------------[ cut here ]------------
WARNING: net/ipv4/af_inet.c:157 at inet_sock_destruct+0x68c/0x830 net/ipv4/af_inet.c:157, CPU#2: syz.4.5797/25341
Modules linked in:
CPU: 2 UID: 0 PID: 25341 Comm: syz.4.5797 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:inet_sock_destruct+0x68c/0x830 net/ipv4/af_inet.c:157
Code: 0f 0b 90 e9 0a fe ff ff e8 e1 4d cf f7 90 0f 0b 90 e9 56 fe ff ff e8 d3 4d cf f7 90 0f 0b 90 e9 8c fe ff ff e8 c5 4d cf f7 90 <0f> 0b 90 e9 cb fe ff ff e8 47 25 39 f8 e9 cf fc ff ff 4c 89 ff e8
RSP: 0018:ffffc90000648d90 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888057024a40 RCX: ffffffff89ef9c47
RDX: ffff88803de6a4c0 RSI: ffffffff89ef9d7b RDI: 0000000000000005
RBP: 0000000000000090 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000090 R11: ffff88803de6aff0 R12: ffff888057024a40
R13: ffff888057024ad0 R14: ffffc90000648e90 R15: 0000000000000000
FS: 00007ffb0316d6c0(0000) GS:ffff8880d6af5000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffb02373460 CR3: 000000002b3e2000 CR4: 0000000000352ef0
Call Trace:
__sk_destruct+0x85/0xbc0 net/core/sock.c:2350
rcu_do_batch kernel/rcu/tree.c:2605 [inline]
rcu_core+0x79c/0x15f0 kernel/rcu/tree.c:2857
handle_softirqs+0x219/0x950 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__orc_find+0xae/0xf0 arch/x86/kernel/unwind_orc.c:111
Code: 63 13 48 01 da 49 39 d5 73 af 4c 8d 63 fc 49 39 ec 73 b2 4d 29 f7 49 c1 ff 02 4b 8d 14 7f 48 8d 04 50 48 83 c4 08 5b 5d 41 5c <41> 5d 41 5e 41 5f c3 cc cc cc cc 48 83 c4 08 31 c0 5b 5d 41 5c 41
RSP: 0018:ffffc90006277320 EFLAGS: 00000282
RAX: ffffffff9130a2aa RBX: 0000000000000001 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff90a80470
RBP: ffffc900062773f8 R08: ffffffff9130a2b0 R09: 00000000aa38c6ca
R10: 0000000000000002 R11: 0000000000013378 R12: ffffc90006277400
R13: ffffffff82337863 R14: ffffffff90a80470 R15: 0000000000000000
orc_find arch/x86/kernel/unwind_orc.c:238 [inline]
unwind_next_frame+0x2ec/0x20b0 arch/x86/kernel/unwind_orc.c:510
arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
save_stack+0x160/0x1f0 mm/page_owner.c:165
__reset_page_owner+0x84/0x1a0 mm/page_owner.c:320
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1406 [inline]
__free_frozen_pages+0x7df/0x1170 mm/page_alloc.c:2943
selinux_genfs_get_sid security/selinux/hooks.c:1359 [inline]
inode_doinit_with_dentry+0xaca/0x12e0 security/selinux/hooks.c:1557
selinux_d_instantiate+0x26/0x30 security/selinux/hooks.c:6545
security_d_instantiate+0x142/0x1a0 security/security.c:3601
d_make_persistent+0x6a/0x190 fs/dcache.c:2790
debugfs_create_dir+0x19c/0x470 fs/debugfs/inode.c:591
drm_debugfs_clients_add+0x6f/0x200 drivers/gpu/drm/drm_debugfs.c:365
drm_file_alloc+0x5c6/0xb40 drivers/gpu/drm/drm_file.c:173
drm_open_helper+0x204/0x550 drivers/gpu/drm/drm_file.c:335
drm_open+0x1a0/0x3e0 drivers/gpu/drm/drm_file.c:388
drm_stub_open+0x20f/0x380 drivers/gpu/drm/drm_drv.c:1208
chrdev_open+0x234/0x6a0 fs/char_dev.c:414
do_dentry_open+0x748/0x1590 fs/open.c:962
vfs_open+0x82/0x3f0 fs/open.c:1094
do_open fs/namei.c:4637 [inline]
path_openat+0x2078/0x3140 fs/namei.c:4796
do_filp_open+0x20b/0x470 fs/namei.c:4823
do_sys_openat2+0x121/0x290 fs/open.c:1430
do_sys_open fs/open.c:1436 [inline]
__do_sys_openat fs/open.c:1452 [inline]
__se_sys_openat fs/open.c:1447 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1447
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ffb0238e010
Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
RSP: 002b:00007ffb0316cb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffb0238e010
RDX: 0000000000000000 RSI: 00007ffb0316cc10 RDI: 00000000ffffff9c
RBP: 00007ffb0316cc10 R08: 0000000000000000 R09: 0023647261632f69
R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
R13: 00007ffb025e6218 R14: 00007ffb025e6180 R15: 00007ffc1c88c4e8
----------------
Code disassembly (best guess):
0: 63 13 movsxd (%rbx),%edx
2: 48 01 da add %rbx,%rdx
5: 49 39 d5 cmp %rdx,%r13
8: 73 af jae 0xffffffb9
a: 4c 8d 63 fc lea -0x4(%rbx),%r12
e: 49 39 ec cmp %rbp,%r12
11: 73 b2 jae 0xffffffc5
13: 4d 29 f7 sub %r14,%r15
16: 49 c1 ff 02 sar $0x2,%r15
1a: 4b 8d 14 7f lea (%r15,%r15,2),%rdx
1e: 48 8d 04 50 lea (%rax,%rdx,2),%rax
22: 48 83 c4 08 add $0x8,%rsp
26: 5b pop %rbx
27: 5d pop %rbp
28: 41 5c pop %r12
* 2a: 41 5d pop %r13 <-- trapping instruction
2c: 41 5e pop %r14
2e: 41 5f pop %r15
30: c3 ret
31: cc int3
32: cc int3
33: cc int3
34: cc int3
35: 48 83 c4 08 add $0x8,%rsp
39: 31 c0 xor %eax,%eax
3b: 5b pop %rbx
3c: 5d pop %rbp
3d: 41 5c pop %r12
3f: 41 rex.B