program: r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000180)=0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0x0, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000300)={0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000000c0)={0x0, 0x0, r5, 0x0}) ioctl$DRM_IOCTL_MODE_DIRTYFB(r4, 0xc01864b1, &(0x7f0000000080)={r6, 0x2, 0x4, 0x1, &(0x7f00000004c0)=[{0x8, 0x8d, 0x10d3, 0x1}]}) r7 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r8 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r7, 0xc06864a2, &(0x7f00000008c0)={0x0, 0x60, r9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d20bddda7d1db9342de76eec7967fe97751f13a23aeaacb0565c1c2251560ed1"}}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000140)={&(0x7f0000000040)=[r6, r9, 0x0], 0x3, 0x80000}) r10 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=@newqdisc={0xac, 0x24, 0xd0f, 0x200100, 0x0, {0x60, 0x0, 0x0, r12, {}, {0xffff, 0xfff2}, {0xf}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x7c, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x3ff, 0x1f62, 0x555, 0x7, 0xb7, 0x3, 0x5, 0x9, 0x9, 0x7ff, 0x1a, 0x4, 0xf, 0xa, 0xa, 0x3}}, @TCA_GRED_PARMS={0x38, 0x1, {0xf, 0x5, 0x8, 0x4, 0x0, 0x8, 0x0, 0x272f, 0x10001, 0x1, 0x9, 0x1f, 0xa, 0x9, 0xfffffff7, 0x5}}, @TCA_GRED_MAX_P={0x8, 0x4, 0x1}]}}]}, 0xac}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) syz_mount_image$hfs(&(0x7f0000001600), &(0x7f0000000000)='./file1\x00', 0x2000002, &(0x7f00000000c0)={[{@file_umask={'file_umask', 0x3d, 0x1}}, {@type={'type', 0x3d, "7763e6ef"}}, {@iocharset={'iocharset', 0x3d, 'iso8859-13'}}, {@part={'part', 0x3d, 0x8831}}, {@part={'part', 0x3d, 0x6}}]}, 0x1, 0x313, &(0x7f0000000740)="$eJzs3bFu004cB/DvnZ02+bfq37RFSCygQiVYKgoMiCUIZWVnQkCTShVWEW2RgIW0YkQ8ADuvwEOwgHgBYGHiATogHbrz2bHji+OIuCHp9yO1upzvzr/Ddvw7S9QgolPrbuvbhxs/9Y8APHgAbgMSQB3wAZzFufrz3YOdg7DTLhrIMz30j0DUU+TabO12XF3rvu1hBfqTj8V0HVVDKXXne+nW9UpjockxV7+DBObtdWi2T+sZ0D+5LnBhQqGM1+FS6abpfwNxjGO8QPnOREQ0k+z9X9rbxKKpEpASWLe3/am+/6OR/Xg8qTiqcTPMVanCDqn7v8nulNDH93+zqbfeM0s4vV3Gq8QywdT6Ps8hOrMyOZhwryp/qIiNRTa2d3xsbB2iLXGEppXqsGp+t6NTNxZH60xpgTXH2rTA4LnXcO+/aDY6o2z0b45D2t4JO/O64Ih/ZbQ9/j3xSXwRD0SA92gn+Z+vhD5M5kgFfUdK1nT81waPuGB66Vawy/5msykzTc6YnZy3e7CGzLLuXpGkx4wfEHSTCBxxHsUF03oZ2ccK0ew2XTsQvcFXXL2C5FO+r5nnaqaXZ8+Eja2nYeGjlGrEUxTvxH2xhl/4iFYq/5c6vnWkrsyir3phWtozI5rPnLulb1oGuTtHNyldTCKw5keeGwEjPi17i8e4haX9l6+eeGHY2dOFR47Cs8U9YWtqbwBnm3xhDsPbjFLwUNAG3V6NuXm8VqrsyGpcEboKV8c6oAf8VkpFNfrycTXWV1lSIyua1ykq+HBtan1G0QlZaSFOXcYyoE60Bmyq5DuK/jH7Ij7otiKXxNKM03mXiNZ/JpO3WZ35ntG/goI8vXiRicyIm8kKLpsKLrtylyFrg4XBK7jUHq8PWDOaNdelK8DlVKVAb4+OXDYwcc4M0cJXPOTzfyIiIiIiIiIiIiIiIiIiIiIiIiKiaXMS/2Nh0nMkIiIiIiIiIiIiIiIiIiIiIiIiIiIiIpp25d//2+i9qcn1N+LN+3+Doe//zbwA2L4oyvw5cL7/l+jE/QkAAP//4eN/1g==") [ 77.186177][ T5310] Bluetooth: hci0: command tx timeout [ 77.191830][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 77.194455][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.258232][ T5327] loop0: detected capacity change from 0 to 64 [ 77.277270][ T5327] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 77.281997][ T5327] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 77.285334][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00050-gfc444ada1310 #0 [ 77.289332][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.293206][ T5327] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 77.295321][ T5327] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 d4 09 82 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 77.302653][ T5327] RSP: 0018:ffffc9000d3b7400 EFLAGS: 00010202 [ 77.305045][ T5327] RAX: 1ffff92001a76e9f RBX: ffffc9000d3b74f8 RCX: 0000000000100000 [ 77.308110][ T5327] RDX: ffffc9000e99a000 RSI: 0000000000003142 RDI: ffffc9000d3b74f0 [ 77.311182][ T5327] RBP: 0000000000000000 R08: ffffffff82a83a8f R09: 0000000000000000 [ 77.314162][ T5327] R10: ffffc9000d3b74e0 R11: fffff52001a76ea3 R12: ffffc9000d3b74e0 [ 77.317203][ T5327] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 77.320519][ T5327] FS: 00007fb17854c6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 77.323794][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.326361][ T5327] CR2: 00007fb16b607c00 CR3: 000000004035c000 CR4: 0000000000352ef0 [ 77.329446][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.332341][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.335238][ T5327] Call Trace: [ 77.336531][ T5327] [ 77.337660][ T5327] ? __die_body+0x5f/0xb0 [ 77.339289][ T5327] ? die_addr+0xb0/0xe0 [ 77.340847][ T5327] ? exc_general_protection+0x3dd/0x5d0 [ 77.343076][ T5327] ? asm_exc_general_protection+0x26/0x30 [ 77.345210][ T5327] ? hfs_get_block+0x3bf/0xb60 [ 77.347050][ T5327] ? hfs_find_init+0x72/0x1f0 [ 77.349423][ T5327] hfs_get_block+0x4f4/0xb60 [ 77.351234][ T5327] ? __pfx_hfs_get_block+0x10/0x10 [ 77.353128][ T5327] ? _raw_spin_unlock+0x28/0x50 [ 77.355083][ T5327] ? create_empty_buffers+0x471/0x530 [ 77.357132][ T5327] block_read_full_folio+0x3ee/0xae0 [ 77.359037][ T5327] ? __pfx_hfs_get_block+0x10/0x10 [ 77.360881][ T5327] ? __pfx_block_read_full_folio+0x10/0x10 [ 77.363134][ T5327] filemap_read_folio+0x148/0x3b0 [ 77.365421][ T5327] ? __pfx_hfs_read_folio+0x10/0x10 [ 77.367612][ T5327] ? __pfx_filemap_read_folio+0x10/0x10 [ 77.369861][ T5327] ? __filemap_get_folio+0x9a8/0xae0 [ 77.371832][ T5327] do_read_cache_folio+0x373/0x5b0 [ 77.373768][ T5327] ? __pfx_hfs_read_folio+0x10/0x10 [ 77.375744][ T5327] ? do_raw_spin_unlock+0x58/0x8b0 [ 77.377768][ T5327] read_cache_page+0x5b/0x170 [ 77.379628][ T5327] hfs_btree_open+0x506/0xf40 [ 77.381443][ T5327] hfs_mdb_get+0x1492/0x2200 [ 77.383218][ T5327] ? __pfx_hfs_mdb_get+0x10/0x10 [ 77.385118][ T5327] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 77.387430][ T5327] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 77.389722][ T5327] ? __raw_spin_lock_init+0x45/0x100 [ 77.391715][ T5327] hfs_fill_super+0x38f/0x710 [ 77.393468][ T5327] ? __pfx_hfs_fill_super+0x10/0x10 [ 77.395703][ T5327] ? do_raw_spin_lock+0x14f/0x370 [ 77.397674][ T5327] ? sb_set_blocksize+0x98/0xf0 [ 77.399568][ T5327] ? setup_bdev_super+0x4e6/0x5d0 [ 77.401483][ T5327] get_tree_bdev_flags+0x48c/0x5c0 [ 77.403427][ T5327] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 77.405601][ T5327] ? __pfx_hfs_fill_super+0x10/0x10 [ 77.407628][ T5327] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 77.409751][ T5327] ? apparmor_capable+0x13b/0x1b0 [ 77.411894][ T5327] vfs_get_tree+0x90/0x2b0 [ 77.414055][ T5327] do_new_mount+0x2be/0xb40 [ 77.415913][ T5327] ? __pfx_do_new_mount+0x10/0x10 [ 77.417890][ T5327] __se_sys_mount+0x2d6/0x3c0 [ 77.419656][ T5327] ? __pfx___se_sys_mount+0x10/0x10 [ 77.421617][ T5327] ? do_syscall_64+0x100/0x230 [ 77.423415][ T5327] ? __x64_sys_mount+0x20/0xc0 [ 77.425270][ T5327] do_syscall_64+0xf3/0x230 [ 77.427092][ T5327] ? clear_bhb_loop+0x35/0x90 [ 77.428949][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.431212][ T5327] RIP: 0033:0x7fb17778e90a [ 77.432991][ T5327] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.440054][ T5327] RSP: 002b:00007fb17854be68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.443161][ T5327] RAX: ffffffffffffffda RBX: 00007fb17854bef0 RCX: 00007fb17778e90a [ 77.446210][ T5327] RDX: 0000400000001600 RSI: 0000400000000000 RDI: 00007fb17854beb0 [ 77.449164][ T5327] RBP: 0000400000001600 R08: 00007fb17854bef0 R09: 0000000002000002 [ 77.452097][ T5327] R10: 0000000002000002 R11: 0000000000000246 R12: 0000400000000000 [ 77.455075][ T5327] R13: 00007fb17854beb0 R14: 0000000000000313 R15: 00004000000000c0 [ 77.457932][ T5327] [ 77.459123][ T5327] Modules linked in: [ 77.462258][ T5327] ---[ end trace 0000000000000000 ]--- [ 77.478318][ T5327] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 77.481774][ T5327] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 d4 09 82 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 77.488948][ T5327] RSP: 0018:ffffc9000d3b7400 EFLAGS: 00010202 [ 77.492082][ T5327] RAX: 1ffff92001a76e9f RBX: ffffc9000d3b74f8 RCX: 0000000000100000 [ 77.494877][ T5327] RDX: ffffc9000e99a000 RSI: 0000000000003142 RDI: ffffc9000d3b74f0 [ 77.497778][ T5327] RBP: 0000000000000000 R08: ffffffff82a83a8f R09: 0000000000000000 [ 77.501434][ T5327] R10: ffffc9000d3b74e0 R11: fffff52001a76ea3 R12: ffffc9000d3b74e0 [ 77.504314][ T5327] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 77.507086][ T5327] FS: 00007fb17854c6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 77.510255][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.513292][ T5327] CR2: 000056064bf207e8 CR3: 000000004035c000 CR4: 0000000000352ef0 [ 77.516300][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.519145][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.522516][ T5327] Kernel panic - not syncing: Fatal exception [ 77.525004][ T5327] Kernel Offset: disabled [ 77.526593][ T5327] Rebooting in 86400 seconds..