Oops: general protection fault, probably for non-canonical address 0xdffffc000000003c: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x00000000000001e0-0x00000000000001e7]
CPU: 1 UID: 0 PID: 67 Comm: kworker/u8:4 Not tainted 6.14.0-rc6-syzkaller-00016-g0fed89a961ea #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_unbound nsim_dev_trap_report_work
RIP: 0010:nsim_dev_trap_report_work+0xbb/0xb50 drivers/net/netdevsim/dev.c:848
Code: c7 fa 48 8b 4c 24 08 48 8b 01 48 39 c8 0f 84 1e 0a 00 00 48 89 04 24 48 8d a8 e0 01 00 00 48 89 e8 48 c1 e8 03 48 89 44 24 28 <42> 80 3c 30 00 74 08 48 89 ef e8 b6 ed c7 fa 48 8b 5d 00 48 89 d8
RSP: 0018:ffffc9000215fa48 EFLAGS: 00010216
RAX: 000000000000003c RBX: 0000000000000000 RCX: ffff88801dfd0000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000000001e0 R08: ffffffff87613771 R09: 1ffff11006abb815
R10: dffffc0000000000 R11: ffffed1006abb816 R12: dffffc0000000000
R13: ffff88807b407800 R14: dffffc0000000000 R15: ffffffff818a9306
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1673f23440 CR3: 000000000e938000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac0/0x18e0 kernel/workqueue.c:3319
 worker_thread+0x870/0xd30 kernel/workqueue.c:3400
 kthread+0x7ab/0x920 kernel/kthread.c:464
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:nsim_dev_trap_report_work+0xbb/0xb50 drivers/net/netdevsim/dev.c:848
Code: c7 fa 48 8b 4c 24 08 48 8b 01 48 39 c8 0f 84 1e 0a 00 00 48 89 04 24 48 8d a8 e0 01 00 00 48 89 e8 48 c1 e8 03 48 89 44 24 28 <42> 80 3c 30 00 74 08 48 89 ef e8 b6 ed c7 fa 48 8b 5d 00 48 89 d8
RSP: 0018:ffffc9000215fa48 EFLAGS: 00010216
RAX: 000000000000003c RBX: 0000000000000000 RCX: ffff88801dfd0000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000000001e0 R08: ffffffff87613771 R09: 1ffff11006abb815
R10: dffffc0000000000 R11: ffffed1006abb816 R12: dffffc0000000000
R13: ffff88807b407800 R14: dffffc0000000000 R15: ffffffff818a9306
FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555941ae7d0 CR3: 000000007c186000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	fa                   	cli
   1:	48 8b 4c 24 08       	mov    0x8(%rsp),%rcx
   6:	48 8b 01             	mov    (%rcx),%rax
   9:	48 39 c8             	cmp    %rcx,%rax
   c:	0f 84 1e 0a 00 00    	je     0xa30
  12:	48 89 04 24          	mov    %rax,(%rsp)
  16:	48 8d a8 e0 01 00 00 	lea    0x1e0(%rax),%rbp
  1d:	48 89 e8             	mov    %rbp,%rax
  20:	48 c1 e8 03          	shr    $0x3,%rax
  24:	48 89 44 24 28       	mov    %rax,0x28(%rsp)
* 29:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	48 89 ef             	mov    %rbp,%rdi
  33:	e8 b6 ed c7 fa       	call   0xfac7edee
  38:	48 8b 5d 00          	mov    0x0(%rbp),%rbx
  3c:	48 89 d8             	mov    %rbx,%rax