program:
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0))
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$unix(r1, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="e700000000000000180012800b000100697036746e6c000008000280040013"], 0x38}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6_vti0\x00'}]}, 0x34}}, 0x0)
syz_emit_ethernet(0x82, &(0x7f00000002c0)={@broadcast, @empty, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x3, 0x6, "269fe0", 0x48, 0x3a, 0x1, @empty, @local, {[], @time_exceed={0x3, 0x0, 0x0, 0x2, '\x00', {0x3, 0x6, "39afb8", 0xf648, 0x4, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, [@srh={0x4, 0x2, 0x4, 0x1, 0x2, 0xd8, 0x9, [@empty]}]}}}}}}}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) (async)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) (async)
connect$unix(r1, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="e700000000000000180012800b000100697036746e6c000008000280040013"], 0x38}}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6_vti0\x00'}]}, 0x34}}, 0x0) (async)
syz_emit_ethernet(0x82, &(0x7f00000002c0)={@broadcast, @empty, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x3, 0x6, "269fe0", 0x48, 0x3a, 0x1, @empty, @local, {[], @time_exceed={0x3, 0x0, 0x0, 0x2, '\x00', {0x3, 0x6, "39afb8", 0xf648, 0x4, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, [@srh={0x4, 0x2, 0x4, 0x1, 0x2, 0xd8, 0x9, [@empty]}]}}}}}}}, 0x0) (async)

[   74.878952][ T5312] Bluetooth: hci0: command tx timeout
[   74.979689][ T5333] ip6_vti0: entered promiscuous mode
[   74.998467][ T5334] ------------[ cut here ]------------
[   75.000490][ T5334] WARNING: net/mptcp/subflow.c:1528 at subflow_data_ready+0x49b/0x7c0, CPU#0: syz.0.0/5334
[   75.003926][ T5334] Modules linked in:
[   75.005392][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.008790][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.012756][ T5334] RIP: 0010:subflow_data_ready+0x49b/0x7c0
[   75.014948][ T5334] Code: 48 0f b9 3a e9 c9 fc ff ff e8 11 3d 79 f6 48 89 df 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6b 0e 00 00 e8 f6 3c 79 f6 90 <0f> 0b 90 e9 f2 fd ff ff 90 0f 0b 90 43 0f b6 04 2f 84 c0 0f 85 a1
[   75.022075][ T5334] RSP: 0018:ffffc9000e83f720 EFLAGS: 00010293
[   75.024353][ T5334] RAX: ffffffff8b47c85a RBX: ffff8880402fc240 RCX: ffff88800096c980
[   75.027324][ T5334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   75.030208][ T5334] RBP: 0000000000000000 R08: ffff88801232094f R09: 1ffff11002464129
[   75.033085][ T5334] R10: dffffc0000000000 R11: ffffed100246412a R12: 0000000000000000
[   75.036017][ T5334] R13: dffffc0000000000 R14: ffff888012320000 R15: 0000000000000000
[   75.038989][ T5334] FS:  00007fb3449766c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000
[   75.042137][ T5334] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.044937][ T5334] CR2: 00007fb344975fc8 CR3: 0000000043210000 CR4: 0000000000352ef0
[   75.048513][ T5334] Call Trace:
[   75.050070][ T5334]  <TASK>
[   75.051262][ T5334]  tcp_data_queue+0x1e14/0x5e30
[   75.053225][ T5334]  ? __pfx_tcp_data_queue+0x10/0x10
[   75.055473][ T5334]  ? __pfx_tcp_urg+0x10/0x10
[   75.057594][ T5334]  ? kvm_clock_get_cycles+0x47/0x60
[   75.059983][ T5334]  tcp_rcv_state_process+0x23ae/0x4530
[   75.062499][ T5334]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[   75.065022][ T5334]  ? tcp_v6_connect+0x124b/0x18a0
[   75.067447][ T5334]  tcp_v6_do_rcv+0xbef/0x1ba0
[   75.069576][ T5334]  ? __local_bh_enable_ip+0xd0/0x130
[   75.071888][ T5334]  ? __pfx_tcp_v6_do_rcv+0x10/0x10
[   75.074130][ T5334]  __release_sock+0x1b8/0x3a0
[   75.076426][ T5334]  release_sock+0x5f/0x1f0
[   75.078401][ T5334]  mptcp_connect+0x5be/0x860
[   75.080326][ T5334]  __inet_stream_connect+0x298/0xf00
[   75.082641][ T5334]  ? do_raw_spin_lock+0x121/0x290
[   75.084900][ T5334]  ? lock_sock_nested+0x6a/0x100
[   75.087229][ T5334]  ? __pfx___inet_stream_connect+0x10/0x10
[   75.089795][ T5334]  ? __local_bh_enable_ip+0xd0/0x130
[   75.092152][ T5334]  inet_stream_connect+0x66/0xa0
[   75.094265][ T5334]  __sys_connect+0x316/0x440
[   75.096448][ T5334]  ? __pfx___sys_connect+0x10/0x10
[   75.098656][ T5334]  ? rcu_is_watching+0x15/0xb0
[   75.100590][ T5334]  __x64_sys_connect+0x7a/0x90
[   75.102672][ T5334]  do_syscall_64+0xec/0xf80
[   75.104488][ T5334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.107021][ T5334]  ? trace_irq_disable+0x37/0x100
[   75.109086][ T5334]  ? clear_bhb_loop+0x60/0xb0
[   75.111084][ T5334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.113631][ T5334] RIP: 0033:0x7fb343b8f7c9
[   75.115541][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.123636][ T5334] RSP: 002b:00007fb344976038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   75.127432][ T5334] RAX: ffffffffffffffda RBX: 00007fb343de6090 RCX: 00007fb343b8f7c9
[   75.130883][ T5334] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000006
[   75.134191][ T5334] RBP: 00007fb343c13f91 R08: 0000000000000000 R09: 0000000000000000
[   75.137491][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.140960][ T5334] R13: 00007fb343de6128 R14: 00007fb343de6090 R15: 00007fffa1988b18
[   75.144500][ T5334]  </TASK>
[   75.145917][ T5334] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.149156][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.153097][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.157498][ T5334] Call Trace:
[   75.158927][ T5334]  <TASK>
[   75.160246][ T5334]  vpanic+0x1e0/0x670
[   75.161873][ T5334]  panic+0xb9/0xc0
[   75.163550][ T5334]  ? __pfx_panic+0x10/0x10
[   75.165533][ T5334]  __warn+0x317/0x4b0
[   75.167300][ T5334]  ? subflow_data_ready+0x49b/0x7c0
[   75.169653][ T5334]  ? subflow_data_ready+0x49b/0x7c0
[   75.171835][ T5334]  __report_bug+0x288/0x500
[   75.173846][ T5334]  ? subflow_data_ready+0x49b/0x7c0
[   75.176178][ T5334]  ? __pfx___report_bug+0x10/0x10
[   75.178411][ T5334]  ? mptcp_subflow_data_available+0x300f/0x3a20
[   75.181479][ T5334]  ? subflow_data_ready+0x49b/0x7c0
[   75.183837][ T5334]  report_bug+0x16a/0x220
[   75.185820][ T5334]  ? subflow_data_ready+0x49b/0x7c0
[   75.188171][ T5334]  ? subflow_data_ready+0x49d/0x7c0
[   75.190417][ T5334]  handle_bug+0x98/0x200
[   75.192201][ T5334]  exc_invalid_op+0x1a/0x50
[   75.194197][ T5334]  asm_exc_invalid_op+0x1a/0x20
[   75.196373][ T5334] RIP: 0010:subflow_data_ready+0x49b/0x7c0
[   75.199028][ T5334] Code: 48 0f b9 3a e9 c9 fc ff ff e8 11 3d 79 f6 48 89 df 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6b 0e 00 00 e8 f6 3c 79 f6 90 <0f> 0b 90 e9 f2 fd ff ff 90 0f 0b 90 43 0f b6 04 2f 84 c0 0f 85 a1
[   75.206913][ T5334] RSP: 0018:ffffc9000e83f720 EFLAGS: 00010293
[   75.209785][ T5334] RAX: ffffffff8b47c85a RBX: ffff8880402fc240 RCX: ffff88800096c980
[   75.213255][ T5334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   75.216717][ T5334] RBP: 0000000000000000 R08: ffff88801232094f R09: 1ffff11002464129
[   75.220247][ T5334] R10: dffffc0000000000 R11: ffffed100246412a R12: 0000000000000000
[   75.223577][ T5334] R13: dffffc0000000000 R14: ffff888012320000 R15: 0000000000000000
[   75.226795][ T5334]  ? subflow_data_ready+0x49a/0x7c0
[   75.228856][ T5334]  tcp_data_queue+0x1e14/0x5e30
[   75.230691][ T5334]  ? __pfx_tcp_data_queue+0x10/0x10
[   75.232755][ T5334]  ? __pfx_tcp_urg+0x10/0x10
[   75.234544][ T5334]  ? kvm_clock_get_cycles+0x47/0x60
[   75.236704][ T5334]  tcp_rcv_state_process+0x23ae/0x4530
[   75.239054][ T5334]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[   75.241627][ T5334]  ? tcp_v6_connect+0x124b/0x18a0
[   75.243845][ T5334]  tcp_v6_do_rcv+0xbef/0x1ba0
[   75.245947][ T5334]  ? __local_bh_enable_ip+0xd0/0x130
[   75.248256][ T5334]  ? __pfx_tcp_v6_do_rcv+0x10/0x10
[   75.250520][ T5334]  __release_sock+0x1b8/0x3a0
[   75.252698][ T5334]  release_sock+0x5f/0x1f0
[   75.254742][ T5334]  mptcp_connect+0x5be/0x860
[   75.256832][ T5334]  __inet_stream_connect+0x298/0xf00
[   75.259401][ T5334]  ? do_raw_spin_lock+0x121/0x290
[   75.261615][ T5334]  ? lock_sock_nested+0x6a/0x100
[   75.263667][ T5334]  ? __pfx___inet_stream_connect+0x10/0x10
[   75.266169][ T5334]  ? __local_bh_enable_ip+0xd0/0x130
[   75.268389][ T5334]  inet_stream_connect+0x66/0xa0
[   75.270530][ T5334]  __sys_connect+0x316/0x440
[   75.272549][ T5334]  ? __pfx___sys_connect+0x10/0x10
[   75.274759][ T5334]  ? rcu_is_watching+0x15/0xb0
[   75.276771][ T5334]  __x64_sys_connect+0x7a/0x90
[   75.278635][ T5334]  do_syscall_64+0xec/0xf80
[   75.280379][ T5334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.282826][ T5334]  ? trace_irq_disable+0x37/0x100
[   75.284697][ T5334]  ? clear_bhb_loop+0x60/0xb0
[   75.286641][ T5334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.289093][ T5334] RIP: 0033:0x7fb343b8f7c9
[   75.290872][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.298976][ T5334] RSP: 002b:00007fb344976038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   75.302546][ T5334] RAX: ffffffffffffffda RBX: 00007fb343de6090 RCX: 00007fb343b8f7c9
[   75.305758][ T5334] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000006
[   75.309098][ T5334] RBP: 00007fb343c13f91 R08: 0000000000000000 R09: 0000000000000000
[   75.312455][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.317076][ T5334] R13: 00007fb343de6128 R14: 00007fb343de6090 R15: 00007fffa1988b18
[   75.320605][ T5334]  </TASK>
[   75.322441][ T5334] Kernel Offset: disabled
[   75.324413][ T5334] Rebooting in 86400 seconds..