./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor648446652

<...>
forked to background, child pid 4639
no interfaces have a carrier
[   22.571010][ T4640] 8021q: adding VLAN 0 to HW filter on device bond0
[   22.580527][ T4640] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.204' (ECDSA) to the list of known hosts.
execve("./syz-executor648446652", ["./syz-executor648446652"], 0x7fff530a2950 /* 10 vars */) = 0
brk(NULL)                               = 0x5555557ec000
brk(0x5555557ecc40)                     = 0x5555557ecc40
arch_prctl(ARCH_SET_FS, 0x5555557ec300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor648446652", 4096) = 27
brk(0x55555580dc40)                     = 0x55555580dc40
brk(0x55555580e000)                     = 0x55555580e000
mprotect(0x7f4fe606d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 5060
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "5060", 4)                     = 4
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=704, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5060}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x26\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 704
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5060}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK)               = 0
access("/proc/net/unix", R_OK)          = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5060}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5060}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5060}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5060}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5060}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3)                                = 0
close(4)                                = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557ec5d0) = 5062
./strace-static-x86_64: Process 5062 attached
[pid  5062] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5062] setsid()                    = 1
[pid  5062] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5062] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5062] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5062] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5062] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5062] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5062] unshare(CLONE_NEWNS)        = 0
[pid  5062] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5062] unshare(CLONE_NEWIPC)       = 0
[pid  5062] unshare(CLONE_NEWCGROUP)    = 0
[pid  5062] unshare(CLONE_NEWUTS)       = 0
[pid  5062] unshare(CLONE_SYSVSEM)      = 0
[pid  5062] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5062] write(3, "16777216", 8)     = 8
[pid  5062] close(3)                    = 0
[pid  5062] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5062] write(3, "536870912", 9)    = 9
[pid  5062] close(3)                    = 0
[pid  5062] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5062] write(3, "1024", 4)         = 4
[pid  5062] close(3)                    = 0
[pid  5062] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5062] write(3, "8192", 4)         = 4
[pid  5062] close(3)                    = 0
[pid  5062] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5062] write(3, "1024", 4)         = 4
[pid  5062] close(3)                    = 0
[pid  5062] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5062] write(3, "1024", 4)         = 4
[pid  5062] close(3)                    = 0
[pid  5062] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5062] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5062] close(3)                    = 0
[pid  5062] getpid()                    = 1
[pid  5062] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5062] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5062] unshare(CLONE_NEWNET)       = 0
[pid  5062] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5062] write(3, "0 65535", 7)      = 7
[pid  5062] close(3)                    = 0
[pid  5062] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  5062] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  5062] close(3)                    = 0
[pid  5062] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5062] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5062] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x28\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x19\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  5062] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5062] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5062] recvfrom(3, [{nlmsg_len=2476, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x41\x01\x00\x00\xd8\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2476
[pid  5062] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5062] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5062] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5062] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5062] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5062] close(4)                    = 0
[pid  5062] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5062] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5062] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5062] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5062] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5062] close(4)                    = 0
[pid  5062] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5062] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5062] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5062] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5062] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5062] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5062] close(4)                    = 0
[pid  5062] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5062] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5062] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5062] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5062] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5062] close(4)                    = 0
[pid  5062] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5062] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5062] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5062] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5062] close(4)                    = 0
[pid  5062] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5062] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5062] recvfrom(4, [{nlmsg_len=1420, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1420
[pid  5062] close(4)                    = 0
[pid  5062] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5062] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5062] close(4)                    = 0
[pid  5062] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5062] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5062] recvfrom(4, [{nlmsg_len=1420, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x00\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x00\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1420
[pid  5062] close(4)                    = 0
[pid  5062] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5062] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5062] recvfrom(4, [{nlmsg_len=1420, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x00\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x00\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1420
syzkaller login: [   41.408945][   T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.417356][   T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.425765][  T893] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   41.441812][   T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.450429][   T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid  5062] close(4)                    = 0
[pid  5062] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5062] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5062] recvfrom(4, [{nlmsg_len=1420, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1420
[pid  5062] close(4)                    = 0
[pid  5062] close(3)                    = 0
[pid  5062] mkdir("/dev/binderfs", 0777) = 0
[pid  5062] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5062] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5062] memfd_create("syzkaller", 0) = 3
[pid  5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4fddba9000
[   41.459924][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[pid  5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5062] munmap(0x7f4fddba9000, 16777216) = 0
[pid  5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5062] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5062] close(3)                    = 0
[pid  5062] mkdir("./file0", 0777)      = 0
[pid  5062] mount("/dev/loop0", "./file0", "jfs", MS_RDONLY|MS_NODEV|MS_MANDLOCK|MS_DIRSYNC|MS_SILENT, "nodiscard,grpquota,quota,quota,iocharset=iso8859-6,errors=remount-ro,uid=0x000000000000ee00,") = 0
[pid  5062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5062] chdir("./file0")            = 0
[pid  5062] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5062] close(4)                    = 0
[   41.558850][ T5062] loop0: detected capacity change from 0 to 32768
[   41.567703][ T5062] =======================================================
[   41.567703][ T5062] WARNING: The mand mount option has been deprecated and
[   41.567703][ T5062]          and is ignored by this kernel. Remove the mand
[   41.567703][ T5062]          option from the mount to silence this warning.
[   41.567703][ T5062] =======================================================
[pid  5062] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5062] write(4, "16", 2)           = 2
[pid  5062] mkdir(".", 0777)            = -1 EEXIST (File exists)
[   41.610222][ T5062] FAULT_INJECTION: forcing a failure.
[   41.610222][ T5062] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   41.623788][ T5062] CPU: 0 PID: 5062 Comm: syz-executor648 Not tainted 6.2.0-rc5-syzkaller #0
[   41.632497][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   41.642565][ T5062] Call Trace:
[   41.645838][ T5062]  <TASK>
[   41.648753][ T5062]  dump_stack_lvl+0xd1/0x138
[   41.653351][ T5062]  should_fail_ex.cold+0x5/0xa
[   41.658119][ T5062]  prepare_alloc_pages+0x178/0x570
[   41.663226][ T5062]  __alloc_pages+0x149/0x5b0
[   41.667808][ T5062]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[   41.674562][ T5062]  ? find_held_lock+0x2d/0x110
[   41.679321][ T5062]  ? free_unref_page+0x284/0x490
[   41.684246][ T5062]  ? lock_downgrade+0x6e0/0x6e0
[   41.689182][ T5062]  ? free_unref_page_commit+0x38f/0x6e0
[   41.694718][ T5062]  __kmalloc_large_node+0x85/0x160
[   41.699849][ T5062]  kmalloc_large+0x1c/0x70
[   41.704258][ T5062]  diMount+0x29/0x830
[   41.708237][ T5062]  jfs_mount_rw+0x239/0x690
[   41.712730][ T5062]  ? updateSuper+0x7a0/0x7a0
[   41.717309][ T5062]  ? list_lru_walk_node+0x15a/0x2f0
[   41.722494][ T5062]  ? list_lru_walk_one+0xe0/0xe0
[   41.727417][ T5062]  ? shrink_dentry_list+0x1a/0x800
[   41.732531][ T5062]  jfs_remount+0x520/0x650
[   41.737044][ T5062]  ? parse_options+0xec0/0xec0
[   41.741790][ T5062]  ? shrink_dcache_sb+0x1bf/0x360
[   41.746806][ T5062]  ? shrink_dentry_list+0x800/0x800
[   41.751996][ T5062]  ? parse_options+0xec0/0xec0
[   41.756767][ T5062]  legacy_reconfigure+0x119/0x180
[   41.761783][ T5062]  reconfigure_super+0x40c/0xa30
[   41.766709][ T5062]  ? fs_umode_to_dtype+0xd0/0xd0
[   41.771639][ T5062]  path_mount+0x1830/0x1e20
[   41.776136][ T5062]  ? kmem_cache_free+0xee/0x5c0
[   41.780988][ T5062]  ? finish_automount+0x960/0x960
[   41.786007][ T5062]  ? putname+0x102/0x140
[   41.790255][ T5062]  __x64_sys_mount+0x283/0x300
[   41.795020][ T5062]  ? copy_mnt_ns+0xb30/0xb30
[   41.799621][ T5062]  ? lockdep_hardirqs_on+0x7d/0x100
[   41.804825][ T5062]  ? _raw_spin_unlock_irq+0x2e/0x50
[   41.810013][ T5062]  ? ptrace_notify+0xfe/0x140
[   41.814676][ T5062]  do_syscall_64+0x39/0xb0
[   41.819104][ T5062]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.824988][ T5062] RIP: 0033:0x7f4fe5ffffca
[   41.829401][ T5062] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 f8 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   41.848995][ T5062] RSP: 002b:00007ffcb6afbf08 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[pid  5062] mount(NULL, ".", 0x20000040, MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_I_VERSION|MS_STRICTATIME, "") = -1 ENOMEM (Cannot allocate memory)
[pid  5062] exit_group(1)               = ?
[   41.857397][ T5062] RAX: ffffffffffffffda RBX: 00005555557ec2c0 RCX: 00007f4fe5ffffca
[   41.865365][ T5062] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000
[   41.873331][ T5062] RBP: 0000000000000000 R08: 00007ffcb6afbf90 R09: 0000000000000002
[   41.881286][ T5062] R10: 00000000018084a0 R11: 0000000000000286 R12: 00000000ffffffff
[   41.889239][ T5062] R13: 00007ffcb6afbf90 R14: 0000000000000000 R15: 0000000020000080
[   41.897204][ T5062]  </TASK>
[   41.901532][ T5062] jfs_mount_rw: diMount failed!
[   41.914239][ T5062] ------------[ cut here ]------------
[   41.920340][ T5062] WARNING: CPU: 1 PID: 5062 at mm/slab_common.c:936 free_large_kmalloc+0xad/0xe0
[   41.929679][ T5062] Modules linked in:
[   41.933771][ T5062] CPU: 1 PID: 5062 Comm: syz-executor648 Not tainted 6.2.0-rc5-syzkaller #0
[   41.942649][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   41.953339][ T5062] RIP: 0010:free_large_kmalloc+0xad/0xe0
[   41.959067][ T5062] Code: ee 48 89 ef 5d 41 5c 41 5d e9 cf c6 0d 00 e8 fa 30 d1 ff 44 89 e2 be 06 00 00 00 48 89 ef e8 4a fd 1f 00 e8 55 32 d1 ff eb c6 <0f> 0b 80 3d 17 20 a7 0c 00 0f 84 28 d5 0a 08 48 8b 74 24 20 4c 89
[   41.978808][ T5062] RSP: 0018:ffffc90003cefbc8 EFLAGS: 00010246
[   41.985260][ T5062] RAX: 00fff00000000000 RBX: ffff88807503a930 RCX: 0000000000000000
[   41.993273][ T5062] RDX: 0000000000000000 RSI: ffff88802ac90000 RDI: ffffea0000ab2400
[   42.001382][ T5062] RBP: ffffea0000ab2400 R08: 0000000000000007 R09: 0000000000000000
[   42.009524][ T5062] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802ac90000
[   42.017576][ T5062] R13: ffff88802a658600 R14: ffff888075038d70 R15: ffff88807503a930
[   42.025600][ T5062] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   42.034605][ T5062] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.041312][ T5062] CR2: 00007f4fe6071160 CR3: 00000000288d1000 CR4: 0000000000350ef0
[   42.049314][ T5062] Call Trace:
[   42.052579][ T5062]  <TASK>
[   42.055535][ T5062]  diUnmount+0xf1/0x130
[   42.059711][ T5062]  jfs_umount+0x189/0x410
[   42.064040][ T5062]  jfs_put_super+0x85/0x1a0
[   42.068615][ T5062]  ? jfs_quota_off+0x170/0x170
[   42.073392][ T5062]  generic_shutdown_super+0x158/0x410
[   42.078806][ T5062]  kill_block_super+0x9b/0xf0
[   42.083510][ T5062]  deactivate_locked_super+0x98/0x160
[   42.088937][ T5062]  deactivate_super+0xb1/0xd0
[   42.093651][ T5062]  cleanup_mnt+0x2ae/0x3d0
[   42.098156][ T5062]  task_work_run+0x16f/0x270
[   42.102788][ T5062]  ? task_work_cancel+0x30/0x30
[   42.107848][ T5062]  do_exit+0xaa8/0x2950
[   42.112023][ T5062]  ? lock_downgrade+0x6e0/0x6e0
[   42.116909][ T5062]  ? do_raw_spin_lock+0x124/0x2b0
[   42.121955][ T5062]  ? mm_update_next_owner+0x7b0/0x7b0
[   42.127361][ T5062]  ? rwlock_bug.part.0+0x90/0x90
[   42.132318][ T5062]  ? _raw_spin_unlock_irq+0x23/0x50
[   42.137551][ T5062]  do_group_exit+0xd4/0x2a0
[   42.142092][ T5062]  __x64_sys_exit_group+0x3e/0x50
[   42.147186][ T5062]  do_syscall_64+0x39/0xb0
[   42.151632][ T5062]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.157593][ T5062] RIP: 0033:0x7f4fe5ffd6f9
[   42.162020][ T5062] Code: Unable to access opcode bytes at 0x7f4fe5ffd6cf.
[   42.169083][ T5062] RSP: 002b:00007ffcb6afc078 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.177534][ T5062] RAX: ffffffffffffffda RBX: 00007f4fe60733f0 RCX: 00007f4fe5ffd6f9
[   42.185689][ T5062] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   42.193681][ T5062] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000002
[   42.202301][ T5062] R10: 00000000018084a0 R11: 0000000000000246 R12: 00007f4fe60733f0
[   42.210530][ T5062] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   42.218608][ T5062]  </TASK>
[   42.221735][ T5062] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   42.229012][ T5062] CPU: 1 PID: 5062 Comm: syz-executor648 Not tainted 6.2.0-rc5-syzkaller #0
[   42.237690][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   42.247735][ T5062] Call Trace:
[   42.251005][ T5062]  <TASK>
[   42.253927][ T5062]  dump_stack_lvl+0xd1/0x138
[   42.258519][ T5062]  panic+0x2cc/0x626
[   42.262436][ T5062]  ? panic_print_sys_info.part.0+0x110/0x110
[   42.268424][ T5062]  ? free_large_kmalloc+0xad/0xe0
[   42.273459][ T5062]  check_panic_on_warn.cold+0x19/0x35
[   42.278832][ T5062]  __warn+0xf2/0x1a0
[   42.282722][ T5062]  ? free_large_kmalloc+0xad/0xe0
[   42.287744][ T5062]  report_bug+0x1c0/0x210
[   42.292080][ T5062]  handle_bug+0x3c/0x70
[   42.296233][ T5062]  exc_invalid_op+0x18/0x50
[   42.300734][ T5062]  asm_exc_invalid_op+0x1a/0x20
[   42.305588][ T5062] RIP: 0010:free_large_kmalloc+0xad/0xe0
[   42.311227][ T5062] Code: ee 48 89 ef 5d 41 5c 41 5d e9 cf c6 0d 00 e8 fa 30 d1 ff 44 89 e2 be 06 00 00 00 48 89 ef e8 4a fd 1f 00 e8 55 32 d1 ff eb c6 <0f> 0b 80 3d 17 20 a7 0c 00 0f 84 28 d5 0a 08 48 8b 74 24 20 4c 89
[   42.330849][ T5062] RSP: 0018:ffffc90003cefbc8 EFLAGS: 00010246
[   42.336915][ T5062] RAX: 00fff00000000000 RBX: ffff88807503a930 RCX: 0000000000000000
[   42.344885][ T5062] RDX: 0000000000000000 RSI: ffff88802ac90000 RDI: ffffea0000ab2400
[   42.352848][ T5062] RBP: ffffea0000ab2400 R08: 0000000000000007 R09: 0000000000000000
[   42.360813][ T5062] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802ac90000
[   42.368778][ T5062] R13: ffff88802a658600 R14: ffff888075038d70 R15: ffff88807503a930
[   42.376754][ T5062]  ? free_large_kmalloc+0x15/0xe0
[   42.381781][ T5062]  diUnmount+0xf1/0x130
[   42.385935][ T5062]  jfs_umount+0x189/0x410
[   42.390286][ T5062]  jfs_put_super+0x85/0x1a0
[   42.394784][ T5062]  ? jfs_quota_off+0x170/0x170
[   42.399541][ T5062]  generic_shutdown_super+0x158/0x410
[   42.404914][ T5062]  kill_block_super+0x9b/0xf0
[   42.409588][ T5062]  deactivate_locked_super+0x98/0x160
[   42.414956][ T5062]  deactivate_super+0xb1/0xd0
[   42.419634][ T5062]  cleanup_mnt+0x2ae/0x3d0
[   42.424055][ T5062]  task_work_run+0x16f/0x270
[   42.428651][ T5062]  ? task_work_cancel+0x30/0x30
[   42.433505][ T5062]  do_exit+0xaa8/0x2950
[   42.437665][ T5062]  ? lock_downgrade+0x6e0/0x6e0
[   42.442517][ T5062]  ? do_raw_spin_lock+0x124/0x2b0
[   42.447531][ T5062]  ? mm_update_next_owner+0x7b0/0x7b0
[   42.452901][ T5062]  ? rwlock_bug.part.0+0x90/0x90
[   42.457831][ T5062]  ? _raw_spin_unlock_irq+0x23/0x50
[   42.463026][ T5062]  do_group_exit+0xd4/0x2a0
[   42.467534][ T5062]  __x64_sys_exit_group+0x3e/0x50
[   42.472566][ T5062]  do_syscall_64+0x39/0xb0
[   42.476984][ T5062]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.482869][ T5062] RIP: 0033:0x7f4fe5ffd6f9
[   42.487274][ T5062] Code: Unable to access opcode bytes at 0x7f4fe5ffd6cf.
[   42.494277][ T5062] RSP: 002b:00007ffcb6afc078 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.502680][ T5062] RAX: ffffffffffffffda RBX: 00007f4fe60733f0 RCX: 00007f4fe5ffd6f9
[   42.510659][ T5062] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   42.518641][ T5062] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000002
[   42.526638][ T5062] R10: 00000000018084a0 R11: 0000000000000246 R12: 00007f4fe60733f0
[   42.534604][ T5062] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   42.542599][ T5062]  </TASK>
[   42.546496][ T5062] Kernel Offset: disabled
[   42.550884][ T5062] Rebooting in 86400 seconds..