Oops: general protection fault, probably for non-canonical address 0xdffffc0000000145: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000a28-0x0000000000000a2f]
CPU: 2 UID: 0 PID: 54 Comm: kworker/2:1H Not tainted 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: kblockd blk_mq_run_work_fn
RIP: 0010:__lock_acquire+0xe1/0x3ce0 kernel/locking/lockdep.c:5065
Code: d0 7c 08 84 d2 0f 85 96 14 00 00 8b 0d a0 23 b3 0e 85 c9 0f 84 dd 0d 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 02 2d 00 00 49 8b 04 24 48 3d 20 f7 2f 93 0f 84
RSP: 0018:ffffc9000074f450 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000145 RSI: 1ffff920000e9e9c RDI: 0000000000000a2a
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff901ce48f R11: 0000000000000000 R12: 0000000000000a2a
R13: 0000000000000a2a R14: 0000000000000000 R15: ffff88801e688000
FS:  0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020023000 CR3: 0000000060c96000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5825
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]
 try_to_wake_up+0xa1/0x14f0 kernel/sched/core.c:4160
 rq_qos_wake_function block/blk-rq-qos.c:223 [inline]
 rq_qos_wake_function+0x1f8/0x280 block/blk-rq-qos.c:206
 __wake_up_common+0x131/0x1e0 kernel/sched/wait.c:89
 __wake_up_common_lock kernel/sched/wait.c:106 [inline]
 __wake_up+0x31/0x60 kernel/sched/wait.c:127
 wbt_rqw_done+0x163/0x3c0 block/blk-wbt.c:225
 __wbt_done block/blk-wbt.c:238 [inline]
 wbt_done+0x17a/0x300 block/blk-wbt.c:259
 __rq_qos_done+0x59/0xa0 block/blk-rq-qos.c:39
 rq_qos_done block/blk-rq-qos.h:122 [inline]
 blk_mq_free_request+0x1d7/0x340 block/blk-mq.c:735
 __blk_mq_end_request block/blk-mq.c:1042 [inline]
 blk_mq_end_request+0x3ff/0x620 block/blk-mq.c:1053
 blk_mq_complete_request block/blk-mq.c:1229 [inline]
 blk_mq_complete_request+0x88/0xb0 block/blk-mq.c:1226
 nullb_complete_cmd drivers/block/null_blk/main.c:1346 [inline]
 null_handle_cmd drivers/block/null_blk/main.c:1397 [inline]
 null_queue_rq+0xb8e/0x1010 drivers/block/null_blk/main.c:1637
 blk_mq_dispatch_rq_list+0x443/0x1dc0 block/blk-mq.c:2030
 __blk_mq_sched_dispatch_requests+0x686/0x1620 block/blk-mq-sched.c:315
 blk_mq_sched_dispatch_requests+0xd4/0x150 block/blk-mq-sched.c:331
 blk_mq_run_work_fn+0x1ef/0x380 block/blk-mq.c:2413
 process_one_work+0x958/0x1b30 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0xe1/0x3ce0 kernel/locking/lockdep.c:5065
Code: d0 7c 08 84 d2 0f 85 96 14 00 00 8b 0d a0 23 b3 0e 85 c9 0f 84 dd 0d 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 02 2d 00 00 49 8b 04 24 48 3d 20 f7 2f 93 0f 84
RSP: 0018:ffffc9000074f450 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000145 RSI: 1ffff920000e9e9c RDI: 0000000000000a2a
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff901ce48f R11: 0000000000000000 R12: 0000000000000a2a
R13: 0000000000000a2a R14: 0000000000000000 R15: ffff88801e688000
FS:  0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020023000 CR3: 0000000060c96000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	d0 7c 08 84          	sarb   -0x7c(%rax,%rcx,1)
   4:	d2 0f                	rorb   %cl,(%rdi)
   6:	85 96 14 00 00 8b    	test   %edx,-0x74ffffec(%rsi)
   c:	0d a0 23 b3 0e       	or     $0xeb323a0,%eax
  11:	85 c9                	test   %ecx,%ecx
  13:	0f 84 dd 0d 00 00    	je     0xdf6
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	4c 89 e2             	mov    %r12,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 02 2d 00 00    	jne    0x2d36
  34:	49 8b 04 24          	mov    (%r12),%rax
  38:	48 3d 20 f7 2f 93    	cmp    $0xffffffff932ff720,%rax
  3e:	0f                   	.byte 0xf
  3f:	84                   	.byte 0x84