program:
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x4}})
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, 0x0, 0x0)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x3, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000040)=0x4000, 0x4)
mmap$xdp(&(0x7f0000ffc000/0x1000)=nil, 0x1002, 0x0, 0x12, r2, 0x180000000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x1000000, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0xfff}, @TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x1090}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @mcast1}, 0x1c)
listen(r6, 0xfffffffc)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r9)
socket(0x2b, 0x1, 0x1)
bind$inet6(r9, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r9, 0x0)
accept4(r9, 0x0, 0x0, 0x0)
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r10, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

[   61.104438][ T4662] Bluetooth: hci0: command tx timeout
[   61.346176][    C0] ==================================================================
[   61.349282][    C0] BUG: KASAN: null-ptr-deref in smc_tcp_syn_recv_sock+0x92/0x3d0
[   61.352157][    C0] Read of size 4 at addr 00000000000009d4 by task syz.0.0/5312
[   61.355249][    C0] 
[   61.356406][    C0] CPU: 0 UID: 0 PID: 5312 Comm: syz.0.0 Not tainted 6.13.0-rc6-syzkaller-00231-g77a903cd8e5a #0
[   61.360308][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   61.363981][    C0] Call Trace:
[   61.365178][    C0]  <IRQ>
[   61.366222][    C0]  dump_stack_lvl+0x241/0x360
[   61.367868][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   61.369810][    C0]  ? __pfx__printk+0x10/0x10
[   61.371447][    C0]  ? _printk+0xd5/0x120
[   61.372924][    C0]  print_report+0xe8/0x550
[   61.374551][    C0]  ? __virt_addr_valid+0x58/0x530
[   61.376529][    C0]  ? smc_tcp_syn_recv_sock+0x92/0x3d0
[   61.378571][    C0]  kasan_report+0x143/0x180
[   61.380277][    C0]  ? smc_tcp_syn_recv_sock+0x92/0x3d0
[   61.382131][    C0]  kasan_check_range+0x282/0x290
[   61.383750][    C0]  smc_tcp_syn_recv_sock+0x92/0x3d0
[   61.385687][    C0]  tcp_check_req+0xfe4/0x1a20
[   61.387445][    C0]  ? __pfx_tcp_check_req+0x10/0x10
[   61.389646][    C0]  ? tcp_v4_rcv+0x1987/0x37f0
[   61.391318][    C0]  tcp_v4_rcv+0x1c3e/0x37f0
[   61.393061][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   61.394881][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   61.396614][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   61.398388][    C0]  ip_protocol_deliver_rcu+0x22e/0x440
[   61.400475][    C0]  ? ip_local_deliver_finish+0x230/0x5f0
[   61.402606][    C0]  ip_local_deliver_finish+0x341/0x5f0
[   61.404659][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   61.406904][    C0]  NF_HOOK+0x3a4/0x450
[   61.408431][    C0]  ? NF_HOOK+0x9a/0x450
[   61.410036][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[   61.411794][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   61.414105][    C0]  ? ip_rcv_finish+0x406/0x560
[   61.415854][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[   61.417731][    C0]  NF_HOOK+0x3a4/0x450
[   61.419265][    C0]  ? __lock_acquire+0x1397/0x2100
[   61.421237][    C0]  ? NF_HOOK+0x9a/0x450
[   61.422752][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[   61.424492][    C0]  ? ip_rcv_core+0x801/0xd10
[   61.426230][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[   61.428087][    C0]  ? __pfx_ip_rcv+0x10/0x10
[   61.429751][    C0]  __netif_receive_skb+0x2bf/0x650
[   61.431600][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   61.433452][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   61.435513][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   61.437614][    C0]  ? __pfx_lock_release+0x10/0x10
[   61.439433][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   61.440954][    C0]  process_backlog+0x662/0x15b0
[   61.442674][    C0]  ? process_backlog+0x33b/0x15b0
[   61.444456][    C0]  ? __pfx_process_backlog+0x10/0x10
[   61.446347][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   61.448556][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.451271][    C0]  __napi_poll+0xcb/0x490
[   61.453294][    C0]  net_rx_action+0x89b/0x1240
[   61.455521][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   61.457578][    C0]  ? do_raw_spin_unlock+0x58/0x8b0
[   61.459487][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.461823][    C0]  handle_softirqs+0x2d4/0x9b0
[   61.463583][    C0]  ? do_softirq+0x11b/0x1e0
[   61.465323][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   61.467176][    C0]  do_softirq+0x11b/0x1e0
[   61.468820][    C0]  </IRQ>
[   61.469808][    C0]  <TASK>
[   61.470969][    C0]  ? __pfx_do_softirq+0x10/0x10
[   61.472749][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   61.474851][    C0]  ? kasan_quarantine_put+0xdc/0x230
[   61.476713][    C0]  ? rcu_is_watching+0x15/0xb0
[   61.478492][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   61.480477][    C0]  ? inet_put_port+0x5d1/0x7b0
[   61.482296][    C0]  ? inet_put_port+0x2b/0x7b0
[   61.484029][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   61.486056][    C0]  ? inet_put_port+0x2b/0x7b0
[   61.487801][    C0]  ? inet_put_port+0x6d1/0x7b0
[   61.489653][    C0]  ? inet_put_port+0x2b/0x7b0
[   61.491480][    C0]  tcp_set_state+0x4cd/0x870
[   61.493269][    C0]  ? __pfx_tcp_set_state+0x10/0x10
[   61.495229][    C0]  ? __local_bh_enable_ip+0x168/0x200
[   61.497204][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   61.499170][    C0]  ? __local_bh_enable_ip+0x168/0x200
[   61.501179][    C0]  ? inet_shutdown+0x6d/0x390
[   61.502945][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   61.505022][    C0]  ? inet_shutdown+0x6d/0x390
[   61.506797][    C0]  tcp_disconnect+0xa1/0x1ae0
[   61.508602][    C0]  inet_shutdown+0x250/0x390
[   61.510644][    C0]  smc_close_active+0xabb/0xe90
[   61.512634][    C0]  ? __pfx_sock_def_readable+0x10/0x10
[   61.514826][    C0]  __smc_release+0xa0/0x800
[   61.516693][    C0]  smc_release+0x2dc/0x540
[   61.518367][    C0]  sock_close+0xbc/0x240
[   61.519911][    C0]  ? __pfx_sock_close+0x10/0x10
[   61.521628][    C0]  __fput+0x23c/0xa50
[   61.522969][    C0]  task_work_run+0x24f/0x310
[   61.524542][    C0]  ? _raw_spin_unlock+0x28/0x50
[   61.526237][    C0]  ? __pfx_task_work_run+0x10/0x10
[   61.528019][    C0]  ? syscall_exit_to_user_mode+0xa3/0x340
[   61.529961][    C0]  syscall_exit_to_user_mode+0x13f/0x340
[   61.531875][    C0]  do_syscall_64+0x100/0x230
[   61.533448][    C0]  ? clear_bhb_loop+0x35/0x90
[   61.535169][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.537193][    C0] RIP: 0033:0x7f7d6bd85d29
[   61.538603][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.545259][    C0] RSP: 002b:00007ffc65ede8c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   61.548317][    C0] RAX: 0000000000000000 RBX: 000000000000ee3d RCX: 00007f7d6bd85d29
[   61.551284][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   61.554442][    C0] RBP: 00007f7d6bf77ba0 R08: 0000000000000001 R09: 00007ffc65edebbf
[   61.557540][    C0] R10: 00007f7d6bbff030 R11: 0000000000000246 R12: 000000000000eeff
[   61.560583][    C0] R13: 00007f7d6bf76080 R14: 0000000000000032 R15: ffffffffffffffff
[   61.563662][    C0]  </TASK>
[   61.564840][    C0] ==================================================================
[   61.567870][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   61.570495][    C0] CPU: 0 UID: 0 PID: 5312 Comm: syz.0.0 Not tainted 6.13.0-rc6-syzkaller-00231-g77a903cd8e5a #0
[   61.574216][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   61.578103][    C0] Call Trace:
[   61.579443][    C0]  <IRQ>
[   61.580500][    C0]  dump_stack_lvl+0x241/0x360
[   61.582304][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   61.584377][    C0]  ? __pfx__printk+0x10/0x10
[   61.586108][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   61.588426][    C0]  ? vscnprintf+0x5d/0x90
[   61.590178][    C0]  panic+0x349/0x880
[   61.591749][    C0]  ? check_panic_on_warn+0x21/0xb0
[   61.593752][    C0]  ? __pfx_panic+0x10/0x10
[   61.595553][    C0]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[   61.597815][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   61.600142][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   61.602502][    C0]  ? print_report+0xe8/0x550
[   61.604081][    C0]  check_panic_on_warn+0x86/0xb0
[   61.605942][    C0]  ? smc_tcp_syn_recv_sock+0x92/0x3d0
[   61.607895][    C0]  end_report+0x77/0x160
[   61.609473][    C0]  kasan_report+0x154/0x180
[   61.611113][    C0]  ? smc_tcp_syn_recv_sock+0x92/0x3d0
[   61.613091][    C0]  kasan_check_range+0x282/0x290
[   61.615376][    C0]  smc_tcp_syn_recv_sock+0x92/0x3d0
[   61.617337][    C0]  tcp_check_req+0xfe4/0x1a20
[   61.619117][    C0]  ? __pfx_tcp_check_req+0x10/0x10
[   61.621036][    C0]  ? tcp_v4_rcv+0x1987/0x37f0
[   61.622685][    C0]  tcp_v4_rcv+0x1c3e/0x37f0
[   61.624459][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   61.626243][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   61.628165][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   61.629898][    C0]  ip_protocol_deliver_rcu+0x22e/0x440
[   61.631973][    C0]  ? ip_local_deliver_finish+0x230/0x5f0
[   61.633845][    C0]  ip_local_deliver_finish+0x341/0x5f0
[   61.635790][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   61.638050][    C0]  NF_HOOK+0x3a4/0x450
[   61.639396][    C0]  ? NF_HOOK+0x9a/0x450
[   61.640714][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[   61.642204][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   61.644302][    C0]  ? ip_rcv_finish+0x406/0x560
[   61.646039][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[   61.647728][    C0]  NF_HOOK+0x3a4/0x450
[   61.649121][    C0]  ? __lock_acquire+0x1397/0x2100
[   61.650795][    C0]  ? NF_HOOK+0x9a/0x450
[   61.652181][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[   61.653908][    C0]  ? ip_rcv_core+0x801/0xd10
[   61.655806][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[   61.657790][    C0]  ? __pfx_ip_rcv+0x10/0x10
[   61.659576][    C0]  __netif_receive_skb+0x2bf/0x650
[   61.661547][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   61.663499][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   61.665673][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   61.668043][    C0]  ? __pfx_lock_release+0x10/0x10
[   61.670013][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   61.672019][    C0]  process_backlog+0x662/0x15b0
[   61.673902][    C0]  ? process_backlog+0x33b/0x15b0
[   61.675810][    C0]  ? __pfx_process_backlog+0x10/0x10
[   61.677821][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   61.680131][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.682474][    C0]  __napi_poll+0xcb/0x490
[   61.684124][    C0]  net_rx_action+0x89b/0x1240
[   61.685891][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   61.687852][    C0]  ? do_raw_spin_unlock+0x58/0x8b0
[   61.689789][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.692231][    C0]  handle_softirqs+0x2d4/0x9b0
[   61.694052][    C0]  ? do_softirq+0x11b/0x1e0
[   61.695691][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   61.697495][    C0]  do_softirq+0x11b/0x1e0
[   61.698989][    C0]  </IRQ>
[   61.700016][    C0]  <TASK>
[   61.701030][    C0]  ? __pfx_do_softirq+0x10/0x10
[   61.702684][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   61.704559][    C0]  ? kasan_quarantine_put+0xdc/0x230
[   61.706401][    C0]  ? rcu_is_watching+0x15/0xb0
[   61.708031][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   61.709866][    C0]  ? inet_put_port+0x5d1/0x7b0
[   61.711512][    C0]  ? inet_put_port+0x2b/0x7b0
[   61.713360][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   61.715539][    C0]  ? inet_put_port+0x2b/0x7b0
[   61.717247][    C0]  ? inet_put_port+0x6d1/0x7b0
[   61.719246][    C0]  ? inet_put_port+0x2b/0x7b0
[   61.721174][    C0]  tcp_set_state+0x4cd/0x870
[   61.722974][    C0]  ? __pfx_tcp_set_state+0x10/0x10
[   61.724930][    C0]  ? __local_bh_enable_ip+0x168/0x200
[   61.726951][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   61.728789][    C0]  ? __local_bh_enable_ip+0x168/0x200
[   61.730851][    C0]  ? inet_shutdown+0x6d/0x390
[   61.732668][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   61.734677][    C0]  ? inet_shutdown+0x6d/0x390
[   61.736367][    C0]  tcp_disconnect+0xa1/0x1ae0
[   61.738111][    C0]  inet_shutdown+0x250/0x390
[   61.739809][    C0]  smc_close_active+0xabb/0xe90
[   61.741596][    C0]  ? __pfx_sock_def_readable+0x10/0x10
[   61.743634][    C0]  __smc_release+0xa0/0x800
[   61.745391][    C0]  smc_release+0x2dc/0x540
[   61.747138][    C0]  sock_close+0xbc/0x240
[   61.748790][    C0]  ? __pfx_sock_close+0x10/0x10
[   61.750604][    C0]  __fput+0x23c/0xa50
[   61.752186][    C0]  task_work_run+0x24f/0x310
[   61.754017][    C0]  ? _raw_spin_unlock+0x28/0x50
[   61.755905][    C0]  ? __pfx_task_work_run+0x10/0x10
[   61.757778][    C0]  ? syscall_exit_to_user_mode+0xa3/0x340
[   61.759988][    C0]  syscall_exit_to_user_mode+0x13f/0x340
[   61.762158][    C0]  do_syscall_64+0x100/0x230
[   61.763974][    C0]  ? clear_bhb_loop+0x35/0x90
[   61.765779][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.768069][    C0] RIP: 0033:0x7f7d6bd85d29
[   61.769677][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.776746][    C0] RSP: 002b:00007ffc65ede8c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   61.779987][    C0] RAX: 0000000000000000 RBX: 000000000000ee3d RCX: 00007f7d6bd85d29
[   61.782861][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   61.785805][    C0] RBP: 00007f7d6bf77ba0 R08: 0000000000000001 R09: 00007ffc65edebbf
[   61.788689][    C0] R10: 00007f7d6bbff030 R11: 0000000000000246 R12: 000000000000eeff
[   61.791707][    C0] R13: 00007f7d6bf76080 R14: 0000000000000032 R15: ffffffffffffffff
[   61.794608][    C0]  </TASK>
[   61.795978][    C0] Kernel Offset: disabled
[   61.797597][    C0] Rebooting in 86400 seconds..