program:
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x213444, 0x0)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000180)={0x28, 0x4, 0x0, {0x1}}, 0x28)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r2, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r5, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000)
socket$inet_mptcp(0x2, 0x1, 0x106)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r7, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0) (fail_nth: 10)
syz_usb_disconnect(r1)

[   68.934649][ T5320] Bluetooth: hci0: command tx timeout
[   69.002400][ T5335] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'.
[   69.007947][ T5335] netlink: 16 bytes leftover after parsing attributes in process `syz.0.0'.
[   69.011256][ T5335] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'.
[   69.014189][ T5335] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'.
[   69.237667][    C0] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   69.242332][    C0] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[   69.245476][    C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[   69.249193][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.253048][    C0] RIP: 0010:put_page+0x23/0x260
[   69.254866][    C0] Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 58 a5 01 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 6f 8d 6c f8 48 8b 1b 48 89 de 48 83
[   69.261535][    C0] RSP: 0018:ffffc9000042ebb0 EFLAGS: 00010202
[   69.263740][    C0] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff88801cae8000
[   69.266615][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   69.269341][    C0] RBP: dffffc0000000000 R08: ffffffff8993caed R09: 1ffff1100a5af54c
[   69.272312][    C0] R10: dffffc0000000000 R11: ffffed100a5af54d R12: 0000000000000007
[   69.275103][    C0] R13: ffff888052d7aa42 R14: 0000000000000000 R15: 0000000000000000
[   69.277786][    C0] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   69.280959][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.283266][    C0] CR2: 00007f24b186d9b8 CR3: 0000000040c24000 CR4: 0000000000352ef0
[   69.286327][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.289433][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.292409][    C0] Call Trace:
[   69.293704][    C0]  <TASK>
[   69.294780][    C0]  ? __die_body+0x5f/0xb0
[   69.296264][    C0]  ? die_addr+0xb0/0xe0
[   69.297805][    C0]  ? exc_general_protection+0x3dd/0x5d0
[   69.299786][    C0]  ? asm_exc_general_protection+0x26/0x30
[   69.301972][    C0]  ? skb_release_data+0x46d/0x8a0
[   69.303800][    C0]  ? put_page+0x23/0x260
[   69.305296][    C0]  skb_release_data+0x483/0x8a0
[   69.307015][    C0]  __kfree_skb+0x55/0x70
[   69.308553][    C0]  tcp_ack+0x2442/0x6bc0
[   69.310093][    C0]  ? __pfx_tcp_ack+0x10/0x10
[   69.311709][    C0]  ? kvm_clock_get_cycles+0x52/0x70
[   69.313530][    C0]  tcp_rcv_state_process+0x8eb/0x44e0
[   69.315521][    C0]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[   69.317612][    C0]  ? sk_filter_trim_cap+0x5bf/0xa80
[   69.319480][    C0]  ? do_raw_spin_lock+0x14f/0x370
[   69.321327][    C0]  ? __pfx_tcp_inbound_hash+0x10/0x10
[   69.323255][    C0]  tcp_v4_do_rcv+0x77d/0xc70
[   69.324944][    C0]  tcp_v4_rcv+0x2dc0/0x37f0
[   69.326845][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   69.328724][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   69.330636][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   69.332622][    C0]  ip_protocol_deliver_rcu+0x22e/0x440
[   69.334611][    C0]  ? ip_local_deliver_finish+0x230/0x5f0
[   69.336646][    C0]  ip_local_deliver_finish+0x341/0x5f0
[   69.338628][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   69.340765][    C0]  NF_HOOK+0x3a4/0x450
[   69.342294][    C0]  ? NF_HOOK+0x9a/0x450
[   69.343831][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[   69.345521][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   69.347636][    C0]  ? ip_rcv_finish+0x406/0x560
[   69.349605][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[   69.351482][    C0]  NF_HOOK+0x3a4/0x450
[   69.353038][    C0]  ? __lock_acquire+0x1397/0x2100
[   69.354889][    C0]  ? NF_HOOK+0x9a/0x450
[   69.356458][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[   69.357997][    C0]  ? ip_rcv_core+0x801/0xd10
[   69.359652][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[   69.361504][    C0]  ? __pfx_ip_rcv+0x10/0x10
[   69.363184][    C0]  __netif_receive_skb+0x2bf/0x650
[   69.365072][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   69.366919][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   69.368940][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.371044][    C0]  ? __pfx_lock_release+0x10/0x10
[   69.372929][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   69.375219][    C0]  process_backlog+0x662/0x15b0
[   69.377054][    C0]  ? process_backlog+0x33b/0x15b0
[   69.378944][    C0]  ? __pfx_process_backlog+0x10/0x10
[   69.380950][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.383096][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.385418][    C0]  __napi_poll+0xcb/0x490
[   69.387110][    C0]  net_rx_action+0x89b/0x1240
[   69.388916][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   69.390819][    C0]  ? run_ksoftirqd+0xca/0x130
[   69.392593][    C0]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   69.394626][    C0]  ? finish_task_switch+0x1e5/0x870
[   69.396471][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.398667][    C0]  handle_softirqs+0x2c5/0x980
[   69.400427][    C0]  ? run_ksoftirqd+0xca/0x130
[   69.402133][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   69.403955][    C0]  run_ksoftirqd+0xca/0x130
[   69.405633][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   69.407512][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   69.409397][    C0]  smpboot_thread_fn+0x544/0xa30
[   69.411192][    C0]  ? smpboot_thread_fn+0x4e/0xa30
[   69.413089][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   69.415020][    C0]  kthread+0x2f0/0x390
[   69.416509][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   69.418495][    C0]  ? __pfx_kthread+0x10/0x10
[   69.420173][    C0]  ret_from_fork+0x4b/0x80
[   69.421859][    C0]  ? __pfx_kthread+0x10/0x10
[   69.423501][    C0]  ret_from_fork_asm+0x1a/0x30
[   69.425288][    C0]  </TASK>
[   69.426386][    C0] Modules linked in:
[   69.427907][    C0] ---[ end trace 0000000000000000 ]---
[   69.429798][    C0] RIP: 0010:put_page+0x23/0x260
[   69.431562][    C0] Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 58 a5 01 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 6f 8d 6c f8 48 8b 1b 48 89 de 48 83
[   69.438523][    C0] RSP: 0018:ffffc9000042ebb0 EFLAGS: 00010202
[   69.440739][    C0] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff88801cae8000
[   69.443722][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   69.446879][    C0] RBP: dffffc0000000000 R08: ffffffff8993caed R09: 1ffff1100a5af54c
[   69.449614][    C0] R10: dffffc0000000000 R11: ffffed100a5af54d R12: 0000000000000007
[   69.452427][    C0] R13: ffff888052d7aa42 R14: 0000000000000000 R15: 0000000000000000
[   69.455279][    C0] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   69.458577][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.460972][    C0] CR2: 00007f24b186d9b8 CR3: 0000000040c24000 CR4: 0000000000352ef0
[   69.463822][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.466781][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.469506][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   69.472389][    C0] Kernel Offset: disabled
[   69.474045][    C0] Rebooting in 86400 seconds..