------------[ cut here ]------------
WARNING: CPU: 1 PID: 21 at net/mptcp/protocol.c:718 __mptcp_move_skbs_from_subflow+0x1a9c/0x2494
Modules linked in:
CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 6.1.113-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __mptcp_move_skbs_from_subflow+0x1a9c/0x2494
lr : __mptcp_move_skbs_from_subflow+0x1a9c/0x2494
sp : ffff80001d1e6b90
x29: ffff80001d1e6d20 x28: 000000000a1a5610 x27: ffff0000f35520b8
x26: 0000000000020000 x25: 0000000000000004 x24: ffff0000f3551a10
x23: dfff800000000000 x22: ffff0000dd3f6d78 x21: 0000000000000000
x20: 00000000000081e5 x19: 0000000000007d00 x18: ffff0000f3552060
x17: ffff8000159cd000 x16: ffff8000084f87a8 x15: 0000000000000000
x14: 1ffff00002b3a0b0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff80001218ec40
x8 : ffff0000c0a51bc0 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80001218e0a8
x2 : 0000000000000001 x1 : 00000000000081e5 x0 : 0000000000007d00
Call trace:
 __mptcp_move_skbs_from_subflow+0x1a9c/0x2494
 move_skbs_to_msk net/mptcp/protocol.c:836 [inline]
 mptcp_data_ready+0x188/0x50c net/mptcp/protocol.c:879
 subflow_data_ready+0x178/0x234 net/mptcp/subflow.c:1376
 tcp_data_ready+0x22c/0x44c net/ipv4/tcp_input.c:5091
 tcp_data_queue+0x1cc8/0x53e4 net/ipv4/tcp_input.c:5165
 tcp_rcv_established+0xa84/0x1fe0 net/ipv4/tcp_input.c:6097
 tcp_v4_do_rcv+0x390/0xb08 net/ipv4/tcp_ipv4.c:1683
 tcp_v4_rcv+0x20e4/0x2818 net/ipv4/tcp_ipv4.c:2114
 ip_protocol_deliver_rcu+0x340/0x764 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x258/0x49c net/ipv4/ip_input.c:233
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:302
 ip_local_deliver+0x11c/0x190 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:454 [inline]
 ip_rcv_finish+0x224/0x250 net/ipv4/ip_input.c:449
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:302
 ip_rcv+0x78/0x98 net/ipv4/ip_input.c:569
 __netif_receive_skb_one_core net/core/dev.c:5532 [inline]
 __netif_receive_skb+0x18c/0x400 net/core/dev.c:5646
 process_backlog+0x410/0x784 net/core/dev.c:5974
 __napi_poll+0xb4/0x3f0 net/core/dev.c:6541
 napi_poll net/core/dev.c:6608 [inline]
 net_rx_action+0x5cc/0xd3c net/core/dev.c:6722
 handle_softirqs+0x318/0xd58 kernel/softirq.c:571
 run_ksoftirqd+0x6c/0x29c kernel/softirq.c:938
 smpboot_thread_fn+0x4b0/0x96c kernel/smpboot.c:164
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
irq event stamp: 339357
hardirqs last  enabled at (339356): [<ffff80000897b73c>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (339357): [<ffff8000122939ac>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (339318): [<ffff8000081c7c58>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (339318): [<ffff8000081c7c58>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (339323): [<ffff8000081ca74c>] run_ksoftirqd+0x6c/0x29c kernel/softirq.c:938
---[ end trace 0000000000000000 ]---