program: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) syz_mount_image$hfs(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x8008, &(0x7f0000000380)={[{@uid}]}, 0x1, 0x24e, &(0x7f00000003c0)="$eJzs3cFqE0Ecx/HfbGKztaWubUXwWA14krZexItQ8hCeRG0iFJcKWkE9iWf1Abx78AV8CE/qXfTkyQfIbWVmp8k27nZjSTKk/X4gy7Q7/93/dHaz8y+ECMCZtdP5+fHmb/syUkMNSbelSFIsNSVd0uX4+f7B3kHa6x53oIaLsC+jPNL802d3v1cWGmetPMJL7E9NLRd/h+nIsiz7FToJBOfu/hKR1PL3s9sfzzyz6XgdOoEJeVf5Hlk6nQOmr75eaGUaOQEA5od//kf+wbHs1+9RJLXtY7/l+52W538/dAKBFZ7/bgWRGTvvF9yuYb3nSji7PzqsEk9yrgXlV9aRFYmpqypdLtHio720d2P3SdqN9EZ3vEK3dbft5pfuoZpsN0pq02OcfOxLbgzn7Bi2K/Jfm+wZ65kv5qu5ZxJ9UHew/mtmxk6Tm6lkZKby/Derj+hGmeS9KkZ50Z3kij+DVzPKuHoJu+CPeWTxm9Tl6aJWR6Ly0W3VRK2VRm3XRK2PRg2v5urIiUiqd5n35q7Z0B99Vqew/o/sX7utce5M28f19FeGG8+Pb+U9m+2afAoZYHbe6qFuaeXZy1ePH6Rp7ykNGjRoDBqh36AwC8NJD50JArHrLpPXf4V6ZdOVSHaTlK/TP2XjHLxwxK2K2mDVbc//VwW3VF3BjVtzXb0uXRv/jInP85QwHX3Xff7/DwAAAAAAAAAAAAAAAAAAMG9m8XGC0GMEAAAAAAAAAAAAAAAAAAAAAGDe7Sz6Rsjv/5X4/l8ggL8BAAD//8jGgY4=") r1 = socket$l2tp(0x2, 0x2, 0x73) accept(r1, &(0x7f0000000100)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000180)=0x80) r2 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x4080, 0x0) ioctl$CDROMPLAYTRKIND(r2, 0x5304, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$BLKPG(r0, 0x1269, &(0x7f00000000c0)={0x3, 0x0, 0x98, &(0x7f0000000000)={0x6, 0x800000, 0x10}}) [ 75.783620][ T4660] Bluetooth: hci0: command tx timeout [ 75.823902][ T5313] loop0: detected capacity change from 0 to 64 [ 75.871658][ T5313] hfs: unable to locate alternate MDB [ 75.873970][ T5313] hfs: continuing without an alternate MDB [ 75.877256][ T5313] syz.0.0: attempt to access beyond end of device [ 75.877256][ T5313] loop0: rw=0, sector=1796, nr_sectors = 1 limit=64 [ 75.909298][ T5313] Buffer I/O error on dev loop0, logical block 1796, async page read [ 75.913937][ T5313] syz.0.0: attempt to access beyond end of device [ 75.913937][ T5313] loop0: rw=0, sector=1797, nr_sectors = 1 limit=64 [ 75.919202][ T5313] Buffer I/O error on dev loop0, logical block 1797, async page read [ 75.924427][ T5313] syz.0.0: attempt to access beyond end of device [ 75.924427][ T5313] loop0: rw=0, sector=1798, nr_sectors = 1 limit=64 [ 75.929772][ T5313] Buffer I/O error on dev loop0, logical block 1798, async page read [ 75.934373][ T5313] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KASAN NOPTI [ 75.939472][ T5313] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 75.943209][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 75.948172][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.952751][ T5313] RIP: 0010:hfs_find_init+0x6a/0x1e0 [ 75.955222][ T5313] Code: 7e 18 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 18 65 8b ff 49 c7 07 00 00 00 00 48 8d 6b 40 49 89 ef 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 0c 01 00 00 8b 45 00 8d 3c 45 04 00 00 [ 75.963537][ T5313] RSP: 0018:ffffc9000d31f5c8 EFLAGS: 00010202 [ 75.966223][ T5313] RAX: 1ffff92001a63ed7 RBX: 0000000000000000 RCX: 0000000000100000 [ 75.969819][ T5313] RDX: ffffc9000ddda000 RSI: 0000000000004ca7 RDI: ffffc9000d31f6b0 [ 75.973259][ T5313] RBP: 0000000000000040 R08: ffffc9000d31f6d7 R09: 0000000000000000 [ 75.976636][ T5313] R10: ffffc9000d31f6a0 R11: fffff52001a63edb R12: ffff888040154638 [ 75.980076][ T5313] R13: dffffc0000000000 R14: ffffc9000d31f6a0 R15: 0000000000000008 [ 75.983637][ T5313] FS: 00007f97289df6c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000 [ 75.987514][ T5313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.990349][ T5313] CR2: 000055d2af391e10 CR3: 000000003eaad000 CR4: 0000000000352ef0 [ 75.993809][ T5313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.997176][ T5313] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.000578][ T5313] Call Trace: [ 76.002068][ T5313] [ 76.003413][ T5313] hfs_get_block+0x51b/0xbd0 [ 76.005478][ T5313] ? __pfx_hfs_get_block+0x10/0x10 [ 76.007722][ T5313] ? block_read_full_folio+0x599/0x830 [ 76.010077][ T5313] ? kmem_cache_free+0x301/0x3f0 [ 76.012351][ T5313] block_read_full_folio+0x29c/0x830 [ 76.014729][ T5313] ? __pfx_hfs_get_block+0x10/0x10 [ 76.016906][ T5313] filemap_read_folio+0x114/0x380 [ 76.019141][ T5313] ? __pfx_hfs_read_folio+0x10/0x10 [ 76.021489][ T5313] ? __pfx_filemap_read_folio+0x10/0x10 [ 76.023965][ T5313] do_read_cache_folio+0x354/0x590 [ 76.026224][ T5313] ? __pfx_hfs_read_folio+0x10/0x10 [ 76.028544][ T5313] read_cache_page+0x5d/0x170 [ 76.030761][ T5313] hfs_btree_open+0x562/0x1070 [ 76.032816][ T5313] hfs_mdb_get+0x1327/0x2080 [ 76.034838][ T5313] ? __pfx_hfs_mdb_get+0x10/0x10 [ 76.036986][ T5313] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 76.039540][ T5313] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.042343][ T5313] hfs_fill_super+0x37b/0x640 [ 76.044357][ T5313] ? __pfx_hfs_fill_super+0x10/0x10 [ 76.046367][ T5313] ? sb_set_blocksize+0x104/0x180 [ 76.048393][ T5313] ? setup_bdev_super+0x4c1/0x5b0 [ 76.050415][ T5313] get_tree_bdev_flags+0x40b/0x4d0 [ 76.052456][ T5313] ? __pfx_hfs_fill_super+0x10/0x10 [ 76.054652][ T5313] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 76.056982][ T5313] vfs_get_tree+0x8f/0x2b0 [ 76.058895][ T5313] do_new_mount+0x24a/0xa40 [ 76.060704][ T5313] __se_sys_mount+0x317/0x410 [ 76.062625][ T5313] ? __pfx___se_sys_mount+0x10/0x10 [ 76.064586][ T5313] ? do_syscall_64+0xba/0x210 [ 76.066565][ T5313] ? __x64_sys_mount+0x20/0xc0 [ 76.068865][ T5313] do_syscall_64+0xf6/0x210 [ 76.070981][ T5313] ? clear_bhb_loop+0x45/0xa0 [ 76.072987][ T5313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.075392][ T5313] RIP: 0033:0x7f9727b9010a [ 76.077416][ T5313] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.085661][ T5313] RSP: 002b:00007f97289dee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 76.089370][ T5313] RAX: ffffffffffffffda RBX: 00007f97289deef0 RCX: 00007f9727b9010a [ 76.092751][ T5313] RDX: 0000200000000240 RSI: 0000200000000280 RDI: 00007f97289deeb0 [ 76.096043][ T5313] RBP: 0000200000000240 R08: 00007f97289deef0 R09: 0000000000008008 [ 76.099267][ T5313] R10: 0000000000008008 R11: 0000000000000246 R12: 0000200000000280 [ 76.102633][ T5313] R13: 00007f97289deeb0 R14: 000000000000024e R15: 0000200000000380 [ 76.106087][ T5313] [ 76.107452][ T5313] Modules linked in: [ 76.110211][ T5313] ---[ end trace 0000000000000000 ]--- [ 76.114865][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.117508][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.125032][ T5313] RIP: 0010:hfs_find_init+0x6a/0x1e0 [ 76.127196][ T5313] Code: 7e 18 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 18 65 8b ff 49 c7 07 00 00 00 00 48 8d 6b 40 49 89 ef 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 0c 01 00 00 8b 45 00 8d 3c 45 04 00 00 [ 76.135343][ T5313] RSP: 0018:ffffc9000d31f5c8 EFLAGS: 00010202 [ 76.137765][ T5313] RAX: 1ffff92001a63ed7 RBX: 0000000000000000 RCX: 0000000000100000 [ 76.142172][ T5313] RDX: ffffc9000ddda000 RSI: 0000000000004ca7 RDI: ffffc9000d31f6b0 [ 76.145497][ T5313] RBP: 0000000000000040 R08: ffffc9000d31f6d7 R09: 0000000000000000 [ 76.148722][ T5313] R10: ffffc9000d31f6a0 R11: fffff52001a63edb R12: ffff888040154638 [ 76.152792][ T5313] R13: dffffc0000000000 R14: ffffc9000d31f6a0 R15: 0000000000000008 [ 76.156329][ T5313] FS: 00007f97289df6c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000 [ 76.160087][ T5313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.163549][ T5313] CR2: 000055d2af391e10 CR3: 000000003eaad000 CR4: 0000000000352ef0 [ 76.167687][ T5313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.172000][ T5313] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.175412][ T5313] Kernel panic - not syncing: Fatal exception [ 76.178300][ T5313] Kernel Offset: disabled [ 76.180151][ T5313] Rebooting in 86400 seconds..