Oops: general protection fault, probably for non-canonical address 0xfff91c007a9f6800: 0000 [#1] SMP KASAN PTI
KASAN: maybe wild-memory-access in range [0xffc90003d4fb4000-0xffc90003d4fb4007]
CPU: 0 UID: 0 PID: 6855 Comm: kworker/0:5 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: rcu_gp srcu_invoke_callbacks
RIP: 0010:rcu_cblist_dequeue+0x5d/0xc0 kernel/rcu/rcu_segcblist.c:75
Code: 33 4d 85 f6 74 69 4c 8d 7b 10 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 ed cd 78 00 49 ff 0f 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 d4 cd 78 00 4d 8b 3e 43 80 7c 25
RSP: 0018:ffffc900030a7950 EFLAGS: 00010a06
RAX: 1ff920007a9f6800 RBX: ffffc900030a79e0 RCX: 0000000000000000
RDX: 0000000000000006 RSI: ffffffff8d96ea60 RDI: ffffc900030a79e0
RBP: ffffc900030a7a70 R08: ffffffff8f9fe1f7 R09: 1ffffffff1f3fc3e
R10: dffffc0000000000 R11: fffffbfff1f3fc3f R12: dffffc0000000000
R13: 1ffff92000614f3c R14: ffc90003d4fb4000 R15: ffffc900030a79f0
FS:  0000000000000000(0000) GS:ffff888125c83000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555ed2958950 CR3: 000000003371a000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 srcu_invoke_callbacks+0x1ed/0x450 kernel/rcu/srcutree.c:1800
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rcu_cblist_dequeue+0x5d/0xc0 kernel/rcu/rcu_segcblist.c:75
Code: 33 4d 85 f6 74 69 4c 8d 7b 10 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 ed cd 78 00 49 ff 0f 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 d4 cd 78 00 4d 8b 3e 43 80 7c 25
RSP: 0018:ffffc900030a7950 EFLAGS: 00010a06
RAX: 1ff920007a9f6800 RBX: ffffc900030a79e0 RCX: 0000000000000000
RDX: 0000000000000006 RSI: ffffffff8d96ea60 RDI: ffffc900030a79e0
RBP: ffffc900030a7a70 R08: ffffffff8f9fe1f7 R09: 1ffffffff1f3fc3e
R10: dffffc0000000000 R11: fffffbfff1f3fc3f R12: dffffc0000000000
R13: 1ffff92000614f3c R14: ffc90003d4fb4000 R15: ffffc900030a79f0
FS:  0000000000000000(0000) GS:ffff888125c83000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbdac372000 CR3: 0000000032b50000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	33 4d 85             	xor    -0x7b(%rbp),%ecx
   3:	f6 74 69 4c          	divb   0x4c(%rcx,%rbp,2)
   7:	8d 7b 10             	lea    0x10(%rbx),%edi
   a:	4c 89 f8             	mov    %r15,%rax
   d:	48 c1 e8 03          	shr    $0x3,%rax
  11:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
  16:	74 08                	je     0x20
  18:	4c 89 ff             	mov    %r15,%rdi
  1b:	e8 ed cd 78 00       	call   0x78ce0d
  20:	49 ff 0f             	decq   (%r15)
  23:	4c 89 f0             	mov    %r14,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 f7             	mov    %r14,%rdi
  34:	e8 d4 cd 78 00       	call   0x78ce0d
  39:	4d 8b 3e             	mov    (%r14),%r15
  3c:	43                   	rex.XB
  3d:	80                   	.byte 0x80
  3e:	7c 25                	jl     0x65