INFO: task syz-executor.1:17698 can't die for more than 143 seconds.
task:syz-executor.1  state:R  running task     stack:25496 pid:17698 ppid:  6534 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4983 [inline]
 __schedule+0xab2/0x4d90 kernel/sched/core.c:6293
 inet_twsk_purge+0x537/0x7d0 net/ipv4/inet_timewait_sock.c:264
 </TASK>
INFO: task syz-executor.0:17701 can't die for more than 147 seconds.
task:syz-executor.0  state:R  running task     stack:25496 pid:17701 ppid: 13143 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4983 [inline]
 __schedule+0xab2/0x4d90 kernel/sched/core.c:6293
 preempt_schedule_irq+0x4e/0x90 kernel/sched/core.c:6708
 irqentry_exit+0x31/0x80 kernel/entry/common.c:425
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:lock_acquire+0x1ef/0x510 kernel/locking/lockdep.c:5605
Code: a7 a5 7e 83 f8 01 0f 85 b4 02 00 00 9c 58 f6 c4 02 0f 85 9f 02 00 00 48 83 7c 24 08 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffffc9000333fab8 EFLAGS: 00000206
==================================================================
BUG: KASAN: stack-out-of-bounds in __show_regs.cold+0x2b/0x481 arch/x86/kernel/process_64.c:81
Read of size 8 at addr ffffc9000333fa60 by task khungtaskd/27

CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.16.0-rc2-next-20211123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_address_description.constprop.0.cold+0xf/0x320 mm/kasan/report.c:247
 __kasan_report mm/kasan/report.c:433 [inline]
 kasan_report.cold+0x83/0xdf mm/kasan/report.c:450
 __show_regs.cold+0x2b/0x481 arch/x86/kernel/process_64.c:81
 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:298
 sched_show_task kernel/sched/core.c:8567 [inline]
 sched_show_task+0x433/0x5b0 kernel/sched/core.c:8541
 check_killed_task kernel/hung_task.c:184 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:242 [inline]
 watchdog.cold+0x74/0x1de kernel/hung_task.c:339
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>


Memory state around the buggy address:
 ffffc9000333f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc9000333f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc9000333fa00: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00
                                                       ^
 ffffc9000333fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc9000333fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
----------------
Code disassembly (best guess):
   0:	a7                   	cmpsl  %es:(%rdi),%ds:(%rsi)
   1:	a5                   	movsl  %ds:(%rsi),%es:(%rdi)
   2:	7e 83                	jle    0xffffff87
   4:	f8                   	clc
   5:	01 0f                	add    %ecx,(%rdi)
   7:	85 b4 02 00 00 9c 58 	test   %esi,0x589c0000(%rdx,%rax,1)
   e:	f6 c4 02             	test   $0x2,%ah
  11:	0f 85 9f 02 00 00    	jne    0x2b6
  17:	48 83 7c 24 08 00    	cmpq   $0x0,0x8(%rsp)
  1d:	74 01                	je     0x20
  1f:	fb                   	sti
  20:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  27:	fc ff df
* 2a:	48 01 c3             	add    %rax,%rbx <-- trapping instruction
  2d:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  34:	48 c7 43 08 00 00 00 	movq   $0x0,0x8(%rbx)
  3b:	00
  3c:	48                   	rex.W
  3d:	8b                   	.byte 0x8b
  3e:	84                   	.byte 0x84
  3f:	24                   	.byte 0x24