program: ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x4802, 0x9) syz_open_dev$sg(&(0x7f0000000180), 0x1, 0x60002) syz_mount_image$hfs(&(0x7f0000000a00), &(0x7f0000000680)='./file0\x00', 0x100cc9a, &(0x7f0000000f00)=ANY=[], 0x1, 0x2a0, &(0x7f0000000a40)="$eJzs3c9qE10Yx/HfmUn75n1b+o5tRRBXitvS1o0IokjvwLWiNikUQwWtoG6srrty6d5b8CJciWvBnSsvoOBi5Dxz0kz+zEyb0E5jvx9IyJ/zzDkPZyZnnilpBODcurfx49ONn/7mpFixpFtSJKkpNSRd1KXmy53d7d1Ou1W2odgi/M0pi3RDbTZ32qNCm92IIPHPGprPvzYcdJwsUaT5ve4R4CxwaZqmI16PpH/C0ek/G/6aw26v7gHUzB3owGYWAHCuuWx9j8I6Px/O36NIuh6W/f71f3oX0N9ppu5x1MrW/1da6FZeqfPz+7+91av3rITz70fdKnGcvmaV7Vlx3wCqqkobS/Tv1nanvbL5rNOK9F53glyzZbtvZbtuV36074Y3fXVEbVrieLm/ze1Yc5bDjM9hvWD8S5P3aGaO2tB9cV/dQ5foo1o2/14jdX6abKaSgZnKxr9avEXLMslaFWR5wTq5HHoISrOMNTCMvNmwzb4LBEnVOC1qcSAqy26tImppZNR6RdTyYFRvby6OPGluxo6AX/qsjcP594dPnH3UVx+Zvo21DHtGaT4Na5nYehKOur0rI1tG42aEMezriW5q4cXrN08fdzrt5zw4Rw+6O8Gp9x7bgw+Syhr7oZ1E7/srt7f8tu0VhVPcE01Zw5nGOmJ4Y5Leu+vO+IOv52MJp6s36ccMLPvbDKZJZJf/rf7L1SurdrLm75KS8/TKIjq3xbWC2mDR7v8rruD6OLv0MFdcwR215rqW9l/+rqi5kjDOqbX/QLp7+Mxt6Jse5c7/AQAAAAAAAAAAAAAAAAAAMBUm+3pDmva+3tBUUeO6cwQAAAAAAAAAAAAAAAAAAAAAYNqdid//Ve7/yd9X9qzq938BTOxPAAAA///duHny") r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000dc0), 0xffffffffffffffff) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="25e00040", @ANYRES16=r2, @ANYBLOB="11032dbd7000fedbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x8010) sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000328bd7000fbdbdf25030000000500040002000000140002006a657468315f766c616e0000000000000900010073797a3100000000140002007665746830000022fc7eb239bc0000000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x40058}, 0x804) r3 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0xd, 0x0, 0x3, 0x0, 0x1, 0x9325, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe, 0x3}, 0x2018, 0xfd1, 0x2, 0x0, 0x0, 0x81, 0x7}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x90) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xe9) r8 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xd}, {}, {0x0, 0xe}}}, 0x24}}, 0x0) getsockname$packet(r8, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x4}, {0xfffe, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=@newtfilter={0x30, 0x2c, 0xd2f, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x8}, {}, {0xc, 0xffff}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40800}, 0x4800) sendmsg$nl_route_sched(r3, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000014c0)=@deltfilter={0x30, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xffec}, {}, {0x0, 0xffff}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x11}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0) getsockopt(r3, 0xa263, 0x3, &(0x7f00000000c0)=""/13, &(0x7f0000000100)=0xd) r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) recvfrom(r11, 0x0, 0x0, 0x12141, 0x0, 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(r4, 0x5381) [ 93.082738][ T4679] Bluetooth: hci0: command tx timeout [ 93.107034][ T54] cfg80211: failed to load regulatory.db [ 93.157696][ T5337] loop0: detected capacity change from 0 to 64 [ 93.213912][ T5337] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KASAN NOPTI [ 93.219424][ T5337] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 93.223260][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 93.228667][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.233562][ T5337] RIP: 0010:hfs_find_init+0x6a/0x1e0 [ 93.236442][ T5337] Code: 7e 18 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 c8 b1 8a ff 49 c7 07 00 00 00 00 48 8d 6b 40 49 89 ef 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 0c 01 00 00 8b 45 00 8d 3c 45 04 00 00 [ 93.245606][ T5337] RSP: 0018:ffffc9000d407588 EFLAGS: 00010202 [ 93.248411][ T5337] RAX: 1ffff92001a80ecf RBX: 0000000000000000 RCX: 0000000000100000 [ 93.252006][ T5337] RDX: ffffc9000e0f2000 RSI: 00000000000021e4 RDI: ffffc9000d407670 [ 93.256129][ T5337] RBP: 0000000000000040 R08: ffffc9000d407697 R09: 0000000000000000 [ 93.260125][ T5337] R10: ffffc9000d407660 R11: fffff52001a80ed3 R12: ffff88801f37e640 [ 93.263567][ T5337] R13: dffffc0000000000 R14: ffffc9000d407660 R15: 0000000000000008 [ 93.267078][ T5337] FS: 00007f3d656486c0(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000 [ 93.272052][ T5337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.275433][ T5337] CR2: 00007fcea81909c0 CR3: 000000003ef1f000 CR4: 0000000000352ef0 [ 93.278991][ T5337] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 93.282615][ T5337] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 93.287142][ T5337] Call Trace: [ 93.292343][ T5337] [ 93.293759][ T5337] hfs_get_block+0x51b/0xbd0 [ 93.295896][ T5337] ? __pfx_hfs_get_block+0x10/0x10 [ 93.298166][ T5337] block_read_full_folio+0x29c/0x830 [ 93.300607][ T5337] ? __pfx_hfs_get_block+0x10/0x10 [ 93.303064][ T5337] filemap_read_folio+0x114/0x380 [ 93.305855][ T5337] ? __pfx_hfs_read_folio+0x10/0x10 [ 93.308425][ T5337] ? __pfx_filemap_read_folio+0x10/0x10 [ 93.310969][ T5337] ? filemap_add_folio+0x1af/0x270 [ 93.313334][ T5337] do_read_cache_folio+0x350/0x590 [ 93.315770][ T5337] ? __pfx_hfs_read_folio+0x10/0x10 [ 93.318326][ T5337] read_cache_page+0x5d/0x170 [ 93.320838][ T5337] hfs_btree_open+0x55f/0x14f0 [ 93.323319][ T5337] ? hfs_mdb_get+0x1293/0x2080 [ 93.325820][ T5337] hfs_mdb_get+0x1327/0x2080 [ 93.328439][ T5337] ? __pfx_hfs_mdb_get+0x10/0x10 [ 93.330909][ T5337] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 93.334179][ T5337] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 93.337304][ T5337] hfs_fill_super+0x37b/0x640 [ 93.339347][ T5337] ? __pfx_hfs_fill_super+0x10/0x10 [ 93.341660][ T5337] ? sb_set_blocksize+0x104/0x180 [ 93.344158][ T5337] ? setup_bdev_super+0x4c1/0x5b0 [ 93.347400][ T5337] get_tree_bdev_flags+0x40b/0x4d0 [ 93.350074][ T5337] ? __pfx_hfs_fill_super+0x10/0x10 [ 93.352447][ T5337] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 93.354976][ T5337] vfs_get_tree+0x92/0x2b0 [ 93.357028][ T5337] do_new_mount+0x24a/0xa40 [ 93.359201][ T5337] __se_sys_mount+0x317/0x410 [ 93.361620][ T5337] ? __pfx___se_sys_mount+0x10/0x10 [ 93.364454][ T5337] ? do_syscall_64+0xbe/0x3b0 [ 93.366943][ T5337] ? __x64_sys_mount+0x20/0xc0 [ 93.369104][ T5337] do_syscall_64+0xfa/0x3b0 [ 93.371190][ T5337] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.373613][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.376760][ T5337] ? clear_bhb_loop+0x60/0xb0 [ 93.379083][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.381823][ T5337] RIP: 0033:0x7f3d647900ca [ 93.383995][ T5337] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.392980][ T5337] RSP: 002b:00007f3d65647e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 93.396941][ T5337] RAX: ffffffffffffffda RBX: 00007f3d65647ef0 RCX: 00007f3d647900ca [ 93.400998][ T5337] RDX: 0000200000000a00 RSI: 0000200000000680 RDI: 00007f3d65647eb0 [ 93.404742][ T5337] RBP: 0000200000000a00 R08: 00007f3d65647ef0 R09: 000000000100cc9a [ 93.408594][ T5337] R10: 000000000100cc9a R11: 0000000000000246 R12: 0000200000000680 [ 93.412739][ T5337] R13: 00007f3d65647eb0 R14: 00000000000002a0 R15: 0000200000000f00 [ 93.416682][ T5337] [ 93.418144][ T5337] Modules linked in: [ 93.420539][ T5337] ---[ end trace 0000000000000000 ]--- [ 93.437189][ T5337] RIP: 0010:hfs_find_init+0x6a/0x1e0 [ 93.439908][ T5337] Code: 7e 18 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 c8 b1 8a ff 49 c7 07 00 00 00 00 48 8d 6b 40 49 89 ef 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 0c 01 00 00 8b 45 00 8d 3c 45 04 00 00 [ 93.452191][ T5337] RSP: 0018:ffffc9000d407588 EFLAGS: 00010202 [ 93.455047][ T5337] RAX: 1ffff92001a80ecf RBX: 0000000000000000 RCX: 0000000000100000 [ 93.458883][ T5337] RDX: ffffc9000e0f2000 RSI: 00000000000021e4 RDI: ffffc9000d407670 [ 93.464135][ T5337] RBP: 0000000000000040 R08: ffffc9000d407697 R09: 0000000000000000 [ 93.467681][ T5337] R10: ffffc9000d407660 R11: fffff52001a80ed3 R12: ffff88801f37e640 [ 93.472103][ T5337] R13: dffffc0000000000 R14: ffffc9000d407660 R15: 0000000000000008 [ 93.476217][ T5337] FS: 00007f3d656486c0(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000 [ 93.480628][ T5337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.483479][ T5337] CR2: 00007fcea81909c0 CR3: 000000003ef1f000 CR4: 0000000000352ef0 [ 93.493442][ T5337] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 93.496887][ T5337] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 93.505425][ T5337] Kernel panic - not syncing: Fatal exception [ 93.508562][ T5337] Kernel Offset: disabled [ 93.510537][ T5337] Rebooting in 86400 seconds..