Oops: general protection fault, probably for non-canonical address 0xffff11026b463e40: 0000 [#1] PREEMPT SMP PTI
CPU: 0 UID: 0 PID: 1814 Comm: kworker/u8:6 Not tainted 6.13.0-syzkaller-09383-gebbb8be421ee #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: netns cleanup_net
RIP: 0010:percpu_ref_get_many include/linux/percpu-refcount.h:205 [inline]
RIP: 0010:percpu_ref_get include/linux/percpu-refcount.h:222 [inline]
RIP: 0010:obj_cgroup_get include/linux/memcontrol.h:764 [inline]
RIP: 0010:refill_obj_stock+0x140/0x5d0 mm/memcontrol.c:2870
Code: 00 00 48 85 db 0f 85 e1 02 00 00 be 08 00 00 00 4c 89 ff e8 52 c1 f4 ff 4d 85 e4 0f 85 dd 03 00 00 4d 85 e4 0f 85 e5 03 00 00 <65> 49 ff 07 e8 a7 b6 31 ff 4c 89 ef e8 df c0 f4 ff 48 c7 00 00 00
RSP: 0018:ffff88810a80f828 EFLAGS: 00010046
RAX: ffff88812b463e40 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 000000012b863e40 RSI: ffff88813fffad10 RDI: ffff88812b863e40
RBP: ffff88810a80f8a0 R08: ffffea000000000f R09: 0000000000000000
R10: ffff88812b063e40 R11: 0000000000000004 R12: 0000000000000000
R13: ffff88813fca3160 R14: 0000000000000000 R15: ffff88812b863e40
FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f51724ef000 CR3: 000000011982c000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
obj_cgroup_uncharge mm/memcontrol.c:2936 [inline]
__memcg_slab_free_hook+0x21d/0x570 mm/memcontrol.c:3023
memcg_slab_free_hook mm/slub.c:2178 [inline]
slab_free mm/slub.c:4606 [inline]
kfree+0x676/0xdb0 mm/slub.c:4757
kvfree+0x69/0x80 mm/util.c:705
netif_free_rx_queues net/core/dev.c:10646 [inline]
free_netdev+0x407/0x930 net/core/dev.c:11623
netdev_run_todo+0x14c3/0x1780 net/core/dev.c:11180
rtnl_unlock+0x17/0x20 net/core/rtnetlink.c:151
cleanup_net+0xf07/0x1d20 net/core/net_namespace.c:648
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae0/0x1c40 kernel/workqueue.c:3317
worker_thread+0xea7/0x14f0 kernel/workqueue.c:3398
kthread+0x6b9/0xef0 kernel/kthread.c:464
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:percpu_ref_get_many include/linux/percpu-refcount.h:205 [inline]
RIP: 0010:percpu_ref_get include/linux/percpu-refcount.h:222 [inline]
RIP: 0010:obj_cgroup_get include/linux/memcontrol.h:764 [inline]
RIP: 0010:refill_obj_stock+0x140/0x5d0 mm/memcontrol.c:2870
Code: 00 00 48 85 db 0f 85 e1 02 00 00 be 08 00 00 00 4c 89 ff e8 52 c1 f4 ff 4d 85 e4 0f 85 dd 03 00 00 4d 85 e4 0f 85 e5 03 00 00 <65> 49 ff 07 e8 a7 b6 31 ff 4c 89 ef e8 df c0 f4 ff 48 c7 00 00 00
RSP: 0018:ffff88810a80f828 EFLAGS: 00010046
RAX: ffff88812b463e40 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 000000012b863e40 RSI: ffff88813fffad10 RDI: ffff88812b863e40
RBP: ffff88810a80f8a0 R08: ffffea000000000f R09: 0000000000000000
R10: ffff88812b063e40 R11: 0000000000000004 R12: 0000000000000000
R13: ffff88813fca3160 R14: 0000000000000000 R15: ffff88812b863e40
FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f51724ef000 CR3: 000000011982c000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: 48 85 db test %rbx,%rbx
5: 0f 85 e1 02 00 00 jne 0x2ec
b: be 08 00 00 00 mov $0x8,%esi
10: 4c 89 ff mov %r15,%rdi
13: e8 52 c1 f4 ff call 0xfff4c16a
18: 4d 85 e4 test %r12,%r12
1b: 0f 85 dd 03 00 00 jne 0x3fe
21: 4d 85 e4 test %r12,%r12
24: 0f 85 e5 03 00 00 jne 0x40f
* 2a: 65 49 ff 07 incq %gs:(%r15) <-- trapping instruction
2e: e8 a7 b6 31 ff call 0xff31b6da
33: 4c 89 ef mov %r13,%rdi
36: e8 df c0 f4 ff call 0xfff4c11a
3b: 48 rex.W
3c: c7 .byte 0xc7
3d: 00 00 add %al,(%rax)