[ 86.524716][ T10] cfg80211: failed to load regulatory.db Warning: Permanently added '[localhost]:25067' (ED25519) to the list of known hosts. executing program [ 163.747379][ T5335] loop0: detected capacity change from 0 to 32768 [ 163.761176][ T5335] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5335) [ 163.787361][ T5335] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 163.797049][ T5335] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 163.844840][ T5335] BTRFS info (device loop0): rebuilding free space tree [ 163.876173][ T5335] BTRFS info (device loop0): disabling free space tree [ 163.883451][ T5335] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 163.893802][ T5335] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 163.923438][ T24] audit: type=1804 audit(1731327570.368:2): pid=5335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/0/bus/file1" dev="loop0" ino=260 res=1 errno=0 [ 163.955996][ T5335] BTRFS info (device loop0): balance: start -d -m [ 163.968097][ T5335] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 163.985625][ T5335] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 164.027595][ T5335] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 164.050852][ T5335] BTRFS info (device loop0): found 2 extents, stage: update data pointers [ 164.068136][ T5335] BTRFS info (device loop0): balance: ended with status: 0 [ 164.102998][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d executing program [ 164.423364][ T5356] loop0: detected capacity change from 0 to 32768 [ 164.439310][ T5356] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5356) [ 164.464565][ T5356] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 164.469317][ T5356] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 164.499304][ T5356] BTRFS info (device loop0): rebuilding free space tree [ 164.516268][ T5356] BTRFS info (device loop0): disabling free space tree [ 164.518865][ T5356] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 164.521777][ T5356] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 164.540912][ T24] audit: type=1804 audit(1731327570.988:3): pid=5356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/1/bus/file1" dev="loop0" ino=260 res=1 errno=0 [ 164.565804][ T5356] BTRFS info (device loop0): balance: start -d -m [ 164.577804][ T5356] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 164.593163][ T5356] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 164.627410][ T5356] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 164.651142][ T5356] BTRFS info (device loop0): found 2 extents, stage: update data pointers [ 164.666819][ T5356] BTRFS info (device loop0): balance: ended with status: 0 [ 164.703737][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d executing program [ 165.137010][ T5375] loop0: detected capacity change from 0 to 32768 [ 165.144503][ T5375] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5375) [ 165.163690][ T5375] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 165.173656][ T5375] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 165.228693][ T5375] BTRFS info (device loop0): rebuilding free space tree [ 165.252761][ T5375] BTRFS info (device loop0): disabling free space tree [ 165.265644][ T5375] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 165.269695][ T5375] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 165.289000][ T24] audit: type=1804 audit(1731327571.738:4): pid=5375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/2/bus/file1" dev="loop0" ino=260 res=1 errno=0 [ 165.307542][ T5375] BTRFS info (device loop0): balance: start -d -m [ 165.317343][ T5375] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 165.339068][ T5375] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 165.391113][ T5375] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 165.429111][ T5375] BTRFS info (device loop0): found 2 extents, stage: update data pointers [ 165.457662][ T5375] BTRFS info (device loop0): balance: ended with status: 0 [ 165.493282][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d executing program [ 165.798928][ T5395] loop0: detected capacity change from 0 to 32768 [ 165.808630][ T5395] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5395) [ 165.829610][ T5395] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 165.833317][ T5395] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 165.867543][ T5395] BTRFS info (device loop0): rebuilding free space tree [ 165.878473][ T5395] BTRFS info (device loop0): disabling free space tree [ 165.880713][ T5395] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 165.884075][ T5395] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 165.912278][ T24] audit: type=1804 audit(1731327572.358:5): pid=5395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/3/bus/file1" dev="loop0" ino=260 res=1 errno=0 [ 165.931187][ T5395] BTRFS info (device loop0): balance: start -d -m [ 165.935954][ T5395] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 165.958547][ T5395] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 165.991861][ T5395] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 166.009939][ T5395] BTRFS info (device loop0): found 2 extents, stage: update data pointers [ 166.023395][ T5395] BTRFS info (device loop0): balance: ended with status: 0 [ 166.043748][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d executing program [ 166.347618][ T5414] loop0: detected capacity change from 0 to 32768 [ 166.357583][ T5414] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5414) [ 166.369907][ T5414] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 166.379423][ T5414] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 166.420024][ T5414] BTRFS info (device loop0): rebuilding free space tree [ 166.435502][ T5414] BTRFS info (device loop0): disabling free space tree [ 166.445053][ T5414] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 166.449536][ T5414] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 166.469629][ T24] audit: type=1804 audit(1731327572.918:6): pid=5414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/4/bus/file1" dev="loop0" ino=260 res=1 errno=0 [ 166.487865][ T5414] BTRFS info (device loop0): balance: start -d -m [ 166.497738][ T5414] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 166.514067][ T5414] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 166.548607][ T5414] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 166.567077][ T5414] BTRFS info (device loop0): found 2 extents, stage: update data pointers [ 166.580231][ T5414] BTRFS info (device loop0): balance: ended with status: 0 [ 166.601092][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d executing program [ 166.901719][ T5433] loop0: detected capacity change from 0 to 32768 [ 166.908031][ T5433] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5433) [ 166.922969][ T5433] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 166.932741][ T5433] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 166.968512][ T5433] BTRFS info (device loop0): rebuilding free space tree [ 166.984321][ T5433] BTRFS info (device loop0): disabling free space tree [ 166.993749][ T5433] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 166.997652][ T5433] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 167.015652][ T24] audit: type=1804 audit(1731327573.458:7): pid=5433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/5/bus/file1" dev="loop0" ino=260 res=1 errno=0 [ 167.042269][ T5433] BTRFS info (device loop0): balance: start -d -m [ 167.050666][ T5433] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 167.072841][ T5433] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 167.113649][ T5433] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 167.130592][ T5433] BTRFS info (device loop0): found 2 extents, stage: update data pointers [ 167.146320][ T5433] BTRFS info (device loop0): balance: ended with status: 0 [ 167.165217][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d executing program [ 167.469253][ T5452] loop0: detected capacity change from 0 to 32768 [ 167.475901][ T5452] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5452) [ 167.494118][ T5452] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 167.506956][ T5452] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 167.531526][ T5452] BTRFS info (device loop0): rebuilding free space tree [ 167.547322][ T5452] BTRFS info (device loop0): disabling free space tree [ 167.550107][ T5452] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 167.564045][ T5452] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 167.576330][ T24] audit: type=1804 audit(1731327574.018:8): pid=5452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/6/bus/file1" dev="loop0" ino=260 res=1 errno=0 [ 167.595954][ T5452] BTRFS info (device loop0): balance: start -d -m [ 167.606566][ T5452] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 167.630495][ T5452] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 167.671615][ T5452] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 167.691731][ T5452] BTRFS info (device loop0): found 2 extents, stage: update data pointers [ 167.705859][ T5452] BTRFS info (device loop0): balance: ended with status: 0 [ 167.724402][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d executing program [ 168.014930][ T5471] loop0: detected capacity change from 0 to 32768 [ 168.027001][ T5471] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5471) [ 168.046146][ T5471] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 168.056746][ T5471] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 168.080325][ T5471] BTRFS info (device loop0): rebuilding free space tree [ 168.094802][ T5471] BTRFS info (device loop0): disabling free space tree [ 168.104262][ T5471] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 168.114439][ T5471] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 168.128175][ T24] audit: type=1804 audit(1731327574.578:9): pid=5471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/7/bus/file1" dev="loop0" ino=260 res=1 errno=0 [ 168.154828][ T5471] BTRFS info (device loop0): balance: start -d -m [ 168.167743][ T5471] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 168.184744][ T5471] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata executing program [ 168.550342][ T5490] loop0: detected capacity change from 0 to 32768 [ 168.557429][ T5490] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5490) [ 168.622629][ T24] audit: type=1804 audit(1731327575.068:10): pid=5490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/8/bus/file1" dev="loop0" ino=260 res=1 errno=0 [ 168.719687][ T5507] FAULT_INJECTION: forcing a failure. [ 168.719687][ T5507] name failslab, interval 1, probability 0, space 0, times 1 [ 168.724327][ T5507] CPU: 0 UID: 0 PID: 5507 Comm: syz-executor394 Not tainted 6.12.0-rc7-syzkaller #0 [ 168.727551][ T5507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 168.731296][ T5507] Call Trace: [ 168.732468][ T5507] <TASK> [ 168.733469][ T5507] dump_stack_lvl+0x241/0x360 [ 168.735293][ T5507] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.737112][ T5507] ? __pfx__printk+0x10/0x10 [ 168.738718][ T5507] ? fs_reclaim_acquire+0x93/0x130 [ 168.740326][ T5507] ? __pfx___might_resched+0x10/0x10 [ 168.742291][ T5507] should_fail_ex+0x3b0/0x4e0 [ 168.743984][ T5507] ? add_delayed_ref+0x138/0x1dc0 [ 168.746027][ T5507] should_failslab+0xac/0x100 [ 168.747836][ T5507] ? add_delayed_ref+0x138/0x1dc0 [ 168.749720][ T5507] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 168.751657][ T5507] add_delayed_ref+0x138/0x1dc0 [ 168.753439][ T5507] ? __pfx_lock_release+0x10/0x10 [ 168.755152][ T5507] ? do_raw_spin_unlock+0x58/0x8b0 [ 168.756917][ T5507] ? _raw_spin_unlock+0x28/0x50 [ 168.758684][ T5507] ? btrfs_ref_tree_mod+0x13d8/0x15e0 [ 168.760729][ T5507] ? __pfx_add_delayed_ref+0x10/0x10 [ 168.762815][ T5507] btrfs_alloc_tree_block+0xdfc/0x1440 [ 168.765111][ T5507] ? __pfx_btrfs_alloc_tree_block+0x10/0x10 [ 168.767558][ T5507] ? read_extent_buffer+0x11b/0x440 [ 168.769749][ T5507] btrfs_force_cow_block+0x526/0x1da0 [ 168.771849][ T5507] ? __pfx_lock_acquire+0x10/0x10 [ 168.773657][ T5507] ? __pfx_btrfs_force_cow_block+0x10/0x10 [ 168.775798][ T5507] ? btrfs_qgroup_add_swapped_blocks+0x920/0x990 [ 168.778177][ T5507] ? down_write_nested+0x195/0x220 [ 168.780063][ T5507] ? __pfx_down_write_nested+0x10/0x10 [ 168.782123][ T5507] btrfs_cow_block+0x35e/0xa40 [ 168.783937][ T5507] btrfs_search_slot+0xbdd/0x30d0 [ 168.785796][ T5507] ? __pfx_btrfs_search_slot+0x10/0x10 [ 168.787827][ T5507] btrfs_lookup_dir_item+0x1c6/0x310 [ 168.789766][ T5507] ? __pfx_btrfs_lookup_dir_item+0x10/0x10 [ 168.791912][ T5507] ? __btrfs_unlink_inode+0x140/0x930 [ 168.793822][ T5507] ? rcu_is_watching+0x15/0xb0 [ 168.795462][ T5507] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 168.797448][ T5507] ? kmem_cache_alloc_noprof+0x185/0x2a0 [ 168.799499][ T5507] __btrfs_unlink_inode+0x178/0x930 [ 168.801464][ T5507] ? __pfx___btrfs_unlink_inode+0x10/0x10 [ 168.803514][ T5507] ? btrfs_record_unlink_dir+0xc4/0x180 [ 168.805544][ T5507] btrfs_unlink+0x1bc/0x350 [ 168.807207][ T5507] ? __pfx_btrfs_unlink+0x10/0x10 [ 168.809028][ T5507] ? bpf_lsm_inode_unlink+0x9/0x10 [ 168.810863][ T5507] ? security_inode_unlink+0xd9/0x340 [ 168.812810][ T5507] vfs_unlink+0x365/0x650 [ 168.814467][ T5507] do_unlinkat+0x4ae/0x830 [ 168.816175][ T5507] ? __pfx_do_unlinkat+0x10/0x10 [ 168.818008][ T5507] ? __might_fault+0xaa/0x120 [ 168.819675][ T5507] ? __might_fault+0xc6/0x120 [ 168.821376][ T5507] ? strncpy_from_user+0x13a/0x260 [ 168.823221][ T5507] ? getname_flags+0x1e3/0x540 [ 168.824961][ T5507] __x64_sys_unlinkat+0xcc/0xf0 [ 168.826699][ T5507] do_syscall_64+0xf3/0x230 [ 168.828169][ T5507] ? clear_bhb_loop+0x35/0x90 [ 168.829717][ T5507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.831860][ T5507] RIP: 0033:0x7f8c67b96039 [ 168.833432][ T5507] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 168.840379][ T5507] RSP: 002b:00007f8c67b23208 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 168.843306][ T5507] RAX: ffffffffffffffda RBX: 00007f8c67c1c6d8 RCX: 00007f8c67b96039 [ 168.846672][ T5507] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 00000000ffffff9c [ 168.849427][ T5507] RBP: 00007f8c67c1c6d0 R08: 00007f8c67b22fa6 R09: 0000000000003636 [ 168.852238][ T5507] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c67be8750 [ 168.854891][ T5507] R13: 00007f8c67b23210 R14: 0031656c69662f2e R15: 0000000000000002 [ 168.857540][ T5507] </TASK> [ 168.888864][ T5490] BTRFS error (device loop0): re-allocated a block that still has references to it! [ 168.892350][ T5490] BTRFS error (device loop0): dumping block entry [8663040 4096], num_refs 2, metadata 1, from disk 0 [ 168.896155][ T5490] BTRFS error (device loop0): ref root 5, parent 0, owner 1, offset 0, num_refs 1 [ 168.899672][ T5490] BTRFS error (device loop0): root entry 1, num_refs 0 [ 168.902033][ T5490] BTRFS error (device loop0): root entry 5, num_refs 0 [ 168.904305][ T5490] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 1, offset 0, num_refs 1 [ 168.908421][ T5490] btrfs_force_cow_block+0x526/0x1da0 [ 168.910409][ T5490] btrfs_cow_block+0x35e/0xa40 [ 168.912268][ T5490] btrfs_search_slot+0xbdd/0x30d0 [ 168.914186][ T5490] btrfs_lookup_dir_item+0x1c6/0x310 [ 168.916138][ T5490] __btrfs_unlink_inode+0x178/0x930 [ 168.918374][ T5490] btrfs_unlink+0x1bc/0x350 [ 168.919983][ T5490] vfs_unlink+0x365/0x650 [ 168.921441][ T5490] do_unlinkat+0x4ae/0x830 [ 168.922969][ T5490] __x64_sys_unlinkat+0xcc/0xf0 [ 168.924847][ T5490] do_syscall_64+0xf3/0x230 [ 168.926883][ T5490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.928922][ T5490] BTRFS error (device loop0): Ref action 3, root 1, ref_root 1, parent 0, owner 0, offset 0, num_refs 1 [ 168.932492][ T5490] btrfs_force_cow_block+0x526/0x1da0 [ 168.934373][ T5490] btrfs_cow_block+0x35e/0xa40 [ 168.936198][ T5490] btrfs_search_slot+0xbdd/0x30d0 [ 168.938471][ T5490] btrfs_update_root+0xf6/0xc70 [ 168.940352][ T5490] commit_fs_roots+0x4cd/0x720 [ 168.942226][ T5490] btrfs_commit_transaction+0xfaf/0x3740 [ 168.944440][ T5490] prepare_to_merge+0x8b3/0x1610 [ 168.946300][ T5490] relocate_block_group+0xafc/0xd40 [ 168.948473][ T5490] btrfs_relocate_block_group+0x77d/0xd90 [ 168.950747][ T5490] btrfs_relocate_chunk+0x12c/0x3b0 [ 168.952713][ T5490] __btrfs_balance+0x1b0f/0x26b0 [ 168.954591][ T5490] btrfs_balance+0xbdc/0x10c0 [ 168.956339][ T5490] btrfs_ioctl_balance+0x493/0x7c0 [ 168.958300][ T5490] __se_sys_ioctl+0xf9/0x170 [ 168.960063][ T5490] do_syscall_64+0xf3/0x230 [ 168.961733][ T5490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.975641][ T5490] _btrfs_printk: 14 callbacks suppressed [ 168.975657][ T5490] BTRFS info (device loop0): found 2 extents, stage: update data pointers [ 168.988863][ T5490] BTRFS info (device loop0): balance: ended with status: 0 [ 169.007645][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 169.029013][ T5331] ------------[ cut here ]------------ [ 169.031137][ T5331] WARNING: CPU: 0 PID: 5331 at fs/btrfs/space-info.h:250 btrfs_space_info_update_bytes_may_use+0x2c4/0x660 [ 169.035022][ T5331] Modules linked in: [ 169.036908][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz-executor394 Not tainted 6.12.0-rc7-syzkaller #0 [ 169.040816][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.044389][ T5331] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x2c4/0x660 [ 169.047358][ T5331] Code: 00 00 74 08 4c 89 ff e8 1a cc 23 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 f7 03 ba fd 48 39 eb 73 16 e8 8d 01 ba fd 90 <0f> 0b 90 45 31 f6 43 80 7c 25 00 00 75 a6 eb ac e8 77 01 ba fd 43 [ 169.054087][ T5331] RSP: 0018:ffffc9000ce47a00 EFLAGS: 00010293 [ 169.056179][ T5331] RAX: ffffffff83dad883 RBX: 00000000000ef000 RCX: ffff888000380000 [ 169.059329][ T5331] RDX: 0000000000000000 RSI: 00000000000f0000 RDI: 00000000000ef000 [ 169.062079][ T5331] RBP: 00000000000f0000 R08: ffffffff83dad879 R09: 1ffffffff203a13d [ 169.064927][ T5331] R10: dffffc0000000000 R11: fffffbfff203a13e R12: dffffc0000000000 [ 169.068026][ T5331] R13: 1ffff11007ecdc0d R14: fffffffffff10000 R15: ffff88803f66e068 [ 169.070761][ T5331] FS: 00005555847a83c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 169.073729][ T5331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.076042][ T5331] CR2: 00005555847b1738 CR3: 0000000011854000 CR4: 0000000000352ef0 [ 169.079200][ T5331] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 169.081961][ T5331] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 169.084789][ T5331] Call Trace: [ 169.085945][ T5331] <TASK> [ 169.087234][ T5331] ? __warn+0x168/0x4e0 [ 169.088707][ T5331] ? btrfs_space_info_update_bytes_may_use+0x2c4/0x660 [ 169.091016][ T5331] ? report_bug+0x2b3/0x500 [ 169.092648][ T5331] ? btrfs_space_info_update_bytes_may_use+0x2c4/0x660 [ 169.095188][ T5331] ? handle_bug+0x60/0x90 [ 169.096818][ T5331] ? exc_invalid_op+0x1a/0x50 [ 169.098560][ T5331] ? asm_exc_invalid_op+0x1a/0x20 [ 169.100516][ T5331] ? btrfs_space_info_update_bytes_may_use+0x2b9/0x660 [ 169.103105][ T5331] ? btrfs_space_info_update_bytes_may_use+0x2c3/0x660 [ 169.105655][ T5331] ? btrfs_space_info_update_bytes_may_use+0x2c4/0x660 [ 169.108300][ T5331] btrfs_block_rsv_release+0x4f4/0x5f0 [ 169.110376][ T5331] ? kfree+0x1a0/0x440 [ 169.111871][ T5331] btrfs_release_global_block_rsv+0x33/0x270 [ 169.113956][ T5331] btrfs_free_block_groups+0xc3c/0x1080 [ 169.115931][ T5331] close_ctree+0x772/0xd60 [ 169.117719][ T5331] ? hook_sb_delete+0x888/0xbd0 [ 169.119448][ T5331] ? __pfx_close_ctree+0x10/0x10 [ 169.121140][ T5331] ? __get_node_page+0xe41/0xfc0 [ 169.122949][ T5331] ? __pfx_hook_sb_delete+0x10/0x10 [ 169.124805][ T5331] ? __pfx_evict_inodes+0x10/0x10 [ 169.126813][ T5331] ? btrfs_sync_fs+0x224/0x700 [ 169.128658][ T5331] ? __pfx_btrfs_put_super+0x10/0x10 [ 169.130598][ T5331] generic_shutdown_super+0x139/0x2d0 [ 169.132579][ T5331] kill_anon_super+0x3b/0x70 [ 169.134338][ T5331] btrfs_kill_super+0x41/0x50 [ 169.136222][ T5331] deactivate_locked_super+0xc4/0x130 [ 169.138188][ T5331] cleanup_mnt+0x41f/0x4b0 [ 169.139691][ T5331] ? lockdep_hardirqs_on+0x99/0x150 [ 169.141681][ T5331] task_work_run+0x24f/0x310 [ 169.143414][ T5331] ? __pfx_task_work_run+0x10/0x10 [ 169.145367][ T5331] ? __x64_sys_umount+0x123/0x170 [ 169.147276][ T5331] ? syscall_exit_to_user_mode+0xa3/0x370 [ 169.149129][ T5331] syscall_exit_to_user_mode+0x168/0x370 [ 169.151094][ T5331] do_syscall_64+0x100/0x230 [ 169.152898][ T5331] ? clear_bhb_loop+0x35/0x90 [ 169.154752][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.157033][ T5331] RIP: 0033:0x7f8c67b97297 [ 169.158742][ T5331] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 169.165882][ T5331] RSP: 002b:00007fffcdf18ea8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 169.168922][ T5331] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f8c67b97297 [ 169.171466][ T5331] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffcdf18f60 [ 169.174427][ T5331] RBP: 00007fffcdf18f60 R08: 0000000000000000 R09: 0000000000000000 [ 169.177251][ T5331] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fffcdf1a010 [ 169.180283][ T5331] R13: 00005555847a9700 R14: 431bde82d7b634db R15: 00007fffcdf19fb4 [ 169.183148][ T5331] </TASK> [ 169.184334][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 169.187095][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz-executor394 Not tainted 6.12.0-rc7-syzkaller #0 [ 169.190563][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.195078][ T5331] Call Trace: [ 169.196499][ T5331] <TASK> [ 169.197836][ T5331] dump_stack_lvl+0x241/0x360 [ 169.199668][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 169.201691][ T5331] ? __pfx__printk+0x10/0x10 [ 169.203414][ T5331] ? vscnprintf+0x5d/0x90 [ 169.205078][ T5331] panic+0x349/0x880 [ 169.206644][ T5331] ? __warn+0x177/0x4e0 [ 169.208243][ T5331] ? __pfx_panic+0x10/0x10 [ 169.209944][ T5331] __warn+0x34b/0x4e0 [ 169.211501][ T5331] ? btrfs_space_info_update_bytes_may_use+0x2c4/0x660 [ 169.214056][ T5331] report_bug+0x2b3/0x500 [ 169.215729][ T5331] ? btrfs_space_info_update_bytes_may_use+0x2c4/0x660 [ 169.218356][ T5331] handle_bug+0x60/0x90 [ 169.219941][ T5331] exc_invalid_op+0x1a/0x50 [ 169.221721][ T5331] asm_exc_invalid_op+0x1a/0x20 [ 169.223518][ T5331] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x2c4/0x660 [ 169.226307][ T5331] Code: 00 00 74 08 4c 89 ff e8 1a cc 23 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 f7 03 ba fd 48 39 eb 73 16 e8 8d 01 ba fd 90 <0f> 0b 90 45 31 f6 43 80 7c 25 00 00 75 a6 eb ac e8 77 01 ba fd 43 [ 169.233312][ T5331] RSP: 0018:ffffc9000ce47a00 EFLAGS: 00010293 [ 169.235519][ T5331] RAX: ffffffff83dad883 RBX: 00000000000ef000 RCX: ffff888000380000 [ 169.238339][ T5331] RDX: 0000000000000000 RSI: 00000000000f0000 RDI: 00000000000ef000 [ 169.241101][ T5331] RBP: 00000000000f0000 R08: ffffffff83dad879 R09: 1ffffffff203a13d [ 169.244059][ T5331] R10: dffffc0000000000 R11: fffffbfff203a13e R12: dffffc0000000000 [ 169.247023][ T5331] R13: 1ffff11007ecdc0d R14: fffffffffff10000 R15: ffff88803f66e068 [ 169.250041][ T5331] ? btrfs_space_info_update_bytes_may_use+0x2b9/0x660 [ 169.252583][ T5331] ? btrfs_space_info_update_bytes_may_use+0x2c3/0x660 [ 169.255170][ T5331] btrfs_block_rsv_release+0x4f4/0x5f0 [ 169.257205][ T5331] ? kfree+0x1a0/0x440 [ 169.258648][ T5331] btrfs_release_global_block_rsv+0x33/0x270 [ 169.260715][ T5331] btrfs_free_block_groups+0xc3c/0x1080 [ 169.262658][ T5331] close_ctree+0x772/0xd60 [ 169.264426][ T5331] ? hook_sb_delete+0x888/0xbd0 [ 169.266289][ T5331] ? __pfx_close_ctree+0x10/0x10 [ 169.268128][ T5331] ? __get_node_page+0xe41/0xfc0 [ 169.269944][ T5331] ? __pfx_hook_sb_delete+0x10/0x10 [ 169.271820][ T5331] ? __pfx_evict_inodes+0x10/0x10 [ 169.273753][ T5331] ? btrfs_sync_fs+0x224/0x700 [ 169.275605][ T5331] ? __pfx_btrfs_put_super+0x10/0x10 [ 169.277514][ T5331] generic_shutdown_super+0x139/0x2d0 [ 169.279475][ T5331] kill_anon_super+0x3b/0x70 [ 169.281111][ T5331] btrfs_kill_super+0x41/0x50 [ 169.282764][ T5331] deactivate_locked_super+0xc4/0x130 [ 169.284767][ T5331] cleanup_mnt+0x41f/0x4b0 [ 169.286457][ T5331] ? lockdep_hardirqs_on+0x99/0x150 [ 169.288402][ T5331] task_work_run+0x24f/0x310 [ 169.290205][ T5331] ? __pfx_task_work_run+0x10/0x10 [ 169.292035][ T5331] ? __x64_sys_umount+0x123/0x170 [ 169.293848][ T5331] ? syscall_exit_to_user_mode+0xa3/0x370 [ 169.295955][ T5331] syscall_exit_to_user_mode+0x168/0x370 [ 169.298064][ T5331] do_syscall_64+0x100/0x230 [ 169.299790][ T5331] ? clear_bhb_loop+0x35/0x90 [ 169.301558][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.303737][ T5331] RIP: 0033:0x7f8c67b97297 [ 169.305468][ T5331] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 169.312378][ T5331] RSP: 002b:00007fffcdf18ea8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 169.315378][ T5331] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f8c67b97297 [ 169.318331][ T5331] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffcdf18f60 [ 169.321225][ T5331] RBP: 00007fffcdf18f60 R08: 0000000000000000 R09: 0000000000000000 [ 169.324168][ T5331] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fffcdf1a010 [ 169.327044][ T5331] R13: 00005555847a9700 R14: 431bde82d7b634db R15: 00007fffcdf19fb4 [ 169.330012][ T5331] </TASK> [ 169.331508][ T5331] Kernel Offset: disabled [ 169.333329][ T5331] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:19:35 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000039 RBX=ffffffff9a719ec0 RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000ce47130 R8 =ffffffff854b053b R9 =1ffff110067ac046 R10=dffffc0000000000 R11=ffffffff854b04f0 R12=dffffc0000000000 R13=ffffffff9a414eeb R14=0000000000000039 R15=00000000000003f8 RIP=ffffffff854b056e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00005555847a83c0 ffffffff 00c00000 GS =0000 ffff88801fc00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005555847b1738 CR3=0000000011854000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f3ab61154ce17ad5 657c0d17a6847dc3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f83d5bb7fd484402 3e16d15d83de3dde ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cf9b1548aa698d17 17da7201dfd26a10 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b7996c7197babbe8 989088cc40fee8d4 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001300 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006f00000000 d9d9d99a00009293 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000006f 000000000000006f ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006f00008270 d9d2729e0000a77f ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d9e0b45900006c22 00000000d9ce87e4 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e667e70d9fcf5e84 b69b905dee7d5b28 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1146f9a160ac648f e0b404c5e7f81c97 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2065746164707520 3a6567617473202c 73746e6574786520 3220646e756f6600 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2065746164707520 3065676174732026 7374646574726520 3220646475656600 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7462202020205730 3334355420515732 3334323333243236 3120205134343600 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202f20 2631202c20205732 3334322020242020 3120202026202000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a7e646f786b7a2a 263b2a7e65657855 6c6f782a263b2a7e 6565782a26392a64 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7e682a2a2a2a573a 333e3f5e2a515738 333e38393324323c 3b2a2a51343e3600 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000