Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
CPU: 0 UID: 0 PID: 26617 Comm: syz.6.7492 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:pick_next_entity kernel/sched/fair.c:5757 [inline]
RIP: 0010:wakeup_preempt_fair+0x60a/0xfd0 kernel/sched/fair.c:9141
Code: 0f 85 02 02 00 00 44 89 ee 4c 89 f7 4c 89 04 24 e8 9b 00 fd ff 4c 8b 04 24 48 8d 78 59 48 89 fa 48 89 fe 48 c1 ea 03 83 e6 07 <42> 0f b6 14 22 40 38 f2 7f 08 84 d2 0f 85 53 09 00 00 80 78 59 00
RSP: 0018:ffffc9002400f488 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff888021264a80 RCX: 1ffff1100424c95b
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
RBP: ffff88801402ca80 R08: ffff888021264b30 R09: 0000000000000000
R10: ffff888021264a07 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000000 R14: ffff88802b23b440 R15: ffff88802b23b380
FS:  0000000000000000(0000) GS:ffff88809717d000(0063) knlGS:0000000056fbc480
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000f73617f8 CR3: 0000000051d52000 CR4: 0000000000352ef0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 wakeup_preempt+0x1a3/0x400 kernel/sched/core.c:2248
 attach_task kernel/sched/sched.h:3035 [inline]
 attach_tasks kernel/sched/fair.c:10026 [inline]
 sched_balance_rq+0x15cd/0x36d0 kernel/sched/fair.c:12164
 sched_balance_newidle kernel/sched/fair.c:13239 [inline]
 pick_next_task_fair+0x773/0x2470 kernel/sched/fair.c:9267
 __pick_next_task+0xea/0x6c0 kernel/sched/core.c:6019
 pick_next_task kernel/sched/core.c:6126 [inline]
 __schedule+0x5b7/0x6820 kernel/sched/core.c:7105
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7283
 futex_do_wait+0x88/0x180 kernel/futex/waitwake.c:358
 __futex_wait+0x1c4/0x300 kernel/futex/waitwake.c:691
 futex_wait+0xe6/0x370 kernel/futex/waitwake.c:719
 do_futex+0x1ef/0x350 kernel/futex/syscalls.c:130
 __do_sys_futex_time32 kernel/futex/syscalls.c:523 [inline]
 __se_sys_futex_time32 kernel/futex/syscalls.c:506 [inline]
 __ia32_sys_futex_time32+0x2f4/0x470 kernel/futex/syscalls.c:506
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 __do_fast_syscall_32+0xe7/0x950 arch/x86/entry/syscall_32.c:307
 do_fast_syscall_32+0x32/0x70 arch/x86/entry/syscall_32.c:332
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f03fcc
Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
RSP: 002b:00000000ff9ef18c EFLAGS: 00000202 ORIG_RAX: 00000000000000f0
RAX: ffffffffffffffda RBX: 00000000f73c4f8c RCX: 0000000000000080
RDX: 0000000000000000 RSI: 00000000ff9ef328 RDI: 0000000000000000
RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:pick_next_entity kernel/sched/fair.c:5757 [inline]
RIP: 0010:wakeup_preempt_fair+0x60a/0xfd0 kernel/sched/fair.c:9141
Code: 0f 85 02 02 00 00 44 89 ee 4c 89 f7 4c 89 04 24 e8 9b 00 fd ff 4c 8b 04 24 48 8d 78 59 48 89 fa 48 89 fe 48 c1 ea 03 83 e6 07 <42> 0f b6 14 22 40 38 f2 7f 08 84 d2 0f 85 53 09 00 00 80 78 59 00
RSP: 0018:ffffc9002400f488 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff888021264a80 RCX: 1ffff1100424c95b
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
RBP: ffff88801402ca80 R08: ffff888021264b30 R09: 0000000000000000
R10: ffff888021264a07 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000000 R14: ffff88802b23b440 R15: ffff88802b23b380
FS:  0000000000000000(0000) GS:ffff88809717d000(0063) knlGS:0000000056fbc480
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000f73617f8 CR3: 0000000051d52000 CR4: 0000000000352ef0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	0f 85 02 02 00 00    	jne    0x208
   6:	44 89 ee             	mov    %r13d,%esi
   9:	4c 89 f7             	mov    %r14,%rdi
   c:	4c 89 04 24          	mov    %r8,(%rsp)
  10:	e8 9b 00 fd ff       	call   0xfffd00b0
  15:	4c 8b 04 24          	mov    (%rsp),%r8
  19:	48 8d 78 59          	lea    0x59(%rax),%rdi
  1d:	48 89 fa             	mov    %rdi,%rdx
  20:	48 89 fe             	mov    %rdi,%rsi
  23:	48 c1 ea 03          	shr    $0x3,%rdx
  27:	83 e6 07             	and    $0x7,%esi
* 2a:	42 0f b6 14 22       	movzbl (%rdx,%r12,1),%edx <-- trapping instruction
  2f:	40 38 f2             	cmp    %sil,%dl
  32:	7f 08                	jg     0x3c
  34:	84 d2                	test   %dl,%dl
  36:	0f 85 53 09 00 00    	jne    0x98f
  3c:	80 78 59 00          	cmpb   $0x0,0x59(%rax)