------------[ cut here ]------------
WARNING: CPU: 0 PID: 1660 at net/mptcp/subflow.c:1389 subflow_data_ready+0x1d0/0x22c net/mptcp/subflow.c:1388
Modules linked in:
CPU: 0 PID: 1660 Comm: kworker/u4:5 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: krdsd rds_send_worker
pstate: 42400005 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : subflow_data_ready+0x1d0/0x22c net/mptcp/subflow.c:1388
lr : subflow_data_ready+0x1d0/0x22c net/mptcp/subflow.c:1388
sp : ffff800008007120
x29: ffff800008007120 x28: ffff0000d8fd6b1c x27: dfff800000000000
x26: ffff0000c3a53fc0 x25: 00000000626da9b2 x24: 0000000000000020
x23: ffff0000d1e79e00 x22: dfff800000000000 x21: 0000000000000000
x20: ffff0000f6340c80 x19: ffff0000c3a53fc0 x18: ffff800011b7bf60
x17: ffff80018a400000 x16: ffff8000082d7e60 x15: 0000000000000000
x14: 0000000000000001 x13: 1fffe0001874a7fa x12: 0000000000ff0100
x11: ff00800011878084 x10: 0000000000000000 x9 : ffff800011878084
x8 : ffff0000cfa80000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : ffff800011877f04
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 subflow_data_ready+0x1d0/0x22c net/mptcp/subflow.c:1388
 tcp_data_ready+0x21c/0x428 net/ipv4/tcp_input.c:5107
 tcp_data_queue+0x19e4/0x474c net/ipv4/tcp_input.c:5181
 tcp_rcv_state_process+0x1f58/0x3854 net/ipv4/tcp_input.c:6791
 tcp_v6_do_rcv+0x868/0x1128 net/ipv6/tcp_ipv6.c:1510
 tcp_v6_rcv+0x1ab4/0x2000 net/ipv6/tcp_ipv6.c:1749
 ip6_protocol_deliver_rcu+0x928/0x11cc net/ipv6/ip6_input.c:438
 ip6_input_finish+0x164/0x294 net/ipv6/ip6_input.c:483
 NF_HOOK+0x2dc/0x36c include/linux/netfilter.h:302
 ip6_input+0x90/0xa8 net/ipv6/ip6_input.c:492
 dst_input include/net/dst.h:463 [inline]
 ip6_rcv_finish+0x1f4/0x220 net/ipv6/ip6_input.c:79
 NF_HOOK+0x2dc/0x36c include/linux/netfilter.h:302
 ipv6_rcv+0x9c/0xbc net/ipv6/ip6_input.c:310
 __netif_receive_skb_one_core net/core/dev.c:5581 [inline]
 __netif_receive_skb+0xcc/0x2a8 net/core/dev.c:5695
 process_backlog+0x408/0x710 net/core/dev.c:6023
 __napi_poll+0xb4/0x3f0 net/core/dev.c:6590
 napi_poll net/core/dev.c:6657 [inline]
 net_rx_action+0x514/0xb18 net/core/dev.c:6771
 handle_softirqs+0x318/0xc60 kernel/softirq.c:596
 __do_softirq+0x14/0x20 kernel/softirq.c:630
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
 call_on_irq_stack+0x30/0x48 arch/arm64/kernel/entry.S:897
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:85
 do_softirq+0xf8/0x1a8 kernel/softirq.c:497
 __local_bh_enable_ip+0x250/0x37c kernel/softirq.c:421
 local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33
 rcu_read_unlock_bh include/linux/rcupdate.h:861 [inline]
 __dev_queue_xmit+0x1744/0x3134 net/core/dev.c:4373
 dev_queue_xmit include/linux/netdevice.h:3051 [inline]
 neigh_resolve_output+0x550/0x650 net/core/neighbour.c:1568
 neigh_output include/net/neighbour.h:545 [inline]
 ip6_finish_output2+0xd5c/0x1840 net/ipv6/ip6_output.c:138
 __ip6_finish_output net/ipv6/ip6_output.c:205 [inline]
 ip6_finish_output+0x594/0x92c net/ipv6/ip6_output.c:216
 NF_HOOK_COND include/linux/netfilter.h:291 [inline]
 ip6_output+0x274/0x500 net/ipv6/ip6_output.c:237
 dst_output include/net/dst.h:453 [inline]
 NF_HOOK include/linux/netfilter.h:302 [inline]
 ip6_xmit+0x1164/0x1a24 net/ipv6/ip6_output.c:357
 inet6_csk_xmit+0x374/0x5c0 net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0x17d8/0x2b88 net/ipv4/tcp_output.c:1405
 tcp_transmit_skb net/ipv4/tcp_output.c:1423 [inline]
 tcp_write_xmit+0x11bc/0x4ba4 net/ipv4/tcp_output.c:2720
 __tcp_push_pending_frames+0x98/0x228 net/ipv4/tcp_output.c:2905
 tcp_push+0x43c/0x638 net/ipv4/tcp.c:734
 do_tcp_sendpages+0x1e18/0x228c net/ipv4/tcp.c:1122
 tcp_sendpage_locked net/ipv4/tcp.c:1148 [inline]
 tcp_sendpage+0xb4/0xdc net/ipv4/tcp.c:1158
 inet_sendpage+0x184/0x2e4 net/ipv4/af_inet.c:873
 rds_tcp_xmit+0x500/0xa10 net/rds/tcp_send.c:118
 rds_send_xmit+0x8c0/0x2184 net/rds/send.c:366
 rds_send_worker+0x84/0x368 net/rds/threads.c:200
 process_one_work+0x7f8/0x13a4 kernel/workqueue.c:2292
 worker_thread+0x8c4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
irq event stamp: 696213
hardirqs last  enabled at (696212): [<ffff8000083c15e0>] seqcount_lockdep_reader_access include/linux/seqlock.h:104 [inline]
hardirqs last  enabled at (696212): [<ffff8000083c15e0>] timekeeping_get_delta kernel/time/timekeeping.c:254 [inline]
hardirqs last  enabled at (696212): [<ffff8000083c15e0>] timekeeping_get_ns+0x124/0x3b4 kernel/time/timekeeping.c:388
hardirqs last disabled at (696213): [<ffff800011a1c234>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (696182): [<ffff80000fdc3478>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (696183): [<ffff800008020164>] __do_softirq+0x14/0x20 kernel/softirq.c:630
---[ end trace 0000000000000000 ]---