------------[ cut here ]------------ WARNING: CPU: 0 PID: 7190 at fs/btrfs/inode.c:7942 btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942 Modules linked in: CPU: 0 UID: 0 PID: 7190 Comm: syz-executor Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942 lr : btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942 sp : ffff8000a3697900 x29: ffff8000a3697920 x28: dfff800000000000 x27: 1fffe0001bdd64df x26: ffff7000146d2f38 x25: dfff800000000000 x24: 1fffe0001bdd6450 x23: ffff0000ec55e000 x22: 0000000000010000 x21: ffff0000deeb24f0 x20: ffff0000deeb2628 x19: ffff0000deeb2280 x18: 1fffe000337db690 x17: ffff80008f57e000 x16: ffff800082de95c8 x15: 0000000000000001 x14: 1fffe0001bdd6508 x13: 0000000000000000 x12: 0000000000000000 x11: ffff60001bdd6509 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : ffff0000cc203d80 x7 : ffff800080e995c0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80 x2 : 0000000000000000 x1 : 0000000000010000 x0 : 0000000000000000 Call trace: btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942 (P) destroy_inode fs/inode.c:396 [inline] evict+0x6e4/0x928 fs/inode.c:834 dispose_list fs/inode.c:852 [inline] evict_inodes+0x638/0x6d0 fs/inode.c:906 generic_shutdown_super+0xa0/0x2b8 fs/super.c:627 kill_anon_super+0x4c/0x7c fs/super.c:1281 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129 deactivate_locked_super+0xc4/0x12c fs/super.c:473 deactivate_super+0xe0/0x100 fs/super.c:506 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334 task_work_run+0x1dc/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline] el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 333002 hardirqs last enabled at (333001): [] __call_rcu_common kernel/rcu/tree.c:3148 [inline] hardirqs last enabled at (333001): [] call_rcu+0x65c/0x978 kernel/rcu/tree.c:3243 hardirqs last disabled at (333002): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434 softirqs last enabled at (332192): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (332192): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (332065): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ WARNING: CPU: 0 PID: 7190 at fs/btrfs/inode.c:7943 btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943 Modules linked in: CPU: 0 UID: 0 PID: 7190 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943 lr : btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943 sp : ffff8000a3697900 x29: ffff8000a3697920 x28: dfff800000000000 x27: 1fffe0001bdd64df x26: ffff7000146d2f38 x25: dfff800000000000 x24: 1fffe0001bdd6450 x23: ffff0000ec55e000 x22: 0000000000010000 x21: 0000000000010000 x20: ffff0000deeb2628 x19: ffff0000deeb2280 x18: 1fffe000337db690 x17: ffff80008f57e000 x16: ffff800082de95c8 x15: 0000000000000001 x14: 1fffe0001bdd6508 x13: 0000000000000000 x12: 0000000000000000 x11: ffff60001bdd6509 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : ffff0000cc203d80 x7 : ffff800080e995c0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80 x2 : 0000000000000000 x1 : 0000000000010000 x0 : 0000000000000000 Call trace: btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943 (P) destroy_inode fs/inode.c:396 [inline] evict+0x6e4/0x928 fs/inode.c:834 dispose_list fs/inode.c:852 [inline] evict_inodes+0x638/0x6d0 fs/inode.c:906 generic_shutdown_super+0xa0/0x2b8 fs/super.c:627 kill_anon_super+0x4c/0x7c fs/super.c:1281 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129 deactivate_locked_super+0xc4/0x12c fs/super.c:473 deactivate_super+0xe0/0x100 fs/super.c:506 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334 task_work_run+0x1dc/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline] el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 333106 hardirqs last enabled at (333105): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (333106): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434 softirqs last enabled at (333100): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (333100): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (333005): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ WARNING: CPU: 0 PID: 7190 at fs/btrfs/inode.c:7948 btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948 Modules linked in: CPU: 0 UID: 0 PID: 7190 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948 lr : btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948 sp : ffff8000a3697900 x29: ffff8000a3697920 x28: dfff800000000000 x27: 1fffe0001bdd64df x26: ffff7000146d2f38 x25: dfff800000000000 x24: 1fffe0001bdd6450 x23: ffff0000ec55e000 x22: 0000000000010000 x21: 0000000000002000 x20: ffff0000deeb2628 x19: ffff0000deeb2280 x18: 1fffe000337db690 x17: ffff80008f57e000 x16: ffff800082de95c8 x15: 0000000000000001 x14: 1fffe0001bdd6508 x13: 0000000000000000 x12: 0000000000000000 x11: ffff60001bdd6509 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : ffff0000cc203d80 x7 : ffff800080e995c0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80 x2 : 0000000000000000 x1 : 0000000000002000 x0 : 0000000000000000 Call trace: btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948 (P) destroy_inode fs/inode.c:396 [inline] evict+0x6e4/0x928 fs/inode.c:834 dispose_list fs/inode.c:852 [inline] evict_inodes+0x638/0x6d0 fs/inode.c:906 generic_shutdown_super+0xa0/0x2b8 fs/super.c:627 kill_anon_super+0x4c/0x7c fs/super.c:1281 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129 deactivate_locked_super+0xc4/0x12c fs/super.c:473 deactivate_super+0xe0/0x100 fs/super.c:506 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334 task_work_run+0x1dc/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline] el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 333162 hardirqs last enabled at (333161): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (333162): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434 softirqs last enabled at (333156): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (333156): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (333109): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- BTRFS info (device loop7): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 7190 at fs/btrfs/block-group.c:4462 check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463 Modules linked in: CPU: 0 UID: 0 PID: 7190 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463 lr : check_removing_space_info+0x260/0x280 fs/btrfs/block-group.c:4462 sp : ffff8000a3697930 x29: ffff8000a3697930 x28: 1fffe00018584c2c x27: dfff800000000000 x26: ffff0000c2c26058 x25: 0000000000000001 x24: 1fffe00019f2e102 x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000010000 x20: ffff0000f748c000 x19: ffff0000cf970800 x18: 1fffe000337db690 x17: ffff80008f57e000 x16: ffff800080536230 x15: 0000000000000001 x14: 1fffe00019f2e104 x13: 0000000000000000 x12: 0000000000000000 x11: ffff600019f2e105 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : ffff0000cc203d80 x7 : ffff800082594440 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000000 x1 : ffff0000cf970800 x0 : ffff0000f748c000 Call trace: check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463 (P) btrfs_free_block_groups+0xa80/0xd10 fs/btrfs/block-group.c:4580 close_ctree+0x650/0x113c fs/btrfs/disk-io.c:4426 btrfs_put_super+0x1ac/0x1c0 fs/btrfs/super.c:74 generic_shutdown_super+0x12c/0x2b8 fs/super.c:642 kill_anon_super+0x4c/0x7c fs/super.c:1281 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129 deactivate_locked_super+0xc4/0x12c fs/super.c:473 deactivate_super+0xe0/0x100 fs/super.c:506 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334 task_work_run+0x1dc/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline] el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 334846 hardirqs last enabled at (334845): [] kasan_quarantine_put+0x1a0/0x1c8 mm/kasan/quarantine.c:234 hardirqs last disabled at (334846): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434 softirqs last enabled at (333212): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (333212): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (333165): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- BTRFS info (device loop7): space_info DATA+METADATA (sub-group id 0) has 3145728 free, is not full BTRFS info (device loop7): space_info total=3276800, used=65536, pinned=0, reserved=0, may_use=65536, readonly=0 zone_unusable=0 BTRFS info (device loop7): global_block_rsv: size 0 reserved 0 BTRFS info (device loop7): trans_block_rsv: size 0 reserved 0 BTRFS info (device loop7): chunk_block_rsv: size 0 reserved 0 BTRFS info (device loop7): delayed_block_rsv: size 0 reserved 0 BTRFS info (device loop7): delayed_refs_rsv: size 0 reserved 0 syz-executor: attempt to access beyond end of device loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 CPU: 0 UID: 0 PID: 7190 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 f2fs_handle_critical_error+0x34c/0x4b8 fs/f2fs/super.c:4639 f2fs_stop_checkpoint+0x5c/0x70 fs/f2fs/checkpoint.c:35 f2fs_write_end_io+0x768/0xa70 fs/f2fs/data.c:351 bio_endio+0x858/0x894 block/bio.c:1672 submit_bio_noacct+0xd64/0x186c block/blk-core.c:886 submit_bio+0x3b4/0x550 block/blk-core.c:921 f2fs_submit_write_bio+0x13c/0x324 fs/f2fs/data.c:525 __submit_merged_bio+0x254/0x704 fs/f2fs/data.c:540 __f2fs_submit_merged_write fs/f2fs/data.c:635 [inline] __submit_merged_write_cond+0x23c/0x4ac fs/f2fs/data.c:657 f2fs_submit_merged_write_cond fs/f2fs/data.c:674 [inline] f2fs_write_cache_pages fs/f2fs/data.c:3192 [inline] __f2fs_write_data_pages fs/f2fs/data.c:3273 [inline] f2fs_write_data_pages+0x1d28/0x2634 fs/f2fs/data.c:3300 do_writepages+0x270/0x468 mm/page-writeback.c:2604 filemap_fdatawrite_wbc mm/filemap.c:389 [inline] __filemap_fdatawrite_range mm/filemap.c:422 [inline] __filemap_fdatawrite mm/filemap.c:428 [inline] filemap_fdatawrite+0x14c/0x1f4 mm/filemap.c:433 f2fs_sync_dirty_inodes+0x2b8/0x788 fs/f2fs/checkpoint.c:1108 block_operations fs/f2fs/checkpoint.c:1247 [inline] f2fs_write_checkpoint+0x70c/0x1c30 fs/f2fs/checkpoint.c:1678 kill_f2fs_super+0x228/0x594 fs/f2fs/super.c:5448 deactivate_locked_super+0xc4/0x12c fs/super.c:473 deactivate_super+0xe0/0x100 fs/super.c:506 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334 task_work_run+0x1dc/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline] el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 F2FS-fs (loop7): Stopped filesystem due to reason: 3