Warning: Permanently added '[localhost]:45446' (ED25519) to the list of known hosts.
2025/08/27 16:13:06 parsed 1 programs
syzkaller login: [   89.303221][ T5350] cgroup: Unknown subsys name 'net'
[   89.390202][ T5350] cgroup: Unknown subsys name 'cpuset'
[   89.397675][ T5350] cgroup: Unknown subsys name 'rlimit'
[   91.088887][ T5350] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   91.897579][    T9] cfg80211: failed to load regulatory.db
[   95.129777][ T5363] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   96.622519][ T5385] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.627968][ T5385] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.631759][ T5385] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.635424][ T5385] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.639395][ T5385] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.026033][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.029673][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.064026][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.068120][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.518525][ T5430] chnl_net:caif_netlink_parms(): no params data found
[   99.591673][ T5430] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.595614][ T5430] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.599498][ T5430] bridge_slave_0: entered allmulticast mode
[   99.603556][ T5430] bridge_slave_0: entered promiscuous mode
[   99.609965][ T5430] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.613259][ T5430] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.617546][ T5430] bridge_slave_1: entered allmulticast mode
[   99.622588][ T5430] bridge_slave_1: entered promiscuous mode
[   99.648572][ T5430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.654842][ T5430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.679838][ T5430] team0: Port device team_slave_0 added
[   99.684930][ T5430] team0: Port device team_slave_1 added
[   99.705484][ T5430] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.709506][ T5430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.720942][ T5430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.729478][ T5430] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.732694][ T5430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.744748][ T5430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.782526][ T5430] hsr_slave_0: entered promiscuous mode
[   99.785886][ T5430] hsr_slave_1: entered promiscuous mode
[   99.950043][ T5430] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.960434][ T5430] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.968017][ T5430] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.975330][ T5430] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.012356][ T5430] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.015653][ T5430] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.019603][ T5430] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.022724][ T5430] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.068759][ T1041] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.073230][ T1041] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.108027][ T5430] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.128706][ T5430] 8021q: adding VLAN 0 to HW filter on device team0
[  100.139647][ T1041] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.142918][ T1041] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.155036][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.158315][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.357926][ T5430] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.398783][ T5430] veth0_vlan: entered promiscuous mode
[  100.408615][ T5430] veth1_vlan: entered promiscuous mode
[  100.438488][ T5430] veth0_macvtap: entered promiscuous mode
[  100.444269][ T5430] veth1_macvtap: entered promiscuous mode
[  100.463833][ T5430] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.475330][ T5430] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.489101][  T181] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.500791][  T181] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.504371][  T181] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.513128][  T181] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.665717][  T181] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.723662][  T181] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.774154][  T181] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.845393][  T181] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/08/27 16:13:20 executed programs: 0
[  101.458755][ T4705] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  101.466290][ T4705] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  101.470981][ T4705] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  101.475015][ T4705] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  101.479657][ T4705] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  101.815853][ T5460] chnl_net:caif_netlink_parms(): no params data found
[  101.962956][ T5460] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.976825][ T5460] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.980286][ T5460] bridge_slave_0: entered allmulticast mode
[  101.998117][ T5460] bridge_slave_0: entered promiscuous mode
[  102.003497][ T5460] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.016351][ T5460] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.019989][ T5460] bridge_slave_1: entered allmulticast mode
[  102.024123][ T5460] bridge_slave_1: entered promiscuous mode
[  102.091231][ T5460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.108130][ T5460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.152933][ T5460] team0: Port device team_slave_0 added
[  102.160017][ T5460] team0: Port device team_slave_1 added
[  102.184741][ T5460] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.188332][ T5460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.200938][ T5460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.208303][ T5460] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.211278][ T5460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.224068][ T5460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.267180][ T5460] hsr_slave_0: entered promiscuous mode
[  102.270534][ T5460] hsr_slave_1: entered promiscuous mode
[  102.273693][ T5460] debugfs: 'hsr0' already exists in 'hsr'
[  102.278207][ T5460] Cannot create hsr debugfs directory
[  102.873418][  T181] bridge_slave_1: left allmulticast mode
[  102.876076][  T181] bridge_slave_1: left promiscuous mode
[  102.882386][  T181] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.899799][  T181] bridge_slave_0: left allmulticast mode
[  102.902610][  T181] bridge_slave_0: left promiscuous mode
[  102.905750][  T181] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.331440][  T181] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.339000][  T181] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.344025][  T181] bond0 (unregistering): Released all slaves
[  103.425245][  T181] hsr_slave_0: left promiscuous mode
[  103.432221][  T181] hsr_slave_1: left promiscuous mode
[  103.435142][  T181] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.439419][  T181] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.444276][  T181] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.449526][  T181] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.461814][  T181] veth1_macvtap: left promiscuous mode
[  103.464594][  T181] veth0_macvtap: left promiscuous mode
[  103.468549][  T181] veth1_vlan: left promiscuous mode
[  103.471028][  T181] veth0_vlan: left promiscuous mode
[  103.487086][ T4705] Bluetooth: hci0: command tx timeout
[  103.756094][  T181] team0 (unregistering): Port device team_slave_1 removed
[  103.783121][  T181] team0 (unregistering): Port device team_slave_0 removed
[  104.548913][ T5460] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.568324][ T5460] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.587446][ T5460] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.608137][ T5460] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.791393][ T5460] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.816020][ T5460] 8021q: adding VLAN 0 to HW filter on device team0
[  104.848287][  T181] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.851614][  T181] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.856003][  T181] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.859158][  T181] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.223137][ T5460] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.301292][ T5460] veth0_vlan: entered promiscuous mode
[  105.334180][ T5460] veth1_vlan: entered promiscuous mode
[  105.398985][ T5460] veth0_macvtap: entered promiscuous mode
[  105.412293][ T5460] veth1_macvtap: entered promiscuous mode
[  105.433015][ T5460] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.445679][ T5460] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.457976][ T1041] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.468789][ T1041] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.472797][ T1041] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.487763][ T1041] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.552863][ T1046] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.564575][ T1046] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.569172][ T4705] Bluetooth: hci0: command tx timeout
[  105.598276][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.601704][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.849679][ T5502] loop0: detected capacity change from 0 to 32768
[  105.879336][ T5502] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.17 (5502)
[  105.926735][ T5502] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  105.939937][ T5502] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  106.002648][ T5502] BTRFS info (device loop0): setting nodatasum
[  106.005192][ T5502] BTRFS info (device loop0): setting nodatacow
[  106.018429][ T5502] BTRFS info (device loop0): enabling ssd optimizations
[  106.021362][ T5502] BTRFS info (device loop0): using spread ssd allocation scheme
[  106.024387][ T5502] BTRFS info (device loop0): enabling free space tree
[  106.036775][ T5502] BTRFS info (device loop0): doing ref verification
[  106.039820][ T5502] BTRFS info (device loop0): trying to use backup root at mount time
[  106.056842][ T5502] BTRFS info (device loop0): max_inline set to 4096
[  106.074505][ T5502] FAULT_INJECTION: forcing a failure.
[  106.074505][ T5502] name failslab, interval 1, probability 0, space 0, times 1
[  106.096487][ T5502] CPU: 0 UID: 0 PID: 5502 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  106.096505][ T5502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.096512][ T5502] Call Trace:
[  106.096517][ T5502]  <TASK>
[  106.096522][ T5502]  dump_stack_lvl+0x189/0x250
[  106.096643][ T5502]  ? __pfx____ratelimit+0x10/0x10
[  106.096696][ T5502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.096710][ T5502]  ? __pfx__printk+0x10/0x10
[  106.096730][ T5502]  ? __pfx___might_resched+0x10/0x10
[  106.096780][ T5502]  ? fs_reclaim_acquire+0x7d/0x100
[  106.096800][ T5502]  should_fail_ex+0x414/0x560
[  106.096819][ T5502]  should_failslab+0xa8/0x100
[  106.096837][ T5502]  kmem_cache_alloc_noprof+0x73/0x3c0
[  106.096851][ T5502]  ? __kernfs_new_node+0xd7/0x7e0
[  106.096865][ T5502]  __kernfs_new_node+0xd7/0x7e0
[  106.096877][ T5502]  ? __lock_acquire+0xab9/0xd20
[  106.096898][ T5502]  ? __pfx___kernfs_new_node+0x10/0x10
[  106.096911][ T5502]  ? kernfs_root+0x1c/0x230
[  106.096925][ T5502]  ? kernfs_root+0x1c/0x230
[  106.096935][ T5502]  ? kernfs_root+0x1c/0x230
[  106.096943][ T5502]  ? kernfs_root+0x1c/0x230
[  106.096956][ T5502]  kernfs_new_node+0x102/0x210
[  106.096970][ T5502]  kernfs_create_dir_ns+0x44/0x130
[  106.096986][ T5502]  sysfs_create_dir_ns+0x123/0x280
[  106.097006][ T5502]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  106.097029][ T5502]  kobject_add_internal+0x59f/0xb40
[  106.097053][ T5502]  kobject_init_and_add+0x125/0x190
[  106.097075][ T5502]  ? __pfx_kobject_init_and_add+0x10/0x10
[  106.097092][ T5502]  ? __kasan_kmalloc+0x93/0xb0
[  106.097108][ T5502]  ? btrfs_sysfs_add_qgroups+0xcd/0x2b0
[  106.097127][ T5502]  btrfs_sysfs_add_qgroups+0x111/0x2b0
[  106.097144][ T5502]  btrfs_quota_enable+0x253/0x2600
[  106.097162][ T5502]  ? __lock_acquire+0xab9/0xd20
[  106.097185][ T5502]  ? __pfx_btrfs_quota_enable+0x10/0x10
[  106.097201][ T5502]  ? __might_fault+0xb0/0x130
[  106.097224][ T5502]  ? __pfx_down_write+0x10/0x10
[  106.097245][ T5502]  ? _copy_from_user+0x94/0xb0
[  106.097259][ T5502]  btrfs_ioctl_quota_ctl+0x183/0x1c0
[  106.097276][ T5502]  ? __pfx_btrfs_ioctl+0x10/0x10
[  106.097301][ T5502]  __se_sys_ioctl+0xf9/0x170
[  106.097317][ T5502]  do_syscall_64+0xfa/0x3b0
[  106.097333][ T5502]  ? lockdep_hardirqs_on+0x9c/0x150
[  106.097349][ T5502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.097361][ T5502]  ? clear_bhb_loop+0x60/0xb0
[  106.097375][ T5502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.097388][ T5502] RIP: 0033:0x7fb3bc98ebe9
[  106.097400][ T5502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.097409][ T5502] RSP: 002b:00007ffd49a3db08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  106.097423][ T5502] RAX: ffffffffffffffda RBX: 00007fb3bcbb5fa0 RCX: 00007fb3bc98ebe9
[  106.097431][ T5502] RDX: 00002000000000c0 RSI: 00000000c0109428 RDI: 0000000000000004
[  106.097438][ T5502] RBP: 00007ffd49a3db60 R08: 0000000000000000 R09: 0000000000000000
[  106.097444][ T5502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.097450][ T5502] R13: 00007fb3bcbb5fa0 R14: 00007fb3bcbb5fa0 R15: 0000000000000003
[  106.097468][ T5502]  </TASK>
[  106.097475][ T5502] kobject: kobject_add_internal failed for qgroups (error: -12 parent: ed167579-eb65-4e76-9a50-61ac97e9b59d)
[  106.310520][ T5502] ------------[ cut here ]------------
[  106.312985][ T5502] kernfs: can not remove 'enabled', no directory
[  106.315777][ T5502] WARNING: CPU: 0 PID: 5502 at fs/kernfs/dir.c:1707 kernfs_remove_by_name_ns+0xd1/0x130
[  106.320371][ T5502] Modules linked in:
[  106.323577][ T5502] CPU: 0 UID: 0 PID: 5502 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  106.327688][ T5502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.332328][ T5502] RIP: 0010:kernfs_remove_by_name_ns+0xd1/0x130
[  106.335025][ T5502] Code: 4c 89 f7 e8 c1 f2 ff ff 4c 89 f7 e8 69 9b ff ff 31 ed eb 2b e8 c0 75 60 ff 90 48 c7 c7 80 51 9c 8b 4c 89 f6 e8 a0 04 24 ff 90 <0f> 0b 90 90 bd fe ff ff ff eb 12 e8 9f 75 60 ff bd fe ff ff ff 48
[  106.344053][ T5502] RSP: 0018:ffffc90002b9fb10 EFLAGS: 00010246
[  106.347573][ T5502] RAX: 7358b1fbf4918b00 RBX: ffffffff8bce41e0 RCX: ffff888036302440
[  106.351339][ T5502] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  106.354622][ T5502] RBP: dffffc0000000000 R08: ffff88801fc24253 R09: 1ffff11003f8484a
[  106.358396][ T5502] R10: dffffc0000000000 R11: ffffed1003f8484b R12: 0000000000000000
[  106.361723][ T5502] R13: ffffffff8e6dd6e0 R14: ffffffff8bce4240 R15: 0000000000000000
[  106.365082][ T5502] FS:  000055558c29c500(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000
[  106.369765][ T5502] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  106.372679][ T5502] CR2: 0000560adb570348 CR3: 000000004e84f000 CR4: 0000000000352ef0
[  106.376764][ T5502] Call Trace:
[  106.378314][ T5502]  <TASK>
[  106.379604][ T5502]  sysfs_remove_group+0xfc/0x2c0
[  106.381736][ T5502]  sysfs_remove_groups+0x54/0xb0
[  106.383885][ T5502]  __kobject_del+0x84/0x300
[  106.385935][ T5502]  kobject_del+0x45/0x60
[  106.388187][ T5502]  btrfs_sysfs_del_qgroups+0x115/0x160
[  106.390711][ T5502]  btrfs_sysfs_add_qgroups+0x286/0x2b0
[  106.393705][ T5502]  btrfs_quota_enable+0x253/0x2600
[  106.395901][ T5502]  ? __lock_acquire+0xab9/0xd20
[  106.398477][ T5502]  ? __pfx_btrfs_quota_enable+0x10/0x10
[  106.400855][ T5502]  ? __might_fault+0xb0/0x130
[  106.402849][ T5502]  ? __pfx_down_write+0x10/0x10
[  106.404850][ T5502]  ? _copy_from_user+0x94/0xb0
[  106.407071][ T5502]  btrfs_ioctl_quota_ctl+0x183/0x1c0
[  106.409517][ T5502]  ? __pfx_btrfs_ioctl+0x10/0x10
[  106.411788][ T5502]  __se_sys_ioctl+0xf9/0x170
[  106.413772][ T5502]  do_syscall_64+0xfa/0x3b0
[  106.415862][ T5502]  ? lockdep_hardirqs_on+0x9c/0x150
[  106.418338][ T5502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.421087][ T5502]  ? clear_bhb_loop+0x60/0xb0
[  106.423212][ T5502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.425703][ T5502] RIP: 0033:0x7fb3bc98ebe9
[  106.427746][ T5502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.435835][ T5502] RSP: 002b:00007ffd49a3db08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  106.439453][ T5502] RAX: ffffffffffffffda RBX: 00007fb3bcbb5fa0 RCX: 00007fb3bc98ebe9
[  106.442790][ T5502] RDX: 00002000000000c0 RSI: 00000000c0109428 RDI: 0000000000000004
[  106.446366][ T5502] RBP: 00007ffd49a3db60 R08: 0000000000000000 R09: 0000000000000000
[  106.449739][ T5502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.453215][ T5502] R13: 00007fb3bcbb5fa0 R14: 00007fb3bcbb5fa0 R15: 0000000000000003
[  106.456734][ T5502]  </TASK>
[  106.458138][ T5502] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  106.461442][ T5502] CPU: 0 UID: 0 PID: 5502 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  106.464963][ T5502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.469197][ T5502] Call Trace:
[  106.470684][ T5502]  <TASK>
[  106.472059][ T5502]  dump_stack_lvl+0x99/0x250
[  106.474085][ T5502]  ? __asan_memcpy+0x40/0x70
[  106.476034][ T5502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.478229][ T5502]  ? __pfx__printk+0x10/0x10
[  106.480278][ T5502]  vpanic+0x281/0x750
[  106.482103][ T5502]  ? __pfx__printk+0x10/0x10
[  106.484182][ T5502]  ? __pfx_vpanic+0x10/0x10
[  106.486196][ T5502]  ? is_bpf_text_address+0x292/0x2b0
[  106.488358][ T5502]  panic+0xb9/0xc0
[  106.489826][ T5502]  ? __pfx_panic+0x10/0x10
[  106.491633][ T5502]  __warn+0x31b/0x4b0
[  106.493245][ T5502]  ? kernfs_remove_by_name_ns+0xd1/0x130
[  106.495518][ T5502]  ? kernfs_remove_by_name_ns+0xd1/0x130
[  106.497968][ T5502]  report_bug+0x2be/0x4f0
[  106.499653][ T5502]  ? kernfs_remove_by_name_ns+0xd1/0x130
[  106.501927][ T5502]  ? kernfs_remove_by_name_ns+0xd1/0x130
[  106.504249][ T5502]  ? kernfs_remove_by_name_ns+0xd3/0x130
[  106.506583][ T5502]  handle_bug+0x84/0x160
[  106.508323][ T5502]  exc_invalid_op+0x1a/0x50
[  106.510299][ T5502]  asm_exc_invalid_op+0x1a/0x20
[  106.512234][ T5502] RIP: 0010:kernfs_remove_by_name_ns+0xd1/0x130
[  106.515051][ T5502] Code: 4c 89 f7 e8 c1 f2 ff ff 4c 89 f7 e8 69 9b ff ff 31 ed eb 2b e8 c0 75 60 ff 90 48 c7 c7 80 51 9c 8b 4c 89 f6 e8 a0 04 24 ff 90 <0f> 0b 90 90 bd fe ff ff ff eb 12 e8 9f 75 60 ff bd fe ff ff ff 48
[  106.524670][ T5502] RSP: 0018:ffffc90002b9fb10 EFLAGS: 00010246
[  106.527792][ T5502] RAX: 7358b1fbf4918b00 RBX: ffffffff8bce41e0 RCX: ffff888036302440
[  106.531890][ T5502] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  106.535275][ T5502] RBP: dffffc0000000000 R08: ffff88801fc24253 R09: 1ffff11003f8484a
[  106.539375][ T5502] R10: dffffc0000000000 R11: ffffed1003f8484b R12: 0000000000000000
[  106.543640][ T5502] R13: ffffffff8e6dd6e0 R14: ffffffff8bce4240 R15: 0000000000000000
[  106.547389][ T5502]  sysfs_remove_group+0xfc/0x2c0
[  106.549522][ T5502]  sysfs_remove_groups+0x54/0xb0
[  106.551737][ T5502]  __kobject_del+0x84/0x300
[  106.553753][ T5502]  kobject_del+0x45/0x60
[  106.555661][ T5502]  btrfs_sysfs_del_qgroups+0x115/0x160
[  106.558116][ T5502]  btrfs_sysfs_add_qgroups+0x286/0x2b0
[  106.560564][ T5502]  btrfs_quota_enable+0x253/0x2600
[  106.562783][ T5502]  ? __lock_acquire+0xab9/0xd20
[  106.564928][ T5502]  ? __pfx_btrfs_quota_enable+0x10/0x10
[  106.567382][ T5502]  ? __might_fault+0xb0/0x130
[  106.569530][ T5502]  ? __pfx_down_write+0x10/0x10
[  106.571675][ T5502]  ? _copy_from_user+0x94/0xb0
[  106.573901][ T5502]  btrfs_ioctl_quota_ctl+0x183/0x1c0
[  106.576250][ T5502]  ? __pfx_btrfs_ioctl+0x10/0x10
[  106.578526][ T5502]  __se_sys_ioctl+0xf9/0x170
[  106.580572][ T5502]  do_syscall_64+0xfa/0x3b0
[  106.582527][ T5502]  ? lockdep_hardirqs_on+0x9c/0x150
[  106.584810][ T5502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.587505][ T5502]  ? clear_bhb_loop+0x60/0xb0
[  106.589682][ T5502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.592329][ T5502] RIP: 0033:0x7fb3bc98ebe9
[  106.594284][ T5502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.602762][ T5502] RSP: 002b:00007ffd49a3db08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  106.606472][ T5502] RAX: ffffffffffffffda RBX: 00007fb3bcbb5fa0 RCX: 00007fb3bc98ebe9
[  106.610061][ T5502] RDX: 00002000000000c0 RSI: 00000000c0109428 RDI: 0000000000000004
[  106.613432][ T5502] RBP: 00007ffd49a3db60 R08: 0000000000000000 R09: 0000000000000000
[  106.616769][ T5502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.620097][ T5502] R13: 00007fb3bcbb5fa0 R14: 00007fb3bcbb5fa0 R15: 0000000000000003
[  106.623418][ T5502]  </TASK>
[  106.625147][ T5502] Kernel Offset: disabled
[  106.627016][ T5502] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:13:26  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000006e RBX=000000000000006e RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002b9f270
R8 =ffff888033d00237 R9 =1ffff110067a0046 R10=dffffc0000000000 R11=ffffffff8550c280
R12=dffffc0000000000 R13=ffffffff99b058e2 R14=ffffffff99dfa820 R15=0000000000000000
RIP=ffffffff8550c2fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055558c29c500 ffffffff 00c00000
GS =0000 ffff88808d210000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000560adb570348 CR3=000000004e84f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000080040001 Opmask01=0000000020080810 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd49a3dde0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd49a3df66
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd49a3df66 00007ffd49a3df6c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb3bca12e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb3bca12e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb3bca12e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb3bca12e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb3bca12ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb3bca12fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000