program:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
r0 = inotify_init1(0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x14, 0x0, 0x0)
inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0x40000582) (async)
inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
[ 58.698419][ T5313] loop0: detected capacity change from 0 to 1024
[ 58.742169][ T5314] hfsplus: request for non-existent node 134217728 in B*Tree
[ 58.748008][ T5314] hfsplus: request for non-existent node 134217728 in B*Tree
[ 58.751897][ T5315] ==================================================================
[ 58.754963][ T5315] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[ 58.758028][ T5315] Read of size 2 at addr 000508800000103e by task syz.0.0/5315
[ 58.760824][ T5315]
[ 58.761748][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[ 58.765459][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 58.769417][ T5315] Call Trace:
[ 58.770599][ T5315]
[ 58.771681][ T5315] dump_stack_lvl+0x241/0x360
[ 58.773414][ T5315] ? __pfx_dump_stack_lvl+0x10/0x10
[ 58.775383][ T5315] ? __pfx__printk+0x10/0x10
[ 58.777018][ T5315] ? _printk+0xd5/0x120
[ 58.778610][ T5315] print_report+0xe8/0x550
[ 58.780187][ T5315] ? __virt_addr_valid+0x58/0x530
[ 58.782092][ T5315] ? hfsplus_bnode_dump+0x403/0xbb0
[ 58.783980][ T5315] kasan_report+0x143/0x180
[ 58.785696][ T5315] ? hfsplus_bnode_dump+0x403/0xbb0
[ 58.787675][ T5315] ? hfsplus_bnode_dump+0x403/0xbb0
[ 58.789612][ T5315] kasan_check_range+0x282/0x290
[ 58.791477][ T5315] ? hfsplus_bnode_dump+0x403/0xbb0
[ 58.793491][ T5315] __asan_memcpy+0x29/0x70
[ 58.795109][ T5315] hfsplus_bnode_dump+0x403/0xbb0
[ 58.796934][ T5315] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 58.799020][ T5315] ? hfsplus_bnode_write_u16+0x9b/0xf0
[ 58.801101][ T5315] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[ 58.803385][ T5315] ? rcu_is_watching+0x15/0xb0
[ 58.805199][ T5315] ? hfsplus_bnode_move+0x2da/0x910
[ 58.807180][ T5315] ? __mark_inode_dirty+0x3db/0xe90
[ 58.809173][ T5315] hfsplus_brec_remove+0x42c/0x4f0
[ 58.811213][ T5315] __hfsplus_delete_attr+0x275/0x450
[ 58.813274][ T5315] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 58.815578][ T5315] ? hfsplus_find_init+0x85/0x1c0
[ 58.817415][ T5315] hfsplus_delete_attr+0x353/0x4b0
[ 58.819403][ T5315] ? __pfx_hfsplus_delete_attr+0x10/0x10
[ 58.821887][ T5315] ? hfsplus_find_init+0x85/0x1c0
[ 58.823901][ T5315] ? hfsplus_find_init+0x14a/0x1c0
[ 58.825836][ T5315] __hfsplus_setxattr+0x801/0x22d0
[ 58.827826][ T5315] ? kernel_text_address+0xa7/0xe0
[ 58.829840][ T5315] ? arch_stack_walk+0xfd/0x150
[ 58.831735][ T5315] ? __pfx___hfsplus_setxattr+0x10/0x10
[ 58.833576][ T5315] ? __pfx_stack_trace_save+0x10/0x10
[ 58.835488][ T5315] ? stack_depot_save_flags+0x37/0x940
[ 58.837379][ T5315] ? __kasan_kmalloc+0x98/0xb0
[ 58.839292][ T5315] ? __kmalloc_cache_noprof+0x243/0x390
[ 58.841367][ T5315] ? hfsplus_setxattr+0x68/0xe0
[ 58.843173][ T5315] hfsplus_setxattr+0xb0/0xe0
[ 58.845015][ T5315] hfsplus_user_setxattr+0x40/0x60
[ 58.846965][ T5315] ? __pfx_hfsplus_user_setxattr+0x10/0x10
[ 58.849137][ T5315] __vfs_removexattr+0x42a/0x460
[ 58.850967][ T5315] __vfs_removexattr_locked+0x206/0x450
[ 58.853076][ T5315] vfs_removexattr+0x103/0x2b0
[ 58.854966][ T5315] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 58.857190][ T5315] ? __pfx_vfs_removexattr+0x10/0x10
[ 58.859187][ T5315] path_removexattrat+0x32e/0x670
[ 58.861130][ T5315] ? __pfx_path_removexattrat+0x10/0x10
[ 58.863093][ T5315] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 58.865510][ T5315] ? exc_page_fault+0x590/0x8b0
[ 58.867476][ T5315] __x64_sys_removexattr+0x62/0x70
[ 58.869456][ T5315] do_syscall_64+0xf3/0x230
[ 58.871294][ T5315] ? clear_bhb_loop+0x35/0x90
[ 58.873149][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 58.875391][ T5315] RIP: 0033:0x7f8cff985d29
[ 58.877142][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 58.884218][ T5315] RSP: 002b:00007f8d00826038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[ 58.887426][ T5315] RAX: ffffffffffffffda RBX: 00007f8cffb76160 RCX: 00007f8cff985d29
[ 58.890496][ T5315] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[ 58.893448][ T5315] RBP: 00007f8cffa01b08 R08: 0000000000000000 R09: 0000000000000000
[ 58.896352][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 58.898976][ T5315] R13: 0000000000000001 R14: 00007f8cffb76160 R15: 00007fffc173b1f8
[ 58.902011][ T5315]
[ 58.903220][ T5315] ==================================================================
[ 58.916864][ T5315] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 58.919339][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[ 58.923194][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 58.927512][ T5315] Call Trace:
[ 58.928863][ T5315]
[ 58.930048][ T5315] dump_stack_lvl+0x241/0x360
[ 58.931926][ T5315] ? __pfx_dump_stack_lvl+0x10/0x10
[ 58.933950][ T5315] ? __pfx__printk+0x10/0x10
[ 58.935668][ T5315] ? preempt_schedule+0xe1/0xf0
[ 58.937411][ T5315] ? vscnprintf+0x5d/0x90
[ 58.938888][ T5315] panic+0x349/0x880
[ 58.940356][ T5315] ? check_panic_on_warn+0x21/0xb0
[ 58.942352][ T5315] ? __pfx_panic+0x10/0x10
[ 58.944019][ T5315] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 58.946254][ T5315] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 58.948555][ T5315] ? print_report+0xe8/0x550
[ 58.950190][ T5315] check_panic_on_warn+0x86/0xb0
[ 58.951828][ T5315] ? hfsplus_bnode_dump+0x403/0xbb0
[ 58.953684][ T5315] end_report+0x77/0x160
[ 58.955258][ T5315] kasan_report+0x154/0x180
[ 58.957168][ T5315] ? hfsplus_bnode_dump+0x403/0xbb0
[ 58.959222][ T5315] ? hfsplus_bnode_dump+0x403/0xbb0
[ 58.961221][ T5315] kasan_check_range+0x282/0x290
[ 58.963173][ T5315] ? hfsplus_bnode_dump+0x403/0xbb0
[ 58.965094][ T5315] __asan_memcpy+0x29/0x70
[ 58.967006][ T5315] hfsplus_bnode_dump+0x403/0xbb0
[ 58.968868][ T5315] ? __pfx_hfsplus_bnode_dump+0x10/0x10
[ 58.970790][ T5315] ? hfsplus_bnode_write_u16+0x9b/0xf0
[ 58.972668][ T5315] ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[ 58.974959][ T5315] ? rcu_is_watching+0x15/0xb0
[ 58.976774][ T5315] ? hfsplus_bnode_move+0x2da/0x910
[ 58.978656][ T5315] ? __mark_inode_dirty+0x3db/0xe90
[ 58.980677][ T5315] hfsplus_brec_remove+0x42c/0x4f0
[ 58.982730][ T5315] __hfsplus_delete_attr+0x275/0x450
[ 58.984795][ T5315] ? __pfx___hfsplus_delete_attr+0x10/0x10
[ 58.987148][ T5315] ? hfsplus_find_init+0x85/0x1c0
[ 58.989144][ T5315] hfsplus_delete_attr+0x353/0x4b0
[ 58.990993][ T5315] ? __pfx_hfsplus_delete_attr+0x10/0x10
[ 58.993000][ T5315] ? hfsplus_find_init+0x85/0x1c0
[ 58.994831][ T5315] ? hfsplus_find_init+0x14a/0x1c0
[ 58.996372][ T5315] __hfsplus_setxattr+0x801/0x22d0
[ 58.998104][ T5315] ? kernel_text_address+0xa7/0xe0
[ 58.999941][ T5315] ? arch_stack_walk+0xfd/0x150
[ 59.001671][ T5315] ? __pfx___hfsplus_setxattr+0x10/0x10
[ 59.003674][ T5315] ? __pfx_stack_trace_save+0x10/0x10
[ 59.005820][ T5315] ? stack_depot_save_flags+0x37/0x940
[ 59.008008][ T5315] ? __kasan_kmalloc+0x98/0xb0
[ 59.009941][ T5315] ? __kmalloc_cache_noprof+0x243/0x390
[ 59.012135][ T5315] ? hfsplus_setxattr+0x68/0xe0
[ 59.014001][ T5315] hfsplus_setxattr+0xb0/0xe0
[ 59.015881][ T5315] hfsplus_user_setxattr+0x40/0x60
[ 59.017890][ T5315] ? __pfx_hfsplus_user_setxattr+0x10/0x10
[ 59.020083][ T5315] __vfs_removexattr+0x42a/0x460
[ 59.022261][ T5315] __vfs_removexattr_locked+0x206/0x450
[ 59.024389][ T5315] vfs_removexattr+0x103/0x2b0
[ 59.026011][ T5315] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 59.028134][ T5315] ? __pfx_vfs_removexattr+0x10/0x10
[ 59.030243][ T5315] path_removexattrat+0x32e/0x670
[ 59.032219][ T5315] ? __pfx_path_removexattrat+0x10/0x10
[ 59.034503][ T5315] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 59.037041][ T5315] ? exc_page_fault+0x590/0x8b0
[ 59.038879][ T5315] __x64_sys_removexattr+0x62/0x70
[ 59.040846][ T5315] do_syscall_64+0xf3/0x230
[ 59.042621][ T5315] ? clear_bhb_loop+0x35/0x90
[ 59.044363][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.046553][ T5315] RIP: 0033:0x7f8cff985d29
[ 59.048201][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 59.055238][ T5315] RSP: 002b:00007f8d00826038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[ 59.057914][ T5315] RAX: ffffffffffffffda RBX: 00007f8cffb76160 RCX: 00007f8cff985d29
[ 59.060354][ T5315] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[ 59.062722][ T5315] RBP: 00007f8cffa01b08 R08: 0000000000000000 R09: 0000000000000000
[ 59.065296][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 59.067783][ T5315] R13: 0000000000000001 R14: 00007f8cffb76160 R15: 00007fffc173b1f8
[ 59.070457][ T5315]
[ 59.071979][ T5315] Kernel Offset: disabled
[ 59.073656][ T5315] Rebooting in 86400 seconds..