Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts.
2024/10/14 16:20:59 ignoring optional flag "sandboxArg"="0"
2024/10/14 16:21:00 parsed 1 programs
[ 78.589593][ T3213] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 80.258080][ T3232] chnl_net:caif_netlink_parms(): no params data found
[ 81.701459][ T3232] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.811019][ T3232] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 84.896049][ T122] bond0 (unregistering): Released all slaves
[ 85.605718][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 85.613694][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 85.621267][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 85.630041][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 85.642051][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 85.649351][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2024/10/14 16:21:08 executed programs: 0
[ 85.840803][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 85.853173][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 85.860727][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 85.869488][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 85.877111][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 85.884439][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 86.055589][ T3658] chnl_net:caif_netlink_parms(): no params data found
[ 87.493975][ T3658] 8021q: adding VLAN 0 to HW filter on device bond0
[ 87.901913][ T2448] Bluetooth: hci1: command tx timeout
[ 88.589695][ T3658] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 89.982373][ T2448] Bluetooth: hci1: command tx timeout
[ 90.626080][ T4022] loop0: detected capacity change from 0 to 32768
[ 90.637701][ T4022] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.15 (4022)
[ 90.659064][ T4022] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 90.674639][ T4022] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 90.683796][ T4022] BTRFS info (device loop0): using free-space-tree
2024/10/14 16:21:13 executed programs: 3
[ 90.786373][ T1562] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 90.814946][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 91.090474][ T4042] loop0: detected capacity change from 0 to 32768
[ 91.100466][ T4042] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.16 (4042)
[ 91.122355][ T4042] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 91.132673][ T4042] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 91.141326][ T4042] BTRFS info (device loop0): using free-space-tree
[ 91.238695][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 91.239440][ T45] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 91.556935][ T4061] loop0: detected capacity change from 0 to 32768
[ 91.565480][ T4061] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.17 (4061)
[ 91.585172][ T4061] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 91.595793][ T4061] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 91.605587][ T4061] BTRFS info (device loop0): using free-space-tree
[ 91.721465][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 91.721978][ T45] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 92.031830][ T4080] loop0: detected capacity change from 0 to 32768
[ 92.039429][ T4080] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.18 (4080)
[ 92.056425][ T4080] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 92.066707][ T2448] Bluetooth: hci1: command tx timeout
[ 92.066746][ T4080] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 92.081780][ T4080] BTRFS info (device loop0): using free-space-tree
[ 92.209411][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 92.209982][ T45] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 92.515824][ T4099] loop0: detected capacity change from 0 to 32768
[ 92.523533][ T4099] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.19 (4099)
[ 92.543064][ T4099] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 92.553695][ T4099] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 92.564620][ T4099] BTRFS info (device loop0): using free-space-tree
[ 92.662623][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 92.674456][ T1562] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 92.963071][ T4118] loop0: detected capacity change from 0 to 32768
[ 92.970685][ T4118] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.20 (4118)
[ 92.989464][ T4118] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 92.999824][ T4118] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 93.008828][ T4118] BTRFS info (device loop0): using free-space-tree
[ 93.108574][ T1562] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 93.129092][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 93.425194][ T4137] loop0: detected capacity change from 0 to 32768
[ 93.433912][ T4137] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.21 (4137)
[ 93.450669][ T4137] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 93.462161][ T4137] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 93.470963][ T4137] BTRFS info (device loop0): using free-space-tree
[ 93.568842][ T11] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 93.604596][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 93.883748][ T4156] loop0: detected capacity change from 0 to 32768
[ 93.891304][ T4156] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.22 (4156)
[ 93.909435][ T4156] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 93.919833][ T4156] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 93.928828][ T4156] BTRFS info (device loop0): using free-space-tree
[ 94.029722][ T45] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 94.050645][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 94.141623][ T2448] Bluetooth: hci1: command tx timeout
[ 94.336411][ T4175] loop0: detected capacity change from 0 to 32768
[ 94.344077][ T4175] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.23 (4175)
[ 94.365618][ T4175] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 94.377053][ T4175] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 94.385827][ T4175] BTRFS info (device loop0): using free-space-tree
[ 94.498627][ T45] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 94.526967][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 94.812088][ T4194] loop0: detected capacity change from 0 to 32768
[ 94.819722][ T4194] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.24 (4194)
[ 94.839765][ T4194] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 94.850147][ T4194] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 94.859300][ T4194] BTRFS info (device loop0): using free-space-tree
[ 94.948298][ T11] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 94.973353][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 95.254936][ T4213] loop0: detected capacity change from 0 to 32768
[ 95.265184][ T4213] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.25 (4213)
[ 95.280698][ T4213] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 95.292502][ T4213] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 95.301212][ T4213] BTRFS info (device loop0): using free-space-tree
[ 95.424931][ T3658] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 95.436077][ T201] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 95.724142][ T4232] loop0: detected capacity change from 0 to 32768
[ 95.733064][ T4232] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.26 (4232)
[ 95.752451][ T4232] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 95.763733][ T4232] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 95.772932][ T4232] BTRFS info (device loop0): using free-space-tree
[ 95.866589][ T4232] ==================================================================
[ 95.874691][ T4232] BUG: KASAN: slab-use-after-free in add_delayed_ref+0xf45/0x1930
[ 95.882524][ T4232] Read of size 8 at addr ffff88801eaacf50 by task syz.0.26/4232
[ 95.890242][ T4232]
[ 95.892580][ T4232] CPU: 0 UID: 0 PID: 4232 Comm: syz.0.26 Not tainted 6.12.0-rc2-syzkaller #0
[ 95.901338][ T4232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 95.911410][ T4232] Call Trace:
[ 95.914700][ T4232]
[ 95.917630][ T4232] dump_stack_lvl+0x198/0x250
[ 95.922310][ T4232] ? __pfx_dump_stack_lvl+0x10/0x10
[ 95.927508][ T4232] ? __pfx__printk+0x10/0x10
[ 95.932099][ T4232] ? _printk+0xce/0x120
[ 95.936253][ T4232] ? __virt_addr_valid+0x14a/0x360
[ 95.941368][ T4232] ? __virt_addr_valid+0x14a/0x360
[ 95.946479][ T4232] print_report+0x169/0x550
[ 95.951074][ T4232] ? __virt_addr_valid+0x14a/0x360
[ 95.956161][ T4232] ? __virt_addr_valid+0x14a/0x360
[ 95.961251][ T4232] ? __virt_addr_valid+0x2f7/0x360
[ 95.966331][ T4232] ? add_delayed_ref+0xf45/0x1930
[ 95.971323][ T4232] kasan_report+0x143/0x180
[ 95.975796][ T4232] ? add_delayed_ref+0xf45/0x1930
[ 95.980787][ T4232] add_delayed_ref+0xf45/0x1930
[ 95.985613][ T4232] ? _raw_spin_unlock+0x28/0x50
[ 95.990434][ T4232] ? __pfx_add_delayed_ref+0x10/0x10
[ 95.995688][ T4232] btrfs_alloc_tree_block+0xe03/0x1530
[ 96.001120][ T4232] ? __pfx_btrfs_alloc_tree_block+0x10/0x10
[ 96.006990][ T4232] ? read_extent_buffer+0xeb/0x3e0
[ 96.012076][ T4232] ? __asan_memcpy+0x40/0x70
[ 96.016637][ T4232] btrfs_force_cow_block+0x4bd/0x19a0
[ 96.022071][ T4232] ? btrfs_qgroup_trace_subtree_after_cow+0x174/0x11e0
[ 96.028894][ T4232] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 96.034671][ T4232] ? btrfs_qgroup_add_swapped_blocks+0x740/0x810
[ 96.040964][ T4232] ? down_write_nested+0x195/0x220
[ 96.046050][ T4232] ? __pfx_down_write_nested+0x10/0x10
[ 96.051568][ T4232] btrfs_cow_block+0x39a/0x940
[ 96.056305][ T4232] btrfs_search_slot+0x98a/0x28f0
[ 96.061301][ T4232] ? __pfx_btrfs_search_slot+0x10/0x10
[ 96.066745][ T4232] ? btrfs_create_new_inode+0x97a/0x1c20
[ 96.072373][ T4232] ? __pfx_lock_release+0x10/0x10
[ 96.077390][ T4232] ? _raw_spin_unlock+0x28/0x50
[ 96.082221][ T4232] btrfs_insert_empty_items+0x97/0x140
[ 96.087658][ T4232] btrfs_create_new_inode+0xd07/0x1c20
[ 96.093095][ T4232] ? __pfx_btrfs_create_new_inode+0x10/0x10
[ 96.098985][ T4232] ? __pfx_btrfs_qgroup_convert_reserved_meta+0x10/0x10
[ 96.105906][ T4232] ? start_transaction+0x378/0x12f0
[ 96.111077][ T4232] btrfs_create_common+0x362/0x490
[ 96.116164][ T4232] ? __pfx_btrfs_create_common+0x10/0x10
[ 96.121767][ T4232] ? do_raw_spin_unlock+0x13c/0x8b0
[ 96.126939][ T4232] ? btrfs_mkdir+0x70/0xf0
[ 96.131322][ T4232] vfs_mkdir+0x24d/0x3d0
[ 96.135538][ T4232] do_mkdirat+0x234/0x330
[ 96.139836][ T4232] ? __pfx_do_mkdirat+0x10/0x10
[ 96.144675][ T4232] ? getname_flags+0x10c/0x440
[ 96.149444][ T4232] __x64_sys_mkdirat+0x82/0x90
[ 96.154208][ T4232] do_syscall_64+0xf3/0x230
[ 96.158766][ T4232] ? clear_bhb_loop+0x55/0xb0
[ 96.163416][ T4232] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 96.169369][ T4232] RIP: 0033:0x7f8aacf7dff9
[ 96.173774][ T4232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 96.193363][ T4232] RSP: 002b:00007f8aade0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 96.201767][ T4232] RAX: ffffffffffffffda RBX: 00007f8aad135f80 RCX: 00007f8aacf7dff9
[ 96.209712][ T4232] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000005
[ 96.217657][ T4232] RBP: 00007f8aacff0296 R08: 0000000000000000 R09: 0000000000000000
[ 96.225599][ T4232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 96.233543][ T4232] R13: 0000000000000000 R14: 00007f8aad135f80 R15: 00007fff4f527bf8
[ 96.241494][ T4232]
[ 96.244492][ T4232]
[ 96.246796][ T4232] Allocated by task 4232:
[ 96.251092][ T4232] kasan_save_track+0x3f/0x80
[ 96.255744][ T4232] __kasan_slab_alloc+0x66/0x80
[ 96.260564][ T4232] kmem_cache_alloc_noprof+0x135/0x2a0
[ 96.265991][ T4232] add_delayed_ref+0x130/0x1930
[ 96.270805][ T4232] btrfs_alloc_tree_block+0xe03/0x1530
[ 96.276229][ T4232] btrfs_force_cow_block+0x4bd/0x19a0
[ 96.281569][ T4232] btrfs_cow_block+0x39a/0x940
[ 96.286306][ T4232] btrfs_search_slot+0x98a/0x28f0
[ 96.291293][ T4232] btrfs_insert_empty_items+0x97/0x140
[ 96.296715][ T4232] btrfs_create_new_inode+0xd07/0x1c20
[ 96.302142][ T4232] btrfs_create_common+0x362/0x490
[ 96.307221][ T4232] vfs_mkdir+0x24d/0x3d0
[ 96.311446][ T4232] do_mkdirat+0x234/0x330
[ 96.315742][ T4232] __x64_sys_mkdirat+0x82/0x90
[ 96.320483][ T4232] do_syscall_64+0xf3/0x230
[ 96.324957][ T4232] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 96.330819][ T4232]
[ 96.333117][ T4232] Freed by task 1562:
[ 96.337063][ T4232] kasan_save_track+0x3f/0x80
[ 96.341712][ T4232] kasan_save_free_info+0x40/0x50
[ 96.346705][ T4232] __kasan_slab_free+0x59/0x70
[ 96.351431][ T4232] kmem_cache_free+0x1a2/0x420
[ 96.356161][ T4232] __btrfs_run_delayed_refs+0x32d8/0x3c60
[ 96.361852][ T4232] btrfs_run_delayed_refs+0xcd/0x230
[ 96.367102][ T4232] btrfs_commit_transaction+0x3b8/0x30f0
[ 96.372700][ T4232] btrfs_qgroup_rescan_worker+0x16f5/0x1ab0
[ 96.378561][ T4232] btrfs_work_helper+0x2ee/0xa20
[ 96.383470][ T4232] process_scheduled_works+0x96c/0x1540
[ 96.388980][ T4232] worker_thread+0x727/0xb10
[ 96.393538][ T4232] kthread+0x2e0/0x380
[ 96.397574][ T4232] ret_from_fork+0x32/0x60
[ 96.401958][ T4232] ret_from_fork_asm+0x1a/0x30
[ 96.406688][ T4232]
[ 96.408982][ T4232] The buggy address belongs to the object at ffff88801eaacf50
[ 96.408982][ T4232] which belongs to the cache btrfs_delayed_ref_head of size 328
[ 96.423961][ T4232] The buggy address is located 0 bytes inside of
[ 96.423961][ T4232] freed 328-byte region [ffff88801eaacf50, ffff88801eaad098)
[ 96.437549][ T4232]
[ 96.439850][ T4232] The buggy address belongs to the physical page:
[ 96.446240][ T4232] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eaac
[ 96.454996][ T4232] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 96.463477][ T4232] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 96.471005][ T4232] page_type: f5(slab)
[ 96.474958][ T4232] raw: 00fff00000000040 ffff88801e40da00 dead000000000122 0000000000000000
[ 96.483511][ T4232] raw: 0000000000000000 0000000080140014 00000001f5000000 0000000000000000
[ 96.492076][ T4232] head: 00fff00000000040 ffff88801e40da00 dead000000000122 0000000000000000
[ 96.500719][ T4232] head: 0000000000000000 0000000080140014 00000001f5000000 0000000000000000
[ 96.509384][ T4232] head: 00fff00000000001 ffffea00007aab01 ffffffffffffffff 0000000000000000
[ 96.518022][ T4232] head: ffff888000000002 0000000000000000 00000000ffffffff 0000000000000000
[ 96.526750][ T4232] page dumped because: kasan: bad access detected
[ 96.533146][ T4232] page_owner tracks the page as allocated
[ 96.538827][ T4232] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3658, tgid 3658 (syz-executor), ts 95450239207, free_ts 95358632189
[ 96.559366][ T4232] post_alloc_hook+0x1f3/0x230
[ 96.564111][ T4232] get_page_from_freelist+0x3045/0x3190
[ 96.569629][ T4232] __alloc_pages_noprof+0x256/0x6c0
[ 96.574793][ T4232] alloc_pages_mpol_noprof+0x284/0x4d0
[ 96.580219][ T4232] alloc_slab_page+0x6a/0x120
[ 96.584868][ T4232] allocate_slab+0x5a/0x2f0
[ 96.589338][ T4232] ___slab_alloc+0xcd1/0x14b0
[ 96.593981][ T4232] __slab_alloc+0x58/0xa0
[ 96.598278][ T4232] kmem_cache_alloc_noprof+0x1c1/0x2a0
[ 96.603704][ T4232] add_delayed_ref+0x130/0x1930
[ 96.608524][ T4232] btrfs_free_tree_block+0x332/0xc70
[ 96.613783][ T4232] btrfs_force_cow_block+0xbcd/0x19a0
[ 96.619133][ T4232] btrfs_cow_block+0x39a/0x940
[ 96.623867][ T4232] btrfs_search_slot+0x98a/0x28f0
[ 96.628855][ T4232] btrfs_update_root+0xe7/0xac0
[ 96.633671][ T4232] commit_cowonly_roots+0x564/0x740
[ 96.638835][ T4232] page last free pid 4024 tgid 4024 stack trace:
[ 96.645137][ T4232] free_unref_page+0xcfb/0xf20
[ 96.649868][ T4232] __slab_free+0x31b/0x3d0
[ 96.654254][ T4232] qlist_free_all+0x9a/0x140
[ 96.658815][ T4232] kasan_quarantine_reduce+0x14f/0x170
[ 96.664245][ T4232] __kasan_slab_alloc+0x23/0x80
[ 96.669063][ T4232] __kmalloc_node_noprof+0x1d2/0x440
[ 96.674320][ T4232] allocate_slab+0xb6/0x2f0
[ 96.678804][ T4232] ___slab_alloc+0xcd1/0x14b0
[ 96.683500][ T4232] __slab_alloc+0x58/0xa0
[ 96.687819][ T4232] kmem_cache_alloc_noprof+0x1c1/0x2a0
[ 96.693257][ T4232] __se_sys_inotify_add_watch+0x5b7/0xce0
[ 96.698946][ T4232] do_syscall_64+0xf3/0x230
[ 96.703859][ T4232] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 96.709726][ T4232]
[ 96.712025][ T4232] Memory state around the buggy address:
[ 96.717629][ T4232] ffff88801eaace00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 96.725664][ T4232] ffff88801eaace80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 96.733782][ T4232] >ffff88801eaacf00: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[ 96.741816][ T4232] ^
[ 96.748478][ T4232] ffff88801eaacf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 96.756522][ T4232] ffff88801eaad000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 96.764561][ T4232] ==================================================================
[ 96.774945][ T4232] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 96.782161][ T4232] CPU: 0 UID: 0 PID: 4232 Comm: syz.0.26 Not tainted 6.12.0-rc2-syzkaller #0
[ 96.790921][ T4232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 96.800998][ T4232] Call Trace:
[ 96.804265][ T4232]
[ 96.807177][ T4232] dump_stack_lvl+0x198/0x250
[ 96.811844][ T4232] ? __pfx_dump_stack_lvl+0x10/0x10
[ 96.817022][ T4232] ? __pfx__printk+0x10/0x10
[ 96.821593][ T4232] panic+0x26e/0x680
[ 96.825467][ T4232] ? __pfx_panic+0x10/0x10
[ 96.829861][ T4232] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 96.835892][ T4232] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 96.842209][ T4232] ? print_report+0x502/0x550
[ 96.846879][ T4232] check_panic_on_warn+0x5c/0x80
[ 96.851802][ T4232] ? add_delayed_ref+0xf45/0x1930
[ 96.856805][ T4232] end_report+0x77/0x160
[ 96.861023][ T4232] kasan_report+0x154/0x180
[ 96.865502][ T4232] ? add_delayed_ref+0xf45/0x1930
[ 96.870536][ T4232] add_delayed_ref+0xf45/0x1930
[ 96.875373][ T4232] ? _raw_spin_unlock+0x28/0x50
[ 96.880228][ T4232] ? __pfx_add_delayed_ref+0x10/0x10
[ 96.885501][ T4232] btrfs_alloc_tree_block+0xe03/0x1530
[ 96.890945][ T4232] ? __pfx_btrfs_alloc_tree_block+0x10/0x10
[ 96.896848][ T4232] ? read_extent_buffer+0xeb/0x3e0
[ 96.902047][ T4232] ? __asan_memcpy+0x40/0x70
[ 96.906614][ T4232] btrfs_force_cow_block+0x4bd/0x19a0
[ 96.911961][ T4232] ? btrfs_qgroup_trace_subtree_after_cow+0x174/0x11e0
[ 96.918788][ T4232] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 96.924566][ T4232] ? btrfs_qgroup_add_swapped_blocks+0x740/0x810
[ 96.930864][ T4232] ? down_write_nested+0x195/0x220
[ 96.935948][ T4232] ? __pfx_down_write_nested+0x10/0x10
[ 96.941380][ T4232] btrfs_cow_block+0x39a/0x940
[ 96.946148][ T4232] btrfs_search_slot+0x98a/0x28f0
[ 96.951152][ T4232] ? __pfx_btrfs_search_slot+0x10/0x10
[ 96.956594][ T4232] ? btrfs_create_new_inode+0x97a/0x1c20
[ 96.962200][ T4232] ? __pfx_lock_release+0x10/0x10
[ 96.967202][ T4232] ? _raw_spin_unlock+0x28/0x50
[ 96.972024][ T4232] btrfs_insert_empty_items+0x97/0x140
[ 96.977457][ T4232] btrfs_create_new_inode+0xd07/0x1c20
[ 96.982891][ T4232] ? __pfx_btrfs_create_new_inode+0x10/0x10
[ 96.988759][ T4232] ? __pfx_btrfs_qgroup_convert_reserved_meta+0x10/0x10
[ 96.995666][ T4232] ? start_transaction+0x378/0x12f0
[ 97.000841][ T4232] btrfs_create_common+0x362/0x490
[ 97.005926][ T4232] ? __pfx_btrfs_create_common+0x10/0x10
[ 97.011529][ T4232] ? do_raw_spin_unlock+0x13c/0x8b0
[ 97.016703][ T4232] ? btrfs_mkdir+0x70/0xf0
[ 97.021100][ T4232] vfs_mkdir+0x24d/0x3d0
[ 97.025348][ T4232] do_mkdirat+0x234/0x330
[ 97.029653][ T4232] ? __pfx_do_mkdirat+0x10/0x10
[ 97.034477][ T4232] ? getname_flags+0x10c/0x440
[ 97.039218][ T4232] __x64_sys_mkdirat+0x82/0x90
[ 97.043959][ T4232] do_syscall_64+0xf3/0x230
[ 97.048438][ T4232] ? clear_bhb_loop+0x55/0xb0
[ 97.053094][ T4232] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 97.058980][ T4232] RIP: 0033:0x7f8aacf7dff9
[ 97.063371][ T4232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 97.083036][ T4232] RSP: 002b:00007f8aade0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 97.091421][ T4232] RAX: ffffffffffffffda RBX: 00007f8aad135f80 RCX: 00007f8aacf7dff9
[ 97.099366][ T4232] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000005
[ 97.107313][ T4232] RBP: 00007f8aacff0296 R08: 0000000000000000 R09: 0000000000000000
[ 97.115270][ T4232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 97.123300][ T4232] R13: 0000000000000000 R14: 00007f8aad135f80 R15: 00007fff4f527bf8
[ 97.131253][ T4232]
[ 97.134508][ T4232] Kernel Offset: disabled
[ 97.138814][ T4232] Rebooting in 86400 seconds..