------------[ cut here ]------------
WARNING: net/mptcp/subflow.c:1528 at subflow_data_ready+0x3d8/0x70c net/mptcp/subflow.c:1527, CPU#0: kworker/u8:15/4694
Modules linked in:
CPU: 0 UID: 0 PID: 4694 Comm: kworker/u8:15 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: krdsd rds_tcp_accept_worker
pstate: 43400005 (nZcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : subflow_data_ready+0x3d8/0x70c net/mptcp/subflow.c:1527
lr : subflow_data_ready+0x3d8/0x70c net/mptcp/subflow.c:1527
sp : ffff800097bc7120
x29: ffff800097bc7120 x28: ffff0000cb58f518 x27: 0000000000000000
x26: ffff0000cb58f4f0 x25: ffff0000d5f33400 x24: dfff800000000000
x23: 0000000000000100 x22: ffff0000d31b902c x21: 0000000000000000
x20: ffff0000d31b8c80 x19: ffff0000cb5dcf80 x18: 00000000ffffffff
x17: ffff800093598000 x16: ffff800082e5c71c x15: 0000000000000001
x14: 1fffe000196bb9f2 x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000196bb9f3 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d6e5b900 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff80008ae968f8
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 subflow_data_ready+0x3d8/0x70c net/mptcp/subflow.c:1527 (P)
 tcp_data_ready+0x250/0x4cc net/ipv4/tcp_input.c:5371
 tcp_data_queue+0x173c/0x4b04 net/ipv4/tcp_input.c:5461
 tcp_rcv_established+0x1000/0x22e4 net/ipv4/tcp_input.c:6474
 tcp_v4_do_rcv+0x5ec/0x11d0 net/ipv4/tcp_ipv4.c:1881
 tcp_v4_rcv+0x1f1c/0x27c8 net/ipv4/tcp_ipv4.c:2324
 ip_protocol_deliver_rcu+0x1f8/0x484 net/ipv4/ip_input.c:207
 ip_local_deliver_finish+0x2fc/0x644 net/ipv4/ip_input.c:241
 NF_HOOK+0x2c4/0x358 include/linux/netfilter.h:318
 ip_local_deliver+0x120/0x194 net/ipv4/ip_input.c:262
 dst_input include/net/dst.h:474 [inline]
 ip_rcv_finish+0x21c/0x248 net/ipv4/ip_input.c:453
 NF_HOOK+0x2c4/0x358 include/linux/netfilter.h:318
 ip_rcv+0x7c/0x9c net/ipv4/ip_input.c:573
 __netif_receive_skb_one_core net/core/dev.c:6137 [inline]
 __netif_receive_skb+0xcc/0x2a8 net/core/dev.c:6250
 process_backlog+0x608/0x10e8 net/core/dev.c:6602
 __napi_poll+0xb0/0x310 net/core/dev.c:7666
 napi_poll net/core/dev.c:7729 [inline]
 net_rx_action+0x548/0xcf0 net/core/dev.c:7881
 handle_softirqs+0x31c/0xc88 kernel/softirq.c:622
 __do_softirq+0x14/0x20 kernel/softirq.c:656
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:68
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:73
 do_softirq+0x90/0xf8 kernel/softirq.c:523
 __local_bh_enable_ip+0x240/0x35c kernel/softirq.c:450
 local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33
 rcu_read_unlock_bh include/linux/rcupdate.h:936 [inline]
 __dev_queue_xmit+0x1464/0x2a68 net/core/dev.c:4844
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 neigh_hh_output include/net/neighbour.h:540 [inline]
 neigh_output include/net/neighbour.h:554 [inline]
 ip_finish_output2+0xd80/0x1240 net/ipv4/ip_output.c:237
 __ip_finish_output+0x1b0/0x44c net/ipv4/ip_output.c:-1
 ip_finish_output+0x44/0x304 net/ipv4/ip_output.c:325
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0x284/0x3f8 net/ipv4/ip_output.c:438
 dst_output include/net/dst.h:464 [inline]
 ip_local_out net/ipv4/ip_output.c:131 [inline]
 __ip_queue_xmit+0x8b8/0x1794 net/ipv4/ip_output.c:534
 ip_queue_xmit+0x5c/0x7c net/ipv4/ip_output.c:548
 __tcp_transmit_skb+0x1a34/0x3214 net/ipv4/tcp_output.c:1631
 tcp_transmit_skb net/ipv4/tcp_output.c:1649 [inline]
 tcp_write_xmit+0x159c/0x52e0 net/ipv4/tcp_output.c:3002
 __tcp_push_pending_frames net/ipv4/tcp_output.c:3185 [inline]
 tcp_send_fin+0x684/0xcb8 net/ipv4/tcp_output.c:3808
 __tcp_close+0x558/0xf68 net/ipv4/tcp.c:3208
 tcp_close+0x38/0x144 net/ipv4/tcp.c:3299
 inet_release+0x154/0x1d0 net/ipv4/af_inet.c:437
 inet6_release+0x5c/0x78 net/ipv6/af_inet6.c:487
 __sock_release net/socket.c:662 [inline]
 sock_release+0x84/0x140 net/socket.c:690
 rds_tcp_accept_one+0x398/0x820 net/rds/tcp_listen.c:214
 rds_tcp_accept_worker+0x44/0xb4 net/rds/tcp.c:529
 process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3421
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
irq event stamp: 226353
hardirqs last  enabled at (226352): [<ffff80008afb8f10>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (226352): [<ffff80008afb8f10>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (226353): [<ffff80008af902dc>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412
softirqs last  enabled at (226332): [<ffff8000892298bc>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (226333): [<ffff800080020fb4>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---