program: syz_mount_image$hfs(&(0x7f0000000240), &(0x7f0000000180)='./file0\x00', 0x3, &(0x7f0000000600), 0x1, 0x23a, &(0x7f00000006c0)="$eJzs3U9u00AUx/HfTAK4tCruH4TEslCJFWrLBrFBQjkEKwQ0QaqwigRFAlaINeIA7LkCh2CFuACsWHGA7IxmPGncYMdpIRmafj9SLLeeZ79X2/W8SFEE4My61/n+6dZP9zJSSy1JdyQrKZHaki7rSvJy/2DvIOt1x+2o5SPcy6iINH+M2d3vVYUmCyEiSN1PbS2Vf4fpyPM8/xE7CUTn7/4KVroQ7k6/PZl5ZtPxNnYCkZm++nql5dh5AADiCs9/G57zS2H+bq20GR77c/X878dOILLS8993Wblx5/eS3zTs93wL57bbQZd4kmOdV3FlHZlgmqau0udiF57sZb2bu8+yrtU73Q1Kw9b9sltcugMN2W5U9KZjnLz2RV/DOVfDTk3+a//2iM3MF/PVPDCpPqp7OP9r58adJn+m0pEzVeS/Vb9HX2VajKqpcsUf5Go4QtBQZVLdkWhwRa3o6BsEaVOePmp1JKqobrshaq0yaqchan00ang110dOm/lg7psN/dJndUrzf+v+2pua5M50Y/zIcGWMraftR6YTJGaPVQb+zns91m0tv3j95umjLOs9Z4UVVlg5XIn9DwqzMDzpsTNBJG7eZYr+r9SvbPkWyS3SMfP0vGnnpT1u1/QGq3558Vgd3GJ9Bzdpz3XthnR98iOmIc85YTr6poe8/w8AAAAAAAAAAAAAAAAAAHDazOLjBLFrBAAAAAAAAAAAAAAAAAAAAADgtPsvvv9XfP8vEMPvAAAA//9CIoIh") r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./bus\x00', 0x400000, &(0x7f0000000500)=ANY=[@ANYBLOB="666c7573682c6e6f646f74732c646973636172642c646d61736b3d30303030303030303030303030303030303030303030322c646d61736b3d30303030303030303030303030303030303030303137372c646f74732c6e6f646f74732c71756965742c646f74732c0023c3cb4d2e3cbf18508098ee0de2af38db67d42d1bc4ab714d52f019082433fc9ca2d7174b2c4e5531c9f4c7a4d53914e100"/167], 0x1, 0x140, &(0x7f0000000000)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=") r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) sendfile(r1, r1, 0x0, 0x5) mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r2, 0x111, 0x1, 0x8, 0x4) [ 70.149290][ T48] Bluetooth: hci0: command tx timeout [ 70.190607][ T5316] loop0: detected capacity change from 0 to 64 [ 70.205970][ T5316] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 70.210593][ T5316] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 70.213774][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0 [ 70.217192][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.221038][ T5316] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 70.223085][ T5316] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 04 17 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 70.230108][ T5316] RSP: 0018:ffffc9000d46f400 EFLAGS: 00010202 [ 70.232417][ T5316] RAX: 1ffff92001a8de9f RBX: ffffc9000d46f4f8 RCX: 0000000000100000 [ 70.235067][ T5316] RDX: ffffc9000e69a000 RSI: 0000000000001bde RDI: ffffc9000d46f4f0 [ 70.237888][ T5316] RBP: 0000000000000000 R08: ffffffff8283001f R09: 0000000000000000 [ 70.240646][ T5316] R10: ffffc9000d46f4e0 R11: fffff52001a8dea3 R12: ffffc9000d46f4e0 [ 70.243710][ T5316] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 70.246567][ T5316] FS: 00007f23265fe6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 70.249690][ T5316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.252109][ T5316] CR2: 00007f2326b69ae0 CR3: 0000000042e32000 CR4: 0000000000352ef0 [ 70.255018][ T5316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.257828][ T5316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.260840][ T5316] Call Trace: [ 70.262276][ T5316] [ 70.263473][ T5316] ? __die_body+0x5f/0xb0 [ 70.265042][ T5316] ? die_addr+0xb0/0xe0 [ 70.266689][ T5316] ? exc_general_protection+0x3dd/0x5d0 [ 70.268762][ T5316] ? hfs_get_block+0x26f/0xb60 [ 70.270429][ T5316] ? asm_exc_general_protection+0x26/0x30 [ 70.272511][ T5316] ? hfs_get_block+0x3bf/0xb60 [ 70.274332][ T5316] ? hfs_find_init+0x72/0x1f0 [ 70.275922][ T5316] hfs_get_block+0x4f4/0xb60 [ 70.277480][ T5316] ? __pfx_hfs_get_block+0x10/0x10 [ 70.279277][ T5316] ? _raw_spin_unlock+0x28/0x50 [ 70.281038][ T5316] ? create_empty_buffers+0x471/0x530 [ 70.283043][ T5316] block_read_full_folio+0x3ee/0xae0 [ 70.284953][ T5316] ? __pfx_hfs_get_block+0x10/0x10 [ 70.286829][ T5316] ? __pfx_block_read_full_folio+0x10/0x10 [ 70.288915][ T5316] filemap_read_folio+0x148/0x3b0 [ 70.290701][ T5316] ? __pfx_hfs_read_folio+0x10/0x10 [ 70.292434][ T5316] ? __pfx_filemap_read_folio+0x10/0x10 [ 70.294341][ T5316] ? __filemap_get_folio+0x848/0x940 [ 70.296298][ T5316] ? hfs_btree_open+0x4cb/0xf40 [ 70.298117][ T5316] do_read_cache_folio+0x373/0x5b0 [ 70.300019][ T5316] ? __pfx_hfs_read_folio+0x10/0x10 [ 70.301801][ T5316] ? do_raw_spin_unlock+0x58/0x8b0 [ 70.304058][ T5316] read_cache_page+0x5b/0x170 [ 70.305922][ T5316] hfs_btree_open+0x506/0xf40 [ 70.307584][ T5316] hfs_mdb_get+0x1443/0x21b0 [ 70.309294][ T5316] ? __pfx_hfs_mdb_get+0x10/0x10 [ 70.311254][ T5316] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 70.313440][ T5316] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 70.315484][ T5316] ? __raw_spin_lock_init+0x45/0x100 [ 70.317430][ T5316] hfs_fill_super+0x38c/0x6b0 [ 70.319003][ T5316] ? __pfx_hfs_fill_super+0x10/0x10 [ 70.320766][ T5316] ? do_raw_spin_lock+0x14f/0x370 [ 70.322523][ T5316] ? sb_set_blocksize+0x98/0xf0 [ 70.324394][ T5316] ? setup_bdev_super+0x4e6/0x5d0 [ 70.326239][ T5316] get_tree_bdev_flags+0x48c/0x5c0 [ 70.328002][ T5316] ? __pfx_hfs_fill_super+0x10/0x10 [ 70.329959][ T5316] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 70.332038][ T5316] ? apparmor_capable+0x13b/0x1b0 [ 70.333889][ T5316] vfs_get_tree+0x90/0x2b0 [ 70.335431][ T5316] do_new_mount+0x2be/0xb40 [ 70.337029][ T5316] ? __pfx_do_new_mount+0x10/0x10 [ 70.338856][ T5316] __se_sys_mount+0x2d6/0x3c0 [ 70.340651][ T5316] ? __pfx___se_sys_mount+0x10/0x10 [ 70.342825][ T5316] ? exc_page_fault+0x590/0x8b0 [ 70.345086][ T5316] ? __x64_sys_mount+0x20/0xc0 [ 70.346912][ T5316] do_syscall_64+0xf3/0x230 [ 70.348673][ T5316] ? clear_bhb_loop+0x35/0x90 [ 70.350485][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.352962][ T5316] RIP: 0033:0x7f2326b874ca [ 70.354625][ T5316] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.362333][ T5316] RSP: 002b:00007f23265fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 70.365488][ T5316] RAX: ffffffffffffffda RBX: 00007f23265fdef0 RCX: 00007f2326b874ca [ 70.368248][ T5316] RDX: 0000000020000240 RSI: 0000000020000180 RDI: 00007f23265fdeb0 [ 70.371073][ T5316] RBP: 0000000020000240 R08: 00007f23265fdef0 R09: 0000000000000003 [ 70.373846][ T5316] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000020000180 [ 70.376755][ T5316] R13: 00007f23265fdeb0 R14: 000000000000023a R15: 0000000020000600 [ 70.379533][ T5316] [ 70.380617][ T5316] Modules linked in: [ 70.382354][ T5316] ---[ end trace 0000000000000000 ]--- [ 70.396103][ T5316] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 70.398418][ T5316] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 04 17 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 70.406642][ T5316] RSP: 0018:ffffc9000d46f400 EFLAGS: 00010202 [ 70.409252][ T5316] RAX: 1ffff92001a8de9f RBX: ffffc9000d46f4f8 RCX: 0000000000100000 [ 70.411970][ T5316] RDX: ffffc9000e69a000 RSI: 0000000000001bde RDI: ffffc9000d46f4f0 [ 70.414651][ T5316] RBP: 0000000000000000 R08: ffffffff8283001f R09: 0000000000000000 [ 70.417537][ T5316] R10: ffffc9000d46f4e0 R11: fffff52001a8dea3 R12: ffffc9000d46f4e0 [ 70.421697][ T5316] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 70.424682][ T5316] FS: 00007f23265fe6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 70.427920][ T5316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.430578][ T5316] CR2: 00007f0a2d995ed8 CR3: 0000000042e32000 CR4: 0000000000352ef0 [ 70.433489][ T5316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.436557][ T5316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.440396][ T5316] Kernel panic - not syncing: Fatal exception [ 70.443004][ T5316] Kernel Offset: disabled [ 70.444751][ T5316] Rebooting in 86400 seconds..