syzbot

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:task_cpu include/linux/sched.h:2268 [inline]
RIP: 0010:is_task_rq_idle kernel/sched/core.c:6169 [inline]
RIP: 0010:cookie_equals kernel/sched/core.c:6174 [inline]
RIP: 0010:pick_next_task kernel/sched/core.c:6355 [inline]
RIP: 0010:__schedule+0x4030/0x5550 kernel/sched/core.c:7143
Code: 24 80 00 00 00 e8 80 97 f2 f6 48 8b 84 24 80 00 00 00 48 8b 18 4c 8d 7b 14 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 87 04 00 00 45 8b 3f 49 83 ff 08 0f 83 98
RSP: 0018:ffffc900001e7c40 EFLAGS: 00010003
RAX: 0000000000000002 RBX: 0000000000000000 RCX: dffffc0000000000
RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff8880b863c918
RBP: ffffc900001e7e30 R08: ffffffff8fcf38f7 R09: 1ffffffff1f9e71e
R10: dffffc0000000000 R11: fffffbfff1f9e71f R12: ffff8880b873c658
R13: ffff888125b6b000 R14: 1ffff110170e7922 R15: 0000000000000014
FS:  0000000000000000(0000) GS:ffff888125b6b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c4225ba CR3: 0000000058e1a000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 schedule_idle+0x51/0x90 kernel/sched/core.c:7348
 do_idle+0x4a6/0x540 kernel/sched/idle.c:384
 cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:454
 start_secondary+0x101/0x110 arch/x86/kernel/smpboot.c:312
 common_startup_64+0x13e/0x157
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:task_cpu include/linux/sched.h:2268 [inline]
RIP: 0010:is_task_rq_idle kernel/sched/core.c:6169 [inline]
RIP: 0010:cookie_equals kernel/sched/core.c:6174 [inline]
RIP: 0010:pick_next_task kernel/sched/core.c:6355 [inline]
RIP: 0010:__schedule+0x4030/0x5550 kernel/sched/core.c:7143
Code: 24 80 00 00 00 e8 80 97 f2 f6 48 8b 84 24 80 00 00 00 48 8b 18 4c 8d 7b 14 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 87 04 00 00 45 8b 3f 49 83 ff 08 0f 83 98
RSP: 0018:ffffc900001e7c40 EFLAGS: 00010003
RAX: 0000000000000002 RBX: 0000000000000000 RCX: dffffc0000000000
RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff8880b863c918
RBP: ffffc900001e7e30 R08: ffffffff8fcf38f7 R09: 1ffffffff1f9e71e
R10: dffffc0000000000 R11: fffffbfff1f9e71f R12: ffff8880b873c658
R13: ffff888125b6b000 R14: 1ffff110170e7922 R15: 0000000000000014
FS:  0000000000000000(0000) GS:ffff888125b6b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c4225ba CR3: 0000000058e1a000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	24 80                	and    $0x80,%al
   2:	00 00                	add    %al,(%rax)
   4:	00 e8                	add    %ch,%al
   6:	80 97 f2 f6 48 8b 84 	adcb   $0x84,-0x74b7090e(%rdi)
   d:	24 80                	and    $0x80,%al
   f:	00 00                	add    %al,(%rax)
  11:	00 48 8b             	add    %cl,-0x75(%rax)
  14:	18 4c 8d 7b          	sbb    %cl,0x7b(%rbp,%rcx,4)
  18:	14 4c                	adc    $0x4c,%al
  1a:	89 f8                	mov    %edi,%eax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df
* 2a:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	0f 85 87 04 00 00    	jne    0x4bd
  36:	45 8b 3f             	mov    (%r15),%r15d
  39:	49 83 ff 08          	cmp    $0x8,%r15
  3d:	0f                   	.byte 0xf
  3e:	83                   	.byte 0x83
  3f:	98                   	cwtl