Oops: general protection fault, probably for non-canonical address 0xdead4ead00000228: 0000 [#1] PREEMPT SMP PTI CPU: 1 UID: 0 PID: 5103 Comm: kworker/R-btree Not tainted 6.13.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:variable_test_bit arch/x86/include/asm/bitops.h:227 [inline] RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:239 [inline] RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline] RIP: 0010:tag_get lib/radix-tree.c:115 [inline] RIP: 0010:node_tag_set lib/radix-tree.c:943 [inline] RIP: 0010:__radix_tree_delete+0x115/0x180 lib/radix-tree.c:1373 Code: 4d 8b 40 08 4d 85 c0 75 d3 8b 4f 40 f7 c1 00 00 00 10 74 4e 81 e1 ff ff ff ef 89 4f 40 eb 43 48 85 f6 74 2a 49 89 f0 48 63 c9 <49> 0f a3 88 28 02 00 00 72 2e 49 0f ab 88 28 02 00 00 41 0f b6 48 RSP: 0018:ffffc90002f63dd8 EFLAGS: 00010086 RAX: ffff888106a8c700 RBX: ffff888106a8c700 RCX: 0000000000000000 RDX: ffff88817aa1fd00 RSI: ffff88817aa1fb60 RDI: ffffffff83a97cc8 RBP: 0000000000000000 R08: dead4ead00000000 R09: ffff88817aa1fd00 R10: 000000000000002f R11: ffffffff8129b600 R12: ffff888106a8c7e0 R13: ffff888106a8c7e0 R14: 0000000000000082 R15: ffffffff83a97cc8 FS: 0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005564f90f42a8 CR3: 000000017b268000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: radix_tree_delete_item+0xa6/0x100 lib/radix-tree.c:1430 free_pid+0x43/0xb0 kernel/pid.c:159 __unhash_process kernel/exit.c:130 [inline] __exit_signal kernel/exit.c:200 [inline] release_task+0x584/0x860 kernel/exit.c:257 exit_notify kernel/exit.c:775 [inline] do_exit+0x6f0/0xaa0 kernel/exit.c:958 kthread_exit+0x1e/0x20 kernel/kthread.c:316 kthread+0xf4/0x100 kernel/kthread.c:391 ret_from_fork+0x32/0x40 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:variable_test_bit arch/x86/include/asm/bitops.h:227 [inline] RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:239 [inline] RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline] RIP: 0010:tag_get lib/radix-tree.c:115 [inline] RIP: 0010:node_tag_set lib/radix-tree.c:943 [inline] RIP: 0010:__radix_tree_delete+0x115/0x180 lib/radix-tree.c:1373 Code: 4d 8b 40 08 4d 85 c0 75 d3 8b 4f 40 f7 c1 00 00 00 10 74 4e 81 e1 ff ff ff ef 89 4f 40 eb 43 48 85 f6 74 2a 49 89 f0 48 63 c9 <49> 0f a3 88 28 02 00 00 72 2e 49 0f ab 88 28 02 00 00 41 0f b6 48 RSP: 0018:ffffc90002f63dd8 EFLAGS: 00010086 RAX: ffff888106a8c700 RBX: ffff888106a8c700 RCX: 0000000000000000 RDX: ffff88817aa1fd00 RSI: ffff88817aa1fb60 RDI: ffffffff83a97cc8 RBP: 0000000000000000 R08: dead4ead00000000 R09: ffff88817aa1fd00 R10: 000000000000002f R11: ffffffff8129b600 R12: ffff888106a8c7e0 R13: ffff888106a8c7e0 R14: 0000000000000082 R15: ffffffff83a97cc8 FS: 0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005564f90f42a8 CR3: 000000017b268000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 4d 8b 40 08 mov 0x8(%r8),%r8 4: 4d 85 c0 test %r8,%r8 7: 75 d3 jne 0xffffffdc 9: 8b 4f 40 mov 0x40(%rdi),%ecx c: f7 c1 00 00 00 10 test $0x10000000,%ecx 12: 74 4e je 0x62 14: 81 e1 ff ff ff ef and $0xefffffff,%ecx 1a: 89 4f 40 mov %ecx,0x40(%rdi) 1d: eb 43 jmp 0x62 1f: 48 85 f6 test %rsi,%rsi 22: 74 2a je 0x4e 24: 49 89 f0 mov %rsi,%r8 27: 48 63 c9 movslq %ecx,%rcx * 2a: 49 0f a3 88 28 02 00 bt %rcx,0x228(%r8) <-- trapping instruction 31: 00 32: 72 2e jb 0x62 34: 49 0f ab 88 28 02 00 bts %rcx,0x228(%r8) 3b: 00 3c: 41 rex.B 3d: 0f .byte 0xf 3e: b6 48 mov $0x48,%dh