program: r0 = syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000000c0)='./bus\x00', 0xc0d4, &(0x7f0000002700)=ANY=[], 0x1, 0x283, &(0x7f0000000480)="$eJzs3U9rE08cx/HPbNL+9mdLXduKIB6kWvAkbb2oF0H6DLx4ErWJWAwVtIJ6sXoWH4B3n4IPwpN4Frx50ntvkZmdmE2yfxJNnKR9vyAh2Z3v7HeyE2e/CTYCcGzd3P724cp3ezNSTTVJ16VIUizVJZ3WmfjZ3v7ufqvZKOuo5iLszSiNNANtdvaaeaHxnI/wEvusrsXsNkxG/DV0BpgG7t2f+pndHkn/+Xen2x8HyW78DkInEJg51KGeayl0HgCAsPz6H/l1ftFfv0eRtO6X/d71f8YX0MPQCQSWWf9dldU29vyedLu69Z4r4ez+qFMllnZ6LX/zvNKZVetJoKqqdLlE/z/YbTUv7zxuNSK90Q0v02zV3TfSqduRzfb1YNdrObVpiaHGnmvBjWHOjmGrIP+V8R6xmvlkPps7JtF7NX5f/9Xbxp4md6aSvjOV5r9R3KMbZZK2KhjlKXeQs/4IXukoa+pLI2ve99nzAUFSlaeLWu6LSke3WRG1khu1VRG12h/Vnc3FkZNm3pnbZk0/9FHbmev/yL7a6xrmnWnbuJZ+ZpSOp+5aJm49MefdpoNzuS2jPx4SRvdW93VVS09fvHx0r9VqPhnhQWdOjxY18w+iwSG/8q/ElGQ49AMdrzP4UKGObl/kIEOu//XM/Of/IiGA7kkfMZDvZo4Ku66ZtP7L1CsbrkSyd0nJdXq7qvNMj5sFtcGyuz9RXMH1MO6jhwWZoq8ihq25LlySLg5zxFTi8zwizLa+6C6f/wMAAAAAAAAAAAAAAAAAAMya8f2Xg1hFu0KPEQAAAAAAAAAAAAAAAAAAAACAWTcVv/+rzN+Tv6X0Gb//C0zcrwAAAP//8YVv2w==") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$UHID_GET_REPORT_REPLY(r1, &(0x7f0000000000), 0xa) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="9589a52d8940200000003d000900000000000000"], 0x20}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000380)={'#! ', '', [{0x20, 'hfs\x00'}], 0xa, "ecb6297c61c7902921b5a6954b647321d047136c9efcd5d1aa45c87dfa916b73a86a0b6234161dfb6e381ef608e95bedf32a3d917110b48a9d169dcdb61f95c6ae70bf48a7fe9e0fed9778a65cbc4d65a9ce957b219e7eb77721d01de5500ce013d18b45ed2f722f70cc885bb1bcdd43a21e231191a3ab503f14ff5e48c37bd2a8402088e1a93a22260dfd11a1f48cd889b14e890f659024ca6714e37d78b2faa548185d5105bc68887752cf281753f8d696524c40780faa85fc5cf667a9eb9f769f"}, 0xcb) setresuid(0x0, 0xee00, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) futex(&(0x7f0000000540)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f0000000540)=0xfffffffe, 0xd, 0x0, 0x0, 0x0, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000800)={0x9, {{0x2, 0x0, @multicast2}}}, 0x90) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_REMOTE_MNG(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r5, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x200000d4}, 0x800) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r7 = socket$igmp6(0xa, 0x3, 0x2) sendmmsg$inet6(r7, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x401d) ftruncate(r6, 0x5) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000080)={0x0, r2, 0x6811, 0x1, 0xe44, 0x1}) [ 72.711718][ T5300] Bluetooth: hci0: command tx timeout [ 72.806067][ T5315] loop0: detected capacity change from 0 to 64 [ 72.825561][ T5315] ======================================================= [ 72.825561][ T5315] WARNING: The mand mount option has been deprecated and [ 72.825561][ T5315] and is ignored by this kernel. Remove the mand [ 72.825561][ T5315] option from the mount to silence this warning. [ 72.825561][ T5315] ======================================================= [ 72.864278][ T5315] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 72.868798][ T5315] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 72.871582][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc4-syzkaller-00078-g059dd502b263 #0 [ 72.875030][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.879264][ T5315] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 72.881203][ T5315] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 34 16 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 72.887771][ T5315] RSP: 0018:ffffc9000d3df400 EFLAGS: 00010202 [ 72.890033][ T5315] RAX: 1ffff92001a7be9f RBX: ffffc9000d3df4f8 RCX: 0000000000100000 [ 72.892843][ T5315] RDX: ffffc9000ec3a000 RSI: 00000000000025fb RDI: ffffc9000d3df4f0 [ 72.895774][ T5315] RBP: 0000000000000000 R08: ffffffff8283004f R09: 0000000000000000 [ 72.898693][ T5315] R10: ffffc9000d3df4e0 R11: fffff52001a7bea3 R12: ffffc9000d3df4e0 [ 72.901434][ T5315] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 72.904272][ T5315] FS: 00007f87c3e386c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 72.907741][ T5315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.910167][ T5315] CR2: 0000563129f14880 CR3: 0000000040bb2000 CR4: 0000000000352ef0 [ 72.913226][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.916099][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.918982][ T5315] Call Trace: [ 72.920189][ T5315] [ 72.921303][ T5315] ? __die_body+0x5f/0xb0 [ 72.922890][ T5315] ? die_addr+0xb0/0xe0 [ 72.924351][ T5315] ? exc_general_protection+0x3dd/0x5d0 [ 72.926451][ T5315] ? hfs_get_block+0x26f/0xb60 [ 72.928226][ T5315] ? asm_exc_general_protection+0x26/0x30 [ 72.930388][ T5315] ? hfs_get_block+0x3bf/0xb60 [ 72.932160][ T5315] ? hfs_find_init+0x72/0x1f0 [ 72.933996][ T5315] hfs_get_block+0x4f4/0xb60 [ 72.935729][ T5315] ? __pfx_hfs_get_block+0x10/0x10 [ 72.937459][ T5315] ? _raw_spin_unlock+0x28/0x50 [ 72.939224][ T5315] ? create_empty_buffers+0x471/0x530 [ 72.941244][ T5315] block_read_full_folio+0x3ee/0xae0 [ 72.943715][ T5315] ? __pfx_hfs_get_block+0x10/0x10 [ 72.945580][ T5315] ? __pfx_block_read_full_folio+0x10/0x10 [ 72.947734][ T5315] filemap_read_folio+0x148/0x3b0 [ 72.949549][ T5315] ? __pfx_hfs_read_folio+0x10/0x10 [ 72.951391][ T5315] ? __pfx_filemap_read_folio+0x10/0x10 [ 72.953356][ T5315] ? __filemap_get_folio+0x848/0x940 [ 72.955259][ T5315] ? hfs_btree_open+0x4cb/0xf40 [ 72.957055][ T5315] do_read_cache_folio+0x373/0x5b0 [ 72.958963][ T5315] ? __pfx_hfs_read_folio+0x10/0x10 [ 72.960843][ T5315] ? do_raw_spin_unlock+0x58/0x8b0 [ 72.962752][ T5315] read_cache_page+0x5b/0x170 [ 72.964381][ T5315] hfs_btree_open+0x506/0xf40 [ 72.966122][ T5315] hfs_mdb_get+0x1443/0x21b0 [ 72.967797][ T5315] ? __pfx_hfs_mdb_get+0x10/0x10 [ 72.969644][ T5315] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 72.971763][ T5315] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 72.973975][ T5315] ? __raw_spin_lock_init+0x45/0x100 [ 72.975894][ T5315] hfs_fill_super+0x38c/0x6b0 [ 72.977746][ T5315] ? __pfx_hfs_fill_super+0x10/0x10 [ 72.979673][ T5315] ? do_raw_spin_lock+0x14f/0x370 [ 72.981551][ T5315] ? sb_set_blocksize+0x98/0xf0 [ 72.983390][ T5315] ? setup_bdev_super+0x4e6/0x5d0 [ 72.985254][ T5315] get_tree_bdev_flags+0x48c/0x5c0 [ 72.987129][ T5315] ? __pfx_hfs_fill_super+0x10/0x10 [ 72.989090][ T5315] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 72.991082][ T5315] ? apparmor_capable+0x13b/0x1b0 [ 72.992960][ T5315] vfs_get_tree+0x90/0x2b0 [ 72.994629][ T5315] do_new_mount+0x2be/0xb40 [ 72.996311][ T5315] ? __pfx_do_new_mount+0x10/0x10 [ 72.998167][ T5315] __se_sys_mount+0x2d6/0x3c0 [ 72.999752][ T5315] ? __pfx___se_sys_mount+0x10/0x10 [ 73.001445][ T5315] ? exc_page_fault+0x590/0x8b0 [ 73.003039][ T5315] ? __x64_sys_mount+0x20/0xc0 [ 73.004593][ T5315] do_syscall_64+0xf3/0x230 [ 73.006141][ T5315] ? clear_bhb_loop+0x35/0x90 [ 73.007650][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.009588][ T5315] RIP: 0033:0x7f87c2f874ca [ 73.011201][ T5315] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.017871][ T5315] RSP: 002b:00007f87c3e37e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 73.020894][ T5315] RAX: ffffffffffffffda RBX: 00007f87c3e37ef0 RCX: 00007f87c2f874ca [ 73.023816][ T5315] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 00007f87c3e37eb0 [ 73.026716][ T5315] RBP: 0000000020000140 R08: 00007f87c3e37ef0 R09: 000000000000c0d4 [ 73.029648][ T5315] R10: 000000000000c0d4 R11: 0000000000000246 R12: 00000000200000c0 [ 73.032539][ T5315] R13: 00007f87c3e37eb0 R14: 0000000000000283 R15: 0000000020002700 [ 73.035524][ T5315] [ 73.036685][ T5315] Modules linked in: [ 73.039674][ T5315] ---[ end trace 0000000000000000 ]--- [ 73.048116][ T5315] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 73.050076][ T5315] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 34 16 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 73.058327][ T5315] RSP: 0018:ffffc9000d3df400 EFLAGS: 00010202 [ 73.060753][ T5315] RAX: 1ffff92001a7be9f RBX: ffffc9000d3df4f8 RCX: 0000000000100000 [ 73.064913][ T5315] RDX: ffffc9000ec3a000 RSI: 00000000000025fb RDI: ffffc9000d3df4f0 [ 73.067898][ T5315] RBP: 0000000000000000 R08: ffffffff8283004f R09: 0000000000000000 [ 73.070976][ T5315] R10: ffffc9000d3df4e0 R11: fffff52001a7bea3 R12: ffffc9000d3df4e0 [ 73.074476][ T5315] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 73.077739][ T5315] FS: 00007f87c3e386c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 73.081849][ T5315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.084353][ T5315] CR2: 0000563129f14880 CR3: 0000000040bb2000 CR4: 0000000000352ef0 [ 73.087336][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.090365][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.093646][ T5315] Kernel panic - not syncing: Fatal exception [ 73.096283][ T5315] Kernel Offset: disabled [ 73.098084][ T5315] Rebooting in 86400 seconds..