Oops: general protection fault, probably for non-canonical address 0xe7001bfff110035c: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: maybe wild-memory-access in range [0x3800ffff88801ae0-0x3800ffff88801ae7]
CPU: 0 UID: 0 PID: 5840 Comm: syz-executor Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
RIP: 0010:__lock_acquire+0x6a/0x2100 kernel/locking/lockdep.c:5089
Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d 7b 38 ac 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 28 56 8b 00 48 be 00 00 00 00 00 fc
RSP: 0018:ffffc90004247790 EFLAGS: 00010006
RAX: 07001ffff110035c RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 3800ffff88801ae2
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: dffffc0000000000 R11: fffffbfff2039027 R12: ffff888030a2bc00
R13: 0000000000000000 R14: 0000000000000000 R15: 3800ffff88801ae2
FS: 000055556c134500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556dda3808 CR3: 0000000063124000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline]
_raw_spin_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:170
put_pwq_unlocked+0x42/0x190 kernel/workqueue.c:1662
destroy_workqueue+0x99d/0xc40 kernel/workqueue.c:5883
btrfs_destroy_workqueue+0x45/0x260 fs/btrfs/async-thread.c:360
btrfs_stop_all_workers+0x1a6/0x2a0 fs/btrfs/disk-io.c:1789
close_ctree+0x6bb/0xd60 fs/btrfs/disk-io.c:4360
generic_shutdown_super+0x139/0x2d0 fs/super.c:642
kill_anon_super+0x3b/0x70 fs/super.c:1237
btrfs_kill_super+0x41/0x50 fs/btrfs/super.c:2112
deactivate_locked_super+0xc4/0x130 fs/super.c:473
cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373
task_work_run+0x24f/0x310 kernel/task_work.c:239
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218
do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbc8bb7fa87
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007fffc1691608 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fbc8bb7fa87
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffc16916c0
RBP: 00007fffc16916c0 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffc1692740
R13: 00007fbc8bbf15fc R14: 0000000000018b37 R15: 00007fffc1692780
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0x6a/0x2100 kernel/locking/lockdep.c:5089
Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d 7b 38 ac 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 28 56 8b 00 48 be 00 00 00 00 00 fc
RSP: 0018:ffffc90004247790 EFLAGS: 00010006
RAX: 07001ffff110035c RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 3800ffff88801ae2
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: dffffc0000000000 R11: fffffbfff2039027 R12: ffff888030a2bc00
R13: 0000000000000000 R14: 0000000000000000 R15: 3800ffff88801ae2
FS: 000055556c134500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556dda3808 CR3: 0000000063124000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: b6 04 mov $0x4,%dh
2: 30 84 c0 0f 85 f8 16 xor %al,0x16f8850f(%rax,%rax,8)
9: 00 00 add %al,(%rax)
b: 45 31 f6 xor %r14d,%r14d
e: 83 3d 7b 38 ac 0e 00 cmpl $0x0,0xeac387b(%rip) # 0xeac3890
15: 0f 84 c8 13 00 00 je 0x13e3
1b: 89 54 24 60 mov %edx,0x60(%rsp)
1f: 89 5c 24 38 mov %ebx,0x38(%rsp)
23: 4c 89 f8 mov %r15,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 80 3c 30 00 cmpb $0x0,(%rax,%rsi,1) <-- trapping instruction
2e: 74 12 je 0x42
30: 4c 89 ff mov %r15,%rdi
33: e8 28 56 8b 00 call 0x8b5660
38: 48 rex.W
39: be 00 00 00 00 mov $0x0,%esi
3e: 00 fc add %bh,%ah