------------[ cut here ]------------
sk->sk_forward_alloc
WARNING: net/ipv4/af_inet.c:163 at inet_sock_destruct+0x62d/0x740 net/ipv4/af_inet.c:163, CPU#1: pool_workqueue_/3
Modules linked in:
CPU: 1 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:inet_sock_destruct+0x62d/0x740 net/ipv4/af_inet.c:163
Code: 0f 0b 90 e9 58 fe ff ff e8 70 c3 9f f7 90 0f 0b 90 e9 8b fe ff ff e8 62 c3 9f f7 90 0f 0b 90 e9 b1 fe ff ff e8 54 c3 9f f7 90 <0f> 0b 90 e9 d7 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 95 fc
RSP: 0018:ffffc90000a08d48 EFLAGS: 00010246
RAX: ffffffff8a25eb1c RBX: dffffc0000000000 RCX: ffff88801d289e80
RDX: 0000000000000100 RSI: 0000000000000f70 RDI: 0000000000000000
RBP: 0000000000000f70 R08: ffff888021ad02a7 R09: 1ffff1100435a054
R10: dffffc0000000000 R11: ffffed100435a055 R12: ffff888021ad0000
R13: dffffc0000000000 R14: ffff888021ad028c R15: ffffffff8fcac5c0
FS:  0000000000000000(0000) GS:ffff88812555a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000140 CR3: 000000007ecac000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __sk_destruct+0x85/0x880 net/core/sock.c:2350
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
 handle_softirqs+0x22a/0x870 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lockdep_unregister_key+0x2d5/0x350 kernel/locking/lockdep.c:6616
Code: d1 17 09 00 89 c6 48 c7 c7 d0 b8 24 96 e8 f3 f6 0f 0a 90 e9 65 fe ff ff e8 d8 42 0d 0a 41 f7 c7 00 02 00 00 74 b3 fb 40 84 ed <75> b2 eb c3 90 0f 0b 90 e9 26 ff ff ff 90 0f 0b 90 e9 2e ff ff ff
RSP: 0018:ffffc90000087c90 EFLAGS: 00000202
RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000046
RDX: ffffffff93e03438 RSI: ffffffff8df12d01 RDI: ffffffff8c27cb00
RBP: ffff88801d289e01 R08: ffffffff81af1208 R09: ffffffff8e75e620
R10: dffffc0000000000 R11: fffff52000010f8d R12: 0000000000000000
R13: ffff88805a6b5139 R14: 0000000000001000 R15: 0000000000000a03
 wq_unregister_lockdep kernel/workqueue.c:4903 [inline]
 pwq_release_workfn+0x6ea/0x880 kernel/workqueue.c:5199
 kthread_worker_fn+0x509/0xb70 kernel/kthread.c:1025
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	d1 17                	rcll   $1,(%rdi)
   2:	09 00                	or     %eax,(%rax)
   4:	89 c6                	mov    %eax,%esi
   6:	48 c7 c7 d0 b8 24 96 	mov    $0xffffffff9624b8d0,%rdi
   d:	e8 f3 f6 0f 0a       	call   0xa0ff705
  12:	90                   	nop
  13:	e9 65 fe ff ff       	jmp    0xfffffe7d
  18:	e8 d8 42 0d 0a       	call   0xa0d42f5
  1d:	41 f7 c7 00 02 00 00 	test   $0x200,%r15d
  24:	74 b3                	je     0xffffffd9
  26:	fb                   	sti
  27:	40 84 ed             	test   %bpl,%bpl
* 2a:	75 b2                	jne    0xffffffde <-- trapping instruction
  2c:	eb c3                	jmp    0xfffffff1
  2e:	90                   	nop
  2f:	0f 0b                	ud2
  31:	90                   	nop
  32:	e9 26 ff ff ff       	jmp    0xffffff5d
  37:	90                   	nop
  38:	0f 0b                	ud2
  3a:	90                   	nop
  3b:	e9 2e ff ff ff       	jmp    0xffffff6e