tmpfs: Bad value for 'mpol'
Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#1] SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
CPU: 0 UID: 0 PID: 4010 Comm: syz-executor.7 Tainted: G        W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff8880191c7780 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d24e000
RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff8880191c79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  00007fcf0ef4c700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000001ca95000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 perf_trace_run_bpf_submit+0xef/0x180
 perf_trace_preemptirq_template+0x259/0x430
 trace_irq_disable.constprop.0+0xa6/0x100
 irqentry_enter+0x2a/0x60
 sysvec_apic_timer_interrupt+0xf/0x80
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:debug_lockdep_rcu_enabled+0x2e/0x40
Code: 8b 05 c6 d7 87 01 85 c0 74 20 8b 05 c0 e2 87 01 85 c0 74 16 65 48 8b 05 98 a2 c8 02 8b 80 54 0a 00 00 85 c0 0f 94 c0 0f b6 c0 <e9> 6d 79 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90
RSP: 0018:ffff8880191c7c20 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffc9000d24e000
RDX: 0000000000040000 RSI: ffffffff816704e9 RDI: ffff8880162b3790
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: ffffffff8167311c R14: ffffed1003238fa0 R15: ffff88800f522000
 futex_ref_get+0xee/0x300
 futex_hash+0x70/0x390
 futex_wake+0x143/0x540
 do_futex+0x26d/0x370
 __x64_sys_futex+0x1c9/0x4d0
 do_syscall_64+0xbf/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcf119d6b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcf0ef4c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 00007fcf11ae9f68 RCX: 00007fcf119d6b19
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fcf11ae9f6c
RBP: 00007fcf11ae9f60 R08: 000000000000000e R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000246 R12: 00007fcf11ae9f6c
R13: 00007fff86158f5f R14: 00007fcf0ef4c300 R15: 0000000000022000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff8880191c7780 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d24e000
RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff8880191c79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  00007fcf0ef4c700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000001ca95000 CR4: 0000000000350ef0
note: syz-executor.7[4010] exited with irqs disabled
note: syz-executor.7[4010] exited with preempt_count 1
BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:51
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4010, name: syz-executor.7
preempt_count: 0, expected: 0
RCU nest depth: 2, expected: 0
INFO: lockdep is turned off.
CPU: 0 UID: 0 PID: 4010 Comm: syz-executor.7 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
Tainted: [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xfa/0x120
 __might_resched+0x2f3/0x510
 exit_signals+0x25/0x940
 do_exit+0x2db/0x2970
 make_task_dead+0x174/0x3b0
 rewind_stack_and_make_dead+0x16/0x20
RIP: 0033:0x7fcf119d6b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcf0ef4c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 00007fcf11ae9f68 RCX: 00007fcf119d6b19
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fcf11ae9f6c
RBP: 00007fcf11ae9f60 R08: 000000000000000e R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000246 R12: 00007fcf11ae9f6c
R13: 00007fff86158f5f R14: 00007fcf0ef4c300 R15: 0000000000022000
 </TASK>
Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#2] SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
CPU: 0 UID: 0 PID: 4001 Comm: syz-executor.2 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
Tainted: [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff88801c00f5c0 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
RDX: ffff88801c835280 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff88801c00f830 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  000055555a535400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 0000000043dae000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 perf_trace_run_bpf_submit+0xef/0x180
 perf_trace_preemptirq_template+0x259/0x430
 trace_irq_disable.constprop.0+0xa6/0x100
 _raw_spin_lock_irqsave+0x53/0x60
 __create_object+0x31/0x80
 kmem_cache_alloc_noprof+0x414/0x690
 security_inode_alloc+0x3e/0x130
 inode_init_always_gfp+0xc94/0xff0
 alloc_inode+0x8d/0x250
 new_inode+0x1e/0x160
 __ext4_new_inode+0x35d/0x4d70
 ext4_symlink+0x406/0xb40
 vfs_symlink+0x3fe/0x680
 do_symlinkat+0x144/0x300
 __x64_sys_symlink+0x75/0x90
 do_syscall_64+0xbf/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff43b660427
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffdbf137d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000058
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff43b660427
RDX: ffffffffffffffbc RSI: 00007ff43b6bb00e RDI: 00007ff43b6ba1dd
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fffdbf13250
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000001 R15: 00007fffdbf138a0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff8880191c7780 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d24e000
RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff8880191c79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  000055555a535400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 0000000043dae000 CR4: 0000000000350ef0
note: syz-executor.2[4001] exited with irqs disabled
note: syz-executor.2[4001] exited with preempt_count 1
Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#3] SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
CPU: 0 UID: 0 PID: 286 Comm: syz-executor.5 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
Tainted: [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff8880155cf680 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
RDX: ffff888016173700 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff8880155cf8f0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
EXT4-fs warning (device sda): ext4_group_extend:1862: can't shrink FS - resize aborted
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  0000555578f30400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000004510f000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 perf_trace_run_bpf_submit+0xef/0x180
 perf_trace_preemptirq_template+0x259/0x430
 trace_irq_disable.constprop.0+0xa6/0x100
 _raw_spin_lock_irqsave+0x53/0x60
 __create_object+0x31/0x80
 kmem_cache_alloc_noprof+0x414/0x690
 jbd2__journal_start+0x193/0x6b0
 __ext4_journal_start_sb+0x325/0x5d0
 ext4_evict_inode+0x5ee/0x1740
 evict+0x368/0x860
 iput.part.0+0x541/0x770
 iput+0x62/0x80
 do_unlinkat+0x4fb/0x670
 __x64_sys_unlink+0xc7/0x110
 do_syscall_64+0xbf/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6789442457
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffda489f078 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6789442457
RDX: 00007ffda489f0b0 RSI: 00007ffda489f0b0 RDI: 00007ffda489f140
RBP: 00007ffda489f140 R08: 0000000000000001 R09: 00007ffda489ef10
R10: 0000555578f31cdb R11: 0000000000000206 R12: 00007f678949c105
R13: 00007ffda48a0200 R14: 0000555578f31c20 R15: 00007ffda48a0240
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff8880191c7780 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d24e000
RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff8880191c79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  0000555578f30400(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000004510f000 CR4: 0000000000350ef0
note: syz-executor.5[286] exited with irqs disabled
note: syz-executor.5[286] exited with preempt_count 1
Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#4] SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
CPU: 0 UID: 0 PID: 4003 Comm: syz-executor.0 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
Tainted: [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff888046897b40 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc900007e9000
RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff888046897db0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: ffff888016173bb8 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  00007fa41bd11700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000001e782000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 perf_trace_run_bpf_submit+0xef/0x180
 perf_trace_preemptirq_template+0x259/0x430
 trace_irq_disable.constprop.0+0xa6/0x100
 do_syscall_64+0x29c/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa41e79bb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa41bd11218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000000 RBX: 00007fa41e8aef68 RCX: 00007fa41e79bb19
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa41e8aef68
RBP: 00007fa41e8aef60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa41e8aef6c
R13: 00007ffd510beaef R14: 00007fa41bd11300 R15: 0000000000022000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff8880191c7780 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d24e000
RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff8880191c79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  00007fa41bd11700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000001e782000 CR4: 0000000000350ef0
note: syz-executor.0[4003] exited with irqs disabled
note: syz-executor.0[4003] exited with preempt_count 1
Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#5] SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
CPU: 0 UID: 0 PID: 59 Comm: kworker/0:2 Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
Tainted: [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Workqueue:  0x0 (ata_sff)
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff88800f22f9c0 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
RDX: ffff88800f201b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff88800f22fc30 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: ffff88801b5dbbb8 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000001e782000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 perf_trace_run_bpf_submit+0xef/0x180
 perf_trace_preemptirq_template+0x259/0x430
 trace_irq_disable.constprop.0+0xa6/0x100
 _raw_spin_lock_irq+0x42/0x50
 worker_thread+0x163/0xe90
 kthread+0x3c8/0x740
 ret_from_fork+0x34b/0x430
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff8880191c7780 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d24e000
RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff8880191c79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000001e782000 CR4: 0000000000350ef0
note: kworker/0:2[59] exited with irqs disabled
note: kworker/0:2[59] exited with preempt_count 1
Oops: general protection fault, probably for non-canonical address 0xdffffc0020000032: 0000 [#6] SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x0000000100000190-0x0000000100000197]
CPU: 0 UID: 0 PID: 270 Comm: syz-fuzzer Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
Tainted: [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff8880192ff580 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: 0000000000000002
RDX: ffff88800e821b80 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff8880192ff7f0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: 1ffff1100d9c6f7b R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  000000c0002f0b10(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000001e91e000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 perf_trace_run_bpf_submit+0xef/0x180
 perf_trace_preemptirq_template+0x259/0x430
 trace_irq_disable.constprop.0+0xa6/0x100
 pgd_free+0x4de/0x650
 __mmdrop+0xd5/0x4a0
 finish_task_switch.isra.0+0x478/0x840
 __schedule+0xe86/0x3590
 schedule+0xdb/0x390
 schedule_hrtimeout_range_clock+0x11f/0x310
 do_epoll_wait+0xc8d/0xee0
 do_compat_epoll_pwait.part.0+0x29/0x1d0
 __x64_sys_epoll_pwait+0x1de/0x320
 do_syscall_64+0xbf/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x4666e0
Code: 0f 05 89 44 24 20 c3 cc cc cc 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 44 8b 54 24 1c 49 c7 c0 00 00 00 00 b8 19 01 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc cc cc cc cc cc cc cc 8b 7c 24 08 48 c7
RSP: 002b:000000c0000bd7f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000119
RAX: ffffffffffffffda RBX: 00000000000001e6 RCX: 00000000004666e0
RDX: 0000000000000080 RSI: 000000c0000bd840 RDI: 0000000000000003
RBP: 000000c0000bde40 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000000001e6 R11: 0000000000000246 R12: 0000000000000003
R13: 000000c0000ad680 R14: 000000c00257b980 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff8880191c7780 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d24e000
RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff8880191c79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  000000c0002f0b10(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000001e91e000 CR4: 0000000000350ef0
note: syz-fuzzer[270] exited with irqs disabled
note: syz-fuzzer[270] exited with preempt_count 2
Oops: general protection fault, probably for non-canonical address 0xfbfffb8000000003: 0000 [#7] SMP KASAN NOPTI
KASAN: maybe wild-memory-access in range [0xdffffc0000000018-0xdffffc000000001f]
CPU: 0 UID: 0 PID: 270 Comm: syz-fuzzer Tainted: G      D W           6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) 
Tainted: [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:timerqueue_add+0xf7/0x330
Code: 48 c1 ea 03 42 80 3c 22 00 0f 85 ca 01 00 00 49 8b 17 48 85 d2 74 40 48 89 d3 e8 24 e1 bb fc 48 8d 7b 18 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 b1 01 00 00 4c 8b 7b 18 4c 89 ef 4c 89 fe e8
RSP: 0018:ffff8880192ffa68 EFLAGS: 00010016
RAX: 1bffff8000000003 RBX: dffffc0000000000 RCX: ffffffff84b815b1
RDX: ffff88800e821b80 RSI: ffffffff84b8158c RDI: dffffc0000000018
RBP: ffff88806ce37888 R08: 0000000000000000 R09: fffffbfff0c8768a
R10: ffff88806ce36f80 R11: ffff88806ce37018 R12: dffffc0000000000
R13: 000000229c30867d R14: 0000000000000000 R15: ffff8880192ffc08
FS:  000000c0002f0b10(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000001e91e000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 hrtimer_start_range_ns+0x89e/0xdb0
 start_dl_timer+0x336/0x4f0
 update_curr_dl_se+0x76c/0x940
 update_curr+0x39e/0x500
 pick_task_fair+0x17f/0x270
 pick_next_task_fair+0x47/0xed0
 __schedule+0x770/0x3590
 __cond_resched+0x4c/0x80
 exit_signals+0x2a/0x940
 do_exit+0x2db/0x2970
 make_task_dead+0x174/0x3b0
 rewind_stack_and_make_dead+0x16/0x20
RIP: 0033:0x4666e0
Code: 0f 05 89 44 24 20 c3 cc cc cc 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 44 8b 54 24 1c 49 c7 c0 00 00 00 00 b8 19 01 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc cc cc cc cc cc cc cc 8b 7c 24 08 48 c7
RSP: 002b:000000c0000bd7f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000119
RAX: ffffffffffffffda RBX: 00000000000001e6 RCX: 00000000004666e0
RDX: 0000000000000080 RSI: 000000c0000bd840 RDI: 0000000000000003
RBP: 000000c0000bde40 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000000001e6 R11: 0000000000000246 R12: 0000000000000003
R13: 000000c0000ad680 R14: 000000c00257b980 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:perf_tp_event+0x175/0xe70
Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
RSP: 0018:ffff8880191c7780 EFLAGS: 00010012
RAX: 0000000020000032 RBX: 00000000ffffffa0 RCX: ffffc9000d24e000
RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000100000190
RBP: ffff8880191c79f0 R08: ffff88806ce31340 R09: ffffe8ffffc16d20
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
FS:  000000c0002f0b10(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf11aea018 CR3: 000000001e91e000 CR4: 0000000000350ef0
note: syz-fuzzer[270] exited with irqs disabled
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	df 48 89             	fisttps -0x77(%rax)
   3:	85 a8 fd ff ff 48    	test   %ebp,0x48fffffd(%rax)
   9:	c1 e8 03             	shr    $0x3,%eax
   c:	4c 01 e0             	add    %r12,%rax
   f:	48 89 85 c8 fd ff ff 	mov    %rax,-0x238(%rbp)
  16:	e8 c9 51 ea ff       	callq  0xffea51e4
  1b:	48 8d bb f0 01 00 00 	lea    0x1f0(%rbx),%rdi
  22:	48 89 f8             	mov    %rdi,%rax
  25:	48 c1 e8 03          	shr    $0x3,%rax
* 29:	42 0f b6 04 20       	movzbl (%rax,%r12,1),%eax <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	74 08                	je     0x3a
  32:	3c 03                	cmp    $0x3,%al
  34:	0f 8e c5 0b 00 00    	jle    0xbff
  3a:	44                   	rex.R
  3b:	8b                   	.byte 0x8b
  3c:	ab                   	stos   %eax,%es:(%rdi)
  3d:	f0                   	lock
  3e:	01                   	.byte 0x1