__x64_sys_mkdir+0xf3/0x140
 do_syscall_64+0xbf/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
------------[ cut here ]------------
percpu ref (css_release) <= 0 (-2452) after switching to atomic
WARNING: lib/percpu-refcount.c:197 at percpu_ref_switch_to_atomic_rcu+0x3cc/0x480, CPU#0: systemd/1
Modules linked in:
CPU: 0 UID: 0 PID: 1 Comm: systemd Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:percpu_ref_switch_to_atomic_rcu+0x3cc/0x480
Code: 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 9e 00 00 00 49 8b 75 e8 48 c7 c7 80 97 e2 84 e8 75 c5 e9 fe 90 <0f> 0b 90 90 e9 2b ff ff ff e8 f6 de 5f ff e9 9e fe ff ff e8 7c df
RSP: 0018:ffff88806ce08e20 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8139de70
RDX: ffff8880094f8000 RSI: ffffffff8139de7e RDI: 0000000000000001
RBP: 7ffffffffffff66b R08: 0000000000000001 R09: ffffed100d9c4801
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800a225200
R13: ffff88800a225220 R14: 0000000000000002 R15: 0000000000000003
FS:  00007fc0c65fe900(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056522cb197b8 CR3: 000000000707c000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 rcu_core+0x7c8/0x1800
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:stack_depot_save_flags+0xc8/0xa20
Code: 89 c8 29 cb 01 c1 41 c1 c0 08 44 31 c3 41 89 d8 29 d8 01 cb 41 c1 c0 10 44 31 c0 29 c1 41 89 c8 89 c1 01 d8 c1 c9 0d 44 31 c1 <29> cb 41 89 d8 89 cb 01 c1 c1 c3 04 44 31 c3 83 ff 03 77 95 83 ff
RSP: 0018:ffff888009547bc0 EFLAGS: 00000202
RAX: 00000000d7e98218 RBX: 000000009e914fe0 RCX: 0000000075799132
RDX: 0000000000000007 RSI: ffff888009547c40 RDI: 0000000000000008
RBP: 0000000000000001 R08: 00000000e4b85bf3 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000002800 R14: ffff888009547c28 R15: 0000000000000007
 set_track_prepare+0x44/0x70
 __alloc_object+0xf0/0x2c0
 __create_object+0x1d/0x80
 __kmalloc_cache_noprof+0x42a/0x690
 kmem_cache_free+0x134/0x540
 __fput+0x67b/0xb50
 fput_close_sync+0x10f/0x240
 __x64_sys_close+0x8f/0x120
 do_syscall_64+0xbf/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc0c6dcc6eb
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 a3 56 f9 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 e1 56 f9 ff 8b 44
RSP: 002b:00007ffd26f20d30 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 00007fc0c65fe6c8 RCX: 00007fc0c6dcc6eb
RDX: 000000000000000f RSI: 0000000000000007 RDI: 000000000000000d
RBP: 000000000000000d R08: 0000000000000000 R09: 000056522cb19a30
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
R13: 00007ffd26f20df0 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
irq event stamp: 5936644
hardirqs last  enabled at (5936652): [<ffffffff81541b18>] __up_console_sem+0x78/0x80
hardirqs last disabled at (5936661): [<ffffffff81541afd>] __up_console_sem+0x5d/0x80
softirqs last  enabled at (5935672): [<ffffffff813bafcc>] handle_softirqs+0x50c/0x770
softirqs last disabled at (5935893): [<ffffffff813bb364>] __irq_exit_rcu+0xc4/0x100
---[ end trace 0000000000000000 ]---
percpu_ref_switch_to_atomic_rcu: percpu_ref_switch_to_atomic_rcu(): percpu_ref underflow slab kmalloc-64 start ffff88800a225200 pointer offset 0 size 64
percpu_ref_switch_to_atomic_rcu: percpu_ref_switch_to_atomic_rcu(): percpu_ref underflow slab kmalloc-64 start ffff88800daa8000 pointer offset 0 size 64
----------------
Code disassembly (best guess):
   0:	89 c8                	mov    %ecx,%eax
   2:	29 cb                	sub    %ecx,%ebx
   4:	01 c1                	add    %eax,%ecx
   6:	41 c1 c0 08          	rol    $0x8,%r8d
   a:	44 31 c3             	xor    %r8d,%ebx
   d:	41 89 d8             	mov    %ebx,%r8d
  10:	29 d8                	sub    %ebx,%eax
  12:	01 cb                	add    %ecx,%ebx
  14:	41 c1 c0 10          	rol    $0x10,%r8d
  18:	44 31 c0             	xor    %r8d,%eax
  1b:	29 c1                	sub    %eax,%ecx
  1d:	41 89 c8             	mov    %ecx,%r8d
  20:	89 c1                	mov    %eax,%ecx
  22:	01 d8                	add    %ebx,%eax
  24:	c1 c9 0d             	ror    $0xd,%ecx
  27:	44 31 c1             	xor    %r8d,%ecx
* 2a:	29 cb                	sub    %ecx,%ebx <-- trapping instruction
  2c:	41 89 d8             	mov    %ebx,%r8d
  2f:	89 cb                	mov    %ecx,%ebx
  31:	01 c1                	add    %eax,%ecx
  33:	c1 c3 04             	rol    $0x4,%ebx
  36:	44 31 c3             	xor    %r8d,%ebx
  39:	83 ff 03             	cmp    $0x3,%edi
  3c:	77 95                	ja     0xffffffd3
  3e:	83                   	.byte 0x83
  3f:	ff                   	.byte 0xff