syzbot

loop0: detected capacity change from 0 to 64
Unable to handle kernel paging request at virtual address dfff800000000008
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000008] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4022 Comm: syz-executor388 Not tainted 5.15.164-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : hfs_find_init+0x6c/0x1c8 fs/hfs/bfind.c:21
lr : hfs_find_init+0x30/0x1c8 fs/hfs/bfind.c:16
sp : ffff80001ab57090
x29: ffff80001ab57090 x28: dfff800000000000 x27: 0000000000000000
x26: ffff0000dce20180 x25: 0000000000000008 x24: dfff800000000000
x23: ffff70000356ae28 x22: ffff80001ab57178 x21: 0000000000000040
x20: ffff80001ab57160 x19: 0000000000000000 x18: ffff80001ab56be0
x17: 0000000000000000 x16: ffff80000824e1f4 x15: 000000000000b94f
x14: 000000007dca0e0e x13: dfff800000000000 x12: 0000000000000007
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000ca9f1b40
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff80001778da50 x4 : 0000000000000000 x3 : 0000000000000030
x2 : 0000000000000008 x1 : ffff80001ab57160 x0 : ffff80001ab57170
Call trace:
 hfs_find_init+0x6c/0x1c8 fs/hfs/bfind.c:21
 hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
 hfs_get_block+0x290/0x9fc fs/hfs/extent.c:366
 block_read_full_page+0x2a0/0xc4c fs/buffer.c:2290
 hfs_readpage+0x28/0x38 fs/hfs/inode.c:39
 do_read_cache_page+0x60c/0x950
 read_cache_page+0x68/0x84 mm/filemap.c:3574
 read_mapping_page include/linux/pagemap.h:515 [inline]
 hfs_btree_open+0x420/0xe50 fs/hfs/btree.c:78
 hfs_mdb_get+0x10ec/0x1c4c fs/hfs/mdb.c:199
 hfs_fill_super+0xd64/0x13b4 fs/hfs/super.c:406
 mount_bdev+0x274/0x370 fs/super.c:1387
 hfs_mount+0x44/0x58 fs/hfs/super.c:456
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:611
 vfs_get_tree+0x90/0x274 fs/super.c:1517
 do_new_mount+0x278/0x8fc fs/namespace.c:3005
 path_mount+0x594/0x101c fs/namespace.c:3335
 do_mount fs/namespace.c:3348 [inline]
 __do_sys_mount fs/namespace.c:3556 [inline]
 __se_sys_mount fs/namespace.c:3533 [inline]
 __arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3533
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 97e3f693 91010275 f90002df d343feb9 (38f86b28) 
---[ end trace 3162c467ee70b131 ]---
----------------
Code disassembly (best guess):
   0:	97e3f693 	bl	0xffffffffff8fda4c
   4:	91010275 	add	x21, x19, #0x40
   8:	f90002df 	str	xzr, [x22]
   c:	d343feb9 	lsr	x25, x21, #3
* 10:	38f86b28 	ldrsb	w8, [x25, x24] <-- trapping instruction