el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent-io-tree.c:584! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 UID: 0 PID: 7299 Comm: syz.1.139 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : clear_state_bit+0x304/0x308 fs/btrfs/extent-io-tree.c:584 lr : clear_state_bit+0x304/0x308 fs/btrfs/extent-io-tree.c:584 sp : ffff8000a3305fc0 x29: ffff8000a3305fc0 x28: 0000000000000fff x27: 1fffe0001a228890 x26: 0000000000000000 x25: dfff800000000000 x24: 0000000000001000 x23: 0000000000000fff x22: 00000000fffffff4 x21: 0000000000000000 x20: ffff0000f4421aa0 x19: ffff0000d1144480 x18: 0000000000000008 x17: 0000000000000000 x16: ffff800083275834 x15: 0000000000000001 x14: 1ffff00011f915f6 x13: 0000000000000000 x12: 0000000000000000 x11: ffff700011f915f7 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : ffff0000d50fdac0 x7 : 0000000000000001 x6 : 0000000000000001 x5 : 00000000ffffffff x4 : 0000000000000820 x3 : 0000000000000820 x2 : 0000000000000038 x1 : 00000000fffffff4 x0 : 0000000000000000 Call trace: clear_state_bit+0x304/0x308 fs/btrfs/extent-io-tree.c:584 (P) __clear_extent_bit+0x5a0/0xb98 fs/btrfs/extent-io-tree.c:752 clear_record_extent_bits+0x64/0xa8 fs/btrfs/extent-io-tree.c:1829 __btrfs_qgroup_release_data+0x478/0x9bc fs/btrfs/qgroup.c:4374 btrfs_qgroup_release_data+0x44/0x58 fs/btrfs/qgroup.c:4430 alloc_ordered_extent+0x114/0x500 fs/btrfs/ordered-data.c:168 btrfs_alloc_ordered_extent+0x194/0x96c cow_file_range+0x6a8/0xe58 fs/btrfs/inode.c:1447 fallback_to_cow+0x548/0xa8c fs/btrfs/inode.c:1826 run_delalloc_nocow+0xdb4/0x10a0 fs/btrfs/inode.c:2222 btrfs_run_delalloc_range+0x2ec/0xec0 fs/btrfs/inode.c:2290 writepage_delalloc+0x798/0xb20 fs/btrfs/extent_io.c:1239 extent_writepage fs/btrfs/extent_io.c:1499 [inline] extent_write_cache_pages fs/btrfs/extent_io.c:2194 [inline] btrfs_writepages+0x10b0/0x1fac fs/btrfs/extent_io.c:2325 do_writepages+0x304/0x7d0 mm/page-writeback.c:2702 filemap_fdatawrite_wbc mm/filemap.c:397 [inline] __filemap_fdatawrite_range mm/filemap.c:430 [inline] filemap_fdatawrite_range+0x1a0/0x24c mm/filemap.c:448 btrfs_fdatawrite_range fs/btrfs/file.c:3720 [inline] start_ordered_ops fs/btrfs/file.c:1455 [inline] btrfs_sync_file+0x360/0x1090 fs/btrfs/file.c:1537 vfs_fsync_range+0x160/0x19c fs/sync.c:187 generic_write_sync include/linux/fs.h:2904 [inline] btrfs_do_write_iter+0x4b0/0x5d0 fs/btrfs/file.c:1407 btrfs_file_write_iter+0x2c/0x3c fs/btrfs/file.c:1417 aio_write+0x36c/0x4f8 fs/aio.c:1633 io_submit_one+0x784/0x1494 fs/aio.c:2052 __do_sys_io_submit fs/aio.c:2111 [inline] __se_sys_io_submit fs/aio.c:2081 [inline] __arm64_sys_io_submit+0x208/0x38c fs/aio.c:2081 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Code: aa1803e0 9796695a 17ffff57 978119d2 (d4210000) ---[ end trace 0000000000000000 ]---