------------[ cut here ]------------
WARNING: CPU: 0 PID: 2881 at kernel/workqueue.c:2257 __queue_work+0xc3a/0x1080 kernel/workqueue.c:2256
Modules linked in:
CPU: 0 UID: 0 PID: 2881 Comm: dhcpcd Not tainted 6.13.0-rc1-syzkaller-gd8d936c51388 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__queue_work+0xc3a/0x1080 kernel/workqueue.c:2256
Code: 07 83 c0 03 38 d0 7c 09 84 d2 74 05 e8 5f 63 8d 00 8b 5b 2c 31 ff 83 e3 20 89 de e8 20 5b 33 00 85 db 75 60 e8 d7 58 33 00 90 <0f> 0b 90 e9 f9 f7 ff ff e8 c9 58 33 00 90 0f 0b 90 e9 7e f6 ff ff
RSP: 0018:ffffc90000007be8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000100 RCX: ffffffff8127f931
RDX: ffff888115130000 RSI: ffffffff8127f989 RDI: 0000000000000005
RBP: ffff88811fc43780 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000001 R12: 1ffff92000000f8f
R13: 0000000000000001 R14: 0000000080000100 R15: ffff8881083f7000
FS:  00007f8af77f8740(0000) GS:ffff8881f5800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055c482c7a000 CR3: 00000001146f4000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1793
 expire_timers kernel/time/timer.c:1839 [inline]
 __run_timers+0x56a/0x930 kernel/time/timer.c:2418
 __run_timer_base kernel/time/timer.c:2430 [inline]
 __run_timer_base kernel/time/timer.c:2422 [inline]
 run_timer_base+0x114/0x190 kernel/time/timer.c:2439
 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449
 handle_softirqs+0x206/0x8d0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:655
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:671
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lockref_get+0x5/0x50 lib/lockref.c:43
Code: d5 5c ff e9 2a fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 <48> 89 fb e8 03 cb 02 ff 48 89 df e8 8b 5d 9a 04 48 8d 7b 40 48 b8
RSP: 0018:ffffc900017f76b8 EFLAGS: 00000293

RAX: 0000000000000000 RBX: ffff88811cf0e010 RCX: ffffffff8231b5bd
RDX: ffff888115130000 RSI: ffffffff8231b5e1 RDI: ffff8881104413d0
RBP: ffff88812755f9b0 R08: 0000000000000003 R09: 000000000000a000
R10: 0000000000008000 R11: 0000000000000001 R12: ffff88811cf0e032
R13: ffff888114dec200 R14: ffff888110441318 R15: 1ffff920002feee3
 dget include/linux/dcache.h:340 [inline]
 inode_doinit_with_dentry+0x84d/0x12c0 security/selinux/hooks.c:1525
 selinux_d_instantiate+0x26/0x30 security/selinux/hooks.c:6372
 security_d_instantiate+0x58/0xc0 security/security.c:4070
 d_splice_alias+0x94/0xdf0 fs/dcache.c:3001
 proc_sys_lookup+0x323/0x440 fs/proc/proc_sysctl.c:545
 lookup_open.isra.0+0x806/0x14b0 fs/namei.c:3627
 open_last_lookups fs/namei.c:3748 [inline]
 path_openat+0x904/0x2d60 fs/namei.c:3984
 do_filp_open+0x20c/0x470 fs/namei.c:4014
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8af78c29a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffee07451f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000000100a0 RCX: 00007f8af78c29a4
RDX: 0000000000000000 RSI: 00007ffee0755488 RDI: 00000000ffffff9c
RBP: 00007ffee0755488 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffee0745308 R14: 00007ffee0745308 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	e9 2a fd ff ff       	jmp    0xfffffd2f
   5:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
   c:	00 00 00
   f:	0f 1f 00             	nopl   (%rax)
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	f3 0f 1e fa          	endbr64
  26:	53                   	push   %rbx
* 27:	48 89 fb             	mov    %rdi,%rbx <-- trapping instruction
  2a:	e8 03 cb 02 ff       	call   0xff02cb32
  2f:	48 89 df             	mov    %rbx,%rdi
  32:	e8 8b 5d 9a 04       	call   0x49a5dc2
  37:	48 8d 7b 40          	lea    0x40(%rbx),%rdi
  3b:	48                   	rex.W
  3c:	b8                   	.byte 0xb8