------------[ cut here ]------------
WARNING: CPU: 1 PID: 26254 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156
Modules linked in:
CPU: 1 UID: 0 PID: 26254 Comm: syz.7.5705 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156
Code: 0f 0b 90 e9 62 fe ff ff e8 ca d2 c8 f7 90 0f 0b 90 e9 95 fe ff ff e8 bc d2 c8 f7 90 0f 0b 90 e9 bb fe ff ff e8 ae d2 c8 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
RSP: 0000:ffffc90000a08b48 EFLAGS: 00010246
RAX: ffffffff89f78d52 RBX: dffffc0000000000 RCX: ffff888031a9bc00
RDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000
RBP: 0000000000000fff R08: ffff88803ffee11f R09: 1ffff11007ffdc23
R10: dffffc0000000000 R11: ffffed1007ffdc24 R12: ffff88803ffede80
R13: dffffc0000000000 R14: ffff88803ffee104 R15: 1ffff11007ffdbd2
FS: 000055555e8f9500(0000) GS:ffff888125d14000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c292b9e CR3: 0000000060de0000 CR4: 00000000003526f0
Call Trace:
__sk_destruct+0x86/0x660 net/core/sock.c:2333
rcu_do_batch kernel/rcu/tree.c:2576 [inline]
rcu_core+0xca5/0x1710 kernel/rcu/tree.c:2832
handle_softirqs+0x286/0x870 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x175/0x360 kernel/locking/lockdep.c:5875
Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 0b 8d 02 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
RSP: 0000:ffffc9000ba77898 EFLAGS: 00000206
RAX: a19176e62bdd5300 RBX: 0000000000000000 RCX: a19176e62bdd5300
RDX: 0000000000000000 RSI: ffffffff8db8a5e2 RDI: ffffffff8be28f80
RBP: ffffffff822f0a0d R08: 0000000000000000 R09: ffffffff822f0a0d
R10: dffffc0000000000 R11: fffff940003c1881 R12: 0000000000000002
R13: ffffffff8e13ee20 R14: 0000000000000000 R15: 0000000000000246
rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
rcu_read_lock include/linux/rcupdate.h:841 [inline]
page_table_check_set+0x1aa/0x730 mm/page_table_check.c:112
page_table_check_ptes_set include/linux/page_table_check.h:76 [inline]
set_ptes include/linux/pgtable.h:292 [inline]
set_pte_range+0x6a5/0x700 mm/memory.c:5330
filemap_map_order0_folio mm/filemap.c:3692 [inline]
filemap_map_pages+0xf29/0x1740 mm/filemap.c:3746
do_fault_around mm/memory.c:5548 [inline]
do_read_fault mm/memory.c:5581 [inline]
do_fault mm/memory.c:5724 [inline]
do_pte_missing mm/memory.c:4251 [inline]
handle_pte_fault mm/memory.c:6069 [inline]
__handle_mm_fault+0x368a/0x5620 mm/memory.c:6212
handle_mm_fault+0x40a/0x8e0 mm/memory.c:6381
do_user_addr_fault+0xa81/0x1390 arch/x86/mm/fault.c:1336
handle_page_fault arch/x86/mm/fault.c:1476 [inline]
exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f6f64c6ec8d
Code: ff 48 83 e8 01 48 89 ee bf 01 00 00 00 48 c1 e0 0e 48 c1 ee 06 48 01 c8 48 89 e9 81 e6 ff 3f 00 00 48 c1 e9 03 83 e1 07 d3 e7 <40> 84 bc 06 20 20 00 00 0f 85 11 fd ff ff e9 c0 fd ff ff e8 7b 2b
RSP: 002b:00007ffe44cce930 EFLAGS: 00010202
RAX: 000000110c290000 RBX: 00007f6f65ae5720 RCX: 0000000000000002
RDX: 0000000000001f97 RSI: 0000000000000b7e RDI: 0000000000000004
RBP: ffffffff8212df97 R08: 00007f6f64fb6038 R09: 00007f6f64fa2000
R10: 00007f6f643ff008 R11: 0000000000000001 R12: 0000000000000001
R13: 0000000000000000 R14: ffffffff8212da2f R15: 00000000000000ce
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 9c pushf
5: 8f 44 24 30 pop 0x30(%rsp)
9: f7 44 24 30 00 02 00 testl $0x200,0x30(%rsp)
10: 00
11: 0f 85 cd 00 00 00 jne 0xe4
17: f7 44 24 08 00 02 00 testl $0x200,0x8(%rsp)
1e: 00
1f: 74 01 je 0x22
21: fb sti
22: 65 48 8b 05 0b 8d 02 mov %gs:0x11028d0b(%rip),%rax # 0x11028d35
29: 11
* 2a: 48 3b 44 24 58 cmp 0x58(%rsp),%rax <-- trapping instruction
2f: 0f 85 f2 00 00 00 jne 0x127
35: 48 83 c4 60 add $0x60,%rsp
39: 5b pop %rbx
3a: 41 5c pop %r12
3c: 41 5d pop %r13
3e: 41 5e pop %r14