program: syz_mount_image$hfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000380)={[{@uid}]}, 0x1, 0x23d, &(0x7f0000000780)="$eJzs3cFqE0Ecx/HfTGJdbalrWxE8VguepK0X8SJIHsKTqE2E4lJBK6gn8Sw+gHdfwYfwJL6Anjz5ALmtzOw02cbdbFpNpk2/H8iy7c5/9z+d3c78AyECcGbd7/z4fPuXexmppZaku5KVlEhtSVd0NXm1t7+7n/W6407U8hHuZVREmr/a7Oz1qkKTVogIUvdTW0vl32E68jzPf8ZOAtH5p7+Clc6Hp9MfT2ae2XS8i53A1FUO54Dpq6/XWp5ZOgCAEynM/zZMHEth/W6ttBGm/bma//uxE4isNP/7Kis3bnwv+UPDes+XcO64PagSj3OtBRV31qEViWmqKn0u9sLT3ax3a+d51rV6r3tBqdma33aLW/dAQ7brFbXpGMfv+6LvwznXh+2a/Ff/7xWbma/mm3loUn1Sd7D+a+fGDZMfqXRkpIr8N+vP6HuZFq1qennZX+RauELQ0Mukfgm7EM556A2CtClPH7UyElX0bqsharUyarsham00ang310dOm/loHph1/dYXdUrrf+v+2hua5Ml0bXzLcGeM7U/bt0wnSMweqRv4Nx/0RHe0/PLN22ePs6z3gh122GFnsBP7HxRmYTjosTNBJG7dZYr6r1SvbPoSyW3SMev0vOnkpTNu1dQGK3578UgV3GJ9BTdpzXX9pnRj8iumIc85YTr6rke8/w8AAAAAAAAAAAAAAAAAAHDazOLjBLH7CAAAAAAAAAAAAAAAAAAAAADAaXcivv9XfP8vEMOfAAAA//+/lIIe") chroot(&(0x7f0000000040)='./file0\x00') [ 58.711058][ T5313] loop0: detected capacity change from 0 to 64 [ 58.755235][ T5313] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 58.759778][ T5313] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 58.762723][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0 [ 58.766358][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.769953][ T5313] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 58.771916][ T5313] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 04 17 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 58.778376][ T5313] RSP: 0018:ffffc9000d257400 EFLAGS: 00010202 [ 58.780560][ T5313] RAX: 1ffff92001a4ae9f RBX: ffffc9000d2574f8 RCX: ffff88801cefc880 [ 58.783535][ T5313] RDX: 0000000000000000 RSI: ffffc9000d2574e0 RDI: ffffc9000d2574f0 [ 58.786607][ T5313] RBP: 0000000000000000 R08: ffffffff8283001f R09: 0000000000000000 [ 58.789273][ T5313] R10: ffffc9000d2574e0 R11: fffff52001a4aea3 R12: ffffc9000d2574e0 [ 58.791981][ T5313] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 58.794481][ T5313] FS: 00007facae5b36c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 58.797587][ T5313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.800110][ T5313] CR2: 00007facad769ae0 CR3: 000000003e76e000 CR4: 0000000000352ef0 [ 58.802935][ T5313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.805854][ T5313] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.808799][ T5313] Call Trace: [ 58.810084][ T5313] [ 58.811118][ T5313] ? __die_body+0x5f/0xb0 [ 58.812754][ T5313] ? die_addr+0xb0/0xe0 [ 58.814295][ T5313] ? exc_general_protection+0x3dd/0x5d0 [ 58.816385][ T5313] ? hfs_get_block+0x26f/0xb60 [ 58.818117][ T5313] ? asm_exc_general_protection+0x26/0x30 [ 58.820161][ T5313] ? hfs_get_block+0x3bf/0xb60 [ 58.821951][ T5313] ? hfs_find_init+0x72/0x1f0 [ 58.823704][ T5313] hfs_get_block+0x4f4/0xb60 [ 58.825417][ T5313] ? __pfx_hfs_get_block+0x10/0x10 [ 58.827551][ T5313] ? _raw_spin_unlock+0x28/0x50 [ 58.829307][ T5313] ? create_empty_buffers+0x471/0x530 [ 58.831185][ T5313] block_read_full_folio+0x3ee/0xae0 [ 58.833357][ T5313] ? __pfx_hfs_get_block+0x10/0x10 [ 58.835181][ T5313] ? __pfx_block_read_full_folio+0x10/0x10 [ 58.837312][ T5313] filemap_read_folio+0x148/0x3b0 [ 58.839123][ T5313] ? __pfx_hfs_read_folio+0x10/0x10 [ 58.841073][ T5313] ? __pfx_filemap_read_folio+0x10/0x10 [ 58.843238][ T5313] ? __filemap_get_folio+0x848/0x940 [ 58.845032][ T5313] ? hfs_btree_open+0x4cb/0xf40 [ 58.846677][ T5313] do_read_cache_folio+0x373/0x5b0 [ 58.848478][ T5313] ? __pfx_hfs_read_folio+0x10/0x10 [ 58.850226][ T5313] ? do_raw_spin_unlock+0x58/0x8b0 [ 58.852319][ T5313] read_cache_page+0x5b/0x170 [ 58.854125][ T5313] hfs_btree_open+0x506/0xf40 [ 58.855855][ T5313] hfs_mdb_get+0x1443/0x21b0 [ 58.857604][ T5313] ? __pfx_hfs_mdb_get+0x10/0x10 [ 58.859601][ T5313] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 58.861702][ T5313] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 58.863972][ T5313] ? __raw_spin_lock_init+0x45/0x100 [ 58.865857][ T5313] hfs_fill_super+0x38c/0x6b0 [ 58.867429][ T5313] ? __pfx_hfs_fill_super+0x10/0x10 [ 58.869486][ T5313] ? do_raw_spin_lock+0x14f/0x370 [ 58.871412][ T5313] ? sb_set_blocksize+0x98/0xf0 [ 58.873127][ T5313] ? setup_bdev_super+0x4e6/0x5d0 [ 58.875032][ T5313] get_tree_bdev_flags+0x48c/0x5c0 [ 58.876835][ T5313] ? __pfx_hfs_fill_super+0x10/0x10 [ 58.878606][ T5313] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 58.880643][ T5313] ? apparmor_capable+0x13b/0x1b0 [ 58.882582][ T5313] vfs_get_tree+0x90/0x2b0 [ 58.884261][ T5313] do_new_mount+0x2be/0xb40 [ 58.885761][ T5313] ? __pfx_do_new_mount+0x10/0x10 [ 58.887614][ T5313] __se_sys_mount+0x2d6/0x3c0 [ 58.889324][ T5313] ? __pfx___se_sys_mount+0x10/0x10 [ 58.891222][ T5313] ? exc_page_fault+0x590/0x8b0 [ 58.893089][ T5313] ? __x64_sys_mount+0x20/0xc0 [ 58.894846][ T5313] do_syscall_64+0xf3/0x230 [ 58.896489][ T5313] ? clear_bhb_loop+0x35/0x90 [ 58.898172][ T5313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.900428][ T5313] RIP: 0033:0x7facad7874ca [ 58.901971][ T5313] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.908520][ T5313] RSP: 002b:00007facae5b2e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 58.911409][ T5313] RAX: ffffffffffffffda RBX: 00007facae5b2ef0 RCX: 00007facad7874ca [ 58.914116][ T5313] RDX: 0000000020000240 RSI: 0000000020000280 RDI: 00007facae5b2eb0 [ 58.916942][ T5313] RBP: 0000000020000240 R08: 00007facae5b2ef0 R09: 0000000000000000 [ 58.919844][ T5313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000280 [ 58.922960][ T5313] R13: 00007facae5b2eb0 R14: 000000000000023d R15: 0000000020000380 [ 58.925830][ T5313] [ 58.926935][ T5313] Modules linked in: [ 58.928895][ T5313] ---[ end trace 0000000000000000 ]--- [ 58.937163][ T4661] Bluetooth: hci0: command tx timeout [ 58.945662][ T5313] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 58.948637][ T5313] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 04 17 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 58.955310][ T5313] RSP: 0018:ffffc9000d257400 EFLAGS: 00010202 [ 58.958170][ T5313] RAX: 1ffff92001a4ae9f RBX: ffffc9000d2574f8 RCX: ffff88801cefc880 [ 58.961104][ T5313] RDX: 0000000000000000 RSI: ffffc9000d2574e0 RDI: ffffc9000d2574f0 [ 58.964026][ T5313] RBP: 0000000000000000 R08: ffffffff8283001f R09: 0000000000000000 [ 58.967494][ T5313] R10: ffffc9000d2574e0 R11: fffff52001a4aea3 R12: ffffc9000d2574e0 [ 58.970333][ T5313] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 58.972912][ T5313] FS: 00007facae5b36c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 58.976196][ T5313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.979018][ T5313] CR2: 00007f32db395ed8 CR3: 000000003e76e000 CR4: 0000000000352ef0 [ 58.981940][ T5313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.984870][ T5313] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.988691][ T5313] Kernel panic - not syncing: Fatal exception [ 58.991185][ T5313] Kernel Offset: disabled [ 58.992915][ T5313] Rebooting in 86400 seconds..