------------[ cut here ]------------
WARNING: net/mptcp/subflow.c:1528 at subflow_data_ready+0x49b/0x7c0 net/mptcp/subflow.c:1527, CPU#0: ksoftirqd/0/15
Modules linked in:
CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:subflow_data_ready+0x49b/0x7c0 net/mptcp/subflow.c:1527
Code: 48 0f b9 3a e9 c9 fc ff ff e8 61 d4 77 f6 48 89 df 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6b 0e 00 00 e8 46 d4 77 f6 90 <0f> 0b 90 e9 f2 fd ff ff 90 0f 0b 90 43 0f b6 04 2f 84 c0 0f 85 a1
RSP: 0018:ffffc90000146e40 EFLAGS: 00010246
RAX: ffffffff8b49e41a RBX: ffff88807d6a0000 RCX: ffff88801d2f3d00
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffff888020faa14f R09: 1ffff110041f5429
R10: dffffc0000000000 R11: ffffed10041f542a R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888020fa9800 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125c25000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f26afbb42f8 CR3: 000000007c446000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 tcp_data_queue+0x1e14/0x5e30 net/ipv4/tcp_input.c:5461
 tcp_rcv_state_process+0x23a4/0x4520 net/ipv4/tcp_input.c:7185
 tcp_v4_do_rcv+0x6bb/0x1430 net/ipv4/tcp_ipv4.c:1904
 tcp_v4_rcv+0x2675/0x2f20 net/ipv4/tcp_ipv4.c:2324
 ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:207
 ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241
 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318
 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318
 __netif_receive_skb_one_core net/core/dev.c:6138 [inline]
 __netif_receive_skb+0x143/0x380 net/core/dev.c:6251
 process_backlog+0x622/0x1500 net/core/dev.c:6603
 __napi_poll+0xae/0x320 net/core/dev.c:7667
 napi_poll net/core/dev.c:7730 [inline]
 net_rx_action+0x672/0xe50 net/core/dev.c:7882
 handle_softirqs+0x27d/0x850 kernel/softirq.c:626
 run_ksoftirqd+0x9b/0x100 kernel/softirq.c:1067
 smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>