Oops: general protection fault, probably for non-canonical address 0xdffffc0000000084: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000420-0x0000000000000427]
CPU: 0 PID: 37 Comm: khugepaged Not tainted 6.10.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:khugepaged_scan_mm_slot mm/khugepaged.c:2365 [inline]
RIP: 0010:khugepaged_do_scan mm/khugepaged.c:2498 [inline]
RIP: 0010:khugepaged+0x6ed/0x1b90 mm/khugepaged.c:2554
Code: 1b be 00 00 00 01 48 21 de 31 ff e8 dd 40 94 ff b8 00 00 00 01 48 21 c3 0f 85 69 0d 00 00 49 8d 7c 24 20 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 37 f1 f9 ff 4d 8b 74 24 20 49 8d 5c 24 70
RSP: 0018:ffffc90000ad7bc0 EFLAGS: 00010217
RAX: 0000000000000084 RBX: 0000000000000000 RCX: ffff88801b2f8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000426
RBP: ffffc90000ad7ed0 R08: ffffffff8201eb53 R09: 1ffff11002a0e480
R10: dffffc0000000000 R11: ffffed1002a0e481 R12: 0000000000000406
R13: ffffc90000ad7e10 R14: ffff888015071d44 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9c1c123108 CR3: 000000006144e000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 kthread+0x2f2/0x390 kernel/kthread.c:389
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:khugepaged_scan_mm_slot mm/khugepaged.c:2365 [inline]
RIP: 0010:khugepaged_do_scan mm/khugepaged.c:2498 [inline]
RIP: 0010:khugepaged+0x6ed/0x1b90 mm/khugepaged.c:2554
Code: 1b be 00 00 00 01 48 21 de 31 ff e8 dd 40 94 ff b8 00 00 00 01 48 21 c3 0f 85 69 0d 00 00 49 8d 7c 24 20 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 37 f1 f9 ff 4d 8b 74 24 20 49 8d 5c 24 70
RSP: 0018:ffffc90000ad7bc0 EFLAGS: 00010217
RAX: 0000000000000084 RBX: 0000000000000000 RCX: ffff88801b2f8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000426
RBP: ffffc90000ad7ed0 R08: ffffffff8201eb53 R09: 1ffff11002a0e480
R10: dffffc0000000000 R11: ffffed1002a0e481 R12: 0000000000000406
R13: ffffc90000ad7e10 R14: ffff888015071d44 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c349108 CR3: 000000006d7a4000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	1b be 00 00 00 01    	sbb    0x1000000(%rsi),%edi
   6:	48 21 de             	and    %rbx,%rsi
   9:	31 ff                	xor    %edi,%edi
   b:	e8 dd 40 94 ff       	call   0xff9440ed
  10:	b8 00 00 00 01       	mov    $0x1000000,%eax
  15:	48 21 c3             	and    %rax,%rbx
  18:	0f 85 69 0d 00 00    	jne    0xd87
  1e:	49 8d 7c 24 20       	lea    0x20(%r12),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 05                	je     0x36
  31:	e8 37 f1 f9 ff       	call   0xfff9f16d
  36:	4d 8b 74 24 20       	mov    0x20(%r12),%r14
  3b:	49 8d 5c 24 70       	lea    0x70(%r12),%rbx