program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f00000001c0)={'ip6gre0\x00', <r6=>0x0, 0x4, 0x7, 0x9, 0x2, 0x28, @dev={0xfe, 0x80, '\x00', 0x2b}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7, 0x700, 0x0, 0xfffffffd}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000300)={'gretap0\x00', &(0x7f0000000580)={'tunl0\x00', <r7=>0x0, 0x7, 0x1, 0x9f, 0x2, {{0x4e, 0x4, 0x3, 0x8, 0x138, 0x66, 0x0, 0x4, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101, {[@end, @timestamp={0x44, 0xc, 0xd3, 0x0, 0x3, [0x8, 0x52a]}, @lsrr={0x83, 0x27, 0x24, [@private=0xa010101, @rand_addr=0x64010101, @empty, @local, @remote, @multicast1, @remote, @empty, @broadcast]}, @cipso={0x86, 0x52, 0x3, [{0x2, 0xb, "fc6f8d0e3ac694fa8a"}, {0x5, 0xd, "913b3bcccae905be598527"}, {0x6, 0x9, "a0303d2cb3cdca"}, {0x2, 0xa, "3ed90f0ba47fb8d0"}, {0x6, 0x12, "949369f054e4a79f4dd7e06c709eb739"}, {0x2, 0xf, "fbd0c99323e7d0fd13a0fada84"}]}, @timestamp={0x44, 0x28, 0x39, 0x0, 0xc, [0x0, 0x8, 0x3, 0x1, 0x800, 0xaa, 0x3, 0xb, 0x4]}, @lsrr={0x83, 0xb, 0xb9, [@broadcast, @multicast2]}, @timestamp={0x44, 0x2c, 0xdc, 0x0, 0x5, [0xfffffff9, 0x0, 0x2, 0x86d4, 0x6, 0xea, 0x9, 0x264, 0x8, 0x9]}, @generic={0x0, 0x7, "43e20f488b"}, @rr={0x7, 0x2b, 0xc0, [@rand_addr=0x64010102, @private=0xa010100, @local, @dev={0xac, 0x14, 0x14, 0xa}, @private=0xa010101, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @loopback, @private=0xa010101, @dev={0xac, 0x14, 0x14, 0x2a}]}, @timestamp_addr={0x44, 0xc, 0x84, 0x1, 0x4, [{@multicast2, 0x8}]}]}}}}})
sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000800)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000700)={0xbc, r5, 0x300, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x48, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x80}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010102}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x40, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x26}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1068}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xf5}]}, 0xbc}, 0x1, 0x0, 0x0, 0x24000050}, 0x8000)
r8 = dup(r4)
write$FUSE_BMAP(r8, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x40}}, 0x18)
write$FUSE_DIRENTPLUS(r8, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r8, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x22)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@posixacl}]}})

[   76.342045][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.345424][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.349306][ T5297] Bluetooth: hci0: command tx timeout
[   76.442458][ T5318] ------------[ cut here ]------------
[   76.444823][ T5318] WARNING: CPU: 0 PID: 5318 at mm/page_alloc.c:5159 __alloc_frozen_pages_noprof+0x2c8/0x370
[   76.449361][ T5318] Modules linked in:
[   76.451472][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.454835][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.458844][ T5318] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   76.461509][ T5318] Code: 74 10 4c 89 e7 89 54 24 0c e8 94 b9 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 11 2a 6f 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   76.468853][ T5318] RSP: 0018:ffffc900019ef880 EFLAGS: 00010246
[   76.471518][ T5318] RAX: ffffc900019ef800 RBX: 000000000000001c RCX: 0000000000000000
[   76.474815][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900019ef8e8
[   76.478217][ T5318] RBP: ffffc900019ef970 R08: ffffc900019ef8e7 R09: 0000000000000000
[   76.481914][ T5318] R10: ffffc900019ef8c0 R11: fffff5200033df1d R12: 0000000000000000
[   76.485623][ T5318] R13: 1ffff9200033df14 R14: 0000000000040d40 R15: dffffc0000000000
[   76.489052][ T5318] FS:  00007f58750fb6c0(0000) GS:ffff88808d306000(0000) knlGS:0000000000000000
[   76.492967][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.495785][ T5318] CR2: 00007f59adfe09d0 CR3: 00000000126e7000 CR4: 0000000000352ef0
[   76.499147][ T5318] Call Trace:
[   76.500765][ T5318]  <TASK>
[   76.502075][ T5318]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   76.504844][ T5318]  ? p9_client_clunk+0x1b6/0x250
[   76.507059][ T5318]  alloc_pages_mpol+0x232/0x4a0
[   76.509229][ T5318]  ___kmalloc_large_node+0x5f/0x1b0
[   76.511560][ T5318]  __kmalloc_large_node_noprof+0x18/0x90
[   76.513874][ T5318]  __kmalloc_noprof+0x4bd/0x7f0
[   76.515965][ T5318]  ? v9fs_fid_get_acl+0x4f/0x100
[   76.518069][ T5318]  ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10
[   76.520929][ T5318]  v9fs_fid_get_acl+0x4f/0x100
[   76.522988][ T5318]  v9fs_get_acl+0x9a/0x360
[   76.524895][ T5318]  v9fs_inode_from_fid_dotl+0x221/0x2b0
[   76.527362][ T5318]  v9fs_mount+0x6eb/0xa50
[   76.529358][ T5318]  ? __pfx_v9fs_mount+0x10/0x10
[   76.531558][ T5318]  legacy_get_tree+0xfa/0x1a0
[   76.533583][ T5318]  ? __pfx_v9fs_mount+0x10/0x10
[   76.535677][ T5318]  vfs_get_tree+0x8f/0x2b0
[   76.537668][ T5318]  do_new_mount+0x302/0xa10
[   76.539585][ T5318]  ? apparmor_capable+0x137/0x1b0
[   76.542126][ T5318]  ? __pfx_do_new_mount+0x10/0x10
[   76.544386][ T5318]  ? ns_capable+0x8a/0xf0
[   76.546373][ T5318]  ? path_mount+0x61c/0xfe0
[   76.548418][ T5318]  ? kmem_cache_free+0x19b/0x690
[   76.551032][ T5318]  __se_sys_mount+0x313/0x410
[   76.553186][ T5318]  ? __pfx___se_sys_mount+0x10/0x10
[   76.555596][ T5318]  ? do_syscall_64+0xbe/0xfa0
[   76.557693][ T5318]  ? __x64_sys_mount+0x20/0xc0
[   76.559913][ T5318]  do_syscall_64+0xfa/0xfa0
[   76.562375][ T5318]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.564742][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.567491][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   76.569623][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.572345][ T5318] RIP: 0033:0x7f587418eec9
[   76.574354][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.582877][ T5318] RSP: 002b:00007f58750fb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   76.586505][ T5318] RAX: ffffffffffffffda RBX: 00007f58743e5fa0 RCX: 00007f587418eec9
[   76.589871][ T5318] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[   76.593383][ T5318] RBP: 00007f5874211f91 R08: 0000200000000500 R09: 0000000000000000
[   76.596778][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.600416][ T5318] R13: 00007f58743e6038 R14: 00007f58743e5fa0 R15: 00007ffc5296e258
[   76.603883][ T5318]  </TASK>
[   76.605235][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.608389][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.612318][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.617058][ T5318] Call Trace:
[   76.618539][ T5318]  <TASK>
[   76.619886][ T5318]  dump_stack_lvl+0x99/0x250
[   76.621933][ T5318]  ? __asan_memcpy+0x40/0x70
[   76.623969][ T5318]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.626278][ T5318]  ? __pfx__printk+0x10/0x10
[   76.628319][ T5318]  vpanic+0x237/0x6d0
[   76.630139][ T5318]  ? __pfx_vpanic+0x10/0x10
[   76.632182][ T5318]  panic+0xb9/0xc0
[   76.633814][ T5318]  ? __pfx_panic+0x10/0x10
[   76.635817][ T5318]  __warn+0x31b/0x4b0
[   76.637570][ T5318]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   76.640210][ T5318]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   76.642872][ T5318]  report_bug+0x2be/0x4f0
[   76.644810][ T5318]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   76.647540][ T5318]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   76.650252][ T5318]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   76.652941][ T5318]  handle_bug+0x84/0x160
[   76.654820][ T5318]  exc_invalid_op+0x1a/0x50
[   76.656856][ T5318]  asm_exc_invalid_op+0x1a/0x20
[   76.659086][ T5318] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   76.662062][ T5318] Code: 74 10 4c 89 e7 89 54 24 0c e8 94 b9 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 11 2a 6f 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   76.670559][ T5318] RSP: 0018:ffffc900019ef880 EFLAGS: 00010246
[   76.673230][ T5318] RAX: ffffc900019ef800 RBX: 000000000000001c RCX: 0000000000000000
[   76.676591][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900019ef8e8
[   76.679985][ T5318] RBP: ffffc900019ef970 R08: ffffc900019ef8e7 R09: 0000000000000000
[   76.683186][ T5318] R10: ffffc900019ef8c0 R11: fffff5200033df1d R12: 0000000000000000
[   76.686408][ T5318] R13: 1ffff9200033df14 R14: 0000000000040d40 R15: dffffc0000000000
[   76.689593][ T5318]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   76.692198][ T5318]  ? p9_client_clunk+0x1b6/0x250
[   76.694345][ T5318]  alloc_pages_mpol+0x232/0x4a0
[   76.696617][ T5318]  ___kmalloc_large_node+0x5f/0x1b0
[   76.698987][ T5318]  __kmalloc_large_node_noprof+0x18/0x90
[   76.701472][ T5318]  __kmalloc_noprof+0x4bd/0x7f0
[   76.703704][ T5318]  ? v9fs_fid_get_acl+0x4f/0x100
[   76.705966][ T5318]  ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10
[   76.708830][ T5318]  v9fs_fid_get_acl+0x4f/0x100
[   76.710953][ T5318]  v9fs_get_acl+0x9a/0x360
[   76.712975][ T5318]  v9fs_inode_from_fid_dotl+0x221/0x2b0
[   76.715309][ T5318]  v9fs_mount+0x6eb/0xa50
[   76.717214][ T5318]  ? __pfx_v9fs_mount+0x10/0x10
[   76.719408][ T5318]  legacy_get_tree+0xfa/0x1a0
[   76.721472][ T5318]  ? __pfx_v9fs_mount+0x10/0x10
[   76.723671][ T5318]  vfs_get_tree+0x8f/0x2b0
[   76.725691][ T5318]  do_new_mount+0x302/0xa10
[   76.727693][ T5318]  ? apparmor_capable+0x137/0x1b0
[   76.729860][ T5318]  ? __pfx_do_new_mount+0x10/0x10
[   76.732102][ T5318]  ? ns_capable+0x8a/0xf0
[   76.734016][ T5318]  ? path_mount+0x61c/0xfe0
[   76.736113][ T5318]  ? kmem_cache_free+0x19b/0x690
[   76.738359][ T5318]  __se_sys_mount+0x313/0x410
[   76.740518][ T5318]  ? __pfx___se_sys_mount+0x10/0x10
[   76.742833][ T5318]  ? do_syscall_64+0xbe/0xfa0
[   76.744951][ T5318]  ? __x64_sys_mount+0x20/0xc0
[   76.747116][ T5318]  do_syscall_64+0xfa/0xfa0
[   76.749153][ T5318]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.751472][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.754127][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   76.756239][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.758614][ T5318] RIP: 0033:0x7f587418eec9
[   76.760457][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.768209][ T5318] RSP: 002b:00007f58750fb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   76.771845][ T5318] RAX: ffffffffffffffda RBX: 00007f58743e5fa0 RCX: 00007f587418eec9
[   76.775315][ T5318] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[   76.778820][ T5318] RBP: 00007f5874211f91 R08: 0000200000000500 R09: 0000000000000000
[   76.782352][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.785915][ T5318] R13: 00007f58743e6038 R14: 00007f58743e5fa0 R15: 00007ffc5296e258
[   76.789396][ T5318]  </TASK>
[   76.791088][ T5318] Kernel Offset: disabled
[   76.793061][ T5318] Rebooting in 86400 seconds..