------------[ cut here ]------------
WARNING: net/mptcp/subflow.c:1527 at subflow_data_ready+0xa0/0x124 net/mptcp/subflow.c:1540, CPU#0: kworker/u8:10/1544
Modules linked in:
CPU: 0 UID: 0 PID: 1544 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT 
Hardware name: linux,dummy-virt (DT)
Workqueue: krdsd rds_tcp_accept_worker
pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : subflow_data_ready+0xa0/0x124 net/mptcp/subflow.c:1527
lr : tcp_data_ready+0x40/0x10c net/ipv4/tcp_input.c:5371
sp : ffff800082ddb990
x29: ffff800082ddb990 x28: f4f0000006f802e8 x27: fdf0000006856e00
x26: fbf000000b308000 x25: 0000000000000000 x24: 0000000000000000
x23: f4f0000006f802e8 x22: 0000000000000000 x21: f4f0000006f80310
x20: f6f0000007088000 x19: fdf0000006856e00 x18: 0000000000000000
x17: fff07ffffcf04000 x16: f1f000000b63a800 x15: f1f000000b63a840
x14: 0000000000000000 x13: 0000000000000028 x12: f1f0000005eac420
x11: f1f000000b63ab10 x10: f1f000000b63a810 x9 : f4f0000005efe730
x8 : 0000000000000000 x7 : 0000000000000010 x6 : f6f0000004506300
x5 : ffff8000829f45f0 x4 : f2f00000070e2b60 x3 : f2f00000070e2a00
x2 : 0000000000000000 x1 : 0000000000040041 x0 : 000000000000000b
Call trace:
 subflow_data_ready+0xa0/0x124 net/mptcp/subflow.c:1540 (P)
 tcp_data_ready+0x40/0x10c net/ipv4/tcp_input.c:5371
 tcp_data_queue+0x8c0/0xed8 net/ipv4/tcp_input.c:5461
 tcp_rcv_state_process+0x3e4/0x13d4 net/ipv4/tcp_input.c:7185
 tcp_v4_do_rcv+0x198/0x3d0 net/ipv4/tcp_ipv4.c:1904
 tcp_v4_rcv+0xbfc/0x111c net/ipv4/tcp_ipv4.c:2324
 ip_protocol_deliver_rcu+0x38/0x1e0 net/ipv4/ip_input.c:207
 ip_local_deliver_finish+0xa0/0x164 net/ipv4/ip_input.c:241
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip_local_deliver+0x7c/0x124 net/ipv4/ip_input.c:262
 dst_input include/net/dst.h:474 [inline]
 ip_rcv_finish+0x90/0xb0 net/ipv4/ip_input.c:453
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip_rcv+0xec/0xf8 net/ipv4/ip_input.c:573
 __netif_receive_skb_one_core+0x58/0x84 net/core/dev.c:6137
 __netif_receive_skb+0x18/0x60 net/core/dev.c:6250
 process_backlog+0x8c/0x150 net/core/dev.c:6602
 __napi_poll+0x38/0x1a8 net/core/dev.c:7666
 napi_poll net/core/dev.c:7729 [inline]
 net_rx_action+0x31c/0x388 net/core/dev.c:7881
 handle_softirqs+0x108/0x240 kernel/softirq.c:622
 __do_softirq+0x14/0x20 kernel/softirq.c:656
 ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:68
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:891
 do_softirq_own_stack+0x1c/0x2c arch/arm64/kernel/irq.c:73
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0x54/0x6c kernel/softirq.c:510
 __local_bh_enable_ip+0x8c/0x98 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:936 [inline]
 __dev_queue_xmit+0x1f4/0x1010 net/core/dev.c:4844
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 neigh_hh_output include/net/neighbour.h:540 [inline]
 neigh_output include/net/neighbour.h:554 [inline]
 ip_finish_output2+0x2f8/0x648 net/ipv4/ip_output.c:237
 __ip_finish_output net/ipv4/ip_output.c:315 [inline]
 __ip_finish_output+0xa4/0x1a0 net/ipv4/ip_output.c:297
 ip_finish_output+0x34/0x120 net/ipv4/ip_output.c:325
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0x6c/0x10c net/ipv4/ip_output.c:438
 dst_output include/net/dst.h:464 [inline]
 ip_local_out net/ipv4/ip_output.c:131 [inline]
 __ip_queue_xmit+0x180/0x47c net/ipv4/ip_output.c:534
 ip_queue_xmit+0x14/0x20 net/ipv4/ip_output.c:548
 __tcp_transmit_skb+0x524/0xe98 net/ipv4/tcp_output.c:1631
 tcp_transmit_skb net/ipv4/tcp_output.c:1649 [inline]
 tcp_write_xmit+0x6e8/0x1548 net/ipv4/tcp_output.c:3002
 __tcp_push_pending_frames+0x3c/0xcc net/ipv4/tcp_output.c:3185
 tcp_send_fin+0x68/0x2b0 net/ipv4/tcp_output.c:3808
 __tcp_close+0x464/0x540 net/ipv4/tcp.c:3208
 tcp_close+0x2c/0xd0 net/ipv4/tcp.c:3299
 inet_release+0x50/0xa4 net/ipv4/af_inet.c:437
 inet6_release+0x34/0x4c net/ipv6/af_inet6.c:487
 __sock_release net/socket.c:662 [inline]
 sock_release+0x24/0x78 net/socket.c:690
 rds_tcp_accept_one+0x1d4/0x35c net/rds/tcp_listen.c:214
 rds_tcp_accept_worker+0x20/0x34 net/rds/tcp.c:529
 process_one_work+0x178/0x2cc kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x24c/0x354 kernel/workqueue.c:3421
 kthread+0x130/0x1fc kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
---[ end trace 0000000000000000 ]---