./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2980118918

<...>
Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts.
execve("./syz-executor2980118918", ["./syz-executor2980118918"], 0x7ffffc645030 /* 10 vars */) = 0
brk(NULL)                               = 0x55555628d000
brk(0x55555628dd00)                     = 0x55555628dd00
arch_prctl(ARCH_SET_FS, 0x55555628d3c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2980118918", 4096) = 28
brk(0x5555562aed00)                     = 0x5555562aed00
brk(0x5555562af000)                     = 0x5555562af000
mprotect(0x7fd815a16000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 5065
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "5065", 4)                     = 4
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=704, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5065}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x26\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 704
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5065}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK)               = 0
access("/proc/net/unix", R_OK)          = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5065}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5065}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5065}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5065}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5065}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3)                                = 0
close(4)                                = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7fd81595ccf0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fd81595e4d0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7fd81595ccf0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fd81595e4d0}, NULL, 8) = 0
getpid()                                = 5065
mkdir("./syzkaller.n66Yea", 0700)       = 0
chmod("./syzkaller.n66Yea", 0777)       = 0
chdir("./syzkaller.n66Yea")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached
, child_tidptr=0x55555628d690) = 5068
[pid  5068] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5068] setsid()                    = 1
[pid  5068] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5068] unshare(CLONE_NEWNS)        = 0
[pid  5068] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5068] unshare(CLONE_NEWIPC)       = 0
[pid  5068] unshare(CLONE_NEWCGROUP)    = 0
[pid  5068] unshare(CLONE_NEWUTS)       = 0
[pid  5068] unshare(CLONE_SYSVSEM)      = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "16777216", 8)     = 8
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "536870912", 9)    = 9
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "8192", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5068] close(3)                    = 0
[pid  5068] getpid()                    = 1
[pid  5068] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5068] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5068] unshare(CLONE_NEWNET)       = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "0 65535", 7)      = 7
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  5068] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  5068] close(3)                    = 0
[pid  5068] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5068] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5068] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x28\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x19\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  5068] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5068] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5068] recvfrom(3, [{nlmsg_len=2476, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x41\x01\x00\x00\xd8\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2476
[pid  5068] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5068] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5068] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5068] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5068] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5068] close(4)                    = 0
[pid  5068] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5068] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5068] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5068] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5068] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5068] close(4)                    = 0
[pid  5068] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5068] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5068] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5068] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5068] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5068] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5068] close(4)                    = 0
[pid  5068] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5068] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5068] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5068] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5068] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5068] close(4)                    = 0
syzkaller login: [   53.230779][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   53.239499][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   53.248640][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  5068] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5068] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5068] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5068] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5068] close(4)                    = 0
[pid  5068] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5068] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5068] recvfrom(4, [{nlmsg_len=1420, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1420
[pid  5068] close(4)                    = 0
[pid  5068] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5068] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5068] close(4)                    = 0
[pid  5068] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5068] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5068] recvfrom(4, [{nlmsg_len=1420, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1420
[pid  5068] close(4)                    = 0
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("/dev/binderfs", 0777) = 0
[pid  5068] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5068] memfd_create("syzkaller", 0) = 3
[pid  5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd80d552000
[   53.275468][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   53.287187][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   53.300738][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[pid  5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5068] munmap(0x7fd80d552000, 16777216) = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5068] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("./file0", 0777)      = 0
[   53.425948][ T5068] loop0: detected capacity change from 0 to 32768
[   53.436515][ T5068] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor298 (5068)
[   53.455066][ T5068] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   53.463863][ T5068] BTRFS info (device loop0): using free space tree
[pid  5068] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5068] chdir("./file0")            = 0
[pid  5068] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5068] close(4)                    = 0
[pid  5068] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5068] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5068] write(5, "7", 1)            = 1
[   53.482136][ T5068] BTRFS info (device loop0): enabling ssd optimizations
[   53.489259][ T5068] BTRFS info (device loop0): auto enabling async discard
[   53.508923][ T5068] FAULT_INJECTION: forcing a failure.
[   53.508923][ T5068] name failslab, interval 1, probability 0, space 0, times 1
[   53.522268][ T5068] CPU: 1 PID: 5068 Comm: syz-executor298 Not tainted 6.2.0-rc2-syzkaller-00203-g1f5abbd77e2c #0
[   53.532699][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   53.542768][ T5068] Call Trace:
[   53.546154][ T5068]  <TASK>
[   53.549109][ T5068]  dump_stack_lvl+0x1b1/0x290
[   53.553828][ T5068]  ? nf_tcp_handle_invalid+0x630/0x630
[   53.559313][ T5068]  ? panic+0x710/0x710
[   53.563419][ T5068]  ? __might_sleep+0xc0/0xc0
[   53.568023][ T5068]  ? __stack_depot_save+0x41c/0x4a0
[   53.573254][ T5068]  should_fail_ex+0x3aa/0x4e0
[   53.578039][ T5068]  ? __kernfs_new_node+0xdb/0x730
[   53.583088][ T5068]  should_failslab+0x5/0x20
[   53.587600][ T5068]  kmem_cache_alloc+0x69/0x350
[   53.592359][ T5068]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   53.598335][ T5068]  __kernfs_new_node+0xdb/0x730
[   53.603177][ T5068]  ? do_raw_spin_unlock+0x134/0x8a0
[   53.608373][ T5068]  ? lockdep_hardirqs_on+0x8d/0x130
[   53.613560][ T5068]  ? kernfs_new_node+0x160/0x160
[   53.618487][ T5068]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[   53.624373][ T5068]  ? _raw_spin_unlock+0x40/0x40
[   53.629224][ T5068]  ? stack_trace_save+0x104/0x1e0
[   53.634425][ T5068]  ? stack_trace_snprint+0xf0/0xf0
[   53.639559][ T5068]  ? __stack_depot_save+0x41c/0x4a0
[   53.644763][ T5068]  kernfs_create_dir_ns+0x90/0x220
[   53.649901][ T5068]  sysfs_create_dir_ns+0x159/0x2f0
[   53.655048][ T5068]  ? sysfs_warn_dup+0xa0/0xa0
[   53.659749][ T5068]  ? rcu_read_lock_sched_held+0x87/0x110
[   53.665398][ T5068]  kobject_add_internal+0x6dd/0xd10
[   53.670597][ T5068]  ? kfree+0x16/0xe0
[   53.674498][ T5068]  kobject_init_and_add+0x104/0x160
[   53.679762][ T5068]  ? kobject_add+0x200/0x200
[   53.684357][ T5068]  ? btrfs_sysfs_add_qgroups+0x123/0x3d0
[   53.690002][ T5068]  btrfs_sysfs_add_qgroups+0x16f/0x3d0
[   53.695464][ T5068]  ? __kasan_kmalloc+0x97/0xb0
[   53.700234][ T5068]  btrfs_quota_enable+0x216/0x1cf0
[   53.705344][ T5068]  ? read_lock_is_recursive+0x10/0x10
[   53.710706][ T5068]  ? __might_sleep+0xc0/0xc0
[   53.715290][ T5068]  ? __del_qgroup_rb+0x600/0x600
[   53.720239][ T5068]  ? __lock_acquire+0x1f60/0x1f60
[   53.725255][ T5068]  ? rcu_read_lock_sched_held+0x87/0x110
[   53.730887][ T5068]  ? down_write+0x1a5/0x270
[   53.735389][ T5068]  ? down_read_killable+0x80/0x80
[   53.740409][ T5068]  ? _copy_from_user+0x106/0x160
[   53.745359][ T5068]  btrfs_ioctl_quota_ctl+0x141/0x180
[   53.750635][ T5068]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   53.757051][ T5068]  __se_sys_ioctl+0xfb/0x170
[   53.761642][ T5068]  do_syscall_64+0x3d/0xb0
[   53.766051][ T5068]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.771946][ T5068] RIP: 0033:0x7fd8159a7f49
[   53.776351][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   53.795974][ T5068] RSP: 002b:00007fff6eb37f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   53.804385][ T5068] RAX: ffffffffffffffda RBX: 0000000000000031 RCX: 00007fd8159a7f49
[   53.812358][ T5068] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[   53.820323][ T5068] RBP: 0000000000000001 R08: 0000000000000001 R09: 00007fff6eb30037
[   53.828282][ T5068] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff6eb37f90
[   53.836241][ T5068] R13: 00007fff6eb37ffa R14: 00007fd815a1c720 R15: 00007fff6eb38010
[   53.844219][ T5068]  </TASK>
[   53.853029][ T5068] kobject_add_internal failed for qgroups (error: -12 parent: 395ef67a-297e-477c-816d-cd80a5b93e5d)
[   53.864559][ T5068] ------------[ cut here ]------------
[   53.870520][ T5068] kernfs: can not remove 'enabled', no directory
[   53.877481][ T5068] WARNING: CPU: 0 PID: 5068 at fs/kernfs/dir.c:1652 kernfs_remove_by_name_ns+0xf5/0x150
[   53.888217][ T5068] Modules linked in:
[   53.892142][ T5068] CPU: 0 PID: 5068 Comm: syz-executor298 Not tainted 6.2.0-rc2-syzkaller-00203-g1f5abbd77e2c #0
[   53.902940][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   53.913906][ T5068] RIP: 0010:kernfs_remove_by_name_ns+0xf5/0x150
[   53.920188][ T5068] Code: 48 89 df e8 7d ec ff ff 48 89 df e8 e5 98 ff ff 31 db eb 29 e8 fc fe 71 ff 48 c7 c7 00 11 01 8b 4c 89 e6 31 c0 e8 bb ee 38 ff <0f> 0b bb fe ff ff ff eb 12 e8 dd fe 71 ff bb fe ff ff ff 4c 89 f7
[   53.940477][ T5068] RSP: 0018:ffffc90003e0fb00 EFLAGS: 00010246
[   53.946590][ T5068] RAX: 16aeb9e2e8226f00 RBX: ffffffff8d8562e0 RCX: ffff888024991d40
[   53.954636][ T5068] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   53.962618][ T5068] RBP: dffffc0000000000 R08: ffffffff816f2c9d R09: fffff520007c1f19
[   53.970661][ T5068] R10: fffff520007c1f19 R11: 1ffff920007c1f18 R12: ffffffff8b3a0260
[   53.978780][ T5068] R13: 0000000000000000 R14: ffffffff8b3a0200 R15: 0000000000000000
[   53.986850][ T5068] FS:  000055555628d3c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   53.995808][ T5068] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   54.002458][ T5068] CR2: 00007f0ec66b7300 CR3: 000000007885d000 CR4: 00000000003506e0
[   54.010465][ T5068] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   54.018543][ T5068] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   54.026530][ T5068] Call Trace:
[   54.029804][ T5068]  <TASK>
[   54.032719][ T5068]  sysfs_remove_group+0x102/0x2b0
[   54.037769][ T5068]  sysfs_remove_groups+0x5b/0xb0
[   54.042791][ T5068]  __kobject_del+0x84/0x300
[   54.047321][ T5068]  kobject_del+0x41/0x60
[   54.051581][ T5068]  btrfs_sysfs_del_qgroups+0x1d8/0x230
[   54.057095][ T5068]  btrfs_sysfs_add_qgroups+0x3a8/0x3d0
[   54.064249][ T5068]  ? __kasan_kmalloc+0x97/0xb0
[   54.069009][ T5068]  btrfs_quota_enable+0x216/0x1cf0
[   54.074179][ T5068]  ? read_lock_is_recursive+0x10/0x10
[   54.079575][ T5068]  ? __might_sleep+0xc0/0xc0
[   54.084210][ T5068]  ? __del_qgroup_rb+0x600/0x600
[   54.089149][ T5068]  ? __lock_acquire+0x1f60/0x1f60
[   54.094531][ T5068]  ? rcu_read_lock_sched_held+0x87/0x110
[   54.100158][ T5068]  ? down_write+0x1a5/0x270
[   54.104712][ T5068]  ? down_read_killable+0x80/0x80
[   54.109745][ T5068]  ? _copy_from_user+0x106/0x160
[   54.114785][ T5068]  btrfs_ioctl_quota_ctl+0x141/0x180
[   54.120084][ T5068]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   54.126568][ T5068]  __se_sys_ioctl+0xfb/0x170
[   54.131175][ T5068]  do_syscall_64+0x3d/0xb0
[   54.135628][ T5068]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.141529][ T5068] RIP: 0033:0x7fd8159a7f49
[   54.145991][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   54.165635][ T5068] RSP: 002b:00007fff6eb37f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   54.174094][ T5068] RAX: ffffffffffffffda RBX: 0000000000000031 RCX: 00007fd8159a7f49
[   54.182081][ T5068] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[   54.190200][ T5068] RBP: 0000000000000001 R08: 0000000000000001 R09: 00007fff6eb30037
[   54.198210][ T5068] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff6eb37f90
[   54.206835][ T5068] R13: 00007fff6eb37ffa R14: 00007fd815a1c720 R15: 00007fff6eb38010
[   54.214833][ T5068]  </TASK>
[   54.217834][ T5068] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   54.225093][ T5068] CPU: 1 PID: 5068 Comm: syz-executor298 Not tainted 6.2.0-rc2-syzkaller-00203-g1f5abbd77e2c #0
[   54.235495][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   54.245528][ T5068] Call Trace:
[   54.248822][ T5068]  <TASK>
[   54.251734][ T5068]  dump_stack_lvl+0x1b1/0x290
[   54.256417][ T5068]  ? nf_tcp_handle_invalid+0x630/0x630
[   54.261889][ T5068]  ? panic+0x710/0x710
[   54.265962][ T5068]  ? vscnprintf+0x59/0x80
[   54.270282][ T5068]  ? kernfs_remove_by_name_ns+0x80/0x150
[   54.275915][ T5068]  panic+0x2d6/0x710
[   54.279812][ T5068]  ? __warn+0x16d/0x2d0
[   54.283992][ T5068]  ? memcpy_page_flushcache+0x100/0x100
[   54.289546][ T5068]  ? kernfs_remove_by_name_ns+0xf5/0x150
[   54.295172][ T5068]  __warn+0x284/0x2d0
[   54.299142][ T5068]  ? kernfs_remove_by_name_ns+0xf5/0x150
[   54.304801][ T5068]  report_bug+0x1b3/0x2d0
[   54.309130][ T5068]  handle_bug+0x3d/0x70
[   54.313298][ T5068]  exc_invalid_op+0x16/0x40
[   54.317800][ T5068]  asm_exc_invalid_op+0x16/0x20
[   54.322650][ T5068] RIP: 0010:kernfs_remove_by_name_ns+0xf5/0x150
[   54.328902][ T5068] Code: 48 89 df e8 7d ec ff ff 48 89 df e8 e5 98 ff ff 31 db eb 29 e8 fc fe 71 ff 48 c7 c7 00 11 01 8b 4c 89 e6 31 c0 e8 bb ee 38 ff <0f> 0b bb fe ff ff ff eb 12 e8 dd fe 71 ff bb fe ff ff ff 4c 89 f7
[   54.348603][ T5068] RSP: 0018:ffffc90003e0fb00 EFLAGS: 00010246
[   54.356004][ T5068] RAX: 16aeb9e2e8226f00 RBX: ffffffff8d8562e0 RCX: ffff888024991d40
[   54.364752][ T5068] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   54.372714][ T5068] RBP: dffffc0000000000 R08: ffffffff816f2c9d R09: fffff520007c1f19
[   54.380696][ T5068] R10: fffff520007c1f19 R11: 1ffff920007c1f18 R12: ffffffff8b3a0260
[   54.388670][ T5068] R13: 0000000000000000 R14: ffffffff8b3a0200 R15: 0000000000000000
[   54.396663][ T5068]  ? __wake_up_klogd+0xcd/0x100
[   54.401527][ T5068]  sysfs_remove_group+0x102/0x2b0
[   54.406546][ T5068]  sysfs_remove_groups+0x5b/0xb0
[   54.413395][ T5068]  __kobject_del+0x84/0x300
[   54.417892][ T5068]  kobject_del+0x41/0x60
[   54.422125][ T5068]  btrfs_sysfs_del_qgroups+0x1d8/0x230
[   54.427577][ T5068]  btrfs_sysfs_add_qgroups+0x3a8/0x3d0
[   54.433026][ T5068]  ? __kasan_kmalloc+0x97/0xb0
[   54.437785][ T5068]  btrfs_quota_enable+0x216/0x1cf0
[   54.443068][ T5068]  ? read_lock_is_recursive+0x10/0x10
[   54.448433][ T5068]  ? __might_sleep+0xc0/0xc0
[   54.453019][ T5068]  ? __del_qgroup_rb+0x600/0x600
[   54.457952][ T5068]  ? __lock_acquire+0x1f60/0x1f60
[   54.462982][ T5068]  ? rcu_read_lock_sched_held+0x87/0x110
[   54.468614][ T5068]  ? down_write+0x1a5/0x270
[   54.473112][ T5068]  ? down_read_killable+0x80/0x80
[   54.478127][ T5068]  ? _copy_from_user+0x106/0x160
[   54.483075][ T5068]  btrfs_ioctl_quota_ctl+0x141/0x180
[   54.488353][ T5068]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   54.495256][ T5068]  __se_sys_ioctl+0xfb/0x170
[   54.499844][ T5068]  do_syscall_64+0x3d/0xb0
[   54.504258][ T5068]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.510142][ T5068] RIP: 0033:0x7fd8159a7f49
[   54.514545][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   54.534140][ T5068] RSP: 002b:00007fff6eb37f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   54.542543][ T5068] RAX: ffffffffffffffda RBX: 0000000000000031 RCX: 00007fd8159a7f49
[   54.550502][ T5068] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[   54.558463][ T5068] RBP: 0000000000000001 R08: 0000000000000001 R09: 00007fff6eb30037
[   54.566419][ T5068] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff6eb37f90
[   54.574377][ T5068] R13: 00007fff6eb37ffa R14: 00007fd815a1c720 R15: 00007fff6eb38010
[   54.582355][ T5068]  </TASK>
[   54.585581][ T5068] Kernel Offset: disabled
[   54.589989][ T5068] Rebooting in 86400 seconds..