syzbot

 __sys_sendmmsg+0x195/0x470 net/socket.c:2553
 __do_sys_sendmmsg net/socket.c:2582 [inline]
 __se_sys_sendmmsg net/socket.c:2579 [inline]
 __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2579
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
------------[ cut here ]------------
WARNING: CPU: 3 PID: 3717 at lib/ref_tracker.c:38 spin_unlock_irqrestore include/linux/spinlock.h:404 [inline]
WARNING: CPU: 3 PID: 3717 at lib/ref_tracker.c:38 ref_tracker_dir_exit.cold+0x137/0x1e3 lib/ref_tracker.c:37
Modules linked in:
CPU: 3 PID: 3717 Comm: syz-executor.0 Not tainted 5.16.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
RIP: 0010:ref_tracker_dir_exit.cold+0x137/0x1e3 lib/ref_tracker.c:38
Code: 4c 89 ef e8 7a 18 a6 f8 4c 8b 3c 24 4c 39 fd 49 8b 07 0f 85 b5 00 00 00 e8 25 60 5f f8 48 8b 74 24 10 4c 89 e7 e8 98 1e 37 00 <0f> 0b e9 a4 3b e7 fa 4c 89 ff e8 49 18 a6 f8 e9 d4 fe ff ff e8 2f
RSP: 0018:ffffc900028e7b88 EFLAGS: 00010246
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffff88806ecf4258 R08: 0000000000000001 R09: ffffffff8ffcda67
R10: 0000000000000001 R11: 0000000000088078 R12: ffff88806ecf4210
R13: ffff88806ecf4258 R14: ffff88806ecf4258 R15: ffff88806ecf4258
FS:  0000000000000000(0000) GS:ffff88802cd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020404030 CR3: 000000001fdbd000 CR4: 0000000000150ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __put_net+0x15/0x70 net/core/net_namespace.c:640
 put_net include/net/net_namespace.h:268 [inline]
 put_net_track include/net/net_namespace.h:342 [inline]
 __sk_destruct+0x6d2/0x920 net/core/sock.c:2042
 sk_destruct+0xbd/0xe0 net/core/sock.c:2058
 __sk_free+0xef/0x3d0 net/core/sock.c:2069
 sk_free+0x78/0xa0 net/core/sock.c:2080
 sock_put include/net/sock.h:1912 [inline]
 __tun_detach+0xdb4/0x13e0 drivers/net/tun.c:681
 tun_detach drivers/net/tun.c:693 [inline]
 tun_chr_close+0xc4/0x180 drivers/net/tun.c:3405
 __fput+0x286/0x9f0 fs/file_table.c:280
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0xb29/0x2a30 kernel/exit.c:806
 do_group_exit+0xd2/0x2f0 kernel/exit.c:935
 __do_sys_exit_group kernel/exit.c:946 [inline]
 __se_sys_exit_group kernel/exit.c:944 [inline]
 __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:944
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f6680c6dfe9
Code: Unable to access opcode bytes at RIP 0x7f6680c6dfbf.
RSP: 002b:00007fff511aa518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000064 RCX: 00007f6680c6dfe9
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 00007f6680cc725c R08: 000000000000000c R09: 000055555622e3bc
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016
R13: 00007fff511ab7f0 R14: 000055555622e3bc R15: 00007fff511ac8f0
 </TASK>