program: syz_mount_image$hfs(&(0x7f0000000100), &(0x7f0000000040)='./file1\x00', 0x2810880, &(0x7f0000000000)=ANY=[], 0x8b, 0x2ae, &(0x7f0000000440)="$eJzs3c1q1Fwcx/HfSabT6dM+NdqKIC6kWnQlbd2Im0opXoMbRe2MUBxa1ArqxuJavAD3brwAL8KVCK515coL6C5yzmQ6J81bW5nE4vcDoyHn7X8ymeT8A9MRgH/W2vr3D9d/2peRQoWSbkqBLbqolqSzOtd5vrWzudPvdcs6CqWO3MtIrqXJ1NnY6mUbBpk9kW3f0ozrBWMVx3H8o+kg0KRO8n+YVxhIk8nnOfQrn2S7obTbdBANM3va0wvNNh0HAKBZZnB/D5L7/Eyyfg8CaTG57fv3/2//Nxzvn7mivaZDaJh3/3dZVmzs+3vKFY3yPZfC2fJgmCUedRy7eGxrcGalFpgmnVVmk0UXSzD1aLPfu7ax3e8GeqPVhFdtXtKquuk8siLahZzh0to6fG8lpt0cJuwcVgrin8sb9PgjVjOfzRdzz0R6r+7++q8VGzu8iyDaf6duT4ziXyrqbvvJXddqUKtglqfdIOfTB7Z0lmFRRqLkSMWh0g8IonSc7dxWbR1oNZjdctFIST9zua1WKlrN21YfvVajs7m45biZd+aOWdAvfdK6t/4P7NFeVPaTmd+Jq5mcGcP55OaGLVcz8nftXsjtM/sgCOPzVg91Q7PPXr56/KDf7z2te8PGUPugbAw2hidBXp1bSdlfEmrJhr3Grh0oatUzejv30B1lo6MjVZbK6gwvnYfocHiRrhy09isSGjB604vrvK4zINTNXjzMIP/z8pUllyLZf6KSdXpctWzzelzOyQ0m9yv+5/VkkufzxRnQdHEGd9ic69JV6bK3syLninRGmiqd60li1vVV93n+DwAAAAAAAAAAAAAAAAAAcNLU8W0Nbzj+og8AAAAAAAAAAAAAAAAAAAAAAMdQ/Pu/HY3x939T3wPoHNjD7/8C9fgdAAD///RycHs=") rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file2\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181142, 0x2) write(r0, &(0x7f0000000540)="953820a61a166fd5dd4b4b", 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x3, 0xeffd, 0x5) stat(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)) [ 125.353009][ T4529] Bluetooth: hci0: command tx timeout [ 125.434714][ T5111] loop0: detected capacity change from 0 to 64 [ 125.464779][ T5111] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 125.468907][ T5111] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 125.471812][ T5111] CPU: 0 UID: 0 PID: 5111 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 125.475297][ T5111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 125.479349][ T5111] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 125.481420][ T5111] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 04 64 76 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 125.488532][ T5111] RSP: 0018:ffffc9000bb6f2c0 EFLAGS: 00010202 [ 125.490818][ T5111] RAX: 1ffff9200176de77 RBX: ffffc9000bb6f3b8 RCX: 0000000000040000 [ 125.493761][ T5111] RDX: ffffc9000b301000 RSI: 0000000000001572 RDI: ffffc9000bb6f3b0 [ 125.496428][ T5111] RBP: 0000000000000000 R08: ffffffff8288e96f R09: 0000000000000000 [ 125.498999][ T5111] R10: ffffc9000bb6f3a0 R11: fffff5200176de7b R12: ffffc9000bb6f3a0 [ 125.501899][ T5111] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 125.504768][ T5111] FS: 00007f6f589166c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 125.508124][ T5111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.510461][ T5111] CR2: 00007f6f57b619e0 CR3: 000000004049e000 CR4: 0000000000350ef0 [ 125.513467][ T5111] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 125.516336][ T5111] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 125.519217][ T5111] Call Trace: [ 125.520541][ T5111] [ 125.521670][ T5111] ? __die_body+0x5f/0xb0 [ 125.523311][ T5111] ? die_addr+0xb0/0xe0 [ 125.524697][ T5111] ? exc_general_protection+0x3dd/0x5d0 [ 125.526548][ T5111] ? asm_exc_general_protection+0x26/0x30 [ 125.528444][ T5111] ? hfs_get_block+0x3bf/0xb60 [ 125.530083][ T5111] ? hfs_find_init+0x72/0x1f0 [ 125.531652][ T5111] hfs_get_block+0x4f4/0xb60 [ 125.533286][ T5111] ? __pfx_hfs_get_block+0x10/0x10 [ 125.535025][ T5111] ? _raw_spin_unlock+0x28/0x50 [ 125.536717][ T5111] ? create_empty_buffers+0x53e/0x740 [ 125.538602][ T5111] ? rcu_is_watching+0x15/0xb0 [ 125.540344][ T5111] block_read_full_folio+0x418/0xcd0 [ 125.542392][ T5111] ? __pfx_hfs_get_block+0x10/0x10 [ 125.544388][ T5111] ? __pfx_block_read_full_folio+0x10/0x10 [ 125.546511][ T5111] ? folio_add_lru+0x28f/0x870 [ 125.548206][ T5111] filemap_read_folio+0x14b/0x630 [ 125.550097][ T5111] ? __pfx_hfs_read_folio+0x10/0x10 [ 125.552080][ T5111] ? __pfx_filemap_read_folio+0x10/0x10 [ 125.554176][ T5111] ? __filemap_get_folio+0x949/0xbd0 [ 125.556248][ T5111] ? __pfx_lock_release+0x10/0x10 [ 125.558161][ T5111] do_read_cache_folio+0x3f5/0x850 [ 125.560040][ T5111] ? __pfx_hfs_read_folio+0x10/0x10 [ 125.561912][ T5111] do_read_cache_page+0x30/0x200 [ 125.563735][ T5111] hfs_btree_open+0x506/0xf40 [ 125.565581][ T5111] hfs_mdb_get+0x1443/0x21b0 [ 125.567285][ T5111] ? __pfx_hfs_mdb_get+0x10/0x10 [ 125.569167][ T5111] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 125.571304][ T5111] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 125.573484][ T5111] ? __raw_spin_lock_init+0x45/0x100 [ 125.575492][ T5111] hfs_fill_super+0x107e/0x1790 [ 125.577456][ T5111] ? __pfx_hfs_fill_super+0x10/0x10 [ 125.579446][ T5111] ? __pfx_vsnprintf+0x10/0x10 [ 125.581338][ T5111] ? do_raw_spin_lock+0x14f/0x370 [ 125.583284][ T5111] ? sb_set_blocksize+0x98/0xf0 [ 125.585081][ T5111] ? setup_bdev_super+0x4e6/0x5d0 [ 125.586898][ T5111] mount_bdev+0x20a/0x2d0 [ 125.588498][ T5111] ? __pfx_hfs_fill_super+0x10/0x10 [ 125.590230][ T5111] ? __pfx_mount_bdev+0x10/0x10 [ 125.592141][ T5111] ? vfs_parse_fs_string+0x190/0x230 [ 125.594251][ T5111] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 125.596499][ T5111] legacy_get_tree+0xee/0x190 [ 125.598277][ T5111] ? __pfx_hfs_mount+0x10/0x10 [ 125.600130][ T5111] vfs_get_tree+0x90/0x2b0 [ 125.601893][ T5111] do_new_mount+0x2be/0xb40 [ 125.603673][ T5111] ? __pfx_do_new_mount+0x10/0x10 [ 125.605639][ T5111] __se_sys_mount+0x2d6/0x3c0 [ 125.607472][ T5111] ? __pfx___se_sys_mount+0x10/0x10 [ 125.609555][ T5111] ? exc_page_fault+0x590/0x8c0 [ 125.611446][ T5111] ? __x64_sys_mount+0x20/0xc0 [ 125.613309][ T5111] do_syscall_64+0xf3/0x230 [ 125.615052][ T5111] ? clear_bhb_loop+0x35/0x90 [ 125.616870][ T5111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.619112][ T5111] RIP: 0033:0x7f6f57b7f69a [ 125.620809][ T5111] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.628083][ T5111] RSP: 002b:00007f6f58915e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 125.631299][ T5111] RAX: ffffffffffffffda RBX: 00007f6f58915ef0 RCX: 00007f6f57b7f69a [ 125.634310][ T5111] RDX: 0000000020000100 RSI: 0000000020000040 RDI: 00007f6f58915eb0 [ 125.637337][ T5111] RBP: 0000000020000100 R08: 00007f6f58915ef0 R09: 0000000002810880 [ 125.640421][ T5111] R10: 0000000002810880 R11: 0000000000000246 R12: 0000000020000040 [ 125.643469][ T5111] R13: 00007f6f58915eb0 R14: 00000000000002ae R15: 0000000020000000 [ 125.646551][ T5111] [ 125.647763][ T5111] Modules linked in: [ 125.649848][ T5111] ---[ end trace 0000000000000000 ]--- [ 125.659624][ T5111] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 125.661664][ T5111] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 04 64 76 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 125.669735][ T5111] RSP: 0018:ffffc9000bb6f2c0 EFLAGS: 00010202 [ 125.672713][ T5111] RAX: 1ffff9200176de77 RBX: ffffc9000bb6f3b8 RCX: 0000000000040000 [ 125.675615][ T5111] RDX: ffffc9000b301000 RSI: 0000000000001572 RDI: ffffc9000bb6f3b0 [ 125.678619][ T5111] RBP: 0000000000000000 R08: ffffffff8288e96f R09: 0000000000000000 [ 125.681710][ T5111] R10: ffffc9000bb6f3a0 R11: fffff5200176de7b R12: ffffc9000bb6f3a0 [ 125.685243][ T5111] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 125.688212][ T5111] FS: 00007f6f589166c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 125.691582][ T5111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.695075][ T5111] CR2: 00007f6f57b619e0 CR3: 000000004049e000 CR4: 0000000000350ef0 [ 125.698090][ T5111] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 125.701093][ T5111] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 125.704445][ T5111] Kernel panic - not syncing: Fatal exception [ 125.706893][ T5111] Kernel Offset: disabled [ 125.708570][ T5111] Rebooting in 86400 seconds..