BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
Oops: general protection fault, probably for non-canonical address 0xe01ffbf110035943: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: maybe wild-memory-access in range [0x00ffff88801aca18-0x00ffff88801aca1f]
CPU: 0 UID: 0 PID: 5364 Comm: syz-executor Not tainted 6.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__lock_acquire+0x69/0x2050 kernel/locking/lockdep.c:5065
Code: b6 04 30 84 c0 0f 85 9b 16 00 00 45 31 f6 83 3d 58 a8 ab 0e 00 0f 84 b6 13 00 00 89 54 24 54 89 5c 24 68 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 59 2c 8b 00 48 be 00 00 00 00 00 fc
RSP: 0018:ffffc9000459f7d0 EFLAGS: 00010002
RAX: 001ffff110035943 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 00ffff88801aca18
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: dffffc0000000000 R11: fffffbfff2037a4e R12: ffff88802d6b5a00
R13: 0000000000000001 R14: 0000000000000000 R15: 00ffff88801aca18
FS: 0000555590d61500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3a863d4000 CR3: 00000000290b4000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
__raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline]
_raw_spin_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:170
put_pwq_unlocked+0x42/0x190 kernel/workqueue.c:1662
destroy_workqueue+0x99d/0xc40 kernel/workqueue.c:5883
btrfs_stop_all_workers+0xbb/0x2a0 fs/btrfs/disk-io.c:1783
close_ctree+0x6ae/0xd60 fs/btrfs/disk-io.c:4362
generic_shutdown_super+0x139/0x2d0 fs/super.c:642
kill_anon_super+0x3b/0x70 fs/super.c:1237
btrfs_kill_super+0x41/0x50 fs/btrfs/super.c:2121
deactivate_locked_super+0xc4/0x130 fs/super.c:473
cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373
task_work_run+0x24f/0x310 kernel/task_work.c:239
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218
do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f05e017f327
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd7bd0c338 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f05e017f327
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd7bd0c3f0
RBP: 00007ffd7bd0c3f0 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd7bd0d470
R13: 00007f05e01f0134 R14: 00000000000197d1 R15: 00007ffd7bd0d4b0
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0x69/0x2050 kernel/locking/lockdep.c:5065
Code: b6 04 30 84 c0 0f 85 9b 16 00 00 45 31 f6 83 3d 58 a8 ab 0e 00 0f 84 b6 13 00 00 89 54 24 54 89 5c 24 68 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 59 2c 8b 00 48 be 00 00 00 00 00 fc
RSP: 0018:ffffc9000459f7d0 EFLAGS: 00010002
RAX: 001ffff110035943 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 00ffff88801aca18
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: dffffc0000000000 R11: fffffbfff2037a4e R12: ffff88802d6b5a00
R13: 0000000000000001 R14: 0000000000000000 R15: 00ffff88801aca18
FS: 0000555590d61500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3a863d4000 CR3: 00000000290b4000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: b6 04 mov $0x4,%dh
2: 30 84 c0 0f 85 9b 16 xor %al,0x169b850f(%rax,%rax,8)
9: 00 00 add %al,(%rax)
b: 45 31 f6 xor %r14d,%r14d
e: 83 3d 58 a8 ab 0e 00 cmpl $0x0,0xeaba858(%rip) # 0xeaba86d
15: 0f 84 b6 13 00 00 je 0x13d1
1b: 89 54 24 54 mov %edx,0x54(%rsp)
1f: 89 5c 24 68 mov %ebx,0x68(%rsp)
23: 4c 89 f8 mov %r15,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 80 3c 30 00 cmpb $0x0,(%rax,%rsi,1) <-- trapping instruction
2e: 74 12 je 0x42
30: 4c 89 ff mov %r15,%rdi
33: e8 59 2c 8b 00 call 0x8b2c91
38: 48 rex.W
39: be 00 00 00 00 mov $0x0,%esi
3e: 00 fc add %bh,%ah