program: r0 = syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000240)='./bus\x00', 0x2818888, &(0x7f0000000300)=ANY=[], 0x8b, 0x29b, &(0x7f0000000680)="$eJzs3c1q1Fwcx/HfyaTzpLRPTV9EEBdSLbiStm7ETUGK1+BK1M4IxaGCVlA3FneieAHu3XgBXoQrEVzrypUX0F3knEk6Z2wymbbOHId+PzCaSc7L/ySZ5PwDJQJwat3c/P7h2k/7MVJDDUk3pMhuuqhY0lmdS57u7G7vdtqtQQ01pETuYyRX0xwqs7XTLquaxHmNXGq/xZr112E0sizLfoQOAiEl+f+Nso2R9F/+62z4hSfdXugAAikOstnXvp5pLnA4AIDATPfWEOW3iNl8/h5F0kp+2/fv/9/+DxzvSe2HDiAw7/7vsqzM2ON7xm3q5XsuhbPboyJLPGo/dvLYVPfM6ptgmrqs0sUSTT/Y7rSvbj3qtCK90kbOK7YkaUOtPGfN1US7XJKb9mtq+NYGmHFjmLJjWK+If7Gs0+P3WM98Nl/MHZPqvVoH8784M7Z7F0F6cKRuTfXiX61ucaaXFqxWjHLedXK+f8cOHGWjKiNRsafm1f+AIO2Ps1laq6k/anVHt1Y9OtfOYmmt9ZpaS7bWR69W72yurjlq5p25bZb1S5+06c3/I7u3VzTML9OWcSXzM6MYT2luGLuSqb9q70Jpm9HxxoNjeav7uq65J89fPLzX6bQfs3CKFoqT4F+J5+8txOPpq3niXZfoSIWlQWWKS+cQDRYX6dpOw1yWMF69g15d5uU4A8K42YuH6eZ/Xr6y6lIk+086YJ6eSdHhibbHa3GtIjdYiL1AlPfqns9XZ0Az1RncsDnXpSvSZW9lTc6VakGaLr69fjNo0BPAbOqr7vL8HwAAAAAAAAAAAAAAAAAAYNKM428zQo8RAAAAAAAAAAAAAAAAAAAAAIBJV/3+30QjfP9v38t0EvH+XyCE3wEAAP//7mdz+g==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3e0, &(0x7f0000000000)="$eJzs3MtuG1UYAOB/JjeSXhwkFqhiEQlEg4CkDgQoQqKw5bIBHsBK0lLhNlVjJFqyKCxZsUDsWOQFWPAAVYWQkHgFXgBVqlCaBWyQ0dgztnNx6jR23KbfJx35nJlx/vN7RqNzJjMTwBNrJiIuRMRIRCxERClfnuYlbjVLtt39zfWlrc31pSTq9U/+TiLJlxV/K8k/T+SN2TQi/a9er9/aHXftxs0vKtXqyvW8PV+7cm1+7cbNVy9fqVxaubRytfzm+XJ5ceGt8ut9y/XHF146P/L+hTM//Vm6szg+Ppn192S+rjOPfpmJmdZvstNiv4MN2fiwOwAAQE/SfOw/2hj/l2KkUWsqxfz6UDsHAAAA9EX93fwTAAAAOMYSc38AAAA45or7AO5vri8VZYi3Ixy5e+9FxHT72eatVv6j8VS+zdgAn2+diYhrLyalrMSAnkMGAOh0Jxv/nNtr/JfGsx3bTUQ0xkOTfY4/s6O9e/yT3u1zyG2y8d87+fOvma2O/HPTI3nrVGOoOJZcvFxdORcRpyNiNsYmsnZ5nxgf/PPzx93WZfn/lpw6XZQsfvbZ3iK9Ozqx/TvLlVrlYfPd6d43EWdGm3lvH/8mrfFvEhFTh4gx8vXG293WPTj/wapvRJyNvfMvJPu/n2i+cTzMF0fFbv9++8tH3eIPO/9s/0/tn/900vm+prWDx7j9+R/PdVvXOf85yPE/nnzaqBfzsq8qtdr1csR48uHu5Qvt7xbtYvss/9nn98q/ff5L8ndanczPAQf13fe/vtJubXTNPytZ/GIueBSy/Jd73f+T2f5vHQg9V964/ftn3eI/OP9s/zffATabL+nl/NdrBw/z2wEAAMDjIm1c10jSuVY9Tefmmtc7nomptLq6Vnv54uqXV5eb1z+mYywtrnSVOq6Hlpv/Rm+1F3a0X4uIpyPih9Jkoz23tFpdHnbyAAAA8IQ40WX+n/nryO5CAAAAAAZuetgdAAAAAAbO/B8AAACOtYd4nZ+KisrhKmcfjW7sVxn2mQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODx9n8AAAD//6bCtDw=") r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x25, 0x0, &(0x7f0000001b00)) renameat2(r1, &(0x7f00000001c0)='./file0\x00', r0, &(0x7f0000000200)='./bus\x00', 0x0) writev(0xffffffffffffffff, &(0x7f0000001340)=[{&(0x7f0000000040)="ccd7a824903e0f439263c785e0bd25ac65e287057edb256f0d8bf04b994fbbbda023cd95d89db7471265814aab694153a729ab7947f62ac4528473485a036e7c4344a0b96f7cd898a509d6a1e00f70bcebd34f17dc985dc0e25a861d321c41b0810a8f8594996464857966aff9b136ce2ab0d13651b58f52c87cc14599a918b46381cbc1d307df16f111755820764782561515dac9874ab50b96d99a29f225075cba9b1c1e0db5422a17e78cdfb5f38f3b093b8e1b9cf87edee485df8fea590f3c4a5086ad272f0a57cd328c670ed694", 0xd0}], 0x1) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000007f80)='./bus\x00', 0x145142, 0x0) open(&(0x7f0000000000)='./file1\x00', 0x109042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r3, &(0x7f0000004200)="a6", 0x1) [ 89.317923][ T5100] Bluetooth: hci0: command tx timeout [ 90.454848][ T5116] loop0: detected capacity change from 0 to 64 [ 90.492489][ T5116] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 90.497486][ T5116] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 90.500711][ T5116] CPU: 0 UID: 0 PID: 5116 Comm: syz.0.0 Not tainted 6.11.0-rc7-syzkaller-00151-gd42f7708e27c #0 [ 90.504638][ T5116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.508745][ T5116] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 90.511034][ T5116] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 34 8e 77 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 90.518632][ T5116] RSP: 0018:ffffc90002d9f2c0 EFLAGS: 00010202 [ 90.521121][ T5116] RAX: 1ffff920005b3e77 RBX: ffffc90002d9f3b8 RCX: 0000000000040000 [ 90.524302][ T5116] RDX: ffffc90003122000 RSI: 0000000000014a3d RDI: ffffc90002d9f3b0 [ 90.527474][ T5116] RBP: 0000000000000000 R08: ffffffff828480ff R09: 0000000000000000 [ 90.530645][ T5116] R10: ffffc90002d9f3a0 R11: fffff520005b3e7b R12: ffffc90002d9f3a0 [ 90.533750][ T5116] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 90.536910][ T5116] FS: 00007fa47d4f16c0(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000 [ 90.540481][ T5116] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.543138][ T5116] CR2: 00007f0128df532c CR3: 0000000035a00000 CR4: 0000000000350ef0 [ 90.546344][ T5116] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 90.549476][ T5116] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 90.552620][ T5116] Call Trace: [ 90.553992][ T5116] [ 90.555200][ T5116] ? __die_body+0x88/0xe0 [ 90.556934][ T5116] ? die_addr+0x108/0x140 [ 90.558592][ T5116] ? exc_general_protection+0x3dd/0x5d0 [ 90.560748][ T5116] ? asm_exc_general_protection+0x26/0x30 [ 90.563055][ T5116] ? hfs_get_block+0x3bf/0xb60 [ 90.564856][ T5116] ? hfs_find_init+0x72/0x1f0 [ 90.566646][ T5116] hfs_get_block+0x4f4/0xb60 [ 90.568534][ T5116] ? __pfx_hfs_get_block+0x10/0x10 [ 90.570591][ T5116] ? _raw_spin_unlock+0x28/0x50 [ 90.572558][ T5116] ? create_empty_buffers+0x53e/0x740 [ 90.574494][ T5116] block_read_full_folio+0x418/0xcd0 [ 90.576325][ T5116] ? __pfx_hfs_get_block+0x10/0x10 [ 90.578122][ T5116] ? __pfx_block_read_full_folio+0x10/0x10 [ 90.580225][ T5116] ? __pfx_lru_add_fn+0x10/0x10 [ 90.581980][ T5116] ? folio_add_lru+0x357/0xd70 [ 90.583704][ T5116] ? folio_add_lru+0x58f/0xd70 [ 90.585451][ T5116] filemap_read_folio+0x1a0/0x790 [ 90.587257][ T5116] ? __pfx_hfs_read_folio+0x10/0x10 [ 90.589310][ T5116] ? __pfx_filemap_read_folio+0x10/0x10 [ 90.591531][ T5116] ? __filemap_get_folio+0x984/0xc10 [ 90.593657][ T5116] ? __pfx_lock_release+0x10/0x10 [ 90.595660][ T5116] do_read_cache_folio+0x134/0x820 [ 90.597650][ T5116] ? __pfx_hfs_read_folio+0x10/0x10 [ 90.599630][ T5116] do_read_cache_page+0x30/0x200 [ 90.601508][ T5116] hfs_btree_open+0x50b/0xf20 [ 90.603299][ T5116] hfs_mdb_get+0x1443/0x21b0 [ 90.605077][ T5116] ? __pfx_hfs_mdb_get+0x10/0x10 [ 90.606991][ T5116] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 90.609368][ T5116] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 90.611732][ T5116] ? __raw_spin_lock_init+0x45/0x100 [ 90.613900][ T5116] hfs_fill_super+0x107e/0x1790 [ 90.615869][ T5116] ? __pfx_hfs_fill_super+0x10/0x10 [ 90.617974][ T5116] ? __pfx_vsnprintf+0x10/0x10 [ 90.619797][ T5116] ? do_raw_spin_lock+0x14f/0x370 [ 90.621785][ T5116] ? sb_set_blocksize+0x98/0xf0 [ 90.623742][ T5116] ? setup_bdev_super+0x4e6/0x5d0 [ 90.625741][ T5116] mount_bdev+0x20a/0x2d0 [ 90.627450][ T5116] ? __pfx_hfs_fill_super+0x10/0x10 [ 90.629425][ T5116] ? __pfx_mount_bdev+0x10/0x10 [ 90.631272][ T5116] ? vfs_parse_fs_string+0x190/0x230 [ 90.633384][ T5116] legacy_get_tree+0xee/0x190 [ 90.635280][ T5116] ? __pfx_hfs_mount+0x10/0x10 [ 90.637188][ T5116] vfs_get_tree+0x90/0x2b0 [ 90.639007][ T5116] do_new_mount+0x2be/0xb40 [ 90.640858][ T5116] ? __pfx_do_new_mount+0x10/0x10 [ 90.642884][ T5116] __se_sys_mount+0x2d6/0x3c0 [ 90.644628][ T5116] ? __pfx___se_sys_mount+0x10/0x10 [ 90.646664][ T5116] ? exc_page_fault+0x590/0x8c0 [ 90.648576][ T5116] ? __x64_sys_mount+0x20/0xc0 [ 90.650478][ T5116] do_syscall_64+0xf3/0x230 [ 90.652098][ T5116] ? clear_bhb_loop+0x35/0x90 [ 90.653993][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.656152][ T5116] RIP: 0033:0x7fa47c77f69a [ 90.657723][ T5116] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.664820][ T5116] RSP: 002b:00007fa47d4f0e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 90.668053][ T5116] RAX: ffffffffffffffda RBX: 00007fa47d4f0ef0 RCX: 00007fa47c77f69a [ 90.671185][ T5116] RDX: 0000000020000140 RSI: 0000000020000240 RDI: 00007fa47d4f0eb0 [ 90.674342][ T5116] RBP: 0000000020000140 R08: 00007fa47d4f0ef0 R09: 0000000002818888 [ 90.677458][ T5116] R10: 0000000002818888 R11: 0000000000000246 R12: 0000000020000240 [ 90.680556][ T5116] R13: 00007fa47d4f0eb0 R14: 000000000000029b R15: 0000000020000300 [ 90.683705][ T5116] [ 90.684933][ T5116] Modules linked in: [ 90.901335][ T5116] ---[ end trace 0000000000000000 ]--- [ 90.903593][ T5116] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 90.905670][ T5116] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 34 8e 77 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 90.931225][ T5116] RSP: 0018:ffffc90002d9f2c0 EFLAGS: 00010202 [ 90.933027][ T5116] RAX: 1ffff920005b3e77 RBX: ffffc90002d9f3b8 RCX: 0000000000040000 [ 90.935477][ T5116] RDX: ffffc90003122000 RSI: 0000000000014a3d RDI: ffffc90002d9f3b0 [ 90.937844][ T5116] RBP: 0000000000000000 R08: ffffffff828480ff R09: 0000000000000000 [ 90.940341][ T5116] R10: ffffc90002d9f3a0 R11: fffff520005b3e7b R12: ffffc90002d9f3a0 [ 90.951279][ T5116] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 90.959128][ T5116] FS: 00007fa47d4f16c0(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000 [ 90.965852][ T5116] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.968315][ T5116] CR2: 0000558926f10d18 CR3: 0000000035a00000 CR4: 0000000000350ef0 [ 90.970714][ T5116] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 90.986091][ T5116] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 90.988693][ T5116] Kernel panic - not syncing: Fatal exception [ 90.991493][ T5116] Kernel Offset: disabled [ 90.993251][ T5116] Rebooting in 86400 seconds..