BUG: spinlock bad magic on CPU#0, kworker/u4:13/4823
Unable to handle kernel paging request at virtual address ffff7000043be000
KASAN: maybe wild-memory-access in range [0xffff800021df0000-0xffff800021df0007]
Mem abort info:
  ESR = 0x0000000096000007
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x07: level 3 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000007
  CM = 0, WnR = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000002229cd000
[ffff7000043be000] pgd=000000023ea48003, p4d=000000023ea48003, pud=000000023ea47003, pmd=100000010b2b6003, pte=0000000000000000
Internal error: Oops: 0000000096000007 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4823 Comm: kworker/u4:13 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: btrfs-endio btrfs_end_bio_work
pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : string_nocheck lib/vsprintf.c:643 [inline]
pc : string+0x1a4/0x280 lib/vsprintf.c:725
lr : string_nocheck lib/vsprintf.c:642 [inline]
lr : string+0x1f0/0x280 lib/vsprintf.c:725
sp : ffff800021207190
x29: ffff800021207190 x28: 00000000fffff73a x27: dfff800000000000
x26: 00000000000008c4 x25: 00000000000000f8 x24: ffff800021207cbb
x23: ffffffffffffffff x22: ffff7000043bd73c x21: ffff0a00ffffff04
x20: ffff800021207cbb x19: ffff8000212073c8 x18: ffff800011b9bf60
x17: 0000000000000000 x16: ffff8000082ef09c x15: 0000000000000000
x14: 0000000000000012 x13: 0000000000ff0100 x12: 0000000000ff0100
x11: ff00800011934634 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000030
x5 : ffff800021206d22 x4 : 0000000000000000 x3 : ffff0a00ffffff04
x2 : ffff7000043bd73c x1 : 00000000000000f8 x0 : ffff7000043be000
Call trace:
 string_nocheck lib/vsprintf.c:643 [inline]
 string+0x1a4/0x280 lib/vsprintf.c:725
 vsnprintf+0x10b0/0x18a8 lib/vsprintf.c:2805
 vprintk_store+0x37c/0xb6c kernel/printk/printk.c:2187
 vprintk_emit+0x118/0x2f0 kernel/printk/printk.c:2284
 vprintk_default+0x54/0x80 kernel/printk/printk.c:2318
 vprintk+0x200/0x2a0 kernel/printk/printk_safe.c:45
 _printk+0xe0/0x130 kernel/printk/printk.c:2328
 spin_dump+0x10c/0x208 kernel/locking/spinlock_debug.c:63
 spin_bug kernel/locking/spinlock_debug.c:77 [inline]
 debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline]
 do_raw_spin_lock+0x1ec/0x2f8 kernel/locking/spinlock_debug.c:114
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0x74/0xb0 kernel/locking/spinlock.c:162
 __wake_up_common_lock kernel/sched/wait.c:137 [inline]
 __wake_up+0xe4/0x17c kernel/sched/wait.c:160
 btrfs_encoded_read_endio+0x440/0x584 fs/btrfs/inode.c:10553
 btrfs_end_bio_work+0x48/0x58 fs/btrfs/volumes.c:6843
 process_one_work+0x7f8/0x13a4 kernel/workqueue.c:2292
 worker_thread+0x8c4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: 38fb6908 7100011f 7a481128 5400030a (387a6ad9) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	38fb6908 	ldrsb	w8, [x8, x27]
   4:	7100011f 	cmp	w8, #0x0
   8:	7a481128 	ccmp	w9, w8, #0x8, ne	// ne = any
   c:	5400030a 	b.ge	0x6c  // b.tcont
* 10:	387a6ad9 	ldrb	w25, [x22, x26] <-- trapping instruction