BUG: unable to handle page fault for address: ffffffff00000008 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 5a8b067 P4D 5a8b067 PUD 0 Oops: Oops: 0002 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 3967 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:perf_trace_add+0x225/0x340 Code: 00 4d 85 ed 74 2a e8 da b2 f5 ff 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 df 00 00 00 <4d> 89 75 08 eb 03 45 31 e4 e8 ad b2 f5 ff 44 89 e0 5b 5d 41 5c 41 RSP: 0018:ffff888044c3f5b8 EFLAGS: 00010046 RAX: dffffc0000000000 RBX: ffff888009649900 RCX: ffffffff817e42fe RDX: 1fffffffe0000001 RSI: ffffffff817e43d6 RDI: ffffffff00000008 RBP: ffffe8ffffc162b0 R08: ffffffff85ca4140 R09: ffffed1008987efe R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: ffffffff00000000 R14: ffff888009649960 R15: ffff888009649998 FS: 00007fe8a17a4700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff00000008 CR3: 0000000019a39000 CR4: 0000000000350ef0 Call Trace: event_sched_in+0x446/0xb60 merge_sched_in+0xb4d/0x1810 visit_groups_merge.constprop.0.isra.0+0x8d1/0x1150 ctx_sched_in+0x579/0x9b0 perf_event_sched_in+0x5d/0x90 __perf_event_task_sched_in+0x2ec/0x5e0 finish_task_switch.isra.0+0x410/0x840 __schedule+0xe86/0x3590 schedule+0xdb/0x390 futex_do_wait+0x88/0x180 __futex_wait+0x176/0x300 futex_wait+0xde/0x380 do_futex+0x2ee/0x370 __x64_sys_futex+0x1c9/0x4d0 do_syscall_64+0xbf/0x360 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fe8a422eb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fe8a17a4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007fe8a4341f68 RCX: 00007fe8a422eb19 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe8a4341f68 RBP: 00007fe8a4341f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe8a4341f6c R13: 00007ffff9beceff R14: 00007fe8a17a4300 R15: 0000000000022000 Modules linked in: CR2: ffffffff00000008 ---[ end trace 0000000000000000 ]--- RIP: 0010:perf_trace_add+0x225/0x340 Code: 00 4d 85 ed 74 2a e8 da b2 f5 ff 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 df 00 00 00 <4d> 89 75 08 eb 03 45 31 e4 e8 ad b2 f5 ff 44 89 e0 5b 5d 41 5c 41 RSP: 0018:ffff888044c3f5b8 EFLAGS: 00010046 RAX: dffffc0000000000 RBX: ffff888009649900 RCX: ffffffff817e42fe RDX: 1fffffffe0000001 RSI: ffffffff817e43d6 RDI: ffffffff00000008 RBP: ffffe8ffffc162b0 R08: ffffffff85ca4140 R09: ffffed1008987efe R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: ffffffff00000000 R14: ffff888009649960 R15: ffff888009649998 FS: 00007fe8a17a4700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff00000008 CR3: 0000000019a39000 CR4: 0000000000350ef0 note: syz-executor.4[3967] exited with irqs disabled ---------------- Code disassembly (best guess): 0: 00 4d 85 add %cl,-0x7b(%rbp) 3: ed in (%dx),%eax 4: 74 2a je 0x30 6: e8 da b2 f5 ff callq 0xfff5b2e5 b: 49 8d 7d 08 lea 0x8(%r13),%rdi f: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 16: fc ff df 19: 48 89 fa mov %rdi,%rdx 1c: 48 c1 ea 03 shr $0x3,%rdx 20: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 24: 0f 85 df 00 00 00 jne 0x109 * 2a: 4d 89 75 08 mov %r14,0x8(%r13) <-- trapping instruction 2e: eb 03 jmp 0x33 30: 45 31 e4 xor %r12d,%r12d 33: e8 ad b2 f5 ff callq 0xfff5b2e5 38: 44 89 e0 mov %r12d,%eax 3b: 5b pop %rbx 3c: 5d pop %rbp 3d: 41 5c pop %r12 3f: 41 rex.B