Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe000: 0000 [#1] SMP KASAN PTI
KASAN: probably user-memory-access in range [0x00000000ffff0000-0x00000000ffff0007]
CPU: 0 UID: 0 PID: 11720 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:percpu_ref_get_many+0x8d/0x140
Code: 01 48 c7 c7 60 4c 98 8b be 4b 03 00 00 48 c7 c2 a0 4c 98 8b e8 84 bd 71 ff 49 bc 00 00 00 00 00 fc ff df 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 b4 4d f7 ff 49 8b 07 a8 03 75 62
RSP: 0018:ffffc900044df660 EFLAGS: 00010206
RAX: 000000001fffe000 RBX: ffffffff822bc819 RCX: 63cb42a0d0b0b400
RDX: 0000000000000000 RSI: ffffffff8be325e0 RDI: ffffffff8be325a0
RBP: 0000000000000078 R08: 0000000000000000 R09: ffffffff822bc819
R10: dffffc0000000000 R11: fffffbfff1f46847 R12: dffffc0000000000
R13: ffff88804b03b540 R14: 0000000000000001 R15: 00000000ffff0000
FS:  0000555586a11500(0000) GS:ffff8880b8624000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f075e0e0300 CR3: 00000001174ba000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 refill_obj_stock+0x254/0x850
 __memcg_slab_free_hook+0x127/0x3d0
 kmem_cache_free+0x223/0x400
 flush_sigqueue+0x1c1/0x230
 release_task+0x132f/0x17f0
 wait_consider_task+0x1944/0x2e10
 __do_wait+0x153/0x740
 do_wait+0x1f8/0x520
 kernel_wait4+0x1af/0x280
 __x64_sys_wait4+0x133/0x1e0
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f075dd84e57
Code: 89 7c 24 10 48 89 4c 24 18 e8 45 1b 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 95 1b 03 00 8b 44
RSP: 002b:00007ffcbc6bdc60 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
RAX: ffffffffffffffda RBX: 00000000000001a9 RCX: 00007f075dd84e57
RDX: 0000000040000001 RSI: 00007ffcbc6bdccc RDI: 00000000ffffffff
RBP: 00007ffcbc6bdccc R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000001388
R13: 00000000000927c0 R14: 000000000006640d R15: 00007ffcbc6bdd20
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:percpu_ref_get_many+0x8d/0x140
Code: 01 48 c7 c7 60 4c 98 8b be 4b 03 00 00 48 c7 c2 a0 4c 98 8b e8 84 bd 71 ff 49 bc 00 00 00 00 00 fc ff df 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 b4 4d f7 ff 49 8b 07 a8 03 75 62
RSP: 0018:ffffc900044df660 EFLAGS: 00010206
RAX: 000000001fffe000 RBX: ffffffff822bc819 RCX: 63cb42a0d0b0b400
RDX: 0000000000000000 RSI: ffffffff8be325e0 RDI: ffffffff8be325a0
RBP: 0000000000000078 R08: 0000000000000000 R09: ffffffff822bc819
R10: dffffc0000000000 R11: fffffbfff1f46847 R12: dffffc0000000000
R13: ffff88804b03b540 R14: 0000000000000001 R15: 00000000ffff0000
FS:  0000555586a11500(0000) GS:ffff8880b8624000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f075e0e0300 CR3: 00000001174ba000 CR4: 00000000000006f0
