------------[ cut here ]------------
sk->sk_forward_alloc
WARNING: net/ipv4/af_inet.c:157 at inet_sock_destruct+0x653/0x800 net/ipv4/af_inet.c:157, CPU#2: sshd-session/5891
Modules linked in:
CPU: 2 UID: 0 PID: 5891 Comm: sshd-session Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:inet_sock_destruct+0x653/0x800 net/ipv4/af_inet.c:157
Code: c9 4e ff e9 06 fd ff ff e8 2a af 01 f8 90 0f 0b 90 e9 35 fe ff ff e8 1c af 01 f8 90 0f 0b 90 e9 c5 fe ff ff e8 0e af 01 f8 90 <0f> 0b 90 e9 04 ff ff ff e8 00 af 01 f8 90 0f 0b 90 e9 65 fe ff ff
RSP: 0018:ffffc90000648d98 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88803aac9100 RCX: ffffffff8a06e8b7
RDX: ffff88802b002480 RSI: ffffffff8a06e9b2 RDI: ffff88802b002480
RBP: 0000000000000f70 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000f70 R11: 0000000000000000 R12: ffff88803aac9100
R13: ffff88803aac9190 R14: ffffffff81ee5bad R15: 0000000000000008
FS:  00007f6a6cb3e300(0000) GS:ffff8880d6552000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f76647e42f8 CR3: 00000000388d1000 CR4: 0000000000352ef0
Call Trace:
 <IRQ>
 __sk_destruct+0x85/0xbb0 net/core/sock.c:2350
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x5a2/0x10d0 kernel/rcu/tree.c:2869
 handle_softirqs+0x1eb/0x9e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xef/0x150 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__sanitizer_cov_trace_pc+0x3f/0x70 kernel/kcov.c:217
Code: 04 12 a9 00 01 ff 00 74 1b f6 c4 01 74 07 a9 00 00 ff 00 74 05 c3 cc cc cc cc 8b 82 54 16 00 00 85 c0 74 f1 8b 82 30 16 00 00 <83> f8 02 75 e6 48 8b 8a 38 16 00 00 8b 92 34 16 00 00 48 8b 01 48
RSP: 0018:ffffc900033df7d8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff88802ababfc0 RCX: ffffffff89f2ac77
RDX: ffff88802b002480 RSI: ffffffff89f2ac86 RDI: ffff88802b002480
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000002
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: 1ffff9200067bf01 R14: 0000000000000001 R15: ffffffff828ed2a0
 tcp_poll+0x1c6/0x1260 net/ipv4/tcp.c:596
 sock_poll+0x160/0x510 net/socket.c:1443
 vfs_poll include/linux/poll.h:82 [inline]
 do_pollfd fs/select.c:866 [inline]
 do_poll fs/select.c:909 [inline]
 do_sys_poll+0x6e5/0xeb0 fs/select.c:1005
 __do_sys_ppoll fs/select.c:1107 [inline]
 __se_sys_ppoll fs/select.c:1087 [inline]
 __x64_sys_ppoll+0x2b5/0x350 fs/select.c:1087
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6a6c45d407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffd29f13370 EFLAGS: 00000202 ORIG_RAX: 000000000000010f
RAX: ffffffffffffffda RBX: 00007f6a6cb3e300 RCX: 00007f6a6c45d407
RDX: 00007ffd29f133b0 RSI: 0000000000000007 RDI: 000055fdec67ece0
RBP: 00007ffd29f13420 R08: 0000000000000008 R09: 0000000000000000
R10: 00007ffd29f134b0 R11: 0000000000000202 R12: 0000000000000001
R13: 00007ffd29f134b0 R14: 00000000000000a7 R15: 0000000000000004
 </TASK>
----------------
Code disassembly (best guess):
   0:	04 12                	add    $0x12,%al
   2:	a9 00 01 ff 00       	test   $0xff0100,%eax
   7:	74 1b                	je     0x24
   9:	f6 c4 01             	test   $0x1,%ah
   c:	74 07                	je     0x15
   e:	a9 00 00 ff 00       	test   $0xff0000,%eax
  13:	74 05                	je     0x1a
  15:	c3                   	ret
  16:	cc                   	int3
  17:	cc                   	int3
  18:	cc                   	int3
  19:	cc                   	int3
  1a:	8b 82 54 16 00 00    	mov    0x1654(%rdx),%eax
  20:	85 c0                	test   %eax,%eax
  22:	74 f1                	je     0x15
  24:	8b 82 30 16 00 00    	mov    0x1630(%rdx),%eax
* 2a:	83 f8 02             	cmp    $0x2,%eax <-- trapping instruction
  2d:	75 e6                	jne    0x15
  2f:	48 8b 8a 38 16 00 00 	mov    0x1638(%rdx),%rcx
  36:	8b 92 34 16 00 00    	mov    0x1634(%rdx),%edx
  3c:	48 8b 01             	mov    (%rcx),%rax
  3f:	48                   	rex.W