------------[ cut here ]------------
WARNING: CPU: 1 PID: 2486 at net/ipv4/af_inet.c:155 inet_sock_destruct+0x198/0x1b8 net/ipv4/af_inet.c:160
Modules linked in:
CPU: 1 PID: 2486 Comm: syz-executor204 Not tainted 6.4.0-syzkaller-04247-g3a8a670eeeaa #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : inet_sock_destruct+0x198/0x1b8 net/ipv4/af_inet.c:155
lr : inet6_sock_destruct+0x20/0x30 net/ipv6/af_inet6.c:115
sp : ffff80008000be50
x29: ffff80008000be50 x28: ffff80008012be94 x27: 0000000000000000
x26: 000000000000000a x25: 0000000000000005 x24: ffff8000824ebe00
x23: ffff80008000bf30 x22: ffff00007f9d7eb8 x21: f8ff000005145e80
x20: f0ff000004f76940 x19: f0ff000004f76880 x18: 0000000000000056
x17: 0000000000000001 x16: 0000000000000000 x15: 0000000000000000
x14: 000000000000005b x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000002 x9 : 0000000000000000
x8 : ffff8000800107b8 x7 : 0000000000008000 x6 : ffff8000823e0000
x5 : 0000000080100006 x4 : fffffc000014ae20 x3 : 0000000000000007
x2 : f0ff000004f771c8 x1 : 0000000000000000 x0 : 0000000000000d00
Call trace:
 inet_sock_destruct+0x198/0x1b8 net/ipv4/af_inet.c:160
 inet6_sock_destruct+0x20/0x30 net/ipv6/af_inet6.c:115
 __sk_destruct+0x2c/0x260 net/core/sock.c:2172
 rcu_do_batch kernel/rcu/tree.c:2135 [inline]
 rcu_core+0x248/0x614 kernel/rcu/tree.c:2399
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2416
 __do_softirq+0x124/0x290 kernel/softirq.c:553
 ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:80
 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:882
 do_softirq_own_stack+0x1c/0x2c arch/arm64/kernel/irq.c:85
 invoke_softirq kernel/softirq.c:434 [inline]
 __irq_exit_rcu kernel/softirq.c:632 [inline]
 irq_exit_rcu+0xd8/0xf4 kernel/softirq.c:644
 __el1_irq arch/arm64/kernel/entry-common.c:474 [inline]
 el1_interrupt+0x38/0x64 arch/arm64/kernel/entry-common.c:488
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:493
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:587
 __rb_change_child include/linux/rbtree_augmented.h:174 [inline]
 __rb_erase_augmented include/linux/rbtree_augmented.h:283 [inline]
 rb_erase_augmented include/linux/rbtree_augmented.h:303 [inline]
 rb_erase_augmented_cached include/linux/rbtree_augmented.h:314 [inline]
 __anon_vma_interval_tree_remove mm/interval_tree.c:71 [inline]
 anon_vma_interval_tree_remove+0x210/0x2d8 mm/interval_tree.c:88
 unlink_anon_vmas+0xd0/0x230 mm/rmap.c:410
 free_pgtables+0x108/0x224 mm/memory.c:386
 exit_mmap+0x104/0x210 mm/mmap.c:3138
 __mmput+0x44/0x16c kernel/fork.c:1347
 mmput+0x50/0x5c kernel/fork.c:1369
 exit_mm kernel/exit.c:567 [inline]
 do_exit+0x280/0x980 kernel/exit.c:861
 do_group_exit+0x34/0x90 kernel/exit.c:1024
 copy_siginfo_to_user+0x0/0xec kernel/signal.c:2877
 do_signal arch/arm64/kernel/signal.c:1249 [inline]
 do_notify_resume+0x174/0x144c arch/arm64/kernel/signal.c:1302
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:144 [inline]
 el0_svc+0xac/0xb0 arch/arm64/kernel/entry-common.c:648
 el0t_64_sync_handler+0xc0/0xc4 arch/arm64/kernel/entry-common.c:665
 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:591
---[ end trace 0000000000000000 ]---