------------[ cut here ]------------
atomic_read(&sk->sk_rmem_alloc)
WARNING: net/ipv4/af_inet.c:160 at inet_sock_destruct+0x603/0x740 net/ipv4/af_inet.c:160, CPU#0: kworker/0:2/789
Modules linked in:
CPU: 0 UID: 0 PID: 789 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: events mptcp_worker
RIP: 0010:inet_sock_destruct+0x603/0x740 net/ipv4/af_inet.c:160
Code: 00 41 0f b6 74 24 12 48 c7 c7 c0 6b e8 8c 4c 89 e2 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e3 64 00 f7 e8 5e 58 9e f7 90 <0f> 0b 90 e9 58 fe ff ff e8 50 58 9e f7 90 0f 0b 90 e9 8b fe ff ff
RSP: 0018:ffffc90000007648 EFLAGS: 00010246
RAX: ffffffff8a275722 RBX: dffffc0000000000 RCX: ffff88801f770000
RDX: 0000000000000100 RSI: 00000000000003c4 RDI: 0000000000000000
RBP: 00000000000003c4 R08: ffff88801269e743 R09: 1ffff110024d3ce8
R10: dffffc0000000000 R11: ffffed10024d3ce9 R12: ffff88801269e600
R13: dffffc0000000000 R14: ffff88801269e740 R15: 1ffff110024d3cc2
FS:  0000000000000000(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0eff987900 CR3: 0000000012560000 CR4: 0000000000352ef0
Call Trace:
 <IRQ>
 __sk_destruct+0x85/0x880 net/core/sock.c:2350
 sock_put include/net/sock.h:2007 [inline]
 tcp_v4_rcv+0x2860/0x31f0 net/ipv4/tcp_ipv4.c:2328
 ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:207
 ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241
 NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318
 NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318
 __netif_receive_skb_one_core net/core/dev.c:6164 [inline]
 __netif_receive_skb net/core/dev.c:6277 [inline]
 process_backlog+0xaa3/0x1950 net/core/dev.c:6628
 __napi_poll+0xae/0x340 net/core/dev.c:7692
 napi_poll net/core/dev.c:7755 [inline]
 net_rx_action+0x627/0xf70 net/core/dev.c:7912
 handle_softirqs+0x22a/0x870 kernel/softirq.c:622
 do_softirq+0x76/0xd0 kernel/softirq.c:523
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline]
 __dev_queue_xmit+0x1e78/0x3890 net/core/dev.c:4873
 dev_queue_xmit include/linux/netdevice.h:3384 [inline]
 neigh_hh_output include/net/neighbour.h:540 [inline]
 neigh_output include/net/neighbour.h:554 [inline]
 ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
 __ip_queue_xmit+0x116a/0x1bb0 net/ipv4/ip_output.c:534
 __tcp_transmit_skb+0x2b4a/0x4400 net/ipv4/tcp_output.c:1693
 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline]
 tcp_write_xmit+0x16e8/0x6980 net/ipv4/tcp_output.c:3064
 __tcp_push_pending_frames+0x97/0x380 net/ipv4/tcp_output.c:3247
 __tcp_close+0x617/0xfe0 net/ipv4/tcp.c:3259
 __mptcp_close_ssk+0x52d/0x1180 net/mptcp/protocol.c:2577
 __mptcp_close_subflow net/mptcp/protocol.c:2674 [inline]
 mptcp_worker+0x82c/0x1430 net/mptcp/protocol.c:2956
 process_one_work kernel/workqueue.c:3276 [inline]
 process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>