------------[ cut here ]------------
WARNING: CPU: 1 PID: 6712 at net/ipv4/af_inet.c:154 inet_sock_destruct+0x6e7/0x7f0
Modules linked in:
CPU: 1 PID: 6712 Comm: syz.0.730 Not tainted 6.1.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
RIP: 0010:inet_sock_destruct+0x6e7/0x7f0 net/ipv4/af_inet.c:154
Code: ff ff e8 5c 4f 6e f8 0f 0b e9 21 fe ff ff e8 50 4f 6e f8 0f 0b 41 80 3c 2c 00 0f 85 4c fe ff ff e9 4f fe ff ff e8 39 4f 6e f8 <0f> 0b e9 bb fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 0e fc ff
RSP: 0018:ffffc900001e0b30 EFLAGS: 00010246
RAX: ffffffff891c4b47 RBX: 0000000000000100 RCX: ffff88807c48bb80
RDX: 0000000080000101 RSI: 0000000000000100 RDI: 0000000000000000
RBP: ffff88814b7172c0 R08: ffffffff891c49fc R09: ffffed10296e2ea7
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110296e2e5d
R13: ffff88814b7177a8 R14: ffff88814b7172e8 R15: ffff88814b7172d2
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9ad6707a6c CR3: 000000000ce8e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__sk_destruct+0x50/0x5f0 net/core/sock.c:2139
rcu_do_batch kernel/rcu/tree.c:2296 [inline]
rcu_core+0xad5/0x1810 kernel/rcu/tree.c:2556
handle_softirqs+0x2ee/0xa40 kernel/softirq.c:571
__do_softirq kernel/softirq.c:605 [inline]
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x157/0x240 kernel/softirq.c:654
irq_exit_rcu+0x5/0x20 kernel/softirq.c:666
sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:653
RIP: 0010:check_region_inline mm/kasan/generic.c:175 [inline]
RIP: 0010:kasan_check_range+0x24/0x290 mm/kasan/generic.c:189
Code: cc cc cc cc cc cc 55 41 57 41 56 53 b0 01 48 85 f6 0f 84 9a 01 00 00 48 89 fd 48 01 f5 0f 82 5a 02 00 00 48 89 fd 48 c1 ed 2f <81> fd ff ff 01 00 0f 82 47 02 00 00 48 89 fb 48 c1 eb 03 49 b8 00
RSP: 0018:ffffc9000319f058 EFLAGS: 00000a07
RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff816a6ddb
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e738428
RBP: 000000000001ffff R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000633e18
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88805ca71af8
instrument_atomic_read include/linux/instrumented.h:72 [inline]
_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
cpumask_test_cpu include/linux/cpumask.h:444 [inline]
cpu_online include/linux/cpumask.h:1030 [inline]
trace_lock_acquire include/trace/events/lock.h:24 [inline]
lock_acquire+0xeb/0x5a0 kernel/locking/lockdep.c:5633
rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
rcu_read_lock include/linux/rcupdate.h:791 [inline]
folio_memcg_lock+0xa6/0x380 mm/memcontrol.c:2098
page_remove_rmap+0x2e/0xed0 mm/rmap.c:1426
zap_pte_range mm/memory.c:1453 [inline]
zap_pmd_range mm/memory.c:1574 [inline]
zap_pud_range mm/memory.c:1603 [inline]
zap_p4d_range mm/memory.c:1624 [inline]
unmap_page_range+0x1217/0x2740 mm/memory.c:1645
unmap_vmas+0x48b/0x640 mm/memory.c:1730
exit_mmap+0x252/0x9f0 mm/mmap.c:3227
__mmput+0x115/0x3c0 kernel/fork.c:1199
exit_mm+0x226/0x300 kernel/exit.c:565
do_exit+0x9f6/0x26a0 kernel/exit.c:858
do_group_exit+0x202/0x2b0 kernel/exit.c:1021
get_signal+0x16f7/0x17d0 kernel/signal.c:2862
arch_do_signal_or_restart+0xb0/0x1a10 arch/x86/kernel/signal.c:871
exit_to_user_mode_loop+0x6a/0x100 kernel/entry/common.c:174
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f2366f75f19
Code: Unable to access opcode bytes at 0x7f2366f75eef.
RSP: 002b:00007f2367e030f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f2367106040 RCX: 00007f2366f75f19
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2367106040
RBP: 00007f2367106038 R08: 00007f2367e036c0 R09: 00007f2367e036c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2367106044
R13: 000000000000006e R14: 00007ffca8f0f9b0 R15: 00007ffca8f0fa98
----------------
Code disassembly (best guess):
0: cc int3
1: cc int3
2: cc int3
3: cc int3
4: cc int3
5: cc int3
6: 55 push %rbp
7: 41 57 push %r15
9: 41 56 push %r14
b: 53 push %rbx
c: b0 01 mov $0x1,%al
e: 48 85 f6 test %rsi,%rsi
11: 0f 84 9a 01 00 00 je 0x1b1
17: 48 89 fd mov %rdi,%rbp
1a: 48 01 f5 add %rsi,%rbp
1d: 0f 82 5a 02 00 00 jb 0x27d
23: 48 89 fd mov %rdi,%rbp
26: 48 c1 ed 2f shr $0x2f,%rbp
* 2a: 81 fd ff ff 01 00 cmp $0x1ffff,%ebp <-- trapping instruction
30: 0f 82 47 02 00 00 jb 0x27d
36: 48 89 fb mov %rdi,%rbx
39: 48 c1 eb 03 shr $0x3,%rbx
3d: 49 rex.WB
3e: b8 .byte 0xb8