program: r0 = shmget$private(0x0, 0x3000, 0x200, &(0x7f0000ff8000/0x3000)=nil) shmat(r0, &(0x7f0000ff9000/0x2000)=nil, 0x6000) shmat(r0, &(0x7f0000ffd000/0x2000)=nil, 0x6000) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000, 0x0, &(0x7f0000001000/0x1000)=nil) r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_emit_ethernet(0x2e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffff"], 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000100)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0xddf8ffdb, 0x0, 0x0, 0x140030}) fallocate(r2, 0x0, 0x0, 0x1001f0) r6 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) fallocate(r6, 0x20, 0x0, 0x10000) fallocate(r1, 0x0, 0x0, 0x1000f4) write$FUSE_IOCTL(r1, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x3, 0x0, 0x9, 0x82}}, 0x20) r7 = socket(0x40000000015, 0x5, 0x0) connect$inet(r7, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r7, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r7, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) ioctl$SIOCAX25GETUID(r7, 0x89e0, &(0x7f0000000200)={0x3, @null}) mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x2, 0x1) mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000) syz_mount_image$hfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d31342c636f6465706167653d63703836362c00b98ca84a82894a44d230d85781d07b941c527aeeede9ffdeae490b216650602e9c2958dafbc442834d0c8d457de56e510ec8bdd0461f18ca158d9b4874283995508025489486ff72fe3e8375536e15ce54fbb90c0ffc51888e49e205952f538430ec33160206e38a404836"], 0x1, 0x27e, &(0x7f0000000400)="$eJzs3U9u00wYx/HfTNK37tuomFCExLIQiRVqYYPYIKEcghUCmiBVREWCIgFigVgjDsCeK3AIVogLwIoVB8jOaMZ27SZ2/pXESfv9SDFO7PE840nw86RNIwDn1v32zy+3f7ubkWqqSborWUmBVJd0WVeCV4dHB0e9bqfoAP8l/9Z8C3cziluaoX33D7tFhwjSFonQ3aurkX8M8xFFUfRruiaGaTl7/Ks/Xcux0nry6vTbg0qim1lUtuH9YuOoQG3kVtPf6Ou1thYWDgBgKSXXf5tcOBpJImCt1Eou+6t4/S+w7pf9qsNYtLWTd01f6fXfp/ORcfN7wW/K6j2fC7rtNq0SZ+nal4h2ICMxI6tKJbHYjacHve7N/ee9jtUH3Uvkdtv2y0781E2NiXYnHtjmhPHPPnbfg11zY7hVHH/jH/c4nvlmvpuHJtRndY7zv/q7bIdwYKbi+HfLj+hHGcZ7lczSRd/J1eztAo0fZTCQwh4XJtnDJyrRcFycvu/mQKt4dHujWpnhvpI5HdPX9mCr7Nlc3nLezCfzwOzoj76qncv/rTutLU3yynT7tPwZic/4yPHU/THDCQKz040Dp/JRT3RHWy/fvH32uNfrvljulUC5R6TK41miFTPV2UjztyUJnpWlXan4/ycsRDbpaWWEc8blXSau/3L1yq7Pet0iHJGnl76/nsodca+kNmj65f9TVXCbBT9dHO6xpObSJbe4dkO6PnmPoZpnKUM1bf3QI97/BwAAAAAAAAAAAAAAAAAAWDVz/hSBjX+zvNjqf5YYAAAAAAAAAAAAAAAAAAAAAIDFOPX3/6ZqUfq3wKf//l/x/b9AFf4GAAD//7HcfhU=") bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@jmp={0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0xba}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) unlinkat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) [ 68.320864][ T4668] Bluetooth: hci0: command tx timeout [ 68.442888][ T5320] loop0: detected capacity change from 0 to 64 [ 68.458666][ T5320] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 68.463215][ T5320] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 68.466183][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 68.469879][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.473806][ T5320] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 68.475797][ T5320] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b4 47 82 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 68.482862][ T5320] RSP: 0018:ffffc9000d457420 EFLAGS: 00010202 [ 68.485120][ T5320] RAX: 1ffff92001a8aea3 RBX: ffffc9000d457518 RCX: 0000000000100000 [ 68.487950][ T5320] RDX: ffffc9000e7ba000 RSI: 0000000000001df2 RDI: ffffc9000d457510 [ 68.491011][ T5320] RBP: 0000000000000000 R08: ffffffff828951ef R09: 0000000000000000 [ 68.494685][ T5320] R10: ffffc9000d457500 R11: fffff52001a8aea7 R12: ffffc9000d457500 [ 68.497599][ T5320] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 68.500541][ T5320] FS: 00007ffa0e3fe6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 68.503780][ T5320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.506207][ T5320] CR2: 00007ffa0e963ca0 CR3: 0000000043d52000 CR4: 0000000000352ef0 [ 68.509131][ T5320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.511968][ T5320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.514826][ T5320] Call Trace: [ 68.516124][ T5320] [ 68.517097][ T5320] ? __die_body+0x5f/0xb0 [ 68.518540][ T5320] ? die_addr+0xb0/0xe0 [ 68.520057][ T5320] ? exc_general_protection+0x3dd/0x5d0 [ 68.522115][ T5320] ? hfs_get_block+0x26f/0xb60 [ 68.523886][ T5320] ? asm_exc_general_protection+0x26/0x30 [ 68.526178][ T5320] ? hfs_get_block+0x3bf/0xb60 [ 68.527868][ T5320] ? hfs_find_init+0x72/0x1f0 [ 68.529600][ T5320] hfs_get_block+0x4f4/0xb60 [ 68.531274][ T5320] ? __pfx_hfs_get_block+0x10/0x10 [ 68.533113][ T5320] ? _raw_spin_unlock+0x28/0x50 [ 68.534903][ T5320] ? create_empty_buffers+0x53e/0x740 [ 68.536746][ T5320] ? rcu_is_watching+0x15/0xb0 [ 68.538559][ T5320] block_read_full_folio+0x418/0xcd0 [ 68.540391][ T5320] ? __pfx_hfs_get_block+0x10/0x10 [ 68.542123][ T5320] ? __pfx_block_read_full_folio+0x10/0x10 [ 68.544315][ T5320] ? percpu_ref_put+0x19/0x180 [ 68.546209][ T5320] ? folio_add_lru+0x28f/0x870 [ 68.548055][ T5320] filemap_read_folio+0x14b/0x630 [ 68.549969][ T5320] ? __pfx_hfs_read_folio+0x10/0x10 [ 68.551935][ T5320] ? __pfx_filemap_read_folio+0x10/0x10 [ 68.553960][ T5320] ? __filemap_get_folio+0x949/0xbd0 [ 68.556072][ T5320] ? __pfx_lock_release+0x10/0x10 [ 68.558050][ T5320] do_read_cache_folio+0x3f5/0x850 [ 68.559945][ T5320] ? __pfx_hfs_read_folio+0x10/0x10 [ 68.561753][ T5320] do_read_cache_page+0x30/0x200 [ 68.563546][ T5320] hfs_btree_open+0x506/0xf40 [ 68.565260][ T5320] hfs_mdb_get+0x1443/0x21b0 [ 68.567151][ T5320] ? __pfx_hfs_mdb_get+0x10/0x10 [ 68.569022][ T5320] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 68.571164][ T5320] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 68.573559][ T5320] ? __raw_spin_lock_init+0x45/0x100 [ 68.575635][ T5320] hfs_fill_super+0x38c/0x6b0 [ 68.577686][ T5320] ? __pfx_hfs_fill_super+0x10/0x10 [ 68.579662][ T5320] ? do_raw_spin_lock+0x14f/0x370 [ 68.581496][ T5320] ? sb_set_blocksize+0x98/0xf0 [ 68.583533][ T5320] ? setup_bdev_super+0x4e6/0x5d0 [ 68.585399][ T5320] get_tree_bdev_flags+0x48c/0x5c0 [ 68.587220][ T5320] ? __pfx_hfs_fill_super+0x10/0x10 [ 68.589109][ T5320] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 68.591077][ T5320] ? apparmor_capable+0x13b/0x1b0 [ 68.592866][ T5320] vfs_get_tree+0x90/0x2b0 [ 68.594566][ T5320] do_new_mount+0x2be/0xb40 [ 68.596178][ T5320] ? __pfx_do_new_mount+0x10/0x10 [ 68.597954][ T5320] __se_sys_mount+0x2d6/0x3c0 [ 68.599661][ T5320] ? __pfx___se_sys_mount+0x10/0x10 [ 68.601502][ T5320] ? exc_page_fault+0x590/0x8b0 [ 68.603248][ T5320] ? __x64_sys_mount+0x20/0xc0 [ 68.605050][ T5320] do_syscall_64+0xf3/0x230 [ 68.606659][ T5320] ? clear_bhb_loop+0x35/0x90 [ 68.608402][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.610480][ T5320] RIP: 0033:0x7ffa0e98167a [ 68.611961][ T5320] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.618733][ T5320] RSP: 002b:00007ffa0e3fde88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 68.621914][ T5320] RAX: ffffffffffffffda RBX: 00007ffa0e3fdf10 RCX: 00007ffa0e98167a [ 68.624922][ T5320] RDX: 0000000020000240 RSI: 0000000020000280 RDI: 00007ffa0e3fded0 [ 68.627545][ T5320] RBP: 0000000020000240 R08: 00007ffa0e3fdf10 R09: 0000000000000000 [ 68.630217][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000280 [ 68.633198][ T5320] R13: 00007ffa0e3fded0 R14: 000000000000027e R15: 0000000020000000 [ 68.636051][ T5320] [ 68.637247][ T5320] Modules linked in: [ 68.639182][ T5320] ---[ end trace 0000000000000000 ]--- [ 68.654013][ T5320] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 68.656845][ T5320] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b4 47 82 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 68.663730][ T5320] RSP: 0018:ffffc9000d457420 EFLAGS: 00010202 [ 68.666720][ T5320] RAX: 1ffff92001a8aea3 RBX: ffffc9000d457518 RCX: 0000000000100000 [ 68.670208][ T5320] RDX: ffffc9000e7ba000 RSI: 0000000000001df2 RDI: ffffc9000d457510 [ 68.673801][ T5320] RBP: 0000000000000000 R08: ffffffff828951ef R09: 0000000000000000 [ 68.678697][ T5320] R10: ffffc9000d457500 R11: fffff52001a8aea7 R12: ffffc9000d457500 [ 68.681624][ T5320] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 68.684747][ T5320] FS: 00007ffa0e3fe6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 68.690153][ T5320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.693357][ T5320] CR2: 00007fbfddd95ed8 CR3: 0000000043d52000 CR4: 0000000000352ef0 [ 68.697125][ T5320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.700159][ T5320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.703103][ T5320] Kernel panic - not syncing: Fatal exception [ 68.705777][ T5320] Kernel Offset: disabled [ 68.707427][ T5320] Rebooting in 86400 seconds..