------------[ cut here ]------------
sk->sk_forward_alloc
WARNING: net/ipv4/af_inet.c:162 at inet_sock_destruct+0x62d/0x740 net/ipv4/af_inet.c:162, CPU#0: syz.2.2504/14987
Modules linked in:
CPU: 0 UID: 0 PID: 14987 Comm: syz.2.2504 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:inet_sock_destruct+0x62d/0x740 net/ipv4/af_inet.c:162
Code: 0f 0b 90 e9 58 fe ff ff e8 70 19 9e f7 90 0f 0b 90 e9 8b fe ff ff e8 62 19 9e f7 90 0f 0b 90 e9 b1 fe ff ff e8 54 19 9e f7 90 <0f> 0b 90 e9 d7 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 95 fc
RSP: 0018:ffffc90000007d20 EFLAGS: 00010246
RAX: ffffffff8a27ab6c RBX: dffffc0000000000 RCX: ffff88803c290000
RDX: 0000000000000100 RSI: 0000000000000f70 RDI: 0000000000000000
RBP: 0000000000000f70 R08: ffff888034fc9c27 R09: 1ffff110069f9384
R10: dffffc0000000000 R11: ffffed10069f9385 R12: ffff888034fc9980
R13: ffff888034fc9e88 R14: ffff888034fc9c0c R15: ffffffff8feb06c0
FS: 00007febc97d06c0(0000) GS:ffff888125287000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007febc8987cc0 CR3: 0000000078d24000 CR4: 00000000003526f0
Call Trace:
__sk_destruct+0x8d/0x9d0 net/core/sock.c:2352
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x840 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:246 [inline]
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x17/0x90 kernel/kcov.c:321
Code: 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0d 58 c6 73 11 65 8b 15 79 c6 73 11 <81> e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 57 83 b9 d4 16 00 00
RSP: 0018:ffffc90005b4e718 EFLAGS: 00000297
RAX: ffffffff8ba54f4f RBX: 0000000000000036 RCX: ffff88803c290000
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000018
RBP: ffffc90005b4e840 R08: ffffc90005b4e7b7 R09: 0000000000000000
R10: ffffc90005b4e7a0 R11: fffff52000b69cf7 R12: ffffc90005b4eb25
R13: dffffc0000000000 R14: ffffc90005b4eb25 R15: 0000000000000000
number+0xbbf/0xf80 lib/vsprintf.c:573
vsnprintf+0x8e5/0xee0 lib/vsprintf.c:2912
sprintf+0xe7/0x140 lib/vsprintf.c:3111
print_time kernel/printk/printk.c:1359 [inline]
info_print_prefix+0x16b/0x360 kernel/printk/printk.c:1385
record_print_text+0x176/0x450 kernel/printk/printk.c:1434
printk_get_next_message+0x29c/0x880 kernel/printk/printk.c:3072
console_emit_next_record kernel/printk/printk.c:3137 [inline]
console_flush_one_record kernel/printk/printk.c:3269 [inline]
console_flush_all+0x501/0xb20 kernel/printk/printk.c:3343
__console_flush_and_unlock kernel/printk/printk.c:3373 [inline]
console_unlock+0xd1/0x1c0 kernel/printk/printk.c:3413
vprintk_emit+0x485/0x560 kernel/printk/printk.c:2479
_printk+0xdd/0x130 kernel/printk/printk.c:2504
__nla_validate_parse+0x25d4/0x2dc0 lib/nlattr.c:647
__nla_parse+0x40/0x60 lib/nlattr.c:732
__nlmsg_parse include/net/netlink.h:789 [inline]
genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 net/netlink/genetlink.c:944
genl_family_rcv_msg_doit+0xd9/0x330 net/netlink/genetlink.c:1092
genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1209
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1218
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x75c/0x8e0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg net/socket.c:802 [inline]
____sys_sendmsg+0x972/0x9f0 net/socket.c:2698
___sys_sendmsg+0x2a5/0x360 net/socket.c:2752
__sys_sendmsg net/socket.c:2784 [inline]
__do_sys_sendmsg net/socket.c:2789 [inline]
__se_sys_sendmsg net/socket.c:2787 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2787
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7febc899ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007febc97d0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007febc8c16090 RCX: 00007febc899ce59
RDX: 0000000000000000 RSI: 0000200000000300 RDI: 000000000000000c
RBP: 00007febc8a32d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007febc8c16128 R14: 00007febc8c16090 R15: 00007fff8fee7848
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: 00 90 90 90 90 90 add %dl,-0x6f6f6f70(%rax)
8: 90 nop
9: 90 nop
a: 90 nop
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: f3 0f 1e fa endbr64
17: 48 8b 04 24 mov (%rsp),%rax
1b: 65 48 8b 0d 58 c6 73 mov %gs:0x1173c658(%rip),%rcx # 0x1173c67b
22: 11
23: 65 8b 15 79 c6 73 11 mov %gs:0x1173c679(%rip),%edx # 0x1173c6a3
* 2a: 81 e2 00 01 ff 00 and $0xff0100,%edx <-- trapping instruction
30: 74 11 je 0x43
32: 81 fa 00 01 00 00 cmp $0x100,%edx
38: 75 57 jne 0x91
3a: 83 .byte 0x83
3b: b9 d4 16 00 00 mov $0x16d4,%ecx