Oops: general protection fault, probably for non-canonical address 0xfff91c00944f0400: 0000 [#1] SMP KASAN NOPTI
KASAN: maybe wild-memory-access in range [0xffc90004a2782000-0xffc90004a2782007]
CPU: 0 UID: 0 PID: 5974 Comm: kworker/0:6 Not tainted 6.16.0-syzkaller-12187-g0227b49b5027 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: rcu_gp srcu_invoke_callbacks
RIP: 0010:rcu_cblist_dequeue+0x5d/0xc0 kernel/rcu/rcu_segcblist.c:75
Code: 33 4d 85 f6 74 69 4c 8d 7b 10 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 4d ee 7a 00 49 ff 0f 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 34 ee 7a 00 4d 8b 3e 43 80 7c 25
RSP: 0018:ffffc90004da7950 EFLAGS: 00010216
RAX: 1ff92000944f0400 RBX: ffffc90004da79e0 RCX: 0000000000000000
RDX: 0000000000000006 RSI: ffffffff8d9b6bc1 RDI: ffffc90004da79e0
RBP: ffffc90004da7a70 R08: ffffffff8fa37937 R09: 1ffffffff1f46f26
R10: dffffc0000000000 R11: fffffbfff1f46f27 R12: dffffc0000000000
R13: 1ffff920009b4f3c R14: ffc90004a2782000 R15: ffffc90004da79f0
FS:  0000000000000000(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b33523ffc CR3: 000000005aec9000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 srcu_invoke_callbacks+0x1ed/0x450 kernel/rcu/srcutree.c:1802
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rcu_cblist_dequeue+0x5d/0xc0 kernel/rcu/rcu_segcblist.c:75
Code: 33 4d 85 f6 74 69 4c 8d 7b 10 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 4d ee 7a 00 49 ff 0f 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 34 ee 7a 00 4d 8b 3e 43 80 7c 25
RSP: 0018:ffffc90004da7950 EFLAGS: 00010216
RAX: 1ff92000944f0400 RBX: ffffc90004da79e0 RCX: 0000000000000000
RDX: 0000000000000006 RSI: ffffffff8d9b6bc1 RDI: ffffc90004da79e0
RBP: ffffc90004da7a70 R08: ffffffff8fa37937 R09: 1ffffffff1f46f26
R10: dffffc0000000000 R11: fffffbfff1f46f27 R12: dffffc0000000000
R13: 1ffff920009b4f3c R14: ffc90004a2782000 R15: ffffc90004da79f0
FS:  0000000000000000(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d25a034000 CR3: 0000000079bf3000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	33 4d 85             	xor    -0x7b(%rbp),%ecx
   3:	f6 74 69 4c          	divb   0x4c(%rcx,%rbp,2)
   7:	8d 7b 10             	lea    0x10(%rbx),%edi
   a:	4c 89 f8             	mov    %r15,%rax
   d:	48 c1 e8 03          	shr    $0x3,%rax
  11:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
  16:	74 08                	je     0x20
  18:	4c 89 ff             	mov    %r15,%rdi
  1b:	e8 4d ee 7a 00       	call   0x7aee6d
  20:	49 ff 0f             	decq   (%r15)
  23:	4c 89 f0             	mov    %r14,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 f7             	mov    %r14,%rdi
  34:	e8 34 ee 7a 00       	call   0x7aee6d
  39:	4d 8b 3e             	mov    (%r14),%r15
  3c:	43                   	rex.XB
  3d:	80                   	.byte 0x80
  3e:	7c 25                	jl     0x65