./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3999134848

<...>
forked to background, child pid 4641
no interfaces have a carrier
[   28.790478][ T4642] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.799904][ T4642] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts.
execve("./syz-executor3999134848", ["./syz-executor3999134848"], 0x7fff38e994c0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555652e000
brk(0x55555652ec40)                     = 0x55555652ec40
arch_prctl(ARCH_SET_FS, 0x55555652e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3999134848", 4096) = 28
brk(0x55555654fc40)                     = 0x55555654fc40
brk(0x555556550000)                     = 0x555556550000
mprotect(0x7f2cc0da7000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 5063
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "5063", 4)                     = 4
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached
, child_tidptr=0x55555652e5d0) = 5064
[pid  5064] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5064] setsid()                    = 1
[pid  5064] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5064] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5064] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5064] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5064] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5064] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5064] unshare(CLONE_NEWNS)        = 0
[pid  5064] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5064] unshare(CLONE_NEWIPC)       = 0
[pid  5064] unshare(CLONE_NEWCGROUP)    = 0
[pid  5064] unshare(CLONE_NEWUTS)       = 0
[pid  5064] unshare(CLONE_SYSVSEM)      = 0
[pid  5064] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "16777216", 8)     = 8
[pid  5064] close(3)                    = 0
[pid  5064] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "536870912", 9)    = 9
[pid  5064] close(3)                    = 0
[pid  5064] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "1024", 4)         = 4
[pid  5064] close(3)                    = 0
[pid  5064] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "8192", 4)         = 4
[pid  5064] close(3)                    = 0
[pid  5064] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "1024", 4)         = 4
[pid  5064] close(3)                    = 0
[pid  5064] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "1024", 4)         = 4
[pid  5064] close(3)                    = 0
[pid  5064] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5064] close(3)                    = 0
[pid  5064] getpid()                    = 1
[pid  5064] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5064] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5064] unshare(CLONE_NEWNET)       = 0
[pid  5064] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "0 65535", 7)      = 7
[pid  5064] close(3)                    = 0
[pid  5064] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5064] dup2(3, 200)                = 200
[pid  5064] close(3)                    = 0
[pid  5064] ioctl(200, TUNSETIFF, 0x7fffdf856270) = 0
[pid  5064] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "0", 1)            = 1
[pid  5064] close(3)                    = 0
[pid  5064] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "0", 1)            = 1
[pid  5064] close(3)                    = 0
[pid  5064] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5064] access("/proc/net", R_OK)   = 0
[pid  5064] access("/proc/net/unix", R_OK) = 0
[pid  5064] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5064] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5064] close(4)                    = 0
[pid  5064] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5064] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5064] close(4)                    = 0
[pid  5064] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5064] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5064] close(4)                    = 0
[pid  5064] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5064] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5064] close(4)                    = 0
[pid  5064] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5064] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5064] close(4)                    = 0
[pid  5064] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] close(3)                    = 0
[pid  5064] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  5064] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  5064] close(3)                    = 0
[pid  5064] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5064] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5064] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x28\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x19\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5064] recvfrom(3, [{nlmsg_len=2476, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x41\x01\x00\x00\xd8\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2476
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5064] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5064] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5064] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=12}) = 0
[pid  5064] close(4)                    = 0
[pid  5064] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5064] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5064] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5064] close(4)                    = 0
[pid  5064] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5064] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5064] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5064] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=13}) = 0
[pid  5064] close(4)                    = 0
[pid  5064] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0d\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5064] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5064] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5064] close(4)                    = 0
syzkaller login: [   55.037694][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.045742][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.057288][ T5066] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  5064] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0d\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5064] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5064] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5064] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=12}) = 0
[pid  5064] close(4)                    = 0
[pid  5064] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5064] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5064] recvfrom(4, [{nlmsg_len=1420, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1420
[pid  5064] close(4)                    = 0
[pid  5064] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5064] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=13}) = 0
[pid  5064] close(4)                    = 0
[pid  5064] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5064] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5064] recvfrom(4, [{nlmsg_len=1420, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0d\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1420
[pid  5064] close(4)                    = 0
[pid  5064] close(3)                    = 0
[pid  5064] mkdir("/dev/binderfs", 0777) = 0
[pid  5064] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5064] memfd_create("syzkaller", 0) = 3
[pid  5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2cb88e3000
[   55.084671][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.092840][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.102066][ T5066] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[pid  5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5064] munmap(0x7f2cb88e3000, 16777216) = 0
[pid  5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5064] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5064] close(3)                    = 0
[pid  5064] mkdir("./file0", 0777)      = 0
[   55.251919][ T5064] loop0: detected capacity change from 0 to 32768
[   55.262728][ T5064] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor399 (5064)
[   55.280175][ T5064] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[   55.288755][ T5064] BTRFS info (device loop0): using free space tree
[pid  5064] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5064] chdir("./file0")            = 0
[pid  5064] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5064] close(4)                    = 0
[pid  5064] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   55.308141][ T5064] BTRFS info (device loop0): enabling ssd optimizations
[   55.315113][ T5064] BTRFS info (device loop0): auto enabling async discard
[pid  5064] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  5064] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  5064] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  5064] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5064] write(6, "9", 1)            = 1
[   55.384892][   T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   55.396759][ T5064] FAULT_INJECTION: forcing a failure.
[   55.396759][ T5064] name failslab, interval 1, probability 0, space 0, times 1
[   55.409616][ T5064] CPU: 0 PID: 5064 Comm: syz-executor399 Not tainted 6.1.0-syzkaller-13822-g6feb57c2fd7c #0
[   55.419687][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.429732][ T5064] Call Trace:
[   55.433002][ T5064]  <TASK>
[   55.435923][ T5064]  dump_stack_lvl+0xd1/0x138
[   55.440527][ T5064]  should_fail_ex.cold+0x5/0xa
[   55.445298][ T5064]  should_failslab+0x9/0x20
[   55.449799][ T5064]  __kmem_cache_alloc_node+0x5b/0x430
[   55.455250][ T5064]  ? ulist_add_merge.part.0+0x85/0x490
[   55.460706][ T5064]  kmalloc_trace+0x26/0x60
[   55.465125][ T5064]  ulist_add_merge.part.0+0x85/0x490
[   55.470403][ T5064]  ? btrfs_clear_delalloc_extent+0x1d4/0x910
[   55.476385][ T5064]  ulist_add+0x106/0x160
[   55.480627][ T5064]  clear_state_bit+0x151/0x3a0
[   55.485386][ T5064]  __clear_extent_bit+0x5a6/0xc80
[   55.490411][ T5064]  clear_record_extent_bits+0x5c/0x70
[   55.495781][ T5064]  __btrfs_qgroup_release_data+0x1a2/0xa40
[   55.501586][ T5064]  ? btrfs_qgroup_account_extents+0xb50/0xb50
[   55.507651][ T5064]  ? lock_downgrade+0x6e0/0x6e0
[   55.512504][ T5064]  btrfs_add_ordered_extent+0x9d3/0x1010
[   55.518140][ T5064]  ? create_io_em+0x1e0/0x2d0
[   55.522814][ T5064]  cow_file_range+0x50f/0xd10
[   55.527496][ T5064]  ? cow_file_range_inline+0x7c0/0x7c0
[   55.532949][ T5064]  ? free_extent_state+0x20/0x430
[   55.537968][ T5064]  ? find_lock_delalloc_range+0x53d/0x690
[   55.543688][ T5064]  btrfs_run_delalloc_range+0x593/0x1300
[   55.549329][ T5064]  writepage_delalloc+0x1a6/0x3e0
[   55.554357][ T5064]  ? find_lock_delalloc_range+0x690/0x690
[   55.560090][ T5064]  __extent_writepage+0xff0/0x1540
[   55.565206][ T5064]  ? percpu_counter_add_batch+0xc1/0x180
[   55.570839][ T5064]  ? btrfs_do_readpage+0x1600/0x1600
[   55.576131][ T5064]  ? folio_clear_dirty_for_io+0x10f/0x740
[   55.581844][ T5064]  extent_write_cache_pages+0x614/0x16b0
[   55.587487][ T5064]  ? __extent_writepage+0x1540/0x1540
[   55.592878][ T5064]  ? stack_trace_save+0x90/0xc0
[   55.597728][ T5064]  ? layout_symtab+0x47e/0x9e0
[   55.602494][ T5064]  ? save_trace+0x43/0xad0
[   55.606911][ T5064]  ? _find_first_zero_bit+0x94/0xb0
[   55.612194][ T5064]  extent_writepages+0x1c6/0x450
[   55.617134][ T5064]  ? extent_write_locked_range+0xea0/0xea0
[   55.622943][ T5064]  ? asm_common_interrupt+0x26/0x40
[   55.628134][ T5064]  ? lockdep_hardirqs_on+0x7d/0x100
[   55.633333][ T5064]  ? btrfs_readahead+0x20/0x20
[   55.638090][ T5064]  do_writepages+0x1af/0x690
[   55.642680][ T5064]  ? writeback_set_ratelimit+0x150/0x150
[   55.648307][ T5064]  ? wbc_attach_and_unlock_inode+0x44d/0x8d0
[   55.654289][ T5064]  ? lock_downgrade+0x6e0/0x6e0
[   55.659137][ T5064]  ? lock_release+0x810/0x810
[   55.663807][ T5064]  ? do_raw_spin_unlock+0x175/0x230
[   55.668997][ T5064]  ? _raw_spin_unlock+0x28/0x40
[   55.673842][ T5064]  ? wbc_attach_and_unlock_inode+0x4a3/0x8d0
[   55.679826][ T5064]  filemap_fdatawrite_wbc+0x147/0x1b0
[   55.685195][ T5064]  __filemap_fdatawrite_range+0xb8/0xf0
[   55.690737][ T5064]  ? delete_from_page_cache_batch+0xd50/0xd50
[   55.696798][ T5064]  ? mark_lock.part.0+0xee/0x1910
[   55.701811][ T5064]  ? mark_lock.part.0+0xee/0x1910
[   55.706835][ T5064]  ? down_write+0x157/0x220
[   55.711350][ T5064]  btrfs_fdatawrite_range+0x4a/0x110
[   55.716645][ T5064]  btrfs_wait_ordered_range+0x75/0x2a0
[   55.722146][ T5064]  btrfs_fallocate+0xab6/0x27b0
[   55.727027][ T5064]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   55.733103][ T5064]  ? debug_check_no_obj_freed+0x210/0x420
[   55.738822][ T5064]  ? lock_downgrade+0x6e0/0x6e0
[   55.743677][ T5064]  ? lock_release+0x810/0x810
[   55.748346][ T5064]  ? __might_fault+0xd9/0x180
[   55.753025][ T5064]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   55.759180][ T5064]  vfs_fallocate+0x48b/0xe00
[   55.763771][ T5064]  ioctl_preallocate+0x18e/0x200
[   55.768700][ T5064]  ? fiemap_prep+0x220/0x220
[   55.773289][ T5064]  do_vfs_ioctl+0x12d0/0x15b0
[   55.777955][ T5064]  ? vfs_fileattr_set+0xbe0/0xbe0
[   55.782979][ T5064]  ? find_held_lock+0x2d/0x110
[   55.787744][ T5064]  ? name_to_dev_t+0x312/0x990
[   55.792501][ T5064]  ? lock_downgrade+0x6e0/0x6e0
[   55.797354][ T5064]  ? bpf_lsm_file_ioctl+0x9/0x10
[   55.802287][ T5064]  __x64_sys_ioctl+0x10c/0x210
[   55.807042][ T5064]  do_syscall_64+0x39/0xb0
[   55.811457][ T5064]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.817354][ T5064] RIP: 0033:0x7f2cc0d38ec9
[   55.821756][ T5064] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.841789][ T5064] RSP: 002b:00007fffdf8561e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   55.850192][ T5064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f2cc0d38ec9
[   55.858155][ T5064] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[   55.866119][ T5064] RBP: 00007fffdf856240 R08: 0000000000000001 R09: 0000000000000003
[   55.874174][ T5064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   55.882139][ T5064] R13: 00007f2cc0dad740 R14: 000000000000000d R15: 00007f2cc0dad7b0
[   55.890112][ T5064]  </TASK>
[   55.894179][ T5064] ------------[ cut here ]------------
[   55.900295][ T5064] kernel BUG at fs/btrfs/extent-io-tree.c:515!
[   55.906503][ T5064] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   55.912573][ T5064] CPU: 0 PID: 5064 Comm: syz-executor399 Not tainted 6.1.0-syzkaller-13822-g6feb57c2fd7c #0
[   55.922636][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.932692][ T5064] RIP: 0010:clear_state_bit+0x31b/0x3a0
[   55.938255][ T5064] Code: 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 44 8b 7d 7c e9 af fe ff ff e8 fe 65 f9 fd 0f 0b eb 97 e8 f5 65 f9 fd <0f> 0b 4c 89 f7 e8 4b 66 47 fe e9 72 fd ff ff 4c 89 f7 e8 3e 66 47
[   55.957865][ T5064] RSP: 0018:ffffc90003e7eca0 EFLAGS: 00010293
[   55.963922][ T5064] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[   55.971878][ T5064] RDX: ffff8880237d57c0 RSI: ffffffff8387ebcb RDI: 0000000000000005
[   55.979834][ T5064] RBP: ffff88802be80a80 R08: 0000000000000005 R09: 0000000000000000
[   55.987789][ T5064] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff888073d400c0
[   55.995746][ T5064] R13: 0000000000000000 R14: ffff88802be80afc R15: 000000000000ffff
[   56.003702][ T5064] FS:  000055555652e300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   56.012616][ T5064] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   56.019187][ T5064] CR2: 0000000020010000 CR3: 000000002bea7000 CR4: 0000000000350ef0
[   56.027231][ T5064] Call Trace:
[   56.030491][ T5064]  <TASK>
[   56.033405][ T5064]  __clear_extent_bit+0x5a6/0xc80
[   56.038424][ T5064]  clear_record_extent_bits+0x5c/0x70
[   56.043783][ T5064]  __btrfs_qgroup_release_data+0x1a2/0xa40
[   56.049582][ T5064]  ? btrfs_qgroup_account_extents+0xb50/0xb50
[   56.055635][ T5064]  ? lock_downgrade+0x6e0/0x6e0
[   56.060470][ T5064]  btrfs_add_ordered_extent+0x9d3/0x1010
[   56.066095][ T5064]  ? create_io_em+0x1e0/0x2d0
[   56.070761][ T5064]  cow_file_range+0x50f/0xd10
[   56.075429][ T5064]  ? cow_file_range_inline+0x7c0/0x7c0
[   56.080878][ T5064]  ? free_extent_state+0x20/0x430
[   56.085886][ T5064]  ? find_lock_delalloc_range+0x53d/0x690
[   56.091598][ T5064]  btrfs_run_delalloc_range+0x593/0x1300
[   56.097254][ T5064]  writepage_delalloc+0x1a6/0x3e0
[   56.102375][ T5064]  ? find_lock_delalloc_range+0x690/0x690
[   56.108091][ T5064]  __extent_writepage+0xff0/0x1540
[   56.113197][ T5064]  ? percpu_counter_add_batch+0xc1/0x180
[   56.118822][ T5064]  ? btrfs_do_readpage+0x1600/0x1600
[   56.124100][ T5064]  ? folio_clear_dirty_for_io+0x10f/0x740
[   56.129807][ T5064]  extent_write_cache_pages+0x614/0x16b0
[   56.135435][ T5064]  ? __extent_writepage+0x1540/0x1540
[   56.140800][ T5064]  ? stack_trace_save+0x90/0xc0
[   56.145646][ T5064]  ? layout_symtab+0x47e/0x9e0
[   56.150409][ T5064]  ? save_trace+0x43/0xad0
[   56.154824][ T5064]  ? _find_first_zero_bit+0x94/0xb0
[   56.160016][ T5064]  extent_writepages+0x1c6/0x450
[   56.164948][ T5064]  ? extent_write_locked_range+0xea0/0xea0
[   56.170751][ T5064]  ? asm_common_interrupt+0x26/0x40
[   56.175935][ T5064]  ? lockdep_hardirqs_on+0x7d/0x100
[   56.181127][ T5064]  ? btrfs_readahead+0x20/0x20
[   56.186473][ T5064]  do_writepages+0x1af/0x690
[   56.191050][ T5064]  ? writeback_set_ratelimit+0x150/0x150
[   56.196668][ T5064]  ? wbc_attach_and_unlock_inode+0x44d/0x8d0
[   56.202643][ T5064]  ? lock_downgrade+0x6e0/0x6e0
[   56.207476][ T5064]  ? lock_release+0x810/0x810
[   56.212140][ T5064]  ? do_raw_spin_unlock+0x175/0x230
[   56.217322][ T5064]  ? _raw_spin_unlock+0x28/0x40
[   56.222159][ T5064]  ? wbc_attach_and_unlock_inode+0x4a3/0x8d0
[   56.228149][ T5064]  filemap_fdatawrite_wbc+0x147/0x1b0
[   56.233512][ T5064]  __filemap_fdatawrite_range+0xb8/0xf0
[   56.239046][ T5064]  ? delete_from_page_cache_batch+0xd50/0xd50
[   56.245103][ T5064]  ? mark_lock.part.0+0xee/0x1910
[   56.250109][ T5064]  ? mark_lock.part.0+0xee/0x1910
[   56.255121][ T5064]  ? down_write+0x157/0x220
[   56.259620][ T5064]  btrfs_fdatawrite_range+0x4a/0x110
[   56.264900][ T5064]  btrfs_wait_ordered_range+0x75/0x2a0
[   56.270352][ T5064]  btrfs_fallocate+0xab6/0x27b0
[   56.275200][ T5064]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   56.281260][ T5064]  ? debug_check_no_obj_freed+0x210/0x420
[   56.286973][ T5064]  ? lock_downgrade+0x6e0/0x6e0
[   56.291810][ T5064]  ? lock_release+0x810/0x810
[   56.296469][ T5064]  ? __might_fault+0xd9/0x180
[   56.301138][ T5064]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   56.307200][ T5064]  vfs_fallocate+0x48b/0xe00
[   56.311781][ T5064]  ioctl_preallocate+0x18e/0x200
[   56.316704][ T5064]  ? fiemap_prep+0x220/0x220
[   56.321285][ T5064]  do_vfs_ioctl+0x12d0/0x15b0
[   56.325950][ T5064]  ? vfs_fileattr_set+0xbe0/0xbe0
[   56.330957][ T5064]  ? find_held_lock+0x2d/0x110
[   56.335713][ T5064]  ? name_to_dev_t+0x312/0x990
[   56.340465][ T5064]  ? lock_downgrade+0x6e0/0x6e0
[   56.345301][ T5064]  ? bpf_lsm_file_ioctl+0x9/0x10
[   56.350319][ T5064]  __x64_sys_ioctl+0x10c/0x210
[   56.355069][ T5064]  do_syscall_64+0x39/0xb0
[   56.359477][ T5064]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.365364][ T5064] RIP: 0033:0x7f2cc0d38ec9
[   56.369763][ T5064] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.389362][ T5064] RSP: 002b:00007fffdf8561e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   56.397763][ T5064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f2cc0d38ec9
[   56.405717][ T5064] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[   56.413668][ T5064] RBP: 00007fffdf856240 R08: 0000000000000001 R09: 0000000000000003
[   56.421624][ T5064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   56.429577][ T5064] R13: 00007f2cc0dad740 R14: 000000000000000d R15: 00007f2cc0dad7b0
[   56.437538][ T5064]  </TASK>
[   56.440536][ T5064] Modules linked in:
[   56.444509][ T5064] ---[ end trace 0000000000000000 ]---
[   56.449992][ T5064] RIP: 0010:clear_state_bit+0x31b/0x3a0
[   56.455597][ T5064] Code: 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 44 8b 7d 7c e9 af fe ff ff e8 fe 65 f9 fd 0f 0b eb 97 e8 f5 65 f9 fd <0f> 0b 4c 89 f7 e8 4b 66 47 fe e9 72 fd ff ff 4c 89 f7 e8 3e 66 47
[   56.475263][ T5064] RSP: 0018:ffffc90003e7eca0 EFLAGS: 00010293
[   56.481353][ T5064] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[   56.489334][ T5064] RDX: ffff8880237d57c0 RSI: ffffffff8387ebcb RDI: 0000000000000005
[   56.497319][ T5064] RBP: ffff88802be80a80 R08: 0000000000000005 R09: 0000000000000000
[   56.505292][ T5064] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff888073d400c0
[   56.513289][ T5064] R13: 0000000000000000 R14: ffff88802be80afc R15: 000000000000ffff
[   56.521282][ T5064] FS:  000055555652e300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   56.530229][ T5064] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   56.536828][ T5064] CR2: 0000000020010000 CR3: 000000002bea7000 CR4: 0000000000350ef0
[   56.544783][ T5064] Kernel panic - not syncing: Fatal exception
[   56.551791][ T5064] Kernel Offset: disabled
[   56.556102][ T5064] Rebooting in 86400 seconds..