./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1454956335

<...>
Warning: Permanently added '10.128.0.44' (ED25519) to the list of known hosts.
execve("./syz-executor1454956335", ["./syz-executor1454956335"], 0x7ffedee20000 /* 10 vars */) = 0
brk(NULL)                               = 0x55555c1e1000
brk(0x55555c1e1d00)                     = 0x55555c1e1d00
arch_prctl(ARCH_SET_FS, 0x55555c1e1380) = 0
set_tid_address(0x55555c1e1650)         = 5840
set_robust_list(0x55555c1e1660, 24)     = 0
rseq(0x55555c1e1ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1454956335", 4096) = 28
getrandom("\x79\xf4\xd9\xd0\x86\xd6\x54\xa4", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555c1e1d00
brk(0x55555c202d00)                     = 0x55555c202d00
brk(0x55555c203000)                     = 0x55555c203000
mprotect(0x7f28ab46d000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c1e1650) = 5841
./strace-static-x86_64: Process 5841 attached
[pid  5841] set_robust_list(0x55555c1e1660, 24) = 0
[pid  5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5841] setpgid(0, 0)               = 0
[pid  5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5841] write(3, "1000", 4)         = 4
[pid  5841] close(3)                    = 0
[pid  5841] write(1, "executing program\n", 18executing program
) = 18
[pid  5841] memfd_create("syzkaller", 0) = 3
[pid  5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f28a2e00000
[pid  5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5841] munmap(0x7f28a2e00000, 138412032) = 0
[pid  5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5841] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5841] close(3)                    = 0
[pid  5841] close(4)                    = 0
[pid  5841] mkdir("./file0", 0777)      = 0
[   89.000219][ T5841] loop0: detected capacity change from 0 to 32768
[   89.040853][ T5841] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor145 (5841)
[   89.079595][ T5841] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   89.091031][ T5841] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   89.100752][ T5841] BTRFS info (device loop0): using free-space-tree
[pid  5841] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,nossd,degraded,enospc_debug,") = 0
[pid  5841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[   89.164013][ T5841] BTRFS info (device loop0): rebuilding free space tree
[pid  5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5841] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5841] close(4)                    = 0
[   89.254541][ T5841] BTRFS info (device loop0): balance: start -susage=34359738371,drange=7..526332,limit=0..6
[   89.266097][ T5841] BTRFS info (device loop0): left=0, need=98304, flags=2
[   89.274479][ T5841] BTRFS info (device loop0): space_info SYSTEM (sub-group id 0) has 0 free, is not full
[   89.284455][ T5841] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0
[   89.298663][ T5841] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792
[   89.307931][ T5841] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0
[   89.315880][ T5841] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0
[   89.323606][ T5841] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0
[   89.331492][ T5841] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0
[   89.342698][ T5841] BTRFS error (device loop0): allocation failed flags 12, wanted 4096 tree-log 0, relocation: 0
[   89.353521][ T5841] BTRFS info (device loop0): space_info DATA+METADATA (sub-group id 0) has 1769472 free, is full
[   89.364295][ T5841] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1445888, readonly=0 zone_unusable=0
[   89.378538][ T5841] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792
[   89.387521][ T5841] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0
[   89.395351][ T5841] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0
[   89.403573][ T5841] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0
[   89.411757][ T5841] BTRFS info (device loop0): delayed_refs_rsv: size 327680 reserved 0
[   89.420472][ T5841] BTRFS info (device loop0): block group 5242880 has 1638400 bytes, 61440 used 0 pinned 0 reserved 0 delalloc 0 super 0 zone_unusable (1576960 bytes available) 
[   89.437259][ T5841] BTRFS critical (device loop0): entry offset 5251072, bytes 4096, bitmap no
[   89.447299][ T5841] BTRFS critical (device loop0): entry offset 5259264, bytes 8192, bitmap no
[   89.456290][ T5841] BTRFS critical (device loop0): entry offset 5271552, bytes 16384, bitmap no
[   89.465237][ T5841] BTRFS critical (device loop0): entry offset 5316608, bytes 36864, bitmap no
[   89.474204][ T5841] BTRFS critical (device loop0): entry offset 5369856, bytes 1511424, bitmap no
[   89.483623][ T5841] BTRFS info (device loop0): block group has cluster?: no
[   89.491085][ T5841] BTRFS info (device loop0): 5 free space entries at or bigger than 4096 bytes
[   89.500369][ T5841] BTRFS info (device loop0): block group 6881280 has 1638400 bytes, 0 used 0 pinned 0 reserved 0 delalloc 0 super 0 zone_unusable (1638400 bytes available) 
[   89.516551][ T5841] BTRFS critical (device loop0): entry offset 6881280, bytes 1638400, bitmap no
[   89.525878][ T5841] BTRFS info (device loop0): block group has cluster?: no
[   89.533240][ T5841] BTRFS info (device loop0): 1 free space entries at or bigger than 4096 bytes
[   89.542280][ T5841] BTRFS info (device loop0): 3215360 bytes available across all block groups
[   89.551463][ T5841] ------------[ cut here ]------------
[   89.557101][ T5841] BTRFS: Transaction aborted (error -28)
[   89.563386][ T5841] WARNING: CPU: 1 PID: 5841 at fs/btrfs/block-group.c:2781 btrfs_create_pending_block_groups+0x1120/0x1360
[   89.574972][ T5841] Modules linked in:
[   89.579122][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz-executor145 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[   89.591718][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   89.601876][ T5841] RIP: 0010:btrfs_create_pending_block_groups+0x1120/0x1360
[   89.609181][ T5841] Code: 48 c7 c6 40 ac cf 8b 44 89 f2 e8 ab 97 44 fd e9 38 fe ff ff e8 71 a7 da fd 90 48 c7 c7 e0 ab cf 8b 44 89 f6 e8 71 8a 9e fd 90 <0f> 0b 90 90 e9 19 fe ff ff e8 52 a7 da fd eb 05 e8 4b a7 da fd 4c
[   89.628996][ T5841] RSP: 0018:ffffc90003f2f6e0 EFLAGS: 00010246
[   89.635148][ T5841] RAX: f93583c83a3af200 RBX: ffff88801ebbc001 RCX: ffff888078463c00
[   89.643212][ T5841] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[   89.651527][ T5841] RBP: ffffc90003f2f958 R08: 0000000000000003 R09: 0000000000000004
[   89.659579][ T5841] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: 0000000000000000
[   89.667754][ T5841] R13: dffffc0000000000 R14: 00000000ffffffe4 R15: ffff888035503858
[   89.675957][ T5841] FS:  000055555c1e1380(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000
[   89.685246][ T5841] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   89.692369][ T5841] CR2: 00007f28ab4710f8 CR3: 00000000721be000 CR4: 00000000003526f0
[   89.700670][ T5841] Call Trace:
[   89.703976][ T5841]  <TASK>
[   89.707032][ T5841]  ? kfree+0x18e/0x440
[   89.711187][ T5841]  ? __pfx___reserve_bytes+0x10/0x10
[   89.716873][ T5841]  ? __pfx_btrfs_create_pending_block_groups+0x10/0x10
[   89.723854][ T5841]  ? btrfs_inc_block_group_ro+0x639/0x6f0
[   89.729670][ T5841]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   89.735531][ T5841]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   89.741570][ T5841]  ? btrfs_trans_release_metadata+0x22d/0x330
[   89.747696][ T5841]  __btrfs_end_transaction+0x140/0x640
[   89.753227][ T5841]  btrfs_inc_block_group_ro+0x641/0x6f0
[   89.758810][ T5841]  btrfs_relocate_block_group+0x47a/0xde0
[   89.764630][ T5841]  btrfs_relocate_chunk+0x12a/0x3b0
[   89.769909][ T5841]  __btrfs_balance+0x1870/0x21d0
[   89.774935][ T5841]  ? btrfs_balance+0xc8c/0x11d0
[   89.780027][ T5841]  ? __pfx___btrfs_balance+0x10/0x10
[   89.785376][ T5841]  ? __pfx_mutex_unlock+0x10/0x10
[   89.790530][ T5841]  ? do_raw_spin_unlock+0x122/0x240
[   89.795780][ T5841]  btrfs_balance+0xc94/0x11d0
[   89.800588][ T5841]  btrfs_ioctl_balance+0x3d3/0x610
[   89.805745][ T5841]  ? btrfs_ioctl+0xb19/0xd00
[   89.810393][ T5841]  ? __pfx_btrfs_ioctl+0x10/0x10
[   89.815447][ T5841]  __se_sys_ioctl+0xfc/0x170
[   89.820092][ T5841]  do_syscall_64+0xfa/0x3b0
[   89.824629][ T5841]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.829916][ T5841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.836039][ T5841]  ? clear_bhb_loop+0x60/0xb0
[   89.840827][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.846776][ T5841] RIP: 0033:0x7f28ab3f4d69
[   89.851293][ T5841] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   89.871041][ T5841] RSP: 002b:00007ffcf9607688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   89.879554][ T5841] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f28ab3f4d69
[   89.887577][ T5841] RDX: 0000200000000440 RSI: 00000000c4009420 RDI: 0000000000000003
[   89.895715][ T5841] RBP: 0000000000000000 R08: 0000000000000000 R09: 000055555c1e24c0
[   89.903774][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   89.911794][ T5841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   89.919851][ T5841]  </TASK>
[   89.922888][ T5841] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   89.930517][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz-executor145 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[   89.942926][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   89.952993][ T5841] Call Trace:
[   89.956271][ T5841]  <TASK>
[   89.959204][ T5841]  dump_stack_lvl+0x99/0x250
[   89.963899][ T5841]  ? __asan_memcpy+0x40/0x70
[   89.968490][ T5841]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.973797][ T5841]  ? __pfx__printk+0x10/0x10
[   89.978399][ T5841]  panic+0x2db/0x790
[   89.982294][ T5841]  ? __pfx_panic+0x10/0x10
[   89.986740][ T5841]  ? show_trace_log_lvl+0x4fb/0x550
[   89.992051][ T5841]  __warn+0x31b/0x4b0
[   89.996034][ T5841]  ? btrfs_create_pending_block_groups+0x1120/0x1360
[   90.002897][ T5841]  ? btrfs_create_pending_block_groups+0x1120/0x1360
[   90.009750][ T5841]  report_bug+0x2be/0x4f0
[   90.014110][ T5841]  ? btrfs_create_pending_block_groups+0x1120/0x1360
[   90.020888][ T5841]  ? btrfs_create_pending_block_groups+0x1120/0x1360
[   90.027581][ T5841]  ? btrfs_create_pending_block_groups+0x1122/0x1360
[   90.034273][ T5841]  handle_bug+0x84/0x160
[   90.038631][ T5841]  exc_invalid_op+0x1a/0x50
[   90.043151][ T5841]  asm_exc_invalid_op+0x1a/0x20
[   90.048008][ T5841] RIP: 0010:btrfs_create_pending_block_groups+0x1120/0x1360
[   90.055305][ T5841] Code: 48 c7 c6 40 ac cf 8b 44 89 f2 e8 ab 97 44 fd e9 38 fe ff ff e8 71 a7 da fd 90 48 c7 c7 e0 ab cf 8b 44 89 f6 e8 71 8a 9e fd 90 <0f> 0b 90 90 e9 19 fe ff ff e8 52 a7 da fd eb 05 e8 4b a7 da fd 4c
[   90.075009][ T5841] RSP: 0018:ffffc90003f2f6e0 EFLAGS: 00010246
[   90.081111][ T5841] RAX: f93583c83a3af200 RBX: ffff88801ebbc001 RCX: ffff888078463c00
[   90.089140][ T5841] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[   90.097157][ T5841] RBP: ffffc90003f2f958 R08: 0000000000000003 R09: 0000000000000004
[   90.105226][ T5841] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: 0000000000000000
[   90.113290][ T5841] R13: dffffc0000000000 R14: 00000000ffffffe4 R15: ffff888035503858
[   90.121340][ T5841]  ? kfree+0x18e/0x440
[   90.125450][ T5841]  ? __pfx___reserve_bytes+0x10/0x10
[   90.130756][ T5841]  ? __pfx_btrfs_create_pending_block_groups+0x10/0x10
[   90.137651][ T5841]  ? btrfs_inc_block_group_ro+0x639/0x6f0
[   90.143427][ T5841]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   90.149092][ T5841]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   90.155086][ T5841]  ? btrfs_trans_release_metadata+0x22d/0x330
[   90.161177][ T5841]  __btrfs_end_transaction+0x140/0x640
[   90.166658][ T5841]  btrfs_inc_block_group_ro+0x641/0x6f0
[   90.172232][ T5841]  btrfs_relocate_block_group+0x47a/0xde0
[   90.177984][ T5841]  btrfs_relocate_chunk+0x12a/0x3b0
[   90.183213][ T5841]  __btrfs_balance+0x1870/0x21d0
[   90.188218][ T5841]  ? btrfs_balance+0xc8c/0x11d0
[   90.193116][ T5841]  ? __pfx___btrfs_balance+0x10/0x10
[   90.198426][ T5841]  ? __pfx_mutex_unlock+0x10/0x10
[   90.203472][ T5841]  ? do_raw_spin_unlock+0x122/0x240
[   90.208774][ T5841]  btrfs_balance+0xc94/0x11d0
[   90.213558][ T5841]  btrfs_ioctl_balance+0x3d3/0x610
[   90.218953][ T5841]  ? btrfs_ioctl+0xb19/0xd00
[   90.223555][ T5841]  ? __pfx_btrfs_ioctl+0x10/0x10
[   90.228518][ T5841]  __se_sys_ioctl+0xfc/0x170
[   90.233130][ T5841]  do_syscall_64+0xfa/0x3b0
[   90.237653][ T5841]  ? lockdep_hardirqs_on+0x9c/0x150
[   90.242911][ T5841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.248991][ T5841]  ? clear_bhb_loop+0x60/0xb0
[   90.253697][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.259617][ T5841] RIP: 0033:0x7f28ab3f4d69
[   90.264047][ T5841] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   90.284013][ T5841] RSP: 002b:00007ffcf9607688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   90.292534][ T5841] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f28ab3f4d69
[   90.300624][ T5841] RDX: 0000200000000440 RSI: 00000000c4009420 RDI: 0000000000000003
[   90.308625][ T5841] RBP: 0000000000000000 R08: 0000000000000000 R09: 000055555c1e24c0
[   90.316612][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   90.324692][ T5841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   90.332867][ T5841]  </TASK>
[   90.336316][ T5841] Kernel Offset: disabled
[   90.340654][ T5841] Rebooting in 86400 seconds..