program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
inotify_init1(0x0) (async)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) (async)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000002800010026bd70000e573bfec80d25e908007e1c04000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20008040)

[   69.369171][ T5303] Bluetooth: hci0: command tx timeout
[   69.440094][ T5318] loop0: detected capacity change from 0 to 1024
[   69.489630][ T5320] hfsplus: request for non-existent node 134217728 in B*Tree
[   69.492418][ T5320] hfsplus: request for non-existent node 134217728 in B*Tree
[   69.495897][ T5319] ==================================================================
[   69.498974][ T5319] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   69.501909][ T5319] Read of size 2 at addr 000508800000103e by task syz.0.0/5319
[   69.504730][ T5319] 
[   69.505686][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   69.505699][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.505706][ T5319] Call Trace:
[   69.505712][ T5319]  <TASK>
[   69.505716][ T5319]  dump_stack_lvl+0x241/0x360
[   69.505729][ T5319]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.505739][ T5319]  ? __pfx__printk+0x10/0x10
[   69.505754][ T5319]  ? _printk+0xd5/0x120
[   69.505770][ T5319]  print_report+0xe8/0x550
[   69.505785][ T5319]  ? __virt_addr_valid+0x58/0x530
[   69.505801][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.505840][ T5319]  kasan_report+0x143/0x180
[   69.505855][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.505869][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.505883][ T5319]  kasan_check_range+0x282/0x290
[   69.505891][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.505905][ T5319]  __asan_memcpy+0x29/0x70
[   69.505917][ T5319]  hfsplus_bnode_dump+0x403/0xbb0
[   69.505933][ T5319]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   69.505946][ T5319]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   69.505960][ T5319]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   69.505975][ T5319]  ? rcu_is_watching+0x15/0xb0
[   69.505984][ T5319]  ? hfsplus_bnode_move+0x2da/0x910
[   69.505996][ T5319]  ? __mark_inode_dirty+0x3db/0xe90
[   69.506009][ T5319]  hfsplus_brec_remove+0x42c/0x4f0
[   69.506022][ T5319]  __hfsplus_delete_attr+0x275/0x450
[   69.506035][ T5319]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   69.506045][ T5319]  ? hfsplus_find_init+0x85/0x1c0
[   69.506057][ T5319]  hfsplus_delete_attr+0x353/0x4b0
[   69.506068][ T5319]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   69.506080][ T5319]  ? hfsplus_find_init+0x85/0x1c0
[   69.506088][ T5319]  ? hfsplus_find_init+0x14a/0x1c0
[   69.506097][ T5319]  __hfsplus_setxattr+0x801/0x22d0
[   69.506110][ T5319]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.506125][ T5319]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   69.506186][ T5319]  ? lockdep_hardirqs_on+0x99/0x150
[   69.506198][ T5319]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   69.506209][ T5319]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.506222][ T5319]  ? stack_depot_save_flags+0x7b4/0x940
[   69.506253][ T5319]  ? __kasan_kmalloc+0x98/0xb0
[   69.506267][ T5319]  ? __kmalloc_cache_noprof+0x243/0x390
[   69.506277][ T5319]  ? hfsplus_setxattr+0x68/0xe0
[   69.506288][ T5319]  hfsplus_setxattr+0xb0/0xe0
[   69.506298][ T5319]  hfsplus_user_setxattr+0x40/0x60
[   69.506305][ T5319]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   69.506311][ T5319]  __vfs_removexattr+0x42a/0x460
[   69.506319][ T5319]  __vfs_removexattr_locked+0x206/0x450
[   69.506326][ T5319]  vfs_removexattr+0x103/0x2b0
[   69.506331][ T5319]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   69.506342][ T5319]  ? __pfx_vfs_removexattr+0x10/0x10
[   69.506352][ T5319]  path_removexattrat+0x32e/0x670
[   69.506364][ T5319]  ? __pfx_path_removexattrat+0x10/0x10
[   69.506375][ T5319]  ? do_futex+0x33b/0x560
[   69.506393][ T5319]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.506405][ T5319]  ? do_syscall_64+0x100/0x230
[   69.506420][ T5319]  __x64_sys_removexattr+0x62/0x70
[   69.506431][ T5319]  do_syscall_64+0xf3/0x230
[   69.506444][ T5319]  ? clear_bhb_loop+0x35/0x90
[   69.506458][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.506472][ T5319] RIP: 0033:0x7f3fa998cda9
[   69.506483][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.506491][ T5319] RSP: 002b:00007f3faa89f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   69.506504][ T5319] RAX: ffffffffffffffda RBX: 00007f3fa9ba6080 RCX: 00007f3fa998cda9
[   69.506511][ T5319] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[   69.506518][ T5319] RBP: 00007f3fa9a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.506524][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.506529][ T5319] R13: 0000000000000000 R14: 00007f3fa9ba6080 R15: 00007ffe28aa64f8
[   69.506540][ T5319]  </TASK>
[   69.506544][ T5319] ==================================================================
[   69.667195][ T5319] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.669893][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   69.673572][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.677422][ T5319] Call Trace:
[   69.678664][ T5319]  <TASK>
[   69.679733][ T5319]  dump_stack_lvl+0x241/0x360
[   69.681500][ T5319]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.683374][ T5319]  ? __pfx__printk+0x10/0x10
[   69.685159][ T5319]  ? preempt_schedule+0xe1/0xf0
[   69.686963][ T5319]  ? vscnprintf+0x5d/0x90
[   69.688646][ T5319]  panic+0x349/0x880
[   69.690386][ T5319]  ? check_panic_on_warn+0x21/0xb0
[   69.692384][ T5319]  ? __pfx_panic+0x10/0x10
[   69.694150][ T5319]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   69.696449][ T5319]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.698841][ T5319]  ? print_report+0xe8/0x550
[   69.700608][ T5319]  check_panic_on_warn+0x86/0xb0
[   69.702500][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.704499][ T5319]  end_report+0x77/0x160
[   69.706127][ T5319]  kasan_report+0x154/0x180
[   69.707862][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.709842][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.711730][ T5319]  kasan_check_range+0x282/0x290
[   69.713585][ T5319]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.715469][ T5319]  __asan_memcpy+0x29/0x70
[   69.717114][ T5319]  hfsplus_bnode_dump+0x403/0xbb0
[   69.718996][ T5319]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   69.721014][ T5319]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   69.723124][ T5319]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   69.725397][ T5319]  ? rcu_is_watching+0x15/0xb0
[   69.727194][ T5319]  ? hfsplus_bnode_move+0x2da/0x910
[   69.729134][ T5319]  ? __mark_inode_dirty+0x3db/0xe90
[   69.731032][ T5319]  hfsplus_brec_remove+0x42c/0x4f0
[   69.732916][ T5319]  __hfsplus_delete_attr+0x275/0x450
[   69.734943][ T5319]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   69.737058][ T5319]  ? hfsplus_find_init+0x85/0x1c0
[   69.738969][ T5319]  hfsplus_delete_attr+0x353/0x4b0
[   69.740856][ T5319]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   69.742961][ T5319]  ? hfsplus_find_init+0x85/0x1c0
[   69.744943][ T5319]  ? hfsplus_find_init+0x14a/0x1c0
[   69.746941][ T5319]  __hfsplus_setxattr+0x801/0x22d0
[   69.748791][ T5319]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.751140][ T5319]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   69.753274][ T5319]  ? lockdep_hardirqs_on+0x99/0x150
[   69.755408][ T5319]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   69.757542][ T5319]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.759783][ T5319]  ? stack_depot_save_flags+0x7b4/0x940
[   69.761960][ T5319]  ? __kasan_kmalloc+0x98/0xb0
[   69.763834][ T5319]  ? __kmalloc_cache_noprof+0x243/0x390
[   69.766117][ T5319]  ? hfsplus_setxattr+0x68/0xe0
[   69.768016][ T5319]  hfsplus_setxattr+0xb0/0xe0
[   69.769883][ T5319]  hfsplus_user_setxattr+0x40/0x60
[   69.771878][ T5319]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   69.774295][ T5319]  __vfs_removexattr+0x42a/0x460
[   69.776207][ T5319]  __vfs_removexattr_locked+0x206/0x450
[   69.778397][ T5319]  vfs_removexattr+0x103/0x2b0
[   69.780138][ T5319]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   69.782396][ T5319]  ? __pfx_vfs_removexattr+0x10/0x10
[   69.784617][ T5319]  path_removexattrat+0x32e/0x670
[   69.786533][ T5319]  ? __pfx_path_removexattrat+0x10/0x10
[   69.788520][ T5319]  ? do_futex+0x33b/0x560
[   69.790093][ T5319]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.792377][ T5319]  ? do_syscall_64+0x100/0x230
[   69.794367][ T5319]  __x64_sys_removexattr+0x62/0x70
[   69.796275][ T5319]  do_syscall_64+0xf3/0x230
[   69.798211][ T5319]  ? clear_bhb_loop+0x35/0x90
[   69.800092][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.802335][ T5319] RIP: 0033:0x7f3fa998cda9
[   69.804035][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.811127][ T5319] RSP: 002b:00007f3faa89f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   69.814217][ T5319] RAX: ffffffffffffffda RBX: 00007f3fa9ba6080 RCX: 00007f3fa998cda9
[   69.817232][ T5319] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[   69.820102][ T5319] RBP: 00007f3fa9a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.823109][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.825856][ T5319] R13: 0000000000000000 R14: 00007f3fa9ba6080 R15: 00007ffe28aa64f8
[   69.828967][ T5319]  </TASK>
[   69.830372][ T5319] Kernel Offset: disabled
[   69.831971][ T5319] Rebooting in 86400 seconds..