------------[ cut here ]------------
WARNING: CPU: 1 PID: 12000 at net/mptcp/subflow.c:1347 subflow_data_ready+0x1d8/0x234 net/mptcp/subflow.c:1346
Modules linked in:
CPU: 1 PID: 12000 Comm: syz-executor.0 Not tainted 6.1.73-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : subflow_data_ready+0x1d8/0x234 net/mptcp/subflow.c:1346
lr : subflow_data_ready+0x1d8/0x234 net/mptcp/subflow.c:1346
sp : ffff8000080170a0
x29: ffff8000080170a0 x28: ffff800008017240 x27: ffff0000d28b60f0
x26: 1fffe0001a516c23 x25: 00000000ccdfba6b x24: 0000000000000800
x23: ffff0000cbd9e000 x22: dfff800000000000 x21: 0000000000000000
x20: ffff0000d4f1a280 x19: ffff0000dde43100 x18: ffff800008016920
x17: ffff8000188a7000 x16: ffff8000084f9038 x15: 0000000000000000
x14: 0000000000000005 x13: ffff0000c9349bc0 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff800012060010
x8 : ffff0000c9349bc0 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80001205fe88
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 subflow_data_ready+0x1d8/0x234 net/mptcp/subflow.c:1346
 tcp_data_ready+0x22c/0x44c net/ipv4/tcp_input.c:5028
 tcp_data_queue+0x1cc8/0x53e4 net/ipv4/tcp_input.c:5102
 tcp_rcv_state_process+0x204c/0x3e58 net/ipv4/tcp_input.c:6704
 tcp_v4_do_rcv+0x6b4/0xb08 net/ipv4/tcp_ipv4.c:1700
 tcp_v4_rcv+0x20e4/0x2818 net/ipv4/tcp_ipv4.c:2099
 ip_protocol_deliver_rcu+0x340/0x764 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x23c/0x46c net/ipv4/ip_input.c:233
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:302
 ip_local_deliver+0x11c/0x190 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:454 [inline]
 ip_rcv_finish+0x224/0x250 net/ipv4/ip_input.c:449
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:302
 ip_rcv+0x78/0x98 net/ipv4/ip_input.c:569
 __netif_receive_skb_one_core net/core/dev.c:5528 [inline]
 __netif_receive_skb+0x18c/0x400 net/core/dev.c:5642
 process_backlog+0x410/0x784 net/core/dev.c:5970
 __napi_poll+0xb4/0x3f0 net/core/dev.c:6537
 napi_poll net/core/dev.c:6604 [inline]
 net_rx_action+0x5cc/0xd3c net/core/dev.c:6715
 __do_softirq+0x314/0xe38 kernel/softirq.c:571
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:893
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0x264/0x4d4 kernel/softirq.c:650
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:662
 __el1_irq arch/arm64/kernel/entry-common.c:472 [inline]
 el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:486
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:581
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
 _raw_spin_unlock_irqrestore+0x58/0xac kernel/locking/spinlock.c:194
 debug_object_free+0x27c/0x440 lib/debugobjects.c:889
 destroy_hrtimer_on_stack kernel/time/hrtimer.c:452 [inline]
 hrtimer_nanosleep+0x2d4/0x384 kernel/time/hrtimer.c:2112
 common_nsleep+0xa8/0xc0 kernel/time/posix-timers.c:1267
 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1308 [inline]
 __se_sys_clock_nanosleep kernel/time/posix-timers.c:1285 [inline]
 __arm64_sys_clock_nanosleep+0x350/0x38c kernel/time/posix-timers.c:1285
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 5397
hardirqs last  enabled at (5396): [<ffff80001222b38c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (5396): [<ffff80001222b38c>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (5397): [<ffff800012146cc4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (5308): [<ffff800008033064>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (5323): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---