5322]  kasan_check_range+0x282/0x290
[   72.598652][ T5322]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.601127][ T5322]  __asan_memcpy+0x29/0x70
[   72.603712][ T5322]  hfsplus_bnode_dump+0x403/0xbb0
[   72.605949][ T5322]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   72.608001][ T5322]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   72.609920][ T5322]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   72.612022][ T5322]  ? rcu_is_watching+0x15/0xb0
[   72.613731][ T5322]  ? hfsplus_bnode_move+0x2da/0x910
[   72.616141][ T5322]  ? __mark_inode_dirty+0x3db/0xe90
[   72.619355][ T5322]  hfsplus_brec_remove+0x42c/0x4f0
[   72.622261][ T5322]  __hfsplus_delete_attr+0x275/0x450
[   72.624610][ T5322]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   72.626851][ T5322]  ? hfsplus_find_init+0x85/0x1c0
[   72.628748][ T5322]  hfsplus_delete_attr+0x353/0x4b0
[   72.630653][ T5322]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   72.632802][ T5322]  ? hfsplus_find_init+0x85/0x1c0
[   72.634868][ T5322]  ? hfsplus_find_init+0x14a/0x1c0
[   72.636978][ T5322]  __hfsplus_setxattr+0x801/0x22d0
[   72.639002][ T5322]  ? kernel_text_address+0xa7/0xe0
[   72.641012][ T5322]  ? arch_stack_walk+0xfd/0x150
[   72.642906][ T5322]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   72.645427][ T5322]  ? __pfx_stack_trace_save+0x10/0x10
[   72.648102][ T5322]  ? stack_depot_save_flags+0x37/0x940
[   72.650748][ T5322]  ? __kasan_kmalloc+0x98/0xb0
[   72.652801][ T5322]  ? __kmalloc_cache_noprof+0x243/0x390
[   72.654966][ T5322]  ? hfsplus_setxattr+0x68/0xe0
[   72.656923][ T5322]  hfsplus_setxattr+0xb0/0xe0
[   72.659003][ T5322]  hfsplus_user_setxattr+0x40/0x60
[   72.661028][ T5322]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   72.663388][ T5322]  __vfs_removexattr+0x42a/0x460
[   72.665334][ T5322]  __vfs_removexattr_locked+0x206/0x450
[   72.667318][ T5322]  vfs_removexattr+0x103/0x2b0
[   72.669232][ T5322]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   72.671463][ T5322]  ? __pfx_vfs_removexattr+0x10/0x10
[   72.673354][ T5322]  path_removexattrat+0x32e/0x670
[   72.675199][ T5322]  ? __pfx_path_removexattrat+0x10/0x10
[   72.677251][ T5322]  ? do_futex+0x392/0x560
[   72.679007][ T5322]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.681542][ T5322]  ? do_syscall_64+0x100/0x230
[   72.683556][ T5322]  __x64_sys_removexattr+0x62/0x70
[   72.685336][ T5322]  do_syscall_64+0xf3/0x230
[   72.686958][ T5322]  ? clear_bhb_loop+0x35/0x90
[   72.688696][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.691259][ T5322] RIP: 0033:0x7f9543b8cde9
[   72.693339][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.701429][ T5322] RSP: 002b:00007f954498c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   72.704590][ T5322] RAX: ffffffffffffffda RBX: 00007f9543da6080 RCX: 00007f9543b8cde9
[   72.707700][ T5322] RDX: 0000000000000000 RSI: 0000400000000080 RDI: 0000400000000040
[   72.711057][ T5322] RBP: 00007f9543c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   72.714454][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   72.717540][ T5322] R13: 0000000000000000 R14: 00007f9543da6080 R15: 00007ffe325c3568
[   72.720905][ T5322]  </TASK>
[   72.722752][ T5322] Kernel Offset: disabled
[   72.724825][ T5322] Rebooting in 86400 seconds..