syzkaller login: [   97.207364][   T10] cfg80211: failed to load regulatory.db
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xc0000)
Warning: Permanently added '[localhost]:36864' (ED25519) to the list of known hosts.
2026/04/10 04:59:17 parsed 1 programs
[  131.291791][ T5325] cgroup: Unknown subsys name 'net'
[  131.357470][ T5325] cgroup: Unknown subsys name 'cpuset'
[  131.371633][ T5325] cgroup: Unknown subsys name 'rlimit'
[  143.284156][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  143.289525][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  183.629068][ T1010] ata1.00: exception Emask 0x0 SAct 0x4000 SErr 0x0 action 0x6 frozen
[  183.633134][ T1010] ata1.00: failed command: WRITE FPDMA QUEUED
[  183.635991][ T1010] ata1.00: cmd 61/00:70:56:4d:04/06:00:00:00:00/40 tag 14 ncq dma 786432 out
[  183.635991][ T1010]          res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout)
[  183.646417][ T1010] ata1.00: status: { DRDY }
[  183.648980][ T1010] ata1: hard resetting link
[  183.971466][ T1010] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  183.975434][ T1010] ata1.00: configured for UDMA/100
[  183.978135][ T1010] ata1: EH complete
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xd2000)
[  204.722961][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  204.726304][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  244.419089][ T1010] ata1.00: NCQ disabled due to excessive errors
[  244.422538][ T1010] ata1.00: exception Emask 0x0 SAct 0x4000 SErr 0x0 action 0x6 frozen
[  244.426129][ T1010] ata1.00: failed command: WRITE FPDMA QUEUED
[  244.430225][ T1010] ata1.00: cmd 61/90:70:36:9e:05/06:00:00:00:00/40 tag 14 ncq dma 860160 out
[  244.430225][ T1010]          res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout)
[  244.439015][ T1010] ata1.00: status: { DRDY }
[  244.440984][ T1010] ata1: hard resetting link
[  244.760978][ T1010] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  244.766409][ T1010] ata1.00: configured for UDMA/100
[  244.771979][ T1010] ata1: EH complete
Setting up swapspace version 1, size = 127995904 bytes
[  246.374083][ T5325] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  252.070287][ T5350] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  253.962562][ T5365] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  253.968309][ T5365] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  253.973198][ T5365] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  253.976923][ T5365] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  253.980939][ T5365] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  259.230742][ T5414] chnl_net:caif_netlink_parms(): no params data found
[  259.318153][ T5414] bridge0: port 1(bridge_slave_0) entered blocking state
[  259.323245][ T5414] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.327448][ T5414] bridge_slave_0: entered allmulticast mode
[  259.334536][ T5414] bridge_slave_0: entered promiscuous mode
[  259.341296][ T5414] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.345008][ T5414] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.349745][ T5414] bridge_slave_1: entered allmulticast mode
[  259.354827][ T5414] bridge_slave_1: entered promiscuous mode
[  259.385135][ T5414] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  259.394011][ T5414] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  259.421586][ T5414] team0: Port device team_slave_0 added
[  259.426300][ T5414] team0: Port device team_slave_1 added
[  259.453524][ T5414] batman_adv: batadv0: Adding interface: batadv_slave_0
[  259.457059][ T5414] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  259.468271][ T5414] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  259.476345][ T5414] batman_adv: batadv0: Adding interface: batadv_slave_1
[  259.480417][ T5414] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  259.491408][ T5414] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  259.536470][ T5414] hsr_slave_0: entered promiscuous mode
[  259.540975][ T5414] hsr_slave_1: entered promiscuous mode
[  259.725329][ T5414] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  259.737550][ T5414] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  259.745895][ T5414] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  259.756180][ T5414] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  259.856144][ T5414] 8021q: adding VLAN 0 to HW filter on device bond0
[  259.876745][ T5414] 8021q: adding VLAN 0 to HW filter on device team0
[  259.887449][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  259.891204][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  259.912220][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.915462][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  259.957942][ T5414] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  259.986293][ T5414] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  260.177854][ T5414] 8021q: adding VLAN 0 to HW filter on device batadv0
[  260.222454][ T5414] veth0_vlan: entered promiscuous mode
[  260.234177][ T5414] veth1_vlan: entered promiscuous mode
[  260.264502][ T5414] veth0_macvtap: entered promiscuous mode
[  260.272412][ T5414] veth1_macvtap: entered promiscuous mode
[  260.291831][ T5414] batman_adv: batadv0: Interface activated: batadv_slave_0
[  260.303994][ T5414] batman_adv: batadv0: Interface activated: batadv_slave_1
[  260.316580][ T1080] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  260.344438][ T1080] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  260.348318][ T1080] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  260.361502][ T1080] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  260.646390][ T1072] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.695949][ T1072] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.764975][ T1072] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.844932][ T1072] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.092663][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  261.096411][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  261.164276][ T1080] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  261.168023][ T1080] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/04/10 05:01:30 executed programs: 0
[  261.946523][ T4667] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  261.959038][ T4667] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  261.965435][ T4667] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  261.969291][ T4667] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  261.972806][ T4667] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  262.211566][ T5452] chnl_net:caif_netlink_parms(): no params data found
[  262.357912][ T5452] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.361889][ T5452] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.365824][ T5452] bridge_slave_0: entered allmulticast mode
[  262.376209][ T5452] bridge_slave_0: entered promiscuous mode
[  262.382406][ T5452] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.385557][ T5452] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.389516][ T5452] bridge_slave_1: entered allmulticast mode
[  262.394316][ T5452] bridge_slave_1: entered promiscuous mode
[  262.434820][ T5452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  262.442929][ T5452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  262.484561][ T5452] team0: Port device team_slave_0 added
[  262.490754][ T5452] team0: Port device team_slave_1 added
[  262.516724][ T5452] batman_adv: batadv0: Adding interface: batadv_slave_0
[  262.520693][ T5452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  262.533724][ T5452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  262.540780][ T5452] batman_adv: batadv0: Adding interface: batadv_slave_1
[  262.544632][ T5452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  262.556782][ T5452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  262.607604][ T5452] hsr_slave_0: entered promiscuous mode
[  262.611233][ T5452] hsr_slave_1: entered promiscuous mode
[  262.614590][ T5452] debugfs: 'hsr0' already exists in 'hsr'
[  262.617565][ T5452] Cannot create hsr debugfs directory
[  263.060348][ T1072] bridge_slave_1: left allmulticast mode
[  263.063157][ T1072] bridge_slave_1: left promiscuous mode
[  263.067013][ T1072] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.090336][ T1072] bridge_slave_0: left allmulticast mode
[  263.092952][ T1072] bridge_slave_0: left promiscuous mode
[  263.095929][ T1072] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.420070][ T1072] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  263.443810][ T1072] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  263.449744][ T1072] bond0 (unregistering): Released all slaves
[  263.544908][ T1072] hsr_slave_0: left promiscuous mode
[  263.560612][ T1072] hsr_slave_1: left promiscuous mode
[  263.564605][ T1072] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  263.574352][ T1072] batman_adv: batadv0: Removing interface: batadv_slave_0
[  263.581093][ T1072] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  263.584750][ T1072] batman_adv: batadv0: Removing interface: batadv_slave_1
[  263.595423][ T1072] veth1_macvtap: left promiscuous mode
[  263.600233][ T1072] veth0_macvtap: left promiscuous mode
[  263.602822][ T1072] veth1_vlan: left promiscuous mode
[  263.605279][ T1072] veth0_vlan: left promiscuous mode
[  263.843127][ T1072] team0 (unregistering): Port device team_slave_1 removed
[  263.856153][ T1072] team0 (unregistering): Port device team_slave_0 removed
[  264.001130][ T4667] Bluetooth: hci0: command tx timeout
[  264.321273][ T5452] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  264.353918][ T5452] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  264.580148][ T5452] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  264.588416][ T5452] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  264.891650][ T5452] 8021q: adding VLAN 0 to HW filter on device bond0
[  264.910632][ T5452] 8021q: adding VLAN 0 to HW filter on device team0
[  264.922530][ T1080] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.926951][ T1080] bridge0: port 1(bridge_slave_0) entered forwarding state
[  264.946337][ T1080] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.949978][ T1080] bridge0: port 2(bridge_slave_1) entered forwarding state
[  265.153875][ T5452] 8021q: adding VLAN 0 to HW filter on device batadv0
[  265.204737][ T5452] veth0_vlan: entered promiscuous mode
[  265.217512][ T5452] veth1_vlan: entered promiscuous mode
[  265.251174][ T5452] veth0_macvtap: entered promiscuous mode
[  265.257424][ T5452] veth1_macvtap: entered promiscuous mode
[  265.275588][ T5452] batman_adv: batadv0: Interface activated: batadv_slave_0
[  265.287264][ T5452] batman_adv: batadv0: Interface activated: batadv_slave_1
[  265.300900][ T1080] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  265.311443][ T1080] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  265.326696][ T1080] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  265.347905][ T1080] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  265.406163][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.419766][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.447761][ T1080] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.454389][ T1080] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.752097][ T5487] loop0: detected capacity change from 0 to 32768
[  265.782588][ T5487] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.17 (5487)
[  265.838333][ T5487] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  265.866450][ T5487] BTRFS info (device loop0): using sha256 checksum algorithm
[  265.982699][ T5487] BTRFS info (device loop0): enabling ssd optimizations
[  265.985755][ T5487] BTRFS info (device loop0): turning on async discard
[  265.988283][ T5487] BTRFS info (device loop0): enabling free space tree
[  266.054218][ T5487] BTRFS info (device loop0): setting incompat feature flag for SIMPLE_QUOTA (0x10000)
[  266.080821][ T4667] Bluetooth: hci0: command tx timeout
[  266.168276][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  266.179063][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  266.615803][ T5487] BTRFS warning (device loop0): to be deleted qgroup 0/5 has non-zero numbers, data 0 meta prealloc 0 meta pertrans 16384
2026/04/10 05:01:36 executed programs: 3
[  266.995541][ T5452] ------------[ cut here ]------------
[  266.997965][ T5452] BTRFS: Transaction aborted (error -2)
[  267.000727][ T5452] WARNING: fs/btrfs/extent-tree.c:3181 at __btrfs_free_extent+0x3c6e/0x4570, CPU#0: syz-executor/5452
[  267.006999][ T5452] Modules linked in:
[  267.010259][ T5452] CPU: 0 UID: 0 PID: 5452 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  267.014741][ T5452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  267.019679][ T5452] RIP: 0010:__btrfs_free_extent+0x3c70/0x4570
[  267.022467][ T5452] Code: e9 c8 05 00 00 e8 30 3b c3 fd 84 c0 0f 84 f2 00 00 00 e8 53 3d de fd e9 b1 05 00 00 e8 49 3d de fd 48 8d 3d 32 7f 33 0c 89 de <67> 48 0f b9 3a e9 c1 e0 ff ff e8 31 3d de fd eb 05 e8 2a 3d de fd
[  267.033543][ T5452] RSP: 0018:ffffc900030ff440 EFLAGS: 00010293
[  267.037283][ T5452] RAX: ffffffff83e79247 RBX: 00000000fffffffe RCX: ffff88803bffc980
[  267.041757][ T5452] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: ffffffff901b1180
[  267.045767][ T5452] RBP: ffffc900030ff5f0 R08: ffff88803bffc980 R09: 0000000000000003
[  267.049419][ T5452] R10: 00000000fffffffb R11: 0000000000000000 R12: dffffc0000000000
[  267.052920][ T5452] R13: ffff8880119b55c8 R14: 0000000000000000 R15: ffff88803ff5c001
[  267.056692][ T5452] FS:  0000555573d0c500(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000
[  267.060805][ T5452] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  267.063948][ T5452] CR2: 00007f4bac77f000 CR3: 0000000043256000 CR4: 0000000000352ef0
[  267.067262][ T5452] Call Trace:
[  267.068915][ T5452]  <TASK>
[  267.070535][ T5452]  ? __pfx___btrfs_free_extent+0x10/0x10
[  267.073467][ T5452]  ? do_raw_read_trylock+0xa0/0xa0
[  267.076336][ T5452]  ? do_raw_spin_unlock+0x4d/0x210
[  267.078833][ T5452]  __btrfs_run_delayed_refs+0x1881/0x4780
[  267.081332][ T5452]  ? kasan_save_free_info+0x46/0x50
[  267.083663][ T5452]  ? __kasan_slab_pre_free+0x120/0x120
[  267.086251][ T5452]  ? kmem_cache_free+0x187/0x630
[  267.088830][ T5452]  ? __btrfs_run_delayed_items+0x266/0x510
[  267.091878][ T5452]  ? cleanup_mnt+0x437/0x4d0
[  267.093926][ T5452]  ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[  267.096696][ T5452]  ? kasan_quarantine_put+0xbb/0x1f0
[  267.099329][ T5452]  ? lockdep_hardirqs_on+0x7a/0x110
[  267.102152][ T5452]  ? kmem_cache_free+0x187/0x630
[  267.105106][ T5452]  ? __btrfs_run_delayed_items+0x266/0x510
[  267.107889][ T5452]  btrfs_run_delayed_refs+0xe6/0x3b0
[  267.110689][ T5452]  btrfs_commit_transaction+0xfb6/0x31a0
[  267.113311][ T5452]  ? btrfs_commit_transaction+0x1a2/0x31a0
[  267.116410][ T5452]  ? do_raw_spin_unlock+0x4d/0x210
[  267.119309][ T5452]  ? __pfx_btrfs_commit_transaction+0x10/0x10
[  267.122134][ T5452]  ? btrfs_record_root_in_trans+0x91/0x180
[  267.124741][ T5452]  ? start_transaction+0x43a/0x1650
[  267.127177][ T5452]  ? btrfs_sync_fs+0x1a2/0x6d0
[  267.129678][ T5452]  sync_filesystem+0x1cf/0x230
[  267.132000][ T5452]  generic_shutdown_super+0x77/0x2d0
[  267.134331][ T5452]  kill_anon_super+0x3b/0x70
[  267.136391][ T5452]  btrfs_kill_super+0x41/0x50
[  267.138773][ T5452]  deactivate_locked_super+0xbc/0x130
[  267.141892][ T5452]  cleanup_mnt+0x437/0x4d0
[  267.144432][ T5452]  ? _raw_spin_unlock_irq+0x23/0x50
[  267.146673][ T5452]  task_work_run+0x1d9/0x270
[  267.148735][ T5452]  ? __pfx_task_work_run+0x10/0x10
[  267.150740][ T5452]  exit_to_user_mode_loop+0xed/0x480
[  267.152903][ T5452]  ? rcu_is_watching+0x15/0xb0
[  267.155273][ T5452]  do_syscall_64+0x32d/0xf80
[  267.157593][ T5452]  ? trace_irq_disable+0x3b/0x150
[  267.160163][ T5452]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.162872][ T5452]  ? clear_bhb_loop+0x40/0x90
[  267.164975][ T5452]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.167649][ T5452] RIP: 0033:0x7fbbc2d9da57
[  267.170210][ T5452] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  267.179719][ T5452] RSP: 002b:00007ffeae8ee578 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  267.183461][ T5452] RAX: 0000000000000000 RBX: 00007fbbc2e32048 RCX: 00007fbbc2d9da57
[  267.186975][ T5452] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeae8ee630
[  267.191210][ T5452] RBP: 00007ffeae8ee630 R08: 00007ffeae8ef630 R09: 00000000ffffffff
[  267.194889][ T5452] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeae8ef6c0
[  267.198710][ T5452] R13: 00007fbbc2e32048 R14: 0000000000041211 R15: 00007ffeae8ef700
[  267.202737][ T5452]  </TASK>
[  267.204491][ T5452] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  267.207894][ T5452] CPU: 0 UID: 0 PID: 5452 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  267.212025][ T5452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  267.216627][ T5452] Call Trace:
[  267.218429][ T5452]  <TASK>
[  267.220082][ T5452]  vpanic+0x56c/0xa60
[  267.222170][ T5452]  ? __pfx__printk+0x10/0x10
[  267.224217][ T5452]  ? __pfx_vpanic+0x10/0x10
[  267.226400][ T5452]  ? is_bpf_text_address+0x292/0x2b0
[  267.228916][ T5452]  ? is_bpf_text_address+0x26/0x2b0
[  267.231717][ T5452]  panic+0xc5/0xd0
[  267.233822][ T5452]  ? __pfx_panic+0x10/0x10
[  267.236276][ T5452]  __warn+0x315/0x4f0
[  267.238156][ T5452]  ? __btrfs_free_extent+0x3c6e/0x4570
[  267.240572][ T5452]  ? __btrfs_free_extent+0x3c6e/0x4570
[  267.242906][ T5452]  __report_bug+0x29a/0x540
[  267.245400][ T5452]  ? __btrfs_free_extent+0x3c6e/0x4570
[  267.248484][ T5452]  ? __pfx___report_bug+0x10/0x10
[  267.251244][ T5452]  ? do_raw_spin_lock+0x12b/0x2f0
[  267.253521][ T5452]  report_bug_entry+0x19a/0x290
[  267.255530][ T5452]  ? __btrfs_free_extent+0x3c70/0x4570
[  267.258536][ T5452]  ? __btrfs_free_extent+0x3c75/0x4570
[  267.261971][ T5452]  handle_bug+0xce/0x200
[  267.265275][ T5452]  exc_invalid_op+0x1a/0x50
[  267.268061][ T5452]  asm_exc_invalid_op+0x1a/0x20
[  267.271013][ T5452] RIP: 0010:__btrfs_free_extent+0x3c70/0x4570
[  267.274661][ T5452] Code: e9 c8 05 00 00 e8 30 3b c3 fd 84 c0 0f 84 f2 00 00 00 e8 53 3d de fd e9 b1 05 00 00 e8 49 3d de fd 48 8d 3d 32 7f 33 0c 89 de <67> 48 0f b9 3a e9 c1 e0 ff ff e8 31 3d de fd eb 05 e8 2a 3d de fd
[  267.286091][ T5452] RSP: 0018:ffffc900030ff440 EFLAGS: 00010293
[  267.289649][ T5452] RAX: ffffffff83e79247 RBX: 00000000fffffffe RCX: ffff88803bffc980
[  267.294144][ T5452] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: ffffffff901b1180
[  267.298761][ T5452] RBP: ffffc900030ff5f0 R08: ffff88803bffc980 R09: 0000000000000003
[  267.303514][ T5452] R10: 00000000fffffffb R11: 0000000000000000 R12: dffffc0000000000
[  267.307854][ T5452] R13: ffff8880119b55c8 R14: 0000000000000000 R15: ffff88803ff5c001
[  267.312314][ T5452]  ? __btrfs_free_extent+0x3c67/0x4570
[  267.315271][ T5452]  ? __pfx___btrfs_free_extent+0x10/0x10
[  267.317767][ T5452]  ? do_raw_read_trylock+0xa0/0xa0
[  267.319907][ T5452]  ? do_raw_spin_unlock+0x4d/0x210
[  267.322130][ T5452]  __btrfs_run_delayed_refs+0x1881/0x4780
[  267.324734][ T5452]  ? kasan_save_free_info+0x46/0x50
[  267.327550][ T5452]  ? __kasan_slab_pre_free+0x120/0x120
[  267.330766][ T5452]  ? kmem_cache_free+0x187/0x630
[  267.333087][ T5452]  ? __btrfs_run_delayed_items+0x266/0x510
[  267.335699][ T5452]  ? cleanup_mnt+0x437/0x4d0
[  267.337806][ T5452]  ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[  267.340477][ T5452]  ? kasan_quarantine_put+0xbb/0x1f0
[  267.342811][ T5452]  ? lockdep_hardirqs_on+0x7a/0x110
[  267.345269][ T5452]  ? kmem_cache_free+0x187/0x630
[  267.347729][ T5452]  ? __btrfs_run_delayed_items+0x266/0x510
[  267.351173][ T5452]  btrfs_run_delayed_refs+0xe6/0x3b0
[  267.353737][ T5452]  btrfs_commit_transaction+0xfb6/0x31a0
[  267.356129][ T5452]  ? btrfs_commit_transaction+0x1a2/0x31a0
[  267.359017][ T5452]  ? do_raw_spin_unlock+0x4d/0x210
[  267.361382][ T5452]  ? __pfx_btrfs_commit_transaction+0x10/0x10
[  267.364083][ T5452]  ? btrfs_record_root_in_trans+0x91/0x180
[  267.366937][ T5452]  ? start_transaction+0x43a/0x1650
[  267.369537][ T5452]  ? btrfs_sync_fs+0x1a2/0x6d0
[  267.372092][ T5452]  sync_filesystem+0x1cf/0x230
[  267.374130][ T5452]  generic_shutdown_super+0x77/0x2d0
[  267.376489][ T5452]  kill_anon_super+0x3b/0x70
[  267.378775][ T5452]  btrfs_kill_super+0x41/0x50
[  267.380954][ T5452]  deactivate_locked_super+0xbc/0x130
[  267.383542][ T5452]  cleanup_mnt+0x437/0x4d0
[  267.385682][ T5452]  ? _raw_spin_unlock_irq+0x23/0x50
[  267.387954][ T5452]  task_work_run+0x1d9/0x270
[  267.389833][ T5452]  ? __pfx_task_work_run+0x10/0x10
[  267.392132][ T5452]  exit_to_user_mode_loop+0xed/0x480
[  267.395067][ T5452]  ? rcu_is_watching+0x15/0xb0
[  267.397145][ T5452]  do_syscall_64+0x32d/0xf80
[  267.399137][ T5452]  ? trace_irq_disable+0x3b/0x150
[  267.401310][ T5452]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.403820][ T5452]  ? clear_bhb_loop+0x40/0x90
[  267.406075][ T5452]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.409262][ T5452] RIP: 0033:0x7fbbc2d9da57
[  267.412247][ T5452] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  267.421001][ T5452] RSP: 002b:00007ffeae8ee578 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  267.425305][ T5452] RAX: 0000000000000000 RBX: 00007fbbc2e32048 RCX: 00007fbbc2d9da57
[  267.429940][ T5452] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeae8ee630
[  267.433377][ T5452] RBP: 00007ffeae8ee630 R08: 00007ffeae8ef630 R09: 00000000ffffffff
[  267.436888][ T5452] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeae8ef6c0
[  267.440541][ T5452] R13: 00007fbbc2e32048 R14: 0000000000041211 R15: 00007ffeae8ef700
[  267.445321][ T5452]  </TASK>
[  267.447632][ T5452] Kernel Offset: disabled
[  267.450924][ T5452] Rebooting in 86400 seconds..