BUG: unable to handle page fault for address: ffffdc0000000019
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 11826067 P4D 11826067 PUD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1037 Comm: kworker/u4:5 Not tainted 5.19.0-syzkaller-14264-gf6eb0fed6a39 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Workqueue: events_unbound call_usermodehelper_exec_work
RIP: 0010:sched_change_group+0xd5/0x370 kernel/sched/core.c:10181
Code: 03 80 3c 02 00 0f 85 1b 02 00 00 48 8b 9d 90 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb c8 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 01 00 00 48 8b 83 c8 00 00 00 48 85 c0 74 43
RSP: 0018:ffffc9000486f7c8 EFLAGS: 00010012
RAX: dffffc0000000000 RBX: ffff000000000000 RCX: 0000000000000001
RDX: 1fffe00000000019 RSI: 0000000000000002 RDI: ffff0000000000c8
RBP: ffff88801fc48000 R08: ffff8880b9a3aa00 R09: ffffc9000486f687
R10: fffff5200090ded0 R11: 0000000000000001 R12: 0000000000000000
R13: ffffffff8f512840 R14: 0000000000000043 R15: ffffffff8be5d0a0
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffdc0000000019 CR3: 000000000bc8e000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 cpu_cgroup_fork+0x78/0x140 kernel/sched/core.c:10303
 cgroup_post_fork+0x2e6/0x8f0 kernel/cgroup/cgroup.c:6422
 copy_process+0x53e4/0x7090 kernel/fork.c:2487
 kernel_clone+0xe7/0xab0 kernel/fork.c:2673
 user_mode_thread+0xad/0xe0 kernel/fork.c:2742
 call_usermodehelper_exec_work kernel/umh.c:174 [inline]
 call_usermodehelper_exec_work+0xcc/0x180 kernel/umh.c:160
 process_one_work+0x991/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Modules linked in:
CR2: ffffdc0000000019
---[ end trace 0000000000000000 ]---
RIP: 0010:sched_change_group+0xd5/0x370 kernel/sched/core.c:10181
Code: 03 80 3c 02 00 0f 85 1b 02 00 00 48 8b 9d 90 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb c8 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 01 00 00 48 8b 83 c8 00 00 00 48 85 c0 74 43
RSP: 0018:ffffc9000486f7c8 EFLAGS: 00010012
RAX: dffffc0000000000 RBX: ffff000000000000 RCX: 0000000000000001
RDX: 1fffe00000000019 RSI: 0000000000000002 RDI: ffff0000000000c8
RBP: ffff88801fc48000 R08: ffff8880b9a3aa00 R09: ffffc9000486f687
R10: fffff5200090ded0 R11: 0000000000000001 R12: 0000000000000000
R13: ffffffff8f512840 R14: 0000000000000043 R15: ffffffff8be5d0a0
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffdc0000000019 CR3: 000000000bc8e000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   4:	0f 85 1b 02 00 00    	jne    0x225
   a:	48 8b 9d 90 02 00 00 	mov    0x290(%rbp),%rbx
  11:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  18:	fc ff df
  1b:	48 8d bb c8 00 00 00 	lea    0xc8(%rbx),%rdi
  22:	48 89 fa             	mov    %rdi,%rdx
  25:	48 c1 ea 03          	shr    $0x3,%rdx
* 29:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2d:	0f 85 e8 01 00 00    	jne    0x21b
  33:	48 8b 83 c8 00 00 00 	mov    0xc8(%rbx),%rax
  3a:	48 85 c0             	test   %rax,%rax
  3d:	74 43                	je     0x82