program: syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xf) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/229, 0xe5}], 0x1) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_mount_image$hfs(&(0x7f0000000340), &(0x7f0000000200)='./file0\x00', 0x3000010, &(0x7f0000000280)=ANY=[], 0x1, 0x25e, &(0x7f0000000980)="$eJzs3U9rE0EYx/HfbGPcaqlrWxE8VguepK0X8SJIXoQnUZsI1VBBK6gn8Sy+AO++BV+EJ/EN6MmTd3NbmdlJs93snxDNbhK/H8i6SfaZfSaTcecJlBWA/9bdzvdPN3/ah5FWtCLpthRICqWWpEu6HL48Oj487ve6ZQ2tuAj7MEoizdgxB0e9vNBw1Ud4kX3W0lr6NcxGHMfxj+nDx8cYC8nN/hyBdNbPTvd+WHtms/G26QRmLnc4T5iBBnql9drSAQDMJX/9D9R2/675tV0QSDv+sr9U1/9B0wk0LHX9d1VWbOz4XnBvjeo9t7y37wfDKnGac7WVLCRPrUhMVVXpcglWHx/2ezcOnvW7gd7pjpc6bMttu0nNOpTJNso0vV1atwTZF6bv+3nX3hnbh/2C/HOXaX/zaVcxX8xXc99E+qjuyfqvFRs7TG6kokxSSf67xS26XkbJUQW9vOhOcsWfwavoZVi8hG37Nk/9QBBV5emiNjJRSe/2pN9lUZu5UfsV59rKRo2+zcWRs2Y+mHtmW7/0WZ3U+j+wn/aOJpmZ9hh3pP9mlPan5Y7MzsA8Y/MOM/Rej3RL6y9ev3n6sN/vPV/+nTDzip2ac5EYO+zM307T/0GhDqNBbzoTNMSuu0xS/6XqlV1XItlNVLJOj6saT7W4V1AbbLjtudIKbrzZwgpugppr026uXpeuTX7GyOe5JExH3/SA3/8BAAAAAAAAAAAAAAAAAAAWTR1/TtB0HwEAAAAAAAAAAAAAAAAAAAAAWHT//P6/rSnu/ysX8WT4nPv/AvX4EwAA//94N4FN") r1 = socket$netlink(0x10, 0x3, 0x0) syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x800) ioctl$CEC_ADAP_G_CONNECTOR_INFO(0xffffffffffffffff, 0x8044610a, &(0x7f0000000400)={0x0, @raw}) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=ANY=[], 0x1c}], 0x1, 0x0, 0xfffffffffffffe81}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-ssse3\x00'}, 0x58) r3 = accept$alg(r2, 0x0, 0x0) sendmsg(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="5a2249d54a3029c7c67823b860a4960ba86c1b47d8157fc542fb3bf0310fc310e461f66e01fa030dadd9a3e4501d0390d9f346f42c0f4520241ed3301da6f9257bead461ef50f04a9ec5bdde3af82addad8a93c5ab16d65242ad90633e3b29a106510714430c0474ac45abdc0515e059f86790181f8d5a0a7073aef489c12661", 0x80}], 0x1}, 0x200020c5) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x18, 0x0, 0xffd, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) chroot(&(0x7f0000000040)='./file0\x00') syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x69c, &(0x7f0000001100)="$eJzs3UtsHGcdAPD/rHfX3oBSp03TgCphNVJBWCR+yCnmUoMQskSFqnJAHFfJplll41b2FjkRgvA+cOHQO0XCNy4gcQ8qZ+BCrz5WQuLSUwCJRfPY9a6fu07stcXvF81+3zffY775z8zO7qwiB/B/a3U2yo8jidXZNzbT8vbWYmt7a/F+Nx8RkxFRiijnSSRrEcmHESuRL/GZdGUxXHLQdt5vLr/10SfbH+elcrFk7UuH9dvjZmmflY+KJWYiYqJIn8LAeLd2jVcdebikt4dpwK51AwfjVomIzoDvXslP98ow3Ye/boEzK8nvm3su6OmICxExVXwOyO+K+T37XHs07gkAAADAKXjul9lX+IvjngcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ8Xf/0+KpdTNz0TS/fv/1WJdFPlz7fG4JwAAAAAAAAAAo/vmp3et+NyTeBKbcbFb7iTZb/6vZIXL2eun4r3YiEasx/XYjHq0ox3rMR8R01l9JXutbtbb7fX5IXou9HpGX8+FIfegdvydBwAAAAAAAIDzojxMo5WB0o9jdef3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAuSiIk8yZbL3fx0lMoRMRUR1bTdo4i/dvNn0q//1F/q/KeT2dPs8WnOCQAAAMbkuSfxJDbjYrfcSbLv/Fey7/1T8V6sRTua0Y5WNOJ29iwg/9Zf2t5abG1vLd5Pl73jfvWfI00jGzHyZw/7b/lq1qIWd6KZrbket+KdaMXtKGU9U1e789l/Xj9K55S8XhgMw4Ezu12k6Z7/Kioj7dVxJEO3nM4iks4oj8hc0TeNxqXDIzHi0eluqRv7+Sj1nvxcPnbM97GZJ6/9Nk/T/fn5SDE5absjsdB39l05PBIRn//j775zt7V2b/LOxuzZ2aURTPY9QdsdicW+SLw0bCTuntdI9JvLIvFir7wa34hvx2zMxJuxHs34XtSjHY2Yia9HPSaiXpzP6ev04ZFaGSi9edRMqtlxqRTvosPPqR31eCXrezGa8a14J25HI25m/xZiPl6LpViK5eII/70Y86irvjTsVZ+79oW+h8m/iIjacP1OQTqxS727U/9ZP5ddB5cG1uxcB88/y/fGXPmzRSbdxk+K9GzYHYn5vki8cHgkfpO9rWy01u6t362/O+T2Xi3S9Dr62Zm6S6Tny/PpwcpKg2dHWvfC7rqpPF7V4heXvG7wjpvWvdirO+pKrRaf4faOtJDVvbRv3WJWd7WvbuDz1kr+eQuAM+/CFy9Ua/+o/aX2Qe2ntbu1N6a+NvnlyZerUflz5SvluYlXSy8nf4gP4gc73/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDj23jw8F691Wqs78p0Op0fHlB1gplaRHTXRBzVqxJHtzmZTDUisky5mxltnMmhGld3js7rv3+aOVdG7RXxTAJVLk6yBw/v/avT6Zz6YdonUznknN/JdAp7qjpDdR9b5t+dZzfgmN+YgBN3o33/3RsbDx5+qXm//nbj7cba8tLS8tzy0s2/3bjTbDXm8tdxzxI4Cem9Pk1npsc9EwAAAAAAAAAAAGBYI//HgGP8j5cDNv3fU95VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4JxanZ0sctfn0tftrcVWunTzvYZZs1JEJN+PSD6MWIl8iem+4ZKDtvN+c/mtjz7Z/jgvlYsla18a6Fc5zl48KpaYiYiJIu039RTj3SrSY80sk/T2MA3YtW7gYNz+FwAA//9r2Q0k") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) creat(&(0x7f0000000080)='./file1\x00', 0x9) syz_open_dev$usbfs(&(0x7f0000000240), 0xe, 0x101301) pipe(&(0x7f0000002480)) socket$netlink(0x10, 0x3, 0xf) socket$netlink(0x10, 0x3, 0xf) socket$igmp(0x2, 0x3, 0x2) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r6 = dup(r5) dup(r6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000071121d000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) [ 69.742453][ T5304] Bluetooth: hci0: command tx timeout [ 70.034794][ T5322] loop0: detected capacity change from 0 to 64 [ 70.053865][ T5322] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 70.058424][ T5322] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 70.061415][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0 [ 70.065154][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.069049][ T5322] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 70.071097][ T5322] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b4 02 82 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 70.077995][ T5322] RSP: 0018:ffffc9000d34f400 EFLAGS: 00010202 [ 70.080204][ T5322] RAX: 1ffff92001a69e9f RBX: ffffc9000d34f4f8 RCX: 0000000000100000 [ 70.083092][ T5322] RDX: ffffc9000f2e4000 RSI: 0000000000001b7e RDI: ffffc9000d34f4f0 [ 70.085988][ T5322] RBP: 0000000000000000 R08: ffffffff82a848ff R09: 0000000000000000 [ 70.088997][ T5322] R10: ffffc9000d34f4e0 R11: fffff52001a69ea3 R12: ffffc9000d34f4e0 [ 70.091946][ T5322] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 70.094952][ T5322] FS: 00007f40934416c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 70.098228][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.100729][ T5322] CR2: 0000560bc2c29000 CR3: 0000000040f84000 CR4: 0000000000352ef0 [ 70.103597][ T5322] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.106474][ T5322] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.109340][ T5322] Call Trace: [ 70.110739][ T5322] [ 70.112028][ T5322] ? __die_body+0x5f/0xb0 [ 70.113973][ T5322] ? die_addr+0xb0/0xe0 [ 70.115639][ T5322] ? exc_general_protection+0x3dd/0x5d0 [ 70.117815][ T5322] ? asm_exc_general_protection+0x26/0x30 [ 70.119867][ T5322] ? hfs_get_block+0x3bf/0xb60 [ 70.121665][ T5322] ? hfs_find_init+0x72/0x1f0 [ 70.123450][ T5322] hfs_get_block+0x4f4/0xb60 [ 70.125240][ T5322] ? __pfx_hfs_get_block+0x10/0x10 [ 70.127257][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 70.129123][ T5322] ? create_empty_buffers+0x471/0x530 [ 70.131268][ T5322] block_read_full_folio+0x3ee/0xae0 [ 70.133437][ T5322] ? __pfx_hfs_get_block+0x10/0x10 [ 70.135503][ T5322] ? __pfx_block_read_full_folio+0x10/0x10 [ 70.137850][ T5322] filemap_read_folio+0x148/0x3b0 [ 70.139851][ T5322] ? __pfx_hfs_read_folio+0x10/0x10 [ 70.141874][ T5322] ? __pfx_filemap_read_folio+0x10/0x10 [ 70.144082][ T5322] ? __filemap_get_folio+0x9d2/0xb40 [ 70.146229][ T5322] ? hfs_btree_open+0x4cb/0xf40 [ 70.148159][ T5322] do_read_cache_folio+0x373/0x5b0 [ 70.150224][ T5322] ? __pfx_hfs_read_folio+0x10/0x10 [ 70.152133][ T5322] ? do_raw_spin_unlock+0x58/0x8b0 [ 70.154124][ T5322] read_cache_page+0x5b/0x170 [ 70.155932][ T5322] hfs_btree_open+0x506/0xf40 [ 70.157719][ T5322] hfs_mdb_get+0x1492/0x2200 [ 70.159500][ T5322] ? __pfx_hfs_mdb_get+0x10/0x10 [ 70.161442][ T5322] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 70.163673][ T5322] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 70.166005][ T5322] ? __raw_spin_lock_init+0x45/0x100 [ 70.168062][ T5322] hfs_fill_super+0x38f/0x710 [ 70.169911][ T5322] ? __pfx_hfs_fill_super+0x10/0x10 [ 70.171931][ T5322] ? do_raw_spin_lock+0x14f/0x370 [ 70.173826][ T5322] ? sb_set_blocksize+0x98/0xf0 [ 70.175722][ T5322] ? setup_bdev_super+0x4e6/0x5d0 [ 70.177690][ T5322] get_tree_bdev_flags+0x48c/0x5c0 [ 70.179673][ T5322] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 70.182042][ T5322] ? __pfx_hfs_fill_super+0x10/0x10 [ 70.183949][ T5322] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 70.186120][ T5322] ? apparmor_capable+0x13b/0x1b0 [ 70.187727][ T5322] vfs_get_tree+0x90/0x2b0 [ 70.189518][ T5322] do_new_mount+0x2be/0xb40 [ 70.191340][ T5322] ? __pfx_do_new_mount+0x10/0x10 [ 70.193316][ T5322] __se_sys_mount+0x2d6/0x3c0 [ 70.195201][ T5322] ? __pfx___se_sys_mount+0x10/0x10 [ 70.197342][ T5322] ? do_syscall_64+0x100/0x230 [ 70.198998][ T5322] ? __x64_sys_mount+0x20/0xc0 [ 70.202917][ T5322] do_syscall_64+0xf3/0x230 [ 70.204824][ T5322] ? clear_bhb_loop+0x35/0x90 [ 70.206619][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.208826][ T5322] RIP: 0033:0x7f409258e90a [ 70.210564][ T5322] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.217687][ T5322] RSP: 002b:00007f4093440e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 70.220938][ T5322] RAX: ffffffffffffffda RBX: 00007f4093440ef0 RCX: 00007f409258e90a [ 70.223955][ T5322] RDX: 0000200000000340 RSI: 0000200000000200 RDI: 00007f4093440eb0 [ 70.227005][ T5322] RBP: 0000200000000340 R08: 00007f4093440ef0 R09: 0000000003000010 [ 70.229992][ T5322] R10: 0000000003000010 R11: 0000000000000246 R12: 0000200000000200 [ 70.232955][ T5322] R13: 00007f4093440eb0 R14: 000000000000025e R15: 0000200000000280 [ 70.235861][ T5322] [ 70.237095][ T5322] Modules linked in: [ 70.239689][ T5322] ---[ end trace 0000000000000000 ]--- [ 70.252672][ T5322] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 70.254808][ T5322] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b4 02 82 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 70.263019][ T5322] RSP: 0018:ffffc9000d34f400 EFLAGS: 00010202 [ 70.265433][ T5322] RAX: 1ffff92001a69e9f RBX: ffffc9000d34f4f8 RCX: 0000000000100000 [ 70.269633][ T5322] RDX: ffffc9000f2e4000 RSI: 0000000000001b7e RDI: ffffc9000d34f4f0 [ 70.272522][ T5322] RBP: 0000000000000000 R08: ffffffff82a848ff R09: 0000000000000000 [ 70.275742][ T5322] R10: ffffc9000d34f4e0 R11: fffff52001a69ea3 R12: ffffc9000d34f4e0 [ 70.279667][ T5322] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 70.282606][ T5322] FS: 00007f40934416c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 70.286499][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.289175][ T5322] CR2: 00007f0aad795ed8 CR3: 0000000040f84000 CR4: 0000000000352ef0 [ 70.292330][ T5322] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.295438][ T5322] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.299207][ T5322] Kernel panic - not syncing: Fatal exception [ 70.301765][ T5322] Kernel Offset: disabled [ 70.303454][ T5322] Rebooting in 86400 seconds..