------------[ cut here ]------------
sk->sk_forward_alloc
WARNING: net/ipv4/af_inet.c:162 at inet_sock_destruct+0x62d/0x740 net/ipv4/af_inet.c:162, CPU#0: syz.4.874/9192
Modules linked in:
CPU: 0 UID: 0 PID: 9192 Comm: syz.4.874 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:inet_sock_destruct+0x62d/0x740 net/ipv4/af_inet.c:162
Code: 0f 0b 90 e9 58 fe ff ff e8 d0 a3 a1 f7 90 0f 0b 90 e9 8b fe ff ff e8 c2 a3 a1 f7 90 0f 0b 90 e9 b1 fe ff ff e8 b4 a3 a1 f7 90 <0f> 0b 90 e9 d7 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 95 fc
RSP: 0000:ffffc90000007d20 EFLAGS: 00010246
RAX: ffffffff8a2422ec RBX: dffffc0000000000 RCX: ffff888030401f00
RDX: 0000000000000100 RSI: 0000000000000fe4 RDI: 0000000000000000
RBP: 0000000000000fe4 R08: ffff88807e284627 R09: 1ffff1100fc508c4
R10: dffffc0000000000 R11: ffffed100fc508c5 R12: ffff88807e284380
R13: ffff88807e284888 R14: ffff88807e28460c R15: 1ffff1100fc50872
FS:  0000555588fac500(0000) GS:ffff888125298000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f30e7406658 CR3: 000000005aa58000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __sk_destruct+0x8d/0x9d0 net/core/sock.c:2352
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
 handle_softirqs+0x22a/0x840 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x47/0x80 kernel/locking/spinlock.c:198
Code: f7 e8 9d a9 f8 f5 f7 c3 00 02 00 00 74 05 e8 c0 42 24 f6 9c 58 a9 00 02 00 00 75 27 f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 54 28 ea f5 65 8b 05 6d ce 8e 07 85 c0 74 18 5b 41 5e e9 51 48
RSP: 0000:ffffc9000356f8a8 EFLAGS: 00000206
RAX: 0000000000000006 RBX: 0000000000000246 RCX: 0000000080000003
RDX: 0000000000000006 RSI: ffffffff8dfa912a RDI: 0000000000000001
RBP: ffffc9000356f988 R08: ffffffff903052f7 R09: 1ffffffff2060a5e
R10: dffffc0000000000 R11: fffffbfff2060a5f R12: ffff8880b8633a80
R13: dffffc0000000000 R14: ffff88805780b218 R15: ffffea0001d73000
 spin_unlock_irqrestore include/linux/spinlock.h:408 [inline]
 lruvec_unlock_irqrestore include/linux/memcontrol.h:1492 [inline]
 folio_batch_move_lru+0x40a/0x550 mm/swap.c:178
 __folio_batch_add_and_move+0x510/0xc50 mm/swap.c:196
 folio_add_lru_vma+0x196/0x210 mm/swap.c:536
 wp_page_copy mm/memory.c:3943 [inline]
 do_wp_page+0x3deb/0x4cc0 mm/memory.c:4336
 handle_pte_fault mm/memory.c:6443 [inline]
 __handle_mm_fault mm/memory.c:6565 [inline]
 handle_mm_fault+0x151f/0x3170 mm/memory.c:6734
 do_user_addr_fault+0xa73/0x1340 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x6a/0xc0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f30e70507fc
Code: 23 83 c0 01 44 39 d0 75 dc 48 89 f0 25 ff 1f 00 00 49 89 34 c1 41 88 3c 00 31 c0 c3 66 90 41 38 3c 10 74 0b 41 88 3c 10 31 c0 <49> 89 34 d1 c3 b8 01 00 00 00 c3 66 0f 1f 84 00 00 00 00 00 48 83
RSP: 002b:00007ffe60985888 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffff846428cb RCX: 0000000000000000
RDX: 00000000000008cb RSI: ffffffff846428cb RDI: 0000000000000000
RBP: 0000000000000000 R08: 00007f30e7400000 R09: 00007f30e7402000
R10: 00000000846428cf R11: 0000000000000000 R12: 00007f30e7416038
R13: 0000000000000015 R14: ffffffff84642dba R15: 00007f30e7f45720
 </TASK>
----------------
Code disassembly (best guess):
   0:	f7 e8                	imul   %eax
   2:	9d                   	popf
   3:	a9 f8 f5 f7 c3       	test   $0xc3f7f5f8,%eax
   8:	00 02                	add    %al,(%rdx)
   a:	00 00                	add    %al,(%rax)
   c:	74 05                	je     0x13
   e:	e8 c0 42 24 f6       	call   0xf62442d3
  13:	9c                   	pushf
  14:	58                   	pop    %rax
  15:	a9 00 02 00 00       	test   $0x200,%eax
  1a:	75 27                	jne    0x43
  1c:	f7 c3 00 02 00 00    	test   $0x200,%ebx
  22:	74 01                	je     0x25
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 54 28 ea f5       	call   0xf5ea2883 <-- trapping instruction
  2f:	65 8b 05 6d ce 8e 07 	mov    %gs:0x78ece6d(%rip),%eax        # 0x78ecea3
  36:	85 c0                	test   %eax,%eax
  38:	74 18                	je     0x52
  3a:	5b                   	pop    %rbx
  3b:	41 5e                	pop    %r14
  3d:	e9                   	.byte 0xe9
  3e:	51                   	push   %rcx
  3f:	48                   	rex.W