program:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r0, 0x6, 0x24, 0x0, 0x0)
syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d3, &(0x7f0000000200)="$eJzs3c9u00oUx/HfTNIm97bqdW+LkFgWKsEGQdkgNkEoK56AFQKaIFVERUARf1YFsUAIwZ4dC16Bh2AD4gVgxYoHKCujGdtxEttJiNq4Kd+PlMhOZuwztT0zJ1I1AvDXutL89uHCD/cyUkUV6dUlyUqqS1VJx3S8/nB7Z2un024NO1DF13Avo6imyZTZ3G5nK7709XyNWOD2qlrs/SyyMGkzUSAMw8vfyw4CpfNPfw4r1TSf7tenGNM4nk1Yb3ef45g1Zk97eqylsuMAAJQrHv9tNJPXYjx/t1Zaj4d9Pz84bOP/pPbKDuDAhUO/7Rn/fZYVGnd9//NfpfmeT+Hc9zbJEsc589zAvp8+2oEJphmVVfpY7D+3tzrts5t3Oy2r52rEeoqt+vdWdOsmRkS7lpObDjFG203+jNLnq3bOtWEjiv+RpL74VyY848TMJ/PFXDeB3qnVnf9VQ+Muk79SwcCViuI/V3xE38rAlVLcbTQaDdtXZNmf5IR6U4lRraznZyRK7qhl9f9AEIyK09f6f6BW1LrzI2qt5NbaSPYKaq321XKt6d7Nxec7aOaNuWbW9FMf1eyZ/1sX37qGPpnpU2PWo6HA/8Wj9sznn67qjxn0jBw1/559XGxSplYU+q/BPu3q+3B4N4cir3VLF7X04MnTO5VOp33fbdzM2bi32P1k7oWUW6bkDe2mn9QUepnCyaA0zcDO7OsBXf8xsrB7gg7FRTnSG83P072Rytgo7DlyRjvMqvSilx0JSuKeZxPlf2m+Uo0me+4tyJ2n18frCOIjhm6O3c3g0h8RwmhGLunfP8rgFoozuGzOlckZfc518rR0avwzBnGcR4Rp6qtu8Ps/AAAAAAAAAAAAAAAAAADArJnGvxOU3UYAAAAAAAAAAAAAAAAAAAAAAGZdd/1fJev/arz1fwfXXZl4/V9l1/99u6389X8B7KffAQAA//+cz4BM")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r2 = openat(r1, &(0x7f0000000040)='./file1\x00', 0x20202, 0x80)
pwrite64(r2, &(0x7f0000000140)='2', 0x1, 0x8080c61)
pwrite64(r1, &(0x7f0000000140)='2', 0xff10, 0x8000c61)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
ioctl$sock_qrtr_SIOCGIFADDR(r3, 0x8915, &(0x7f0000000000)={'veth0_to_bond\x00'})

[   68.386677][ T5303] Bluetooth: hci0: command tx timeout
[   68.421442][ T5317] loop0: detected capacity change from 0 to 64
[   68.458460][ T5317] =======================================================
[   68.458460][ T5317] WARNING: The mand mount option has been deprecated and
[   68.458460][ T5317]          and is ignored by this kernel. Remove the mand
[   68.458460][ T5317]          option from the mount to silence this warning.
[   68.458460][ T5317] =======================================================
[   68.506813][ T5317] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   68.511599][ T5317] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
[   68.514859][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0
[   68.518645][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.522689][ T5317] RIP: 0010:hfs_find_init+0x72/0x1f0
[   68.524799][ T5317] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 84 15 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0
[   68.532021][ T5317] RSP: 0018:ffffc9000d2f7400 EFLAGS: 00010202
[   68.534326][ T5317] RAX: 1ffff92001a5ee9f RBX: ffffc9000d2f74f8 RCX: 0000000000100000
[   68.537191][ T5317] RDX: ffffc9000ede2000 RSI: 00000000000035da RDI: ffffc9000d2f74f0
[   68.540188][ T5317] RBP: 0000000000000000 R08: ffffffff8283111f R09: 0000000000000000
[   68.543168][ T5317] R10: ffffc9000d2f74e0 R11: fffff52001a5eea3 R12: ffffc9000d2f74e0
[   68.546257][ T5317] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008
[   68.549061][ T5317] FS:  00007f39e7cd26c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   68.552387][ T5317] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.554908][ T5317] CR2: 00007ff83cd95ed8 CR3: 000000004067e000 CR4: 0000000000352ef0
[   68.557901][ T5317] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.560828][ T5317] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.563792][ T5317] Call Trace:
[   68.565080][ T5317]  <TASK>
[   68.566187][ T5317]  ? __die_body+0x5f/0xb0
[   68.567791][ T5317]  ? die_addr+0xb0/0xe0
[   68.569360][ T5317]  ? exc_general_protection+0x3dd/0x5d0
[   68.571511][ T5317]  ? hfs_get_block+0x26f/0xb60
[   68.573310][ T5317]  ? asm_exc_general_protection+0x26/0x30
[   68.575920][ T5317]  ? hfs_get_block+0x3bf/0xb60
[   68.578222][ T5317]  ? hfs_find_init+0x72/0x1f0
[   68.580648][ T5317]  hfs_get_block+0x4f4/0xb60
[   68.582729][ T5317]  ? __pfx_hfs_get_block+0x10/0x10
[   68.584677][ T5317]  ? _raw_spin_unlock+0x28/0x50
[   68.586442][ T5317]  ? create_empty_buffers+0x471/0x530
[   68.588433][ T5317]  block_read_full_folio+0x3ee/0xae0
[   68.590332][ T5317]  ? __pfx_hfs_get_block+0x10/0x10
[   68.592226][ T5317]  ? __pfx_block_read_full_folio+0x10/0x10
[   68.594431][ T5317]  filemap_read_folio+0x148/0x3b0
[   68.596356][ T5317]  ? __pfx_hfs_read_folio+0x10/0x10
[   68.598275][ T5317]  ? __pfx_filemap_read_folio+0x10/0x10
[   68.600249][ T5317]  ? __filemap_get_folio+0x848/0x940
[   68.602227][ T5317]  ? hfs_btree_open+0x4cb/0xf40
[   68.604060][ T5317]  do_read_cache_folio+0x373/0x5b0
[   68.605950][ T5317]  ? __pfx_hfs_read_folio+0x10/0x10
[   68.607786][ T5317]  ? do_raw_spin_unlock+0x58/0x8b0
[   68.609653][ T5317]  read_cache_page+0x5b/0x170
[   68.611378][ T5317]  hfs_btree_open+0x506/0xf40
[   68.613107][ T5317]  hfs_mdb_get+0x1443/0x21b0
[   68.614837][ T5317]  ? __pfx_hfs_mdb_get+0x10/0x10
[   68.616617][ T5317]  ? __pfx_lockdep_init_map_type+0x10/0x10
[   68.618781][ T5317]  ? __pfx_lockdep_init_map_type+0x10/0x10
[   68.620877][ T5317]  ? __raw_spin_lock_init+0x45/0x100
[   68.622871][ T5317]  hfs_fill_super+0x38c/0x6b0
[   68.624790][ T5317]  ? __pfx_hfs_fill_super+0x10/0x10
[   68.626752][ T5317]  ? do_raw_spin_lock+0x14f/0x370
[   68.628515][ T5317]  ? sb_set_blocksize+0x98/0xf0
[   68.630334][ T5317]  ? setup_bdev_super+0x4e6/0x5d0
[   68.632056][ T5317]  get_tree_bdev_flags+0x48c/0x5c0
[   68.633882][ T5317]  ? __pfx_hfs_fill_super+0x10/0x10
[   68.635922][ T5317]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   68.638079][ T5317]  ? apparmor_capable+0x13b/0x1b0
[   68.639855][ T5317]  vfs_get_tree+0x90/0x2b0
[   68.641377][ T5317]  do_new_mount+0x2be/0xb40
[   68.642944][ T5317]  ? __pfx_do_new_mount+0x10/0x10
[   68.644764][ T5317]  __se_sys_mount+0x2d6/0x3c0
[   68.646597][ T5317]  ? __pfx___se_sys_mount+0x10/0x10
[   68.648551][ T5317]  ? exc_page_fault+0x590/0x8b0
[   68.650440][ T5317]  ? __x64_sys_mount+0x20/0xc0
[   68.652211][ T5317]  do_syscall_64+0xf3/0x230
[   68.653943][ T5317]  ? clear_bhb_loop+0x35/0x90
[   68.655745][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.658030][ T5317] RIP: 0033:0x7f39e6f874ca
[   68.659705][ T5317] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.666812][ T5317] RSP: 002b:00007f39e7cd1e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   68.669952][ T5317] RAX: ffffffffffffffda RBX: 00007f39e7cd1ef0 RCX: 00007f39e6f874ca
[   68.672725][ T5317] RDX: 00000000200001c0 RSI: 0000000020000180 RDI: 00007f39e7cd1eb0
[   68.675735][ T5317] RBP: 00000000200001c0 R08: 00007f39e7cd1ef0 R09: 00000000030000c8
[   68.678647][ T5317] R10: 00000000030000c8 R11: 0000000000000246 R12: 0000000020000180
[   68.681263][ T5317] R13: 00007f39e7cd1eb0 R14: 00000000000002d3 R15: 0000000020000100
[   68.683816][ T5317]  </TASK>
[   68.684937][ T5317] Modules linked in:
[   68.686763][ T5317] ---[ end trace 0000000000000000 ]---
[   68.696686][ T5317] RIP: 0010:hfs_find_init+0x72/0x1f0
[   68.698819][ T5317] Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 84 15 84 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 10 01 00 00 41 8b 06 8d 7c 00 04 be c0
[   68.705368][ T5317] RSP: 0018:ffffc9000d2f7400 EFLAGS: 00010202
[   68.708770][ T5317] RAX: 1ffff92001a5ee9f RBX: ffffc9000d2f74f8 RCX: 0000000000100000
[   68.711756][ T5317] RDX: ffffc9000ede2000 RSI: 00000000000035da RDI: ffffc9000d2f74f0
[   68.714743][ T5317] RBP: 0000000000000000 R08: ffffffff8283111f R09: 0000000000000000
[   68.718486][ T5317] R10: ffffc9000d2f74e0 R11: fffff52001a5eea3 R12: ffffc9000d2f74e0
[   68.721712][ T5317] R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008
[   68.724682][ T5317] FS:  00007f39e7cd26c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   68.728647][ T5317] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.731141][ T5317] CR2: 00007ff83cd95ed8 CR3: 000000004067e000 CR4: 0000000000352ef0
[   68.734232][ T5317] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.737075][ T5317] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.740682][ T5317] Kernel panic - not syncing: Fatal exception
[   68.743306][ T5317] Kernel Offset: disabled
[   68.744996][ T5317] Rebooting in 86400 seconds..