program:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x689, &(0x7f0000000440)="$eJzs3c1vHGcdB/DvrNdvQUrdNkkLqoTVSAVhkfhFLphLAwfkQ4WqcKiQuFiJ01jZuJXtIrdCYN6vHPoHlIMPSFxA4h6pSBwQcKu4WRxQJSQuOfkWNLOz9jp+ydrxSwyfjzW7z+zzOr+deWZnV9YE+L81O5bmgxSZHXtztVzfWJ9qbaxPDdbZrSRlupE0208pFpPik+RG2ks+X75Yly/26+ejhZmbnz7c+Ky91qyXqnzjoHq9WauXjCbpq5936z9Se7f2be9gc1upYmsLy4Bd7QQOztqjXdYOU/0pj1vgWVC0z5u7jCQXkgzVnwNSzw6N0x3d8TvULAcAAADn1HOb2cxqLp71OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA8qe//X9RLo5MeTdG5//9A/Vrq9M3GGY/5aTw46wEAAAAAAAAAwDH44mY2s5qLqX/cf9T+Zf/V6vFS9fi5vJ/lzGcp17KauaxkJUuZSDLS1dDA6tzKytJEDzUn96w5ebTx//5o1QAAAAAAAADgf81PM9v+/R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4VRdLXfqqWS530SBrNJENJBspya8nfO+ln22AnUeyV++BUxwIAAABPb+gIdZ7bzGZWc7Gz/qiorvmvVNfLQ3k/i1nJQlbSynxu19fQ5VV/Y2N9qrWxPnV/Y32q6vj7j9ra7XzzP4caRtVi2t897N3zy1WJ4dzJQvXKtdyqBnM7japm6eV6PFvLzk5+Uo5p+I1ajyO7XT+Xnf16v28RjkPjsBVGqkr9WxEZr8dWNvT8wZF44rvTPLCniTS2vvm5dEBPnU0qDhnzC516SX75WMzf+Ndvv9djMydgKxKNVJGY7Nr7rhwc8+RLf/zd23dbi/fu3lkeO7Hd6LQ8vk9MdUXipXMdieYhy49Xkbi8tT6bb+e7Gcto3spSFvKDzGUl86lnxszV+3P5ONIVpWRXpG7sWHvrSSMZqN+X9izay5hGM1il5vJqVfdiFlLk3dzOfF6v/iYzka9lOtOZ6XqHL+/7DlfbVs20jcMd9Ve/nO1D/VflTN1bveTPvRY8vPYptYzr811x7Z5zR6q87le2o/RCD+ejQ86NzS/UibKPnx3ltHFiHo/ERFckXjw4Er+pjo3l1uK9pbtz7+3T/tpj66/1b6d/caQz80lNPeX+8kKG6plk595R5r24NcvsjNdA/YtLO6+xK+9ylVcUnSP1O3scqWXEZ6rSV/ZsabLKe2l3Xl898n/8sytvx+etvPvXEwoYAMfrwlcuDAz/e/hvwx8P/3z47vCbQ98a/PrgKwPp/1P/N5rjfa81Xin+kI/zo+3rfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4OiWP/jw3lyrNb+0d6Kxf9bxJor6tjz7lWlmOKcwjNNMFMnasbecs9+uHhKdmwg+bTtv33gmNudcJ/qS1K/8ONnef+q36Cg3FwXOhesr99+7vvzBh19duD/3zvw784v909Mz4zPTr09dv7PQmh9vP571KIGTsP15oMcK/Sc8IAAAAAAAAAAAAOCJ9vrHgL8c838adHU3eoabCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxTs2Np9qfIxPi18XJ9Y32qVS6d9HbJZpJGIyl+mBSfJDfSXjLS1VyxXz8fLczc/PThxmfbbTU75RsH1evNWr1kNElf/bzLwNHau7Vfez0rtrawDNjVTuDgrP03AAD//8rJBy0=")
r1 = inotify_init1(0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_NAN(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r2, 0x400, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x400, 0x5c}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0xc}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x6}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xc}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x4048001)
inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) (async)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[   69.177157][   T48] Bluetooth: hci0: command tx timeout
[   69.248948][ T5317] loop0: detected capacity change from 0 to 1024
[   69.302101][ T5318] hfsplus: request for non-existent node 134217728 in B*Tree
[   69.304847][ T5318] hfsplus: request for non-existent node 134217728 in B*Tree
[   69.310396][ T5317] ==================================================================
[   69.313174][ T5317] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   69.316186][ T5317] Read of size 2 at addr 000508800000103e by task syz.0.0/5317
[   69.319059][ T5317] 
[   69.319971][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0
[   69.319986][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.319992][ T5317] Call Trace:
[   69.319999][ T5317]  <TASK>
[   69.320004][ T5317]  dump_stack_lvl+0x241/0x360
[   69.320022][ T5317]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.320033][ T5317]  ? __pfx__printk+0x10/0x10
[   69.320048][ T5317]  ? _printk+0xd5/0x120
[   69.320064][ T5317]  print_report+0xe8/0x550
[   69.320080][ T5317]  ? __virt_addr_valid+0x58/0x530
[   69.320098][ T5317]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.320111][ T5317]  kasan_report+0x143/0x180
[   69.320124][ T5317]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.320136][ T5317]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.320149][ T5317]  kasan_check_range+0x282/0x290
[   69.320167][ T5317]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.320184][ T5317]  __asan_memcpy+0x29/0x70
[   69.320196][ T5317]  hfsplus_bnode_dump+0x403/0xbb0
[   69.320212][ T5317]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   69.320226][ T5317]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   69.320240][ T5317]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   69.320253][ T5317]  ? rcu_is_watching+0x15/0xb0
[   69.320263][ T5317]  ? hfsplus_bnode_move+0x2da/0x910
[   69.320275][ T5317]  ? __mark_inode_dirty+0x3db/0xe90
[   69.320286][ T5317]  hfsplus_brec_remove+0x42c/0x4f0
[   69.320302][ T5317]  __hfsplus_delete_attr+0x275/0x450
[   69.320314][ T5317]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   69.320324][ T5317]  ? hfsplus_find_init+0x85/0x1c0
[   69.320339][ T5317]  hfsplus_delete_attr+0x353/0x4b0
[   69.320350][ T5317]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   69.320361][ T5317]  ? hfsplus_find_init+0x85/0x1c0
[   69.320376][ T5317]  ? hfsplus_find_init+0x14a/0x1c0
[   69.320390][ T5317]  __hfsplus_setxattr+0x801/0x22d0
[   69.320403][ T5317]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.320417][ T5317]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   69.320468][ T5317]  ? lockdep_hardirqs_on+0x99/0x150
[   69.320480][ T5317]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   69.320489][ T5317]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.320500][ T5317]  ? stack_depot_save_flags+0x7b4/0x940
[   69.320522][ T5317]  ? __kasan_kmalloc+0x98/0xb0
[   69.320535][ T5317]  ? __kmalloc_cache_noprof+0x243/0x390
[   69.320546][ T5317]  ? hfsplus_setxattr+0x68/0xe0
[   69.320557][ T5317]  hfsplus_setxattr+0xb0/0xe0
[   69.320568][ T5317]  hfsplus_user_setxattr+0x40/0x60
[   69.320580][ T5317]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   69.320590][ T5317]  __vfs_removexattr+0x42a/0x460
[   69.320607][ T5317]  __vfs_removexattr_locked+0x206/0x450
[   69.320624][ T5317]  vfs_removexattr+0x103/0x2b0
[   69.320638][ T5317]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   69.320650][ T5317]  ? __pfx_vfs_removexattr+0x10/0x10
[   69.320666][ T5317]  path_removexattrat+0x32e/0x670
[   69.320679][ T5317]  ? __pfx_path_removexattrat+0x10/0x10
[   69.320691][ T5317]  ? do_futex+0x33b/0x560
[   69.320710][ T5317]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.320725][ T5317]  ? do_syscall_64+0x100/0x230
[   69.320741][ T5317]  __x64_sys_removexattr+0x62/0x70
[   69.320753][ T5317]  do_syscall_64+0xf3/0x230
[   69.320766][ T5317]  ? clear_bhb_loop+0x35/0x90
[   69.320781][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.320801][ T5317] RIP: 0033:0x7fdc9218cd29
[   69.320812][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.320822][ T5317] RSP: 002b:00007fdc8e5f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   69.320835][ T5317] RAX: ffffffffffffffda RBX: 00007fdc923a5fa0 RCX: 00007fdc9218cd29
[   69.320844][ T5317] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[   69.320852][ T5317] RBP: 00007fdc9220e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.320859][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.320866][ T5317] R13: 0000000000000000 R14: 00007fdc923a5fa0 R15: 00007ffe92dce218
[   69.320878][ T5317]  </TASK>
[   69.320882][ T5317] ==================================================================
[   69.478872][ T5317] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.481730][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0
[   69.485686][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.489550][ T5317] Call Trace:
[   69.490855][ T5317]  <TASK>
[   69.491948][ T5317]  dump_stack_lvl+0x241/0x360
[   69.493751][ T5317]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.495690][ T5317]  ? __pfx__printk+0x10/0x10
[   69.497246][ T5317]  ? preempt_schedule+0xe1/0xf0
[   69.498905][ T5317]  ? vscnprintf+0x5d/0x90
[   69.500283][ T5317]  panic+0x349/0x880
[   69.501694][ T5317]  ? check_panic_on_warn+0x21/0xb0
[   69.503530][ T5317]  ? __pfx_panic+0x10/0x10
[   69.504889][ T5317]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   69.506878][ T5317]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.509050][ T5317]  ? print_report+0xe8/0x550
[   69.510809][ T5317]  check_panic_on_warn+0x86/0xb0
[   69.512601][ T5317]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.514621][ T5317]  end_report+0x77/0x160
[   69.516262][ T5317]  kasan_report+0x154/0x180
[   69.518039][ T5317]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.519647][ T5317]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.521220][ T5317]  kasan_check_range+0x282/0x290
[   69.522985][ T5317]  ? hfsplus_bnode_dump+0x403/0xbb0
[   69.524828][ T5317]  __asan_memcpy+0x29/0x70
[   69.526491][ T5317]  hfsplus_bnode_dump+0x403/0xbb0
[   69.528322][ T5317]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   69.530716][ T5317]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   69.533206][ T5317]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   69.535992][ T5317]  ? rcu_is_watching+0x15/0xb0
[   69.538183][ T5317]  ? hfsplus_bnode_move+0x2da/0x910
[   69.540271][ T5317]  ? __mark_inode_dirty+0x3db/0xe90
[   69.542262][ T5317]  hfsplus_brec_remove+0x42c/0x4f0
[   69.544176][ T5317]  __hfsplus_delete_attr+0x275/0x450
[   69.546204][ T5317]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   69.548337][ T5317]  ? hfsplus_find_init+0x85/0x1c0
[   69.550188][ T5317]  hfsplus_delete_attr+0x353/0x4b0
[   69.551840][ T5317]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   69.553954][ T5317]  ? hfsplus_find_init+0x85/0x1c0
[   69.555841][ T5317]  ? hfsplus_find_init+0x14a/0x1c0
[   69.557748][ T5317]  __hfsplus_setxattr+0x801/0x22d0
[   69.559675][ T5317]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.561922][ T5317]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   69.563888][ T5317]  ? lockdep_hardirqs_on+0x99/0x150
[   69.565896][ T5317]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   69.567649][ T5317]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.569545][ T5317]  ? stack_depot_save_flags+0x7b4/0x940
[   69.571740][ T5317]  ? __kasan_kmalloc+0x98/0xb0
[   69.573583][ T5317]  ? __kmalloc_cache_noprof+0x243/0x390
[   69.575649][ T5317]  ? hfsplus_setxattr+0x68/0xe0
[   69.577805][ T5317]  hfsplus_setxattr+0xb0/0xe0
[   69.579979][ T5317]  hfsplus_user_setxattr+0x40/0x60
[   69.581704][ T5317]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   69.583770][ T5317]  __vfs_removexattr+0x42a/0x460
[   69.585583][ T5317]  __vfs_removexattr_locked+0x206/0x450
[   69.587619][ T5317]  vfs_removexattr+0x103/0x2b0
[   69.589471][ T5317]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   69.591652][ T5317]  ? __pfx_vfs_removexattr+0x10/0x10
[   69.593775][ T5317]  path_removexattrat+0x32e/0x670
[   69.595614][ T5317]  ? __pfx_path_removexattrat+0x10/0x10
[   69.597652][ T5317]  ? do_futex+0x33b/0x560
[   69.599145][ T5317]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.601565][ T5317]  ? do_syscall_64+0x100/0x230
[   69.603591][ T5317]  __x64_sys_removexattr+0x62/0x70
[   69.605547][ T5317]  do_syscall_64+0xf3/0x230
[   69.607268][ T5317]  ? clear_bhb_loop+0x35/0x90
[   69.608936][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.611072][ T5317] RIP: 0033:0x7fdc9218cd29
[   69.612671][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.619583][ T5317] RSP: 002b:00007fdc8e5f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   69.622566][ T5317] RAX: ffffffffffffffda RBX: 00007fdc923a5fa0 RCX: 00007fdc9218cd29
[   69.625404][ T5317] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[   69.628120][ T5317] RBP: 00007fdc9220e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.630942][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.633903][ T5317] R13: 0000000000000000 R14: 00007fdc923a5fa0 R15: 00007ffe92dce218
[   69.636760][ T5317]  </TASK>
[   69.638234][ T5317] Kernel Offset: disabled
[   69.639872][ T5317] Rebooting in 86400 seconds..