Oops: general protection fault, probably for non-canonical address 0xdffffc0000000042: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000210-0x0000000000000217]
CPU: 3 PID: 3076 Comm: kworker/u32:11 Not tainted 6.10.0-rc1-syzkaller-00027-g4a4be1ad3a6e #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: xfs-cil/loop1 xlog_cil_push_work
RIP: 0010:xlog_cil_build_lv_chain fs/xfs/xfs_log_cil.c:1079 [inline]
RIP: 0010:xlog_cil_push_work+0x9c6/0x21d0 fs/xfs/xfs_log_cil.c:1215
Code: 84 24 90 00 00 00 48 c1 e8 03 42 0f b6 04 20 84 c0 74 08 3c 03 0f 8e 55 14 00 00 49 8d 7e 10 44 8b 6b 28 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e 47 14 00 00 49 8d 7e 34 45
RSP: 0018:ffffc900242d7a90 EFLAGS: 00010206
RAX: 0000000000000042 RBX: ffffe8ffad3675ff RCX: ffffffff8338a960
RDX: ffff888026d58000 RSI: ffffffff8338a627 RDI: 0000000000000210
RBP: ffffc900242d7cc0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000000017e R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000200 R15: ffff8880153694e0
FS:  0000000000000000(0000) GS:ffff88802c300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000f5e72000 CR3: 00000000533fe000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 process_one_work+0x958/0x1ad0 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:xlog_cil_build_lv_chain fs/xfs/xfs_log_cil.c:1079 [inline]
RIP: 0010:xlog_cil_push_work+0x9c6/0x21d0 fs/xfs/xfs_log_cil.c:1215
Code: 84 24 90 00 00 00 48 c1 e8 03 42 0f b6 04 20 84 c0 74 08 3c 03 0f 8e 55 14 00 00 49 8d 7e 10 44 8b 6b 28 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e 47 14 00 00 49 8d 7e 34 45
RSP: 0018:ffffc900242d7a90 EFLAGS: 00010206
RAX: 0000000000000042 RBX: ffffe8ffad3675ff RCX: ffffffff8338a960
RDX: ffff888026d58000 RSI: ffffffff8338a627 RDI: 0000000000000210
RBP: ffffc900242d7cc0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000000017e R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000200 R15: ffff8880153694e0
FS:  0000000000000000(0000) GS:ffff88802c300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000580de000 CR3: 0000000024722000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	84 24 90             	test   %ah,(%rax,%rdx,4)
   3:	00 00                	add    %al,(%rax)
   5:	00 48 c1             	add    %cl,-0x3f(%rax)
   8:	e8 03 42 0f b6       	call   0xb60f4210
   d:	04 20                	add    $0x20,%al
   f:	84 c0                	test   %al,%al
  11:	74 08                	je     0x1b
  13:	3c 03                	cmp    $0x3,%al
  15:	0f 8e 55 14 00 00    	jle    0x1470
  1b:	49 8d 7e 10          	lea    0x10(%r14),%rdi
  1f:	44 8b 6b 28          	mov    0x28(%rbx),%r13d
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 0f b6 04 20       	movzbl (%rax,%r12,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	74 08                	je     0x3b
  33:	3c 03                	cmp    $0x3,%al
  35:	0f 8e 47 14 00 00    	jle    0x1482
  3b:	49 8d 7e 34          	lea    0x34(%r14),%rdi
  3f:	45                   	rex.RB