syzbot

Oops: general protection fault, probably for non-canonical address 0xfbd59c0000000025: 0000 [#1] SMP KASAN PTI
KASAN: maybe wild-memory-access in range [0xdead000000000128-0xdead00000000012f]
CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:__hlist_del include/linux/list.h:994 [inline]
RIP: 0010:detach_timer+0x120/0x300 kernel/time/timer.c:891
Code: c1 e8 03 80 3c 28 00 74 08 4c 89 e7 e8 19 bd 79 00 4d 89 3c 24 4d 85 ff 74 46 e8 fb b2 13 00 49 83 c7 08 4c 89 f8 48 c1 e8 03 <80> 3c 28 00 74 08 4c 89 ff e8 f2 bc 79 00 4d 89 27 80 7c 24 04 00
RSP: 0018:ffffc90000a3faf8 EFLAGS: 00010802
RAX: 1bd5a00000000025 RBX: 1ffff1100c9f9be7 RCX: ffff88801d2b3c80
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000100
R10: dffffc0000000000 R11: fffffbfff1ed44b7 R12: ffffc90000a3fc10
R13: ffff888064fcdf40 R14: 1ffff1100c9f9be8 R15: dead00000000012a
FS:  0000000000000000(0000) GS:ffff888126443000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000003f000 CR3: 0000000035494000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 expire_timers kernel/time/timer.c:1782 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x624/0x9f0 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
 handle_softirqs+0x1de/0x6f0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 run_ktimerd+0x69/0x100 kernel/softirq.c:1138
 smpboot_thread_fn+0x541/0xa50 kernel/smpboot.c:160
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__hlist_del include/linux/list.h:994 [inline]
RIP: 0010:detach_timer+0x120/0x300 kernel/time/timer.c:891
Code: c1 e8 03 80 3c 28 00 74 08 4c 89 e7 e8 19 bd 79 00 4d 89 3c 24 4d 85 ff 74 46 e8 fb b2 13 00 49 83 c7 08 4c 89 f8 48 c1 e8 03 <80> 3c 28 00 74 08 4c 89 ff e8 f2 bc 79 00 4d 89 27 80 7c 24 04 00
RSP: 0018:ffffc90000a3faf8 EFLAGS: 00010802
RAX: 1bd5a00000000025 RBX: 1ffff1100c9f9be7 RCX: ffff88801d2b3c80
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000100
R10: dffffc0000000000 R11: fffffbfff1ed44b7 R12: ffffc90000a3fc10
R13: ffff888064fcdf40 R14: 1ffff1100c9f9be8 R15: dead00000000012a
FS:  0000000000000000(0000) GS:ffff888126443000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000003f000 CR3: 0000000035494000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	c1 e8 03             	shr    $0x3,%eax
   3:	80 3c 28 00          	cmpb   $0x0,(%rax,%rbp,1)
   7:	74 08                	je     0x11
   9:	4c 89 e7             	mov    %r12,%rdi
   c:	e8 19 bd 79 00       	call   0x79bd2a
  11:	4d 89 3c 24          	mov    %r15,(%r12)
  15:	4d 85 ff             	test   %r15,%r15
  18:	74 46                	je     0x60
  1a:	e8 fb b2 13 00       	call   0x13b31a
  1f:	49 83 c7 08          	add    $0x8,%r15
  23:	4c 89 f8             	mov    %r15,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 28 00          	cmpb   $0x0,(%rax,%rbp,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 ff             	mov    %r15,%rdi
  33:	e8 f2 bc 79 00       	call   0x79bd2a
  38:	4d 89 27             	mov    %r12,(%r15)
  3b:	80 7c 24 04 00       	cmpb   $0x0,0x4(%rsp)