program: r0 = socket(0x2, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x1ea8, 0x4) (async) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x1ea8, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) (async) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000100)) (async) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000100)) ppoll(&(0x7f0000000180)=[{r2}], 0x1, 0x0, 0x0, 0x0) r3 = syz_open_dev$sndctrl(0x0, 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r2, 0x800c5011, &(0x7f0000000040)) (async) ioctl$SNDCTL_DSP_GETIPTR(r2, 0x800c5011, &(0x7f0000000040)) syz_open_procfs(r1, &(0x7f0000000780)='net/l2cap\x00') (async) syz_open_procfs(r1, &(0x7f0000000780)='net/l2cap\x00') getresuid(&(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500)) (async) getresuid(&(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500)=0x0) socket(0x10, 0x2, 0x0) (async) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresgid(r6, 0x0, r6) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000540)={0x686d, 0x7, {0xffffffffffffffff}, {0xffffffffffffffff}, 0x1, 0x2}) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r8}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r8, &(0x7f0000006840)={0x2020}, 0x2020) (async) read$FUSE(r8, &(0x7f0000006840)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, r9, 0x0, 0x440}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r10 = socket$inet_udp(0x2, 0x2, 0x0) clock_gettime(0x0, &(0x7f0000000580)) (async) clock_gettime(0x0, &(0x7f0000000580)={0x0, 0x0}) ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc0585609, &(0x7f00000005c0)={0xfff, 0x8, 0x4, 0x100000, 0xffff7fff, {r11, r12/1000+10000}, {0x2, 0x0, 0x1, 0x2, 0xbc, 0x6, "cb65bed9"}, 0x3, 0x4, {0xffffffffffffffff}, 0xfffffffa}) sendmmsg$unix(r0, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}], 0x1, 0x0, 0x0, 0x404c0c4}}, {{&(0x7f0000000300)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000440)=[{&(0x7f0000000140)="baaea79a33e28381fe7b82e6c42155add515066f21a40eb4bf4bbe48c68476ba4e6a0c9309d9363cf42c4b7d16ae85cc71", 0x31}, {&(0x7f00000001c0)="ffaf04cee273ce821d35c581eba881a029d07c51ee8f50434b", 0x19}], 0x2, &(0x7f0000000640)=[@cred={{0x1c, 0x1, 0x2, {r1, r4, r6}}}, @cred={{0x1c, 0x1, 0x2, {r7, r9}}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @rights={{0x28, 0x1, 0x1, [r10, r0, r0, r13, r0, r0]}}, @rights={{0x20, 0x1, 0x1, [r0, r0, r0, r0]}}, @rights={{0x18, 0x1, 0x1, [r0, r0]}}], 0xb8, 0x44800}}], 0x2, 0x0) r14 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r14, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)=ANY=[@ANYBLOB="2c0000001c00010025bd7000ffdbdf2502000000", @ANYRES32=0x0, @ANYBLOB="4000a80b08000100ac8b667d2ab35605e3b3f4a75426b1d6b1a6e7bd66fbcde90f3ba50e93c4f9f52d6ef412e675dd718d0b22e8e0abcaa1476fa92b6fa24dcc7ea066f4dd9617e6eb7f782c9ada2ae5867edca5f54fa4"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040000) r15 = socket$netlink(0x10, 0x3, 0x0) writev(r15, &(0x7f00000000c0)=[{&(0x7f0000000080)="1c0000001e00190f00003fffffffda060200000000e80001dd000804", 0x1c}], 0x1) syz_mount_image$hfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x4000, &(0x7f0000000380)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d31342c636f6465706167653d63703836362c00b98ca84a82894a44d230d85781d07b941c527aeeede9ffdeae490b216650602e9c2958dafbc442834d0c8d457de56e510ec8bdd0461f18ca158d9b4874283995508025489486ff72fe3e8375536e15ce54fbb90c0ffc51888e49e205952f538430ec33160206e38a404836"], 0x1, 0x273, &(0x7f00000007c0)="$eJzs3U9u00AUx/HfTNKS0qqYUITEslCJFWrLBrEACeUQrBDQBKkiKhIUCVgh1ogDsOcKHIIV4gKwYsUBsjOa8aRxEjtOWpy07vcjxThk/rzpxPU8t6kF4Nx62Pr19c4f9zBSTTVJ9yQrqSHVJV3Vtcabg8P9w26nndXAcvi35mu4h1FS04yV3TvojDdw39fzNYLIPatrLf1/KEccx/Hv2aoYpqV6/NGfwUoXwtHpX2/MPbJyfFh0AKXLnM4jprfS01utzy0cAMCpFM7/Npw41sL63VppK5z2K3X+7y06gHlbGn5qeuqf//1yPjZufi/5lwb5nk/h3Ou2nyUep2ufItqRFYmZmFUqxGJXnu93O7f3XnbbVh/1IEgV2/DbdvLW7SuIdjMZ2OqU8R9/7L4Hu+TGsJsd/9p/7rGY+W5+mMcm0he1j9Z/9di4afIzFY3MVBL/dn6LfpRRUipnli77Tq4PLheoeJSNkSVs6nrCcmhzKBONiuL0tZojtZLR7UyqlXScUWu3oK+N0VqDd3N+zbKZz+aR2dRffVMrtf637qu9pWmOTFfGlwzvjInjqfuS0RSB2ZmGgZP5pGe6q/XX796/eNrtdl6xc0Z3jE5FGOxUbGfR36AwD4NJTy704txx6y6T5H+pfGXbr3rdJpqwTo+LGk+1uJOTGzT99uJYBucy1rzcYDXjp4vjPebkXLriNjduSTeHe5yUjURqVmmFalr6qSdc/wcAAAAAAAAAAAAAAAAAADhrSv4UgU1+szxbVT5LDAAAAAAAAAAAAAAAAAAAAABA2U58/9++Wtz/W+Az3v9X3P8XWJB/AQAA///groB3") [ 68.811661][ T5299] Bluetooth: hci0: command tx timeout [ 68.993586][ T5318] raw_sendmsg: syz.0.0 forgot to set AF_INET. Fix it! [ 68.996479][ T5315] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'. [ 69.003475][ T5315] loop0: detected capacity change from 0 to 64 [ 69.016928][ T5315] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 69.021608][ T5315] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 69.024664][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc6-syzkaller #0 [ 69.027789][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.031999][ T5315] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 69.034322][ T5315] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 54 14 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 69.041488][ T5315] RSP: 0018:ffffc900019bf400 EFLAGS: 00010202 [ 69.043781][ T5315] RAX: 1ffff92000337e9f RBX: ffffc900019bf4f8 RCX: ffff888000d9a440 [ 69.046697][ T5315] RDX: 0000000000000000 RSI: ffffc900019bf4e0 RDI: ffffc900019bf4f0 [ 69.049736][ T5315] RBP: 0000000000000000 R08: ffffffff82830e5f R09: 0000000000000000 [ 69.053460][ T5315] R10: ffffc900019bf4e0 R11: fffff52000337ea3 R12: ffffc900019bf4e0 [ 69.056594][ T5315] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 69.059363][ T5315] FS: 00007f11b7cf36c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.062661][ T5315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.065032][ T5315] CR2: 00007f11aae07c00 CR3: 00000000411c8000 CR4: 0000000000352ef0 [ 69.067960][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.070906][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.073860][ T5315] Call Trace: [ 69.075121][ T5315] [ 69.076179][ T5315] ? __die_body+0x5f/0xb0 [ 69.077680][ T5315] ? die_addr+0xb0/0xe0 [ 69.079132][ T5315] ? exc_general_protection+0x3dd/0x5d0 [ 69.081198][ T5315] ? hfs_get_block+0x26f/0xb60 [ 69.083012][ T5315] ? asm_exc_general_protection+0x26/0x30 [ 69.085201][ T5315] ? hfs_get_block+0x3bf/0xb60 [ 69.087087][ T5315] ? hfs_find_init+0x72/0x1f0 [ 69.088901][ T5315] hfs_get_block+0x4f4/0xb60 [ 69.090602][ T5315] ? __pfx_hfs_get_block+0x10/0x10 [ 69.092628][ T5315] ? _raw_spin_unlock+0x28/0x50 [ 69.094566][ T5315] ? create_empty_buffers+0x471/0x530 [ 69.096628][ T5315] block_read_full_folio+0x3ee/0xae0 [ 69.098618][ T5315] ? __pfx_hfs_get_block+0x10/0x10 [ 69.100616][ T5315] ? __pfx_block_read_full_folio+0x10/0x10 [ 69.102951][ T5315] filemap_read_folio+0x148/0x3b0 [ 69.104913][ T5315] ? __pfx_hfs_read_folio+0x10/0x10 [ 69.106953][ T5315] ? __pfx_filemap_read_folio+0x10/0x10 [ 69.109127][ T5315] ? __filemap_get_folio+0x848/0x940 [ 69.111145][ T5315] ? hfs_btree_open+0x4cb/0xf40 [ 69.113015][ T5315] do_read_cache_folio+0x373/0x5b0 [ 69.114958][ T5315] ? __pfx_hfs_read_folio+0x10/0x10 [ 69.117069][ T5315] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.119067][ T5315] read_cache_page+0x5b/0x170 [ 69.120931][ T5315] hfs_btree_open+0x506/0xf40 [ 69.122811][ T5315] hfs_mdb_get+0x1443/0x21b0 [ 69.124609][ T5315] ? __pfx_hfs_mdb_get+0x10/0x10 [ 69.126443][ T5315] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 69.128642][ T5315] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 69.130737][ T5315] ? __raw_spin_lock_init+0x45/0x100 [ 69.132624][ T5315] hfs_fill_super+0x38c/0x6b0 [ 69.134326][ T5315] ? __pfx_hfs_fill_super+0x10/0x10 [ 69.136196][ T5315] ? do_raw_spin_lock+0x14f/0x370 [ 69.137981][ T5315] ? sb_set_blocksize+0x98/0xf0 [ 69.139706][ T5315] ? setup_bdev_super+0x4e6/0x5d0 [ 69.141535][ T5315] get_tree_bdev_flags+0x48c/0x5c0 [ 69.143435][ T5315] ? __pfx_hfs_fill_super+0x10/0x10 [ 69.145418][ T5315] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 69.147552][ T5315] ? apparmor_capable+0x13b/0x1b0 [ 69.149511][ T5315] vfs_get_tree+0x90/0x2b0 [ 69.151226][ T5315] do_new_mount+0x2be/0xb40 [ 69.152967][ T5315] ? __pfx_do_new_mount+0x10/0x10 [ 69.154902][ T5315] __se_sys_mount+0x2d6/0x3c0 [ 69.156742][ T5315] ? __pfx___se_sys_mount+0x10/0x10 [ 69.158741][ T5315] ? do_syscall_64+0x100/0x230 [ 69.160552][ T5315] ? __x64_sys_mount+0x20/0xc0 [ 69.162440][ T5315] do_syscall_64+0xf3/0x230 [ 69.164192][ T5315] ? clear_bhb_loop+0x35/0x90 [ 69.166013][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.168289][ T5315] RIP: 0033:0x7f11b6f874ca [ 69.169986][ T5315] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.177219][ T5315] RSP: 002b:00007f11b7cf2e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.180352][ T5315] RAX: ffffffffffffffda RBX: 00007f11b7cf2ef0 RCX: 00007f11b6f874ca [ 69.183440][ T5315] RDX: 0000000020000240 RSI: 0000000020000280 RDI: 00007f11b7cf2eb0 [ 69.186426][ T5315] RBP: 0000000020000240 R08: 00007f11b7cf2ef0 R09: 0000000000004000 [ 69.189361][ T5315] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000020000280 [ 69.192416][ T5315] R13: 00007f11b7cf2eb0 R14: 0000000000000273 R15: 0000000020000380 [ 69.195459][ T5315] [ 69.196622][ T5315] Modules linked in: [ 69.198630][ T5315] ---[ end trace 0000000000000000 ]--- [ 69.220965][ T5315] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 69.223608][ T5315] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 54 14 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 69.234684][ T5315] RSP: 0018:ffffc900019bf400 EFLAGS: 00010202 [ 69.237048][ T5315] RAX: 1ffff92000337e9f RBX: ffffc900019bf4f8 RCX: ffff888000d9a440 [ 69.240806][ T5315] RDX: 0000000000000000 RSI: ffffc900019bf4e0 RDI: ffffc900019bf4f0 [ 69.243853][ T5315] RBP: 0000000000000000 R08: ffffffff82830e5f R09: 0000000000000000 [ 69.246902][ T5315] R10: ffffc900019bf4e0 R11: fffff52000337ea3 R12: ffffc900019bf4e0 [ 69.249776][ T5315] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 69.253160][ T5315] FS: 00007f11b7cf36c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.256410][ T5315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.258889][ T5315] CR2: 00007faafcb95ed8 CR3: 00000000411c8000 CR4: 0000000000352ef0 [ 69.262638][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.265538][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.268566][ T5315] Kernel panic - not syncing: Fatal exception [ 69.271062][ T5315] Kernel Offset: disabled [ 69.272723][ T5315] Rebooting in 86400 seconds..