program:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = syz_open_procfs$userns(0x0, &(0x7f0000000100))
ioctl$NS_GET_OWNER_UID(r1, 0x8008b70d, &(0x7f00000025c0))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) (async, rerun: 64)
connect$unix(r0, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) (rerun: 64)

[   86.783197][ T4682] Bluetooth: hci0: command tx timeout
[   86.979679][ T5343] ------------[ cut here ]------------
[   86.982270][ T5343] WARNING: net/mptcp/subflow.c:1528 at subflow_data_ready+0x49b/0x7c0, CPU#0: syz.0.0/5343
[   86.987358][ T5343] Modules linked in:
[   86.989402][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.993590][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.998442][ T5343] RIP: 0010:subflow_data_ready+0x49b/0x7c0
[   87.001314][ T5343] Code: 48 0f b9 3a e9 c9 fc ff ff e8 81 e2 77 f6 48 89 df 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6b 0e 00 00 e8 66 e2 77 f6 90 <0f> 0b 90 e9 f2 fd ff ff 90 0f 0b 90 43 0f b6 04 2f 84 c0 0f 85 a1
[   87.009529][ T5343] RSP: 0018:ffffc9000a7b7720 EFLAGS: 00010293
[   87.012146][ T5343] RAX: ffffffff8b49df8a RBX: ffff88804100c240 RCX: ffff88801f7524c0
[   87.015941][ T5343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   87.019378][ T5343] RBP: 0000000000000000 R08: ffff88801f03094f R09: 1ffff11003e06129
[   87.023040][ T5343] R10: dffffc0000000000 R11: ffffed1003e0612a R12: 0000000000000000
[   87.026663][ T5343] R13: dffffc0000000000 R14: ffff88801f030000 R15: 0000000000000000
[   87.030213][ T5343] FS:  00007fbc75e8f6c0(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000
[   87.034315][ T5343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.037256][ T5343] CR2: 00007fbc75e6dfc8 CR3: 000000001234e000 CR4: 0000000000352ef0
[   87.040884][ T5343] Call Trace:
[   87.042363][ T5343]  <TASK>
[   87.043761][ T5343]  tcp_data_queue+0x1e14/0x5e30
[   87.046112][ T5343]  ? __pfx_tcp_data_queue+0x10/0x10
[   87.048466][ T5343]  ? __pfx_tcp_urg+0x10/0x10
[   87.050890][ T5343]  tcp_rcv_state_process+0x23ae/0x4530
[   87.053737][ T5343]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[   87.056420][ T5343]  ? tcp_v6_connect+0x124b/0x18a0
[   87.058618][ T5343]  tcp_v6_do_rcv+0xbef/0x1ba0
[   87.060648][ T5343]  ? __pfx_tcp_v6_do_rcv+0x10/0x10
[   87.062948][ T5343]  __release_sock+0x1b8/0x3a0
[   87.065023][ T5343]  release_sock+0x5f/0x1f0
[   87.067325][ T5343]  mptcp_connect+0x5be/0x860
[   87.069404][ T5343]  __inet_stream_connect+0x298/0xf00
[   87.071613][ T5343]  ? __local_bh_enable_ip+0x12d/0x1c0
[   87.074526][ T5343]  ? __pfx___inet_stream_connect+0x10/0x10
[   87.077150][ T5343]  ? __local_bh_enable_ip+0x12d/0x1c0
[   87.079507][ T5343]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   87.081912][ T5343]  inet_stream_connect+0x66/0xa0
[   87.084265][ T5343]  __sys_connect+0x316/0x440
[   87.086451][ T5343]  ? __pfx___sys_connect+0x10/0x10
[   87.088761][ T5343]  ? rcu_is_watching+0x15/0xb0
[   87.090924][ T5343]  __x64_sys_connect+0x7a/0x90
[   87.093225][ T5343]  do_syscall_64+0xfa/0xf80
[   87.095208][ T5343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.097836][ T5343]  ? clear_bhb_loop+0x60/0xb0
[   87.099969][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.102979][ T5343] RIP: 0033:0x7fbc74f8f7c9
[   87.104963][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.113414][ T5343] RSP: 002b:00007fbc75e8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   87.117031][ T5343] RAX: ffffffffffffffda RBX: 00007fbc751e5fa0 RCX: 00007fbc74f8f7c9
[   87.120639][ T5343] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000003
[   87.124276][ T5343] RBP: 00007fbc75013f91 R08: 0000000000000000 R09: 0000000000000000
[   87.127454][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.130861][ T5343] R13: 00007fbc751e6038 R14: 00007fbc751e5fa0 R15: 00007fff29f355e8
[   87.134583][ T5343]  </TASK>
[   87.136382][ T5343] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.139717][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.143659][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.148647][ T5343] Call Trace:
[   87.150288][ T5343]  <TASK>
[   87.151542][ T5343]  dump_stack_lvl+0x99/0x250
[   87.153549][ T5343]  ? __asan_memcpy+0x40/0x70
[   87.155743][ T5343]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.158185][ T5343]  ? __pfx__printk+0x10/0x10
[   87.160350][ T5343]  vpanic+0x237/0x6d0
[   87.162205][ T5343]  ? __pfx_vpanic+0x10/0x10
[   87.164350][ T5343]  ? is_bpf_text_address+0x292/0x2b0
[   87.166844][ T5343]  ? is_bpf_text_address+0x26/0x2b0
[   87.169157][ T5343]  panic+0xb9/0xc0
[   87.170833][ T5343]  ? __pfx_panic+0x10/0x10
[   87.172784][ T5343]  __warn+0x317/0x4b0
[   87.174539][ T5343]  ? subflow_data_ready+0x49b/0x7c0
[   87.176856][ T5343]  ? subflow_data_ready+0x49b/0x7c0
[   87.179163][ T5343]  __report_bug+0x288/0x500
[   87.181213][ T5343]  ? subflow_data_ready+0x49b/0x7c0
[   87.183534][ T5343]  ? __pfx___report_bug+0x10/0x10
[   87.186103][ T5343]  ? mptcp_subflow_data_available+0x300f/0x3a20
[   87.188963][ T5343]  ? subflow_data_ready+0x49b/0x7c0
[   87.191132][ T5343]  report_bug+0x16a/0x220
[   87.193095][ T5343]  ? subflow_data_ready+0x49b/0x7c0
[   87.195477][ T5343]  ? subflow_data_ready+0x49d/0x7c0
[   87.197749][ T5343]  handle_bug+0x98/0x200
[   87.199727][ T5343]  exc_invalid_op+0x1a/0x50
[   87.201822][ T5343]  asm_exc_invalid_op+0x1a/0x20
[   87.203902][ T5343] RIP: 0010:subflow_data_ready+0x49b/0x7c0
[   87.206799][ T5343] Code: 48 0f b9 3a e9 c9 fc ff ff e8 81 e2 77 f6 48 89 df 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6b 0e 00 00 e8 66 e2 77 f6 90 <0f> 0b 90 e9 f2 fd ff ff 90 0f 0b 90 43 0f b6 04 2f 84 c0 0f 85 a1
[   87.216073][ T5343] RSP: 0018:ffffc9000a7b7720 EFLAGS: 00010293
[   87.218625][ T5343] RAX: ffffffff8b49df8a RBX: ffff88804100c240 RCX: ffff88801f7524c0
[   87.221808][ T5343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   87.225010][ T5343] RBP: 0000000000000000 R08: ffff88801f03094f R09: 1ffff11003e06129
[   87.228443][ T5343] R10: dffffc0000000000 R11: ffffed1003e0612a R12: 0000000000000000
[   87.231741][ T5343] R13: dffffc0000000000 R14: ffff88801f030000 R15: 0000000000000000
[   87.235239][ T5343]  ? subflow_data_ready+0x49a/0x7c0
[   87.237554][ T5343]  tcp_data_queue+0x1e14/0x5e30
[   87.239621][ T5343]  ? __pfx_tcp_data_queue+0x10/0x10
[   87.241920][ T5343]  ? __pfx_tcp_urg+0x10/0x10
[   87.243985][ T5343]  tcp_rcv_state_process+0x23ae/0x4530
[   87.246483][ T5343]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[   87.248991][ T5343]  ? tcp_v6_connect+0x124b/0x18a0
[   87.251180][ T5343]  tcp_v6_do_rcv+0xbef/0x1ba0
[   87.253207][ T5343]  ? __pfx_tcp_v6_do_rcv+0x10/0x10
[   87.255408][ T5343]  __release_sock+0x1b8/0x3a0
[   87.257427][ T5343]  release_sock+0x5f/0x1f0
[   87.259354][ T5343]  mptcp_connect+0x5be/0x860
[   87.261407][ T5343]  __inet_stream_connect+0x298/0xf00
[   87.263694][ T5343]  ? __local_bh_enable_ip+0x12d/0x1c0
[   87.266101][ T5343]  ? __pfx___inet_stream_connect+0x10/0x10
[   87.268706][ T5343]  ? __local_bh_enable_ip+0x12d/0x1c0
[   87.270998][ T5343]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   87.273545][ T5343]  inet_stream_connect+0x66/0xa0
[   87.275965][ T5343]  __sys_connect+0x316/0x440
[   87.277964][ T5343]  ? __pfx___sys_connect+0x10/0x10
[   87.280204][ T5343]  ? rcu_is_watching+0x15/0xb0
[   87.282340][ T5343]  __x64_sys_connect+0x7a/0x90
[   87.284373][ T5343]  do_syscall_64+0xfa/0xf80
[   87.286267][ T5343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.288989][ T5343]  ? clear_bhb_loop+0x60/0xb0
[   87.291065][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.293635][ T5343] RIP: 0033:0x7fbc74f8f7c9
[   87.295650][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.303984][ T5343] RSP: 002b:00007fbc75e8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   87.307753][ T5343] RAX: ffffffffffffffda RBX: 00007fbc751e5fa0 RCX: 00007fbc74f8f7c9
[   87.311356][ T5343] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000003
[   87.314911][ T5343] RBP: 00007fbc75013f91 R08: 0000000000000000 R09: 0000000000000000
[   87.318412][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.321919][ T5343] R13: 00007fbc751e6038 R14: 00007fbc751e5fa0 R15: 00007fff29f355e8
[   87.325433][ T5343]  </TASK>
[   87.327132][ T5343] Kernel Offset: disabled
[   87.329067][ T5343] Rebooting in 86400 seconds..