------------[ cut here ]------------
sk->sk_forward_alloc
WARNING: net/ipv4/af_inet.c:162 at inet_sock_destruct+0x653/0x800 net/ipv4/af_inet.c:162, CPU#2: udevd/5149
Modules linked in:
CPU: 2 UID: 0 PID: 5149 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:inet_sock_destruct+0x653/0x800 net/ipv4/af_inet.c:162
Code: 36 4d ff e9 06 fd ff ff e8 6a 5d ff f7 90 0f 0b 90 e9 35 fe ff ff e8 5c 5d ff f7 90 0f 0b 90 e9 c5 fe ff ff e8 4e 5d ff f7 90 <0f> 0b 90 e9 04 ff ff ff e8 40 5d ff f7 90 0f 0b 90 e9 65 fe ff ff
RSP: 0018:ffffc90000648d88 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888033939100 RCX: ffffffff8a095217
RDX: ffff88802cfc4a80 RSI: ffffffff8a095312 RDI: ffff88802cfc4a80
RBP: 0000000000000f70 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000f70 R11: 0000000000000000 R12: ffff888033939100
R13: ffff888033939190 R14: ffffffff81ee327d R15: 0000000000000001
FS:  00007f0f7860d880(0000) GS:ffff8880d6583000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f49df94da08 CR3: 00000000345b7000 CR4: 0000000000352ef0
Call Trace:
 <IRQ>
 __sk_destruct+0x85/0xab0 net/core/sock.c:2352
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x5a2/0x10d0 kernel/rcu/tree.c:2869
 handle_softirqs+0x1ea/0xa00 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x162/0x210 kernel/softirq.c:735
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1061
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x5e/0x370 kernel/locking/lockdep.c:5872
Code: 05 3b 45 25 12 83 f8 07 0f 87 d9 02 00 00 48 0f a3 05 46 84 f2 0e 0f 82 a4 02 00 00 8b 35 ce b7 f2 0e 85 f6 0f 85 bf 00 00 00 <48> 8b 44 24 30 65 48 2b 05 dd 44 25 12 0f 85 ed 02 00 00 48 83 c4
RSP: 0018:ffffc90005bd7660 EFLAGS: 00000206
RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8dee9f9e RDI: ffffffff8c1c4480
RBP: ffffffff8e7e5560 R08: 0000000007fe2fc1 R09: 0000000000000007
R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 rcu_read_lock include/linux/rcupdate.h:838 [inline]
 is_bpf_text_address+0x36/0x1a0 kernel/bpf/core.c:747
 kernel_text_address kernel/extable.c:125 [inline]
 kernel_text_address+0x8d/0x100 kernel/extable.c:94
 __kernel_text_address+0xd/0x30 kernel/extable.c:79
 unwind_get_return_address+0x59/0xa0 arch/x86/kernel/unwind_orc.c:385
 arch_stack_walk+0xa6/0xf0 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2689 [inline]
 slab_free mm/slub.c:6251 [inline]
 kfree+0x223/0x6c0 mm/slub.c:6566
 tomoyo_path_perm+0x29c/0x460 security/tomoyo/file.c:847
 security_inode_getattr+0x116/0x280 security/security.c:1895
 vfs_getattr fs/stat.c:259 [inline]
 vfs_fstat+0x4b/0xe0 fs/stat.c:281
 __do_sys_newfstat+0x8b/0x110 fs/stat.c:551
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x115/0x870 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0f77f11ad7
Code: 73 01 c3 48 8b 0d 21 f3 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 05 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8
RSP: 002b:00007ffd25681c58 EFLAGS: 00000297 ORIG_RAX: 0000000000000005
RAX: ffffffffffffffda RBX: 00005647bd49a420 RCX: 00007f0f77f11ad7
RDX: 00007f0f77fefea0 RSI: 00007ffd25681c60 RDI: 000000000000000c
RBP: 00007f0f77fefff0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000297 R12: 000000000000000a
R13: 0000000000003fff R14: 0000000000000000 R15: 00005647bd49a420
 </TASK>
----------------
Code disassembly (best guess):
   0:	05 3b 45 25 12       	add    $0x1225453b,%eax
   5:	83 f8 07             	cmp    $0x7,%eax
   8:	0f 87 d9 02 00 00    	ja     0x2e7
   e:	48 0f a3 05 46 84 f2 	bt     %rax,0xef28446(%rip)        # 0xef2845c
  15:	0e
  16:	0f 82 a4 02 00 00    	jb     0x2c0
  1c:	8b 35 ce b7 f2 0e    	mov    0xef2b7ce(%rip),%esi        # 0xef2b7f0
  22:	85 f6                	test   %esi,%esi
  24:	0f 85 bf 00 00 00    	jne    0xe9
* 2a:	48 8b 44 24 30       	mov    0x30(%rsp),%rax <-- trapping instruction
  2f:	65 48 2b 05 dd 44 25 	sub    %gs:0x122544dd(%rip),%rax        # 0x12254514
  36:	12
  37:	0f 85 ed 02 00 00    	jne    0x32a
  3d:	48                   	rex.W
  3e:	83                   	.byte 0x83
  3f:	c4                   	.byte 0xc4