Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 0 UID: 0 PID: 1074 Comm: kworker/0:1H Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue:  0x0 (events_highpri)
RIP: 0010:task_cpu include/linux/sched.h:2214 [inline]
RIP: 0010:is_task_rq_idle kernel/sched/core.c:5930 [inline]
RIP: 0010:cookie_equals kernel/sched/core.c:5935 [inline]
RIP: 0010:pick_next_task kernel/sched/core.c:6115 [inline]
RIP: 0010:__schedule+0x1f42/0x5fa0 kernel/sched/core.c:6809
Code: 0f 85 34 33 00 00 4d 8b ac 24 20 0e 00 00 48 c7 c0 00 9e e7 93 48 ba 00 00 00 00 00 fc ff df 49 8d 7d 14 48 89 f9 48 c1 e9 03 <0f> b6 0c 11 48 89 fa 83 e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85 ca
RSP: 0018:ffffc90003aafc28 EFLAGS: 00010003
RAX: ffffffff93e79e00 RBX: 0000000000000001 RCX: 0000000000000002
RDX: dffffc0000000000 RSI: 1ffffffff1bdede4 RDI: 0000000000000014
RBP: ffffc90003aafd80 R08: ffff8880b843b908 R09: fffffbfff217097a
R10: ffffffff90b84bd7 R11: 0000000000000388 R12: ffff8880b853ae00
R13: 0000000000000000 R14: ffff888029ca4e80 R15: ffff8880b843ae00
FS:  0000000000000000(0000) GS:ffff8881245c1000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000001b9000 CR3: 000000004da40000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:6964
 worker_thread+0x526/0xe40 kernel/workqueue.c:3436
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x754/0xaf0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:task_cpu include/linux/sched.h:2214 [inline]
RIP: 0010:is_task_rq_idle kernel/sched/core.c:5930 [inline]
RIP: 0010:cookie_equals kernel/sched/core.c:5935 [inline]
RIP: 0010:pick_next_task kernel/sched/core.c:6115 [inline]
RIP: 0010:__schedule+0x1f42/0x5fa0 kernel/sched/core.c:6809
Code: 0f 85 34 33 00 00 4d 8b ac 24 20 0e 00 00 48 c7 c0 00 9e e7 93 48 ba 00 00 00 00 00 fc ff df 49 8d 7d 14 48 89 f9 48 c1 e9 03 <0f> b6 0c 11 48 89 fa 83 e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85 ca
RSP: 0018:ffffc90003aafc28 EFLAGS: 00010003
RAX: ffffffff93e79e00 RBX: 0000000000000001 RCX: 0000000000000002
RDX: dffffc0000000000 RSI: 1ffffffff1bdede4 RDI: 0000000000000014
RBP: ffffc90003aafd80 R08: ffff8880b843b908 R09: fffffbfff217097a
R10: ffffffff90b84bd7 R11: 0000000000000388 R12: ffff8880b853ae00
R13: 0000000000000000 R14: ffff888029ca4e80 R15: ffff8880b843ae00
FS:  0000000000000000(0000) GS:ffff8881245c1000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000001b9000 CR3: 000000004da40000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	0f 85 34 33 00 00    	jne    0x333a
   6:	4d 8b ac 24 20 0e 00 	mov    0xe20(%r12),%r13
   d:	00
   e:	48 c7 c0 00 9e e7 93 	mov    $0xffffffff93e79e00,%rax
  15:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
  1c:	fc ff df
  1f:	49 8d 7d 14          	lea    0x14(%r13),%rdi
  23:	48 89 f9             	mov    %rdi,%rcx
  26:	48 c1 e9 03          	shr    $0x3,%rcx
* 2a:	0f b6 0c 11          	movzbl (%rcx,%rdx,1),%ecx <-- trapping instruction
  2e:	48 89 fa             	mov    %rdi,%rdx
  31:	83 e2 07             	and    $0x7,%edx
  34:	83 c2 03             	add    $0x3,%edx
  37:	38 ca                	cmp    %cl,%dl
  39:	7c 08                	jl     0x43
  3b:	84 c9                	test   %cl,%cl
  3d:	0f                   	.byte 0xf
  3e:	85 ca                	test   %ecx,%edx