------------[ cut here ]------------ WARNING: kernel/sched/core.c:10569 at sched_mm_cid_fork+0x74/0xdac kernel/sched/core.c:10569, CPU#1: kworker/u8:13/6737 Modules linked in: CPU: 1 UID: 0 PID: 6737 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : sched_mm_cid_fork+0x74/0xdac kernel/sched/core.c:10569 lr : sched_mm_cid_after_execve+0x10/0x1c kernel/sched/core.c:10700 sp : ffff8000a4447c00 x29: ffff8000a4447c30 x28: ffff0000d2b05580 x27: 1fffe0001a560b62 x26: dfff800000000000 x25: dfff800000000000 x24: 00000000fffffffe x23: ffff0000d2b05b10 x22: 0000000000000000 x21: 0000000000000000 x20: 0000000000000000 x19: ffff0000d2b05ad8 x18: 00000000ffffffff x17: ffff800080dc3b98 x16: ffff800080545240 x15: 0000000000000001 x14: 1ffff00011f73bf0 x13: 0000000000000000 x12: 0000000000000000 x11: ffff700011f73bf1 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 0000000000000000 x7 : ffff800080dc3ba8 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008054529c x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff0000d2b05580 Call trace: sched_mm_cid_fork+0x74/0xdac kernel/sched/core.c:10569 (P) sched_mm_cid_after_execve+0x10/0x1c kernel/sched/core.c:10700 bprm_execve+0xb48/0x11c4 fs/exec.c:1776 kernel_execve+0x70c/0x7f4 fs/exec.c:1919 call_usermodehelper_exec_async+0x1f8/0x34c kernel/umh.c:109 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 irq event stamp: 194 hardirqs last enabled at (193): [] kasan_quarantine_put+0x1a0/0x1c8 mm/kasan/quarantine.c:234 hardirqs last disabled at (194): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (0): [] copy_process+0x10a8/0x32fc kernel/fork.c:2167 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace 0000000000000000 ]--- Unable to handle kernel paging request at virtual address dfff80000000003c KASAN: null-ptr-deref in range [0x00000000000001e0-0x00000000000001e7] Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [dfff80000000003c] address between user and kernel address ranges Internal error: Oops: 0000000096000005 [#1] SMP Modules linked in: CPU: 1 UID: 0 PID: 6737 Comm: kworker/u8:13 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __mutex_lock_common+0x138/0x2678 kernel/locking/mutex.c:593 lr : __mutex_lock_common+0x10c/0x2678 kernel/locking/mutex.c:591 sp : ffff8000a44479a0 x29: ffff8000a4447b90 x28: ffff8000a4447b00 x27: ffff8000a4447ae0 x26: ffff8000a4447aa0 x25: 0000000000000000 x24: dfff800000000000 x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000 x20: 0000000000000000 x19: 0000000000000180 x18: 00000000ffffffff x17: ffff800080dc3b98 x16: ffff800080537e24 x15: 0000000000000005 x14: 1ffff00014888f60 x13: 0000000000000000 x12: 0000000000000000 x11: ffff700014888f65 x10: 0000000000ff0100 x9 : 0000000000000003 x8 : 000000000000003c x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000020 x2 : 0000000000000000 x1 : 0000000000000080 x0 : 00000000000001e0 Call trace: __mutex_lock_common+0x138/0x2678 kernel/locking/mutex.c:593 (P) __mutex_lock kernel/locking/mutex.c:776 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828 class_mutex_constructor include/linux/mutex.h:253 [inline] sched_mm_cid_fork+0x8c/0xdac kernel/sched/core.c:10571 sched_mm_cid_after_execve+0x10/0x1c kernel/sched/core.c:10700 bprm_execve+0xb48/0x11c4 fs/exec.c:1776 kernel_execve+0x70c/0x7f4 fs/exec.c:1919 call_usermodehelper_exec_async+0x1f8/0x34c kernel/umh.c:109 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 Code: b94d2108 35000128 91018260 d343fc08 (38786908) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: b94d2108 ldr w8, [x8, #3360] 4: 35000128 cbnz w8, 0x28 8: 91018260 add x0, x19, #0x60 c: d343fc08 lsr x8, x0, #3 * 10: 38786908 ldrb w8, [x8, x24] <-- trapping instruction