program: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r1 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x0) (async) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r4, &(0x7f0000004780)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000540)=[{&(0x7f0000000040)="18", 0x1}], 0x1}}], 0x1, 0x0) (async) shutdown(r4, 0x1) getsockopt$inet_sctp6_SCTP_STATUS(r4, 0x84, 0xe, &(0x7f00000001c0)={0x0, 0x9, 0x9, 0x9, 0x8, 0x1, 0x3, 0x5, {0x0, @in6={{0xa, 0x4e21, 0x1, @dev={0xfe, 0x80, '\x00', 0x32}, 0x3}}, 0x9, 0xc, 0x400, 0x3, 0x8000}}, &(0x7f00000000c0)=0xb0) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, 0x0, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x0) (async, rerun: 64) syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x3, &(0x7f00000002c0), 0x1, 0x257, &(0x7f0000000580)="$eJzs3c9qE1EUx/HfnUw12lKnf0RwWS24Udq6EV0IkodwJWoToRgqaAV1Ja7FB3DvK/gQrsQXcOdKcJvdyD1z86f5M5NWk0nS7wcSxsw9c8/1zmTuGSgRgDPrQe3nl9u//MtJFVUk3ZUiSVUplnRZV6qvD48OjpqNet6BKhbhX05ZpBtos3/YGBZajUNEkPh/xVrp/QyTkf65V3YKmAF29Q/hvwmWsqvT9lenntlkvC87gZK5llp6o9Wy8wAAlCvc/6Nwn18J6/cokrbDbX+h7v+tshMoWc/936qs1Pn5vWS7uvWelXB+f9SuEk/T1zllZ9axBaYrqiotl+jCs4Nm49b+i2Y90gfdD6xBai02bbuenbptBdluDalNc5x+7Ms2hiU/hr2B/DMb/7fHYu6b++4euUSfVe+s/+LU+WmymUr6ZirLf2f0EW2USdZqxCjXrJOroYegYJTV4RWJ2mfUmo4/IEiK8rSo9b6obHS7BVEbQ6P2CqI2+6O6Z/PoyElzn9xDt6Xf+qpaz/o/8v/b2+pcmXHu8x5nLcOZkTue2FomYyQWnWgY+Dcf9VR3tPrq7bvnT5rNxks2FmEjPZ/N7qzkw8ZcbaRpmrY/KfsLCtPQnf3cZjcXpe7DAL/ucln911Ov7FiJ5N+SnHV6OuKYnbV/zxF3I+tqoDZYt/eLJ6rglkdXcOPWXNduSNfH7zEJeS4IV9MPPeb5PwAAAAAAAAAAAAAAAAAAwLyZxt8VlD1GAAAAAAAAAAAAAAAAAAAAAADm3Uz8/q/4/V+gDH8DAAD//6Uff2M=") (rerun: 64) [ 87.168247][ T5304] Bluetooth: hci0: command tx timeout [ 87.440257][ T5327] loop0: detected capacity change from 0 to 64 [ 87.471417][ T5327] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KASAN NOPTI [ 87.476957][ T5327] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 87.482438][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(full) [ 87.487386][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.492076][ T5327] RIP: 0010:hfs_find_init+0x6a/0x1e0 [ 87.495412][ T5327] Code: 7e 18 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 38 b6 8a ff 49 c7 07 00 00 00 00 48 8d 6b 40 49 89 ef 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 0c 01 00 00 8b 45 00 8d 3c 45 04 00 00 [ 87.504908][ T5327] RSP: 0018:ffffc9000d237588 EFLAGS: 00010202 [ 87.507721][ T5327] RAX: 1ffff92001a46ecf RBX: 0000000000000000 RCX: ffff888031772440 [ 87.511333][ T5327] RDX: 0000000000000000 RSI: ffffc9000d237660 RDI: ffffc9000d237670 [ 87.514792][ T5327] RBP: 0000000000000040 R08: ffffc9000d237697 R09: 0000000000000000 [ 87.518820][ T5327] R10: ffffc9000d237660 R11: fffff52001a46ed3 R12: ffff888011768640 [ 87.522904][ T5327] R13: dffffc0000000000 R14: ffffc9000d237660 R15: 0000000000000008 [ 87.526362][ T5327] FS: 00007f90cb36c6c0(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000 [ 87.530138][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.533019][ T5327] CR2: 00007f506bbd9432 CR3: 00000000426e6000 CR4: 0000000000352ef0 [ 87.536855][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 87.541652][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 87.545280][ T5327] Call Trace: [ 87.546840][ T5327] [ 87.548244][ T5327] hfs_get_block+0x51b/0xbd0 [ 87.550468][ T5327] ? __pfx_hfs_get_block+0x10/0x10 [ 87.552840][ T5327] block_read_full_folio+0x29c/0x830 [ 87.555596][ T5327] ? __pfx_hfs_get_block+0x10/0x10 [ 87.558860][ T5327] filemap_read_folio+0x117/0x380 [ 87.561639][ T5327] ? __pfx_hfs_read_folio+0x10/0x10 [ 87.563984][ T5327] ? __pfx_filemap_read_folio+0x10/0x10 [ 87.566571][ T5327] ? filemap_add_folio+0x1af/0x270 [ 87.568931][ T5327] do_read_cache_folio+0x350/0x590 [ 87.571264][ T5327] ? __pfx_hfs_read_folio+0x10/0x10 [ 87.573783][ T5327] read_cache_page+0x5d/0x170 [ 87.576278][ T5327] hfs_btree_open+0x55f/0x14f0 [ 87.578770][ T5327] ? hfs_mdb_get+0x1293/0x2080 [ 87.581193][ T5327] hfs_mdb_get+0x1327/0x2080 [ 87.583261][ T5327] ? __pfx_hfs_mdb_get+0x10/0x10 [ 87.585517][ T5327] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 87.588486][ T5327] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 87.592073][ T5327] hfs_fill_super+0x37b/0x640 [ 87.594996][ T5327] ? __pfx_hfs_fill_super+0x10/0x10 [ 87.597538][ T5327] ? sb_set_blocksize+0x104/0x180 [ 87.599806][ T5327] ? setup_bdev_super+0x4c1/0x5b0 [ 87.602244][ T5327] get_tree_bdev_flags+0x40e/0x4d0 [ 87.604626][ T5327] ? __pfx_hfs_fill_super+0x10/0x10 [ 87.607107][ T5327] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 87.609818][ T5327] vfs_get_tree+0x8f/0x2b0 [ 87.612092][ T5327] do_new_mount+0x24a/0xa40 [ 87.614576][ T5327] __se_sys_mount+0x317/0x410 [ 87.616907][ T5327] ? __pfx___se_sys_mount+0x10/0x10 [ 87.619248][ T5327] ? do_syscall_64+0xbe/0x3b0 [ 87.621384][ T5327] ? __x64_sys_mount+0x20/0xc0 [ 87.623546][ T5327] do_syscall_64+0xfa/0x3b0 [ 87.625666][ T5327] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.628639][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.631725][ T5327] ? clear_bhb_loop+0x60/0xb0 [ 87.633814][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.636452][ T5327] RIP: 0033:0x7f90ca5900ca [ 87.638533][ T5327] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.647625][ T5327] RSP: 002b:00007f90cb36be68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 87.651063][ T5327] RAX: ffffffffffffffda RBX: 00007f90cb36bef0 RCX: 00007f90ca5900ca [ 87.654500][ T5327] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 00007f90cb36beb0 [ 87.658339][ T5327] RBP: 0000200000000000 R08: 00007f90cb36bef0 R09: 0000000000000003 [ 87.662518][ T5327] R10: 0000000000000003 R11: 0000000000000246 R12: 0000200000000040 [ 87.666206][ T5327] R13: 00007f90cb36beb0 R14: 0000000000000257 R15: 00002000000002c0 [ 87.669744][ T5327] [ 87.671156][ T5327] Modules linked in: [ 87.673780][ T5327] ---[ end trace 0000000000000000 ]--- [ 87.690658][ T5327] RIP: 0010:hfs_find_init+0x6a/0x1e0 [ 87.693260][ T5327] Code: 7e 18 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 38 b6 8a ff 49 c7 07 00 00 00 00 48 8d 6b 40 49 89 ef 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 0c 01 00 00 8b 45 00 8d 3c 45 04 00 00 [ 87.703599][ T5327] RSP: 0018:ffffc9000d237588 EFLAGS: 00010202 [ 87.707424][ T5327] RAX: 1ffff92001a46ecf RBX: 0000000000000000 RCX: ffff888031772440 [ 87.711560][ T5327] RDX: 0000000000000000 RSI: ffffc9000d237660 RDI: ffffc9000d237670 [ 87.716104][ T5327] RBP: 0000000000000040 R08: ffffc9000d237697 R09: 0000000000000000 [ 87.719681][ T5327] R10: ffffc9000d237660 R11: fffff52001a46ed3 R12: ffff888011768640 [ 87.723675][ T5327] R13: dffffc0000000000 R14: ffffc9000d237660 R15: 0000000000000008 [ 87.728469][ T5327] FS: 00007f90cb36c6c0(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000 [ 87.732447][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.736334][ T5327] CR2: 000055bb9e5cc618 CR3: 00000000426e6000 CR4: 0000000000352ef0 [ 87.740430][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 87.743955][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 87.748015][ T5327] Kernel panic - not syncing: Fatal exception [ 87.751542][ T5327] Kernel Offset: disabled [ 87.753881][ T5327] Rebooting in 86400 seconds..