program: r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000240)='./bus\x00', 0x2810880, &(0x7f0000000300)=ANY=[], 0x8b, 0x29c, &(0x7f0000000440)="$eJzs3c1q1FAYxvHnZKZjamtNbUUQF1ItuJK2bsRNQYrX4ErUzgjFoYJWUDcWd6J4Ae7deAFehCsRXOvKlRfQXeScSTon03xMW2fi0P8PZozJ+XhPkknOGygRgBPr9sbPTzd+24+RGmpIuiUFdtNlNSWd14Xw+fbO1k630y5rqCGFch8juZrmQJnN7U5e1cGCka3f1KxrBSMVx3H8q+4gUKcw+beRtzGQTiW/54ZfeNLt1h1Azcye9vRCc3XHAQCol+nd34PkPj+bTMuDQFpObvv+/f/HmZrjPa69ugOomXf/d1lWbOzxPes29fM9l5nZ7UGaJR62Hzt5bKl3ZmUmmKYqq3SxBNOPtrqd65tPuu1Ab7Se8IotSlpXO8lZExXRLuXkplktDd9aiRk3hik7hrWC+BfyOj16j9XMV/PN3DORPqq9P/9rxsZ27yKI9o/Unal+/CvFLc7004KVglHOu04uZnds6SgbRRmJ0j01r+wDgigbZyu3VksDtXqjWy0enWtnIbfWWkWtRVvrs1erfzYX1xw188HcNUv6oy/a8Ob/gd3byxrml2nLuJLJmZGOJzc3bLqSkb9q91Jum8HRxoMjea+Huqm5Zy9fPX7Q7XaesnCCFtKT4H+J598tNMfTV+vYuy7UoQpLZWXSS+cQDaYX6cpO67ksYbz6B724zOtxBoRxsxcP08v/vHxlxaVI9isqmafHUnBwou3xWlwtyA3Oue/T3gTQJM/nizOgmeIMbtic68o16aq3siLnimyc0+n/3r4rG/QEMBv6rvs8/wcAAAAAAAAAAAAAAAAAAJg04/jbjLrHCAAAAAAAAAAAAAAAAAAAAADApCt+/2+oEb7/N/MynXBgzeD7f0/6uzqBUfkbAAD//zqFdG4=") r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) rt_sigreturn() renameat2(r2, &(0x7f00000001c0)='./file0\x00', r2, 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') open(0x0, 0x109042, 0x0) syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x34, 0x10, 0x403, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x74}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x0) [ 89.273424][ T5101] Bluetooth: hci0: command tx timeout [ 89.970364][ T5117] loop0: detected capacity change from 0 to 64 [ 89.991158][ T5117] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 89.995922][ T5117] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 89.999087][ T5117] CPU: 0 UID: 0 PID: 5117 Comm: syz.0.0 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0 [ 90.003245][ T5117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.007542][ T5117] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 90.009840][ T5117] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 34 8e 77 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 90.017530][ T5117] RSP: 0000:ffffc90002e4f2c0 EFLAGS: 00010202 [ 90.019976][ T5117] RAX: 1ffff920005c9e77 RBX: ffffc90002e4f3b8 RCX: 0000000000040000 [ 90.023185][ T5117] RDX: ffffc9000b8b1000 RSI: 0000000000013dc8 RDI: ffffc90002e4f3b0 [ 90.026281][ T5117] RBP: 0000000000000000 R08: ffffffff82847fff R09: 0000000000000000 [ 90.029363][ T5117] R10: ffffc90002e4f3a0 R11: fffff520005c9e7b R12: ffffc90002e4f3a0 [ 90.032648][ T5117] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 90.035829][ T5117] FS: 00007fd0447d06c0(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000 [ 90.039326][ T5117] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.041922][ T5117] CR2: 00007f2fbb468706 CR3: 000000001fb7e000 CR4: 0000000000350ef0 [ 90.045073][ T5117] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 90.048243][ T5117] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 90.051390][ T5117] Call Trace: [ 90.052723][ T5117] [ 90.053890][ T5117] ? __die_body+0x88/0xe0 [ 90.055611][ T5117] ? die_addr+0x108/0x140 [ 90.057293][ T5117] ? exc_general_protection+0x3dd/0x5d0 [ 90.059502][ T5117] ? asm_exc_general_protection+0x26/0x30 [ 90.061635][ T5117] ? hfs_get_block+0x3bf/0xb60 [ 90.063504][ T5117] ? hfs_find_init+0x72/0x1f0 [ 90.065337][ T5117] hfs_get_block+0x4f4/0xb60 [ 90.067204][ T5117] ? __pfx_hfs_get_block+0x10/0x10 [ 90.069247][ T5117] ? _raw_spin_unlock+0x28/0x50 [ 90.071171][ T5117] ? create_empty_buffers+0x53e/0x740 [ 90.073239][ T5117] block_read_full_folio+0x418/0xcd0 [ 90.075311][ T5117] ? __pfx_hfs_get_block+0x10/0x10 [ 90.077254][ T5117] ? __pfx_block_read_full_folio+0x10/0x10 [ 90.079552][ T5117] ? __pfx_lru_add_fn+0x10/0x10 [ 90.081384][ T5117] ? folio_add_lru+0x357/0xd70 [ 90.083230][ T5117] ? folio_add_lru+0x58f/0xd70 [ 90.084981][ T5117] filemap_read_folio+0x1a0/0x790 [ 90.086957][ T5117] ? __pfx_hfs_read_folio+0x10/0x10 [ 90.088986][ T5117] ? __pfx_filemap_read_folio+0x10/0x10 [ 90.091135][ T5117] ? __filemap_get_folio+0x984/0xc10 [ 90.093200][ T5117] ? __pfx_lock_release+0x10/0x10 [ 90.095164][ T5117] do_read_cache_folio+0x134/0x820 [ 90.097056][ T5117] ? __pfx_hfs_read_folio+0x10/0x10 [ 90.098949][ T5117] do_read_cache_page+0x30/0x200 [ 90.100848][ T5117] hfs_btree_open+0x50b/0xf20 [ 90.102704][ T5117] hfs_mdb_get+0x1443/0x21b0 [ 90.104494][ T5117] ? __pfx_hfs_mdb_get+0x10/0x10 [ 90.106390][ T5117] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 90.108650][ T5117] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 90.110911][ T5117] ? __raw_spin_lock_init+0x45/0x100 [ 90.113021][ T5117] hfs_fill_super+0x107e/0x1790 [ 90.114913][ T5117] ? __pfx_hfs_fill_super+0x10/0x10 [ 90.116873][ T5117] ? __pfx_vsnprintf+0x10/0x10 [ 90.118779][ T5117] ? do_raw_spin_lock+0x14f/0x370 [ 90.120734][ T5117] ? sb_set_blocksize+0x98/0xf0 [ 90.122656][ T5117] ? setup_bdev_super+0x4e6/0x5d0 [ 90.124537][ T5117] mount_bdev+0x20a/0x2d0 [ 90.126212][ T5117] ? __pfx_hfs_fill_super+0x10/0x10 [ 90.128197][ T5117] ? __pfx_mount_bdev+0x10/0x10 [ 90.130111][ T5117] ? vfs_parse_fs_string+0x190/0x230 [ 90.132223][ T5117] legacy_get_tree+0xee/0x190 [ 90.134041][ T5117] ? __pfx_hfs_mount+0x10/0x10 [ 90.135887][ T5117] vfs_get_tree+0x90/0x2b0 [ 90.137645][ T5117] do_new_mount+0x2be/0xb40 [ 90.139394][ T5117] ? __pfx_do_new_mount+0x10/0x10 [ 90.141332][ T5117] __se_sys_mount+0x2d6/0x3c0 [ 90.143160][ T5117] ? __pfx___se_sys_mount+0x10/0x10 [ 90.145190][ T5117] ? exc_page_fault+0x590/0x8c0 [ 90.147111][ T5117] ? __x64_sys_mount+0x20/0xc0 [ 90.148954][ T5117] do_syscall_64+0xf3/0x230 [ 90.150771][ T5117] ? clear_bhb_loop+0x35/0x90 [ 90.152654][ T5117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.154936][ T5117] RIP: 0033:0x7fd04397e69a [ 90.156711][ T5117] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.164226][ T5117] RSP: 002b:00007fd0447cfe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 90.167501][ T5117] RAX: ffffffffffffffda RBX: 00007fd0447cfef0 RCX: 00007fd04397e69a [ 90.170587][ T5117] RDX: 0000000020000140 RSI: 0000000020000240 RDI: 00007fd0447cfeb0 [ 90.173677][ T5117] RBP: 0000000020000140 R08: 00007fd0447cfef0 R09: 0000000002810880 [ 90.176753][ T5117] R10: 0000000002810880 R11: 0000000000000246 R12: 0000000020000240 [ 90.179827][ T5117] R13: 00007fd0447cfeb0 R14: 000000000000029c R15: 0000000020000300 [ 90.182964][ T5117] [ 90.184207][ T5117] Modules linked in: [ 90.413074][ T5117] ---[ end trace 0000000000000000 ]--- [ 90.415033][ T5117] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 90.416849][ T5117] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 34 8e 77 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 90.433035][ T5117] RSP: 0000:ffffc90002e4f2c0 EFLAGS: 00010202 [ 90.435559][ T5117] RAX: 1ffff920005c9e77 RBX: ffffc90002e4f3b8 RCX: 0000000000040000 [ 90.438616][ T5117] RDX: ffffc9000b8b1000 RSI: 0000000000013dc8 RDI: ffffc90002e4f3b0 [ 90.441717][ T5117] RBP: 0000000000000000 R08: ffffffff82847fff R09: 0000000000000000 [ 90.455819][ T5117] R10: ffffc90002e4f3a0 R11: fffff520005c9e7b R12: ffffc90002e4f3a0 [ 90.458874][ T5117] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 90.461931][ T5117] FS: 00007fd0447d06c0(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000 [ 90.476411][ T5117] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.479003][ T5117] CR2: 00007f2fbb3dfed8 CR3: 000000001fb7e000 CR4: 0000000000350ef0 [ 90.482022][ T5117] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 90.496680][ T5117] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 90.499812][ T5117] Kernel panic - not syncing: Fatal exception [ 90.502443][ T5117] Kernel Offset: disabled [ 90.504114][ T5117] Rebooting in 86400 seconds..