program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000140), 0x4)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r5 = accept(r2, 0x0, 0x0)
sendmsg$AUDIT_USER_AVC(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000700fc00140001800500020001000000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8)

[   85.277743][   T45] Bluetooth: hci0: command tx timeout
[   85.383058][ T5315] ------------[ cut here ]------------
[   85.385730][ T5315] atomic_read(&sk->sk_rmem_alloc)
[   85.385743][ T5315] WARNING: net/ipv4/af_inet.c:154 at inet_sock_destruct+0x603/0x740, CPU#0: syz.0.0/5315
[   85.392110][ T5315] Modules linked in:
[   85.395034][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.399589][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.404123][ T5315] RIP: 0010:inet_sock_destruct+0x603/0x740
[   85.407372][ T5315] Code: 00 41 0f b6 74 24 12 48 c7 c7 e0 4b e8 8c 4c 89 e2 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 f3 3d 01 f7 e8 0e 29 9f f7 90 <0f> 0b 90 e9 58 fe ff ff e8 00 29 9f f7 90 0f 0b 90 e9 8b fe ff ff
[   85.417606][ T5315] RSP: 0018:ffffc9000df26f20 EFLAGS: 00010283
[   85.421003][ T5315] RAX: ffffffff8a267c72 RBX: dffffc0000000000 RCX: 0000000000100000
[   85.426225][ T5315] RDX: ffffc9000ec4a000 RSI: 0000000000001b79 RDI: 0000000000001b7a
[   85.429558][ T5315] RBP: 00000000000003c4 R08: ffff88801f7be743 R09: 1ffff11003ef7ce8
[   85.433223][ T5315] R10: dffffc0000000000 R11: ffffed1003ef7ce9 R12: ffff88801f7be600
[   85.436996][ T5315] R13: dffffc0000000000 R14: ffff88801f7be740 R15: 1ffff11003ef7cc2
[   85.440759][ T5315] FS:  00007f8e458d46c0(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000
[   85.444737][ T5315] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.447956][ T5315] CR2: 00007f8e44bec6b8 CR3: 000000001f7a4000 CR4: 0000000000352ef0
[   85.452314][ T5315] Call Trace:
[   85.453868][ T5315]  <TASK>
[   85.455232][ T5315]  ? netlink_has_listeners+0x339/0x3f0
[   85.457730][ T5315]  ? __pfx_tcp4_destruct_sock+0x10/0x10
[   85.460413][ T5315]  __sk_destruct+0x85/0x880
[   85.462545][ T5315]  ? __sk_free+0x2da/0x3f0
[   85.465244][ T5315]  __mptcp_close_ssk+0x886/0x1180
[   85.467927][ T5315]  ? mptcp_close_ssk+0x312/0x430
[   85.470306][ T5315]  mptcp_pm_rm_addr_or_subflow+0x4ab/0x9d0
[   85.472997][ T5315]  mptcp_pm_nl_set_flags+0x853/0xc90
[   85.475865][ T5315]  ? __nla_parse+0x40/0x60
[   85.478279][ T5315]  ? __pfx_mptcp_pm_nl_set_flags+0x10/0x10
[   85.481062][ T5315]  ? __pfx_mptcp_pm_parse_pm_addr_attr+0x10/0x10
[   85.484252][ T5315]  mptcp_pm_nl_set_flags_doit+0x364/0x450
[   85.487255][ T5315]  ? __pfx_mptcp_pm_nl_set_flags_doit+0x10/0x10
[   85.490336][ T5315]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[   85.494293][ T5315]  genl_family_rcv_msg_doit+0x22a/0x330
[   85.498245][ T5315]  ? __asan_memcpy+0x40/0x70
[   85.499851][ T5315]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   85.502234][ T5315]  ? bpf_lsm_capable+0x9/0x20
[   85.504438][ T5315]  ? security_capable+0x7e/0x2c0
[   85.507403][ T5315]  genl_rcv_msg+0x61c/0x7a0
[   85.509105][ T5315]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.510795][ T5315]  ? __pfx_mptcp_pm_nl_set_flags_doit+0x10/0x10
[   85.512943][ T5315]  ? __lock_acquire+0x6b5/0x2cf0
[   85.515066][ T5315]  netlink_rcv_skb+0x232/0x4b0
[   85.517775][ T5315]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.520421][ T5315]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.522800][ T5315]  ? down_read+0x272/0x2e0
[   85.524896][ T5315]  ? genl_rcv+0xd/0x40
[   85.526788][ T5315]  genl_rcv+0x28/0x40
[   85.528762][ T5315]  netlink_unicast+0x80f/0x9b0
[   85.531045][ T5315]  ? __pfx_netlink_unicast+0x10/0x10
[   85.534045][ T5315]  ? netlink_sendmsg+0x650/0xb40
[   85.536724][ T5315]  ? skb_put+0x11b/0x210
[   85.538610][ T5315]  netlink_sendmsg+0x813/0xb40
[   85.540774][ T5315]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.543194][ T5315]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.545481][ T5315]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.547642][ T5315]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.549881][ T5315]  ____sys_sendmsg+0xa68/0xad0
[   85.552176][ T5315]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.555669][ T5315]  ? import_iovec+0x73/0xa0
[   85.559442][ T5315]  ___sys_sendmsg+0x2a5/0x360
[   85.561825][ T5315]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.564247][ T5315]  ? futex_wake+0x4ac/0x580
[   85.566827][ T5315]  ? __fget_files+0x2a/0x420
[   85.569242][ T5315]  ? __fget_files+0x3a0/0x420
[   85.571839][ T5315]  __x64_sys_sendmsg+0x1bd/0x2a0
[   85.574256][ T5315]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.576911][ T5315]  ? rcu_is_watching+0x15/0xb0
[   85.579100][ T5315]  do_syscall_64+0x14d/0xf80
[   85.581297][ T5315]  ? trace_irq_disable+0x3b/0x150
[   85.583592][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.586636][ T5315]  ? clear_bhb_loop+0x40/0x90
[   85.588960][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.591816][ T5315] RIP: 0033:0x7f8e4499c799
[   85.594791][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.605475][ T5315] RSP: 002b:00007f8e458d3fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.609995][ T5315] RAX: ffffffffffffffda RBX: 00007f8e44c15fa0 RCX: 00007f8e4499c799
[   85.613729][ T5315] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000007
[   85.619220][ T5315] RBP: 00007f8e44a32bd9 R08: 0000000000000000 R09: 0000000000000000
[   85.622902][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.626515][ T5315] R13: 00007f8e44c16038 R14: 00007f8e44c15fa0 R15: 00007ffe29592458
[   85.629914][ T5315]  </TASK>
[   85.631310][ T5315] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.634930][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.639409][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.644463][ T5315] Call Trace:
[   85.646230][ T5315]  <TASK>
[   85.647632][ T5315]  vpanic+0x56c/0xa60
[   85.649359][ T5315]  ? __pfx__printk+0x10/0x10
[   85.651359][ T5315]  ? __pfx_vpanic+0x10/0x10
[   85.653327][ T5315]  ? is_bpf_text_address+0x292/0x2b0
[   85.655767][ T5315]  ? is_bpf_text_address+0x26/0x2b0
[   85.658032][ T5315]  panic+0xc5/0xd0
[   85.660144][ T5315]  ? __pfx_panic+0x10/0x10
[   85.662467][ T5315]  __warn+0x315/0x4f0
[   85.664318][ T5315]  ? inet_sock_destruct+0x603/0x740
[   85.666532][ T5315]  ? inet_sock_destruct+0x603/0x740
[   85.668787][ T5315]  __report_bug+0x29a/0x540
[   85.670967][ T5315]  ? inet_sock_destruct+0x603/0x740
[   85.674006][ T5315]  ? __pfx___report_bug+0x10/0x10
[   85.677166][ T5315]  ? __lock_acquire+0x6b5/0x2cf0
[   85.680108][ T5315]  ? inet_sock_destruct+0x603/0x740
[   85.682458][ T5315]  report_bug+0x16a/0x220
[   85.684380][ T5315]  ? inet_sock_destruct+0x603/0x740
[   85.686764][ T5315]  ? inet_sock_destruct+0x605/0x740
[   85.689088][ T5315]  handle_bug+0x9c/0x200
[   85.690707][ T5315]  exc_invalid_op+0x1a/0x50
[   85.692605][ T5315]  asm_exc_invalid_op+0x1a/0x20
[   85.694877][ T5315] RIP: 0010:inet_sock_destruct+0x603/0x740
[   85.697542][ T5315] Code: 00 41 0f b6 74 24 12 48 c7 c7 e0 4b e8 8c 4c 89 e2 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 f3 3d 01 f7 e8 0e 29 9f f7 90 <0f> 0b 90 e9 58 fe ff ff e8 00 29 9f f7 90 0f 0b 90 e9 8b fe ff ff
[   85.707413][ T5315] RSP: 0018:ffffc9000df26f20 EFLAGS: 00010283
[   85.710343][ T5315] RAX: ffffffff8a267c72 RBX: dffffc0000000000 RCX: 0000000000100000
[   85.714147][ T5315] RDX: ffffc9000ec4a000 RSI: 0000000000001b79 RDI: 0000000000001b7a
[   85.719123][ T5315] RBP: 00000000000003c4 R08: ffff88801f7be743 R09: 1ffff11003ef7ce8
[   85.723059][ T5315] R10: dffffc0000000000 R11: ffffed1003ef7ce9 R12: ffff88801f7be600
[   85.726574][ T5315] R13: dffffc0000000000 R14: ffff88801f7be740 R15: 1ffff11003ef7cc2
[   85.730298][ T5315]  ? inet_sock_destruct+0x602/0x740
[   85.732523][ T5315]  ? netlink_has_listeners+0x339/0x3f0
[   85.734917][ T5315]  ? __pfx_tcp4_destruct_sock+0x10/0x10
[   85.737410][ T5315]  __sk_destruct+0x85/0x880
[   85.739372][ T5315]  ? __sk_free+0x2da/0x3f0
[   85.742018][ T5315]  __mptcp_close_ssk+0x886/0x1180
[   85.744195][ T5315]  ? mptcp_close_ssk+0x312/0x430
[   85.746571][ T5315]  mptcp_pm_rm_addr_or_subflow+0x4ab/0x9d0
[   85.749394][ T5315]  mptcp_pm_nl_set_flags+0x853/0xc90
[   85.751872][ T5315]  ? __nla_parse+0x40/0x60
[   85.753976][ T5315]  ? __pfx_mptcp_pm_nl_set_flags+0x10/0x10
[   85.756626][ T5315]  ? __pfx_mptcp_pm_parse_pm_addr_attr+0x10/0x10
[   85.760544][ T5315]  mptcp_pm_nl_set_flags_doit+0x364/0x450
[   85.764096][ T5315]  ? __pfx_mptcp_pm_nl_set_flags_doit+0x10/0x10
[   85.766870][ T5315]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[   85.769696][ T5315]  genl_family_rcv_msg_doit+0x22a/0x330
[   85.771988][ T5315]  ? __asan_memcpy+0x40/0x70
[   85.773922][ T5315]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   85.776616][ T5315]  ? bpf_lsm_capable+0x9/0x20
[   85.778929][ T5315]  ? security_capable+0x7e/0x2c0
[   85.781308][ T5315]  genl_rcv_msg+0x61c/0x7a0
[   85.783711][ T5315]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.786407][ T5315]  ? __pfx_mptcp_pm_nl_set_flags_doit+0x10/0x10
[   85.789048][ T5315]  ? __lock_acquire+0x6b5/0x2cf0
[   85.791165][ T5315]  netlink_rcv_skb+0x232/0x4b0
[   85.793190][ T5315]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.795686][ T5315]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.798168][ T5315]  ? down_read+0x272/0x2e0
[   85.800240][ T5315]  ? genl_rcv+0xd/0x40
[   85.802368][ T5315]  genl_rcv+0x28/0x40
[   85.804480][ T5315]  netlink_unicast+0x80f/0x9b0
[   85.806624][ T5315]  ? __pfx_netlink_unicast+0x10/0x10
[   85.808612][ T5315]  ? netlink_sendmsg+0x650/0xb40
[   85.810789][ T5315]  ? skb_put+0x11b/0x210
[   85.812541][ T5315]  netlink_sendmsg+0x813/0xb40
[   85.814581][ T5315]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.816890][ T5315]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.819214][ T5315]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.821908][ T5315]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.824852][ T5315]  ____sys_sendmsg+0xa68/0xad0
[   85.827298][ T5315]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.829668][ T5315]  ? import_iovec+0x73/0xa0
[   85.831756][ T5315]  ___sys_sendmsg+0x2a5/0x360
[   85.834257][ T5315]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.837113][ T5315]  ? futex_wake+0x4ac/0x580
[   85.839483][ T5315]  ? __fget_files+0x2a/0x420
[   85.841910][ T5315]  ? __fget_files+0x3a0/0x420
[   85.844485][ T5315]  __x64_sys_sendmsg+0x1bd/0x2a0
[   85.847087][ T5315]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.849501][ T5315]  ? rcu_is_watching+0x15/0xb0
[   85.851636][ T5315]  do_syscall_64+0x14d/0xf80
[   85.853545][ T5315]  ? trace_irq_disable+0x3b/0x150
[   85.855858][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.858588][ T5315]  ? clear_bhb_loop+0x40/0x90
[   85.861403][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.863990][ T5315] RIP: 0033:0x7f8e4499c799
[   85.866114][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.874830][ T5315] RSP: 002b:00007f8e458d3fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.880069][ T5315] RAX: ffffffffffffffda RBX: 00007f8e44c15fa0 RCX: 00007f8e4499c799
[   85.883534][ T5315] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000007
[   85.887104][ T5315] RBP: 00007f8e44a32bd9 R08: 0000000000000000 R09: 0000000000000000
[   85.890754][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.894992][ T5315] R13: 00007f8e44c16038 R14: 00007f8e44c15fa0 R15: 00007ffe29592458
[   85.899232][ T5315]  </TASK>
[   85.901491][ T5315] Kernel Offset: disabled
[   85.903459][ T5315] Rebooting in 86400 seconds..