BUG: MAX_LOCK_DEPTH too low!
turning off the locking correctness validator.
depth: 48  max: 48!
48 locks held by syz.0.308/8453:
 #0: ffff88802bd44420 (sb_writers#22){.+.+}-{0:0}, at: do_ftruncate+0x294/0x590 fs/open.c:178
 #1: ffff88805c012628 (&sb->s_type->i_mutex_key#30){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline]
 #1: ffff88805c012628 (&sb->s_type->i_mutex_key#30){+.+.}-{3:3}, at: do_truncate fs/open.c:63 [inline]
 #1: ffff88805c012628 (&sb->s_type->i_mutex_key#30){+.+.}-{3:3}, at: do_ftruncate+0x457/0x590 fs/open.c:181
 #2: ffff88805b100ab8 (&c->snapshot_create_lock){.+.+}-{3:3}, at: bch2_truncate+0x16c/0x2c0 fs/bcachefs/io_misc.c:290
 #3: ffff88805b1042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:151 [inline]
 #3: ffff88805b1042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:250 [inline]
 #3: ffff88805b1042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: bch2_trans_srcu_lock+0xb1/0x220 fs/bcachefs/btree_iter.c:3021
 #4: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #4: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #5: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: btree_node_lock_increment fs/bcachefs/btree_locking.h:270 [inline]
 #5: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x675/0x9c0 fs/bcachefs/btree_locking.c:509
 #6: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: btree_node_lock_increment fs/bcachefs/btree_locking.h:270 [inline]
 #6: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x675/0x9c0 fs/bcachefs/btree_locking.c:509
 #7: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: btree_node_lock_increment fs/bcachefs/btree_locking.h:270 [inline]
 #7: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x675/0x9c0 fs/bcachefs/btree_locking.c:509
 #8: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: btree_node_lock_increment fs/bcachefs/btree_locking.h:270 [inline]
 #8: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x675/0x9c0 fs/bcachefs/btree_locking.c:509
 #9: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: btree_node_lock_increment fs/bcachefs/btree_locking.h:270 [inline]
 #9: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x675/0x9c0 fs/bcachefs/btree_locking.c:509
 #10: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: btree_node_lock_increment fs/bcachefs/btree_locking.h:270 [inline]
 #10: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x675/0x9c0 fs/bcachefs/btree_locking.c:509
 #11: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: btree_node_lock_increment fs/bcachefs/btree_locking.h:270 [inline]
 #11: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x675/0x9c0 fs/bcachefs/btree_locking.c:509
 #12: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: btree_node_lock_increment fs/bcachefs/btree_locking.h:270 [inline]
 #12: ffff8880652de070 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x675/0x9c0 fs/bcachefs/btree_locking.c:509
 #13: ffff8880776339f8 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #13: ffff8880776339f8 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #14: ffff8880776335f0 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #14: ffff8880776335f0 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #15: ffff8880776329d8 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #15: ffff8880776329d8 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #16: ffff888077632320 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #16: ffff888077632320 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #17: ffff888077632de0 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #17: ffff888077632de0 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #18: ffff888077633748 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #18: ffff888077633748 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #19: ffff888077632880 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #19: ffff888077632880 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #20: ffff888077633ca8 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #20: ffff888077633ca8 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #21: ffff888029b52870 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #21: ffff888029b52870 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #22: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: six_relock_type fs/bcachefs/six.h:289 [inline]
 #22: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: __bch2_btree_node_relock+0x142/0x9c0 fs/bcachefs/btree_locking.c:507
 #23: ffff88802bd30070 (&dev->mutex){....}-{3:3}, at: six_trylock_type fs/bcachefs/six.h:207 [inline]
 #23: ffff88802bd30070 (&dev->mutex){....}-{3:3}, at: btree_node_lock fs/bcachefs/btree_locking.h:288 [inline]
 #23: ffff88802bd30070 (&dev->mutex){....}-{3:3}, at: btree_path_lock_root fs/bcachefs/btree_iter.c:757 [inline]
 #23: ffff88802bd30070 (&dev->mutex){....}-{3:3}, at: bch2_btree_path_traverse_one+0xa44/0x2930 fs/bcachefs/btree_iter.c:1177
 #24: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: btree_path_copy fs/bcachefs/btree_iter.c:1228 [inline]
 #24: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: btree_path_clone fs/bcachefs/btree_iter.c:1236 [inline]
 #24: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: __bch2_btree_path_make_mut+0x1ec/0x570 fs/bcachefs/btree_iter.c:1249
 #25: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: btree_path_copy fs/bcachefs/btree_iter.c:1228 [inline]
 #25: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: btree_path_clone fs/bcachefs/btree_iter.c:1236 [inline]
 #25: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: __bch2_btree_path_make_mut+0x1ec/0x570 fs/bcachefs/btree_iter.c:1249
 #26: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: btree_path_copy fs/bcachefs/btree_iter.c:1228 [inline]
 #26: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: btree_path_clone fs/bcachefs/btree_iter.c:1236 [inline]
 #26: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: __bch2_btree_path_make_mut+0x1ec/0x570 fs/bcachefs/btree_iter.c:1249
 #27: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: btree_path_copy fs/bcachefs/btree_iter.c:1228 [inline]
 #27: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: btree_path_clone fs/bcachefs/btree_iter.c:1236 [inline]
 #27: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: __bch2_btree_path_make_mut+0x1ec/0x570 fs/bcachefs/btree_iter.c:1249
 #28: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: btree_path_copy fs/bcachefs/btree_iter.c:1228 [inline]
 #28: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: btree_path_clone fs/bcachefs/btree_iter.c:1236 [inline]
 #28: ffff88802bd36870 (&dev->mutex){....}-{3:3}, at: __bch2_btree_path_make_mut+0x1ec/0x570 fs/bcachefs/btree_iter.c:1249
 #29: ffff88805b126750 (&c->gc_lock){.+.+}-{3:3}, at: bch2_btree_update_start+0x68d/0x1500 fs/bcachefs/btree_update_interior.c:1195
 #30: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: six_trylock_type fs/bcachefs/six.h:207 [inline]
 #30: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: btree_node_lock fs/bcachefs/btree_locking.h:288 [inline]
 #30: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: btree_path_lock_root fs/bcachefs/btree_iter.c:757 [inline]
 #30: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: bch2_btree_path_traverse_one+0xa44/0x2930 fs/bcachefs/btree_iter.c:1177
 #31: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: six_trylock_type fs/bcachefs/six.h:207 [inline]
 #31: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: btree_node_lock fs/bcachefs/btree_locking.h:288 [inline]
 #31: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: btree_path_lock_root fs/bcachefs/btree_iter.c:757 [inline]
 #31: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: bch2_btree_path_traverse_one+0xa44/0x2930 fs/bcachefs/btree_iter.c:1177
 #32: ffff888029b54070 (&dev->mutex){....}-{3:3}, at: six_trylock_type fs/bcachefs/six.h:207 [inline]
 #32: ffff888029b54070 (&dev->mutex){....}-{3:3}, at: btree_node_lock fs/bcachefs/btree_locking.h:288 [inline]
 #32: ffff888029b54070 (&dev->mutex){....}-{3:3}, at: btree_path_lock_root fs/bcachefs/btree_iter.c:757 [inline]
 #32: ffff888029b54070 (&dev->mutex){....}-{3:3}, at: bch2_btree_path_traverse_one+0xa44/0x2930 fs/bcachefs/btree_iter.c:1177
 #33: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: six_trylock_type fs/bcachefs/six.h:207 [inline]
 #33: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: btree_node_lock fs/bcachefs/btree_locking.h:288 [inline]
 #33: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: btree_path_lock_root fs/bcachefs/btree_iter.c:757 [inline]
 #33: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: bch2_btree_path_traverse_one+0xa44/0x2930 fs/bcachefs/btree_iter.c:1177
 #34: ffff888077515340 (&dev->mutex){....}-{3:3}, at: six_trylock_intent fs/bcachefs/six.h:366 [inline]
 #34: ffff888077515340 (&dev->mutex){....}-{3:3}, at: bkey_cached_alloc fs/bcachefs/btree_key_cache.c:290 [inline]
 #34: ffff888077515340 (&dev->mutex){....}-{3:3}, at: btree_key_cache_create fs/bcachefs/btree_key_cache.c:330 [inline]
 #34: ffff888077515340 (&dev->mutex){....}-{3:3}, at: bch2_btree_path_traverse_cached_slowpath+0x1559/0x48c0 fs/bcachefs/btree_key_cache.c:485
 #35: ffff88805b11dc78 (&wp->lock){+.+.}-{3:3}, at: bch2_trans_mutex_lock_norelock fs/bcachefs/alloc_foreground.c:41 [inline]
 #35: ffff88805b11dc78 (&wp->lock){+.+.}-{3:3}, at: writepoint_find fs/bcachefs/alloc_foreground.c:1302 [inline]
 #35: ffff88805b11dc78 (&wp->lock){+.+.}-{3:3}, at: bch2_alloc_sectors_start_trans+0x2d5/0x1f60 fs/bcachefs/alloc_foreground.c:1410
 #36: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: six_trylock_type fs/bcachefs/six.h:207 [inline]
 #36: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: btree_node_lock fs/bcachefs/btree_locking.h:288 [inline]
 #36: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: btree_path_lock_root fs/bcachefs/btree_iter.c:757 [inline]
 #36: ffff88806360b870 (&dev->mutex){....}-{3:3}, at: bch2_btree_path_traverse_one+0xa44/0x2930 fs/bcachefs/btree_iter.c:1177
 #37: ffffc90000a18c00 ((&ndev->rs_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 kernel/time/timer.c:1789
 #38: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:327 [inline]
 #38: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:839 [inline]
 #38: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: ip6_nd_hdr net/ipv6/ndisc.c:452 [inline]
 #38: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: ndisc_send_skb+0x572/0x1380 net/ipv6/ndisc.c:503
 #39: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:327 [inline]
 #39: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:839 [inline]
 #39: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x712/0x1670 net/ipv6/ip6_output.c:122
 #40: ffffffff8e334000 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #40: ffffffff8e334000 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:891 [inline]
 #40: ffffffff8e334000 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d2/0x3d30 net/core/dev.c:4318
 #41: ffff88802240d4d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #41: ffff88802240d4d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: __netif_tx_lock include/linux/netdevice.h:4347 [inline]
 #41: ffff88802240d4d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: __dev_queue_xmit+0x17d4/0x3d30 net/core/dev.c:4389
 #42: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:327 [inline]
 #42: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:839 [inline]
 #42: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: __ieee80211_subif_start_xmit+0x300/0x1600 net/mac80211/tx.c:4287
 #43: ffff888063c710e8 (&local->handle_wake_tx_queue_lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #43: ffff888063c710e8 (&local->handle_wake_tx_queue_lock){+.-.}-{2:2}, at: ieee80211_handle_wake_tx_queue+0x8a/0x2d0 net/mac80211/util.c:310
 #44: ffffffff8eeac938 (hwsim_radio_lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #44: ffffffff8eeac938 (hwsim_radio_lock){+.-.}-{2:2}, at: mac80211_hwsim_tx_frame_no_nl+0x97f/0x18d0 drivers/net/wireless/virtual/mac80211_hwsim.c:1808
 #45: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:327 [inline]
 #45: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:839 [inline]
 #45: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: ieee80211_iterate_active_interfaces_atomic+0x2a/0x170 net/mac80211/util.c:807
 #46: ffff8880b952c898 (hrtimer_bases.lock){-.-.}-{2:2}, at: hrtimer_interrupt+0xfb/0x990 kernel/time/hrtimer.c:1796
 #47: ffffffff8e34e1c8 (tk_core.seq.seqcount){----}-{0:0}, at: ktime_get_update_offsets_now+0x3c/0x250 kernel/time/timekeeping.c:2446
INFO: lockdep is turned off.
CPU: 1 PID: 8453 Comm: syz.0.308 Not tainted 6.10.0-syzkaller-01155-gd67978318827 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 __lock_acquire+0x10c3/0x1fd0
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
 seqcount_lockdep_reader_access+0xfc/0x220 include/linux/seqlock.h:72
 ktime_get_update_offsets_now+0x3c/0x250 kernel/time/timekeeping.c:2446
 hrtimer_update_base kernel/time/hrtimer.c:634 [inline]
 hrtimer_interrupt+0x133/0x990 kernel/time/hrtimer.c:1797
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x3f0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_is_held_type+0x13b/0x190
Code: 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 08 75 42 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f
RSP: 0018:ffffc90000a179e8 EFLAGS: 00000206
RAX: cd355ca646af6300 RBX: 0000000000000001 RCX: 0000000000000303
RDX: ffff888065f15a00 RSI: ffffffff8bcacd40 RDI: ffffffff8c1f54e0
RBP: 0000000000000026 R08: ffffffff86e4fb12 R09: 1ffff1100c858a9f
R10: dffffc0000000000 R11: ffffffff86e4fa90 R12: 0000000000000246
R13: ffff888065f15a00 R14: 00000000ffffffff R15: ffffffff8e333fa0
 mac80211_hwsim_addr_iter+0x8b/0x1b0 drivers/net/wireless/virtual/mac80211_hwsim.c:1348
 __iterate_interfaces+0x223/0x4c0 net/mac80211/util.c:772
 ieee80211_iterate_active_interfaces_atomic+0xd8/0x170 net/mac80211/util.c:808
 mac80211_hwsim_addr_match drivers/net/wireless/virtual/mac80211_hwsim.c:1371 [inline]
 mac80211_hwsim_tx_frame_no_nl+0x1157/0x18d0 drivers/net/wireless/virtual/mac80211_hwsim.c:1862
 mac80211_hwsim_tx+0x1837/0x23c0 drivers/net/wireless/virtual/mac80211_hwsim.c:2075
 drv_tx net/mac80211/driver-ops.h:37 [inline]
 wake_tx_push_queue net/mac80211/util.c:298 [inline]
 ieee80211_handle_wake_tx_queue+0x1ae/0x2d0 net/mac80211/util.c:315
 drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]
 schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]
 ieee80211_queue_skb+0x1aea/0x24c0 net/mac80211/tx.c:1664
 ieee80211_tx+0x2c4/0x470 net/mac80211/tx.c:1966
 __ieee80211_subif_start_xmit+0xe91/0x1600 net/mac80211/tx.c:4338
 ieee80211_subif_start_xmit+0xde/0x4d0 net/mac80211/tx.c:4532
 __netdev_start_xmit include/linux/netdevice.h:4882 [inline]
 netdev_start_xmit include/linux/netdevice.h:4896 [inline]
 xmit_one net/core/dev.c:3578 [inline]
 dev_hard_start_xmit+0x27a/0x7e0 net/core/dev.c:3594
 __dev_queue_xmit+0x1b0e/0x3d30 net/core/dev.c:4393
 dev_queue_xmit include/linux/netdevice.h:3095 [inline]
 neigh_hh_output include/net/neighbour.h:526 [inline]
 neigh_output include/net/neighbour.h:540 [inline]
 ip6_finish_output2+0xfc0/0x1670 net/ipv6/ip6_output.c:137
 ip6_finish_output+0x41e/0x810 net/ipv6/ip6_output.c:222
 NF_HOOK include/linux/netfilter.h:314 [inline]
 ndisc_send_skb+0xab0/0x1380 net/ipv6/ndisc.c:509
 addrconf_rs_timer+0x36e/0x660 net/ipv6/addrconf.c:4039
 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1792
 expire_timers kernel/time/timer.c:1843 [inline]
 __run_timers kernel/time/timer.c:2417 [inline]
 __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2428
 run_timer_base kernel/time/timer.c:2437 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2447
 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:check_kcov_mode kernel/kcov.c:184 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x70 kernel/kcov.c:207
Code: 80 d4 03 00 65 8b 15 50 77 6d 7e f7 c2 00 01 ff 00 74 11 f7 c2 00 01 00 00 74 35 83 b9 1c 16 00 00 00 74 2c 8b 91 f8 15 00 00 <83> fa 02 75 21 48 8b 91 00 16 00 00 48 8b 32 48 8d 7e 01 8b 89 fc
RSP: 0018:ffffc90004a9ce98 EFLAGS: 00000246
RAX: ffffffff8b77b024 RBX: 1ffff92000953a04 RCX: ffff888065f15a00
RDX: 0000000000000002 RSI: 000000000003ffff RDI: 0000000000040000
RBP: ffffc90004a9cf90 R08: ffffffff8b77af56 R09: ffffffff8b779df4
R10: 0000000000000012 R11: ffff888065f15a00 R12: ffffffff8c11a53a
R13: dffffc0000000000 R14: ffffc90004a9d028 R15: ffffc90004a9cff8
 vsnprintf+0x13b4/0x1da0 lib/vsprintf.c:2812
 bch2_prt_printf+0x1b8/0x6d0 fs/bcachefs/printbuf.c:183
 bch2_btree_path_to_text_short+0x1e8/0x390 fs/bcachefs/btree_iter.c:1476
 __bch2_trans_paths_to_text+0xe5/0x180 fs/bcachefs/btree_iter.c:1541
 bch2_trans_update_max_paths+0x16e/0x420 fs/bcachefs/btree_iter.c:1577
 btree_path_alloc+0x88a/0xaa0 fs/bcachefs/btree_iter.c:1674
 btree_path_clone fs/bcachefs/btree_iter.c:1235 [inline]
 __bch2_btree_path_make_mut+0x134/0x570 fs/bcachefs/btree_iter.c:1249
 bch2_btree_path_make_mut fs/bcachefs/btree_iter.h:196 [inline]
 __bch2_btree_path_set_pos+0x382/0x1750 fs/bcachefs/btree_iter.c:1264
 bch2_btree_path_set_pos fs/bcachefs/btree_iter.h:211 [inline]
 bch2_path_get+0xa1d/0x12b0 fs/bcachefs/btree_iter.c:1721
 bch2_trans_iter_init_common fs/bcachefs/btree_iter.h:485 [inline]
 bch2_trans_iter_init fs/bcachefs/btree_iter.h:499 [inline]
 bch2_bucket_alloc_freelist fs/bcachefs/alloc_foreground.c:491 [inline]
 bch2_bucket_alloc_trans+0x107b/0x3b30 fs/bcachefs/alloc_foreground.c:649
 bch2_bucket_alloc_set_trans+0x4f9/0xcf0 fs/bcachefs/alloc_foreground.c:810
 __open_bucket_add_buckets+0x11ed/0x1c80 fs/bcachefs/alloc_foreground.c:1058
 open_bucket_add_buckets+0x174/0x230 fs/bcachefs/alloc_foreground.c:1102
 bch2_alloc_sectors_start_trans+0xcaf/0x1f60
 __bch2_btree_node_alloc fs/bcachefs/btree_update_interior.c:333 [inline]
 bch2_btree_reserve_get+0x5f5/0x18d0 fs/bcachefs/btree_update_interior.c:547
 bch2_btree_update_start+0xe84/0x1500 fs/bcachefs/btree_update_interior.c:1245
 bch2_btree_split_leaf+0x12c/0x810 fs/bcachefs/btree_update_interior.c:1851
 bch2_trans_commit_error+0x200/0x1210 fs/bcachefs/btree_trans_commit.c:918
 __bch2_trans_commit+0x6e6c/0x88e0 fs/bcachefs/btree_trans_commit.c:1138
 bch2_trans_commit fs/bcachefs/btree_update.h:170 [inline]
 bch2_extent_update+0x4c0/0xbb0 fs/bcachefs/io_write.c:326
 bch2_fpunch_at+0x87c/0x1020 fs/bcachefs/io_misc.c:184
 __bch2_resume_logged_op_truncate+0x716/0xaa0 fs/bcachefs/io_misc.c:260
 bch2_truncate+0x1cf/0x2c0 fs/bcachefs/io_misc.c:291
 bchfs_truncate+0x80f/0xc80 fs/bcachefs/fs-io.c:476
 notify_change+0xb9d/0xe70 fs/attr.c:495
 do_truncate fs/open.c:65 [inline]
 do_ftruncate+0x46b/0x590 fs/open.c:181
 do_sys_ftruncate fs/open.c:199 [inline]
 __do_sys_ftruncate fs/open.c:207 [inline]
 __se_sys_ftruncate fs/open.c:205 [inline]
 __x64_sys_ftruncate+0x95/0xf0 fs/open.c:205
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f78f4775bd9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f78f5469048 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007f78f4903f60 RCX: 00007f78f4775bd9
RDX: 0000000000000000 RSI: 00000000000096ef RDI: 0000000000000008
RBP: 00007f78f47e4e60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f78f4903f60 R15: 00007ffdebb84428
 </TASK>
----------------
Code disassembly (best guess):
   0:	75 44                	jne    0x46
   2:	48 c7 04 24 00 00 00 	movq   $0x0,(%rsp)
   9:	00
   a:	9c                   	pushf
   b:	8f 04 24             	pop    (%rsp)
   e:	f7 04 24 00 02 00 00 	testl  $0x200,(%rsp)
  15:	75 4c                	jne    0x63
  17:	41 f7 c4 00 02 00 00 	test   $0x200,%r12d
  1e:	74 01                	je     0x21
  20:	fb                   	sti
  21:	65 48 8b 04 25 28 00 	mov    %gs:0x28,%rax
  28:	00 00
* 2a:	48 3b 44 24 08       	cmp    0x8(%rsp),%rax <-- trapping instruction
  2f:	75 42                	jne    0x73
  31:	89 d8                	mov    %ebx,%eax
  33:	48 83 c4 10          	add    $0x10,%rsp
  37:	5b                   	pop    %rbx
  38:	41 5c                	pop    %r12
  3a:	41 5d                	pop    %r13
  3c:	41 5e                	pop    %r14
  3e:	41 5f                	pop    %r15