------------[ cut here ]------------
WARNING: net/mptcp/subflow.c:1527 at subflow_data_ready+0xa0/0x124 net/mptcp/subflow.c:1540, CPU#0: kworker/u8:3/61
Modules linked in:
CPU: 0 UID: 0 PID: 61 Comm: kworker/u8:3 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: linux,dummy-virt (DT)
Workqueue: krdsd rds_tcp_accept_worker
pstate: 20402009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : subflow_data_ready+0xa0/0x124 net/mptcp/subflow.c:1527
lr : tcp_data_ready+0x40/0x10c net/ipv4/tcp_input.c:5371
sp : ffff800082deb940
x29: ffff800082deb940 x28: f2f00000088116e8 x27: fbf000000bb90000
x26: f1f00000065d6e00 x25: 0000000000000000 x24: f6f0000008884ab8
x23: f2f00000088116e8 x22: 0000000000000000 x21: f2f0000008811710
x20: faf000000cad0000 x19: f1f00000065d6e00 x18: 0000000000000000
x17: fff07ffffcef4000 x16: ffff800082de8000 x15: 0000000000000004
x14: 0000000000000000 x13: 0000000000000028 x12: fbf000000bb90000
x11: 00000000c63e8fcd x10: 0000000000000009 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000001000000
x5 : ffff800082a045b0 x4 : f6f0000008884b60 x3 : f6f0000008884a00
x2 : 0000000000000000 x1 : 0000000000040041 x0 : 000000000000000b
Call trace:
 subflow_data_ready+0xa0/0x124 net/mptcp/subflow.c:1540 (P)
 tcp_data_ready+0x40/0x10c net/ipv4/tcp_input.c:5371
 tcp_data_queue+0x8c0/0xed8 net/ipv4/tcp_input.c:5461
 tcp_rcv_state_process+0x3e4/0x13d4 net/ipv4/tcp_input.c:7185
 tcp_v6_do_rcv+0x284/0x524 net/ipv6/tcp_ipv6.c:1630
 tcp_v6_rcv+0xc64/0x1204 net/ipv6/tcp_ipv6.c:1877
 ip6_protocol_deliver_rcu+0xa0/0x558 net/ipv6/ip6_input.c:438
 ip6_input_finish+0x68/0x104 net/ipv6/ip6_input.c:489
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip6_input+0x48/0xdc net/ipv6/ip6_input.c:500
 dst_input include/net/dst.h:474 [inline]
 ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ipv6_rcv+0x140/0x14c net/ipv6/ip6_input.c:311
 __netif_receive_skb_one_core+0x58/0x84 net/core/dev.c:6137
 __netif_receive_skb+0x18/0x60 net/core/dev.c:6250
 process_backlog+0x8c/0x150 net/core/dev.c:6602
 __napi_poll+0x38/0x1a8 net/core/dev.c:7666
 napi_poll net/core/dev.c:7729 [inline]
 net_rx_action+0x31c/0x388 net/core/dev.c:7881
 handle_softirqs+0x108/0x240 kernel/softirq.c:622
 __do_softirq+0x14/0x20 kernel/softirq.c:656
 ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:68
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x1c/0x2c arch/arm64/kernel/irq.c:73
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0x54/0x6c kernel/softirq.c:510
 __local_bh_enable_ip+0x8c/0x98 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:936 [inline]
 __dev_queue_xmit+0x1f4/0x1010 net/core/dev.c:4844
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 neigh_hh_output include/net/neighbour.h:540 [inline]
 neigh_output include/net/neighbour.h:554 [inline]
 ip6_finish_output2+0x394/0x904 net/ipv6/ip6_output.c:136
 __ip6_finish_output net/ipv6/ip6_output.c:209 [inline]
 ip6_finish_output+0x23c/0x39c net/ipv6/ip6_output.c:220
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x7c/0x1d8 net/ipv6/ip6_output.c:247
 dst_output include/net/dst.h:464 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip6_xmit+0x2f4/0x6d4 net/ipv6/ip6_output.c:371
 inet6_csk_xmit+0xd8/0x13c net/ipv6/inet6_connection_sock.c:120
 __tcp_transmit_skb+0x524/0xe98 net/ipv4/tcp_output.c:1631
 tcp_transmit_skb net/ipv4/tcp_output.c:1649 [inline]
 tcp_write_xmit+0x6e8/0x1548 net/ipv4/tcp_output.c:3002
 __tcp_push_pending_frames+0x3c/0xcc net/ipv4/tcp_output.c:3185
 tcp_send_fin+0x68/0x2b0 net/ipv4/tcp_output.c:3808
 __tcp_close+0x464/0x540 net/ipv4/tcp.c:3208
 tcp_close+0x2c/0xd0 net/ipv4/tcp.c:3299
 inet_release+0x50/0xa4 net/ipv4/af_inet.c:437
 inet6_release+0x34/0x4c net/ipv6/af_inet6.c:487
 __sock_release net/socket.c:662 [inline]
 sock_release+0x24/0x78 net/socket.c:690
 rds_tcp_accept_one+0x1d4/0x35c net/rds/tcp_listen.c:214
 rds_tcp_accept_worker+0x20/0x34 net/rds/tcp.c:529
 process_one_work+0x178/0x2cc kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x24c/0x354 kernel/workqueue.c:3421
 kthread+0x130/0x1fc kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
---[ end trace 0000000000000000 ]---