program: madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_mount_image$hfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x2, &(0x7f0000000380)=ANY=[], 0x0, 0x248, &(0x7f0000000b40)="$eJzs3U9rE0EYx/HfTGONNtS1rQgeqwVP0taLeFEkL8KTqE2EYqigFdSTeBZfgEfBt+CL8CS+AT158gXktjKz02Yb95+1yaTt9wMJ2+48O88wu515AiUCcGrd6/74fPOXexlpTnOSbktWUltqSbqky+2XO7vbu4N+r+pCcz7CvYyySPNXm62dflFo+26ICBL3U0ud/O8wGWmapj9jJ4Ho/NNfwEpnw9Ppz7enntlkvI2dwMQVTuc+M9RQr7Q4tXQAADMprP82LBydsH+3VloLy/6JWv+HsROILLf++yorNW5+L/hTo3rPl3DuvN2rEg/T17yyO+vAjsTUVZU+F3vuyfagf2Pr2aBn9U53glyzFf/ey27dPTXZrhbUphUOP/YFP4YzbgybJfkvH22PzqdO1Vnz1XwzD0yij+rt7/9aqXHT5GcqGZupLP/18iv6USZZq5JRXvSdXAk9BDWjbJdvYefDNQ98QJDU5emjlsaistFt1EQtF0Zt1kStjEeN7ubyyP9Tvet3zAdz36zqt76om9v/Wxe6piZPpmvjW4Y7o3I8Ld8yaZC6bdAGR+W9HuuWFl+8fvP00WDQf87BTB1IM5EGB6f2IPYfKEzDaNJjZ4JI3L7LZPVfrl5Z9yWSe0sq9ulp3cVzV9woqQ2W/Pv5f6rgFsoruKY119Xr0rXmPSYhzxPCdPVdD/n8HwAAAAAAAAAAAAAAAAAA4LiZxr8TxB4jAAAAAAAAAAAAAAAAAAAAAADH3Ux8/6/4/l8ghj8BAAD//1cpgkA=") r0 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="180000b8fb7fac1fc3be34d9b822000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000700000095000000000000008d60bbda98b59b4dd01045715f36fe1b79436da6a8e646bdec2a67ae54fa8434b8ca10e57640786e845f85017a8eb610042a78b4911b33598e2029b4e118015746e968eccbc98352bc50372f300bc7eef816178555c4e4db2b8250d5fa5aae5827d7643df08cc4b989949ad1fc31d75c00d59b36e8dfb3724bfad30241dbf5c9562c4936876236cacc4dfe91ec0aa8b8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mkdir(&(0x7f0000000200)='./file0\x00', 0x8) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0b00000005000000000400000900000001000000cc60a50d24a932d08941382b14d98fe77e864da34cda15977298f24d1d244bb2d7797dfbc314752f0773d21d9ed3db7decaa48ea5ab769259d6e07b67545fca6dcc0aa219367540b3d2c899c805cceb5411f12bdf1ed88aee21c360e42abf0aafa08250709d4be1b238597a2aee43ae000df68d4337087041aef48c8003006ce16b9f5ebf423c7e58ee126a5d45645403c804ce079b7278f271aaf65139f7bfbfea448738d41affb670308bfe5100c4368d232ef7bdb3caff90e6cfb", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000001811", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) wait4(r0, &(0x7f00000002c0), 0x2, &(0x7f00000004c0)) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) r4 = syz_pidfd_open(r0, 0x0) setns(r4, 0x24020000) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) [ 74.418020][ T5315] loop0: detected capacity change from 0 to 64 [ 74.428164][ T48] Bluetooth: hci0: command tx timeout [ 74.487623][ T5315] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 74.492039][ T5315] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 74.494962][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 74.498568][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.502229][ T5315] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 74.504140][ T5315] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 04 17 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 74.510761][ T5315] RSP: 0018:ffffc9000d1b7400 EFLAGS: 00010202 [ 74.512853][ T5315] RAX: 1ffff92001a36e9f RBX: ffffc9000d1b74f8 RCX: 0000000000100000 [ 74.515625][ T5315] RDX: ffffc9000e7f2000 RSI: 00000000000025ac RDI: ffffc9000d1b74f0 [ 74.518419][ T5315] RBP: 0000000000000000 R08: ffffffff8282e2af R09: 0000000000000000 [ 74.521284][ T5315] R10: ffffc9000d1b74e0 R11: fffff52001a36ea3 R12: ffffc9000d1b74e0 [ 74.524018][ T5315] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 74.526787][ T5315] FS: 00007fe8defec6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 74.529980][ T5315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.532190][ T5315] CR2: 000055a24ea68750 CR3: 00000000423b2000 CR4: 0000000000352ef0 [ 74.534983][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.537699][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.540496][ T5315] Call Trace: [ 74.541720][ T5315] [ 74.542729][ T5315] ? __die_body+0x5f/0xb0 [ 74.544240][ T5315] ? die_addr+0xb0/0xe0 [ 74.545826][ T5315] ? exc_general_protection+0x3dd/0x5d0 [ 74.547779][ T5315] ? hfs_get_block+0x26f/0xb60 [ 74.549467][ T5315] ? asm_exc_general_protection+0x26/0x30 [ 74.551455][ T5315] ? hfs_get_block+0x3bf/0xb60 [ 74.553065][ T5315] ? hfs_find_init+0x72/0x1f0 [ 74.554674][ T5315] hfs_get_block+0x4f4/0xb60 [ 74.556440][ T5315] ? __pfx_hfs_get_block+0x10/0x10 [ 74.558265][ T5315] ? _raw_spin_unlock+0x28/0x50 [ 74.559908][ T5315] ? create_empty_buffers+0x471/0x530 [ 74.561693][ T5315] block_read_full_folio+0x3ee/0xae0 [ 74.563463][ T5315] ? __pfx_hfs_get_block+0x10/0x10 [ 74.565164][ T5315] ? __pfx_block_read_full_folio+0x10/0x10 [ 74.567095][ T5315] filemap_read_folio+0x148/0x3b0 [ 74.568827][ T5315] ? __pfx_hfs_read_folio+0x10/0x10 [ 74.570585][ T5315] ? __pfx_filemap_read_folio+0x10/0x10 [ 74.572413][ T5315] ? __filemap_get_folio+0x848/0x940 [ 74.574167][ T5315] ? hfs_btree_open+0x4cb/0xf40 [ 74.575868][ T5315] do_read_cache_folio+0x373/0x5b0 [ 74.577593][ T5315] ? __pfx_hfs_read_folio+0x10/0x10 [ 74.579474][ T5315] ? do_raw_spin_unlock+0x58/0x8b0 [ 74.581250][ T5315] read_cache_page+0x5b/0x170 [ 74.582833][ T5315] hfs_btree_open+0x506/0xf40 [ 74.584408][ T5315] hfs_mdb_get+0x1443/0x21b0 [ 74.585954][ T5315] ? __pfx_hfs_mdb_get+0x10/0x10 [ 74.587638][ T5315] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 74.589630][ T5315] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 74.591642][ T5315] ? __raw_spin_lock_init+0x45/0x100 [ 74.593425][ T5315] hfs_fill_super+0x38c/0x6b0 [ 74.595148][ T5315] ? __pfx_hfs_fill_super+0x10/0x10 [ 74.596942][ T5315] ? do_raw_spin_lock+0x14f/0x370 [ 74.598800][ T5315] ? sb_set_blocksize+0x98/0xf0 [ 74.600515][ T5315] ? setup_bdev_super+0x4e6/0x5d0 [ 74.602194][ T5315] get_tree_bdev_flags+0x48c/0x5c0 [ 74.603915][ T5315] ? __pfx_hfs_fill_super+0x10/0x10 [ 74.605735][ T5315] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.607855][ T5315] ? apparmor_capable+0x13b/0x1b0 [ 74.609763][ T5315] vfs_get_tree+0x90/0x2b0 [ 74.611349][ T5315] do_new_mount+0x2be/0xb40 [ 74.612907][ T5315] ? __pfx_do_new_mount+0x10/0x10 [ 74.614658][ T5315] __se_sys_mount+0x2d6/0x3c0 [ 74.616362][ T5315] ? __pfx___se_sys_mount+0x10/0x10 [ 74.618197][ T5315] ? exc_page_fault+0x590/0x8b0 [ 74.619894][ T5315] ? __x64_sys_mount+0x20/0xc0 [ 74.621500][ T5315] do_syscall_64+0xf3/0x230 [ 74.623094][ T5315] ? clear_bhb_loop+0x35/0x90 [ 74.624695][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.626692][ T5315] RIP: 0033:0x7fe8de1874ba [ 74.628213][ T5315] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.634680][ T5315] RSP: 002b:00007fe8defebe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.637467][ T5315] RAX: ffffffffffffffda RBX: 00007fe8defebef0 RCX: 00007fe8de1874ba [ 74.640115][ T5315] RDX: 0000000020000240 RSI: 0000000020000280 RDI: 00007fe8defebeb0 [ 74.642651][ T5315] RBP: 0000000020000240 R08: 00007fe8defebef0 R09: 0000000000000002 [ 74.645294][ T5315] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000020000280 [ 74.647954][ T5315] R13: 00007fe8defebeb0 R14: 0000000000000248 R15: 0000000020000380 [ 74.650594][ T5315] [ 74.651643][ T5315] Modules linked in: [ 74.653540][ T5315] ---[ end trace 0000000000000000 ]--- [ 74.655783][ T5315] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 74.657770][ T5315] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 04 17 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 74.664448][ T5315] RSP: 0018:ffffc9000d1b7400 EFLAGS: 00010202 [ 74.666807][ T5315] RAX: 1ffff92001a36e9f RBX: ffffc9000d1b74f8 RCX: 0000000000100000 [ 74.669607][ T5315] RDX: ffffc9000e7f2000 RSI: 00000000000025ac RDI: ffffc9000d1b74f0 [ 74.672358][ T5315] RBP: 0000000000000000 R08: ffffffff8282e2af R09: 0000000000000000 [ 74.675106][ T5315] R10: ffffc9000d1b74e0 R11: fffff52001a36ea3 R12: ffffc9000d1b74e0 [ 74.678208][ T5315] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 74.681032][ T5315] FS: 00007fe8defec6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 74.684245][ T5315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.686845][ T5315] CR2: 000055a24ea68750 CR3: 00000000423b2000 CR4: 0000000000352ef0 [ 74.689972][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.692701][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.695430][ T5315] Kernel panic - not syncing: Fatal exception [ 74.697801][ T5315] Kernel Offset: disabled [ 74.699408][ T5315] Rebooting in 86400 seconds..