diff --git a/include/linux/irq-entry-common.h b/include/linux/irq-entry-common.h
index 167fba7dbf04..be47d430d521 100644
--- a/include/linux/irq-entry-common.h
+++ b/include/linux/irq-entry-common.h
@@ -427,6 +427,7 @@ static __always_inline irqentry_state_t irqentry_enter_from_kernel_mode(struct p
 		ct_irq_enter();
 		instrumentation_begin();
 		kmsan_unpoison_entry_regs(regs);
+		kmsan_unpoison_memory(&ret, sizeof(ret));
 		trace_hardirqs_off_finish();
 		instrumentation_end();
 
@@ -443,6 +444,7 @@ static __always_inline irqentry_state_t irqentry_enter_from_kernel_mode(struct p
 	lockdep_hardirqs_off(CALLER_ADDR0);
 	instrumentation_begin();
 	kmsan_unpoison_entry_regs(regs);
+	kmsan_unpoison_memory(&ret, sizeof(ret));
 	rcu_irq_enter_check_tick();
 	trace_hardirqs_off_finish();
 	instrumentation_end();
diff --git a/include/net/mptcp.h b/include/net/mptcp.h
index f7263fe2a2e4..0763fd6f7758 100644
--- a/include/net/mptcp.h
+++ b/include/net/mptcp.h
@@ -27,6 +27,9 @@ struct mptcp_ext {
 	u32		subflow_seq;
 	u16		data_len;
 	__sum16		csum;
+
+	struct_group(flags,
+
 	u8		use_map:1,
 			dsn64:1,
 			data_fin:1,
@@ -38,6 +41,8 @@ struct mptcp_ext {
 	u8		reset_reason:4,
 			csum_reqd:1,
 			infinite_map:1;
+
+	); /* end of flags group */
 };
 
 #define MPTCPOPT_HMAC_LEN	20
diff --git a/kernel/entry/common.c b/kernel/entry/common.c
index 19d2244a9fef..390364943f92 100644
--- a/kernel/entry/common.c
+++ b/kernel/entry/common.c
@@ -177,6 +177,7 @@ irqentry_state_t noinstr irqentry_nmi_enter(struct pt_regs *regs)
 
 	instrumentation_begin();
 	kmsan_unpoison_entry_regs(regs);
+	kmsan_unpoison_memory(&irq_state, sizeof(irq_state));
 	trace_hardirqs_off_finish();
 	ftrace_nmi_enter();
 	instrumentation_end();
diff --git a/net/mptcp/options.c b/net/mptcp/options.c
index 8a1c5698983c..3fd40dbff82b 100644
--- a/net/mptcp/options.c
+++ b/net/mptcp/options.c
@@ -572,6 +572,11 @@ static bool mptcp_established_options_dss(struct sock *sk, struct sk_buff *skb,
 	bool ret = false;
 	u64 ack_seq;
 
+	/* Zero `can_ack` and `use_map` flags with one shot. */
+	BUILD_BUG_ON(sizeof_field(struct mptcp_ext, flags) != sizeof(u16));
+	BUILD_BUG_ON(!IS_ALIGNED(offsetof(struct mptcp_ext, flags),
+				 sizeof(u16)));
+	*(u16 *)&opts->ext_copy.flags = 0;
 	opts->csum_reqd = READ_ONCE(msk->csum_enabled);
 	mpext = skb ? mptcp_get_ext(skb) : NULL;
 
@@ -595,7 +600,6 @@ static bool mptcp_established_options_dss(struct sock *sk, struct sk_buff *skb,
 	/* passive sockets msk will set the 'can_ack' after accept(), even
 	 * if the first subflow may have the already the remote key handy
 	 */
-	opts->ext_copy.use_ack = 0;
 	if (!READ_ONCE(msk->can_ack)) {
 		*size = ALIGN(dss_size, 4);
 		return ret;