program: syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000300)='./file2\x00', 0x200000, &(0x7f0000000540)={[{@umask={'umask', 0x3d, 0x40540fcc}}, {@iocharset={'iocharset', 0x3d, 'cp855'}}, {@creator={'creator', 0x3d, "79baf084"}}, {@file_umask={'file_umask', 0x3d, 0x401}}, {@file_umask={'file_umask', 0x3d, 0x2}}]}, 0x8, 0x33a, &(0x7f0000000940)="$eJzs3ctr1EAcB/DvZB/N2lJjWyl4rBY8lbYeFBUUKV48evEgxdpuoTRWsBVsQVw9i3gTBI/ePBcF/wK9iP+AnnoonvRSPBiZR7JJO5Pu9rFp2e8Huk028/hNkklmtnQDIupaN6Z+vL+wIX9EBUAJwGXAA+ADZQCnMew/XlpZWAnrc3kFlVQO+SOgc4odaWaX6ras/ucrOocRyLUy+tLv0eGIoij6uWuq3x2JhYojdN/fwQN6TH9W2/2OR3Y4Grpd3SV1hMUWtvAE/UWGQ0RExTP3f8/cJfrM+N3zgFEzDj/u9//M+GaruDiOhOT+7+n1SMj9c1Jtas731BROHn0vniXayrKeE1Fzd1ehz6zMARC7zSpVLF5tfiGsjzVUAS9wzUglG1Kvc4gboriirepfI5a5aY68tufrVW2oyDZUHPEP5tRoH6F+2sQbe3XTX1uISXwR38S0CPAWc8n4rxwJuXPU/gmAWjqDjn/cXaJqZaBTZVrZnL+fUpWciY/Axw/NVtZc+9VHScZiI0sR2b0jW2LifF1158IAsh8r6NZNuFuncg1ac00m63+tuYa256rNV8L62OzDMPejlANjndGJV+KOGMEvrGMqNf6XexujcPfMTC8XKqU5M3LbU1YpHccxQ3XgB231TFJuWg90vpe4j0voX15dW5wJw/qj4hfirnJE4tEnojkd5TvydyoNfLlQAXBglf6Lokgu3I60ZFMZtly+CazdulwxV1RTL75Lmqwusw29ur8GorEj1OvuxM3LpnwnviLspfZnSS55t2gn+x9T+/Kq/YQUqQirh3tCxlVlNpXQ01JPqe2h0ltPF2fC9i8pdPw0DzqG725eLToc6jw57hJ6/pear4yrq458CdLzn7X1TN5ot8JTJU44ZkAD6vVEazO4pFjnOLE3Xgjrk3lzrrPngXNetkYPcY3PtxcbmDhxFP8qaZ0o1vJyiCl8xz1+/k9EREREREREREREREREREREREREdNy0+98IOf9OUHVtyta40YVfvEFEREREREREREREREREREREREREREREtD+p5/8CJfXEmGrHn/+L7LdqB6UWnv8bP5eCiPbsfwAAAP//m4dffA==") [ 68.797787][ T4669] Bluetooth: hci0: command tx timeout [ 68.841080][ T5322] loop0: detected capacity change from 0 to 64 [ 68.878375][ T5322] syz.0.0: attempt to access beyond end of device [ 68.878375][ T5322] loop0: rw=0, sector=15108, nr_sectors = 1 limit=64 [ 68.883474][ T5322] Buffer I/O error on dev loop0, logical block 15108, async page read [ 68.898556][ T5322] syz.0.0: attempt to access beyond end of device [ 68.898556][ T5322] loop0: rw=0, sector=15109, nr_sectors = 1 limit=64 [ 68.903495][ T5322] Buffer I/O error on dev loop0, logical block 15109, async page read [ 68.909231][ T5322] syz.0.0: attempt to access beyond end of device [ 68.909231][ T5322] loop0: rw=0, sector=15110, nr_sectors = 1 limit=64 [ 68.915991][ T5322] Buffer I/O error on dev loop0, logical block 15110, async page read [ 68.919369][ T5322] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KASAN NOPTI [ 68.924027][ T5322] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 68.927119][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(full) [ 68.931500][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.935578][ T5322] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 68.937684][ T5322] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 24 a4 80 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 15 01 00 00 41 8b 06 8d 3c 00 83 c7 04 [ 68.944560][ T5322] RSP: 0018:ffffc9000d4574e0 EFLAGS: 00010202 [ 68.946950][ T5322] RAX: 1ffff92001a8aebb RBX: ffffc9000d4575d8 RCX: 0000000000100000 [ 68.949759][ T5322] RDX: ffffc9000dd82000 RSI: 0000000000004815 RDI: ffffc9000d4575d0 [ 68.952625][ T5322] RBP: 0000000000000000 R08: ffffffff82ad821f R09: 0000000000000000 [ 68.955492][ T5322] R10: ffffc9000d4575c0 R11: fffff52001a8aebf R12: ffffc9000d4575c0 [ 68.958324][ T5322] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 68.961214][ T5322] FS: 00007fe3e0c046c0(0000) GS:ffff88808c59a000(0000) knlGS:0000000000000000 [ 68.964426][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.966757][ T5322] CR2: 00007f4b58b95ed8 CR3: 0000000040d02000 CR4: 0000000000352ef0 [ 68.969645][ T5322] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.972495][ T5322] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.975323][ T5322] Call Trace: [ 68.976535][ T5322] [ 68.977701][ T5322] hfs_get_block+0x522/0xb80 [ 68.979438][ T5322] ? __pfx_hfs_get_block+0x10/0x10 [ 68.981440][ T5322] ? mempool_free+0x8a/0x390 [ 68.983176][ T5322] ? block_read_full_folio+0x6b4/0x850 [ 68.985191][ T5322] block_read_full_folio+0x2d3/0x850 [ 68.987233][ T5322] ? __pfx_hfs_get_block+0x10/0x10 [ 68.989239][ T5322] filemap_read_folio+0x14a/0x3b0 [ 68.991144][ T5322] ? __pfx_hfs_read_folio+0x10/0x10 [ 68.993091][ T5322] ? __pfx_filemap_read_folio+0x10/0x10 [ 68.995152][ T5322] ? __filemap_get_folio+0x9d2/0xb40 [ 68.997069][ T5322] do_read_cache_folio+0x373/0x5b0 [ 68.998911][ T5322] ? __pfx_hfs_read_folio+0x10/0x10 [ 69.000690][ T5322] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.002597][ T5322] read_cache_page+0x5b/0x170 [ 69.004361][ T5322] hfs_btree_open+0x506/0xf40 [ 69.006091][ T5322] hfs_mdb_get+0x14a1/0x2210 [ 69.007870][ T5322] ? __pfx_hfs_mdb_get+0x10/0x10 [ 69.009603][ T5322] ? __pfx___debug_object_init+0x10/0x10 [ 69.011593][ T5322] ? vsnprintf+0x1156/0x1230 [ 69.013372][ T5322] ? __raw_spin_lock_init+0x45/0x100 [ 69.015482][ T5322] hfs_fill_super+0x391/0x710 [ 69.017334][ T5322] ? __pfx_hfs_fill_super+0x10/0x10 [ 69.019210][ T5322] ? do_raw_spin_lock+0x151/0x370 [ 69.021038][ T5322] ? sb_set_blocksize+0x109/0x180 [ 69.022916][ T5322] ? setup_bdev_super+0x4e6/0x5d0 [ 69.024615][ T5322] get_tree_bdev_flags+0x490/0x5c0 [ 69.026660][ T5322] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 69.028737][ T5322] ? __pfx_hfs_fill_super+0x10/0x10 [ 69.030638][ T5322] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 69.032824][ T5322] ? apparmor_capable+0x13b/0x1b0 [ 69.034750][ T5322] vfs_get_tree+0x90/0x2b0 [ 69.036543][ T5322] do_new_mount+0x2cf/0xb70 [ 69.038254][ T5322] ? __pfx_do_new_mount+0x10/0x10 [ 69.040216][ T5322] __se_sys_mount+0x38c/0x400 [ 69.042003][ T5322] ? __pfx___se_sys_mount+0x10/0x10 [ 69.043933][ T5322] ? __x64_sys_mount+0x20/0xc0 [ 69.045734][ T5322] do_syscall_64+0xf3/0x210 [ 69.047420][ T5322] ? clear_bhb_loop+0x45/0xa0 [ 69.049189][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.051451][ T5322] RIP: 0033:0x7fe3dfd8f90a [ 69.053104][ T5322] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.060314][ T5322] RSP: 002b:00007fe3e0c03e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.063414][ T5322] RAX: ffffffffffffffda RBX: 00007fe3e0c03ef0 RCX: 00007fe3dfd8f90a [ 69.066376][ T5322] RDX: 0000200000000080 RSI: 0000200000000300 RDI: 00007fe3e0c03eb0 [ 69.069364][ T5322] RBP: 0000200000000080 R08: 00007fe3e0c03ef0 R09: 0000000000200000 [ 69.072507][ T5322] R10: 0000000000200000 R11: 0000000000000246 R12: 0000200000000300 [ 69.075549][ T5322] R13: 00007fe3e0c03eb0 R14: 000000000000033a R15: 0000200000000540 [ 69.078776][ T5322] [ 69.080016][ T5322] Modules linked in: [ 69.081965][ T5322] ---[ end trace 0000000000000000 ]--- [ 69.090408][ T5322] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 69.092497][ T5322] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 24 a4 80 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 15 01 00 00 41 8b 06 8d 3c 00 83 c7 04 [ 69.100349][ T5322] RSP: 0018:ffffc9000d4574e0 EFLAGS: 00010202 [ 69.102929][ T5322] RAX: 1ffff92001a8aebb RBX: ffffc9000d4575d8 RCX: 0000000000100000 [ 69.106789][ T5322] RDX: ffffc9000dd82000 RSI: 0000000000004815 RDI: ffffc9000d4575d0 [ 69.109822][ T5322] RBP: 0000000000000000 R08: ffffffff82ad821f R09: 0000000000000000 [ 69.112847][ T5322] R10: ffffc9000d4575c0 R11: fffff52001a8aebf R12: ffffc9000d4575c0 [ 69.116641][ T5322] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 69.120320][ T5322] FS: 00007fe3e0c046c0(0000) GS:ffff88808c59a000(0000) knlGS:0000000000000000 [ 69.123816][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.127186][ T5322] CR2: 00007f4b58b95ed8 CR3: 0000000040d02000 CR4: 0000000000352ef0 [ 69.130227][ T5322] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.133237][ T5322] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.136659][ T5322] Kernel panic - not syncing: Fatal exception [ 69.139182][ T5322] Kernel Offset: disabled [ 69.140799][ T5322] Rebooting in 86400 seconds..