program: r0 = socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) r1 = syz_mount_image$hfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x4, &(0x7f0000000040)=ANY=[], 0xff, 0x270, &(0x7f0000000640)="$eJzs3T9v00AYx/HfOYG6tCruH4TEWKjEgFBbFsRSVOVFMCGgSaUKq0hQJGBCzIgXwN43wMCLYEK8gTIxMTBmC7rzhbqpE6eh8SXw/UixTso99nM5u74nVWsB+G9tN44Ob/3qOKqpJumeFEmKpbqkK7oav9w/2DtIW81BO6q5CPsyyiLNqT47+62i0N6OiY2va97tBWNl5/176CQQnHFX8GmRNOOvZ/d+XHlm4/E2dAKBmbbaeqWF0HkAAMLy9//I3+fn/bI8iqQ1f9uf1vt/YRXRrj6PiZK7/7vPp2Ps/F52bx3Xe64ys+9HR4d3ftjXKMe6qOzMOrHANGVVpcsl1u5e+qkmpc1I77Tl5bqtuG0zO3W7SrJdLahNBxh97HN2E13Y3Utbm33yXz7fI5YzX8xX89Ak+qjmn/VfvWPsNLmZSnpmKst/vf8e3SiTrFefUS66g1zzR/BKRhkXVyTqnlGLPZd2Upani1rqicpGt1EStVwYtVkStdIbNWujbu88Swd+lTJe5oN5YFb1U5/VyK3/I/tpr2mYK9P2cT39mTFwPHXXMxkisfwFrNlhhoLRvdcT3dXCi9dvnj5O09bzMzbujxQVtBFPRho0Chtbk5HGXzRmJE1AGufVCP0DClU4nvTQmSAQu+4yWf2Xq1fWXYlkN8mAdXqnbOe5PW70qQ2W3PbSmSq4uf4V3LA11/Wb0o2CI7Y7/rehJyU+z3+EaeibHvH9PwAAAAAAAAAAAAAAAAAAwLSp4s8JQo8RAAAAAAAAAAAAAAAAAAAAAIBpt93o/t9r9wSwIM//dc8Uyz0oh+f/AtX4HQAA///nOooj") ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)={0x8, 0x8, 0xa5e, 0xe, 0xc5}) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r2, 0x0) close_range(r0, r1, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) tkill(r3, 0x12) [ 74.067796][ T5299] Bluetooth: hci0: command tx timeout [ 74.170184][ T5314] loop0: detected capacity change from 0 to 64 [ 74.200836][ T5314] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 74.204891][ T5314] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 74.207572][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc3-syzkaller-00026-g59dbb9d81adf #0 [ 74.210904][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.214800][ T5314] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 74.216859][ T5314] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 04 17 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 74.223913][ T5314] RSP: 0018:ffffc9000d2af400 EFLAGS: 00010202 [ 74.226069][ T5314] RAX: 1ffff92001a55e9f RBX: ffffc9000d2af4f8 RCX: 0000000000100000 [ 74.228920][ T5314] RDX: ffffc9000e67a000 RSI: 0000000000001f81 RDI: ffffc9000d2af4f0 [ 74.232013][ T5314] RBP: 0000000000000000 R08: ffffffff8283001f R09: 0000000000000000 [ 74.234906][ T5314] R10: ffffc9000d2af4e0 R11: fffff52001a55ea3 R12: ffffc9000d2af4e0 [ 74.237723][ T5314] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 74.240529][ T5314] FS: 00007f0100fec6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 74.243646][ T5314] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.245982][ T5314] CR2: 00007ffca676c338 CR3: 0000000040400000 CR4: 0000000000352ef0 [ 74.248817][ T5314] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.251952][ T5314] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.255457][ T5314] Call Trace: [ 74.256906][ T5314] [ 74.258039][ T5314] ? __die_body+0x5f/0xb0 [ 74.259657][ T5314] ? die_addr+0xb0/0xe0 [ 74.261146][ T5314] ? exc_general_protection+0x3dd/0x5d0 [ 74.263159][ T5314] ? hfs_get_block+0x26f/0xb60 [ 74.264879][ T5314] ? asm_exc_general_protection+0x26/0x30 [ 74.266899][ T5314] ? hfs_get_block+0x3bf/0xb60 [ 74.268630][ T5314] ? hfs_find_init+0x72/0x1f0 [ 74.270349][ T5314] hfs_get_block+0x4f4/0xb60 [ 74.272029][ T5314] ? __pfx_hfs_get_block+0x10/0x10 [ 74.273868][ T5314] ? _raw_spin_unlock+0x28/0x50 [ 74.275589][ T5314] ? create_empty_buffers+0x471/0x530 [ 74.277539][ T5314] block_read_full_folio+0x3ee/0xae0 [ 74.279435][ T5314] ? __pfx_hfs_get_block+0x10/0x10 [ 74.281191][ T5314] ? __pfx_block_read_full_folio+0x10/0x10 [ 74.283360][ T5314] filemap_read_folio+0x148/0x3b0 [ 74.285119][ T5314] ? __pfx_hfs_read_folio+0x10/0x10 [ 74.286994][ T5314] ? __pfx_filemap_read_folio+0x10/0x10 [ 74.288950][ T5314] ? __filemap_get_folio+0x848/0x940 [ 74.290784][ T5314] ? hfs_btree_open+0x4cb/0xf40 [ 74.292597][ T5314] do_read_cache_folio+0x373/0x5b0 [ 74.294470][ T5314] ? __pfx_hfs_read_folio+0x10/0x10 [ 74.296205][ T5314] ? do_raw_spin_unlock+0x58/0x8b0 [ 74.298099][ T5314] read_cache_page+0x5b/0x170 [ 74.299838][ T5314] hfs_btree_open+0x506/0xf40 [ 74.301568][ T5314] hfs_mdb_get+0x1443/0x21b0 [ 74.303071][ T5314] ? __pfx_hfs_mdb_get+0x10/0x10 [ 74.304758][ T5314] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 74.306650][ T5314] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 74.308586][ T5314] ? __raw_spin_lock_init+0x45/0x100 [ 74.310266][ T5314] hfs_fill_super+0x38c/0x6b0 [ 74.311915][ T5314] ? __pfx_hfs_fill_super+0x10/0x10 [ 74.313627][ T5314] ? do_raw_spin_lock+0x14f/0x370 [ 74.315377][ T5314] ? sb_set_blocksize+0x98/0xf0 [ 74.317317][ T5314] ? setup_bdev_super+0x4e6/0x5d0 [ 74.319372][ T5314] get_tree_bdev_flags+0x48c/0x5c0 [ 74.321456][ T5314] ? __pfx_hfs_fill_super+0x10/0x10 [ 74.323497][ T5314] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.325681][ T5314] ? apparmor_capable+0x13b/0x1b0 [ 74.327432][ T5314] vfs_get_tree+0x90/0x2b0 [ 74.329043][ T5314] do_new_mount+0x2be/0xb40 [ 74.330738][ T5314] ? __pfx_do_new_mount+0x10/0x10 [ 74.332669][ T5314] __se_sys_mount+0x2d6/0x3c0 [ 74.334465][ T5314] ? __pfx___se_sys_mount+0x10/0x10 [ 74.336371][ T5314] ? exc_page_fault+0x590/0x8b0 [ 74.338234][ T5314] ? __x64_sys_mount+0x20/0xc0 [ 74.339965][ T5314] do_syscall_64+0xf3/0x230 [ 74.341674][ T5314] ? clear_bhb_loop+0x35/0x90 [ 74.343486][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.345726][ T5314] RIP: 0033:0x7f01001874ca [ 74.347203][ T5314] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.354237][ T5314] RSP: 002b:00007f0100febe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.357121][ T5314] RAX: ffffffffffffffda RBX: 00007f0100febef0 RCX: 00007f01001874ca [ 74.360121][ T5314] RDX: 0000000020000240 RSI: 0000000020000280 RDI: 00007f0100febeb0 [ 74.363063][ T5314] RBP: 0000000020000240 R08: 00007f0100febef0 R09: 0000000000000004 [ 74.366153][ T5314] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000020000280 [ 74.369065][ T5314] R13: 00007f0100febeb0 R14: 0000000000000270 R15: 0000000020000040 [ 74.377173][ T5314] [ 74.378374][ T5314] Modules linked in: [ 74.380329][ T5314] ---[ end trace 0000000000000000 ]--- [ 74.392796][ T5314] RIP: 0010:hfs_find_init+0x72/0x1f0 [ 74.394836][ T5314] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 04 17 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0 [ 74.403386][ T5314] RSP: 0018:ffffc9000d2af400 EFLAGS: 00010202 [ 74.405444][ T5314] RAX: 1ffff92001a55e9f RBX: ffffc9000d2af4f8 RCX: 0000000000100000 [ 74.409189][ T5314] RDX: ffffc9000e67a000 RSI: 0000000000001f81 RDI: ffffc9000d2af4f0 [ 74.412136][ T5314] RBP: 0000000000000000 R08: ffffffff8283001f R09: 0000000000000000 [ 74.415356][ T5314] R10: ffffc9000d2af4e0 R11: fffff52001a55ea3 R12: ffffc9000d2af4e0 [ 74.419579][ T5314] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008 [ 74.422631][ T5314] FS: 00007f0100fec6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 74.426014][ T5314] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.428891][ T5314] CR2: 000055c8d3600fa0 CR3: 0000000040400000 CR4: 0000000000352ef0 [ 74.431721][ T5314] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.434501][ T5314] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.438195][ T5314] Kernel panic - not syncing: Fatal exception [ 74.440709][ T5314] Kernel Offset: disabled [ 74.442255][ T5314] Rebooting in 86400 seconds..