workqueue: Failed to create a rescuer kthread for wq "bcachefs": -EINTR
bcachefs (baafa011-d992-4344-aaf9-4ff0e0bec0ff): shutdown complete
BUG: unable to handle page fault for address: ffffffffffffffa0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7c80067 P4D 7c80067 PUD 7c82067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 PID: 3763 Comm: syz.3.17 Not tainted 6.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:bch2_fs_btree_iter_exit+0x242/0x260 fs/bcachefs/btree_iter.c:3168
Code: e1 07 38 c1 7c bd 48 89 df e8 7a ac 2d ff eb b3 49 83 c7 a0 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 ee ac 2d ff <49> 8b 1f e8 f6 9f 2d ff 48 c7 c7 00 1e a7 86 48 89 de e8 d7 69 c9
RSP: 0018:ffffc900042ff520 EFLAGS: 00010246

RAX: 1ffffffffffffff4 RBX: ffff888160b83e48 RCX: 1ffff1102c170760
RDX: 0000000000000000 RSI: ffffffff86b1e460 RDI: ffff888160b80000
RBP: ffff888160b80000 R08: ffff888160bc7177 R09: 1ffff1102c178e2e
R10: dffffc0000000000 R11: ffffed102c178e2f R12: dffffc0000000000
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffffffffffffffa0
FS:  00007fae062de6c0(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffa0 CR3: 0000000171a2e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __bch2_fs_free fs/bcachefs/super.c:492 [inline]
 bch2_fs_release+0x17a/0x430 fs/bcachefs/super.c:539
 kobject_cleanup lib/kobject.c:682 [inline]
 kobject_release lib/kobject.c:716 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x18c/0x350 lib/kobject.c:733
 bch2_fs_alloc fs/bcachefs/super.c:886 [inline]
 bch2_fs_open+0x1c9f/0x2bb0 fs/bcachefs/super.c:1927
 bch2_mount+0x564/0x1140 fs/bcachefs/fs.c:1829
 legacy_get_tree+0xe9/0x180 fs/fs_context.c:638
 vfs_get_tree+0x82/0x250 fs/super.c:1750
 do_new_mount+0x1e5/0x940 fs/namespace.c:3335
 do_mount fs/namespace.c:3675 [inline]
 __do_sys_mount fs/namespace.c:3884 [inline]
 __se_sys_mount+0x242/0x2e0 fs/namespace.c:3861
 do_syscall_64+0x46/0xc0
 entry_SYSCALL_64_after_hwframe+0x6f/0xd9
RIP: 0033:0x7fae055874ca
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fae062dde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fae062ddef0 RCX: 00007fae055874ca
RDX: 000000002000f640 RSI: 000000002000f680 RDI: 00007fae062ddeb0
RBP: 000000002000f640 R08: 00007fae062ddef0 R09: 0000000000000084
R10: 0000000000000084 R11: 0000000000000246 R12: 000000002000f680
R13: 00007fae062ddeb0 R14: 000000000000f62b R15: 0000000020000240
 </TASK>
Modules linked in:
CR2: ffffffffffffffa0
---[ end trace 0000000000000000 ]---
RIP: 0010:bch2_fs_btree_iter_exit+0x242/0x260 fs/bcachefs/btree_iter.c:3168
Code: e1 07 38 c1 7c bd 48 89 df e8 7a ac 2d ff eb b3 49 83 c7 a0 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 ee ac 2d ff <49> 8b 1f e8 f6 9f 2d ff 48 c7 c7 00 1e a7 86 48 89 de e8 d7 69 c9
RSP: 0018:ffffc900042ff520 EFLAGS: 00010246

RAX: 1ffffffffffffff4 RBX: ffff888160b83e48 RCX: 1ffff1102c170760
RDX: 0000000000000000 RSI: ffffffff86b1e460 RDI: ffff888160b80000
RBP: ffff888160b80000 R08: ffff888160bc7177 R09: 1ffff1102c178e2e
R10: dffffc0000000000 R11: ffffed102c178e2f R12: dffffc0000000000
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffffffffffffffa0
FS:  00007fae062de6c0(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffa0 CR3: 0000000171a2e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	e1 07                	loope  0x9
   2:	38 c1                	cmp    %al,%cl
   4:	7c bd                	jl     0xffffffc3
   6:	48 89 df             	mov    %rbx,%rdi
   9:	e8 7a ac 2d ff       	call   0xff2dac88
   e:	eb b3                	jmp    0xffffffc3
  10:	49 83 c7 a0          	add    $0xffffffffffffffa0,%r15
  14:	4c 89 f8             	mov    %r15,%rax
  17:	48 c1 e8 03          	shr    $0x3,%rax
  1b:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1)
  20:	74 08                	je     0x2a
  22:	4c 89 ff             	mov    %r15,%rdi
  25:	e8 ee ac 2d ff       	call   0xff2dad18
* 2a:	49 8b 1f             	mov    (%r15),%rbx <-- trapping instruction
  2d:	e8 f6 9f 2d ff       	call   0xff2da028
  32:	48 c7 c7 00 1e a7 86 	mov    $0xffffffff86a71e00,%rdi
  39:	48 89 de             	mov    %rbx,%rsi
  3c:	e8                   	.byte 0xe8
  3d:	d7                   	xlat   %ds:(%rbx)
  3e:	69                   	.byte 0x69
  3f:	c9                   	leave