program:
syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000100)={[{@creator={'creator', 0x3d, "9e6f2202"}}, {@codepage={'codepage', 0x3d, 'cp860'}}, {@iocharset={'iocharset', 0x3d, 'cp874'}}, {@umask={'umask', 0x3d, 0x5}}]}, 0x1, 0x2df, &(0x7f0000000380)="$eJzs3T1v00Acx/HfOUmbPqiYtgiJBVSoRJeKAgNiCUJZ2ZkQ0KRSRVREWyRgoSBGxAtg5y3wIlhAvAGYmHgB3YzufHGdxnGaUid9+H6kRs75zv6fzhff3xJYAM6s+/VfX279sX9GKqkk6a4USKpKZUkXdLH6cmN7fbvVbOQdqORa2D+juKXpqrO60cxqWl3yLbzQfitrOl2GYkRRdO93vNk9Xjgz3OzPEEjjfh66/dUhx1WUHenyqGMYtvQAm13t6pVmRhgOAOAY8Pf/wN8mpl2RURBIi/62f6ru/7ujDuBo3W51FUW5DVL3f7e6i4wd33Nu116+51ICuz9oZ4kHCaay7/uY4iurY4Fp+mWVLpZgYm29rOXVd2oEeq+al6o27z4b8aXb1ifahcFynd5Hq+jBZNwbt6Lcrx3S2nqrOW43MuKfG+yM/898Mz/MIxPqsxrJ+q8cGTtMbqTCfSMVVGz8N3ofccq1srXk08harRZ0VDnvTnLJn8Hr08tqdkaSPmb7AcFOEkFenO7cs+p8rBD3bqVPq7msVmHyrUer+Y5WJX8lLK8+b+U+SilGu4vmk3loFvRXX1VPrf8DG9+iUjMz76feuJr+yoj7M5Zds+xqhl13jr3pciWJwBsfuG+QBnxa9lFPdUczW6/fPCu1Ws1Nu/EkY+PF9KbxJZUPUmad4jdKyqmjnb2SyHobRQc9clRk8EtHekD7+5GU2OmTVdnOsqQkGPYwnboNO1MydtW/K++CPDkbUST12FXUzxSOky3THnRfMDHigDBsdt1l4vzPreT9qs6lSPYjzFmn5yeZ6jjiSpLBdS4FZ93n5EAZ3FTvDC51xps9ckaXc129Ll1LFRrlnjH0cZ4Spq6feszzfwAAAAAAAAAAAAAAAAAAgJNmGP/SYNR9BAAAAAAAAAAAAAAAAAAAAADgpDvU+3+z/o949/7f8HDv/9XA7//NfzMQgAP5FwAA//+gy3cx")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x2, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = fanotify_init(0x0, 0x0)
write$P9_RSYMLINK(r2, &(0x7f0000000140)={0x14}, 0x14)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {{}, {}, {0x1c, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'syzkaller0\x00'}}}}}, 0x38}}, 0x0)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r3, 0x1a10, 0x70bd29, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40850}, 0x4)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000300), 0x1000a)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
pwrite64(r5, &(0x7f0000000340)='2', 0x1, 0x0)

[   78.324675][   T48] Bluetooth: hci0: command tx timeout
[   78.328595][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[   78.331106][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[   78.433578][ T5323] loop0: detected capacity change from 0 to 64
[   78.441981][ T5323] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   78.446569][ T5323] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
[   78.449890][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
[   78.453936][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.458069][ T5323] RIP: 0010:hfs_find_init+0x72/0x1f0
[   78.460486][ T5323] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 44 83 76 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0
[   78.468049][ T5323] RSP: 0018:ffffc9000d3672c0 EFLAGS: 00010202
[   78.470429][ T5323] RAX: 1ffff92001a6ce77 RBX: ffffc9000d3673b8 RCX: 0000000000040000
[   78.473504][ T5323] RDX: ffffc9000d6ea000 RSI: 000000000000179f RDI: ffffc9000d3673b0
[   78.476507][ T5323] RBP: 0000000000000000 R08: ffffffff82894c8f R09: 0000000000000000
[   78.479449][ T5323] R10: ffffc9000d3673a0 R11: fffff52001a6ce7b R12: ffffc9000d3673a0
[   78.482375][ T5323] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008
[   78.485292][ T5323] FS:  00007f32d705a6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   78.488659][ T5323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   78.491093][ T5323] CR2: 00007f32d6162220 CR3: 000000003d322000 CR4: 0000000000352ef0
[   78.494207][ T5323] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   78.497257][ T5323] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   78.500404][ T5323] Call Trace:
[   78.501765][ T5323]  <TASK>
[   78.502982][ T5323]  ? __die_body+0x5f/0xb0
[   78.504679][ T5323]  ? die_addr+0xb0/0xe0
[   78.506270][ T5323]  ? exc_general_protection+0x3dd/0x5d0
[   78.508458][ T5323]  ? asm_exc_general_protection+0x26/0x30
[   78.510581][ T5323]  ? hfs_get_block+0x3bf/0xb60
[   78.512436][ T5323]  ? hfs_find_init+0x72/0x1f0
[   78.514653][ T5323]  hfs_get_block+0x4f4/0xb60
[   78.516485][ T5323]  ? __pfx_hfs_get_block+0x10/0x10
[   78.518502][ T5323]  ? _raw_spin_unlock+0x28/0x50
[   78.520437][ T5323]  ? create_empty_buffers+0x53e/0x740
[   78.522400][ T5323]  ? rcu_is_watching+0x15/0xb0
[   78.524225][ T5323]  block_read_full_folio+0x418/0xcd0
[   78.526441][ T5323]  ? __pfx_hfs_get_block+0x10/0x10
[   78.528600][ T5323]  ? __pfx_block_read_full_folio+0x10/0x10
[   78.530889][ T5323]  ? folio_add_lru+0x28f/0x870
[   78.532759][ T5323]  filemap_read_folio+0x14b/0x630
[   78.534712][ T5323]  ? __pfx_hfs_read_folio+0x10/0x10
[   78.536703][ T5323]  ? __pfx_filemap_read_folio+0x10/0x10
[   78.538956][ T5323]  ? __filemap_get_folio+0x949/0xbd0
[   78.541059][ T5323]  ? __pfx_lock_release+0x10/0x10
[   78.543033][ T5323]  do_read_cache_folio+0x3f5/0x850
[   78.545084][ T5323]  ? __pfx_hfs_read_folio+0x10/0x10
[   78.547066][ T5323]  do_read_cache_page+0x30/0x200
[   78.549030][ T5323]  hfs_btree_open+0x506/0xf40
[   78.550806][ T5323]  hfs_mdb_get+0x1443/0x21b0
[   78.552488][ T5323]  ? __pfx_hfs_mdb_get+0x10/0x10
[   78.554414][ T5323]  ? __pfx_lockdep_init_map_type+0x10/0x10
[   78.556712][ T5323]  ? __raw_spin_lock_init+0x45/0x100
[   78.558732][ T5323]  hfs_fill_super+0x107e/0x1790
[   78.560945][ T5323]  ? __pfx_hfs_fill_super+0x10/0x10
[   78.562912][ T5323]  ? __pfx_vsnprintf+0x10/0x10
[   78.564742][ T5323]  ? do_raw_spin_lock+0x14f/0x370
[   78.566578][ T5323]  ? sb_set_blocksize+0x98/0xf0
[   78.568519][ T5323]  ? setup_bdev_super+0x4e6/0x5d0
[   78.570618][ T5323]  mount_bdev+0x20a/0x2d0
[   78.572317][ T5323]  ? __pfx_hfs_fill_super+0x10/0x10
[   78.574280][ T5323]  ? __pfx_mount_bdev+0x10/0x10
[   78.576252][ T5323]  ? vfs_parse_fs_string+0x190/0x230
[   78.578641][ T5323]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[   78.580687][ T5323]  legacy_get_tree+0xee/0x190
[   78.582495][ T5323]  ? __pfx_hfs_mount+0x10/0x10
[   78.584304][ T5323]  vfs_get_tree+0x90/0x2b0
[   78.585982][ T5323]  do_new_mount+0x2be/0xb40
[   78.587735][ T5323]  ? __pfx_do_new_mount+0x10/0x10
[   78.589689][ T5323]  __se_sys_mount+0x2d6/0x3c0
[   78.591522][ T5323]  ? __pfx___se_sys_mount+0x10/0x10
[   78.593499][ T5323]  ? exc_page_fault+0x590/0x8c0
[   78.595610][ T5323]  ? __x64_sys_mount+0x20/0xc0
[   78.597480][ T5323]  do_syscall_64+0xf3/0x230
[   78.599167][ T5323]  ? clear_bhb_loop+0x35/0x90
[   78.600873][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.603161][ T5323] RIP: 0033:0x7f32d617feba
[   78.604966][ T5323] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.612295][ T5323] RSP: 002b:00007f32d7059e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   78.615466][ T5323] RAX: ffffffffffffffda RBX: 00007f32d7059ef0 RCX: 00007f32d617feba
[   78.618499][ T5323] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f32d7059eb0
[   78.621359][ T5323] RBP: 0000000020000080 R08: 00007f32d7059ef0 R09: 0000000000000000
[   78.624274][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000040
[   78.627451][ T5323] R13: 00007f32d7059eb0 R14: 00000000000002df R15: 0000000020000100
[   78.630266][ T5323]  </TASK>
[   78.631434][ T5323] Modules linked in:
[   78.633391][ T5323] ---[ end trace 0000000000000000 ]---
[   78.641981][ T5323] RIP: 0010:hfs_find_init+0x72/0x1f0
[   78.644337][ T5323] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 44 83 76 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0
[   78.652473][ T5323] RSP: 0018:ffffc9000d3672c0 EFLAGS: 00010202
[   78.654910][ T5323] RAX: 1ffff92001a6ce77 RBX: ffffc9000d3673b8 RCX: 0000000000040000
[   78.657930][ T5323] RDX: ffffc9000d6ea000 RSI: 000000000000179f RDI: ffffc9000d3673b0
[   78.661513][ T5323] RBP: 0000000000000000 R08: ffffffff82894c8f R09: 0000000000000000
[   78.664700][ T5323] R10: ffffc9000d3673a0 R11: fffff52001a6ce7b R12: ffffc9000d3673a0
[   78.668059][ T5323] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008
[   78.671809][ T5323] FS:  00007f32d705a6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   78.675303][ T5323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   78.677652][ T5323] CR2: 00007f32d6162220 CR3: 000000003d322000 CR4: 0000000000352ef0
[   78.680999][ T5323] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   78.683990][ T5323] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   78.686981][ T5323] Kernel panic - not syncing: Fatal exception
[   78.689532][ T5323] Kernel Offset: disabled
[   78.691115][ T5323] Rebooting in 86400 seconds..