------------[ cut here ]------------ WARNING: CPU: 0 PID: 6549 at fs/btrfs/inode.c:7943 btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7943 Modules linked in: CPU: 0 UID: 0 PID: 6549 Comm: syz-executor Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7943 lr : btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7943 sp : ffff8000a1687900 x29: ffff8000a1687920 x28: dfff800000000000 x27: 1fffe0001e9acb57 x26: ffff7000142d0f38 x25: dfff800000000000 x24: 1fffe0001e9acac8 x23: ffff0000c6122000 x22: 0000000000010000 x21: ffff0000f4d658b0 x20: ffff0000f4d659e8 x19: ffff0000f4d65640 x18: 1fffe000337d6e90 x17: ffff0001fea8c870 x16: ffff800082dee448 x15: 0000000000000001 x14: 1fffe0001e9acb80 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000fab x10: 0000000000ff0100 x9 : 0000000000000000 x8 : ffff0000c98dbd80 x7 : ffff800080e9d918 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f08330 x2 : 0000000000000000 x1 : 0000000000010000 x0 : 0000000000000000 Call trace: btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7943 (P) destroy_inode fs/inode.c:396 [inline] evict+0x6e4/0x928 fs/inode.c:834 dispose_list fs/inode.c:852 [inline] evict_inodes+0x638/0x6d0 fs/inode.c:906 generic_shutdown_super+0xa0/0x2b8 fs/super.c:627 kill_anon_super+0x4c/0x7c fs/super.c:1281 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2134 deactivate_locked_super+0xc4/0x12c fs/super.c:473 deactivate_super+0xe0/0x100 fs/super.c:506 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334 task_work_run+0x1dc/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline] el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:725 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 744744 hardirqs last enabled at (744743): [] __call_rcu_common kernel/rcu/tree.c:3148 [inline] hardirqs last enabled at (744743): [] call_rcu+0x65c/0x978 kernel/rcu/tree.c:3243 hardirqs last disabled at (744744): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (743696): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (743696): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (743559): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ WARNING: CPU: 1 PID: 6549 at fs/btrfs/inode.c:7944 btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7944 Modules linked in: CPU: 1 UID: 0 PID: 6549 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7944 lr : btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7944 sp : ffff8000a1687900 x29: ffff8000a1687920 x28: dfff800000000000 x27: 1fffe0001e9acb57 x26: ffff7000142d0f38 x25: dfff800000000000 x24: 1fffe0001e9acac8 x23: ffff0000c6122000 x22: 0000000000010000 x21: 0000000000010000 x20: ffff0000f4d659e8 x19: ffff0000f4d65640 x18: 1fffe000337d6e90 x17: ffff0001fea8c870 x16: ffff800082dee448 x15: 0000000000000001 x14: 1fffe0001e9acb80 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000fab x10: 0000000000ff0100 x9 : 0000000000000000 x8 : ffff0000c98dbd80 x7 : ffff800080e9d918 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f08330 x2 : 0000000000000000 x1 : 0000000000010000 x0 : 0000000000000000 Call trace: btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7944 (P) destroy_inode fs/inode.c:396 [inline] evict+0x6e4/0x928 fs/inode.c:834 dispose_list fs/inode.c:852 [inline] evict_inodes+0x638/0x6d0 fs/inode.c:906 generic_shutdown_super+0xa0/0x2b8 fs/super.c:627 kill_anon_super+0x4c/0x7c fs/super.c:1281 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2134 deactivate_locked_super+0xc4/0x12c fs/super.c:473 deactivate_super+0xe0/0x100 fs/super.c:506 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334 task_work_run+0x1dc/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline] el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:725 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 744904 hardirqs last enabled at (744903): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (744904): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (744898): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (744898): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (744747): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ WARNING: CPU: 1 PID: 6549 at fs/btrfs/inode.c:7949 btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7949 Modules linked in: CPU: 1 UID: 0 PID: 6549 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7949 lr : btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7949 sp : ffff8000a1687900 x29: ffff8000a1687920 x28: dfff800000000000 x27: 1fffe0001e9acb57 x26: ffff7000142d0f38 x25: dfff800000000000 x24: 1fffe0001e9acac8 x23: ffff0000c6122000 x22: 0000000000010000 x21: 0000000000107000 x20: ffff0000f4d659e8 x19: ffff0000f4d65640 x18: 1fffe000337d6e90 x17: ffff0001fea8c870 x16: ffff800082dee448 x15: 0000000000000001 x14: 1fffe0001e9acb80 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000fab x10: 0000000000ff0100 x9 : 0000000000000000 x8 : ffff0000c98dbd80 x7 : ffff800080e9d918 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f08330 x2 : 0000000000000000 x1 : 0000000000107000 x0 : 0000000000000000 Call trace: btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7949 (P) destroy_inode fs/inode.c:396 [inline] evict+0x6e4/0x928 fs/inode.c:834 dispose_list fs/inode.c:852 [inline] evict_inodes+0x638/0x6d0 fs/inode.c:906 generic_shutdown_super+0xa0/0x2b8 fs/super.c:627 kill_anon_super+0x4c/0x7c fs/super.c:1281 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2134 deactivate_locked_super+0xc4/0x12c fs/super.c:473 deactivate_super+0xe0/0x100 fs/super.c:506 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334 task_work_run+0x1dc/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline] el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:725 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 745302 hardirqs last enabled at (745301): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (745302): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (745296): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (745296): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (744907): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf ------------[ cut here ]------------ WARNING: CPU: 1 PID: 6549 at fs/btrfs/block-group.c:4462 check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463 Modules linked in: CPU: 1 UID: 0 PID: 6549 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463 lr : check_removing_space_info+0x260/0x280 fs/btrfs/block-group.c:4462 sp : ffff8000a1687930 x29: ffff8000a1687930 x28: 1fffe0001b96cc2c x27: dfff800000000000 x26: ffff0000dcb671c0 x25: 0000000000000001 x24: 1fffe0001b96cd02 x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000010000 x20: ffff0000f4658000 x19: ffff0000dcb66800 x18: 1fffe000337db690 x17: ffff80008f59e000 x16: ffff800080538320 x15: 0000000000000001 x14: 1fffe0001b96cd04 x13: 0000000000000000 x12: 0000000000000000 x11: ffff60001b96cd05 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : ffff0000c98dbd80 x7 : ffff800082599394 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000000 x1 : ffff0000dcb66800 x0 : ffff0000f4658000 Call trace: check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463 (P) btrfs_free_block_groups+0xa80/0xd10 fs/btrfs/block-group.c:4580 close_ctree+0x650/0x113c fs/btrfs/disk-io.c:4426 btrfs_put_super+0x1ac/0x1c0 fs/btrfs/super.c:74 generic_shutdown_super+0x12c/0x2b8 fs/super.c:642 kill_anon_super+0x4c/0x7c fs/super.c:1281 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2134 deactivate_locked_super+0xc4/0x12c fs/super.c:473 deactivate_super+0xe0/0x100 fs/super.c:506 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334 task_work_run+0x1dc/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline] el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:725 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 747180 hardirqs last enabled at (747179): [] kasan_quarantine_put+0x1a0/0x1c8 mm/kasan/quarantine.c:234 hardirqs last disabled at (747180): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (746782): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (746782): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (746761): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- BTRFS info (device loop2): space_info DATA+METADATA (sub-group id 0) has 3039232 free, is full BTRFS info (device loop2): space_info total=11534336, used=8429568, pinned=0, reserved=0, may_use=65536, readonly=0 zone_unusable=0 BTRFS info (device loop2): global_block_rsv: size 0 reserved 0 BTRFS info (device loop2): trans_block_rsv: size 0 reserved 0 BTRFS info (device loop2): chunk_block_rsv: size 0 reserved 0 BTRFS info (device loop2): delayed_block_rsv: size 0 reserved 0 BTRFS info (device loop2): delayed_refs_rsv: size 0 reserved 0 syz-executor: attempt to access beyond end of device loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 CPU: 1 UID: 0 PID: 6549 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 f2fs_handle_critical_error+0x34c/0x4b8 fs/f2fs/super.c:4639 f2fs_stop_checkpoint+0x5c/0x70 fs/f2fs/checkpoint.c:35 f2fs_write_end_io+0x768/0xa70 fs/f2fs/data.c:351 bio_endio+0x858/0x894 block/bio.c:1672 submit_bio_noacct+0xd64/0x186c block/blk-core.c:886 submit_bio+0x3b4/0x550 block/blk-core.c:921 f2fs_submit_write_bio+0x13c/0x324 fs/f2fs/data.c:525 __submit_merged_bio+0x254/0x704 fs/f2fs/data.c:540 __f2fs_submit_merged_write fs/f2fs/data.c:635 [inline] __submit_merged_write_cond+0x23c/0x4ac fs/f2fs/data.c:657 f2fs_submit_merged_write_cond fs/f2fs/data.c:674 [inline] f2fs_write_cache_pages fs/f2fs/data.c:3192 [inline] __f2fs_write_data_pages fs/f2fs/data.c:3273 [inline] f2fs_write_data_pages+0x1d28/0x2634 fs/f2fs/data.c:3300 do_writepages+0x270/0x468 mm/page-writeback.c:2604 filemap_fdatawrite_wbc mm/filemap.c:389 [inline] __filemap_fdatawrite_range mm/filemap.c:422 [inline] __filemap_fdatawrite mm/filemap.c:428 [inline] filemap_fdatawrite+0x14c/0x1f4 mm/filemap.c:433 f2fs_sync_dirty_inodes+0x2b8/0x788 fs/f2fs/checkpoint.c:1108 block_operations fs/f2fs/checkpoint.c:1247 [inline] f2fs_write_checkpoint+0x70c/0x1c30 fs/f2fs/checkpoint.c:1678 kill_f2fs_super+0x228/0x594 fs/f2fs/super.c:5448 deactivate_locked_super+0xc4/0x12c fs/super.c:473 deactivate_super+0xe0/0x100 fs/super.c:506 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334 task_work_run+0x1dc/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline] el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:725 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 F2FS-fs (loop2): Stopped filesystem due to reason: 3