------------[ cut here ]------------
WARNING: CPU: 1 PID: 13741 at net/mptcp/subflow.c:1348 subflow_data_ready+0x1d8/0x234 net/mptcp/subflow.c:1347
Modules linked in:
CPU: 1 PID: 13741 Comm: syz-executor.1 Not tainted 6.1.81-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : subflow_data_ready+0x1d8/0x234 net/mptcp/subflow.c:1347
lr : subflow_data_ready+0x1d8/0x234 net/mptcp/subflow.c:1347
sp : ffff8000080170a0
x29: ffff8000080170a0 x28: ffff800008017240 x27: ffff0000d90274f0
x26: 1fffe0001b204ea3 x25: 00000000ccbbc07a x24: 0000000000000800
x23: ffff0000d6023e00 x22: dfff800000000000 x21: 0000000000000000
x20: ffff000107e12280 x19: ffff0000dbe224c0 x18: ffff800008016920
x17: ffff8000188bb000 x16: ffff8000084f9e7c x15: 0000000000000000
x14: 0000000000000005 x13: ffff0000d0073780 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff80001205e2a8
x8 : ffff0000d0073780 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80001205e120
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 subflow_data_ready+0x1d8/0x234 net/mptcp/subflow.c:1347
 tcp_data_ready+0x22c/0x44c net/ipv4/tcp_input.c:5028
 tcp_data_queue+0x1cc8/0x53e4 net/ipv4/tcp_input.c:5102
 tcp_rcv_state_process+0x204c/0x3e58 net/ipv4/tcp_input.c:6704
 tcp_v4_do_rcv+0x6b4/0xb08 net/ipv4/tcp_ipv4.c:1700
 tcp_v4_rcv+0x20e4/0x2818 net/ipv4/tcp_ipv4.c:2099
 ip_protocol_deliver_rcu+0x340/0x764 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x23c/0x46c net/ipv4/ip_input.c:233
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:302
 ip_local_deliver+0x11c/0x190 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:454 [inline]
 ip_rcv_finish+0x224/0x250 net/ipv4/ip_input.c:449
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:302
 ip_rcv+0x78/0x98 net/ipv4/ip_input.c:569
 __netif_receive_skb_one_core net/core/dev.c:5528 [inline]
 __netif_receive_skb+0x18c/0x400 net/core/dev.c:5642
 process_backlog+0x410/0x784 net/core/dev.c:5970
 __napi_poll+0xb4/0x3f0 net/core/dev.c:6537
 napi_poll net/core/dev.c:6604 [inline]
 net_rx_action+0x5cc/0xd3c net/core/dev.c:6715
 __do_softirq+0x314/0xe38 kernel/softirq.c:571
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:893
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:85
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0x264/0x4d4 kernel/softirq.c:650
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:662
 __el1_irq arch/arm64/kernel/entry-common.c:472 [inline]
 el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:486
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:581
 check_preemption_disabled+0x34/0x104 lib/smp_processor_id.c:14
 debug_smp_processor_id+0x20/0x2c lib/smp_processor_id.c:60
 rcu_dynticks_curr_cpu_in_eqs include/linux/context_tracking.h:122 [inline]
 rcu_is_watching+0x5c/0x18c kernel/rcu/tree.c:721
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0x108/0xa50 kernel/locking/lockdep.c:5673
 rcu_lock_release+0x2c/0x38 include/linux/rcupdate.h:324
 rcu_read_unlock_sched include/linux/rcupdate.h:873 [inline]
 pfn_valid+0x38c/0x3f8 include/linux/mmzone.h:1867
 page_table_check_clear+0x34/0x46c mm/page_table_check.c:67
 __page_table_check_pte_clear+0x7c/0x9c mm/page_table_check.c:159
 page_table_check_pte_clear include/linux/page_table_check.h:55 [inline]
 ptep_get_and_clear arch/arm64/include/asm/pgtable.h:944 [inline]
 ptep_get_and_clear_full include/linux/pgtable.h:429 [inline]
 zap_pte_range mm/memory.c:1435 [inline]
 zap_pmd_range mm/memory.c:1574 [inline]
 zap_pud_range mm/memory.c:1603 [inline]
 zap_p4d_range mm/memory.c:1624 [inline]
 unmap_page_range+0x1b7c/0x2080 mm/memory.c:1645
 unmap_single_vma mm/memory.c:1691 [inline]
 unmap_vmas+0x394/0x550 mm/memory.c:1730
 exit_mmap+0x1d0/0xa60 mm/mmap.c:3227
 __mmput+0xec/0x39c kernel/fork.c:1199
 mmput+0x70/0xac kernel/fork.c:1221
 exit_mm+0x14c/0x244 kernel/exit.c:563
 do_exit+0x4d4/0x1a88 kernel/exit.c:856
 do_group_exit+0x194/0x22c kernel/exit.c:1019
 get_signal+0x14a0/0x158c kernel/signal.c:2862
 do_signal arch/arm64/kernel/signal.c:1076 [inline]
 do_notify_resume+0x3ac/0x3474 arch/arm64/kernel/signal.c:1129
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 605
hardirqs last  enabled at (604): [<ffff800012147b18>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last  enabled at (604): [<ffff800012147b18>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (605): [<ffff800012145704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (372): [<ffff800008033178>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (523): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---