------------[ cut here ]------------
WARNING: CPU: 0 PID: 15 at net/mptcp/subflow.c:1516 subflow_data_ready+0x4b8/0x7e0
Modules linked in:
CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:subflow_data_ready+0x4b8/0x7e0
Code: 0f 0b 90 90 e9 bc fc ff ff e8 14 c2 58 f6 48 89 df 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6e 0e 00 00 e8 f9 c1 58 f6 90 <0f> 0b 90 e9 e5 fd ff ff 90 0f 0b 90 43 0f b6 04 2f 84 c0 0f 85 a1
RSP: 0018:ffffc90000126d80 EFLAGS: 00010246
RAX: ffffffff8b66fd07 RBX: ffff88810be7a880 RCX: ffff88801c2fb980
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffff888029485437 R09: 1ffff11005290a86
R10: dffffc0000000000 R11: ffffed1005290a87 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888029484b00 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b8613000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000002965c000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 tcp_data_queue+0x54b/0x6380
 tcp_rcv_state_process+0x2767/0x4140
 tcp_v6_do_rcv+0x89d/0x13f0
 tcp_v6_rcv+0x21e8/0x2a60
 ip6_protocol_deliver_rcu+0xcb0/0x15c0
 ip6_input_finish+0x191/0x370
 NF_HOOK+0x30c/0x3a0
 ip6_input+0x16a/0x270
 NF_HOOK+0x30c/0x3a0
 __netif_receive_skb+0xd3/0x380
 process_backlog+0x60e/0x14f0
 __napi_poll+0xc7/0x360
 net_rx_action+0x707/0xe30
 handle_softirqs+0x286/0x870
 run_ksoftirqd+0x9b/0x100
 smpboot_thread_fn+0x542/0xa60
 kthread+0x711/0x8a0
 ret_from_fork+0x439/0x7d0
 ret_from_fork_asm+0x1a/0x30
 </TASK>
