program:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x7})
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000001c0)=<r0=>0x0)
capget(&(0x7f0000000200)={0x20071026, r0}, &(0x7f0000000240)={0x8001, 0x200, 0x101, 0x3, 0x3, 0x2})
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000002480), 0x200, 0x0)
ioctl$RNDADDTOENTCNT(r1, 0x40045201, 0x0) (async)
ioctl$RNDADDTOENTCNT(r1, 0x40045201, 0x0)
inotify_init1(0x0) (async)
r2 = inotify_init1(0x0)
ioctl$FS_IOC_GETVERSION(r2, 0x80087601, &(0x7f0000000280))
inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
link(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='./file0\x00') (async)
link(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)='./file0\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setscheduler(0xffffffffffffffff, 0x3, &(0x7f0000000180)=0x25fee94a)

[   80.169691][ T5326] loop0: detected capacity change from 0 to 1024
[   80.179057][ T5312] Bluetooth: hci0: command tx timeout
[   80.189772][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[   80.192868][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[   80.299508][ T5326] capability: warning: `syz.0.0' uses deprecated v2 capabilities in a way that may be insecure
[   80.312075][ T5326] hfsplus: request for non-existent node 134217728 in B*Tree
[   80.314978][ T5326] hfsplus: request for non-existent node 134217728 in B*Tree
[   80.318900][ T5327] ==================================================================
[   80.321931][ T5327] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   80.325007][ T5327] Read of size 2 at addr 000508800000103e by task syz.0.0/5327
[   80.328222][ T5327] 
[   80.329246][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[   80.333144][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.337702][ T5327] Call Trace:
[   80.339211][ T5327]  <TASK>
[   80.340380][ T5327]  dump_stack_lvl+0x241/0x360
[   80.342279][ T5327]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.344256][ T5327]  ? __pfx__printk+0x10/0x10
[   80.346019][ T5327]  ? _printk+0xd5/0x120
[   80.347580][ T5327]  print_report+0xe8/0x550
[   80.349314][ T5327]  ? __virt_addr_valid+0x58/0x530
[   80.351187][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[   80.353178][ T5327]  kasan_report+0x143/0x180
[   80.355022][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[   80.356966][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[   80.358999][ T5327]  kasan_check_range+0x282/0x290
[   80.360857][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[   80.362806][ T5327]  __asan_memcpy+0x29/0x70
[   80.364525][ T5327]  hfsplus_bnode_dump+0x403/0xbb0
[   80.366382][ T5327]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   80.368409][ T5327]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   80.370482][ T5327]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   80.372597][ T5327]  ? rcu_is_watching+0x15/0xb0
[   80.374221][ T5327]  ? hfsplus_bnode_move+0x2da/0x910
[   80.375946][ T5327]  ? __mark_inode_dirty+0x3db/0xe90
[   80.377873][ T5327]  hfsplus_brec_remove+0x42c/0x4f0
[   80.379677][ T5327]  __hfsplus_delete_attr+0x275/0x450
[   80.381494][ T5327]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   80.383491][ T5327]  ? hfsplus_find_init+0x85/0x1c0
[   80.385350][ T5327]  hfsplus_delete_attr+0x353/0x4b0
[   80.387311][ T5327]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   80.389277][ T5327]  ? hfsplus_find_init+0x85/0x1c0
[   80.391217][ T5327]  ? hfsplus_find_init+0x14a/0x1c0
[   80.393133][ T5327]  __hfsplus_setxattr+0x801/0x22d0
[   80.395086][ T5327]  ? kernel_text_address+0xa7/0xe0
[   80.397275][ T5327]  ? arch_stack_walk+0xfd/0x150
[   80.399190][ T5327]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   80.401302][ T5327]  ? __pfx_stack_trace_save+0x10/0x10
[   80.403346][ T5327]  ? stack_depot_save_flags+0x37/0x940
[   80.405588][ T5327]  ? __kasan_kmalloc+0x98/0xb0
[   80.407438][ T5327]  ? __kmalloc_cache_noprof+0x243/0x390
[   80.409544][ T5327]  ? hfsplus_setxattr+0x68/0xe0
[   80.411493][ T5327]  hfsplus_setxattr+0xb0/0xe0
[   80.413276][ T5327]  hfsplus_user_setxattr+0x40/0x60
[   80.415290][ T5327]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   80.417711][ T5327]  __vfs_removexattr+0x42a/0x460
[   80.419713][ T5327]  __vfs_removexattr_locked+0x206/0x450
[   80.421709][ T5327]  vfs_removexattr+0x103/0x2b0
[   80.423595][ T5327]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   80.425829][ T5327]  ? __pfx_vfs_removexattr+0x10/0x10
[   80.427807][ T5327]  path_removexattrat+0x32e/0x670
[   80.429794][ T5327]  ? __pfx_path_removexattrat+0x10/0x10
[   80.431896][ T5327]  ? do_futex+0x392/0x560
[   80.433531][ T5327]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   80.435894][ T5327]  ? do_syscall_64+0x100/0x230
[   80.437743][ T5327]  __x64_sys_removexattr+0x62/0x70
[   80.439573][ T5327]  do_syscall_64+0xf3/0x230
[   80.441370][ T5327]  ? clear_bhb_loop+0x35/0x90
[   80.443150][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.445513][ T5327] RIP: 0033:0x7fdc5ab85d19
[   80.447250][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.454403][ T5327] RSP: 002b:00007fdc5b9ed038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   80.457547][ T5327] RAX: ffffffffffffffda RBX: 00007fdc5ad76080 RCX: 00007fdc5ab85d19
[   80.460533][ T5327] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[   80.463367][ T5327] RBP: 00007fdc5ac01a20 R08: 0000000000000000 R09: 0000000000000000
[   80.466311][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   80.469239][ T5327] R13: 0000000000000000 R14: 00007fdc5ad76080 R15: 00007ffdc35d2a88
[   80.471890][ T5327]  </TASK>
[   80.472986][ T5327] ==================================================================
[   80.495238][ T5327] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   80.498170][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[   80.501508][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.505393][ T5327] Call Trace:
[   80.506677][ T5327]  <TASK>
[   80.507819][ T5327]  dump_stack_lvl+0x241/0x360
[   80.509659][ T5327]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.511592][ T5327]  ? __pfx__printk+0x10/0x10
[   80.513390][ T5327]  ? preempt_schedule+0xe1/0xf0
[   80.515244][ T5327]  ? vscnprintf+0x5d/0x90
[   80.516820][ T5327]  panic+0x349/0x880
[   80.518252][ T5327]  ? check_panic_on_warn+0x21/0xb0
[   80.520144][ T5327]  ? __pfx_panic+0x10/0x10
[   80.521773][ T5327]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   80.523799][ T5327]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   80.526010][ T5327]  ? print_report+0xe8/0x550
[   80.527654][ T5327]  check_panic_on_warn+0x86/0xb0
[   80.529484][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[   80.531466][ T5327]  end_report+0x77/0x160
[   80.532993][ T5327]  kasan_report+0x154/0x180
[   80.534709][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[   80.536674][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[   80.538630][ T5327]  kasan_check_range+0x282/0x290
[   80.540532][ T5327]  ? hfsplus_bnode_dump+0x403/0xbb0
[   80.542391][ T5327]  __asan_memcpy+0x29/0x70
[   80.543985][ T5327]  hfsplus_bnode_dump+0x403/0xbb0
[   80.545867][ T5327]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   80.547789][ T5327]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   80.549688][ T5327]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   80.551828][ T5327]  ? rcu_is_watching+0x15/0xb0
[   80.553442][ T5327]  ? hfsplus_bnode_move+0x2da/0x910
[   80.555463][ T5327]  ? __mark_inode_dirty+0x3db/0xe90
[   80.557585][ T5327]  hfsplus_brec_remove+0x42c/0x4f0
[   80.559594][ T5327]  __hfsplus_delete_attr+0x275/0x450
[   80.561570][ T5327]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   80.563874][ T5327]  ? hfsplus_find_init+0x85/0x1c0
[   80.565964][ T5327]  hfsplus_delete_attr+0x353/0x4b0
[   80.567862][ T5327]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   80.569973][ T5327]  ? hfsplus_find_init+0x85/0x1c0
[   80.571774][ T5327]  ? hfsplus_find_init+0x14a/0x1c0
[   80.573663][ T5327]  __hfsplus_setxattr+0x801/0x22d0
[   80.575579][ T5327]  ? kernel_text_address+0xa7/0xe0
[   80.577466][ T5327]  ? arch_stack_walk+0xfd/0x150
[   80.579424][ T5327]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   80.581473][ T5327]  ? __pfx_stack_trace_save+0x10/0x10
[   80.583515][ T5327]  ? stack_depot_save_flags+0x37/0x940
[   80.585604][ T5327]  ? __kasan_kmalloc+0x98/0xb0
[   80.587384][ T5327]  ? __kmalloc_cache_noprof+0x243/0x390
[   80.589687][ T5327]  ? hfsplus_setxattr+0x68/0xe0
[   80.591516][ T5327]  hfsplus_setxattr+0xb0/0xe0
[   80.593234][ T5327]  hfsplus_user_setxattr+0x40/0x60
[   80.595359][ T5327]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   80.597516][ T5327]  __vfs_removexattr+0x42a/0x460
[   80.599343][ T5327]  __vfs_removexattr_locked+0x206/0x450
[   80.601364][ T5327]  vfs_removexattr+0x103/0x2b0
[   80.603086][ T5327]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   80.605239][ T5327]  ? __pfx_vfs_removexattr+0x10/0x10
[   80.607387][ T5327]  path_removexattrat+0x32e/0x670
[   80.609258][ T5327]  ? __pfx_path_removexattrat+0x10/0x10
[   80.611364][ T5327]  ? do_futex+0x392/0x560
[   80.613009][ T5327]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   80.615490][ T5327]  ? do_syscall_64+0x100/0x230
[   80.617662][ T5327]  __x64_sys_removexattr+0x62/0x70
[   80.619633][ T5327]  do_syscall_64+0xf3/0x230
[   80.621382][ T5327]  ? clear_bhb_loop+0x35/0x90
[   80.623334][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.625396][ T5327] RIP: 0033:0x7fdc5ab85d19
[   80.627096][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.635494][ T5327] RSP: 002b:00007fdc5b9ed038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   80.638576][ T5327] RAX: ffffffffffffffda RBX: 00007fdc5ad76080 RCX: 00007fdc5ab85d19
[   80.641535][ T5327] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[   80.644548][ T5327] RBP: 00007fdc5ac01a20 R08: 0000000000000000 R09: 0000000000000000
[   80.647609][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   80.650567][ T5327] R13: 0000000000000000 R14: 00007fdc5ad76080 R15: 00007ffdc35d2a88
[   80.653472][ T5327]  </TASK>
[   80.654859][ T5327] Kernel Offset: disabled
[   80.656453][ T5327] Rebooting in 86400 seconds..