general protection fault, probably for non-canonical address 0xffff000000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0xfff8200000000000-0xfff8200000000007]
CPU: 1 PID: 270 Comm: kworker/u4:2 Not tainted 6.0.0-rc1-syzkaller-00049-g4e55e22d3d9a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0010:rcu_do_batch kernel/rcu/tree.c:2245 [inline]
RIP: 0010:rcu_core+0x7af/0x1780 kernel/rcu/tree.c:2505
Code: 07 f3 f7 ff 49 8d 7f 08 5e 48 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 f8 0b 00 00 49 8b 47 08 4c 89 ff 49 c7 47 08 00 00 00 00 <ff> d0 48 c7 c6 f0 2f 32 81 48 c7 c7 c0 4e a9 87 e8 4c eb f7 ff 65
RSP: 0000:ffffc90000178e68 EFLAGS: 00010246

RAX: ffff000000000000 RBX: 0000000000000000 RCX: 603ad66270707a3c
RDX: 1ffff11021cfb13e RSI: ffffffff81322f8d RDI: ffff88810e7ab0a8
RBP: 0000000000000009 R08: 0000000000000000 R09: ffffffff8b0766df
R10: fffffbfff160ecdb R11: 0000000000000001 R12: dffffc0000000000
R13: ffffc90000178ed8 R14: 0000000000000008 R15: ffff88810e7ab0a8
FS:  0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000007825000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __do_softirq+0x1c0/0x9a9 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x113/0x170 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1106
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:vma_link+0x64a/0x830 mm/mmap.c:662
Code: 00 00 e8 69 b2 bc ff e8 34 c9 d9 ff 48 8b 44 24 08 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 <84> c0 74 08 3c 03 0f 8e 87 00 00 00 48 8b 44 24 08 83 40 70 01 48
RSP: 0000:ffffc900016afd38 EFLAGS: 00000a06
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 1ffff11021cf9a8e RSI: ffffffff816c3fbc RDI: ffff88810e7cd470
RBP: ffff88810e7cd408 R08: 0000000000000006 R09: 00007fffffefe000
R10: 00007fffffefe000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000000 R14: ffff88810ca8fb00 R15: 0000000000000000
 insert_vm_struct+0x173/0x340 mm/mmap.c:3162
 __bprm_mm_init fs/exec.c:277 [inline]
 bprm_mm_init fs/exec.c:379 [inline]
 alloc_bprm+0x4e7/0x900 fs/exec.c:1534
 kernel_execve+0xab/0x500 fs/exec.c:1974
 call_usermodehelper_exec_async+0x2e3/0x580 kernel/umh.c:112
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rcu_do_batch kernel/rcu/tree.c:2245 [inline]
RIP: 0010:rcu_core+0x7af/0x1780 kernel/rcu/tree.c:2505
Code: 07 f3 f7 ff 49 8d 7f 08 5e 48 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 f8 0b 00 00 49 8b 47 08 4c 89 ff 49 c7 47 08 00 00 00 00 <ff> d0 48 c7 c6 f0 2f 32 81 48 c7 c7 c0 4e a9 87 e8 4c eb f7 ff 65
RSP: 0000:ffffc90000178e68 EFLAGS: 00010246

RAX: ffff000000000000 RBX: 0000000000000000 RCX: 603ad66270707a3c
RDX: 1ffff11021cfb13e RSI: ffffffff81322f8d RDI: ffff88810e7ab0a8
RBP: 0000000000000009 R08: 0000000000000000 R09: ffffffff8b0766df
R10: fffffbfff160ecdb R11: 0000000000000001 R12: dffffc0000000000
R13: ffffc90000178ed8 R14: 0000000000000008 R15: ffff88810e7ab0a8
FS:  0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000007825000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	f3 f7 ff             	repz idiv %edi
   3:	49 8d 7f 08          	lea    0x8(%r15),%rdi
   7:	5e                   	pop    %rsi
   8:	48 89 f8             	mov    %rdi,%rax
   b:	48 c1 e8 03          	shr    $0x3,%rax
   f:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
  14:	0f 85 f8 0b 00 00    	jne    0xc12
  1a:	49 8b 47 08          	mov    0x8(%r15),%rax
  1e:	4c 89 ff             	mov    %r15,%rdi
  21:	49 c7 47 08 00 00 00 	movq   $0x0,0x8(%r15)
  28:	00
* 29:	ff d0                	callq  *%rax <-- trapping instruction
  2b:	48 c7 c6 f0 2f 32 81 	mov    $0xffffffff81322ff0,%rsi
  32:	48 c7 c7 c0 4e a9 87 	mov    $0xffffffff87a94ec0,%rdi
  39:	e8 4c eb f7 ff       	callq  0xfff7eb8a
  3e:	65                   	gs