program:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_mount_image$bfs(&(0x7f00000001c0), &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4, &(0x7f0000000600)=ANY=[], 0x8, 0xad, &(0x7f0000000040)="$eJzs0btpA0EUBdC7H/xJ7ALcg3tw6twVbOjQkY3BjlSGOlArKmE7ULCpkhHLrkChEAhJcA7MzA3mwYW33q5e8pSUv6SUUu6SPGbKX98/nx/v490kyTJt7jPZv9y4ej4P486fp7x5y+L/4E8//HZ9la4fyuyChQEAgJPVeZ1TdfxQm6Q5VyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA67ILAAD//1vZIlc=")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
getsockname$inet(r1, &(0x7f0000000000), &(0x7f0000000080)=0x10)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$SNDCTL_DSP_SETDUPLEX(r2, 0x5016, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async)
socket$inet_smc(0x2b, 0x1, 0x0) (async)
syz_mount_image$bfs(&(0x7f00000001c0), &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4, &(0x7f0000000600)=ANY=[], 0x8, 0xad, &(0x7f0000000040)="$eJzs0btpA0EUBdC7H/xJ7ALcg3tw6twVbOjQkY3BjlSGOlArKmE7ULCpkhHLrkChEAhJcA7MzA3mwYW33q5e8pSUv6SUUu6SPGbKX98/nx/v490kyTJt7jPZv9y4ej4P486fp7x5y+L/4E8//HZ9la4fyuyChQEAgJPVeZ1TdfxQm6Q5VyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA67ILAAD//1vZIlc=") (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) (async)
getsockname$inet(r1, &(0x7f0000000000), &(0x7f0000000080)=0x10) (async)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async)
ioctl$SNDCTL_DSP_SETDUPLEX(r2, 0x5016, 0x0) (async)

[   88.035033][ T5321] Bluetooth: hci0: command tx timeout
[   88.215123][ T5347] loop0: detected capacity change from 0 to 64
[   88.265896][ T5348] ------------[ cut here ]------------
[   88.268447][ T5348] WARNING: net/mptcp/subflow.c:1528 at subflow_data_ready+0x49b/0x7c0, CPU#0: syz.0.0/5348
[   88.273153][ T5348] Modules linked in:
[   88.274929][ T5348] CPU: 0 UID: 0 PID: 5348 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.279132][ T5348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.283909][ T5348] RIP: 0010:subflow_data_ready+0x49b/0x7c0
[   88.286983][ T5348] Code: 48 0f b9 3a e9 c9 fc ff ff e8 81 e2 77 f6 48 89 df 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6b 0e 00 00 e8 66 e2 77 f6 90 <0f> 0b 90 e9 f2 fd ff ff 90 0f 0b 90 43 0f b6 04 2f 84 c0 0f 85 a1
[   88.295632][ T5348] RSP: 0018:ffffc9000e847740 EFLAGS: 00010293
[   88.298370][ T5348] RAX: ffffffff8b49df8a RBX: ffff888040a0c240 RCX: ffff88801c4bc980
[   88.302563][ T5348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   88.306118][ T5348] RBP: 0000000000000000 R08: ffff88800b6f094f R09: 1ffff110016de129
[   88.309718][ T5348] R10: dffffc0000000000 R11: ffffed10016de12a R12: 0000000000000000
[   88.313079][ T5348] R13: dffffc0000000000 R14: ffff88800b6f0000 R15: 0000000000000000
[   88.316606][ T5348] FS:  00007f9848c926c0(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000
[   88.320538][ T5348] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.323491][ T5348] CR2: 00007fff0a8dfd80 CR3: 0000000041345000 CR4: 0000000000352ef0
[   88.326698][ T5348] Call Trace:
[   88.328238][ T5348]  <TASK>
[   88.329605][ T5348]  tcp_data_queue+0x1e14/0x5e30
[   88.331978][ T5348]  ? __pfx_tcp_data_queue+0x10/0x10
[   88.334310][ T5348]  ? __pfx_tcp_urg+0x10/0x10
[   88.336477][ T5348]  ? kvm_clock_get_cycles+0x47/0x60
[   88.338836][ T5348]  ? tcp_ecn_received_counters+0x2b7/0x7f0
[   88.341567][ T5348]  tcp_rcv_established+0xf57/0x2580
[   88.343687][ T5348]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[   88.346276][ T5348]  ? __pfx_tcp_rcv_established+0x10/0x10
[   88.348637][ T5348]  tcp_v6_do_rcv+0x8eb/0x1ba0
[   88.350695][ T5348]  ? __pfx_tcp_v6_do_rcv+0x10/0x10
[   88.353050][ T5348]  __release_sock+0x1b8/0x3a0
[   88.355099][ T5348]  release_sock+0x5f/0x1f0
[   88.356971][ T5348]  mptcp_connect+0x5be/0x860
[   88.359161][ T5348]  __inet_stream_connect+0x298/0xf00
[   88.361810][ T5348]  ? __local_bh_enable_ip+0x12d/0x1c0
[   88.364452][ T5348]  ? __pfx___inet_stream_connect+0x10/0x10
[   88.367073][ T5348]  ? __local_bh_enable_ip+0x12d/0x1c0
[   88.369509][ T5348]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   88.372245][ T5348]  inet_stream_connect+0x66/0xa0
[   88.374472][ T5348]  __sys_connect+0x316/0x440
[   88.376673][ T5348]  ? __pfx___sys_connect+0x10/0x10
[   88.378957][ T5348]  __x64_sys_connect+0x7a/0x90
[   88.381368][ T5348]  do_syscall_64+0xfa/0xf80
[   88.383412][ T5348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.386117][ T5348]  ? clear_bhb_loop+0x60/0xb0
[   88.388291][ T5348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.390667][ T5348] RIP: 0033:0x7f9847d8f7c9
[   88.392800][ T5348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.400722][ T5348] RSP: 002b:00007f9848c92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   88.404485][ T5348] RAX: ffffffffffffffda RBX: 00007f9847fe6090 RCX: 00007f9847d8f7c9
[   88.407743][ T5348] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000003
[   88.411347][ T5348] RBP: 00007f9847e13f91 R08: 0000000000000000 R09: 0000000000000000
[   88.414902][ T5348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.418375][ T5348] R13: 00007f9847fe6128 R14: 00007f9847fe6090 R15: 00007fff0a8e0568
[   88.421976][ T5348]  </TASK>
[   88.423425][ T5348] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   88.426808][ T5348] CPU: 0 UID: 0 PID: 5348 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.430960][ T5348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.435742][ T5348] Call Trace:
[   88.437191][ T5348]  <TASK>
[   88.438467][ T5348]  dump_stack_lvl+0x99/0x250
[   88.440448][ T5348]  ? __asan_memcpy+0x40/0x70
[   88.442445][ T5348]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.444611][ T5348]  ? __pfx__printk+0x10/0x10
[   88.446637][ T5348]  vpanic+0x237/0x6d0
[   88.448492][ T5348]  ? __pfx_vpanic+0x10/0x10
[   88.450553][ T5348]  ? is_bpf_text_address+0x292/0x2b0
[   88.452867][ T5348]  ? is_bpf_text_address+0x26/0x2b0
[   88.455178][ T5348]  panic+0xb9/0xc0
[   88.456915][ T5348]  ? __pfx_panic+0x10/0x10
[   88.458730][ T5348]  __warn+0x317/0x4b0
[   88.460437][ T5348]  ? subflow_data_ready+0x49b/0x7c0
[   88.462718][ T5348]  ? subflow_data_ready+0x49b/0x7c0
[   88.465037][ T5348]  __report_bug+0x288/0x500
[   88.466996][ T5348]  ? subflow_data_ready+0x49b/0x7c0
[   88.469107][ T5348]  ? __pfx___report_bug+0x10/0x10
[   88.471125][ T5348]  ? mptcp_subflow_data_available+0x300f/0x3a20
[   88.473644][ T5348]  ? subflow_data_ready+0x49b/0x7c0
[   88.475831][ T5348]  report_bug+0x16a/0x220
[   88.477791][ T5348]  ? subflow_data_ready+0x49b/0x7c0
[   88.480124][ T5348]  ? subflow_data_ready+0x49d/0x7c0
[   88.482544][ T5348]  handle_bug+0x98/0x200
[   88.484499][ T5348]  exc_invalid_op+0x1a/0x50
[   88.486594][ T5348]  asm_exc_invalid_op+0x1a/0x20
[   88.488702][ T5348] RIP: 0010:subflow_data_ready+0x49b/0x7c0
[   88.491058][ T5348] Code: 48 0f b9 3a e9 c9 fc ff ff e8 81 e2 77 f6 48 89 df 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6b 0e 00 00 e8 66 e2 77 f6 90 <0f> 0b 90 e9 f2 fd ff ff 90 0f 0b 90 43 0f b6 04 2f 84 c0 0f 85 a1
[   88.499022][ T5348] RSP: 0018:ffffc9000e847740 EFLAGS: 00010293
[   88.501811][ T5348] RAX: ffffffff8b49df8a RBX: ffff888040a0c240 RCX: ffff88801c4bc980
[   88.505523][ T5348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   88.508879][ T5348] RBP: 0000000000000000 R08: ffff88800b6f094f R09: 1ffff110016de129
[   88.512318][ T5348] R10: dffffc0000000000 R11: ffffed10016de12a R12: 0000000000000000
[   88.515566][ T5348] R13: dffffc0000000000 R14: ffff88800b6f0000 R15: 0000000000000000
[   88.519007][ T5348]  ? subflow_data_ready+0x49a/0x7c0
[   88.521167][ T5348]  tcp_data_queue+0x1e14/0x5e30
[   88.523090][ T5348]  ? __pfx_tcp_data_queue+0x10/0x10
[   88.525344][ T5348]  ? __pfx_tcp_urg+0x10/0x10
[   88.527392][ T5348]  ? kvm_clock_get_cycles+0x47/0x60
[   88.529739][ T5348]  ? tcp_ecn_received_counters+0x2b7/0x7f0
[   88.532330][ T5348]  tcp_rcv_established+0xf57/0x2580
[   88.534607][ T5348]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[   88.537127][ T5348]  ? __pfx_tcp_rcv_established+0x10/0x10
[   88.539620][ T5348]  tcp_v6_do_rcv+0x8eb/0x1ba0
[   88.541680][ T5348]  ? __pfx_tcp_v6_do_rcv+0x10/0x10
[   88.543991][ T5348]  __release_sock+0x1b8/0x3a0
[   88.546127][ T5348]  release_sock+0x5f/0x1f0
[   88.548132][ T5348]  mptcp_connect+0x5be/0x860
[   88.550192][ T5348]  __inet_stream_connect+0x298/0xf00
[   88.552582][ T5348]  ? __local_bh_enable_ip+0x12d/0x1c0
[   88.555015][ T5348]  ? __pfx___inet_stream_connect+0x10/0x10
[   88.557635][ T5348]  ? __local_bh_enable_ip+0x12d/0x1c0
[   88.560036][ T5348]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   88.562481][ T5348]  inet_stream_connect+0x66/0xa0
[   88.564667][ T5348]  __sys_connect+0x316/0x440
[   88.566736][ T5348]  ? __pfx___sys_connect+0x10/0x10
[   88.568873][ T5348]  __x64_sys_connect+0x7a/0x90
[   88.570938][ T5348]  do_syscall_64+0xfa/0xf80
[   88.572878][ T5348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.575289][ T5348]  ? clear_bhb_loop+0x60/0xb0
[   88.577429][ T5348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.579815][ T5348] RIP: 0033:0x7f9847d8f7c9
[   88.581854][ T5348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.589663][ T5348] RSP: 002b:00007f9848c92038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   88.593003][ T5348] RAX: ffffffffffffffda RBX: 00007f9847fe6090 RCX: 00007f9847d8f7c9
[   88.596501][ T5348] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000003
[   88.600001][ T5348] RBP: 00007f9847e13f91 R08: 0000000000000000 R09: 0000000000000000
[   88.603305][ T5348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.606641][ T5348] R13: 00007f9847fe6128 R14: 00007f9847fe6090 R15: 00007fff0a8e0568
[   88.610016][ T5348]  </TASK>
[   88.611627][ T5348] Kernel Offset: disabled
[   88.613422][ T5348] Rebooting in 86400 seconds..