./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1988368985
<...>
Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts.
execve("./syz-executor1988368985", ["./syz-executor1988368985"], 0x7ffe567f5e70 /* 10 vars */) = 0
brk(NULL) = 0x5555572ba000
brk(0x5555572bac40) = 0x5555572bac40
arch_prctl(ARCH_SET_FS, 0x5555572ba300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1988368985", 4096) = 28
brk(0x5555572dbc40) = 0x5555572dbc40
brk(0x5555572dc000) = 0x5555572dc000
mprotect(0x7fb0f0e50000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 4998
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11) = 11
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2) = 2
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7) = 7
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "4998", 4) = 4
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4999 attached
, child_tidptr=0x5555572ba5d0) = 4999
[pid 4999] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 4999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4999] setsid() = 1
[pid 4999] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 4999] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 4999] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 4999] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 4999] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 4999] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 4999] unshare(CLONE_NEWNS) = 0
[pid 4999] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 4999] unshare(CLONE_NEWIPC) = 0
[pid 4999] unshare(CLONE_NEWCGROUP) = 0
[pid 4999] unshare(CLONE_NEWUTS) = 0
[pid 4999] unshare(CLONE_SYSVSEM) = 0
[pid 4999] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid 4999] write(3, "16777216", 8) = 8
[pid 4999] close(3) = 0
[pid 4999] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid 4999] write(3, "536870912", 9) = 9
[pid 4999] close(3) = 0
[pid 4999] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid 4999] write(3, "1024", 4) = 4
[pid 4999] close(3) = 0
[pid 4999] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid 4999] write(3, "8192", 4) = 4
[pid 4999] close(3) = 0
[pid 4999] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid 4999] write(3, "1024", 4) = 4
[pid 4999] close(3) = 0
[pid 4999] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid 4999] write(3, "1024", 4) = 4
[pid 4999] close(3) = 0
[pid 4999] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid 4999] write(3, "1024 1048576 500 1024", 21) = 21
[pid 4999] close(3) = 0
[pid 4999] getpid() = 1
[pid 4999] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 4999] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 4999] unshare(CLONE_NEWNET) = 0
[pid 4999] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 4999] write(3, "0 65535", 7) = 7
[pid 4999] close(3) = 0
[pid 4999] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid 4999] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid 4999] close(3) = 0
[pid 4999] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid 4999] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid 4999] recvfrom(3, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1c\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid 4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4999] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 4999] recvfrom(3, [{nlmsg_len=2496, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x45\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4999] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid 4999] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid 4999] access("/proc/net", R_OK) = 0
[pid 4999] access("/proc/net/unix", R_OK) = 0
[pid 4999] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 4999] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid 4999] close(4) = 0
[pid 4999] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid 4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4999] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid 4999] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid 4999] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid 4999] close(4) = 0
[pid 4999] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid 4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4999] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid 4999] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid 4999] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 4999] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid 4999] close(4) = 0
[pid 4999] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid 4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4999] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid 4999] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid 4999] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid 4999] close(4) = 0
[pid 4999] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid 4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4999] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 4999] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid 4999] close(4) = 0
[pid 4999] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid 4999] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 4999] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid 4999] close(4) = 0
[pid 4999] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 4999] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid 4999] close(4) = 0
[pid 4999] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid 4999] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
syzkaller login: [ 38.893854][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 38.905475][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 38.916127][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 38.929451][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[pid 4999] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x00\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x00\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid 4999] close(4) = 0
[pid 4999] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid 4999] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 4999] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid 4999] close(4) = 0
[pid 4999] close(3) = 0
[pid 4999] mkdir("/dev/binderfs", 0777) = 0
[pid 4999] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 4999] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4999] memfd_create("syzkaller", 0) = 3
[pid 4999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb0e898d000
[ 38.937549][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 38.945681][ T1109] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 38.961173][ T4999] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4999 'syz-executor198'
[pid 4999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4999] munmap(0x7fb0e898d000, 16777216) = 0
[pid 4999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4999] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4999] close(3) = 0
[pid 4999] mkdir("./file0", 0777) = 0
[ 39.054171][ T4999] loop0: detected capacity change from 0 to 32768
[ 39.063929][ T4999] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (4999)
[ 39.080836][ T4999] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[ 39.089320][ T4999] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 39.097552][ T4999] BTRFS info (device loop0): using free space tree
[pid 4999] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 4999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4999] chdir("./file0") = 0
[pid 4999] ioctl(4, LOOP_CLR_FD) = 0
[pid 4999] close(4) = 0
[pid 4999] openat(AT_FDCWD, "cpuacct.usage_percpu", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 4999] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4999] write(5, "7", 1) = 1
[ 39.113826][ T4999] BTRFS info (device loop0): enabling ssd optimizations
[ 39.120961][ T4999] BTRFS info (device loop0): auto enabling async discard
[ 39.144942][ T4999] FAULT_INJECTION: forcing a failure.
[ 39.144942][ T4999] name failslab, interval 1, probability 0, space 0, times 1
[ 39.157835][ T4999] CPU: 0 PID: 4999 Comm: syz-executor198 Not tainted 6.4.0-rc4-syzkaller-00371-g6f64a5ebe1dc #0
[ 39.168247][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 39.178301][ T4999] Call Trace:
[ 39.181579][ T4999] <TASK>
[ 39.184506][ T4999] dump_stack_lvl+0x136/0x150
[ 39.189203][ T4999] should_fail_ex+0x4a3/0x5b0
[ 39.193979][ T4999] should_failslab+0x9/0x20
[ 39.198480][ T4999] kmem_cache_alloc+0x63/0x3b0
[ 39.203266][ T4999] __kernfs_new_node+0xd4/0x8b0
[ 39.208122][ T4999] ? kernfs_path_from_node+0x60/0x60
[ 39.213420][ T4999] ? mark_held_locks+0x9f/0xe0
[ 39.218194][ T4999] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 39.224098][ T4999] ? lockdep_hardirqs_on+0x7d/0x100
[ 39.229308][ T4999] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 39.235122][ T4999] ? __stack_depot_save+0x23b/0x510
[ 39.240407][ T4999] kernfs_create_dir_ns+0xa0/0x230
[ 39.245524][ T4999] sysfs_create_dir_ns+0x12b/0x290
[ 39.250621][ T4999] ? sysfs_create_mount_point+0xb0/0xb0
[ 39.256153][ T4999] ? ___slab_alloc+0xca0/0x1400
[ 39.261075][ T4999] ? lockdep_hardirqs_on+0x7d/0x100
[ 39.266252][ T4999] kobject_add_internal+0x2c9/0x9c0
[ 39.271430][ T4999] ? kfree+0x10e/0x150
[ 39.275475][ T4999] kobject_init_and_add+0x101/0x170
[ 39.280659][ T4999] ? kobject_create_and_add+0xf0/0xf0
[ 39.286011][ T4999] ? __kmem_cache_alloc_node+0x1b0/0x320
[ 39.291712][ T4999] ? btrfs_sysfs_add_qgroups+0x118/0x280
[ 39.297337][ T4999] btrfs_sysfs_add_qgroups+0x164/0x280
[ 39.302776][ T4999] btrfs_quota_enable+0x2c9/0x1d10
[ 39.307891][ T4999] ? lock_acquire+0x1f5/0x520
[ 39.312551][ T4999] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 39.318168][ T4999] ? down_write+0x14f/0x200
[ 39.322646][ T4999] ? rwsem_down_write_slowpath+0x1220/0x1220
[ 39.328605][ T4999] ? _copy_from_user+0x5c/0xf0
[ 39.333353][ T4999] btrfs_ioctl+0x49cb/0x5b30
[ 39.338012][ T4999] ? tomoyo_path_number_perm+0x166/0x570
[ 39.343648][ T4999] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 39.349454][ T4999] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 39.355852][ T4999] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 39.361818][ T4999] ? do_vfs_ioctl+0x132/0x1670
[ 39.366568][ T4999] ? vfs_fileattr_set+0xc40/0xc40
[ 39.371579][ T4999] ? find_held_lock+0x2d/0x110
[ 39.376327][ T4999] ? name_to_dev_t+0x262/0x9e0
[ 39.381076][ T4999] ? lock_downgrade+0x690/0x690
[ 39.385911][ T4999] ? bpf_lsm_file_ioctl+0x9/0x10
[ 39.390835][ T4999] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 39.397326][ T4999] __x64_sys_ioctl+0x197/0x210
[ 39.402088][ T4999] do_syscall_64+0x39/0xb0
[ 39.406491][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 39.412365][ T4999] RIP: 0033:0x7fb0f0de2839
[ 39.416759][ T4999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 39.436359][ T4999] RSP: 002b:00007fffdf9bd018 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 39.444866][ T4999] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb0f0de2839
[ 39.452829][ T4999] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 39.460785][ T4999] RBP: 0000000000000005 R08: 0000000000000001 R09: 0000000400000000
[ 39.468751][ T4999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffdf9bd060
[ 39.476874][ T4999] R13: 00007fffdf9bd04a R14: 0000000000000003 R15: 000000000000000c
[ 39.484835][ T4999] </TASK>
[ 39.487980][ T4999] kobject: kobject_add_internal failed for qgroups (error: -12 parent: 395ef67a-297e-477c-816d-cd80a5b93e5d)
[ 39.499600][ T4999] ------------[ cut here ]------------
[ 39.505054][ T4999] kernfs: can not remove 'enabled', no directory
[ 39.511572][ T4999] WARNING: CPU: 0 PID: 4999 at fs/kernfs/dir.c:1656 kernfs_remove_by_name_ns+0x101/0x120
[ 39.521414][ T4999] Modules linked in:
[ 39.525283][ T4999] CPU: 0 PID: 4999 Comm: syz-executor198 Not tainted 6.4.0-rc4-syzkaller-00371-g6f64a5ebe1dc #0
[ 39.535702][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 39.545771][ T4999] RIP: 0010:kernfs_remove_by_name_ns+0x101/0x120
[ 39.552127][ T4999] Code: c3 e8 83 10 76 ff 4c 89 e7 41 bc fe ff ff ff e8 d5 3d 56 ff eb da e8 6e 10 76 ff 4c 89 ee 48 c7 c7 60 6d 5f 8a e8 3f cc 3d ff <0f> 0b 41 bc fe ff ff ff eb bc e8 50 d9 c8 ff e9 61 ff ff ff e8 46
[ 39.571744][ T4999] RSP: 0018:ffffc90003a3f930 EFLAGS: 00010282
[ 39.577822][ T4999] RAX: 0000000000000000 RBX: ffffffff8cecfa68 RCX: 0000000000000000
[ 39.585788][ T4999] RDX: ffff88802ac99dc0 RSI: ffffffff814c03a7 RDI: 0000000000000001
[ 39.593770][ T4999] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 39.601862][ T4999] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[ 39.609850][ T4999] R13: ffffffff8a958f00 R14: 0000000000000000 R15: ffff888016b68038
[ 39.617874][ T4999] FS: 00005555572ba300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 39.626801][ T4999] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 39.633396][ T4999] CR2: 00007fb0f0e54158 CR3: 0000000022326000 CR4: 0000000000350ef0
[ 39.641396][ T4999] Call Trace:
[ 39.644671][ T4999] <TASK>
[ 39.647646][ T4999] ? __warn+0xe6/0x390
[ 39.651725][ T4999] ? kernfs_remove_by_name_ns+0x101/0x120
[ 39.657462][ T4999] ? report_bug+0x2da/0x500
[ 39.661976][ T4999] ? handle_bug+0x3c/0x70
[ 39.666279][ T4999] ? exc_invalid_op+0x18/0x50
[ 39.670972][ T4999] ? asm_exc_invalid_op+0x1a/0x20
[ 39.676005][ T4999] ? __warn_printk+0x187/0x310
[ 39.680799][ T4999] ? kernfs_remove_by_name_ns+0x101/0x120
[ 39.686539][ T4999] remove_files+0x96/0x1c0
[ 39.690972][ T4999] sysfs_remove_group+0x8b/0x170
[ 39.695906][ T4999] sysfs_remove_groups+0x60/0xa0
[ 39.700853][ T4999] __kobject_del+0x89/0x1f0
[ 39.705359][ T4999] kobject_del+0x40/0x60
[ 39.709628][ T4999] btrfs_sysfs_del_qgroups+0x11d/0x1a0
[ 39.715105][ T4999] btrfs_sysfs_add_qgroups+0x208/0x280
[ 39.720583][ T4999] btrfs_quota_enable+0x2c9/0x1d10
[ 39.725703][ T4999] ? lock_acquire+0x1f5/0x520
[ 39.730412][ T4999] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 39.735973][ T4999] ? down_write+0x14f/0x200
[ 39.740488][ T4999] ? rwsem_down_write_slowpath+0x1220/0x1220
[ 39.746469][ T4999] ? _copy_from_user+0x5c/0xf0
[ 39.751278][ T4999] btrfs_ioctl+0x49cb/0x5b30
[ 39.755882][ T4999] ? tomoyo_path_number_perm+0x166/0x570
[ 39.761563][ T4999] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 39.767413][ T4999] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 39.773820][ T4999] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 39.779736][ T4999] ? do_vfs_ioctl+0x132/0x1670
[ 39.784508][ T4999] ? vfs_fileattr_set+0xc40/0xc40
[ 39.789567][ T4999] ? find_held_lock+0x2d/0x110
[ 39.794337][ T4999] ? name_to_dev_t+0x262/0x9e0
[ 39.799201][ T4999] ? lock_downgrade+0x690/0x690
[ 39.804057][ T4999] ? bpf_lsm_file_ioctl+0x9/0x10
[ 39.809008][ T4999] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 39.815423][ T4999] __x64_sys_ioctl+0x197/0x210
[ 39.820219][ T4999] do_syscall_64+0x39/0xb0
[ 39.824647][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 39.830557][ T4999] RIP: 0033:0x7fb0f0de2839
[ 39.834985][ T4999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 39.854613][ T4999] RSP: 002b:00007fffdf9bd018 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 39.863160][ T4999] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb0f0de2839
[ 39.871164][ T4999] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 39.879166][ T4999] RBP: 0000000000000005 R08: 0000000000000001 R09: 0000000400000000
[ 39.887159][ T4999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffdf9bd060
[ 39.895135][ T4999] R13: 00007fffdf9bd04a R14: 0000000000000003 R15: 000000000000000c
[ 39.903150][ T4999] </TASK>
[ 39.906165][ T4999] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 39.913426][ T4999] CPU: 0 PID: 4999 Comm: syz-executor198 Not tainted 6.4.0-rc4-syzkaller-00371-g6f64a5ebe1dc #0
[ 39.923821][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 39.933851][ T4999] Call Trace:
[ 39.937128][ T4999] <TASK>
[ 39.940050][ T4999] dump_stack_lvl+0xd9/0x150
[ 39.944619][ T4999] panic+0x686/0x730
[ 39.948521][ T4999] ? panic_smp_self_stop+0xa0/0xa0
[ 39.953610][ T4999] ? show_trace_log_lvl+0x284/0x390
[ 39.959140][ T4999] ? kernfs_remove_by_name_ns+0x101/0x120
[ 39.964855][ T4999] check_panic_on_warn+0xb1/0xc0
[ 39.969875][ T4999] __warn+0xf2/0x390
[ 39.973758][ T4999] ? kernfs_remove_by_name_ns+0x101/0x120
[ 39.979544][ T4999] report_bug+0x2da/0x500
[ 39.983858][ T4999] handle_bug+0x3c/0x70
[ 39.988004][ T4999] exc_invalid_op+0x18/0x50
[ 39.992485][ T4999] asm_exc_invalid_op+0x1a/0x20
[ 39.997318][ T4999] RIP: 0010:kernfs_remove_by_name_ns+0x101/0x120
[ 40.003650][ T4999] Code: c3 e8 83 10 76 ff 4c 89 e7 41 bc fe ff ff ff e8 d5 3d 56 ff eb da e8 6e 10 76 ff 4c 89 ee 48 c7 c7 60 6d 5f 8a e8 3f cc 3d ff <0f> 0b 41 bc fe ff ff ff eb bc e8 50 d9 c8 ff e9 61 ff ff ff e8 46
[ 40.023330][ T4999] RSP: 0018:ffffc90003a3f930 EFLAGS: 00010282
[ 40.029381][ T4999] RAX: 0000000000000000 RBX: ffffffff8cecfa68 RCX: 0000000000000000
[ 40.037335][ T4999] RDX: ffff88802ac99dc0 RSI: ffffffff814c03a7 RDI: 0000000000000001
[ 40.045289][ T4999] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 40.053243][ T4999] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[ 40.061201][ T4999] R13: ffffffff8a958f00 R14: 0000000000000000 R15: ffff888016b68038
[ 40.069163][ T4999] ? __warn_printk+0x187/0x310
[ 40.073920][ T4999] remove_files+0x96/0x1c0
[ 40.078326][ T4999] sysfs_remove_group+0x8b/0x170
[ 40.083248][ T4999] sysfs_remove_groups+0x60/0xa0
[ 40.088168][ T4999] __kobject_del+0x89/0x1f0
[ 40.092660][ T4999] kobject_del+0x40/0x60
[ 40.096894][ T4999] btrfs_sysfs_del_qgroups+0x11d/0x1a0
[ 40.102347][ T4999] btrfs_sysfs_add_qgroups+0x208/0x280
[ 40.107800][ T4999] btrfs_quota_enable+0x2c9/0x1d10
[ 40.112899][ T4999] ? lock_acquire+0x1f5/0x520
[ 40.117568][ T4999] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 40.123199][ T4999] ? down_write+0x14f/0x200
[ 40.127691][ T4999] ? rwsem_down_write_slowpath+0x1220/0x1220
[ 40.133659][ T4999] ? _copy_from_user+0x5c/0xf0
[ 40.138503][ T4999] btrfs_ioctl+0x49cb/0x5b30
[ 40.143089][ T4999] ? tomoyo_path_number_perm+0x166/0x570
[ 40.148719][ T4999] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 40.154515][ T4999] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 40.160916][ T4999] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 40.166802][ T4999] ? do_vfs_ioctl+0x132/0x1670
[ 40.171555][ T4999] ? vfs_fileattr_set+0xc40/0xc40
[ 40.176573][ T4999] ? find_held_lock+0x2d/0x110
[ 40.181327][ T4999] ? name_to_dev_t+0x262/0x9e0
[ 40.186167][ T4999] ? lock_downgrade+0x690/0x690
[ 40.191031][ T4999] ? bpf_lsm_file_ioctl+0x9/0x10
[ 40.195963][ T4999] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 40.202630][ T4999] __x64_sys_ioctl+0x197/0x210
[ 40.207392][ T4999] do_syscall_64+0x39/0xb0
[ 40.211808][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 40.217701][ T4999] RIP: 0033:0x7fb0f0de2839
[ 40.222123][ T4999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 40.241715][ T4999] RSP: 002b:00007fffdf9bd018 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 40.250125][ T4999] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb0f0de2839
[ 40.258169][ T4999] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 40.266126][ T4999] RBP: 0000000000000005 R08: 0000000000000001 R09: 0000000400000000
[ 40.274081][ T4999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffdf9bd060
[ 40.282049][ T4999] R13: 00007fffdf9bd04a R14: 0000000000000003 R15: 000000000000000c
[ 40.290014][ T4999] </TASK>
[ 40.293807][ T4999] Kernel Offset: disabled
[ 40.298184][ T4999] Rebooting in 86400 seconds..