Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.11.0-rc4-next-20240823-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:rb_set_parent_color include/linux/rbtree_augmented.h:191 [inline] RIP: 0010:____rb_erase_color lib/rbtree.c:359 [inline] RIP: 0010:__rb_erase_color+0x37c/0xa30 lib/rbtree.c:413 Code: 03 00 74 08 4c 89 f7 e8 72 d8 44 f6 4d 89 26 49 8d 5c 24 01 48 8b 6c 24 08 48 89 e8 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df <42> 80 3c 30 00 74 08 48 89 ef e8 45 d8 44 f6 48 89 5d 00 4c 89 e3 RSP: 0018:ffffffff8e6079a0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff88802a803c91 RCX: dffffc0000000000 RDX: ffffffff81680dc0 RSI: ffff8880b903eb48 RDI: ffff88802a803c90 RBP: 0000000000000000 R08: 0000000000000088 R09: 1ffffffff2038375 R10: dffffc0000000000 R11: ffffffff81671a40 R12: ffff88802a803c90 R13: ffff8880182ebc90 R14: dffffc0000000000 R15: 1ffff1100305d792 FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f39885b3f98 CR3: 00000000647c4000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rb_erase_augmented include/linux/rbtree_augmented.h:331 [inline] rb_erase_augmented_cached include/linux/rbtree_augmented.h:340 [inline] __dequeue_entity+0x953/0xd30 kernel/sched/fair.c:863 set_next_entity+0xfe/0x4c0 kernel/sched/fair.c:5559 set_next_task_fair+0x1dd/0x540 kernel/sched/fair.c:13151 set_next_task kernel/sched/sched.h:2434 [inline] pick_next_task kernel/sched/core.c:6259 [inline] __schedule+0x4253/0x4b30 kernel/sched/core.c:6632 schedule_idle+0x53/0x90 kernel/sched/core.c:6795 do_idle+0x56a/0x5d0 kernel/sched/idle.c:354 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:424 rest_init+0x2dc/0x300 init/main.c:747 start_kernel+0x47f/0x500 init/main.c:1105 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507 x86_64_start_kernel+0x9f/0xa0 arch/x86/kernel/head64.c:488 common_startup_64+0x13e/0x147 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rb_set_parent_color include/linux/rbtree_augmented.h:191 [inline] RIP: 0010:____rb_erase_color lib/rbtree.c:359 [inline] RIP: 0010:__rb_erase_color+0x37c/0xa30 lib/rbtree.c:413 Code: 03 00 74 08 4c 89 f7 e8 72 d8 44 f6 4d 89 26 49 8d 5c 24 01 48 8b 6c 24 08 48 89 e8 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df <42> 80 3c 30 00 74 08 48 89 ef e8 45 d8 44 f6 48 89 5d 00 4c 89 e3 RSP: 0018:ffffffff8e6079a0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff88802a803c91 RCX: dffffc0000000000 RDX: ffffffff81680dc0 RSI: ffff8880b903eb48 RDI: ffff88802a803c90 RBP: 0000000000000000 R08: 0000000000000088 R09: 1ffffffff2038375 R10: dffffc0000000000 R11: ffffffff81671a40 R12: ffff88802a803c90 R13: ffff8880182ebc90 R14: dffffc0000000000 R15: 1ffff1100305d792 FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f39885b3f98 CR3: 00000000647c4000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 03 00 add (%rax),%eax 2: 74 08 je 0xc 4: 4c 89 f7 mov %r14,%rdi 7: e8 72 d8 44 f6 call 0xf644d87e c: 4d 89 26 mov %r12,(%r14) f: 49 8d 5c 24 01 lea 0x1(%r12),%rbx 14: 48 8b 6c 24 08 mov 0x8(%rsp),%rbp 19: 48 89 e8 mov %rbp,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 49 be 00 00 00 00 00 movabs $0xdffffc0000000000,%r14 27: fc ff df * 2a: 42 80 3c 30 00 cmpb $0x0,(%rax,%r14,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 48 89 ef mov %rbp,%rdi 34: e8 45 d8 44 f6 call 0xf644d87e 39: 48 89 5d 00 mov %rbx,0x0(%rbp) 3d: 4c 89 e3 mov %r12,%rbx