[   86.524716][   T10] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:25067' (ED25519) to the list of known hosts.
executing program
[  163.747379][ T5335] loop0: detected capacity change from 0 to 32768
[  163.761176][ T5335] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5335)
[  163.787361][ T5335] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  163.797049][ T5335] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  163.844840][ T5335] BTRFS info (device loop0): rebuilding free space tree
[  163.876173][ T5335] BTRFS info (device loop0): disabling free space tree
[  163.883451][ T5335] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  163.893802][ T5335] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  163.923438][   T24] audit: type=1804 audit(1731327570.368:2): pid=5335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/0/bus/file1" dev="loop0" ino=260 res=1 errno=0
[  163.955996][ T5335] BTRFS info (device loop0): balance: start -d -m
[  163.968097][ T5335] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata
[  163.985625][ T5335] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata
[  164.027595][ T5335] BTRFS info (device loop0): found 9 extents, stage: move data extents
[  164.050852][ T5335] BTRFS info (device loop0): found 2 extents, stage: update data pointers
[  164.068136][ T5335] BTRFS info (device loop0): balance: ended with status: 0
[  164.102998][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
executing program
[  164.423364][ T5356] loop0: detected capacity change from 0 to 32768
[  164.439310][ T5356] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5356)
[  164.464565][ T5356] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  164.469317][ T5356] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  164.499304][ T5356] BTRFS info (device loop0): rebuilding free space tree
[  164.516268][ T5356] BTRFS info (device loop0): disabling free space tree
[  164.518865][ T5356] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  164.521777][ T5356] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  164.540912][   T24] audit: type=1804 audit(1731327570.988:3): pid=5356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/1/bus/file1" dev="loop0" ino=260 res=1 errno=0
[  164.565804][ T5356] BTRFS info (device loop0): balance: start -d -m
[  164.577804][ T5356] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata
[  164.593163][ T5356] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata
[  164.627410][ T5356] BTRFS info (device loop0): found 9 extents, stage: move data extents
[  164.651142][ T5356] BTRFS info (device loop0): found 2 extents, stage: update data pointers
[  164.666819][ T5356] BTRFS info (device loop0): balance: ended with status: 0
[  164.703737][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
executing program
[  165.137010][ T5375] loop0: detected capacity change from 0 to 32768
[  165.144503][ T5375] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5375)
[  165.163690][ T5375] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  165.173656][ T5375] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  165.228693][ T5375] BTRFS info (device loop0): rebuilding free space tree
[  165.252761][ T5375] BTRFS info (device loop0): disabling free space tree
[  165.265644][ T5375] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  165.269695][ T5375] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  165.289000][   T24] audit: type=1804 audit(1731327571.738:4): pid=5375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/2/bus/file1" dev="loop0" ino=260 res=1 errno=0
[  165.307542][ T5375] BTRFS info (device loop0): balance: start -d -m
[  165.317343][ T5375] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata
[  165.339068][ T5375] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata
[  165.391113][ T5375] BTRFS info (device loop0): found 9 extents, stage: move data extents
[  165.429111][ T5375] BTRFS info (device loop0): found 2 extents, stage: update data pointers
[  165.457662][ T5375] BTRFS info (device loop0): balance: ended with status: 0
[  165.493282][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
executing program
[  165.798928][ T5395] loop0: detected capacity change from 0 to 32768
[  165.808630][ T5395] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5395)
[  165.829610][ T5395] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  165.833317][ T5395] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  165.867543][ T5395] BTRFS info (device loop0): rebuilding free space tree
[  165.878473][ T5395] BTRFS info (device loop0): disabling free space tree
[  165.880713][ T5395] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  165.884075][ T5395] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  165.912278][   T24] audit: type=1804 audit(1731327572.358:5): pid=5395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/3/bus/file1" dev="loop0" ino=260 res=1 errno=0
[  165.931187][ T5395] BTRFS info (device loop0): balance: start -d -m
[  165.935954][ T5395] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata
[  165.958547][ T5395] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata
[  165.991861][ T5395] BTRFS info (device loop0): found 9 extents, stage: move data extents
[  166.009939][ T5395] BTRFS info (device loop0): found 2 extents, stage: update data pointers
[  166.023395][ T5395] BTRFS info (device loop0): balance: ended with status: 0
[  166.043748][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
executing program
[  166.347618][ T5414] loop0: detected capacity change from 0 to 32768
[  166.357583][ T5414] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5414)
[  166.369907][ T5414] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  166.379423][ T5414] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  166.420024][ T5414] BTRFS info (device loop0): rebuilding free space tree
[  166.435502][ T5414] BTRFS info (device loop0): disabling free space tree
[  166.445053][ T5414] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  166.449536][ T5414] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  166.469629][   T24] audit: type=1804 audit(1731327572.918:6): pid=5414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/4/bus/file1" dev="loop0" ino=260 res=1 errno=0
[  166.487865][ T5414] BTRFS info (device loop0): balance: start -d -m
[  166.497738][ T5414] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata
[  166.514067][ T5414] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata
[  166.548607][ T5414] BTRFS info (device loop0): found 9 extents, stage: move data extents
[  166.567077][ T5414] BTRFS info (device loop0): found 2 extents, stage: update data pointers
[  166.580231][ T5414] BTRFS info (device loop0): balance: ended with status: 0
[  166.601092][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
executing program
[  166.901719][ T5433] loop0: detected capacity change from 0 to 32768
[  166.908031][ T5433] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5433)
[  166.922969][ T5433] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  166.932741][ T5433] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  166.968512][ T5433] BTRFS info (device loop0): rebuilding free space tree
[  166.984321][ T5433] BTRFS info (device loop0): disabling free space tree
[  166.993749][ T5433] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  166.997652][ T5433] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  167.015652][   T24] audit: type=1804 audit(1731327573.458:7): pid=5433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/5/bus/file1" dev="loop0" ino=260 res=1 errno=0
[  167.042269][ T5433] BTRFS info (device loop0): balance: start -d -m
[  167.050666][ T5433] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata
[  167.072841][ T5433] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata
[  167.113649][ T5433] BTRFS info (device loop0): found 9 extents, stage: move data extents
[  167.130592][ T5433] BTRFS info (device loop0): found 2 extents, stage: update data pointers
[  167.146320][ T5433] BTRFS info (device loop0): balance: ended with status: 0
[  167.165217][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
executing program
[  167.469253][ T5452] loop0: detected capacity change from 0 to 32768
[  167.475901][ T5452] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5452)
[  167.494118][ T5452] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  167.506956][ T5452] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  167.531526][ T5452] BTRFS info (device loop0): rebuilding free space tree
[  167.547322][ T5452] BTRFS info (device loop0): disabling free space tree
[  167.550107][ T5452] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  167.564045][ T5452] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  167.576330][   T24] audit: type=1804 audit(1731327574.018:8): pid=5452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/6/bus/file1" dev="loop0" ino=260 res=1 errno=0
[  167.595954][ T5452] BTRFS info (device loop0): balance: start -d -m
[  167.606566][ T5452] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata
[  167.630495][ T5452] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata
[  167.671615][ T5452] BTRFS info (device loop0): found 9 extents, stage: move data extents
[  167.691731][ T5452] BTRFS info (device loop0): found 2 extents, stage: update data pointers
[  167.705859][ T5452] BTRFS info (device loop0): balance: ended with status: 0
[  167.724402][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
executing program
[  168.014930][ T5471] loop0: detected capacity change from 0 to 32768
[  168.027001][ T5471] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5471)
[  168.046146][ T5471] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  168.056746][ T5471] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  168.080325][ T5471] BTRFS info (device loop0): rebuilding free space tree
[  168.094802][ T5471] BTRFS info (device loop0): disabling free space tree
[  168.104262][ T5471] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  168.114439][ T5471] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  168.128175][   T24] audit: type=1804 audit(1731327574.578:9): pid=5471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/7/bus/file1" dev="loop0" ino=260 res=1 errno=0
[  168.154828][ T5471] BTRFS info (device loop0): balance: start -d -m
[  168.167743][ T5471] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata
[  168.184744][ T5471] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata
executing program
[  168.550342][ T5490] loop0: detected capacity change from 0 to 32768
[  168.557429][ T5490] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor394 (5490)
[  168.622629][   T24] audit: type=1804 audit(1731327575.068:10): pid=5490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor394" name="/syzkaller.RM21bT/8/bus/file1" dev="loop0" ino=260 res=1 errno=0
[  168.719687][ T5507] FAULT_INJECTION: forcing a failure.
[  168.719687][ T5507] name failslab, interval 1, probability 0, space 0, times 1
[  168.724327][ T5507] CPU: 0 UID: 0 PID: 5507 Comm: syz-executor394 Not tainted 6.12.0-rc7-syzkaller #0
[  168.727551][ T5507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  168.731296][ T5507] Call Trace:
[  168.732468][ T5507]  <TASK>
[  168.733469][ T5507]  dump_stack_lvl+0x241/0x360
[  168.735293][ T5507]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.737112][ T5507]  ? __pfx__printk+0x10/0x10
[  168.738718][ T5507]  ? fs_reclaim_acquire+0x93/0x130
[  168.740326][ T5507]  ? __pfx___might_resched+0x10/0x10
[  168.742291][ T5507]  should_fail_ex+0x3b0/0x4e0
[  168.743984][ T5507]  ? add_delayed_ref+0x138/0x1dc0
[  168.746027][ T5507]  should_failslab+0xac/0x100
[  168.747836][ T5507]  ? add_delayed_ref+0x138/0x1dc0
[  168.749720][ T5507]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  168.751657][ T5507]  add_delayed_ref+0x138/0x1dc0
[  168.753439][ T5507]  ? __pfx_lock_release+0x10/0x10
[  168.755152][ T5507]  ? do_raw_spin_unlock+0x58/0x8b0
[  168.756917][ T5507]  ? _raw_spin_unlock+0x28/0x50
[  168.758684][ T5507]  ? btrfs_ref_tree_mod+0x13d8/0x15e0
[  168.760729][ T5507]  ? __pfx_add_delayed_ref+0x10/0x10
[  168.762815][ T5507]  btrfs_alloc_tree_block+0xdfc/0x1440
[  168.765111][ T5507]  ? __pfx_btrfs_alloc_tree_block+0x10/0x10
[  168.767558][ T5507]  ? read_extent_buffer+0x11b/0x440
[  168.769749][ T5507]  btrfs_force_cow_block+0x526/0x1da0
[  168.771849][ T5507]  ? __pfx_lock_acquire+0x10/0x10
[  168.773657][ T5507]  ? __pfx_btrfs_force_cow_block+0x10/0x10
[  168.775798][ T5507]  ? btrfs_qgroup_add_swapped_blocks+0x920/0x990
[  168.778177][ T5507]  ? down_write_nested+0x195/0x220
[  168.780063][ T5507]  ? __pfx_down_write_nested+0x10/0x10
[  168.782123][ T5507]  btrfs_cow_block+0x35e/0xa40
[  168.783937][ T5507]  btrfs_search_slot+0xbdd/0x30d0
[  168.785796][ T5507]  ? __pfx_btrfs_search_slot+0x10/0x10
[  168.787827][ T5507]  btrfs_lookup_dir_item+0x1c6/0x310
[  168.789766][ T5507]  ? __pfx_btrfs_lookup_dir_item+0x10/0x10
[  168.791912][ T5507]  ? __btrfs_unlink_inode+0x140/0x930
[  168.793822][ T5507]  ? rcu_is_watching+0x15/0xb0
[  168.795462][ T5507]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  168.797448][ T5507]  ? kmem_cache_alloc_noprof+0x185/0x2a0
[  168.799499][ T5507]  __btrfs_unlink_inode+0x178/0x930
[  168.801464][ T5507]  ? __pfx___btrfs_unlink_inode+0x10/0x10
[  168.803514][ T5507]  ? btrfs_record_unlink_dir+0xc4/0x180
[  168.805544][ T5507]  btrfs_unlink+0x1bc/0x350
[  168.807207][ T5507]  ? __pfx_btrfs_unlink+0x10/0x10
[  168.809028][ T5507]  ? bpf_lsm_inode_unlink+0x9/0x10
[  168.810863][ T5507]  ? security_inode_unlink+0xd9/0x340
[  168.812810][ T5507]  vfs_unlink+0x365/0x650
[  168.814467][ T5507]  do_unlinkat+0x4ae/0x830
[  168.816175][ T5507]  ? __pfx_do_unlinkat+0x10/0x10
[  168.818008][ T5507]  ? __might_fault+0xaa/0x120
[  168.819675][ T5507]  ? __might_fault+0xc6/0x120
[  168.821376][ T5507]  ? strncpy_from_user+0x13a/0x260
[  168.823221][ T5507]  ? getname_flags+0x1e3/0x540
[  168.824961][ T5507]  __x64_sys_unlinkat+0xcc/0xf0
[  168.826699][ T5507]  do_syscall_64+0xf3/0x230
[  168.828169][ T5507]  ? clear_bhb_loop+0x35/0x90
[  168.829717][ T5507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.831860][ T5507] RIP: 0033:0x7f8c67b96039
[  168.833432][ T5507] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  168.840379][ T5507] RSP: 002b:00007f8c67b23208 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[  168.843306][ T5507] RAX: ffffffffffffffda RBX: 00007f8c67c1c6d8 RCX: 00007f8c67b96039
[  168.846672][ T5507] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 00000000ffffff9c
[  168.849427][ T5507] RBP: 00007f8c67c1c6d0 R08: 00007f8c67b22fa6 R09: 0000000000003636
[  168.852238][ T5507] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8c67be8750
[  168.854891][ T5507] R13: 00007f8c67b23210 R14: 0031656c69662f2e R15: 0000000000000002
[  168.857540][ T5507]  </TASK>
[  168.888864][ T5490] BTRFS error (device loop0): re-allocated a block that still has references to it!
[  168.892350][ T5490] BTRFS error (device loop0): dumping block entry [8663040 4096], num_refs 2, metadata 1, from disk 0
[  168.896155][ T5490] BTRFS error (device loop0):   ref root 5, parent 0, owner 1, offset 0, num_refs 1
[  168.899672][ T5490] BTRFS error (device loop0):   root entry 1, num_refs 0
[  168.902033][ T5490] BTRFS error (device loop0):   root entry 5, num_refs 0
[  168.904305][ T5490] BTRFS error (device loop0):   Ref action 3, root 5, ref_root 5, parent 0, owner 1, offset 0, num_refs 1
[  168.908421][ T5490]    btrfs_force_cow_block+0x526/0x1da0
[  168.910409][ T5490]    btrfs_cow_block+0x35e/0xa40
[  168.912268][ T5490]    btrfs_search_slot+0xbdd/0x30d0
[  168.914186][ T5490]    btrfs_lookup_dir_item+0x1c6/0x310
[  168.916138][ T5490]    __btrfs_unlink_inode+0x178/0x930
[  168.918374][ T5490]    btrfs_unlink+0x1bc/0x350
[  168.919983][ T5490]    vfs_unlink+0x365/0x650
[  168.921441][ T5490]    do_unlinkat+0x4ae/0x830
[  168.922969][ T5490]    __x64_sys_unlinkat+0xcc/0xf0
[  168.924847][ T5490]    do_syscall_64+0xf3/0x230
[  168.926883][ T5490]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.928922][ T5490] BTRFS error (device loop0):   Ref action 3, root 1, ref_root 1, parent 0, owner 0, offset 0, num_refs 1
[  168.932492][ T5490]    btrfs_force_cow_block+0x526/0x1da0
[  168.934373][ T5490]    btrfs_cow_block+0x35e/0xa40
[  168.936198][ T5490]    btrfs_search_slot+0xbdd/0x30d0
[  168.938471][ T5490]    btrfs_update_root+0xf6/0xc70
[  168.940352][ T5490]    commit_fs_roots+0x4cd/0x720
[  168.942226][ T5490]    btrfs_commit_transaction+0xfaf/0x3740
[  168.944440][ T5490]    prepare_to_merge+0x8b3/0x1610
[  168.946300][ T5490]    relocate_block_group+0xafc/0xd40
[  168.948473][ T5490]    btrfs_relocate_block_group+0x77d/0xd90
[  168.950747][ T5490]    btrfs_relocate_chunk+0x12c/0x3b0
[  168.952713][ T5490]    __btrfs_balance+0x1b0f/0x26b0
[  168.954591][ T5490]    btrfs_balance+0xbdc/0x10c0
[  168.956339][ T5490]    btrfs_ioctl_balance+0x493/0x7c0
[  168.958300][ T5490]    __se_sys_ioctl+0xf9/0x170
[  168.960063][ T5490]    do_syscall_64+0xf3/0x230
[  168.961733][ T5490]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.975641][ T5490] _btrfs_printk: 14 callbacks suppressed
[  168.975657][ T5490] BTRFS info (device loop0): found 2 extents, stage: update data pointers
[  168.988863][ T5490] BTRFS info (device loop0): balance: ended with status: 0
[  169.007645][ T5331] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  169.029013][ T5331] ------------[ cut here ]------------
[  169.031137][ T5331] WARNING: CPU: 0 PID: 5331 at fs/btrfs/space-info.h:250 btrfs_space_info_update_bytes_may_use+0x2c4/0x660
[  169.035022][ T5331] Modules linked in:
[  169.036908][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz-executor394 Not tainted 6.12.0-rc7-syzkaller #0
[  169.040816][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  169.044389][ T5331] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x2c4/0x660
[  169.047358][ T5331] Code: 00 00 74 08 4c 89 ff e8 1a cc 23 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 f7 03 ba fd 48 39 eb 73 16 e8 8d 01 ba fd 90 <0f> 0b 90 45 31 f6 43 80 7c 25 00 00 75 a6 eb ac e8 77 01 ba fd 43
[  169.054087][ T5331] RSP: 0018:ffffc9000ce47a00 EFLAGS: 00010293
[  169.056179][ T5331] RAX: ffffffff83dad883 RBX: 00000000000ef000 RCX: ffff888000380000
[  169.059329][ T5331] RDX: 0000000000000000 RSI: 00000000000f0000 RDI: 00000000000ef000
[  169.062079][ T5331] RBP: 00000000000f0000 R08: ffffffff83dad879 R09: 1ffffffff203a13d
[  169.064927][ T5331] R10: dffffc0000000000 R11: fffffbfff203a13e R12: dffffc0000000000
[  169.068026][ T5331] R13: 1ffff11007ecdc0d R14: fffffffffff10000 R15: ffff88803f66e068
[  169.070761][ T5331] FS:  00005555847a83c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[  169.073729][ T5331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  169.076042][ T5331] CR2: 00005555847b1738 CR3: 0000000011854000 CR4: 0000000000352ef0
[  169.079200][ T5331] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  169.081961][ T5331] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  169.084789][ T5331] Call Trace:
[  169.085945][ T5331]  <TASK>
[  169.087234][ T5331]  ? __warn+0x168/0x4e0
[  169.088707][ T5331]  ? btrfs_space_info_update_bytes_may_use+0x2c4/0x660
[  169.091016][ T5331]  ? report_bug+0x2b3/0x500
[  169.092648][ T5331]  ? btrfs_space_info_update_bytes_may_use+0x2c4/0x660
[  169.095188][ T5331]  ? handle_bug+0x60/0x90
[  169.096818][ T5331]  ? exc_invalid_op+0x1a/0x50
[  169.098560][ T5331]  ? asm_exc_invalid_op+0x1a/0x20
[  169.100516][ T5331]  ? btrfs_space_info_update_bytes_may_use+0x2b9/0x660
[  169.103105][ T5331]  ? btrfs_space_info_update_bytes_may_use+0x2c3/0x660
[  169.105655][ T5331]  ? btrfs_space_info_update_bytes_may_use+0x2c4/0x660
[  169.108300][ T5331]  btrfs_block_rsv_release+0x4f4/0x5f0
[  169.110376][ T5331]  ? kfree+0x1a0/0x440
[  169.111871][ T5331]  btrfs_release_global_block_rsv+0x33/0x270
[  169.113956][ T5331]  btrfs_free_block_groups+0xc3c/0x1080
[  169.115931][ T5331]  close_ctree+0x772/0xd60
[  169.117719][ T5331]  ? hook_sb_delete+0x888/0xbd0
[  169.119448][ T5331]  ? __pfx_close_ctree+0x10/0x10
[  169.121140][ T5331]  ? __get_node_page+0xe41/0xfc0
[  169.122949][ T5331]  ? __pfx_hook_sb_delete+0x10/0x10
[  169.124805][ T5331]  ? __pfx_evict_inodes+0x10/0x10
[  169.126813][ T5331]  ? btrfs_sync_fs+0x224/0x700
[  169.128658][ T5331]  ? __pfx_btrfs_put_super+0x10/0x10
[  169.130598][ T5331]  generic_shutdown_super+0x139/0x2d0
[  169.132579][ T5331]  kill_anon_super+0x3b/0x70
[  169.134338][ T5331]  btrfs_kill_super+0x41/0x50
[  169.136222][ T5331]  deactivate_locked_super+0xc4/0x130
[  169.138188][ T5331]  cleanup_mnt+0x41f/0x4b0
[  169.139691][ T5331]  ? lockdep_hardirqs_on+0x99/0x150
[  169.141681][ T5331]  task_work_run+0x24f/0x310
[  169.143414][ T5331]  ? __pfx_task_work_run+0x10/0x10
[  169.145367][ T5331]  ? __x64_sys_umount+0x123/0x170
[  169.147276][ T5331]  ? syscall_exit_to_user_mode+0xa3/0x370
[  169.149129][ T5331]  syscall_exit_to_user_mode+0x168/0x370
[  169.151094][ T5331]  do_syscall_64+0x100/0x230
[  169.152898][ T5331]  ? clear_bhb_loop+0x35/0x90
[  169.154752][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.157033][ T5331] RIP: 0033:0x7f8c67b97297
[  169.158742][ T5331] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  169.165882][ T5331] RSP: 002b:00007fffcdf18ea8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[  169.168922][ T5331] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f8c67b97297
[  169.171466][ T5331] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffcdf18f60
[  169.174427][ T5331] RBP: 00007fffcdf18f60 R08: 0000000000000000 R09: 0000000000000000
[  169.177251][ T5331] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fffcdf1a010
[  169.180283][ T5331] R13: 00005555847a9700 R14: 431bde82d7b634db R15: 00007fffcdf19fb4
[  169.183148][ T5331]  </TASK>
[  169.184334][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  169.187095][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz-executor394 Not tainted 6.12.0-rc7-syzkaller #0
[  169.190563][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  169.195078][ T5331] Call Trace:
[  169.196499][ T5331]  <TASK>
[  169.197836][ T5331]  dump_stack_lvl+0x241/0x360
[  169.199668][ T5331]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.201691][ T5331]  ? __pfx__printk+0x10/0x10
[  169.203414][ T5331]  ? vscnprintf+0x5d/0x90
[  169.205078][ T5331]  panic+0x349/0x880
[  169.206644][ T5331]  ? __warn+0x177/0x4e0
[  169.208243][ T5331]  ? __pfx_panic+0x10/0x10
[  169.209944][ T5331]  __warn+0x34b/0x4e0
[  169.211501][ T5331]  ? btrfs_space_info_update_bytes_may_use+0x2c4/0x660
[  169.214056][ T5331]  report_bug+0x2b3/0x500
[  169.215729][ T5331]  ? btrfs_space_info_update_bytes_may_use+0x2c4/0x660
[  169.218356][ T5331]  handle_bug+0x60/0x90
[  169.219941][ T5331]  exc_invalid_op+0x1a/0x50
[  169.221721][ T5331]  asm_exc_invalid_op+0x1a/0x20
[  169.223518][ T5331] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x2c4/0x660
[  169.226307][ T5331] Code: 00 00 74 08 4c 89 ff e8 1a cc 23 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 f7 03 ba fd 48 39 eb 73 16 e8 8d 01 ba fd 90 <0f> 0b 90 45 31 f6 43 80 7c 25 00 00 75 a6 eb ac e8 77 01 ba fd 43
[  169.233312][ T5331] RSP: 0018:ffffc9000ce47a00 EFLAGS: 00010293
[  169.235519][ T5331] RAX: ffffffff83dad883 RBX: 00000000000ef000 RCX: ffff888000380000
[  169.238339][ T5331] RDX: 0000000000000000 RSI: 00000000000f0000 RDI: 00000000000ef000
[  169.241101][ T5331] RBP: 00000000000f0000 R08: ffffffff83dad879 R09: 1ffffffff203a13d
[  169.244059][ T5331] R10: dffffc0000000000 R11: fffffbfff203a13e R12: dffffc0000000000
[  169.247023][ T5331] R13: 1ffff11007ecdc0d R14: fffffffffff10000 R15: ffff88803f66e068
[  169.250041][ T5331]  ? btrfs_space_info_update_bytes_may_use+0x2b9/0x660
[  169.252583][ T5331]  ? btrfs_space_info_update_bytes_may_use+0x2c3/0x660
[  169.255170][ T5331]  btrfs_block_rsv_release+0x4f4/0x5f0
[  169.257205][ T5331]  ? kfree+0x1a0/0x440
[  169.258648][ T5331]  btrfs_release_global_block_rsv+0x33/0x270
[  169.260715][ T5331]  btrfs_free_block_groups+0xc3c/0x1080
[  169.262658][ T5331]  close_ctree+0x772/0xd60
[  169.264426][ T5331]  ? hook_sb_delete+0x888/0xbd0
[  169.266289][ T5331]  ? __pfx_close_ctree+0x10/0x10
[  169.268128][ T5331]  ? __get_node_page+0xe41/0xfc0
[  169.269944][ T5331]  ? __pfx_hook_sb_delete+0x10/0x10
[  169.271820][ T5331]  ? __pfx_evict_inodes+0x10/0x10
[  169.273753][ T5331]  ? btrfs_sync_fs+0x224/0x700
[  169.275605][ T5331]  ? __pfx_btrfs_put_super+0x10/0x10
[  169.277514][ T5331]  generic_shutdown_super+0x139/0x2d0
[  169.279475][ T5331]  kill_anon_super+0x3b/0x70
[  169.281111][ T5331]  btrfs_kill_super+0x41/0x50
[  169.282764][ T5331]  deactivate_locked_super+0xc4/0x130
[  169.284767][ T5331]  cleanup_mnt+0x41f/0x4b0
[  169.286457][ T5331]  ? lockdep_hardirqs_on+0x99/0x150
[  169.288402][ T5331]  task_work_run+0x24f/0x310
[  169.290205][ T5331]  ? __pfx_task_work_run+0x10/0x10
[  169.292035][ T5331]  ? __x64_sys_umount+0x123/0x170
[  169.293848][ T5331]  ? syscall_exit_to_user_mode+0xa3/0x370
[  169.295955][ T5331]  syscall_exit_to_user_mode+0x168/0x370
[  169.298064][ T5331]  do_syscall_64+0x100/0x230
[  169.299790][ T5331]  ? clear_bhb_loop+0x35/0x90
[  169.301558][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.303737][ T5331] RIP: 0033:0x7f8c67b97297
[  169.305468][ T5331] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  169.312378][ T5331] RSP: 002b:00007fffcdf18ea8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[  169.315378][ T5331] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f8c67b97297
[  169.318331][ T5331] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffcdf18f60
[  169.321225][ T5331] RBP: 00007fffcdf18f60 R08: 0000000000000000 R09: 0000000000000000
[  169.324168][ T5331] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fffcdf1a010
[  169.327044][ T5331] R13: 00005555847a9700 R14: 431bde82d7b634db R15: 00007fffcdf19fb4
[  169.330012][ T5331]  </TASK>
[  169.331508][ T5331] Kernel Offset: disabled
[  169.333329][ T5331] Rebooting in 86400 seconds..

VM DIAGNOSIS:
12:19:35  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000039 RBX=ffffffff9a719ec0 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000ce47130
R8 =ffffffff854b053b R9 =1ffff110067ac046 R10=dffffc0000000000 R11=ffffffff854b04f0
R12=dffffc0000000000 R13=ffffffff9a414eeb R14=0000000000000039 R15=00000000000003f8
RIP=ffffffff854b056e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555847a83c0 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005555847b1738 CR3=0000000011854000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000001 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f3ab61154ce17ad5 657c0d17a6847dc3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f83d5bb7fd484402 3e16d15d83de3dde
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cf9b1548aa698d17 17da7201dfd26a10
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b7996c7197babbe8 989088cc40fee8d4
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001300
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006f00000000 d9d9d99a00009293
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000006f 000000000000006f
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006f00008270 d9d2729e0000a77f
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d9e0b45900006c22 00000000d9ce87e4
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e667e70d9fcf5e84 b69b905dee7d5b28
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1146f9a160ac648f e0b404c5e7f81c97
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2065746164707520 3a6567617473202c 73746e6574786520 3220646e756f6600
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2065746164707520 3065676174732026 7374646574726520 3220646475656600
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7462202020205730 3334355420515732 3334323333243236 3120205134343600
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202f20 2631202c20205732 3334322020242020 3120202026202000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a7e646f786b7a2a 263b2a7e65657855 6c6f782a263b2a7e 6565782a26392a64
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7e682a2a2a2a573a 333e3f5e2a515738 333e38393324323c 3b2a2a51343e3600
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000