syzbot

general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 PID: 117 Comm: kworker/u4:3 Tainted: G        W         5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
RIP: 0010:__seqprop_raw_spinlock_sequence include/linux/seqlock.h:276 [inline]
RIP: 0010:hrtimer_active+0x6b/0x1f0 kernel/time/hrtimer.c:1463
Code: 01 f0 48 89 44 24 10 e8 c3 6d 10 00 48 8b 44 24 08 80 38 00 0f 85 71 01 00 00 49 8b 6d 30 48 8d 45 10 48 89 04 24 48 c1 e8 03 <42> 0f b6 04 30 84 c0 74 08 3c 03 0f 8e 42 01 00 00 8b 5d 10 31 ff
RSP: 0018:ffffc900014f7918 EFLAGS: 00010202
RAX: 0000000000000002 RBX: ffffe8ffffa1bbf0 RCX: 0000000000000000
RDX: ffff8880153a2380 RSI: ffffffff8164510d RDI: ffffe8ffffa1bbf0
RBP: 0000000000000000 R08: 0000000000000001 R09: 00000000ffa1ba00
R10: ffffffff8711716d R11: 0000000000000000 R12: 0000000000000000
R13: ffffe8ffffa1bbf0 R14: dffffc0000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055abb45f15ff CR3: 0000000026155000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 hrtimer_try_to_cancel+0x21/0x1e0 kernel/time/hrtimer.c:1180
 hrtimer_cancel+0x13/0x40 kernel/time/hrtimer.c:1295
 napi_disable+0xc3/0x110 net/core/dev.c:6946
 gro_cells_destroy net/core/gro_cells.c:101 [inline]
 gro_cells_destroy+0x10d/0x360 net/core/gro_cells.c:92
 ip_tunnel_dev_free+0x15/0x60 net/ipv4/ip_tunnel.c:1000
 netdev_run_todo+0x6b4/0xa80 net/core/dev.c:10609
 ip_tunnel_delete_nets+0x3f0/0x5b0 net/ipv4/ip_tunnel.c:1114
 ops_exit_list+0x10d/0x160 net/core/net_namespace.c:178
 cleanup_net+0x4ea/0xb10 net/core/net_namespace.c:595
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Modules linked in:
---[ end trace 577743e35b35f6ae ]---
RIP: 0010:__seqprop_raw_spinlock_sequence include/linux/seqlock.h:276 [inline]
RIP: 0010:hrtimer_active+0x6b/0x1f0 kernel/time/hrtimer.c:1463
Code: 01 f0 48 89 44 24 10 e8 c3 6d 10 00 48 8b 44 24 08 80 38 00 0f 85 71 01 00 00 49 8b 6d 30 48 8d 45 10 48 89 04 24 48 c1 e8 03 <42> 0f b6 04 30 84 c0 74 08 3c 03 0f 8e 42 01 00 00 8b 5d 10 31 ff
RSP: 0018:ffffc900014f7918 EFLAGS: 00010202
RAX: 0000000000000002 RBX: ffffe8ffffa1bbf0 RCX: 0000000000000000
RDX: ffff8880153a2380 RSI: ffffffff8164510d RDI: ffffe8ffffa1bbf0
RBP: 0000000000000000 R08: 0000000000000001 R09: 00000000ffa1ba00
R10: ffffffff8711716d R11: 0000000000000000 R12: 0000000000000000
R13: ffffe8ffffa1bbf0 R14: dffffc0000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055abb4556ca8 CR3: 000000002dda0000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400