program:
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x213444, 0x0)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000180)={0x28, 0x4, 0x0, {0x1}}, 0x28)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r2, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r5, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000)
socket$inet_mptcp(0x2, 0x1, 0x106)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000480)={0x0, 0x20000, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r7, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0)
syz_usb_disconnect(r1)

[   68.926519][ T5320] Bluetooth: hci0: command tx timeout
[   69.003633][ T5335] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'.
[   69.009321][ T5335] netlink: 16 bytes leftover after parsing attributes in process `syz.0.0'.
[   69.012600][ T5335] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'.
[   69.016423][ T5335] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'.
[   69.237201][    C0] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   69.241898][    C0] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[   69.245039][    C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[   69.248719][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.252539][    C0] RIP: 0010:put_page+0x23/0x260
[   69.254406][    C0] Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 58 a5 01 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 6f 8d 6c f8 48 8b 1b 48 89 de 48 83
[   69.261145][    C0] RSP: 0018:ffffc9000042ebb0 EFLAGS: 00010202
[   69.263399][    C0] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff88801cae8000
[   69.266352][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   69.269339][    C0] RBP: dffffc0000000000 R08: ffffffff8993caed R09: 1ffff110067ae9ac
[   69.272230][    C0] R10: dffffc0000000000 R11: ffffed10067ae9ad R12: 0000000000000007
[   69.275141][    C0] R13: ffff888033d74d42 R14: 0000000000000000 R15: 0000000000000000
[   69.277941][    C0] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   69.281095][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.283530][    C0] CR2: 00007f24b0d0d170 CR3: 0000000040c24000 CR4: 0000000000352ef0
[   69.286371][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.289049][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.291838][    C0] Call Trace:
[   69.293065][    C0]  <TASK>
[   69.294205][    C0]  ? __die_body+0x5f/0xb0
[   69.295799][    C0]  ? die_addr+0xb0/0xe0
[   69.297294][    C0]  ? exc_general_protection+0x3dd/0x5d0
[   69.299346][    C0]  ? asm_exc_general_protection+0x26/0x30
[   69.301328][    C0]  ? skb_release_data+0x46d/0x8a0
[   69.303177][    C0]  ? put_page+0x23/0x260
[   69.304726][    C0]  skb_release_data+0x483/0x8a0
[   69.306485][    C0]  __kfree_skb+0x55/0x70
[   69.308058][    C0]  tcp_ack+0x2442/0x6bc0
[   69.309544][    C0]  ? __pfx_tcp_ack+0x10/0x10
[   69.311085][    C0]  ? kvm_clock_get_cycles+0x52/0x70
[   69.312962][    C0]  tcp_rcv_state_process+0x8eb/0x44e0
[   69.314891][    C0]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[   69.316787][    C0]  ? sk_filter_trim_cap+0x5bf/0xa80
[   69.318505][    C0]  ? do_raw_spin_lock+0x14f/0x370
[   69.320055][    C0]  ? __pfx_tcp_inbound_hash+0x10/0x10
[   69.321785][    C0]  tcp_v4_do_rcv+0x77d/0xc70
[   69.323615][    C0]  tcp_v4_rcv+0x2dc0/0x37f0
[   69.325311][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   69.327097][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   69.328881][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   69.330756][    C0]  ip_protocol_deliver_rcu+0x22e/0x440
[   69.332754][    C0]  ? ip_local_deliver_finish+0x230/0x5f0
[   69.334745][    C0]  ip_local_deliver_finish+0x341/0x5f0
[   69.336722][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   69.339017][    C0]  NF_HOOK+0x3a4/0x450
[   69.340538][    C0]  ? NF_HOOK+0x9a/0x450
[   69.342027][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[   69.343715][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   69.345974][    C0]  ? ip_rcv_finish+0x406/0x560
[   69.347692][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[   69.349586][    C0]  NF_HOOK+0x3a4/0x450
[   69.351070][    C0]  ? __lock_acquire+0x1397/0x2100
[   69.352759][    C0]  ? NF_HOOK+0x9a/0x450
[   69.354286][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[   69.355969][    C0]  ? ip_rcv_core+0x801/0xd10
[   69.357631][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[   69.359569][    C0]  ? __pfx_ip_rcv+0x10/0x10
[   69.361257][    C0]  __netif_receive_skb+0x2bf/0x650
[   69.363225][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   69.365164][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   69.367351][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.369611][    C0]  ? __pfx_lock_release+0x10/0x10
[   69.371646][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   69.373659][    C0]  process_backlog+0x662/0x15b0
[   69.375569][    C0]  ? process_backlog+0x33b/0x15b0
[   69.377503][    C0]  ? __pfx_process_backlog+0x10/0x10
[   69.379489][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.381817][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.384227][    C0]  __napi_poll+0xcb/0x490
[   69.385911][    C0]  net_rx_action+0x89b/0x1240
[   69.387782][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   69.389636][    C0]  ? run_ksoftirqd+0xca/0x130
[   69.391394][    C0]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   69.393503][    C0]  ? finish_task_switch+0x1e5/0x870
[   69.395459][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.397696][    C0]  handle_softirqs+0x2c5/0x980
[   69.399740][    C0]  ? run_ksoftirqd+0xca/0x130
[   69.401797][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   69.404136][    C0]  run_ksoftirqd+0xca/0x130
[   69.405948][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   69.407774][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   69.409695][    C0]  smpboot_thread_fn+0x544/0xa30
[   69.411530][    C0]  ? smpboot_thread_fn+0x4e/0xa30
[   69.413435][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   69.415583][    C0]  kthread+0x2f0/0x390
[   69.417141][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   69.419184][    C0]  ? __pfx_kthread+0x10/0x10
[   69.420904][    C0]  ret_from_fork+0x4b/0x80
[   69.422515][    C0]  ? __pfx_kthread+0x10/0x10
[   69.424237][    C0]  ret_from_fork_asm+0x1a/0x30
[   69.426070][    C0]  </TASK>
[   69.427176][    C0] Modules linked in:
[   69.428705][    C0] ---[ end trace 0000000000000000 ]---
[   69.430680][    C0] RIP: 0010:put_page+0x23/0x260
[   69.432493][    C0] Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 58 a5 01 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 6f 8d 6c f8 48 8b 1b 48 89 de 48 83
[   69.439656][    C0] RSP: 0018:ffffc9000042ebb0 EFLAGS: 00010202
[   69.442041][    C0] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff88801cae8000
[   69.445040][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   69.448013][    C0] RBP: dffffc0000000000 R08: ffffffff8993caed R09: 1ffff110067ae9ac
[   69.450936][    C0] R10: dffffc0000000000 R11: ffffed10067ae9ad R12: 0000000000000007
[   69.453949][    C0] R13: ffff888033d74d42 R14: 0000000000000000 R15: 0000000000000000
[   69.456983][    C0] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   69.460449][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.462760][    C0] CR2: 00007f24b0d0d170 CR3: 0000000040c24000 CR4: 0000000000352ef0
[   69.465531][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.468483][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.471500][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   69.474343][    C0] Kernel Offset: disabled
[   69.476012][    C0] Rebooting in 86400 seconds..