program: r0 = getgid() syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x8, &(0x7f0000000240)={[{@type={'type', 0x3d, "d0a8c62b"}}, {@part={'part', 0x3d, 0xfff}}, {@gid={'gid', 0x3d, r0}}, {@file_umask={'file_umask', 0x3d, 0x3}}, {@type={'type', 0x3d, "6db5133f"}}, {@codepage={'codepage', 0x3d, 'cp437'}}, {@uid}, {@creator={'creator', 0x3d, "29cd8f01"}}]}, 0x1, 0x31e, &(0x7f00000006c0)="$eJzs3U1r1EAYB/D/zGZf+kKNbUXwotQW9CK+gojQUvYmvXsSdXcLxVCxraBe2oo3xQ/gzYNfwYMfwYOKN0968uQH6G1kJpNs3sxmtdm09f+DLtnJzOQZ8/ZMYA2I6L+13P7+7spP/SeAGmoAbgASQAtwAJzAydbj9a21La/XzeuoZlroPwG/pUjV6az30g2XTDvTwnL1NweT0TIqh1Jq6UfVQVDlzNmfQQJNex6a9a0Rx1WWHeB01TGMQOwaHN3BYg97eIKp0YdEREQHib3/S3ubmDRFAlICC/a2f6Tu/3tVB7C/rnqpIpXbwNz/v41PBTMvJfT+PWZWhfM9aarq9TKYJRYJpp743oB/ZMUSTDFoVmlikWOraw4udHbRlXiORStSbdZ8dv1DNzAg2rkwL+qMFRjPn3urY2XcH43JKJOCkFbXvF5TL2TEPzPcFkMfCgSe8lKH+lF8EXeEizfohvmfo4TeTWZPuYk9Jes6/ouJrhr9xQnTSteCTTkXoWSs9nGzkVOxZoNG2cqekUT7DB4Q7IQRpOJMhjyN+GMFf3SXBrSayWrlht/6K0S01WysVS2yOvdRSjmCIYrX4raYwy+8RzuS/0sd3wIiZ2bepV6YmvbI6Dz0umbE6Sc+gGNquqk7R/90ORNGYDX/Zng03NOyV7iP65jafPrsQc3zeht64Z7n9ZrBgi15NLkhbEn9BWAWdhN1yl+oIacOdvolSttWqljPwRlcUvDn97VDff0IS/Tpk1VZn2VhiRzcc3CvHt2uLH1h2w6pxE20Px+8f7Hg8jlUK6USB//KzU921b5dl+gA2xTB3rcFRRJiOkr0hUP48z+TydusziRz+sPNydPzJ5k6KXH6OXY4g4ungtPmc3yoGdxEZq5pV4VbvNzImXOdPQfMRwoF7Ba3M7t1bZxHhGjjK+7y+T8RERERERERERERERERERERERER0WFT5KcCEsC//D6h6jESERERERERERERERERERERERERERERER12y+3G8O//zfo/4s37f92s9/++vTZ/y1/KfP8v+P5foor8DgAA//+demk0") (async) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r1) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r2, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x5}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4000814) [ 68.909427][ T5314] Bluetooth: hci0: command tx timeout [ 68.971350][ T5329] loop0: detected capacity change from 0 to 64 [ 69.007207][ T5329] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 69.014423][ T5329] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 69.017794][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0 [ 69.021578][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.025488][ T5329] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 69.027631][ T5329] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 14 7e 76 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 69.034558][ T5329] RSP: 0018:ffffc9000d5972c0 EFLAGS: 00010202 [ 69.036816][ T5329] RAX: 1ffff92001ab2e77 RBX: ffffc9000d5973b8 RCX: ffff888000488000 [ 69.039733][ T5329] RDX: 0000000000000000 RSI: ffffc9000d5973a0 RDI: ffffc9000d5973b0 [ 69.042676][ T5329] RBP: 0000000000000000 R08: ffffffff82895ccf R09: 0000000000000000 [ 69.045742][ T5329] R10: ffffc9000d5973a0 R11: fffff52001ab2e7b R12: ffffc9000d5973a0 [ 69.048798][ T5329] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 69.051579][ T5329] FS: 00007f6ba39966c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.054791][ T5329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.057053][ T5329] CR2: 00007f38e8d95ed8 CR3: 0000000041f4e000 CR4: 0000000000352ef0 [ 69.059888][ T5329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.062880][ T5329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.065980][ T5329] Call Trace: [ 69.067280][ T5329] [ 69.068438][ T5329] ? __die_body+0x5f/0xb0 [ 69.070064][ T5329] ? die_addr+0xb0/0xe0 [ 69.071730][ T5329] ? exc_general_protection+0x3dd/0x5d0 [ 69.073873][ T5329] ? asm_exc_general_protection+0x26/0x30 [ 69.076086][ T5329] ? hfs_get_block+0x3bf/0xb60 [ 69.077908][ T5329] ? hfs_find_init+0x72/0x1f0 [ 69.079655][ T5329] hfs_get_block+0x4f4/0xb60 [ 69.081362][ T5329] ? __pfx_hfs_get_block+0x10/0x10 [ 69.083280][ T5329] ? _raw_spin_unlock+0x28/0x50 [ 69.085102][ T5329] ? create_empty_buffers+0x53e/0x740 [ 69.087239][ T5329] ? rcu_is_watching+0x15/0xb0 [ 69.089033][ T5329] block_read_full_folio+0x418/0xcd0 [ 69.091043][ T5329] ? __pfx_hfs_get_block+0x10/0x10 [ 69.092909][ T5329] ? __pfx_block_read_full_folio+0x10/0x10 [ 69.095125][ T5329] ? folio_add_lru+0x28f/0x870 [ 69.096955][ T5329] filemap_read_folio+0x14b/0x630 [ 69.098868][ T5329] ? __pfx_hfs_read_folio+0x10/0x10 [ 69.100812][ T5329] ? __pfx_filemap_read_folio+0x10/0x10 [ 69.102965][ T5329] ? __filemap_get_folio+0x949/0xbd0 [ 69.104951][ T5329] ? __pfx_lock_release+0x10/0x10 [ 69.106893][ T5329] do_read_cache_folio+0x3f5/0x850 [ 69.108904][ T5329] ? __pfx_hfs_read_folio+0x10/0x10 [ 69.110974][ T5329] do_read_cache_page+0x30/0x200 [ 69.112915][ T5329] hfs_btree_open+0x506/0xf40 [ 69.114789][ T5329] hfs_mdb_get+0x1443/0x21b0 [ 69.116591][ T5329] ? __pfx_hfs_mdb_get+0x10/0x10 [ 69.118445][ T5329] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 69.120705][ T5329] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.122623][ T5329] ? __raw_spin_lock_init+0x45/0x100 [ 69.124632][ T5329] hfs_fill_super+0x107e/0x1790 [ 69.126591][ T5329] ? __pfx_hfs_fill_super+0x10/0x10 [ 69.128667][ T5329] ? __pfx_vsnprintf+0x10/0x10 [ 69.130552][ T5329] ? do_raw_spin_lock+0x14f/0x370 [ 69.132450][ T5329] ? sb_set_blocksize+0x98/0xf0 [ 69.134274][ T5329] ? setup_bdev_super+0x4e6/0x5d0 [ 69.136179][ T5329] mount_bdev+0x20a/0x2d0 [ 69.137787][ T5329] ? __pfx_hfs_fill_super+0x10/0x10 [ 69.139716][ T5329] ? __pfx_mount_bdev+0x10/0x10 [ 69.141489][ T5329] ? vfs_parse_fs_string+0x190/0x230 [ 69.143408][ T5329] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 69.145425][ T5329] legacy_get_tree+0xee/0x190 [ 69.147217][ T5329] ? __pfx_hfs_mount+0x10/0x10 [ 69.148963][ T5329] vfs_get_tree+0x90/0x2b0 [ 69.150664][ T5329] do_new_mount+0x2be/0xb40 [ 69.152356][ T5329] ? __pfx_do_new_mount+0x10/0x10 [ 69.154249][ T5329] __se_sys_mount+0x2d6/0x3c0 [ 69.155945][ T5329] ? __pfx___se_sys_mount+0x10/0x10 [ 69.157931][ T5329] ? do_syscall_64+0x100/0x230 [ 69.159730][ T5329] ? __x64_sys_mount+0x20/0xc0 [ 69.161561][ T5329] do_syscall_64+0xf3/0x230 [ 69.163248][ T5329] ? clear_bhb_loop+0x35/0x90 [ 69.164985][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.167183][ T5329] RIP: 0033:0x7f6ba2b7feba [ 69.168815][ T5329] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.175745][ T5329] RSP: 002b:00007f6ba3995e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.178783][ T5329] RAX: ffffffffffffffda RBX: 00007f6ba3995ef0 RCX: 00007f6ba2b7feba [ 69.181669][ T5329] RDX: 0000000020000040 RSI: 0000000020000100 RDI: 00007f6ba3995eb0 [ 69.184587][ T5329] RBP: 0000000020000040 R08: 00007f6ba3995ef0 R09: 0000000000000008 [ 69.187504][ T5329] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000020000100 [ 69.190374][ T5329] R13: 00007f6ba3995eb0 R14: 000000000000031e R15: 0000000020000240 [ 69.193277][ T5329] [ 69.194445][ T5329] Modules linked in: [ 69.196406][ T5329] ---[ end trace 0000000000000000 ]--- [ 69.204846][ T5329] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 69.206965][ T5329] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 14 7e 76 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 69.214576][ T5329] RSP: 0018:ffffc9000d5972c0 EFLAGS: 00010202 [ 69.216942][ T5329] RAX: 1ffff92001ab2e77 RBX: ffffc9000d5973b8 RCX: ffff888000488000 [ 69.220604][ T5329] RDX: 0000000000000000 RSI: ffffc9000d5973a0 RDI: ffffc9000d5973b0 [ 69.223706][ T5329] RBP: 0000000000000000 R08: ffffffff82895ccf R09: 0000000000000000 [ 69.226700][ T5329] R10: ffffc9000d5973a0 R11: fffff52001ab2e7b R12: ffffc9000d5973a0 [ 69.230158][ T5329] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 69.232997][ T5329] FS: 00007f6ba39966c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.236126][ T5329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.238464][ T5329] CR2: 00007f38e8d95ed8 CR3: 0000000041f4e000 CR4: 0000000000352ef0 [ 69.241955][ T5329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.245137][ T5329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.248266][ T5329] Kernel panic - not syncing: Fatal exception [ 69.250567][ T5329] Kernel Offset: disabled [ 69.252242][ T5329] Rebooting in 86400 seconds..