program:
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x0, 0x0) (async)
r0 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x1, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm")
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0x40000582)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) (async)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') (async)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mremap(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000580000/0x4000)=nil)
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f00000004c0)={0x0, "357e6a7fc39729dc992cef1816e8fc73"})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
mremap(&(0x7f0000580000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00007ff000/0x2000)=nil)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r0, 0xc0884123, &(0x7f00000003c0)={0x0, "7d6608b2189fd8c012813706ea8c4d7bad7ba431f594588c014b62527ab4d67c1a26e23d0228134dee08d319a8ab097bc824231a4a2b41f2452a58019fbe7d39", {0x10001, 0xfffffffffffffff9}})
syz_usb_connect(0x0, 0x3f, 0x0, 0x0) (async)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)

[   72.057301][ T4674] Bluetooth: hci0: command tx timeout
[   72.144400][ T5328] loop0: detected capacity change from 0 to 1024
[   72.202718][ T5328] hfsplus: request for non-existent node 134217728 in B*Tree
[   72.205573][ T5328] hfsplus: request for non-existent node 134217728 in B*Tree
[   72.210710][ T5329] ==================================================================
[   72.213676][ T5329] BUG: KASAN: wild-memory-access in hfsplus_bnode_dump+0x403/0xbb0
[   72.216611][ T5329] Read of size 2 at addr 000508800000103e by task syz.0.0/5329
[   72.219364][ T5329] 
[   72.220281][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00099-g7758b206117d #0
[   72.223943][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.227695][ T5329] Call Trace:
[   72.228896][ T5329]  <TASK>
[   72.229906][ T5329]  dump_stack_lvl+0x241/0x360
[   72.231542][ T5329]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.233328][ T5329]  ? __pfx__printk+0x10/0x10
[   72.234917][ T5329]  ? _printk+0xd5/0x120
[   72.236408][ T5329]  print_report+0xe8/0x550
[   72.237954][ T5329]  ? __virt_addr_valid+0x58/0x530
[   72.239670][ T5329]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.241462][ T5329]  kasan_report+0x143/0x180
[   72.243111][ T5329]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.244875][ T5329]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.246661][ T5329]  kasan_check_range+0x282/0x290
[   72.248362][ T5329]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.250252][ T5329]  __asan_memcpy+0x29/0x70
[   72.251788][ T5329]  hfsplus_bnode_dump+0x403/0xbb0
[   72.253529][ T5329]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   72.255430][ T5329]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   72.257298][ T5329]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   72.259382][ T5329]  ? rcu_is_watching+0x15/0xb0
[   72.261015][ T5329]  ? hfsplus_bnode_move+0x2da/0x910
[   72.262778][ T5329]  ? __mark_inode_dirty+0x3db/0xe90
[   72.264563][ T5329]  hfsplus_brec_remove+0x42c/0x4f0
[   72.266311][ T5329]  __hfsplus_delete_attr+0x275/0x450
[   72.268073][ T5329]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   72.270050][ T5329]  hfsplus_delete_attr+0x353/0x4b0
[   72.271918][ T5329]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   72.273914][ T5329]  ? hfsplus_find_init+0x85/0x1c0
[   72.275701][ T5329]  ? hfsplus_find_init+0x14a/0x1c0
[   72.277560][ T5329]  __hfsplus_setxattr+0x801/0x22d0
[   72.279424][ T5329]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.281595][ T5329]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   72.283681][ T5329]  ? lockdep_hardirqs_on+0x99/0x150
[   72.285468][ T5329]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   72.287548][ T5329]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   72.289727][ T5329]  ? stack_depot_save_flags+0x6e4/0x830
[   72.291671][ T5329]  ? __kasan_kmalloc+0x98/0xb0
[   72.293303][ T5329]  ? hfsplus_setxattr+0x68/0xe0
[   72.294911][ T5329]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[   72.296769][ T5329]  hfsplus_setxattr+0xb0/0xe0
[   72.298481][ T5329]  hfsplus_user_setxattr+0x40/0x60
[   72.300339][ T5329]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   72.302421][ T5329]  __vfs_removexattr+0x42a/0x460
[   72.304188][ T5329]  __vfs_removexattr_locked+0x206/0x450
[   72.306162][ T5329]  vfs_removexattr+0x103/0x2b0
[   72.307911][ T5329]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   72.310080][ T5329]  ? __pfx_vfs_removexattr+0x10/0x10
[   72.312020][ T5329]  path_removexattr+0x284/0x3a0
[   72.313758][ T5329]  ? __pfx_path_removexattr+0x10/0x10
[   72.315632][ T5329]  ? do_futex+0x33b/0x560
[   72.317177][ T5329]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.319445][ T5329]  ? do_syscall_64+0x100/0x230
[   72.321255][ T5329]  __x64_sys_removexattr+0x60/0x70
[   72.323089][ T5329]  do_syscall_64+0xf3/0x230
[   72.324831][ T5329]  ? clear_bhb_loop+0x35/0x90
[   72.326647][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.328901][ T5329] RIP: 0033:0x7f09adb7e719
[   72.330689][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.337694][ T5329] RSP: 002b:00007f09ae9e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   72.340647][ T5329] RAX: ffffffffffffffda RBX: 00007f09add36058 RCX: 00007f09adb7e719
[   72.343396][ T5329] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[   72.346099][ T5329] RBP: 00007f09adbf139e R08: 0000000000000000 R09: 0000000000000000
[   72.349046][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   72.352034][ T5329] R13: 0000000000000000 R14: 00007f09add36058 R15: 00007ffc4e0757f8
[   72.355029][ T5329]  </TASK>
[   72.356116][ T5329] ==================================================================
[   72.368049][ T5329] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   72.370689][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00099-g7758b206117d #0
[   72.374372][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.378193][ T5329] Call Trace:
[   72.379367][ T5329]  <TASK>
[   72.380483][ T5329]  dump_stack_lvl+0x241/0x360
[   72.382140][ T5329]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.384091][ T5329]  ? __pfx__printk+0x10/0x10
[   72.385775][ T5329]  ? preempt_schedule+0xe1/0xf0
[   72.387474][ T5329]  ? vscnprintf+0x5d/0x90
[   72.389050][ T5329]  panic+0x349/0x880
[   72.390490][ T5329]  ? check_panic_on_warn+0x21/0xb0
[   72.392292][ T5329]  ? __pfx_panic+0x10/0x10
[   72.393983][ T5329]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   72.396110][ T5329]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   72.398455][ T5329]  ? print_report+0xe8/0x550
[   72.400145][ T5329]  check_panic_on_warn+0x86/0xb0
[   72.401867][ T5329]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.403747][ T5329]  end_report+0x77/0x160
[   72.405224][ T5329]  kasan_report+0x154/0x180
[   72.406861][ T5329]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.408784][ T5329]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.410597][ T5329]  kasan_check_range+0x282/0x290
[   72.412363][ T5329]  ? hfsplus_bnode_dump+0x403/0xbb0
[   72.414291][ T5329]  __asan_memcpy+0x29/0x70
[   72.415993][ T5329]  hfsplus_bnode_dump+0x403/0xbb0
[   72.417876][ T5329]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   72.419964][ T5329]  ? hfsplus_bnode_write_u16+0x9b/0xf0
[   72.421892][ T5329]  ? __pfx_hfsplus_bnode_write_u16+0x10/0x10
[   72.424011][ T5329]  ? rcu_is_watching+0x15/0xb0
[   72.425894][ T5329]  ? hfsplus_bnode_move+0x2da/0x910
[   72.427853][ T5329]  ? __mark_inode_dirty+0x3db/0xe90
[   72.429662][ T5329]  hfsplus_brec_remove+0x42c/0x4f0
[   72.431464][ T5329]  __hfsplus_delete_attr+0x275/0x450
[   72.433340][ T5329]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   72.435444][ T5329]  hfsplus_delete_attr+0x353/0x4b0
[   72.437257][ T5329]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   72.439283][ T5329]  ? hfsplus_find_init+0x85/0x1c0
[   72.441117][ T5329]  ? hfsplus_find_init+0x14a/0x1c0
[   72.442871][ T5329]  __hfsplus_setxattr+0x801/0x22d0
[   72.444669][ T5329]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.446964][ T5329]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   72.449117][ T5329]  ? lockdep_hardirqs_on+0x99/0x150
[   72.450877][ T5329]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   72.452782][ T5329]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   72.454872][ T5329]  ? stack_depot_save_flags+0x6e4/0x830
[   72.456806][ T5329]  ? __kasan_kmalloc+0x98/0xb0
[   72.458467][ T5329]  ? hfsplus_setxattr+0x68/0xe0
[   72.460236][ T5329]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[   72.462158][ T5329]  hfsplus_setxattr+0xb0/0xe0
[   72.463816][ T5329]  hfsplus_user_setxattr+0x40/0x60
[   72.465663][ T5329]  ? __pfx_hfsplus_user_setxattr+0x10/0x10
[   72.467867][ T5329]  __vfs_removexattr+0x42a/0x460
[   72.469630][ T5329]  __vfs_removexattr_locked+0x206/0x450
[   72.471602][ T5329]  vfs_removexattr+0x103/0x2b0
[   72.473330][ T5329]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   72.475406][ T5329]  ? __pfx_vfs_removexattr+0x10/0x10
[   72.477382][ T5329]  path_removexattr+0x284/0x3a0
[   72.479153][ T5329]  ? __pfx_path_removexattr+0x10/0x10
[   72.481062][ T5329]  ? do_futex+0x33b/0x560
[   72.482634][ T5329]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.484815][ T5329]  ? do_syscall_64+0x100/0x230
[   72.486427][ T5329]  __x64_sys_removexattr+0x60/0x70
[   72.488271][ T5329]  do_syscall_64+0xf3/0x230
[   72.489813][ T5329]  ? clear_bhb_loop+0x35/0x90
[   72.491475][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.493596][ T5329] RIP: 0033:0x7f09adb7e719
[   72.495254][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.501875][ T5329] RSP: 002b:00007f09ae9e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   72.504925][ T5329] RAX: ffffffffffffffda RBX: 00007f09add36058 RCX: 00007f09adb7e719
[   72.507901][ T5329] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
[   72.510796][ T5329] RBP: 00007f09adbf139e R08: 0000000000000000 R09: 0000000000000000
[   72.513788][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   72.516818][ T5329] R13: 0000000000000000 R14: 00007f09add36058 R15: 00007ffc4e0757f8
[   72.519807][ T5329]  </TASK>
[   72.521281][ T5329] Kernel Offset: disabled
[   72.522950][ T5329] Rebooting in 86400 seconds..