program: syz_mount_image$hfs(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d31342c636f6465706167653d63703836362c00b98ca84a82894a44d230d85781d07b941c527aeeede9ffdeae490b216650602e9c2958dafbc442834d0c8d457de56e510ec8bdd0461f18ca158d9b4874283995508025489486ff72fe3e8375536e15ce54fbb90c0ffc51888e49e205952f538430ec33160206e38a404836"], 0x1, 0x26b, &(0x7f00000007c0)="$eJzs3U1PE0Ecx/HfTAu20uBaMSYeURJPBvBivJiYvghPRqU1ITaYKCbqyXg2vgDvvgVfhCfjG9CTJ19Ab2vmoXQp224LbAvl+0m6bNl5+A+zy84sbFcALqxHrd/f7v11LyNVVJH0QLKSalJV0nXdqL3d29/d73baeQUsx68Vn8O9jEJOcyTtzl4nr4i6Yo4oce+qamS/h3KkaZr+mS6LoVsWjz/6c1jpUjw6/fbazCMrx8d5B1C63O48YHr1nt5pdWbhAADOpHj+t/HE0Yjjd2uljXjaX6jzf2/eAcza0uG3pqf++d8P51Pj+veK3zSY7/kpnNtu+7PE41Ttp4h2aERixs4qFWOx9Re73c7dnVfdttUnPYwyydb8sh123b6CaNdDw1YmjP/4bfc12CXXhu38+BunXGMx88P8NE9Moq9qH4z/qqlx3eR7KhnqqRD/5ugSfSuTkGpEL131ldwcXC5QcStrQ0PYzPWE5VjmoZloUhSnz9UcyhVatzUuV6g4J9d2QV1rw7kGe/PonGUzX8xjs65/+q5WZvxv3U97Q5McmS6NTxn3jLHtqfqUyQSB2amagZP5rOe6r9U37z+8fNbtdl6zck5XjM5EGKws2Mq8f0FhFgadHi704sJx4y4T5n+Z+cqmH/W6RTJmnJ4WFZ4pcWvE3KDpl5enmsGt5Px18WiNI+ZcuuYWt+5ItyevMVFzkUaopqVfesr1fwAAAAAAAAAAAAAAAAAAgPOm5LsIbPjP8nyLci8xAAAAAAAAAAAAAAAAAAAAAABlO/Hzf/sqaf+zwKd+/q+/D4Dn/wIz9z8AAP//66KC0g==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) select(0x40, &(0x7f0000001580)={0x1, 0x0, 0x101, 0x40, 0x10001, 0x80, 0x9, 0x408}, 0x0, &(0x7f0000000080)={0xd, 0x100000007, 0xf19, 0x4004f11, 0x1, 0x3, 0x8, 0x7fffffffffffffff}, 0x0) [ 59.452249][ T5321] loop0: detected capacity change from 0 to 64 [ 59.470141][ T5321] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 59.474864][ T5321] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 59.477881][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 [ 59.481715][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.485616][ T5321] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 59.487777][ T5321] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 c4 75 76 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 59.495460][ T5321] RSP: 0018:ffffc9000d24f2c0 EFLAGS: 00010202 [ 59.497938][ T5321] RAX: 1ffff92001a49e77 RBX: ffffc9000d24f3b8 RCX: 0000000000040000 [ 59.501208][ T5321] RDX: ffffc9000d7ca000 RSI: 000000000000162c RDI: ffffc9000d24f3b0 [ 59.503899][ T5321] RBP: 0000000000000000 R08: ffffffff82898b2f R09: 0000000000000000 [ 59.506516][ T5321] R10: ffffc9000d24f3a0 R11: fffff52001a49e7b R12: ffffc9000d24f3a0 [ 59.509716][ T5321] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 59.513037][ T5321] FS: 00007f7a2d9fe6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 59.516829][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.519723][ T5321] CR2: 00007f7a2df62220 CR3: 0000000040a7a000 CR4: 0000000000352ef0 [ 59.522834][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.525502][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.528323][ T5321] Call Trace: [ 59.529412][ T5321] [ 59.530469][ T5321] ? __die_body+0x5f/0xb0 [ 59.532058][ T5321] ? die_addr+0xb0/0xe0 [ 59.533565][ T5321] ? exc_general_protection+0x3dd/0x5d0 [ 59.535543][ T5321] ? asm_exc_general_protection+0x26/0x30 [ 59.537440][ T5321] ? hfs_get_block+0x3bf/0xb60 [ 59.539053][ T5321] ? hfs_find_init+0x72/0x1f0 [ 59.540710][ T5321] hfs_get_block+0x4f4/0xb60 [ 59.542389][ T5321] ? __pfx_hfs_get_block+0x10/0x10 [ 59.544138][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 59.545967][ T5321] ? create_empty_buffers+0x53e/0x740 [ 59.547902][ T5321] ? rcu_is_watching+0x15/0xb0 [ 59.549679][ T5321] block_read_full_folio+0x418/0xcd0 [ 59.551748][ T5321] ? __pfx_hfs_get_block+0x10/0x10 [ 59.553595][ T5321] ? __pfx_block_read_full_folio+0x10/0x10 [ 59.555667][ T5321] ? folio_add_lru+0x28f/0x870 [ 59.557481][ T5321] filemap_read_folio+0x14b/0x630 [ 59.559395][ T5321] ? __pfx_hfs_read_folio+0x10/0x10 [ 59.561362][ T5321] ? __pfx_filemap_read_folio+0x10/0x10 [ 59.563528][ T5321] ? __filemap_get_folio+0x949/0xbd0 [ 59.565596][ T5321] ? __pfx_lock_release+0x10/0x10 [ 59.567585][ T5321] do_read_cache_folio+0x3f5/0x850 [ 59.569494][ T5321] ? __pfx_hfs_read_folio+0x10/0x10 [ 59.571495][ T5321] do_read_cache_page+0x30/0x200 [ 59.573361][ T5321] hfs_btree_open+0x506/0xf40 [ 59.575149][ T5321] hfs_mdb_get+0x1443/0x21b0 [ 59.576901][ T5321] ? __pfx_hfs_mdb_get+0x10/0x10 [ 59.579033][ T5321] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 59.581348][ T5321] ? lockdep_hardirqs_on+0x99/0x150 [ 59.583352][ T5321] ? __raw_spin_lock_init+0x45/0x100 [ 59.585316][ T5321] hfs_fill_super+0x107e/0x1790 [ 59.587208][ T5321] ? __pfx_hfs_fill_super+0x10/0x10 [ 59.589165][ T5321] ? __pfx_vsnprintf+0x10/0x10 [ 59.590944][ T5321] ? do_raw_spin_lock+0x14f/0x370 [ 59.592911][ T5321] ? sb_set_blocksize+0x98/0xf0 [ 59.594798][ T5321] ? setup_bdev_super+0x4e6/0x5d0 [ 59.596713][ T5321] mount_bdev+0x20a/0x2d0 [ 59.598333][ T5321] ? __pfx_hfs_fill_super+0x10/0x10 [ 59.600383][ T5321] ? __pfx_mount_bdev+0x10/0x10 [ 59.602189][ T5321] ? vfs_parse_fs_string+0x190/0x230 [ 59.604243][ T5321] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 59.606170][ T5321] legacy_get_tree+0xee/0x190 [ 59.608207][ T5321] ? __pfx_hfs_mount+0x10/0x10 [ 59.609958][ T5321] vfs_get_tree+0x90/0x2b0 [ 59.611598][ T5321] do_new_mount+0x2be/0xb40 [ 59.613321][ T5321] ? __pfx_do_new_mount+0x10/0x10 [ 59.615235][ T5321] __se_sys_mount+0x2d6/0x3c0 [ 59.617125][ T5321] ? __pfx___se_sys_mount+0x10/0x10 [ 59.619099][ T5321] ? exc_page_fault+0x590/0x8c0 [ 59.620929][ T5321] ? __x64_sys_mount+0x20/0xc0 [ 59.622735][ T5321] do_syscall_64+0xf3/0x230 [ 59.624487][ T5321] ? clear_bhb_loop+0x35/0x90 [ 59.626245][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.628564][ T5321] RIP: 0033:0x7f7a2df7feba [ 59.630320][ T5321] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.637923][ T5321] RSP: 002b:00007f7a2d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 59.640995][ T5321] RAX: ffffffffffffffda RBX: 00007f7a2d9fdef0 RCX: 00007f7a2df7feba [ 59.643792][ T5321] RDX: 0000000020000240 RSI: 0000000020000000 RDI: 00007f7a2d9fdeb0 [ 59.646802][ T5321] RBP: 0000000020000240 R08: 00007f7a2d9fdef0 R09: 0000000000000000 [ 59.649762][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000 [ 59.652666][ T5321] R13: 00007f7a2d9fdeb0 R14: 000000000000026b R15: 0000000020000380 [ 59.655563][ T5321] [ 59.656704][ T5321] Modules linked in: [ 59.658506][ T5321] ---[ end trace 0000000000000000 ]--- [ 59.668003][ T4670] Bluetooth: hci0: command tx timeout [ 59.672598][ T5321] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 59.674576][ T5321] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 c4 75 76 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 59.682889][ T5321] RSP: 0018:ffffc9000d24f2c0 EFLAGS: 00010202 [ 59.685250][ T5321] RAX: 1ffff92001a49e77 RBX: ffffc9000d24f3b8 RCX: 0000000000040000 [ 59.688663][ T5321] RDX: ffffc9000d7ca000 RSI: 000000000000162c RDI: ffffc9000d24f3b0 [ 59.691570][ T5321] RBP: 0000000000000000 R08: ffffffff82898b2f R09: 0000000000000000 [ 59.694668][ T5321] R10: ffffc9000d24f3a0 R11: fffff52001a49e7b R12: ffffc9000d24f3a0 [ 59.698575][ T5321] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 59.701477][ T5321] FS: 00007f7a2d9fe6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 59.704692][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.707565][ T5321] CR2: 00007fd307795ed8 CR3: 0000000040a7a000 CR4: 0000000000352ef0 [ 59.710252][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.713150][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.716033][ T5321] Kernel panic - not syncing: Fatal exception [ 59.718492][ T5321] Kernel Offset: disabled [ 59.720080][ T5321] Rebooting in 86400 seconds..