program: r0 = socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000140)='./bus\x00', 0x14000, &(0x7f0000000000)=ANY=[], 0x4, 0x293, &(0x7f0000000900)="$eJzs3c9q1FAUx/HfzcSaaqnpHxFEEKoFV9LWjbhRpFv3rkTtjFA6VNAK6qq6Fh/Ava/gQ7gSX6CuXPkABcHIvUnazDSZzJ9mMqPfD+ikMzk350zuNPcMlAjAf+v+5sHnWz/tPyM11JB0R/IkBZIv6aIuBa9297b32q1mr4EaLsKGmPjBPXba2m3lhdo4F2Hdk0L7k6+5o+dQmSCKoh91J4HauU9/Dk86m3w63evB2DOrxn7dCdTMHOpQrzVfdx4AgHol138vuc7PJet3z5NWk8v+P3X9P6w7gZplrv++dKDI2PN7wb103O+5Fs6u/by0SxzmWDOKZ1bHAtOUdZUuF2/22Xa7dXPrebvp6b3uJjK7LWtFUjOeuqlstu9ODr2S05ue1MgbbTDnXQ1nbA0bBfkv5cWN8m6XMV/NN/PIhPqk5tH6z4+MPU3uTIVdZyrOf614RFdlGO9VUOWCO8jl5AiJkiqD/I5E6YxaUOcXBGFZni5qsSsqrm69JGopN2qjJGq5O+p4NhdHVs18NA/Nin7pizYz63/Pvtur6ueTafdxeyYzo2c9vtszlPQnimn/Su6e3ghFYVAf9FS3Nf/yzdudJ+12KzLSvt14kT5jZLTT8cwAG1eHihp4wx8+w8nf8FXZIdJJMCGVjmNjVtIEpFHxhl2fn9KA9f56wngcn/R+Ix5UmxDGza67TNz/ZfqVNdci2f/CHuv0qGzwzIjrBb3BohvnXHEHlxEcDVvYwfXbc127IV0vP2IqdHlqtqzgKWE29V2P+f4fAAAAAAAAAAAAAAAAAABg2ozjzxLqrhEAAAAAAAAAAAAAAAAAAAAAgGn3O7kpy2nd/zcY9f6/6uf+vzODFQkg198AAAD///PAhLg=") r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_wakeup_irq', 0x80000, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0xffffff6e, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x45, 0x9, 0x0, 0x0, {0x2}, [@typed={0x8, 0x2, 0x0, 0x0, @pid}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200080c0}, 0x0) move_mount(r5, 0x0, r4, 0x0, 0x46) ioctl$IOMMU_DESTROY$ioas(r2, 0x3b80, &(0x7f00000000c0)={0x8, r3}) [ 86.301136][ T46] Bluetooth: hci0: command tx timeout [ 86.437082][ T5338] loop0: detected capacity change from 0 to 64 [ 86.516089][ T5338] hfs: unable to locate alternate MDB [ 86.531461][ T5338] hfs: continuing without an alternate MDB [ 86.598536][ T5338] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI [ 86.603707][ T5338] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 86.607406][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.611407][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.616160][ T5338] RIP: 0010:handshake_complete+0x36/0x350 [ 86.618790][ T5338] Code: 54 53 48 83 ec 10 48 89 54 24 08 89 f5 49 89 ff 49 bd 00 00 00 00 00 fc ff df e8 e5 00 72 f6 49 8d 5f 28 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 4b e7 d9 f6 48 8b 1b 4c 8d 63 30 [ 86.627179][ T5338] RSP: 0018:ffffc9000a6e7320 EFLAGS: 00010206 [ 86.629918][ T5338] RAX: 0000000000000005 RBX: 0000000000000028 RCX: 0000000000100000 [ 86.633478][ T5338] RDX: ffffc90020f72000 RSI: 000000000000020a RDI: 000000000000020b [ 86.637016][ T5338] RBP: 00000000fffffffb R08: ffff8880380c7703 R09: 1ffff11007018ee0 [ 86.640540][ T5338] R10: dffffc0000000000 R11: ffffed1007018ee1 R12: ffff8880362a5dd0 [ 86.643968][ T5338] R13: dffffc0000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 86.647558][ T5338] FS: 00007f363c7f56c0(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000 [ 86.651505][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.654448][ T5338] CR2: 0000561618ba4ff8 CR3: 000000004114b000 CR4: 0000000000352ef0 [ 86.657946][ T5338] Call Trace: [ 86.659484][ T5338] [ 86.660866][ T5338] handshake_nl_accept_doit+0x3f1/0x830 [ 86.663348][ T5338] genl_family_rcv_msg_doit+0x215/0x300 [ 86.665923][ T5338] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 86.668642][ T5338] ? bpf_lsm_capable+0x9/0x20 [ 86.670664][ T5338] ? security_capable+0x7e/0x2e0 [ 86.672835][ T5338] genl_rcv_msg+0x60e/0x790 [ 86.674801][ T5338] ? __pfx_genl_rcv_msg+0x10/0x10 [ 86.676984][ T5338] ? __pfx_handshake_nl_accept_doit+0x10/0x10 [ 86.679597][ T5338] netlink_rcv_skb+0x208/0x470 [ 86.681680][ T5338] ? __pfx_genl_rcv_msg+0x10/0x10 [ 86.683890][ T5338] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 86.686226][ T5338] ? down_read+0x274/0x2e0 [ 86.688325][ T5338] ? genl_rcv+0xd/0x40 [ 86.690196][ T5338] genl_rcv+0x28/0x40 [ 86.691942][ T5338] netlink_unicast+0x82f/0x9e0 [ 86.694025][ T5338] ? __pfx_netlink_unicast+0x10/0x10 [ 86.696358][ T5338] ? netlink_sendmsg+0x642/0xb30 [ 86.698572][ T5338] ? skb_put+0x11b/0x210 [ 86.700419][ T5338] netlink_sendmsg+0x805/0xb30 [ 86.702535][ T5338] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.704884][ T5338] ? aa_sock_msg_perm+0xf1/0x1b0 [ 86.707150][ T5338] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 86.709547][ T5338] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.711869][ T5338] __sock_sendmsg+0x21c/0x270 [ 86.713957][ T5338] ____sys_sendmsg+0x505/0x820 [ 86.716124][ T5338] ? __pfx_____sys_sendmsg+0x10/0x10 [ 86.718518][ T5338] ? import_iovec+0x74/0xa0 [ 86.720550][ T5338] ___sys_sendmsg+0x21f/0x2a0 [ 86.722612][ T5338] ? __pfx____sys_sendmsg+0x10/0x10 [ 86.724965][ T5338] ? futex_wake+0x4b2/0x560 [ 86.726969][ T5338] __x64_sys_sendmsg+0x19b/0x260 [ 86.729210][ T5338] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 86.731600][ T5338] ? do_syscall_64+0xbe/0xf80 [ 86.733675][ T5338] do_syscall_64+0xfa/0xf80 [ 86.735750][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.738529][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 86.740624][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.743245][ T5338] RIP: 0033:0x7f364038f7c9 [ 86.745260][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.753674][ T5338] RSP: 002b:00007f363c7f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.757347][ T5338] RAX: ffffffffffffffda RBX: 00007f36405e5fa0 RCX: 00007f364038f7c9 [ 86.760413][ T5338] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 86.763654][ T5338] RBP: 00007f3640413f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.766949][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.770402][ T5338] R13: 00007f36405e6038 R14: 00007f36405e5fa0 R15: 00007ffc2babeaf8 [ 86.773935][ T5338] [ 86.775341][ T5338] Modules linked in: [ 86.777979][ T5338] ---[ end trace 0000000000000000 ]--- [ 86.790507][ T5338] RIP: 0010:handshake_complete+0x36/0x350 [ 86.793315][ T5338] Code: 54 53 48 83 ec 10 48 89 54 24 08 89 f5 49 89 ff 49 bd 00 00 00 00 00 fc ff df e8 e5 00 72 f6 49 8d 5f 28 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 4b e7 d9 f6 48 8b 1b 4c 8d 63 30 [ 86.802229][ T5338] RSP: 0018:ffffc9000a6e7320 EFLAGS: 00010206 [ 86.805797][ T5338] RAX: 0000000000000005 RBX: 0000000000000028 RCX: 0000000000100000 [ 86.809990][ T5338] RDX: ffffc90020f72000 RSI: 000000000000020a RDI: 000000000000020b [ 86.813643][ T5338] RBP: 00000000fffffffb R08: ffff8880380c7703 R09: 1ffff11007018ee0 [ 86.817184][ T5338] R10: dffffc0000000000 R11: ffffed1007018ee1 R12: ffff8880362a5dd0 [ 86.821349][ T5338] R13: dffffc0000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 86.824938][ T5338] FS: 00007f363c7f56c0(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000 [ 86.829285][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.832263][ T5338] CR2: 00007f363c7d3fc8 CR3: 000000004114b000 CR4: 0000000000352ef0 [ 86.836047][ T5338] Kernel panic - not syncing: Fatal exception [ 86.839157][ T5338] Kernel Offset: disabled [ 86.841078][ T5338] Rebooting in 86400 seconds..