------------[ cut here ]------------
WARNING: CPU: 1 PID: 1581 at net/mptcp/subflow.c:1519 trace_sk_data_ready include/trace/events/sock.h:240 [inline]
WARNING: CPU: 1 PID: 1581 at net/mptcp/subflow.c:1519 subflow_data_ready+0x368/0x614 net/mptcp/subflow.c:1505
Modules linked in:
CPU: 1 UID: 0 PID: 1581 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT 
Hardware name: linux,dummy-virt (DT)
Workqueue: krdsd rds_tcp_accept_worker
pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : subflow_data_ready+0x368/0x614 net/mptcp/subflow.c:1519
lr : trace_sk_data_ready include/trace/events/sock.h:240 [inline]
lr : subflow_data_ready+0x330/0x614 net/mptcp/subflow.c:1505
sp : ffff80008d6c7010
x29: ffff80008d6c7010 x28: ffff000014d0ec00 x27: ffff000019391010
x26: 1fffe0000327220b x25: 0000000000000000 x24: ffff00001efdec00
x23: ffff80008723df70 x22: 000000000000000b x21: 0000000000000001
x20: ffff000021300000 x19: ffff000014d0ec00 x18: 0000000000000004
x17: 1fffe000025836f2 x16: ffff00000e988000 x15: ffff000019390fe8
x14: 0000000000014523 x13: 0000000000000007 x12: ffff6000029a1d83
x11: 1fffe000029a1d82 x10: ffff6000029a1d82 x9 : dfff800000000000
x8 : ffff000014d0ec12 x7 : 0000000000000001 x6 : ffff6000029a1d82
x5 : ffff000014d0ec12 x4 : ffff6000029a1d83 x3 : 1fffe00004260074
x2 : 1fffe00003dfbd8c x1 : 0000000000000000 x0 : 0000000000000041
Call trace:
 trace_sk_data_ready include/trace/events/sock.h:240 [inline] (P)
 subflow_data_ready+0x368/0x614 net/mptcp/subflow.c:1505 (P)
 tcp_data_ready+0xd4/0x3d0 net/ipv4/tcp_input.c:5355
 tcp_data_queue+0x166c/0x4524 net/ipv4/tcp_input.c:5445
 tcp_rcv_state_process+0xa5c/0x5274 net/ipv4/tcp_input.c:7159
 tcp_v6_do_rcv+0x734/0x12b0 net/ipv6/tcp_ipv6.c:1675
 tcp_v6_rcv+0x1ccc/0x3388 net/ipv6/tcp_ipv6.c:1922
 ip6_protocol_deliver_rcu+0x158/0x1464 net/ipv6/ip6_input.c:438
 ip6_input_finish+0x164/0x3e0 net/ipv6/ip6_input.c:489
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip6_input+0x11c/0x410 net/ipv6/ip6_input.c:500
 dst_input include/net/dst.h:474 [inline]
 ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ipv6_rcv+0x3bc/0x49c net/ipv6/ip6_input.c:311
 __netif_receive_skb_one_core+0xf4/0x168 net/core/dev.c:6079
 __netif_receive_skb+0x24/0x14c net/core/dev.c:6192
 process_backlog+0x380/0x1584 net/core/dev.c:6544
 __napi_poll.constprop.0+0x94/0x3d8 net/core/dev.c:7594
 napi_poll net/core/dev.c:7657 [inline]
 net_rx_action+0x770/0xac8 net/core/dev.c:7784
 handle_softirqs+0x2d8/0xdb4 kernel/softirq.c:622
 __do_softirq+0x14/0x20 kernel/softirq.c:656
 ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:68
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x1c/0x2c arch/arm64/kernel/irq.c:73
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0x12c/0x150 kernel/softirq.c:510
 __local_bh_enable_ip+0x414/0x4a4 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:936 [inline]
 __dev_queue_xmit+0x858/0x3144 net/core/dev.c:4790
 dev_queue_xmit include/linux/netdevice.h:3365 [inline]
 neigh_hh_output include/net/neighbour.h:531 [inline]
 neigh_output include/net/neighbour.h:545 [inline]
 ip6_finish_output2+0xcb8/0x2584 net/ipv6/ip6_output.c:136
 __ip6_finish_output net/ipv6/ip6_output.c:209 [inline]
 ip6_finish_output+0x698/0xbb0 net/ipv6/ip6_output.c:220
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x1ec/0x7fc net/ipv6/ip6_output.c:247
 dst_output include/net/dst.h:464 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip6_xmit+0xb2c/0x1d3c net/ipv6/ip6_output.c:371
 inet6_csk_xmit+0x2d0/0x520 net/ipv6/inet6_connection_sock.c:120
 __tcp_transmit_skb+0x13d4/0x3cf8 net/ipv4/tcp_output.c:1628
 tcp_transmit_skb net/ipv4/tcp_output.c:1646 [inline]
 tcp_write_xmit+0x131c/0x7f04 net/ipv4/tcp_output.c:2999
 __tcp_push_pending_frames+0x88/0x2a4 net/ipv4/tcp_output.c:3182
 tcp_send_fin+0x104/0xc3c net/ipv4/tcp_output.c:3800
 __tcp_close+0x970/0xf40 net/ipv4/tcp.c:3207
 tcp_close+0x2c/0x10c net/ipv4/tcp.c:3298
 inet_release+0xd4/0x1d0 net/ipv4/af_inet.c:437
 inet6_release+0x4c/0x6c net/ipv6/af_inet6.c:487
 __sock_release net/socket.c:662 [inline]
 sock_release+0x7c/0x170 net/socket.c:690
 rds_tcp_accept_one+0x24c/0x7f8 net/rds/tcp_listen.c:214
 rds_tcp_accept_worker+0x50/0x74 net/rds/tcp.c:529
 process_one_work+0x7cc/0x18d4 kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 worker_thread+0x734/0xb84 kernel/workqueue.c:3427
 kthread+0x348/0x5fc kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 182489
hardirqs last  enabled at (182488): [<ffff8000801c6388>] __local_bh_enable_ip+0x180/0x4a4 kernel/softirq.c:455
hardirqs last disabled at (182489): [<ffff80008550ff4c>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last  enabled at (182442): [<ffff8000845fd800>] rcu_read_unlock_bh include/linux/rcupdate.h:932 [inline]
softirqs last  enabled at (182442): [<ffff8000845fd800>] __dev_queue_xmit+0x838/0x3144 net/core/dev.c:4790
softirqs last disabled at (182443): [<ffff800080010860>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---