{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}], 0x0, "8bebeb894f74c3"}) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 20:07:33 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:07:33 executing program 5: socket(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) [ 568.353144] audit: type=1804 audit(1617134853.839:2433): pid=12562 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1153/bus" dev="sda1" ino=14526 res=1 [ 568.359094] FAT-fs (loop2): bogus number of reserved sectors 20:07:33 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}]}, 0x30}}, 0x0) [ 568.408078] FAT-fs (loop1): unable to read boot sector (logical sector size = 1024) [ 568.414569] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:33 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) statx(r0, &(0x7f0000000240)='./file0\x00', 0x2000, 0x1, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000004c40)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r2, @ANYRES32=r2, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB], 0x8c, 0x0) mount$fuseblk(0xfffffffffffffffe, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='fuseblk\x00', 0x0, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x800}}, {@blksize={'blksize', 0x3d, 0x200}}, {@max_read={'max_read', 0x3d, 0x3ff}}, {@blksize={'blksize'}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0x200}}], [{@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@obj_user={'obj_user', 0x3d, '*\',-'}}]}}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = socket$inet6(0xa, 0x1, 0x800000b) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$alg(r4, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="3000000000000070ce143210eebb48fa5661708660e668e9d33e0cd3efad7e775eb42ce5c1e348397c01977de880fdc2401094a09a6bd67327ce60cfe6b6d0b80673451316f9323d37f8e1ee217a8c8b3699316d0d02d41c70a5f3a0df6624205a7249852b44eb7ea8aa13f391bfec1404d08a6e3e0fa9d3b257ad8f14b22f1e7ae4473e2b67d494126e7ffac89bdec526223c3c9d440dc3ffee18d6ca9cdf2b7654574bf4cd55eb1c9a0d6a19ddff07def664b3614e075e18659e91741efb850639317e150c49f14e1757515f45c3"], 0x55, 0x8084}], 0x1, 0x0) dup2(r0, r3) 20:07:34 executing program 5: socket(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) [ 568.486603] audit: type=1804 audit(1617134853.929:2434): pid=12573 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1009/file1/bus" dev="sda1" ino=14490 res=1 20:07:34 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}]}, 0x30}}, 0x0) 20:07:34 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, 0x0, 0x0) 20:07:34 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, 0x0, 0x0) 20:07:34 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) preadv(r1, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/98, 0x62}, {&(0x7f0000000140)=""/242, 0xf2}, {&(0x7f0000000240)=""/62, 0x3e}, {&(0x7f0000000280)=""/1, 0x1}, {&(0x7f00000002c0)=""/210, 0xd2}], 0x5, 0x8, 0xffff) preadv(r0, &(0x7f0000000280), 0x0, 0x93, 0x0) sendfile(r0, r0, &(0x7f0000000040)=0x5, 0x7) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0), 0x0, 0x4000000) dup2(r0, r2) 20:07:34 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}]}, 0x30}}, 0x0) 20:07:34 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0x200, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) 20:07:34 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) [ 569.232999] FAT-fs (loop2): bogus number of reserved sectors [ 569.275028] FAT-fs (loop2): Can't find a valid FAT filesystem [ 569.306899] FAT-fs (loop1): Unrecognized mount option "PO" or missing value 20:07:34 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) preadv(r2, &(0x7f0000001180)=[{&(0x7f0000000080)=""/4096, 0x1000}, {&(0x7f0000001080)=""/193, 0xc1}], 0x2, 0x6, 0xfffff000) ftruncate(r0, 0x800) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f00000011c0)={r0, r0}) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:07:34 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}]}, 0x30}}, 0x0) 20:07:34 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0}, &(0x7f0000000300)=0xc) syz_mount_image$udf(&(0x7f0000000040)='udf\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x1, &(0x7f0000000280)=[{&(0x7f0000000140)="49661d1819f76a75b930d4f3ac527b77a2322531fc129fe4574a12f9673977335d4676b918a541cdeac054198ebe63bac79a8bdfc2870572c80fa7beaa09728026ca056c30a11e3913ae808a42c19a08572b202f1bd0c26a78c08616f05901bf54c0c7b0a6235f00979ac385ea9b7683e511ec44c520f102689f661bc238442fd35e06ea8f5dc907c3f422e78e6745a3f815a85eeacb58771c5e4ffb116dd3569d84cf1b015b809f5b825877a9cca3b9fbfd878a8e7a4c280a7e91adb656032308da2013b87c0fd625835816de35a043ded300e0620255e2fd717e4a1660a048fda364755d5c91b269a06d4c30a709d787ae0e44c83a0a481e403e2f", 0xfc, 0x2}], 0x42000, &(0x7f0000000340)={[{@bs={'bs', 0x3d, 0x1}}, {@rootdir={'rootdir', 0x3d, 0x5}}, {@umask={'umask', 0x3d, 0xffffffffffff3142}}], [{@euid_gt={'euid>', r1}}, {@audit='audit'}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@pcr={'pcr', 0x3d, 0x22}}, {@euid_lt={'euid<', 0xffffffffffffffff}}]}) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r2) 20:07:34 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, 0x0, 0x0) 20:07:34 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0x200, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) 20:07:34 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}]}, 0x30}}, 0x0) 20:07:35 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) 20:07:35 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x400, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYRESOCT], 0x30}], 0x1, 0x4008880) dup2(r0, r1) 20:07:35 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 20:07:35 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) [ 569.576026] FAT-fs (loop1): Unrecognized mount option "PO" or missing value 20:07:35 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 20:07:35 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) [ 570.094461] FAT-fs (loop2): bogus number of reserved sectors [ 570.103880] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:35 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0xd5) open(&(0x7f0000000440)='./file0\x00', 0x450280, 0x80) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@ipv4={[], [], @empty}, 0x7, 0x1, 0xff, 0x4, 0x3f, 0x6}, 0x20) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f0000001d00)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="30004716515271"], 0x30}, {0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="b26d63854f5a79fca55b234aba697b5118848988b1a63724af7471987542ebf58c824a9e4b07e4d05b8960004f596908fd44ff53ff3081812d6bed50ec647cd08d447567d7157fa554852dedbd42b03f80bdcd82513450da82abe9e9489e18967e50975755b87046f4f78ea19a25226bc60d89fc2555d2114e7a5d8c56628012c9bb934500441a72e0", 0x89}], 0x1, 0x0, 0x0, 0x8804}, {0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000280)="63790e48ed2fdb6ac5deb473955a57175d4642493ab91f8ed70b8955a3bf8f4589f85cd6e205d17e8b151ed311c085bdb79f68a870d9ac03ce1bc41a80400a82200cf62589654424e20548b436504c0cff4b4417f06988972ca7093a579b7dda669ca3d6b0f7202e62c1408be8996160f50073d2ed75f632847651c31962c01d5b8fea3cd9570314e652b96a2b479702d8de193a009dea6c16f7c223431f579aced3a5f6eed719465bd49f8b03d9a515b9f4a55f795817d3f0b30020fe36013b84f0e14a8a60937649922759d43399", 0xcf}, {&(0x7f0000000380)="8c7deb965fb399ad37b6e2c43e0def41e222c6cf3b6ae58ed8bf737f9bab05962eea2e210d84cd5048625ab00fc691b3920deb590852f5372674f46a61eb3fcf5a14f0b8fe6b84ac976874fbb6a64ac46fad3461abedf18d9098d8d64a25743806e65b03bd4e0fabbc88e76733c0f283632ff75d6e7f4032ec726265eacf931f9308e9db32b8639c6ace", 0x8a}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="c000000000000000170100000208f000a600000052d705822ef43b2a01b6d035ebfe04de3833ed15ddf47f4b13abf718929c0fd7d5c19f2ebc0c84d6e7ea0ef0795a935b4d4914ce99ea2286d9892cf685473e99a361937cfacf0bd78dd78a2e2cf27f4fc3d66676177b084f2275677a332e05a6d02f12e6bc9c224a2dfcc5595a4cf6ee6b32630fe91b28efc94c0948a432ff6175810b6ee0fdffa19207126b253f5c48abea200bbf8f6a151059ecde6ceb976912ff787397750000000000006b0b7e19550dce3d13538f43762b275278d505cde8a30e61e84e7191d8dd9a611b10daf6a4c3033f8c30f7c729559e1bbaa9dc618221b626cce8a756be917694da663fb43be46595e6bc4d7bf5193ec6af5c9bc842cba19a68cb4e38221eea33f1c7c7c22aef7c7c15bd138dc74a4ed90ff8c0add7f7a7e43e275f8971c55f90474860227d7ca0dde7ed75771e61d8c7fbaa69f6b5cd4ad7548bbea02b48fb1120aefdea8b334ec164375dee7d9501dc2ebd6385d4cbcb8e2e4d609b31dba14079a2f58ed26050fe1fbbd1611a9b34039167ee40032c7a6ac980c25fd6d4c91b12"], 0xc0, 0x4008034}, {0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000500)="5055c03d1ddd5c6b8a57406fe7db7442eba713475fa1e65334d77bd7b819af1696034e54c52e69b83864500ed91d960b5855945bfe9a0ef7354e49a2688037c546", 0x41}, {&(0x7f0000000580)="10002970b9b85e19ef8d9125100500c57fa4765f7a74f660", 0x18}, {&(0x7f00000005c0)="be9369099d1f256c7dd64a3c777f459a4c328b2848f0682b187299678a80d6ae59f27cef6a3b0fd97802849282b193cb1c1327771511e57307", 0x39}, {&(0x7f0000000600)="232573cd86a4793dc6da0a0fc8db292e7978bea408194013740e465f8577b6dbe02b458a6623cf6de15af594a04b7d11189c761ff4daf6f4c2c4d6276905f413023f99c239522a6309a1143392f426df3dc98c588f4687285c03ce24b81b63ed651eee33211f701dcb835c33902973d5c05cd486f1f5ea02f7f3ffa29b7979992392aeaab0acd135eb06d22182fe", 0x8e}], 0x4, &(0x7f0000000700)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0xca4}, @assoc={0x18, 0x117, 0x4, 0x2}, @assoc={0x18, 0x117, 0x4, 0x400008}, @iv={0x100, 0x117, 0x2, 0xeb, "19e88916b47a30f219c3e5ce82994f04545b8543d6d9a50fd9b5d879867f088e66c0f9ccb06cdb72142c69d15658c8287e041151599782fd1c3c4760e7188da4d8c229d44b42664267eff48b94ff056bc8dad6c1440eb3ba793f17e74645f3b18d6d96a380aa395ad132f74724846e00be76039c7bb5aa6e9d2a027816bac69359bb16530594499b898bf107c20cddf08538587364a93b66d9e32648f23244aaaf9801c66516f727b5f95af8daf48fbfc4048dd7a6bc3e82fb5f5fcebcafc94a026431a8227bcb2ff8d9aa6e295a63c46aedeff31a72ebdc26ff1014d11d424195d3fd6e27e28fd11c1584"}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18}, @iv={0x38, 0x117, 0x2, 0x1f, "ed3de607628a35aa72489592ffd89a069f40b0915744ffee9e7a0bc848464c"}], 0x1c8, 0x400a0c2}, {0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000980)="4ea034dff27d9f21e820ecaa29baddac2df055d34170c1625a1c5ee4b64f6a276e70bceed901ddd0ed0ca3a320885a7885a5b34dd46c0c02c9a1585a534af3a8261b216468bb6ae8cc8e0d47cefb72ee56bdcc91d7b0d91b3b90738ee9fbc1af796afed17b051354ec13ab19124fc553c6a9e806ab884c51b4c3194df1affad3083e8d1c71f46c33dde049ed199eafb4392d7781d55f7bb40160c37edaefae5544db6e6abeba3f6127f02792a072289803c6857ffab53702", 0xb8}, {&(0x7f0000000a40)="2a4ae6eb027e8dc1b94109f7ecde2f91aa52a15a2fa01eb12c4329fcb2b9ac5db89beae5097990c8c960667f5e3f5c5692b4c6c1826b5d1b58b0fe7cd252a6d718441126b330365490f3ae5d5b73f92a6b3a3cfdd4912fab45081cbdb245396642f29440c8c516796c87bca1b47b1e022c66509f6f7ccaf5ffc4b2a6eda9a2e51d299f90e8df469f80fd41487f16f60a2ab1ac131b262b2d73bd003d670508d66e2fe68917c719e6a1dc19161b822b84ff23e9002c775440c0168ab8cdcd2b2a", 0xc0}], 0x2, &(0x7f0000001e40)=[@iv={0xf8, 0x117, 0x2, 0xe0, "34408b8655c2a723e6ba6171761efa927f422a97269fdbd007e3c203d465430df544cb8769a9173e8d52ca40e6cd9fdb7c33e1cf67f6a63b0b167085d3b6d3489cc74be511ac5fb88039b8043f76abc7821a995ffe477ae73e8e6066016ba531044f594fbff42caa9357cbe1f54ea9736680bbe3d2515c843f6d6b63d10902183e5a897f938e4def682b98fdbbf075ac1cd9b6103d83c17a603611729cc7337e047841d708f457b9e47a17d449d840b663908534d002edbabc59fd0cce5df67d63b39e680e59d2a1fc968471ba2e62526f3612c56b522c0b6a36e80b4e6462bc"}, @assoc={0x18, 0x117, 0x4, 0x9}, @iv={0xc8, 0x117, 0x2, 0xad, "6ee910f904c3d1198c7ed8ccaa881f1c17b00233b4ff7724162593bf0e49ec5a6701a5133e4a456ff8bd34b99ece8a47b99071a0a9cd3eb92b6d043430a9e4fc41201ea05e0f82382c109b7279a4b3cac4a7b807f3081c30617c5c69ea04427824f8bbdf99fa31e65cf3dce1d207990f05b7f1d7706404085eb8f69a2c28a43ffe3187a04369ac4141dcb51db2ffdcdc3918a854db221202d2b7db16cf31a480f5715fdfb9bd644cb273d9e552"}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x3ff}, @op={0x18}], 0x238, 0x8095}], 0x5, 0x0) dup2(r0, r2) 20:07:35 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0x200, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000100)=ANY=[]) 20:07:35 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) 20:07:35 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 20:07:35 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) 20:07:35 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100)={0xffffffffffffffff}, 0x4) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000140)=""/65, 0x41}, {&(0x7f00000001c0)=""/79, 0x4f}], 0x2, 0xe0c, 0x2c54d5cb) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], 0x30}], 0x1, 0x0) dup2(r0, r2) 20:07:35 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = openat(r0, &(0x7f00000001c0)='./bus\x00', 0x8442, 0xa0) write$binfmt_script(r2, &(0x7f0000000200)={'#! ', './bus', [{0x20, '%$^(.}'}, {}, {}], 0xa, "d2242bb1a0bd4a51857a86e51e313b37f41313ab75dc2d26abd2a7e22513b694d9aba1f743fed9db2e8d8fe44f30ed9e5ea49fcc198280a49c9a183e2e4c53455ddb4e61c5bd798729388a41f141b3ffa363f562d8dc71097bfcc4ffc72b7284e9f4939c32caeae045fcf6799087c28fb28619085eb16f317dfd01fa370042ce82a6a0b0e18f9883a6b551cd8a56e85b2fff0592bb4fb507cf625a85f7b01841c398d2fbaf65a2ffcb20b6f925dee69c39b3838b248e35aae973df419f34942418ed2865c291a24252"}, 0xdb) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000080)={"06b2322e6d2d0efd461992c75714b1d6", 0x0, 0x0, {0x0, 0x6}, {0x81, 0x7ff}, 0x800, [0x3, 0x2, 0x0, 0x80, 0x1, 0xb164, 0x2800000000, 0x8, 0x18, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000180)=r3) ftruncate(r0, 0x800) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000480)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000180)={{}, r5, 0x0, @inherit={0x58, &(0x7f0000000000)={0x0, 0x2, 0x9, 0xfff, {0x0, 0x2, 0x8, 0x7, 0x81}, [0x40, 0x30000000000000]}}, @subvolid=0x7}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000300)={{}, r5, 0x0, @unused=[0x4, 0x36e, 0x8e9d, 0xb5], @subvolid=0x1}) lseek(r0, 0x0, 0x2) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r6, 0x0, 0x8400fffffffa) 20:07:35 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) 20:07:35 executing program 4: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:36 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) [ 570.499802] FAT-fs (loop4): bogus number of reserved sectors [ 570.505632] FAT-fs (loop1): Unrecognized mount option "PO" or missing value 20:07:36 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 570.547378] FAT-fs (loop4): Can't find a valid FAT filesystem 20:07:36 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x0, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:36 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r1) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x141002, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x71, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x17) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000000)={0x0, 0x9a6, 0x9, 0x4, 0x0, 0x8, 0x392c, 0x40, r4}, 0x20) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000100)={0x2, 0x200, 0xc, 0x3ff, 0x9, 0xffffffff, 0x6, 0xb6, r4}, &(0x7f0000000140)=0x20) 20:07:36 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) 20:07:36 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:36 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000040)=0x1) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="30000000007baf"], 0x30}], 0x1, 0x0) dup2(r0, r1) 20:07:36 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) 20:07:36 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 571.018067] FAT-fs (loop2): bogus number of reserved sectors [ 571.038356] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:36 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) 20:07:36 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x301800, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f00000007c0)=ANY=[@ANYBLOB="400300002500000227bd7000fedbdf2500000000", @ANYRES32=r5, @ANYBLOB="0000000001001b000c0007000e000100626c61636b686f6c65000000d80008801c00010001fe010000100000000000000500000002000000050000000e0002000000070007000100020000001c0001007f08020009000000020000000a000000080000000100000006000200030000001c000100810600000080000002000000ffffff7f0600000007000000120002000080f8ff0800080004000000060000001c0001003f203900860000000000000009000000040000000700000012000200010005000400008002000600810000001c0001000205ff000180000001000000b309000001ffffff02000000080002000800020008000e00000200000d00010066715f636f64656c00000000240002000800040001000000080003000100000008000800ff0700000800030009000000c80108801c00010006a401800000000000000000800000000100000007000000120002000100ff000000030001010400050000001c0001008f20030038ffffff01000000008000000900000008000000140002000500000100fc810080000100080003001c000100058009006d4d2bb903000000020000000100000002000000040000000c00020008000338000003001c0001000109ff0009000000040000000800000000000000030000000a00020005000600050000001c000100ffc20200ffffffff02000000ffffffffa9c2000008000000140002000010ff002a0b0001ff000000ff0304001c0001000240010008000000cca32aac47730000040000000700000012000200ed0009000104000809000010030000001c00010008f205000200000000000000080000000600000006000000100002000400010106000500040008001c000100403fae009a080000000000000100000009000000050000000e000200ff01050002000500030000001c00010004003b1a0700000002000000010000000900000009000000160002000600000000100000ff0308000000ff00070000001c0001005800ffff01000000010000000004000002000000040000000c000200060000001f00050008000e000600000008000100726564001800020014000100080000000080770103000000151c120808000d0006000000"], 0x340}, 0x1, 0x0, 0x0, 0x4000}, 0x40) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r1) 20:07:36 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:36 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:36 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/exe\x00', 0x288000, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x3, 0x2) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000180)={0x0, 0x7, 0x20, 0x9, 0x7, 0xc000}) sendmmsg$alg(r3, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205649, &(0x7f0000000100)={0x9d0000, 0x2, 0x2, r3, 0x0, &(0x7f00000000c0)={0x0, 0x6, [], @value64=0x3}}) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r4, 0x0, 0x8400fffffffa) 20:07:37 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r1) 20:07:37 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) 20:07:37 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:37 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:37 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x0, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:37 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) 20:07:37 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x4, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="ff000000000000"], 0x30}], 0x1, 0x0) dup2(r0, r1) recvfrom$inet6(r1, &(0x7f0000000040)=""/61, 0x3d, 0xa0, &(0x7f0000000100)={0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, [], 0x29}, 0x8}, 0x1c) 20:07:37 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:37 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 571.924887] FAT-fs (loop2): bogus number of reserved sectors [ 571.951489] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:37 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) [ 571.985878] kauditd_printk_skb: 13 callbacks suppressed [ 571.985887] audit: type=1804 audit(1617134857.469:2448): pid=12815 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1013/file1/bus" dev="sda1" ino=13923 res=1 20:07:37 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) 20:07:37 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) [ 572.216470] audit: type=1804 audit(1617134857.699:2449): pid=12839 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1156/bus" dev="sda1" ino=14147 res=1 [ 572.239937] audit: type=1804 audit(1617134857.719:2450): pid=12839 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1156/bus" dev="sda1" ino=14147 res=1 [ 572.312063] audit: type=1804 audit(1617134857.799:2451): pid=12844 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1157/bus" dev="sda1" ino=14005 res=1 20:07:38 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x0, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:38 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/l2cap\x00') mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='9p\x00', 0x88000, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}, 0x2c, {[{@access_user='access=user'}, {@cache_mmap='cache=mmap'}, {@posixacl='posixacl'}, {@access_user='access=user'}, {@access_user='access=user'}, {@noextend='noextend'}, {@cache_none='cache=none'}, {@access_client='access=client'}, {@fscache='fscache'}, {@loose='loose'}], [{@smackfsdef={'smackfsdef', 0x3d, '#\')]'}}]}}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) ftruncate(r2, 0xc8) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r3, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000040)) dup2(r1, r3) execveat(r1, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)=[&(0x7f0000000140)='))\x00', &(0x7f0000000180)='%,\x00', &(0x7f00000001c0)='*\x00'], &(0x7f0000000280), 0x100) 20:07:38 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r0}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:38 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:38 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) 20:07:38 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) 20:07:38 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r0}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:38 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x1, 0x0) ioctl$INCFS_IOC_PERMIT_FILL(r1, 0x40046721, &(0x7f0000000100)={r0}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r2) [ 572.784738] FAT-fs (loop2): bogus number of reserved sectors [ 572.802212] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:38 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:38 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) [ 572.844835] audit: type=1804 audit(1617134858.329:2452): pid=12856 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1014/file1/bus" dev="sda1" ino=13923 res=1 20:07:38 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x24000108) dup2(r0, r1) dup(r0) 20:07:38 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r0}, 0x10) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 573.147852] audit: type=1804 audit(1617134858.639:2453): pid=12889 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1157/bus" dev="sda1" ino=14005 res=1 20:07:39 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:39 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:39 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) 20:07:39 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000002200)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000000040)=""/51, 0x33}], 0x2, 0x2, 0x7) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) flock(r1, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f00000001c0)={{r0}, 0x0, 0x15, @inherit={0x60, &(0x7f0000000140)={0x0, 0x3, 0x80, 0x2, {0x1, 0x553, 0xe9c, 0x3a2a, 0x9}, [0x9, 0x3, 0x9c2727d]}}, @name="eaee52d673c33d2c6d1dad2cb7b58741fda5f3a104953ee02e812ccd2f71f499faefc1f25741a3e02f8e12e1ad7e1cc5b08fb833e740c79cd034f09dd906c4488825a8c680e94e57b79c2a3629e16229fda2c79c8cc5b28272719b0bd40d407d37f5f1e6ec7ae5959e9cc5e3c7077a93a011ffda9ce604565c30869eb20fd16b946d443ab9ee206789b8c32a501da71e1e58bf6d37fa2681ed87b790bea20a4e56ac17829e0d77dc7e061c138832ecae2e659cbac0676418600e3c24331137f0b22096faf3cd6a56af5b3f20269808d2804213ee2e6d8564d8a0631c07133c7f4997d7c6f3ddb7a539c5203f30388e7b98aee88efdd6bd84ea03fc503cc7245cc3090a8c0efaffb3f3d90c46497e57b8149253675856de16a0038cf4b5ccb06910af5ed08b5aaf84e6360cd548dfe56bba4fd3fd4612b11cb22eb8ad8a2a11fbd49affcd63d5e96d11186e586724a5c5266e59f0fd527cb59e4265d2d892c70b7b85a736346a4559c35b762921b39f97b34f39c1ea0056c627ca320986c150596e414cb6b1218e9b814ba9606f2285f3a500e89a5cad6b9ea00c5d373f4d610781c003800534601db4bc1634752d84c781c8940f805e69a3cb89a5569357d520fdeae0e09c0c675ed4c2711ce009263fa2b2c1e766668ffa537bf19da8e0979c8fbef51aa6f72e54fa1cc65dc8e2494c3b4517be7bd5a34ce6a31170b61c6da68c472e9554f35593998c0868c22ee645dc7891d8ef9c01fe2406fe3345b037d4d73fb5f2a7017917e49097933dbe19f453d28a9d7b5ff21b88a70a7bc15b3c0d39ec9a37923b00c7d6bac9a37356920b09a60a4a8a63dcf45edd94373ab8e990b47944cdb33a7fe9d24b6f1c885fd4c5b06e26abcc734a74dbf029a69b164c9a87744290038de186543aabe088a28601e8277534f678be5ed072e88366346b0e194ec76984ab04223aca438618a1765faa495d9046b7b7d28e4fc8eb42b6abbcbd72af808a66f3073f916c6d5d0eeb7532fdc57dc7a163c48e5b60232cb174bbace6ed7ad586ce19b216a641bb4ffeb6f44e2b2d15cc791cdbb1ad8400d231a0f853c8b6ccf2b2225202b699a3a3ca9c0c2801effcb90cb6a2d5b03c7af91f9865727385a55af2b05a632624cb4e83b817ea2ee45f2d6552b747ad9ea67a3e628c2b987e7b33042ce1a8e73ab34fd7d4bc217a970e4fbfebcbd20a056a98b25515133219458a17d0ce6b23deb69171fe2207e19d2492511fec5f4024e938c8e4740f3fb2067cf830aae8c57285818107ea5a7288a3b4aa93b50de7360a9a9d5a9ce7f4d809e0e6d0773ecb50a80cf9927c733fc4bb0060a365a09d1b19e0adf2e4518091fa8c117a2e0579ea9ee24e5e0bf6349981e12c1bd1729bf22fae675ab77eb3769f553de50f38bbd046b1a51abb95814a2740246e260f4de68e1c578076f8cf316175e92ed9f2e622b2859ab2688c62481435967eabf8584af178c4c787ec099efb6417e17813f19145a139c14b2659d9eb3554452c4b01ce0462ea13760c05d4db8e815f6e7da57580efc679a7a4e914541e7febcff2199e5621f6641cebb7cf8b63e35877d43bcc3450dd8ecea6eb21b546893bd6cc9e698fee65483ed7f9899e9ea935af83f27ee3022d1cb6ffadba12f89781d8b46386cdc28fbbf3849205c3a37c804d7eb05a8c9ca6a600a7327f3be6d445ad0b760509919cae0cc140f2fe3ae933eed4bd267beda65e600bfd4c054500ec6a57ab1500eb7cd5d34d873827636881557c522494b6b050812cb3a9ef5db40d57f8bc2204b2bfbe6982ff06f62c635f3969966687057b01c9d38916e91848787da1dd28d95d415725170dedaf073cd60f1765b658dcedf6c44c69d1405f29a63cd9371d42ba5ce5a839a12e5fb94e075cd28dbc1e0318df62a2391aa155ab5d101c02a547b28fbecc6f5ab5070640d1ed858bbc4221bd028d1ddab488981a862e2810b6c553e94201412b917ba8f7e39ffdf069b712a67c336cbb59b603f0617d5c2198f82165ba474f7d28ee1724782abfef16d5a5964bdd6d1ca055838f475357841bf23ef2bbb933c0780952b6a2b0d1ea2c977a90beb5ed5e65844f59d6932ff9a75f44d21b6d9fbe03c8fd76aad52fca309682f2662f45d52aedd1f61d8e3cb25dbe32104c377504bc89d52d2b4b2248642efe443c32a846ba0656cfc800d685af4735f75f53496583a2fa93767df78b7c0a27bc4c4e59b18fcedb220d48aa0a9465c036a47577c308267d4438dff8a97ecfe7d5187b2983c96f84277516aab91cd876838fd831d39b8f8a838450f63eb42ae164f74b2fb86eea9d84ecc946d07d3506e844ef96bcd618a07a929a20ba5657fe1435695b1a16c6d0ed232fa0ccf5cca2261d89384197e838635fde22d2a288be9a0c5e3163d1466d02f46a435e4637cc09b236943da80438dc061b8f24b96cd0cdc061a55476be938e8d6f4e3b791bfcc2cf96af77fc032e85095985addcaa8c61891a1b5ad0fc607e4e5f38b698f2253de5eac14a99ce6952449c3f973ff965d811f36af540a25e1adb37c12852f6cbac50fd739b45f5f08abe9dbefd009ded94586a51966ac8a2e7fdce280c8c6787fc8f9ad591d8f2365d788a9bce9f4a1510b8d12821b366db8b9b319b1aae308fa63e9a7a307af5d2e461deac10412154774c636148bdb4d70201262e1f18126b398a0f591d6776267394042ffd295922fdad915967fc354146b76bd23efc10b4e4bc6f0a8a7acf15d74af6bc5deaf8e58288c0c352e2ed9396747be0c71954187d677cb9e66ad8873ff07af600a067f5cf96d01148c5411ebf0b2f2c45e90c5513cf028d36d01eb6762d8a5fb8f38cc279f53c52082e00f49003657b1ea5fd0f47a8d9984348e721d8a80e4e4f8c3d89701b5307629f1d5db1a69c215a8a7eeb209245b4e2fe925901caac21eebfcc8789623e5bd820954fc71dee96655c44700802f829555f673f4cbc2d9859a20e59ed2cd570007eaae954ebb53df98dd15b61482dd6e5aa889307d6be79ff49ac75cbd8e7e13537d1c59be538635c587619b4cb96c8e4eab7474e80f9b1aa2a40ceb888e3c0e8ec439934bc3f0ec462ea90c7722555628e7a797a26af15500de4e5cc60e6f3d3f9fef78aedf4afd836607b755aba935ee16d7018e66aba95f1fbb910c8973428d0085d7309374a7435a74f39bf2d8ce76166bbb1592be9829de8218b7c2a1da3fca00cd9a6ce56558595b2e0032e7deaf16663536e25371da764981ba5da3c6a89b6ea1543ec6c948658473ca7b090af67d8fa64cc35c0dac65b4bac82379a2ba19120e67019e79b0abc8f562011b658dc4e1b5820a39b720fe9a5f9231d53f951c0e68dacf5e3314cc74c3fd8ee1f0acfe8fd2df12b4c7cf2f2aa6d55b223168709a26e3e98e7ccf61459c6c94b82272a275b8438a33564fa460a711f1c2d33ad8c9f451ca9053e12b13d5e525d7599db22a011be580eae0f78fa48989b4608c86a0515acc1c9c3819d8b2466da176dc9cce359689a05f0fa8ad8c8d8bb025012b870723e158ad2a75d35431f21b49b9ef77cf177383473cd58a4fdcb1895891ca3ad721d2b69e69351ccdefa87b49773117757d0622c414d6a173aa0c68060d784fdd8ce4fed5172bfe1ff985fc0a74310f5da8f3aec0dfb7b28dd0db8f856f085970594f97baae71c6e1bae0f6d6a4a57084e71d0d1da27cc368592721ae458d0de1ebe9cc2416f1e304ed2bc609be172998e9cfa44706ed6386793df50bf272d99a3c91285d7fade133cb3099521a8e10a6d1b6087a6987d9dbb042524a2bc7aef7972ce0991a86a4f0c6948718c9becd95c73b503a84c6c9e6933c25ef443c4778cc6fb519b7f6bd943766e80f1905c71dcd425c11270f669640b48104e3e8f67c891ccf75d67133ea35fa1a0ec085a06f06bf0c0b4127615bd27e00aa0de382b393085fd975d5e1f1722207a2303951ed321327c77cb791e2dc5ed5bae966b9c654b7f3b62a1c9e072f4342462cd479ce44288e5df4d2bcfa997cc8791b0a084fe11daaf22b44bb5e70b9a9f5abdab37f1317e7b199208a7ea45cbb36a0a5631ae1dc8255670d9ad39b30f5c0b4bbc234d43f6ba69a5073ad6280f26ea52cb88dd7b098fcbc8b613df17248fb798229166d98aed4c32468b95744d3436b3c9c87b8603fb916328d3beccba7d00f1d7d20f1c0e41187b4e64732abc41c34c817a855157e6507099ab775852cc2edc40f168b71378448e2ad92ff6998508fa33cbaf74bbf2b727c9bc32b08e6f3a7699139f6bc630f2a471845ec08cd44e79a8a0239a712ed26550d4671b9d79e5c37f4aea913e340c0f58a6b8b26829438d08aaca95ebf6fd15569d8407dc5a247a79c40400507035ed7a92b82df785371a3dbadaf9cd5b8c3c836feecb4b6825882d92fb37464d7c7a584881ffa023bbfd6a1e541c9b650e6b5fe7a272f963277c82ae0111490973c188134dff3370338f4894f29d31482c288607d235e9b769fa47a6171867168a47f1932098107b803d2f27265f5434d468a0613aa5e2b77e8dbc18394b58de225e99ad6630e69fd6d0cff591acdf4fb037ab9d372f8a582335e610168096c75526a9003f57a812f45b76e4bb7a3ceb7323a1678c388bba2ee905a1e610fc628a35c585c157d4302bb46513866e7558d95cf37eeea63219703a520413d99d197a3e04b9072a7a91bdaa3b0b11e6e3dab377e99b1c27325aba9fffe47ff056fe66f47ebba9cd172a99b4e14256d1f7aed7482c1ef15acde38d92212e25cab9816e02514096cfd6ec465eb466c38134deabda9a706ba17ac426511c3d3f8798133087898cac90cda7f99218e7f9814cabab3da1fa088124953d7b2c2cd77a82109558f7309e9fbc7a680a7f46b8f1c78acbd6fdd89fba376a382c752058a4db6ec7dd108ba706584cc2d5be6a350271ae4ffb0bd360768df2ea93f41d39876648f5b87282c5465674abefbdc38b1f0f61900b3a881863e760aa16ecdcbd4668891dbaae37dbd96cc16ef7b28128ea0b8ec6b20883527cd5d4210387753094af8ed328c167a8abe8f666f1b5d8566abfed8a13ea7b115af6a86efe9ca3c2245e2769de511891b5ac3b54ed6aae593ae20e2530b1b16b373c52a032c881ae1c02e95249cd8ade7d2f1b5c363245c896f98ce6bed7b95c3348bbb0c6a89ef802b540ee03815222d3cbbd522ffce6d22b7d962887250e9489eaf22273571de849f1829925cf5a28ff065cb07a360726a4d60f4c18c7e6fcea07e203959d7a7dfe3f4304241f7ed83fdef368a24ac93df409e9d927c5b3fea1697fc84583c07c7f0be46fd70f59d394e6c1813328e6ba6acf92707cc045b8affec06ff295d5dbf33699a9819f5a2129de679eda3e133c127a3df1be1ce8ddbd90eb4f2a10eccc80c82eed5f606eb3391caba5f1f918210fe460c67fc5f89633040b2c4c02cc58ed311414331429d3ba6ceb03e4e2571eff0fd24b0b45dd511c70da255a8f51bf559d6d43eab572093f68680706464ef02375db4646c8bb3011969f56af3b451e66b073caeb78dee3d6c50566ebd1b984dbdc69b8d79f9d7a552d855c51137bd62929e38aa742cfdbacb483a604b5adeedff7c9cac543c0b4f5e394efd2a95cd2df2644129e595eb6d2d74e40b8fb60fcb2dcea1e9e948a205304054584df8a50d5"}) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0406618, &(0x7f00000011c0)={@id={0x2, 0x0, @d='~\xb8\n\xf3\xf2N\xf0\x86rjL\xea:\x15L\xe0'}}) sendmsg$nl_route_sched(r0, &(0x7f0000002380)={&(0x7f0000002240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000002340)={&(0x7f0000002280)=@newqdisc={0xac, 0x24, 0x2, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x9, 0x2}, {0xffe0, 0xa}, {0xfff2, 0xffe0}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x401}, @qdisc_kind_options=@q_pie={{0x8, 0x1, 'pie\x00'}, {0x24, 0x2, [@TCA_PIE_BYTEMODE={0x8}, @TCA_PIE_ECN={0x8, 0x6, 0x4}, @TCA_PIE_TARGET={0x8, 0x1, 0x1ff}, @TCA_PIE_ALPHA={0x8, 0x4, 0x15}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x5}}, @qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x44, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8, 0x3, 0x5}, @TCA_HHF_RESET_TIMEOUT={0x8, 0x4, 0x100}, @TCA_HHF_HH_FLOWS_LIMIT={0x8, 0x3, 0x1}, @TCA_HHF_HH_FLOWS_LIMIT={0x8, 0x3, 0x3}, @TCA_HHF_QUANTUM={0x8, 0x2, 0x7ff}, @TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0x7}, @TCA_HHF_RESET_TIMEOUT={0x8, 0x4, 0xff800000}, @TCA_HHF_EVICT_TIMEOUT={0x8, 0x6, 0x1}]}}]}, 0xac}, 0x1, 0x0, 0x0, 0x11}, 0x20000800) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYRESHEX=r0], 0x30}], 0x1, 0x0) dup2(r0, r2) 20:07:39 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f0000000080)) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:07:39 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r0}, 0x10) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:39 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:39 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x4, 0x2}]}, 0x34}}, 0x0) 20:07:39 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r0}, 0x10) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 573.664679] audit: type=1804 audit(1617134859.149:2454): pid=12908 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1158/bus" dev="sda1" ino=14530 res=1 20:07:39 executing program 3: mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self\x00', 0x800100, 0x0) preadv(r0, &(0x7f0000000040), 0x0, 0x5, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(0xffffffffffffffff, r1) [ 573.712852] FAT-fs (loop2): bogus number of reserved sectors [ 573.733573] FAT-fs (loop2): Can't find a valid FAT filesystem [ 573.757631] audit: type=1804 audit(1617134859.239:2455): pid=12916 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1015/file1/bus" dev="sda1" ino=13917 res=1 20:07:39 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}]}, 0x30}}, 0x0) 20:07:39 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:40 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:40 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:40 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) r2 = geteuid() lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r3, r4) stat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000004c40)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r5, @ANYRES32=r5, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB], 0x8c, 0x0) stat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000004c40)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r6, @ANYRES32=r6, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB], 0x8c, 0x0) fsetxattr$system_posix_acl(r1, &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000000180)={{}, {0x1, 0x2}, [{0x2, 0x6, r2}, {0x2, 0x6, r3}, {0x2, 0x6, 0xee01}], {0x4, 0x6}, [{0x8, 0x7, r5}, {0x8, 0x3}, {0x8, 0x2}, {0x8, 0x4}, {0x8, 0x3, r6}], {0x10, 0x1}, {0x20, 0x2}}, 0x64, 0x2) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r7 = socket$inet6(0xa, 0x3, 0x7) symlinkat(&(0x7f0000000040)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00') connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x8, @dev={0xfe, 0x80, [], 0x19}, 0x2558}, 0x1c) sendmmsg$alg(r7, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r7) 20:07:40 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) [ 574.483581] audit: type=1804 audit(1617134859.969:2456): pid=12940 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1158/bus" dev="sda1" ino=14530 res=1 [ 574.536860] FAT-fs (loop2): bogus number of reserved sectors [ 574.567696] FAT-fs (loop2): Can't find a valid FAT filesystem [ 574.584682] audit: type=1804 audit(1617134860.069:2457): pid=12951 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1016/file1/bus" dev="sda1" ino=13957 res=1 20:07:40 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 20:07:40 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:40 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmmsg$alg(r2, &(0x7f0000000880)=[{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000180)="37ea87ac4158d8d26735d6c105e54464ff2729146c91620af7ea3113e39ca48ba9e9afcba99c0b9c822f5f7d8117c5f69bdfd960d9626d1ff4292ebd206057d6bdd4609341543e32cd8f20c952c8cd0b4b945285567f7a5ae49f575bd07887b73c508db76ceb274e3c07b588bfbabd5a6deb17f9698c14d9ef062f5c821ad5a42217a53ba0a621854d04180ae93ea38a79d2fa0afa040e8f0ff50a54718cb96462c7e9d5e1d977b1cd766f5a77e135fb0ec9961ee2225435298acfae0a55366138516d2585d2b98911acf3e1cebd2386", 0xd0}, {&(0x7f00000000c0)="01414536d1ed7984b7ba9d0c3fddf9200e4459b71469", 0x16}, {&(0x7f00000003c0)="cf240fbbcccf62f27cf4fb66efc10d61815d6a14a8ca614c3cf0c8715452c9cb162310586879bbb7af0bf9edea6f48d460493f4a4c52269bbf77a5ac6edf9b17c404428db030e0c6c5cdc1d33f5e8aad424573990f778b", 0x57}], 0x3, &(0x7f0000000480), 0x0, 0x40}, {0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000004c0)="3948b3e0782bb3a990f544b4be6d4fb3f460e1c4c15982d3a5f0681fe7b11855811c49b987ced2caebb2dab7f9", 0x2d}, {&(0x7f0000000500)="b6e4fa57d6d50ff7be3a07f70de1065a6a20fa076dd006df4f64792cdf6561a017d00f9d28cb66ad93d220cb056c2da696c2ad0a303ea6ab167f818a9d279a69a51e767df0c1d22720d852c9f83db117f59b68be6671b6c59544624a637431909181e7ac70f4e8e7998310df8e699ea4144dfd77cd15588615ae2e9ebf31545e3e4306079535c2698ae713e7b19a", 0x8e}, {&(0x7f00000005c0)="01d888559afddb1342f40e82eb3644fa0629e6db30b811fc4c385a187fb44ad74696c84c6b41fcfa7e2e126ea4422b67a0a2636fa3c10713163d0cfdd4e7a964d4486eb62fcfba15dc0400a5bccec3b5e5890cb84b93e87f51fa2af9226c76dd08cd7227cc516d04b8d3a16a37bf02054dc5e6c42451012a6834f17cefe1996817be5cc5f5ca39267b5b674fe39edbbafd624e469f9d960019b742f9eab1f5f29c278e1782b00605eea29852bca97d344e2f99317e7aae609e3e3c47f79486819f880292cab1d9577d5b6d9e9c5fc9bd303c0ee0ecbfbbde9f2ea1eeedee048b9c7bebba0003ddf1edf59d98f2cc658ee92fd6ef7ee2", 0xf6}], 0x3, &(0x7f0000000700)=[@iv={0xe8, 0x117, 0x2, 0xd4, "ba3f1ef55d25285bca5f4d3839f2691e12d3991a1c86aa42dfabaacff411b1310868035bfb486e1dad1d3195b307d666575dad6ae68af07f60d586e3524e52222a70128d5a1c965ed692831575989a77117cb10ab011383628842283e1f22810fe25487f6d949405a536023153b24369436ebe9c78c84418d33a31081c7cd7e4f8e8efe3cb1392a79863af8cd7ab796415ff5824a127ea1dba8f099fd67b47fe2811d7236eddda7af9482d8b45ce75af499ea555d360e8e79a5655f60ab44eae6b112a9a7d07b767044966603b55378101864a6b"}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x3}, @assoc={0x18, 0x117, 0x4, 0x101}, @assoc={0x18, 0x117, 0x4, 0x5368}, @assoc={0x18, 0x117, 0x4, 0x8}], 0x160, 0x20}], 0x2, 0xa7aee8352196ffcd) syz_mount_image$fuse(&(0x7f0000000040)='fuse\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2, &(0x7f0000000280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0xfff}}], [{@appraise_type='appraise_type=imasig'}, {@seclabel='seclabel'}, {@subj_role={'subj_role', 0x3d, '*]'}}, {@smackfsdef={'smackfsdef', 0x3d, '%:'}}, {@uid_gt={'uid>', 0xffffffffffffffff}}, {@obj_type={'obj_type'}}]}}) syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x400000, 0x0) dup2(r3, r4) 20:07:40 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:40 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f000079c000/0x13000)=nil, 0x13000, 0x2000001, 0x50, r1, 0x17833000) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000080)=[@timestamp, @window={0x3, 0xcbdb, 0x3}, @timestamp, @timestamp, @mss={0x2, 0xffff}, @mss={0x2, 0x1}, @timestamp], 0x7) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:07:40 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 20:07:40 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:40 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:40 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:40 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:07:40 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r3, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) r4 = socket(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@gettclass={0x24, 0x2a, 0x10, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x4, 0x9}, {0xd, 0xb}, {0x3, 0x10}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x8010) dup2(r3, r0) 20:07:40 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:40 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:40 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:40 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 575.431613] FAT-fs (loop2): bogus number of reserved sectors [ 575.458115] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:41 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:41 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:41 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 575.614843] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:07:41 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) ppoll(&(0x7f0000000040)=[{r1, 0x2000}], 0x1, &(0x7f0000000100)={0x0, 0x3938700}, &(0x7f0000000140)={[0x8001]}, 0x8) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f0000000180)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00)\x00'/18], 0x30}], 0x1, 0x0) dup2(r0, r1) 20:07:41 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:41 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) [ 576.264961] FAT-fs (loop2): bogus number of reserved sectors [ 576.270915] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:41 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:41 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:41 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:41 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/200, 0xc8}, {&(0x7f0000000280)=""/182, 0xb6}], 0x2, 0x7fff, 0xb01) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b000000000000000000000000030000000023b500000000000000000000000000feffffff0000000000000000000000000012c31aa8b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4ac99e8d000000006c6f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000d000000000000000000"]}, 0x1a8) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @dev={[], 0x1c}, 'bridge0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f000000d180), 0x4000000000000eb, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x65) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r3, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="3000e6178917fe4439f5000000e308"], 0x30}], 0x1, 0x0) dup2(r0, r3) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000600)='/dev/ptmx\x00', 0x402, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) 20:07:41 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:41 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:41 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) r2 = socket$packet(0x11, 0x2, 0x300) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$BLKFRASET(r3, 0x1264, &(0x7f0000000080)=0x50) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r2, 0x0) fallocate(r2, 0x1, 0x3ff, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x33) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000001400)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000001480)}], 0x1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000100)=""/4081, 0xff1}, {&(0x7f0000001100)=""/218, 0xda}, {&(0x7f0000001200)=""/25, 0x19}, {&(0x7f0000001480)=""/135, 0x87}, {&(0x7f0000001240)=""/93, 0x5d}], 0x5, 0xffffffe1, 0x8001) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r4, 0x0, 0x8400fffffffa) 20:07:41 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:41 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0 \x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r1) 20:07:42 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:42 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:42 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:42 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="300000000000004e457d59bfb9bcf27047d1d8ff6191fcc24fffc481075f22af27eddd57f542b0de4ff857640eba4fb084f1a069d787e634eac6864c296c630a5c288e92dd6320a3da8640db62488dc63140dd53a08b36b74b9a98677b61e8b06b387e2235ed975b32f46f352d6371a8e236e83d8f4a993d028efb9f7e781cd3e6d37e93904bac193e4537b4e5e5a34f30fafdcc68c95739ccc70c64f2ff2e288b04b94cce044a9855e5247744a8aecf3f2db724984c4eed742c2b2cdaf71bc8256b9d695d9950fb5c835aeab4925c9b9a435f7b221e847ba581ecc66ebf357fe174969bb727a6ec42766fc34b279c1f88a42e5ddcc6dabecdcc33b48002"], 0x30}], 0x1, 0x0) dup2(r0, r1) 20:07:42 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:42 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:42 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:42 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:42 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 577.183539] FAT-fs (loop2): bogus number of reserved sectors [ 577.197071] FAT-fs (loop2): Can't find a valid FAT filesystem [ 577.270643] kauditd_printk_skb: 9 callbacks suppressed [ 577.270652] audit: type=1804 audit(1617134862.760:2467): pid=13101 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1019/file1/bus" dev="sda1" ino=13963 res=1 [ 577.357534] audit: type=1804 audit(1617134862.800:2468): pid=13113 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1161/bus" dev="sda1" ino=13928 res=1 20:07:43 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180), 0x4) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) splice(r3, &(0x7f00000001c0)=0x8, r4, &(0x7f0000000200)=0x9, 0x1ff, 0x5) sendfile(r0, r2, 0x0, 0x8400fffffffa) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@gettfilter={0x2c, 0x2e, 0x800, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0x9, 0x6}, {0xfffa, 0xffe0}}, [{0x8, 0xb, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x4040080) 20:07:43 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000100)={0x800, 0x20, 0x8, {0x5, 0x7}, 0x7, 0x2}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ftruncate(r1, 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r1, r2) 20:07:43 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:43 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:43 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 577.501111] audit: type=1804 audit(1617134862.990:2469): pid=13118 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1161/bus" dev="sda1" ino=13928 res=1 20:07:43 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:43 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:43 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r0, 0xc008551b, &(0x7f0000000040)={0x0, 0x18, [0x9, 0x80000001, 0x3ff, 0x1, 0x0, 0x6]}) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r1) [ 577.621943] audit: type=1804 audit(1617134863.110:2470): pid=13134 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1162/bus" dev="sda1" ino=14560 res=1 20:07:43 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:43 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) socket$inet6(0xa, 0x3, 0x59b) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r1) r2 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r2, 0xf501, 0x0) 20:07:43 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:43 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 578.054695] FAT-fs (loop2): bogus number of reserved sectors [ 578.072419] FAT-fs (loop2): Can't find a valid FAT filesystem [ 578.135392] audit: type=1804 audit(1617134863.620:2471): pid=13169 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1020/file1/bus" dev="sda1" ino=13923 res=1 20:07:43 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:43 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:43 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x80) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/166, 0xa6}, {&(0x7f0000000480)=""/130, 0x82}, {&(0x7f00000001c0)=""/96, 0x60}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000600)=""/166, 0xa6}], 0x5, 0x7, 0x2) preadv(r0, &(0x7f0000002bc0)=[{&(0x7f0000000740)=""/71, 0x47}, {&(0x7f00000007c0)=""/235, 0xeb}, {&(0x7f00000008c0)}, {&(0x7f0000000900)=""/4096, 0x1000}, {&(0x7f0000001900)=""/213, 0xd5}, {&(0x7f0000001a00)=""/33, 0x21}, {&(0x7f0000001a40)=""/247, 0xf7}, {&(0x7f0000001b40)=""/4096, 0x1000}, {&(0x7f0000002b40)=""/68, 0x44}], 0x9, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) mmap(&(0x7f00004dc000/0x1000)=nil, 0x1000, 0x7d21fb6552fa2138, 0x10, r1, 0x9d1b6000) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r1) preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000380)=""/253, 0xfd}, {&(0x7f0000000280)=""/206, 0xce}], 0x2, 0x9, 0x3) 20:07:43 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 578.424435] audit: type=1804 audit(1617134863.910:2472): pid=13140 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1162/bus" dev="sda1" ino=14560 res=1 20:07:43 executing program 0: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x1, 0x20801) ftruncate(r2, 0x800000801) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) [ 578.482388] overlayfs: failed to resolve './file1': -2 20:07:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f0000000200)=@req={0x2, 0xffff, 0x2, 0x20}, 0xfffffffffffffedc) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) open_by_handle_at(r1, &(0x7f0000000100)={0xc3, 0x7, "1400fd0bff25bb47af96128ee69963aeb34762e988674a3e21fb5bbaf195183d8c2d16a2bf21f9c3727557b8cc3bb8b1caea3ec28f3b29f6b1d34bb8679682f19f624403a7f18b45020a79393bcb05c3aace7a9c226450b5d70c5ad0fc06c385461c85088b2d2832dd21b80624fa178574a3c3c63d731d87671b2e5d0e7e1a16d73ffe5ba6070e492859a294fee6086d236c2869202b424e06e7cf8761aac7a3a7cfa5e885e8f6a424f16e5ef8a9346e068540bfe69433e6302408"}, 0x161080) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[], 0x30}], 0x1, 0x0) dup2(r0, r2) 20:07:44 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r2, 0xc0096616, &(0x7f0000000080)={0x4, [0x0, 0x0, 0x0, 0x0]}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r4, 0x0) sendfile(r4, r3, &(0x7f0000000100)=0x5, 0x957) [ 578.510924] audit: type=1804 audit(1617134864.000:2473): pid=13185 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1163/bus" dev="sda1" ino=14112 res=1 [ 578.519764] overlayfs: failed to resolve './file1': -2 20:07:44 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 578.645686] overlayfs: failed to resolve './file1': -2 [ 578.689326] audit: type=1804 audit(1617134864.030:2474): pid=13189 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1163/bus" dev="sda1" ino=14112 res=1 [ 578.719295] audit: type=1804 audit(1617134864.120:2475): pid=13196 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1164/bus" dev="sda1" ino=13957 res=1 20:07:44 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:44 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0xf, 0x401, 0xbb23, 0x101, 0x440, r0, 0x10000000, [], 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x3}, 0x40) syncfs(r1) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="300000000100008b8c31beccdd0e3370e621f91a340890a45802d98a8b052a73a330cf1b6f5aaff867216cb6e769d3f25f9db8c2f09c6405cf4da285383a1070765214a9cc639a9ab8470a80f4497faf42f3d119f33b6ce424cfdebd42b195"], 0x30}], 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x80100, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$BTRFS_IOC_INO_PATHS(r3, 0xc0389423, &(0x7f0000000100)={0x3, 0x28, [0x9, 0x4, 0xffffffffffffffe1, 0x4], &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x44) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$KDGKBTYPE(r4, 0x4b33, &(0x7f0000000040)) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0xae, 0x0, 0x0, 0x41c1, 0x18202, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2) r5 = openat(r4, &(0x7f0000000380)='./file0\x00', 0x880, 0x82) ioctl$TIOCL_PASTESEL(r5, 0x541c, 0x0) 20:07:44 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:44 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:44 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x0, 0xd9f, 0x5) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) dup2(r0, r1) preadv(r1, &(0x7f0000000680)=[{&(0x7f0000000100)=""/156, 0x9c}, {&(0x7f0000000040)=""/57, 0x39}, {&(0x7f00000001c0)=""/84, 0x54}, {&(0x7f0000000280)=""/225, 0xe1}, {&(0x7f0000000380)=""/103, 0x67}, {&(0x7f0000000400)=""/1, 0x1}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f00000004c0)=""/223, 0xdf}, {&(0x7f00000005c0)=""/151, 0x97}], 0x9, 0x6, 0x3) [ 578.921602] overlayfs: failed to resolve './file1': -2 20:07:44 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 578.943487] overlayfs: failed to resolve './file1': -2 [ 578.952107] FAT-fs (loop2): bogus number of reserved sectors [ 578.961358] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:44 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:44 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 579.022183] audit: type=1804 audit(1617134864.510:2476): pid=13218 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1021/file1/bus" dev="sda1" ino=14024 res=1 [ 579.060688] overlayfs: failed to resolve './file1': -2 20:07:44 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x200080, 0x0) ftruncate(r2, 0x1) lseek(r0, 0x0, 0x0) mmap$binder(&(0x7f00006af000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x3ff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:07:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000100)={'mangle\x00'}, &(0x7f0000000040)=0x54) dup2(r0, r1) 20:07:44 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:44 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:44 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:45 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:45 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:45 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:45 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(r0, &(0x7f00000000c0)='./bus/file0\x00', 0x21e583, 0x86) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) r3 = socket$bt_hidp(0x1f, 0x3, 0x6) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$EXT4_IOC_MIGRATE(r5, 0x6609) r6 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r4, r6) fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000080)='./bus/file0\x00', &(0x7f0000000100)='9p\x00', 0x3900000, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',vfdno=', @ANYRESHEX=r3, @ANYBLOB=',loose,access=', @ANYRESDEC=r4, @ANYBLOB=',dfltuid=', @ANYRESHEX=r7, @ANYBLOB=',seclabel,fowner>', @ANYRESDEC=0xee01, @ANYBLOB=',smackfshat=/^\\,\x00']) openat$mice(0xffffffffffffff9c, &(0x7f0000000280)='/dev/input/mice\x00', 0x20000) 20:07:45 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:45 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:45 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00'], 0x30}], 0x1, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r2, 0x0) preadv(r2, &(0x7f0000000480)=[{&(0x7f0000000100)=""/164, 0xa4}, {&(0x7f0000000280)=""/195, 0xc3}, {&(0x7f0000000380)=""/211, 0xd3}, {&(0x7f0000000040)=""/60, 0x3c}, {&(0x7f00000001c0)=""/33, 0x21}], 0x5, 0x7fffffff, 0xfff) dup2(r0, r1) 20:07:45 executing program 4: mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:45 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:45 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:45 executing program 4: mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:45 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 579.814840] FAT-fs (loop2): bogus number of reserved sectors [ 579.843936] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:45 executing program 1: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:46 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:46 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:46 executing program 4: mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:46 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000340)=[{&(0x7f0000000140)=""/200, 0xc8}, {&(0x7f0000000280)=""/182, 0xb6}], 0x2, 0x7fff, 0xb01) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b000000000000000000000000030000000023b500000000000000000000000000feffffff0000000000000000000000000012c31aa8b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4ac99e8d000000006c6f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000d000000000000000000"]}, 0x1a8) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @dev={[], 0x1c}, 'bridge0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f000000d180), 0x4000000000000eb, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x65) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r3, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="3000e6178917fe4439f5000000e308"], 0x30}], 0x1, 0x0) dup2(r0, r3) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000600)='/dev/ptmx\x00', 0x402, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) 20:07:46 executing program 1: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:46 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) fcntl$setstatus(r1, 0x4, 0x6100) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000080)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 20:07:46 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:46 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 580.683728] overlayfs: failed to resolve './file1': -2 [ 580.700524] FAT-fs (loop2): bogus number of reserved sectors [ 580.722363] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:46 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:46 executing program 1: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 580.761377] overlayfs: failed to resolve './file1': -2 20:07:46 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 580.813816] overlayfs: failed to resolve './file1': -2 20:07:46 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 580.873427] overlayfs: failed to resolve './file1': -2 20:07:47 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:47 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 1: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r0}, 0x10) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 581.581851] FAT-fs (loop2): bogus number of reserved sectors [ 581.582134] overlayfs: failed to resolve './file1': -2 [ 581.597082] FAT-fs (loop2): Can't find a valid FAT filesystem [ 581.605723] overlayfs: failed to resolve './file1': -2 20:07:47 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-monitor\x00', 0x103002, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000180)={'ip_vti0\x00', &(0x7f0000000140)={'gre0\x00', 0x0, 0x1, 0x8000, 0x7, 0x3, {{0x6, 0x4, 0x1, 0x9, 0x18, 0x68, 0x0, 0x2, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x10}, @rand_addr=0x64010100, {[@end]}}}}}) fallocate(r2, 0x0, 0x8, 0x401) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r4, 0x0, 0x8400fffffffa) 20:07:47 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 1: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 1: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:47 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:47 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 582.465266] FAT-fs (loop2): bogus number of reserved sectors [ 582.503630] FAT-fs (loop2): Can't find a valid FAT filesystem [ 582.555709] kauditd_printk_skb: 14 callbacks suppressed [ 582.555719] audit: type=1804 audit(1617134868.040:2491): pid=13423 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1025/file1/bus" dev="sda1" ino=13936 res=1 [ 582.699244] audit: type=1804 audit(1617134868.190:2492): pid=13430 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1168/bus" dev="sda1" ino=14570 res=1 [ 582.723783] audit: type=1804 audit(1617134868.210:2493): pid=13431 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1168/bus" dev="sda1" ino=14570 res=1 20:07:48 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x20000000000004) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:07:48 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a02", 0x11}], 0x0, &(0x7f00000004c0)=ANY=[]) sendfile(r0, r2, 0x0, 0x8400fffffffa) [ 582.925080] audit: type=1804 audit(1617134868.410:2494): pid=13449 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1170/bus" dev="sda1" ino=14578 res=1 [ 582.967917] FAT-fs (loop0): Unrecognized mount option "8" or missing value 20:07:48 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:48 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 5: mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 583.325688] overlayfs: failed to resolve './file1': -2 20:07:48 executing program 5: mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:48 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 583.349425] FAT-fs (loop2): bogus number of reserved sectors [ 583.412311] FAT-fs (loop2): Can't find a valid FAT filesystem [ 583.428106] overlayfs: failed to resolve './file1': -2 20:07:48 executing program 5: mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:49 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 583.444413] audit: type=1804 audit(1617134868.930:2495): pid=13484 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1026/file1/bus" dev="sda1" ino=14046 res=1 [ 583.732340] audit: type=1804 audit(1617134869.220:2496): pid=13509 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1170/bus" dev="sda1" ino=14578 res=1 [ 583.757409] FAT-fs (loop0): Unrecognized mount option "8" or missing value [ 583.760181] audit: type=1804 audit(1617134869.240:2497): pid=13510 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1170/bus" dev="sda1" ino=14578 res=1 20:07:49 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x108080, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) [ 583.840610] audit: type=1804 audit(1617134869.330:2498): pid=13517 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1171/bus" dev="sda1" ino=13979 res=1 20:07:49 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:49 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:49 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:49 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:49 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:49 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:49 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 584.189157] overlayfs: failed to resolve './file1': -2 [ 584.203595] overlayfs: failed to resolve './file1': -2 [ 584.213198] FAT-fs (loop2): bogus number of reserved sectors [ 584.227578] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:49 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:49 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:49 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:49 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 584.314274] audit: type=1804 audit(1617134869.800:2499): pid=13526 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1027/file1/bus" dev="sda1" ino=14121 res=1 [ 584.337457] overlayfs: failed to resolve './file1': -2 20:07:50 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x80010, r1, 0xffffe000) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f00000000c0)='./bus\x00', 0xe85, 0x5, &(0x7f0000001340)=[{&(0x7f0000000100)="6506c08aa2367a629c207136e6a093d04edf829cc926eb", 0x17, 0x2}, {&(0x7f0000000140)="612df263c862ef634ae00f7f4d6179e52dca971ef27aef91fc285c657883e64a94985619f319389dd1af672961a69a53e5cfc3353b6ee1a9c1edfea287f8b9cbae3106a1fafb2391e2eb0b672feda4a191eac92d6511787c26a41eb894e7dd35b91746469df92919c51a140f73b6be5f1548b57c33f4dcbb8178e3f3098dfc029e709387a8d00c74a12b07976347c671f7ff29204cf243e3421b01fa2c21d3e175ce031c2c", 0xa5}, {&(0x7f0000000200)="f238931a7cfd6f9918689d", 0xb, 0x200000000000}, {&(0x7f0000000240)="394435b79b06190e248c727a3e3c59d12ac9f9d9a86b3509c1a9f76a621c13afe1536474a1094549b59107a331283d0bf641f90f2b7b346ee93cf923487abbe50d5ef569d86e2cc69b7c9cd9e68cfb53bb57dc5d7dcbd14bb658a5bb01037f63a97ad5ddb4edb6a4a703f1a9bc941abbed80253f792669f32f30f95f95f637a497e451bf2eb1a5a70162ce6ded37abddf00eb9e0a49a11a16121b4a0788a695288e7ccd32acd7990d6900081647c6c116fde931e7b452ccc8bd334af5a027f835db931a02297b98684afcc769e4d20d35fe31c92cb8c768e75a969f1ba7f5878d3d2c25439c05ecf7a9de4dd5ff77c5df1cef65167e09376bd2283cae7beb447f13defb2088d383eac00fde9e815e399818045a017fbe3f23cca204685504ddf90d680fbab17855916c3abdc2dc4cbb09877b05dc99b8b7b03ef80208753951e8d3337de63274f131253f92a746eed8a69a575390c2ef3a75f4ce18e7a258ae4f0f79263ca416e62b8689e105951aa905824fed379a32cd90f43df3d0b09a26fd25286e6c91c5ce356cb506a957b97ca74e5c4d45bf8d7901fa5db59b8f0dc0d0be371814393fe5c8270a10102f26f971c1f05be4d195f75b932f679044bc601aac6f78737b4e3fe7cf2fd9556f455645221ee6c0e04407a748251536e5719ce046684178eef1d5879811198de5e20ea639d002766b13c8473995678c43d2c36743814934a90fa5991d231f681a61ec990a6ba23a6e548bab790f30776e51882091407ee70246f851e4362838d4bc245dfbaf6ccedeffac87418bed8fe01a5407e9c93dd33cbf48fbc4cfa73581b6e121cfccd4f4700eacb02561b6517697b26ce9e5c1140263c1734d2c720cad3f7b4adead13bcf004a300bafd3002c6c008ce4bc999fddbfede16a16e61066481498b1cc62b262fd8a461f4fef99e45161a529694f9c4288bf720cbc7ec1e5b3449864e841ef4c15dfb4b4272ba20581551812f2fdb9ab04be0779aadcb30d1f07b482d00570ada1a7122e7552928c8d99ed49a4e01d1db3ab41dd43f03f8b1a350addbd4729b19f907e7a2e228a2348b1a9d12f702af5df421215741abbf5314f9c14085690d9765c852dc5818cf801297c82c146dcba606ccc698307915597b8776626a7d27ae6b2e52e87351d03e6c49517a10f2f8c4bbe756659f51dcf7b5f970f75edfabdc742b1b14017e2310c635f4f0cafd6dd7f3f97cb003f037bfb02fca6143e730c241879e254184d7117b3878b2ee57c52545a60f4b78c01c5f81d9903941a633b683af0d1eb366d64fb67a2cce8abc5dab1119c9a197a6307d2dccb4a9ea35bca36301ebfee4af8e76f98348ff74c0c30bb77981d523784f4b012ae3d10c5765dd8ddcd4a59e8e7bcb08ed90609b6ce8d0a85fdde7fe0e70e23570dd30d783c15f444cbe7b89ca82f682741ee4f3f8bbdaffc12ef1c30247c92dfcec8d7eebe445455fb450bed1f06bb33f9620b8f8e45bc75d8782a5bd7814e657c9e712d55e0fadbe04fbbd676e96f66bcdeeb3d35c1983f2c674020137c23d0273217c975e1c9d0320ebcd1ba5bfcb1d3cf2408388ab720d384e336988850d6f306093055bb253af627bf07b6e9937e0c11ad02af987ca937bd45d8a598335c924282fad36b4d1dcf79b28f8a026b399c3596714d2f2ff7f73ccb5e8f89d20d849f9a38f2c6c47d13f3b57e91cd83f8aa69a6afe481064e64f0870f14ccde24461f60321b0c7aeb8248f15364f1f43cf66bd7b0a3364aba48e430694e30d14940a669bc19cc1750a44dce18c53970c9807623aabbc4d5675188657a825c73008c2a2f3e8ba09d64b1391bbf35a6d1abf1c0c6909ac2025bcfa621befb3e0d6fb5c9677c3d30eccfa44dcabde8651a3caf207e8f4b088c3cb9233ffa62901f79437a2514eed55217ba5a89ca435c2dcda157a341be5523dce5a62878c6ecaa98c6dc26b4e2aee73d4e99066f2f9ab2cd59b44de6eab628f2a3792f515d4ea10be432b9807d964b62d8bef262db8b5dc8733451b2861f2ac283286ed05e056102481123902f1571e1a93753ae909bec325c914e701572055c481333b9fa8dd07f9fbfa71abc089a7f31b909d4802c7f66af7405dd857066dbe039d4f2195c0f8e3f8b853aeb0c703a8b341b9ece4a98731628512e96caddb4eabec7312097153b131f1a7f74f1f5f3273fd25e62f1f4a89084773b6f471735810371a0b3e5b87fe802863dee72a0d0a5288e097aaccde776be80360947b5eaae242eb2cc0cbc270fbc99bba53f4d582372c0e829cab8616792b9b0d19ed26406d68aad46d63bfc957846618513aa1f21f094487e821fa3fbd26bb5f99e24c0b578f5def17eff2e6bcbe2a2c7e59208425e50a53bccb45ee9cf70ef4215d577c918df06deff5c85fb8bfec69350ef5cd040fa292b5bb735d16c1a5b1be73645658d6eec37e172df3966c1a42c3bacfb84081beaa28d0bdd914dc257b239b1d23d7691ae6db38911a8316ed849d28e365493c95ff58495abc4d6fdd3691b0468775792aa27a0571c12b06044f45b47f1a8a03c59ffa390bfa4b9cffe017b405ae4ae4ee72a40163ac7f0b69248e9329a7d7257d591a722aeeabfb32973392de9b4d692dd394bf50d8edf7b990221985a377c3cf3eb3cd53d9e336754807aa79ee089ed42449dcb458b97d045516e02839e2195c05418812dbc5c09e024886e7ac543af90878cf2d56d634ea8e5e66dc80d8035dd430bbaae4fea5a2dab53224b2c8158b3365a46f7d90fe35ec5952d8fd153e222620bccfddc9fccbd1bb72cd403f9b8c115d6f47d11f821fc0a022484de6cfd9e86e9aecb94864cab5a542d5075b35978384498f0104bcd3fedfe9b8a902fd86d3aca7cfd46f9e3f5f77394115ec36427645786ddbde7672ce8dbfcaea0ca05224514d3b4ad602175b7fab79004db5936e6cf232f7f4cd48b069bfb7113ed83cf13aaa7c5afccce3c03afc513d452657031a036623970fa9e35e473b81dcf756027d1bf0c36e00e1164e0d68318feae5d8a0078e85cb8b2db46756dcfddb2e74f3438455bc902d3408c69a483870fc148a50c9769304299f853c55814a2544c293c54746994ee9958f09ad01bec3c3201e90033ca6be8a5ff6df8ac45beed6a827deebbad8992c0b5fd97f933665c0029f89e086276230052d0c6d64dc5974137433579ef4f7dad1a9a2ec2dafcd44aee1c8618199676291391ed5d70afc6589445eca282bf803a1055c27565a26f35b76c964f788844c07745e6d0645258ec90831c8d584ad74283141e20623b0fb63d03b8f30c1a6e044db064f63b9920c5fbc4f2acb57c41a486c4b86e38e7a59bf0829dbb4ff71da4170e92e51aa69eb15bf5c64cfa38364364b93a4cea10af799d017feed1bc9625026cacd17e235458ad011ac01da22cb6b35786cf527d2c9a128f4a730c4c80951b29bf0421f6dee553f0c7bb8229e36c0d3180ae0ceb34328575326202480f889c7a89f40798292f1d3ebe3dd1fdd33c257914968cceab30ae1f483447455ad81124ff1a9855fc1c554179cbc4be800425da3f409c907427c8c4360ae7529e26920108f7d05b32b18df9d7356704f1a4d467b3398af108798eef8be37b91a3dfffa5825247b8859297c239942c175501dc2e71bad35d0b1a026677999f506bd44c8639a2ffce38ad3d27b2838792671a5fa1deb46ceef399fd3f5ce2bc004a8191846042fe68c012d6baff9a0249db129b8aa3a344dd0bc516b27ca40ae1a0632c3fb6e8edb515d2bfb1d4339b32de0cdcfd243dd65a7c8b3e7d244a3f6a76b7bd4f53f7e23f00fcaebc361022d81abc99caefd2d9735c4f16f42629f5f32382a2f1a539ccdb60955957343e98e35620ed7c510d0c064686ba1eb7a79a8aafae839be6e3743fb6fa64e764a4fd4a189a647bc883a1a81745c261d9e3fc07587858eb3253e3f1dd9d631d389f9ed6ecf7172cd124e30d8d349b8e2ca1a050a9f011cc13f8f7775b8af77dab396d0e5258dc969fb6b9a3b9af8a35cb9b0a5018a7d1a205bf806a9f435e37df66e91cfd866f7b49139fd31926cac33fcb1afebb7bab4cff4e64324688dee9e2dfa23d3a5ad654fac5e56e9d777f6c0a772346095258825a07f69cca9b48323fd4eee22423774a5f1823fc6c53d677a4e04e0a372bbc41f35fd6f61f7850312ad9c6810efd7c75bd8bdf88dbf17e4b788608407d31cb2bb009797724b745dd4021622b36873bdc3e8f497c55fe96d94506fb2e08598d994ed030615ef487d5ded449c6416206096a3861a1d9c98aaf5b71f07de033c4237fea7a808d6b35891c5c0ce07465a9d9993e3f17236313957f3be8ad5e8972a021d9bd0d3cab725acbfe9e738ccf692663a0c7a2a80aaa3fb1f37ec7e6647ddcb1380cb5c00ef004018f5a8b543e8110e3a150f49167079441c7b98843908778721a6fd184a720a1f8a7d00ba290e35f8589406cacd57769cd5d70451c390059a7417d6b01353ab800378f7848e581c93d2d6501b7cc01c0cbde255ab671a9b0ed5ee75ba9a97a88fb2c73b62496cd9bf55f4ec9901db7ad14e7d91002a082dcb8bcf39f9ab1ac7ee57acfe35319bc6ecff4e7843d3a69c1824b03028f62c7f2c42b455f4e14af6b0ce138d93be456b1d7242aaded9d72ac1f1d3ec07efeb259014d78629d8886c1c07e490b3a7afeb4f6585dd6d0a45f5cb3114f306216574e12661a9fad7dba47d4181f3ece4b05c3ae2edf0393f7c9290265894e22106b500ad7e07e9c0cf10fe4ae3d96624adf455f52e023fa826fc9e8fe97b303ac29b464c7922d92f5854034e09da57f5abc599c5627fc0520354c4399f779fcb45df7587c019cf7a35222a23a6bc39ef9d09f0f60e5361a8b6b05540b87a71f19888689bd9804451504e126b5fb22e025edf2c48c310082746cb954162b2f32d0e3ccea5a9294516e079a8cb624146bd9f47ca29d2a9116191eb6f509c1d935ab9b1775c691b11f866da995702d272607ad260ae727b1b2258c544c5beb7005f8254a11ad1b4a253dce9c85e69f4dbdfa736fe5e0d553531cd3fe47c8bec63c05a6aebd70d0828d1582a07e153d85b89ef395de5ce2709e4356004ecf4727985ce55493de8f3ef81bcda7fe4b2ccab12919d6896b79ba4826bc4d80d42c1eca276e5f2fd9d26e8f300c8c25f4de0b19ad85c3f3a3deb690a58b057c1c8efc2ef1fbde32596364a8787a004be10d844965dac097201fa9a7a1e30316200252271cd581d71b16a5440b906c95ae96dbe5a12a6c27d9b12a6c4ca946a8e03d3eb2689e5f0d345db6a8a21564612422cec0152f69562bc63e6ac9d8d4f7fdfc414e6b329cbe20092bc651d21eed848109beb775d845dbc8487e20463988bacbe399cfb79a85f243d15a2cae8781bf111006d2931ba95f77ab68ddeae3835ff7a1ed40d72c2bd9807005009ab97917ab11dff97375a2a5f50dbdf7d604eb8118cde87f90b7c124bb31844daf63e187a8820cef0ebc79be8c7ddb6ac7ecc53c0caac863831b2301ce1642cee87ccbcadf6698c8db65b88dafa313ee8dbf9e7525402270fc98290d438c334bed5f1d9b5b5d4834b4a90c125df75b72a17c66d4303094b4b6e598789ebbb699b1c8b253b7649d066134d4b83f1128b4d5786b2c619a870f558f33ba06441ff28dde264685bc986fc13ab6343063d6ddef58fd589e1e821d0c88e657c8bde2bcec7a0e63c09b3a1e0b42fda45623b73156262a752ca023463dfe96dde00d5d83016cee83ddac", 0x1000, 0x4}, {&(0x7f0000001240)="c545c6e6039dacef43e1ea9f7e763bf4c91a6f777699a874627be2bc7aca566b968a23b68fc23bf0e1bd7b10e93c345614932aa16c7518a93ed495a69b9fe9d56e5611a2fbbecdf7ad7a3239206a9409b2bbaa064dd3648acaa53cd268fbf955223215cd2f4489911c6b3e7798d688103db8958f0bd5dcfadede1506dbf40b7de1cf894b3c2e64c3f3b92d8948879c505512281a9fc8929fe159ae8b40511132e7e272e6329cdf72828b0b65910ea727ce423441fb6d49387a480dd24833127097e9aaf709fab442b4ae934ef3941998d9db51de3b3a0adde8845ddea4a805016f5fc6c0029b10b5e7b70fa0e35e134a9b2f", 0xf2, 0x7}], 0x2002000, &(0x7f00000013c0)={[{@space_cache='space_cache'}, {@ssd='ssd'}], [{@fsname={'fsname', 0x3d, '-\\}{'}}, {@dont_hash='dont_hash'}, {@hash='hash'}, {@smackfstransmute={'smackfstransmute', 0x3d, '{.]+\xad.'}}, {@permit_directio='permit_directio'}, {@dont_appraise='dont_appraise'}, {@seclabel='seclabel'}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}]}) [ 584.676452] audit: type=1804 audit(1617134870.170:2500): pid=13557 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1171/bus" dev="sda1" ino=13979 res=1 20:07:50 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:50 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:50 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:50 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:50 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 585.057804] overlayfs: failed to resolve './file1': -2 20:07:50 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:50 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:50 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 585.103152] FAT-fs (loop2): bogus number of reserved sectors [ 585.132105] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:50 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:50 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:50 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 585.248650] overlayfs: missing 'lowerdir' 20:07:51 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:51 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:51 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:51 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:51 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:51 executing program 0: r0 = creat(&(0x7f0000000040)='./bus/file0\x00', 0x146) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r3, r4) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000280)={{{@in6=@private0, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@multicast2}}, &(0x7f0000000380)=0xe8) mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000240)='overlay\x00', 0x108000, &(0x7f00000003c0)={[{@xino_on='xino=on'}, {@nfs_export_on='nfs_export=on'}, {@redirect_dir={'redirect_dir', 0x3d, './bus'}}, {@xino_on='xino=on'}, {@metacopy_on='metacopy=on'}, {@nfs_export_on='nfs_export=on'}, {@xino_auto='xino=auto'}, {@index_on='index=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '{{&$'}}, {@hash='hash'}, {@pcr={'pcr', 0x3d, 0x23}}, {@subj_type={'subj_type', 0x3d, '[[/],*,'}}, {@fowner_eq={'fowner', 0x3d, r3}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@euid_gt={'euid>', r5}}, {@dont_measure='dont_measure'}]}) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000080)={0x2, 0xffffffffffff9854, 0x4b45}) preadv(r1, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/61, 0x3d}, {&(0x7f0000000140)=""/79, 0x4f}], 0x2, 0xda2, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r6, 0x0, 0x8400fffffffa) 20:07:51 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:51 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:51 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:51 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 585.972665] FAT-fs (loop2): bogus number of reserved sectors [ 585.988102] FAT-fs (loop2): Can't find a valid FAT filesystem [ 585.997592] overlayfs: missing 'lowerdir' 20:07:51 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) signalfd(r2, &(0x7f0000000080)={[0x9]}, 0x8) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:07:51 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:51 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 586.145466] overlayfs: missing 'lowerdir' 20:07:52 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0x0, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:52 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:52 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:52 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:52 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:52 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:52 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:52 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 586.855171] overlayfs: missing 'lowerdir' [ 586.858507] FAT-fs (loop2): bogus number of reserved sectors 20:07:52 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 586.936823] FAT-fs (loop2): Can't find a valid FAT filesystem [ 586.958125] overlayfs: missing 'lowerdir' 20:07:52 executing program 0: setrlimit(0xe, &(0x7f0000000080)={0x0, 0x100}) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:07:52 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 586.983466] overlayfs: missing 'lowerdir' 20:07:52 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 587.130045] overlayfs: missing 'lowerdir' 20:07:53 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0x0, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:53 executing program 0: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x801, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x140d, 0x0, 0x70bd26, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x7}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x3}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x15}, 0x804) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r1, 0x800) lseek(r1, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffa) 20:07:53 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:53 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:53 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:53 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:53 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 587.744071] overlayfs: missing 'lowerdir' [ 587.751706] FAT-fs (loop2): bogus number of reserved sectors [ 587.759157] kauditd_printk_skb: 11 callbacks suppressed [ 587.759166] audit: type=1804 audit(1617134873.251:2512): pid=13718 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1176/bus" dev="sda1" ino=14696 res=1 20:07:53 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:53 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 587.793594] overlayfs: missing 'lowerdir' 20:07:53 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 587.840133] FAT-fs (loop2): Can't find a valid FAT filesystem [ 587.866991] overlayfs: missing 'lowerdir' 20:07:53 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:53 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 587.940199] audit: type=1804 audit(1617134873.331:2513): pid=13728 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1031/file1/bus" dev="sda1" ino=14236 res=1 [ 587.974893] overlayfs: missing 'lowerdir' [ 587.997774] overlayfs: missing 'lowerdir' [ 588.061579] overlayfs: missing 'lowerdir' [ 588.554960] audit: type=1804 audit(1617134874.041:2514): pid=13749 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1176/bus" dev="sda1" ino=14696 res=1 20:07:54 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 588.586406] audit: type=1804 audit(1617134874.081:2515): pid=13718 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1176/bus" dev="sda1" ino=14696 res=1 20:07:54 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:54 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:54 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:54 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0x0, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:54 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)='9p\x00', 0x214000, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="2c756e616d653d2c6673757569643d33b46364386561302d363665622d546437002d633935342d64383036373337332c61707072616973655f747970653d696d617369672c736d61636b6673726f6f743d7bdc2c736d61636b6673666c6f6f723d21212c212425273a266b272c7569643d4d0b1dbf458d5ff6308eb52177f0d05be6e18d6d760c23c9b4c66cced9da624e367fb670489197967b10c073853fdb540a09aa613281da37ff7ab803631ada95e340a326d63ac901ff67af1a60bc69f82b0000000000000000", @ANYRESDEC=0x0, @ANYBLOB=',obj_role=\'#@,defcontext=sysadm_u,\x00']) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r3 = signalfd4(r1, &(0x7f00000016c0)={[0x3]}, 0x8, 0x800) bind$inet(r3, &(0x7f0000001700)={0x2, 0x4e22, @loopback}, 0x10) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r4, 0x0, 0x8400fffffffa) [ 588.630926] overlayfs: missing 'lowerdir' 20:07:54 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 588.714298] overlayfs: missing 'lowerdir' [ 588.720948] FAT-fs (loop2): bogus number of reserved sectors [ 588.728439] overlayfs: missing 'lowerdir' 20:07:54 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:54 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 588.763942] FAT-fs (loop2): Can't find a valid FAT filesystem [ 588.776977] overlayfs: missing 'lowerdir' 20:07:54 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:54 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 588.794685] audit: type=1804 audit(1617134874.281:2516): pid=13762 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1177/bus" dev="sda1" ino=14236 res=1 [ 588.892508] overlayfs: missing 'lowerdir' [ 588.908924] overlayfs: unrecognized mount option "workdi" or missing value [ 588.911670] overlayfs: missing 'lowerdir' 20:07:54 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:54 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 588.920097] audit: type=1804 audit(1617134874.301:2517): pid=13772 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1032/file1/bus" dev="sda1" ino=14679 res=1 20:07:54 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:54 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 589.044904] overlayfs: missing 'lowerdir' [ 589.059956] overlayfs: missing 'lowerdir' 20:07:54 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 589.094318] overlayfs: unrecognized mount option "workdi" or missing value [ 589.199985] overlayfs: missing 'lowerdir' 20:07:55 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) [ 589.532287] audit: type=1804 audit(1617134875.011:2518): pid=13806 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1177/bus" dev="sda1" ino=14236 res=1 [ 589.568210] FAT-fs (loop2): bogus number of reserved sectors [ 589.574142] FAT-fs (loop2): Can't find a valid FAT filesystem [ 589.589021] audit: type=1804 audit(1617134875.081:2519): pid=13810 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1033/file1/bus" dev="sda1" ino=14682 res=1 [ 589.613862] audit: type=1804 audit(1617134875.101:2520): pid=13814 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1177/bus" dev="sda1" ino=14236 res=1 20:07:55 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x42) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:07:55 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:55 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:55 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:55 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:55 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:55 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:55 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mkdirat(r2, &(0x7f0000000080)='./bus\x00', 0x4c) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='trusted.overlay.upper\x00', &(0x7f0000000140)={0x0, 0xfb, 0xa7, 0x1, 0x5, "4852573c6ad139137ee40d85669d69fc", "597799ba1b602afe4fbe5f45fabb346ce82735fbc00f9ac1cef62cdde818569fb72a9a4fcd3385fcdc4c901e34eb5ddd1061948c5d417d7b184154cfac81e80704c815cfeedaa554996fdf0bedf7b9dec2b9eb0a9f60d4cca299d1ded1437c9d70f41a59abecf260c504c4cb32f0fbfc7af8050c0fa9be0461eae97105e9258535372b9f27ec20b91018001dba5ab6a12d5e"}, 0xa7, 0x3) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) pwritev2(r1, &(0x7f00000003c0)=[{&(0x7f0000000200)="a328087566cbbbc6cef83cdebc52613185372f4d9c963d9100695731fd5f62be4c7409c7e4f509a977077a53a4929c33ed5e6e9b422ab14d5c3e4780b2ca353a6baa42021ab705fffb26c25bc473a3b92bbef5c1d0bc23cc50574528ad3cb447033babbf7208237385bb608b1f99ae868acbe90b349961ea52aaeee2db28d2a0a17ee91725dd5cd607de95b24f590ada74105a3428fe7e7b2189d51cdf1936ed3402284dd2ca9957", 0xa8}, {&(0x7f00000002c0)="035a6ff1c8d39c98c401c9686f72a86b3499c2b777501a29564c39435a1943d0836a0de99559a66c75d7008c8c9d39cc70184c1157755b8d4b712f9df46646d2da58a4d7daf75961b718d5b49fab820c60bc3284e08db106b1f4e85d6215a7c041fbe2a1f929a759051b2de6d405c1381fe66b670d1d0acce673b36d4d0f39bcada2", 0x82}, {&(0x7f0000000380)="b3644ef49135673e1e058ddd", 0xc}], 0x3, 0x20, 0x7, 0x19) r3 = accept(r0, &(0x7f00000006c0)=@can, &(0x7f0000000740)=0x80) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000780)={0x0, 0x40, 0x0, 0xfffffffffffffff9, 0x1ff}, &(0x7f00000007c0)=0x18) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000800)={r4, @in6={{0xa, 0x4e23, 0xfffff800, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7fffffff}}, 0xdb40, 0x5}, &(0x7f00000008c0)=0x90) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r5, 0x0, 0x8400fffffffa) 20:07:55 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 589.753788] overlayfs: missing 'lowerdir' [ 589.758670] overlayfs: unrecognized mount option "workdi" or missing value [ 589.782346] overlayfs: missing 'lowerdir' 20:07:55 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:55 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 589.892629] audit: type=1804 audit(1617134875.381:2521): pid=13838 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1179/bus" dev="sda1" ino=14742 res=1 [ 589.938624] overlayfs: unrecognized mount option "workdi" or missing value [ 589.950162] overlayfs: missing 'lowerdir' [ 589.963138] overlayfs: missing 'lowerdir' 20:07:55 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:55 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:55 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:55 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:55 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 590.457946] overlayfs: missing 'lowerdir' [ 590.464164] FAT-fs (loop2): bogus number of reserved sectors [ 590.483156] overlayfs: missing 'lowerdir' [ 590.501928] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:56 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:56 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 590.509299] overlayfs: unrecognized mount option "workdi" or missing value 20:07:56 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 590.584479] overlayfs: missing 'lowerdir' [ 590.663654] overlayfs: unrecognized mount option "workdi" or missing value 20:07:56 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f00007af000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000180), 0x0, 0x5, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0xe8, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xff}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_RULES={0xa4, 0x22, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x7}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x6371}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x2}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xffffffff}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xff}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x101}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xfffffff9}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x2}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x81}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x7fff}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x2}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x100}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7fffffff}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x2}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}]}, 0xe8}, 0x1, 0x0, 0x0, 0x4010}, 0x8004) sendfile(r0, r2, 0x0, 0x8400fffffffa) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r2) 20:07:56 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:56 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:56 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 590.788155] overlayfs: unrecognized mount option "workdi" or missing value [ 590.812750] overlayfs: missing 'lowerdir' 20:07:56 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:56 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:56 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:56 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:56 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 591.337675] overlayfs: unrecognized mount option "lower" or missing value [ 591.350423] overlayfs: unrecognized mount option "workdi" or missing value [ 591.360594] overlayfs: missing 'lowerdir' [ 591.361678] overlayfs: failed to resolve './file1': -2 [ 591.368229] FAT-fs (loop2): bogus number of reserved sectors 20:07:56 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:56 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:56 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 591.391439] FAT-fs (loop2): Can't find a valid FAT filesystem [ 591.503808] overlayfs: missing 'lowerdir' [ 591.509294] overlayfs: unrecognized mount option "lower" or missing value [ 591.511796] overlayfs: unrecognized mount option "workdi" or missing value 20:07:57 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:57 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:57 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:57 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 591.712092] overlayfs: unrecognized mount option "lower" or missing value [ 591.714455] overlayfs: missing 'lowerdir' [ 591.735094] overlayfs: missing 'lowerdir' [ 591.735327] overlayfs: failed to resolve './file1': -2 20:07:57 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:57 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:57 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x20800, 0x100) sendmsg$nl_netfilter(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="f00000000b0a050029bd7000fedbdf2501100004da008f804d39b5b251254b6e41ad7f0fa5f686388c6da46bb15b49f247664d3445b7fb54546c19ada96787d76d63c948458a89ea0f82b5903e65599cfc485a56eaf568a4c492da00cf204a1d844abf0071d00682b1546eeaaa7926fce0949c0553e8eb60c43c048f0ee69760639b53e75166613e084671b5abd6437e8a4f2ebdeea335f1b0f86c69c3aae5bbcdf85f4518e116b3eb238aae98ede463f7ad616310705be3f8aaf02a752cc27835a2dac5278187f86d497a9e785effeb693e058796cca7e4ecec76f79e39acb00a0e9a63308e14002a00fe8000000500000000000000000000bb00"], 0xf0}, 0x1, 0x0, 0x0, 0x20008000}, 0x8805) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:07:57 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:57 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:57 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:57 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 592.213890] overlayfs: missing 'lowerdir' [ 592.231990] overlayfs: failed to resolve './file1': -2 [ 592.235687] overlayfs: unrecognized mount option "lowerdir" or missing value 20:07:57 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:57 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 592.262573] FAT-fs (loop2): bogus number of reserved sectors [ 592.265012] overlayfs: unrecognized mount option "lower" or missing value [ 592.270864] FAT-fs (loop2): Can't find a valid FAT filesystem 20:07:57 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 592.354200] overlayfs: missing 'lowerdir' [ 592.371770] overlayfs: unrecognized mount option "lowerdir" or missing value 20:07:57 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:57 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 592.437723] overlayfs: unrecognized mount option "lower" or missing value [ 592.510006] overlayfs: unrecognized mount option "lower" or missing value [ 593.032229] kauditd_printk_skb: 9 callbacks suppressed [ 593.032238] audit: type=1804 audit(1617134878.521:2531): pid=13995 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1181/bus" dev="sda1" ino=14674 res=1 20:07:58 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:58 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 593.060863] audit: type=1804 audit(1617134878.531:2532): pid=13960 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1181/bus" dev="sda1" ino=14674 res=1 20:07:58 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:58 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:58 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:58 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) open(&(0x7f0000000b00)='./bus\x00', 0x40001, 0x20) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0xc0, 0x5b, 0x2, 0x9, 0x2, 0x3, 0x8829, 0x3e6, 0x40, 0x1e4, 0x7, 0x9, 0x38, 0x1, 0x8001, 0x101, 0x8}, [{0x7, 0x3334, 0x1, 0x9, 0x6, 0x6, 0x10000, 0x5}], "c6ee6cd8b5898039a76ae3fef74f60574e96d351274499a70987d9c962bbc345150d", [[], [], [], [], []]}, 0x59a) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_elf32(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0xf6, 0x40, 0x0, 0x8, 0x8, 0x2, 0x6, 0x4, 0x307, 0x38, 0x395, 0xfffffffe, 0x4928, 0x20, 0x1, 0x0, 0x7, 0x8000}, [{0x70000000, 0x4, 0x8, 0x31a, 0x8, 0x4, 0x6, 0x93}], "137aac09961044412fc9fce679583bab9dd716cd3060464013cbcd88670d551400342cb98af84af404ab98c426204e5dc932780c9e7ecf7f95390c34d26487c4f80ba33adbcba6788b4b857ba067", [[], [], [], []]}, 0x4a6) ftruncate(r0, 0x800) write$binfmt_elf64(r2, &(0x7f0000000b40)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x3, 0x7, 0x58, 0x400, 0x3, 0x6, 0x10000, 0x17c, 0x40, 0xe6, 0x80, 0x0, 0x38, 0x1, 0x80, 0x1, 0x1}, [{0x3, 0x3, 0x1, 0x9, 0x9, 0xfffffffffffffff8, 0xb7, 0x7}], "86b45991afb52e07ab57f5223fabb02287607d787af96cef3e96626cb683c3cfbd9423e74d06640c074fc8048d524a57f9ad4e04ebdbec9a1a4120ab2a48144e32a7714a856aac3614638512db975912617767cf9ff7932673a206d5d10717b5afb142b1c0e1cb924c8102d46f15d812b86cfd8c6e41248547c9f1be5b0a0f502a6962898f4cbd18a5d19197732c11ff87b57d89bae5d4bc49d11fd411c3c0df3d6e63d6d96b88d2eb16aa090e7606db26a73d677a13f565a1c3637f4e73267599caecff8c476d62f075fc80cbfa8ecec76b0f9af7031e7daf2b07cdc0df5b50579a9bf30e867b0e12e7b1a4b498f7fc53ba", [[], [], [], [], []]}, 0x66a) sendfile(r2, 0xffffffffffffffff, 0x0, 0x2) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) [ 593.116384] overlayfs: unrecognized mount option "lowerdir" or missing value [ 593.122346] FAT-fs (loop2): bogus number of reserved sectors 20:07:58 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 593.160161] FAT-fs (loop2): Can't find a valid FAT filesystem [ 593.192121] overlayfs: unrecognized mount option "lower" or missing value 20:07:58 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 593.199394] audit: type=1804 audit(1617134878.681:2533): pid=14001 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1037/file1/bus" dev="sda1" ino=14761 res=1 [ 593.201791] overlayfs: unrecognized mount option "lower" or missing value 20:07:58 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 593.272654] audit: type=1804 audit(1617134878.761:2534): pid=14012 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1182/bus" dev="sda1" ino=14186 res=1 [ 593.291291] overlayfs: unrecognized mount option "lowerdir=" or missing value 20:07:58 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:58 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 593.377567] overlayfs: unrecognized mount option "lowerdir" or missing value 20:07:58 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 593.467376] overlayfs: unrecognized mount option "lowerdir=" or missing value [ 593.469535] overlayfs: unrecognized mount option "lower" or missing value 20:07:59 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:07:59 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:59 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:59 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:59 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 593.990055] overlayfs: unrecognized mount option "lowerdir" or missing value [ 594.025094] audit: type=1804 audit(1617134879.511:2535): pid=14017 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1182/bus" dev="sda1" ino=14186 res=1 [ 594.038671] FAT-fs (loop2): bogus number of reserved sectors [ 594.054257] overlayfs: unrecognized mount option "lowerdir=" or missing value [ 594.059712] FAT-fs (loop2): Can't find a valid FAT filesystem [ 594.090173] overlayfs: unrecognized mount option "lowerdir" or missing value 20:07:59 executing program 3: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:59 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:59 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:07:59 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 594.129178] audit: type=1804 audit(1617134879.571:2536): pid=14017 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1182/bus" dev="sda1" ino=14186 res=1 [ 594.163935] audit: type=1804 audit(1617134879.621:2537): pid=14054 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1038/file1/bus" dev="sda1" ino=14049 res=1 20:07:59 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = syz_mount_image$sysv(&(0x7f00000001c0)='sysv\x00', &(0x7f0000000240)='./bus/file0\x00', 0x8, 0x4, &(0x7f0000002380)=[{&(0x7f0000000280)="05c2b38e8f824f7a41fd5cdad98ee66476975cf3d38110b074cb733fd3898bd33af929229b823acc81b3a28bf031728d3e5e82604df2bcf4af4717b6772ee6e36d18d507854ca6bc1fc08023f8f8f0d414ec01247e6db7248b8e5c6bc920e578c3e53815", 0x64, 0x8eee}, {&(0x7f0000000300)="1bb672f5bfaba34c44419e2b57173456bc3de185c170cf5278240b1c343e4983c50b371013a118333de9c3dfd93a62c8847ff37df6badaffd1b971f3ae0810f78aff51abb4480051407028496ac052fba6079d02e45d4011513be9c624a709fe8288b845f35d0b728fa67f60b77204d42054fcc3ba44fa51", 0x78, 0x4b0d}, {&(0x7f0000000380)="47b6e671d525b76f56c9010bebec62ccd17ddb3d2f5b853b0da9bf597b6569f09da028aac36f266b4670280b3657aefb010829e8e495c24f63cc513401f3a3d9f1bc480e2440a153bbb9419fe3b53eff3f4df39a73bec81e5df0c8309be46fdb59f98ccd15977a7bcb90732362525ea338be3c233e49bbfebb6d6b51d563017eca0dd24e6b12822102572de591dcf18fde7e9197b9f74d501531333ddb9323b8f57a261193b6f7737e43a9d81470c4987f7e76918e30beb5bd6ea701ced71f76f69c736906069e79504ffe5faa937e0dd727c25ae802e424c14167130c1996bcbaa5a8a83eede1a197cc9637eaaae9807df6965cb7160f880e10cf9043634733c059e1dcd1fff152197fba2b960342b67723cad48579444237a67c3ce3db16ed1ad3515dac14154f31585ff33de65e0ac1059609c77517c3ebc490efce83653a3850027476f4246a3b3f68935f7541edd124fb0b59dd13a78509110a19628057cd752d861b227a2886bdbddf94a0a6236ae87bdc485694d755a51f5a87d8e9ba970c404dd3b3152e3d8ff6f6250f5c2ba0658f0c1aecc625acf389a073cf3a74f02c704d8b683e65068c60192049abf8bf7ac6cdceb2767796763b9aad295cc6bcfdeb2db619be1a21868e8d7991bc578bfb366717164635c7f872777b600673cc83cb0f9e29a10f7cd875bdd04afb1b7d2a74fb2062f9fed5d6161afdf5e2f9941e0fc999a0d9ef6248739715c257c52a7b33e0ad8b70e500218fb1b59554ed6ac0231b14f5a28eadf7f977e2eb7818d2771362aee7fddb74d9625d76c69ea3fd1f1108986ef4787a5dc86510227f29f57c4a54b427435ec34aa36552016488a3b796d130104d69718615fdf67b2f51d4a8b25de1a15d88d145173844fd9144c393923f4b6ec2db477eb155b136d4eac3c1f424e3960378fb8fc4f8e9c8e94ee8e974b44dbc4081deee926c55b2cf79c2e3c7e40c54879c55cfbdfcfe902505f24c48dc64482d42080a999eec0bcc9584f821297772187a888cd864f17b0f87645d49a2799a37498cf5de03536df0e4f25e1a8406ec79b741af155151f402f095a43c08b118d677417fae2b8ac28e61770ab09efa5856975d0a4a416f34394d619ee43ae74b04c134ff81394533a32c152d1a0b1df91a64d0150b069179a733bd7a2051508f8994a70a114c075f461c9a947bc81fa8f6038949ee0bc957564082d6581c54a57a5ddd7e75396995b8dcac6d8c1b4a75538410edc3f8d80c69492426055e72f6f18ee13039551ea207534a599d5ab46332ad9fd86e80d817710d3bc5356b1907013eb86422236d2ab5ba72e4f4cd926064c58beff8accfd5099deff06ae206867c0e5912ae519da4b390ed6d289032f91f83e827642177d5c663a1c446f4dc8ca156097f83fd734ea6b0edf46a648f40bfe43c159551d38de1e01162aca6ed45518044a2c9369bfdedc26b5c710aba28906ded7d195c54e6884a5f633866b7b973771eec97c3d22b8cc5499805fc502e81cbb9a676fd9a4ba770afe03cb935bf09963c46d3db508c94255e327541b4498e5f6bbe240e42ea58db3aaa5e1569f998584bfce103ce201c80bbb6b705a7c58a7a7f6d302bcfbd82239ccf88a111ed04007b0a64a5e351253bc13789b4466fd26568438eaf1cbd4505725b6235c8a9dcac0b673e7ea358416689851ae9935d65c5885cca7525d1b3587209b525dedfcad54ba0edef27fe26de46a14d4c84640e4e54714af24f2ee9772380ad74fff5d46701997c16574bc0892596e9298bdf049ce5cd776dc65d9c8e9961a8b721cfc29ed2cf82ea03a307a3c4d847b8fa75e1a750019ec7c7c002df0eb438d653e86a9878871b0668217b0d43808cafd9cf33fb04f650893fe2b3f123933a7f9788770dc098aac96a8a2f99cfca6543a6ae764b46529724d0537d2ac99b3a27598ac0cfdf1ae9aed1d04bd0e5eb48586dbf90f662953e5037086e7e1fa0f19e51ab86be7a01a7755f73e99850b6dba69b2b51d5158710f61e8b85e3b6e189d944cf04796f798f960e63dae09aee2481debfac65f6f97307d6f999c33de2a16e8f0dba4343fe95330addad5fc6ff25ff9b3163dac20e99c5fc90474b044b00c04375f3ef7f8dc66995578234d0c1da62d731a3733f6f19552ec958fb4f5a0203318c1ebd0108f0e5977b170f728e2f3a1785944d8ecb7b51bf0c40f6932fbb4e3f77843ab9fe523b6c7b50f04d37446bcf726b53bfdda992dc2e851dd28a75693b7a253c7a87f4c4d7e592a1e58df7cac0576cb42356e97e574b6b41fc7b705388f82fbaee10893322bd15e9863ba5f44fe9f8ae4cf8763e955a1baa331e52ff11e137afe2fa59107cc4cdb716249d41ccd2774065f0fe41c006e399788d701065a4c28e1be8626082b3b0e4152c223d23d22e6f389387d280673e148af8048d7b7618f762d8fd4228f27a557af4e748331a8839b1732965f18d004a2f4ea036eda032dfe527b47d1721cc08838d00472f15da5b330d3de227db5cf48f32f6a30bb3ddaedb7eeebcad6f2fe2806a4496609752a719cb7e15b74bd48a1827b30d1ae25be0ee7bbaa34fe6eb8698e17b3fb24dc5d8ab04f1a26a56f27471faab4361a3d96dec3bf301de9cb8aab4bcb3004940170b0af2f4ba2173732b028d44199982f53f83a640ec215eee301944346bc8699f7fbc8dd750f3259c249dbf11f8ddba81703667ffde5f11685f2bc0cd2bcf44dc3ba5338398f330b5f04a50a434c944e038d80fba68ccf0a0b263ded017bedcf008e1b30d32b300dd797f4f537cc8e4a10d8a214259a2cc372400d350714d0c6c7b8da029354a977099f56b9239f4bad9023b58e888d8da2651000af43b613f754866f51dd3089c0482ea0c674416338f4ad4c3a44b4501bbf7e3b3b4d563b819d4a84e86c4b647336cc422d8d3a31adb95a5afff88f365ab9a893d274f3f7dbd1eee8841b6349731efd298a1beb4a53d4566726e86f9ec8ac2354c5d8374041719dc069022ca36980804b7bfe58d68fe1813fad78c363983e6b932c85c9f2ed0840afff800f96154815fd49273e34ca4597e0fc844cb4316ea5be22ae16b490d414ddffadb0de42f3ae9a02a09a5f58157c29af75b7d85d19a7d421b648c36f9048ec18d12b338319d2ed431580fee97de186ae630f0c9e964b52544a366c093ee06005fd7b3be776b4252d3615384bb4f75e7b1a6f9174f87be93ad5f0b6bfa3ef3399aa88fbc749fde711a5ae023ce9031c955a086b8801aae0d4a8b1645a3c7de5c9525b3831646efe7412f4b7bb07baca691afb7309cae60ac6b0ced2c548c09ce15f016f3afdae92a7315ef715da245a30558d800a0b47dd2e0d0d38f017053a454966256e11af52cef683752b3f298cac33e91f9191972484d1f7ce00f17e491108fd70ac49c0d6d40e23efa0ebfffc4a248e6e4e8ec63db1345c0a925505e70b1339bbeb887e507258b8445b6fa7d40e0d877c68ee3f69ca1744abc018b49b75519cef1b1d428c25bb5e681757daacfaeaf70a2684ae16240f9c1af6e536bf0bbd9568ced8723c61d215ee830c95505dfbfe81b1da22b107da2a62fbf6182f97fa4d6ae0799d862c877a4eca4d24eaea16698306fd77daf88d937d02baf433efc09a1643200690189126fb7532de920b638f1eaa816193f598f3cb8f63d1bd6dbdb4627c99219f3e55fc6c62f8fe5f157eecb3c44b0e4de65d55464b9c39763760ef5dc828ac1e416f70462d9d633f7ef9a971d4dc5ceaa01532050275c411e8e7985c466dd3b4b1cf13a5775b4c7e41a03f483a44dda34bc7f60fb18fd47417bd6df18d4bb850499c8ebfeee8bc2ccf7aa202581edd3428a9a909c5f92000e62aa0f0fce939bb6812fdc48d5148621438b5352d76a06f11efae4b705807ca3cfa711c524c81e74d523466508ed623435871d6c7749694ea8896a6b297ea950e1eda417560643561a2298288682fb7a55fd29a74885dcf3c654ad9df03293dcc1559fc9ce9dacae0798c8ceaf441a296fecd38ac8e825ada5efd303a55a2e49f869f66856ea69eca1ac13f7086c24cd7cd4f295ae8725c753f1cac00523c97f9ae7aa3fdc2321ff3846f823f4ea8ded04fdc676f631980b6f2d3ca72ab732c91ca21eae643cac0fda4dced1cbd302d2cd45a92273c78aa6570a1e8fe47e83dcd431f7a35d8e774e4aabf1bd9d5ea04c9a53d680cd518d65d56d58ec6e412f17635900013f761ac3aac1ec438ef75dc34cf4a4282841dce8d6fe0feb60b9a697b01b9517eee4d847d45df5f27605441febb68cf9b287a332b996cc6bb5665d1367d045d5f45c508fda2cce2166a6be8a2858b432fb4da3e4ca64df99b3d039509424eeda7c714738a8add6231b9b01418b31f70814afffeca8c94736211a35d603c579c012ecaf43cf03d704cdfb600e08e185140b82fae78f48dcd3588b66a4715283fa2f87eaee3ef7dd6f9253d26ae633181a1759d2aad8701724d2382989f7a561f9766033221edfe590d513d8e8010e8dc6c57d7c069e1606c40ee7a9dead146d73b48cba6f051ed04d1fc970dbca9f6e3b53426cdd239e10ab8135c2175a8f2f590b8e36a45cd9d031c2a2391fb1fb774dc60e211c16cb1213a0d015ec3cd2b90a06648cf8da1156849f279ec19aa49e3a65c81995c734590ef0bd46c0f5cace60b4388b3dfba494baf7783354bd87f6c6c3c89edb296bc92db366b42135376883c697032513a6adb4ae39f17cdbe776c645836266338c64dca3983ed1e99cf71bd03324d510ee2f4f24844f6a5d2132f00a7b3a57cc3a6f0182764c41fcacf9db1a4ed81509287062555405bba19afacc800c7ab042ec95cea1263093bf85fce6b7c308da42a03ec669ed629976ca3029e19c0ed812f2e38beb035cd052f777e3b12f6a1db2b20d0e3133b425b3a0a91cfada540d61d0dfd671e8480ac275df4a5e7541a5241cc105960e22c6142106268ba39aa6d19981fae9f56b56c2d0a9db8a731efb69e59cdee7a2a2e332e6f42cd2900be402f8a13a03230472f29248fcc8dc166341b8f2f66c910ae013cc4b9bb2429d60aa539103fc278f96aebe89363dde8c499d16af5725112a0116d95f91c4a27fda2322910e6e55d0a29771fe64ab1dca36c3287fdbe1e8b729877696a9a27466dd6bdc5ae5b68197b73ba3f6264c5a0a15849b5bd5a84101749ab0dff429be32a279e9c123338ea499df9075763dc844235e180fb169a368bbc5b78d1195b7b0b1a389d760e19ec4655eef8a421590dfdddbeaf6b0864b1265b1d70b8265ac16f9668e85669997d82678369bd9a3e4c892053e3f722a43532e3eda8ff6a331201a153b40943dc098196c751b7d86bec5b985b62a560ec2de6c6550966f580679bc1170aaabc6918050f79f59a8b98c001003d346c00374fecf1260cd9c3e35ba3a025164742b2fa865704326562ae8e7fa397b8554a536474092250b50445efaa314af2a4f283bfd67d3cfe466f6509b5aeb79a731350c166b4636ab632dc4b2916b1c37709828a8adf456d74be22db16182ff97515dead6553f3169baeeeb3634804dc90f3c5c6336ac0333a68b2ce34549279d705d240b80815556baf99f2e77afc2f4b349a8755258bcd25e44ba8cc19fd3d9fbe43008218690e094be50e8ac184aeb7926d28d0e12aab326d03ec12021d6f1dbba9f537ac072021ce51e950a7f9a0ce1985ad613b43bc047baac0b62ba5401aa82a0590fe39c9ffc199596d7ab6841155a6b923064dc34479ec3", 0x1000, 0x80000001}, {&(0x7f0000001380)="33f1a1bc54830d9a61e1e2aab7a94c7fc144f1ab2c1180dade56c456fa834ef5bc867769b1f9c58eb994bb756f49118d09113b0095c362596488b18e11f1ca1e2f4dc7fcb6f601359e528db4ab553a7f08fd8f3274404428f34a5e13a401a309bc793ff2898e7f8e5cb514029479ec818513c868a7997a34d44a2fa5ee20665e790f0c95f7480b070768db350cc52ec6a3f17fba01d8c4d6f2a02f9dd69c00d1fcc8ef6675d3aa97f79dfab8907d7ce743c57db72defc9666c48741f93ba274728bef19fdce403e13b09e3fa24695f39320a36e940e42941f3238e4c768501159cca424c56ff6b5daeec91b4e3484605b8ff6edfb58df97271c1a218c8616cd04408705e9af3b4bc89bbf4861873b7a12f6a8c7a5f384ba09fa02154d4fafd7abd9bd4e74f5d329aef1a975994ba1c676132a2f4f06fbe7e1470bf118431277ef25aa7ab599c3d1f6bd4325d54a3721b16cfa770b543f6123872994eb72053099169cb2b70a9fb7e2b45aed23fd3a90879ffa0951c72767ac8d83a68a8cac02d13aa1f19ac05931d4984747ecd291ece3149f4728b48e466f3810f0d6b18db9a0dd99de3e7c68b55410fd89f36fe45adc652a03a48a3850c1af7354c167b54d126752f38a51826fde6b911845cf01d5ef32bf1972b09c8482a62a754574974dfba8861f0e3df13a1f1b61742951efa536e589da190108b2cfd81c68d991351688c49df039e0675a68bbcac1b3f9bef7ae2efbb972fd8b5d4de60accf40b8c63161a26ca85f7ece561f3aad03ed2ed1102ff85c1ba2fb689454441c41db34142b4bfed19f0e8506962a7db2d46befc357e3ce8eef491dbf698e8b540d3ccf5aa60cb78bfbf3c3de57f31a1c50f7039f144d8314f83df083dad4ef9ba9568dc8668ff169518fe2012f0f834da9b1b958ca3e4fabb5dc0f5ff8a5fa12857098484d1cf945ab688c7d82b98035bb62a597e4989d0b12232bef7ea09f237ca1d908012706442ac9c831e2c12ef9c9c503fdd9e5efddd6d1204dfa47165e00a4c34e976dffc0e9e03711cfb10698b31a861018d0394263c9a7b606422053eede96f0f61c5dbf12743ba883caf73a570a15fa942d0a000df3676ce2ee00dc40d567e31739d48e987b32b9f0dec25ad1399ff1f83c978bac8c89bfc179ae862388ee446edb7245b31a0d581781e6f8ff89223acc2ab9de862c08f87858cd967b36d8bf0860532d28e3fed9492483116c81f4708a109832eb343f637ef8156ff04bf47e5db0216b63566f8b73f46b48306472f52a9831e55ac14e61159fce94d1dad9384a24e6fb05511a2ecbcdd8586629e3b35e1cc36afbef5f9eb6f552ceeddbb5af294d64c97cbb1eaa1ac34e72624f4ae28200c79b619c3f43f9bafc97a2938630118305088adc653d967ebb952b29c3917fe062714c32c59d0451c11303ccf5201ef16e1c2a2a54fdf7151bc08aed2343b649bd9808b6fa48c37bff4450d25ee7210a5d43a6251965539bff843830f3c5d6422b6bbaa2447be4528516b21bae7fab819d886f8ca02bb07791f11c428242b3c67913d6c4a639569947739212da8ac7150abd7d8ca2ae843404e8d5172553a2f71cea5c0098d3b8aad15352244726d22c7d419269029583b9a5185d1f1d05ae550d3d0d5ebe04dfb710ac2464789d41296ad0f4e0c7e48b9252a300c19e311b19b2d644221183bd5721e695358389bf16a8be5ebecdb792d111a2c6f17acafcac625c076d3ff87e0a5ff8c8f018b1717369192b449d6f527c08a5485bec506f602fbbe5993c5de391904105c37210ad79260ddad9b0475684867c75a963dab9bbfd80405619d29d9739976164f5246bbc8ee762d0e7dc09f274c80953cf37cd10e83314c67213ac69f90028fb7e8a33d603144cf1b3132cebea3830382cc650e5c401511642a66ed1cb7fcfb232795e10868c88116d2a034dd39e7ea80d6fb8d11617b0e4f9849c841045be3dfa3c8c7686b4668eba88b17b04a38df216406269b829ce1b28c40f3240c8a04b638be1209ac0571ab7d685c6b01036469e44c8fb08f1fdfcd93f3c5828cdd9d980a7916e47dbb943fc5ba841698e6789a60e99584893f29d224bafa74001eebb6fd87b1e17c5b276f8b3edea538f5c3ae6434aa359c3da79a5b30f2111da8021933674565b340dffc8072abce9f76be977d02d71e321fc3977663ca85374572b588d281d85793c5e003496ec0a9ce7ac4677253358f084a114e1960689165c9084e0bbd31872107a04099268fe252aec8cfe6b95475047118fb764edfeee0426594ab8be01ef2ba5143abb8991566cf3f6e9c21ca98e42825930a502922471dc8f2f7a1514bc3dc94a4c209c084875b103d17fb8e24156aa0a9fdb3692b7bf3b71c1c100f228b66e47d93ca0235c0b228e17525a337184fd540d6fcd3a422311d1665ad2b8857e9faa5d734141fee4fe2c229ead59a3db5216b5057a94bbb3aeb0783b179adafdf532a60454c09d210bc01d2e885b2524717bd86bfe9778f4d4d8286cb4734da4a25d314561c4129b1f52ae50272da0571e83855f4ca27e2dee7237e6d62f41e0caf00a374e4b1965d2f5543a8a798ce77b577f3ff6e4d28cff5db8eb8f4c83342211675e9eacd17248e0f441ea8efd0c4cd8e89a22aa04e99cfd3a7891a32129f759e53ceb6a739768011306b53f41454478b2d2f420f3ba621861a550030b5f295e632319cb9c7740145d3f62492983b0ddf7b5199c3144f43c36a783cd2e3309be368ac66fc3f0eb02c1a68502443ef915b6aa0820f30e3d9ced27d8e6bb82f127585b436bb8ea3081893770e9686a772447e28486003cdf3bb9982561c03296dbc7300a1e22aec9ee12e2f34068f626b942d8451d60e98596a13ec948b33fdc48019f1b0ecdbe9319a02374a6704a7de29a8a6e2f9eeb1bc6e31d9702e6e4537a2bc7c8da0908d3fc0c8f2f6a22df03169fb2785039d4d4aa707351502c02e02f45699386410d7342a85b445327fdd9d520886f792cf3067e554a9d1f9bfdd45402a4831a15ed606d2bab5bb3a05ba15e968e8f5fc29feff629308b2e7ba046790f9edc90079f01d93d95fe4188ad730bf569ac30272cfb21cf3058d459a487b96f60b43fc61dd1f3a7cceed31440c2c1232489b573e94936ba80a8742de95334d03f3c5e8de705265e09d167283ddc22cc5bee67dc957a60fb9f4c2d2632b4c344e3eacdfcb13fb0ba717a66b86a3c36b7fec2c1dd5d208aaf13d41bf7d73dfff6e2fca12883779ce8fb713acdb194eab7ced95e31df8ff97373dbfa2410f5da56dccb6d149c183e6591773bde39fb0880a65c848db8b84b38232a09671812a91bf47216714494f2d8f9cf77759e7eb89a43000b7b15e69baf5cce91f7c95b0a1b814d82144c46b5cf7c773e76ba805ab34f4702470460985401db9d936b4bab96e4daa8c594954430b4aa1716f7f8c6b80683af1d07fdb9c4cce18275aabedb6994157ea36f0cf063babe56e0a57c7053920ab829621b0c6b387010fc0c99a8fd0f8efd4ddceb5d3c6fbfeaba72620507c5602f19efff66ccaf0cddc7529c4045e6268adf1da9d8a05de975b0d70fab795e801c11f1ee76573d3fa999c22973c17e6d85b1c860e2313515185af1ecf3aafe03efb0661f65c4c1e22dbcbed9ec45fb39914962601931e45c44649b353cbdda63cba9f3d8d2d78af3376e7514c3398ac47e3256a6cb2d2b6493ff8dd154826011d3fff6db3631a14182b651e67f57b651cec90e2f87bf23023fdb74acf5958ab0eb6d30122ad3667f5e22ca34ac217b29510b1a016c27836bfe7c9781eb5e0e35137c9a3f06b88204d71af6263d2f4b8cc4bd9149a514091f097f4e80de63d90d4272aaee623b00da5a53b5fa7f15d7ac20a68ad046b7c7ec116c9d6a30378c6f509c3cd2148dc89e3a8b01eb71a4e35668cf1ac93dfccbf0948b3a5d92aaf1174db6db3f7908f832421938907f0b2d9e473ae3e49543461053e95c834c974a33e16ffbff1a62d9aa4302ae25bd33e65d90d6b58c7e6e95280a6b99e1a64734631626c4c25cb97d118377185f7a20a7a85f7de9a3924352f1aba2aaabccc1fb4ca1dc52e156df01475c6a3d8dc7367e013a567793c332a2db0e334b3b9e4d301582ad5908a3fa9b1d2750d04f02d160f7c487866e77bb4aa15d981dd3b4527d00b609c3653990528cd2168e409cdfd024a658118c18ff87f97a7599aec081305707daa32df802e39a17d3da599b60b05b228eb85fbddeb33f5114d40fadce5cdaf3250622244793647f7cb7490015113534e5318102c938e0b43183c7a4772893746fccd48e0add4d653f4916c726bf70bbbdc3cba234c74f13e896a8e41116e6c7aa55ef4fceb4570c5f8304815c264880bd5a583c8a22c464b564b32c839416767fd61c592d7b73f05d07d9268d6ebe4234d09c62baa2f3c25a86c4d8d8a1c4ba516b5ffad083fb8b6ecb1e6d4a2e81fd6a3c35138cf41aa24d573137c6396eb2a076dc578514d098cd0d37819987c25fe40d73398756df82c2850d0cdc352ca1b860584502ae820fd2ade00c3f17fb320db08f9365f5e58c60e7e2c3fcf1a4249d3348beba400ab0cb5b180677d2fe21160a2aec1c0523768b7fd0ee26119bc952a1e233245d11611b49803128f7aee50e26734aa7b291e116fea3a70f4a25b1ce25373a84ce0ffbab58c1f7f004ed5006b972e9972ae7cdb4bf2879a03402e265ac2506a30e21a3c8e215bdbcbd378d527a9ba616bac5c3aacab43b0dcb76e4bd8f6fe604285d4f66a1d65810dafce591491318241e10fe2bbb9a8318a4bb741d7349a55bece50dfaeb05d00677e8fe9d3501a341e1d6e5e7f218b6b87d10f0f96a5697ed36371c507315651e23ca44672df44aedae1f3b32aeb37fb5fc9ee923a76a2db799da579b21002eb48495aa8a5bf39c97f35a24ba7e79a2078bb9d785ef076e95ad5150caeeaf1941fe2bfb9c30f77a61964f3dfb07f966378c55ab7b1fad24873a2c7447da81a24f1dd5234fc0199d7dc6bbaa7feefed3ae28aeb7a97460049c3485a76f579a827834f17dc35b3d36c17e4884945a194227480cc7f333b274cd3241baa70e5b892afb56919ac56a04b9e25f3677d88fe31a96b15c94749ee33a7b3a427bf3cac94d42ff5c163f92391ee5dd8fd32d464e80a44f6cb266d81df672844f484182c14388607938e8157e6daa00cea3a2cf17e6ec3e92548c85d05798ee3669ec7374dc00fecd4b51a6e0bab19bed8104a099f9349a4a1b848622c5609e7c430bd540ed743fd2b9c00a24cfaa5b34de5ffad9cf783ee616ea56c31f937ec8f0d9ebc4d189892414ba029363af509ea8fc257653b0b0cc7178887d8e312f1d4b338992eef9eb3ab9ee58357b67bceffa55e65ed77cbf8d83a7061b4cffd68d5760fb3deaaa5bbb683807c5f981c0e68f521a97731c588fb10b19f777cb2e14dfac609015256922d11e20cf79f0a9cc3977fd819ac5c5a8327df88e61cb437b7ff709b8dbc87cc08207be4596cb5c51411e9ad91472f4cd814e7917072ee089e7942537526df45525244f6f47dd3f380f71ba22f5466ac6255defb88c8e4dc9b0b8608bd51d7a910cf0339c8a1d5b98001d28803f53e5bb5dbb38aa091700018e575cb173f51a2b932e9cab40d65ec937dd8fede5a9e85c4503656510b5b7551fe32f0050b777dc1c178d97a4f57866ba088fa442e179828e6a52efca9acca012bd6144991ef518f965c3752bae6c61cbfeb33f8f8ce20fe1231c0fce55", 0x1000, 0x6}], 0x1000000, &(0x7f0000002400)={[{'/+-%-'}, {'\\.,'}, {'${#'}], [{@measure='measure'}]}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000002440)) fcntl$setstatus(r0, 0x4, 0x6900) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syncfs(0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000200)=[{&(0x7f00000001c0)}], 0x1, 0x2, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) rename(&(0x7f0000000140)='./bus\x00', &(0x7f0000000180)='./bus\x00') r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x200000, 0x0) r5 = openat$vfio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio\x00', 0xc000, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x800, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$vga_arbiter(r6, &(0x7f0000002640)=@target_default='target default\x00', 0xf) sendfile(r4, r5, &(0x7f0000000100)=0x6, 0xf86) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:07:59 executing program 3: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 594.252761] overlayfs: unrecognized mount option "lowerdir" or missing value [ 594.270794] overlayfs: unrecognized mount option "lowerdir" or missing value 20:07:59 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 594.387387] audit: type=1804 audit(1617134879.881:2538): pid=14076 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1183/bus" dev="sda1" ino=14186 res=1 20:08:00 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:00 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:00 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:00 executing program 3: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:00 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 594.903909] overlayfs: unrecognized mount option "lowerdir=" or missing value [ 594.917761] FAT-fs (loop2): bogus number of reserved sectors [ 594.937865] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:00 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:00 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:00 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 594.952627] overlayfs: unrecognized mount option "lowerdir" or missing value [ 594.980247] audit: type=1804 audit(1617134880.471:2539): pid=14100 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1039/file1/bus" dev="sda1" ino=14706 res=1 20:08:00 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 595.080983] overlayfs: unrecognized mount option "lowerdir=" or missing value 20:08:00 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:00 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:00 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 595.168396] overlayfs: unrecognized mount option "lowerdir=" or missing value [ 595.184809] audit: type=1804 audit(1617134880.671:2540): pid=14119 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1183/bus" dev="sda1" ino=14186 res=1 [ 595.299273] overlayfs: unrecognized mount option "lowerdir=" or missing value 20:08:01 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:01 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:01 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:01 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./bus\x00', 0x2, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/165, 0xa5}], 0x1, 0xd9f, 0x4) getsockopt$rose(r2, 0x104, 0x6, &(0x7f0000000140), &(0x7f0000000180)=0x4) preadv(r1, &(0x7f0000000280), 0x0, 0x2, 0x0) r3 = mq_open(&(0x7f0000000080)='\x00', 0x40, 0x2, &(0x7f00000000c0)={0x6, 0x1c, 0x5, 0xfffffffffffffffa}) ftruncate(r3, 0x800) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x40082, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r2, &(0x7f0000000280), 0x0, 0xd9f, 0x0) ioctl$RTC_PLL_SET(r4, 0x40207012, &(0x7f0000000100)={0x40, 0x5, 0x9, 0x401, 0x7fffffff, 0xf7a, 0x3}) lseek(r0, 0x0, 0x2) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r5, 0x0, 0x8400fffffffa) 20:08:01 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:01 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:01 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:01 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) open(&(0x7f0000000080)='./file0\x00', 0x80000, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) [ 595.801718] overlayfs: unrecognized mount option "lowerdir=" or missing value [ 595.839672] FAT-fs (loop2): bogus number of reserved sectors 20:08:01 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(0x0) 20:08:01 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 595.865473] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:01 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 595.920903] overlayfs: failed to resolve './file1': -2 20:08:01 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 596.033188] overlayfs: unrecognized mount option "lowerdir=" or missing value 20:08:02 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:02 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:02 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:02 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(0x0) 20:08:02 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:02 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 596.646778] overlayfs: failed to resolve './file1': -2 20:08:02 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 596.737993] FAT-fs (loop2): bogus number of reserved sectors [ 596.761587] overlayfs: failed to resolve './file1': -2 20:08:02 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(0x0) 20:08:02 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) mmap(&(0x7f000009a000/0x4000)=nil, 0x4000, 0x2, 0x10, r1, 0x1301000) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:08:02 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 596.784345] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:02 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:02 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:03 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 597.573561] FAT-fs (loop2): bogus number of reserved sectors [ 597.597943] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:03 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00', r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(r1, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f0000000140)={0x1cc, r2, 0x200, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x9, 0x6e}}}}, [@NL80211_ATTR_FRAME_MATCH={0xb8, 0x5b, "ffa6b3c12ab0d38066f3f98705de02bfc17acc16b21ad257e2dd8574bd3386a797d15a4bebd9c65e393d24232a004f344993e76e31c291ea5e389ae83b1ec2c58a75271f300d5c739c216c8c034b78357056bee254a4212caaf42ccd210acdf5c13d08c7081496550dd6f8e83cd501732eef5b79261daee78377b902f50cc5701129d376d4fde6abf7f4b1b750a0e21f5c3b7304eecf6d9c40fec19e60a79cc010886a85d126f4900f67815ae33309e077573988"}, @NL80211_ATTR_FRAME_MATCH={0x31, 0x5b, "9cc263cc3c550a540530110a322d605cfc4f2c27e2075aa508c8526f4dc1e999cfc2c7f3fd46a41f2d6ebb3b84"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x8}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x6}, @NL80211_ATTR_FRAME_TYPE={0x6}, @NL80211_ATTR_FRAME_MATCH={0x98, 0x5b, "041b7642d2d913ece1367db8396b337f9f95d2eb682df489c84535f8c80281aed6828d0a66a7f1d86ba807e3309b48bfa8416da873775eb18fd8a79631e3d84425c965b20f6766dde753001359d64f6e7955b4456e19b73cd0e6611bb56714db0a923c5228b974d7b05c2b3e7e4ba8294807de5941e835a65097b11de3bb1da3000a211860f729d59e29abd0ebaa1112eac68516"}]}, 0x1cc}, 0x1, 0x0, 0x0, 0x20004010}, 0x84) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x0, 0x7e, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r4, 0x0, 0x8400fffffffa) 20:08:03 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:03 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(0x0) 20:08:03 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:03 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:04 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 598.486340] FAT-fs (loop2): bogus number of reserved sectors 20:08:04 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 598.532861] FAT-fs (loop2): Can't find a valid FAT filesystem [ 598.573681] kauditd_printk_skb: 12 callbacks suppressed [ 598.573690] audit: type=1804 audit(1617134884.062:2553): pid=14295 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1043/file1/bus" dev="sda1" ino=13986 res=1 20:08:04 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x80) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x4080, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x50, r1, 0xfffee000) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:08:04 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(0x0) 20:08:04 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:04 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 598.658278] audit: type=1804 audit(1617134884.142:2554): pid=14303 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1187/bus" dev="sda1" ino=14803 res=1 20:08:04 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(0x0) [ 598.732616] audit: type=1804 audit(1617134884.182:2555): pid=14305 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1187/bus" dev="sda1" ino=14803 res=1 [ 598.851854] audit: type=1804 audit(1617134884.222:2556): pid=14312 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1188/bus" dev="sda1" ino=14154 res=1 [ 598.896202] audit: type=1800 audit(1617134884.222:2557): pid=14312 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=14154 res=0 [ 598.935534] audit: type=1804 audit(1617134884.222:2558): pid=14312 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1188/bus" dev="sda1" ino=14154 res=1 20:08:04 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:04 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:04 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(0x0) 20:08:04 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:04 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:04 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:04 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 599.369716] FAT-fs (loop2): bogus number of reserved sectors [ 599.401661] FAT-fs (loop2): Can't find a valid FAT filesystem [ 599.458314] audit: type=1804 audit(1617134884.952:2559): pid=14342 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1044/file1/bus" dev="sda1" ino=13986 res=1 [ 599.567064] audit: type=1804 audit(1617134885.062:2560): pid=14355 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1188/bus" dev="sda1" ino=14154 res=1 20:08:05 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) getdents64(r0, &(0x7f00000000c0)=""/16, 0x10) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) sendfile(r1, r0, &(0x7f0000000080)=0x5, 0x9) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:08:05 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(0x0) 20:08:05 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:05 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:05 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 599.607646] audit: type=1804 audit(1617134885.102:2561): pid=14312 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1188/bus" dev="sda1" ino=14154 res=1 [ 599.631470] audit: type=1804 audit(1617134885.102:2562): pid=14355 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1188/bus" dev="sda1" ino=14154 res=1 20:08:05 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 599.707539] overlayfs: missing 'lowerdir' 20:08:05 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:05 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000340)=@raw=[@alu={0x7, 0x0, 0x4, 0x5, 0x7, 0xfffffffffffffffe, 0x4}, @call={0x85, 0x0, 0x0, 0x67}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @ldst={0x2, 0x1, 0x1, 0x1, 0x6, 0x4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x96b}, @generic={0x80, 0x1, 0x2, 0x5, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], &(0x7f0000000180)='syzkaller\x00', 0x3ff, 0xd7, &(0x7f00000003c0)=""/215, 0x0, 0x8, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0xb, 0x2, 0x1000}, 0x10}, 0x78) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)={&(0x7f0000000100)='./bus\x00', r1}, 0x10) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:05 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 599.827153] overlayfs: missing 'lowerdir' 20:08:05 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:05 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:05 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) [ 600.221990] FAT-fs (loop2): bogus number of reserved sectors [ 600.223356] overlayfs: missing 'lowerdir' [ 600.228823] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:06 executing program 4: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:06 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:06 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:06 executing program 5: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:06 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000100)) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = openat(r1, &(0x7f0000000000)='/proc/self/exe\x00', 0x200, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) preadv(r3, &(0x7f0000000200)=[{&(0x7f0000000140)=""/119, 0x77}], 0x1, 0x0, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) getsockopt$inet_buf(r0, 0x0, 0x11, &(0x7f0000000080)=""/54, &(0x7f00000000c0)=0x36) r4 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x8, 0x10000) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000240)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f00000004c0)={{r4}, r5, 0x18, @inherit={0x70, &(0x7f0000000440)={0x1, 0x5, 0x8, 0x9, {0x2, 0x0, 0x0, 0x9, 0x2000000000000}, [0x9, 0x10000, 0x7, 0x80000000, 0x2]}}, @name="ceb826a715532f66b73a017ffc947491d7dcd956a580c2d5ab7031fd4385299d8112090fe11ba2a0965657fb48ae108dfbf5731a651a469835000a5511156526187e8f8a3eb620c23cddf1f91ea535aa51eb0cc48029500183b28502baf8d9bf9d289623dea8efc763e282d65e32e1a22bf8c46da833b05245981dbc86e05d1e8d464c51d99d127a0cb42b05fa3a33487e926ded11e2869ce05faa172778e78ae3e4d181f6dcd146291ac36ee36832173bdc9671b7e31566be0148e5c78760335021deeaf3ac4dcadf6c6f9c4402c5017f33783495c934013b036999e02b26a52c63e4931588ffeaf75e4d66bd28b50f05650bc3bb6d039510434a34241b1fde084841b24d0234ffe55e2939c95fac184fdc60aa740c801a6cb3a4bba77093ad0722044a6edae4707e0ea0b8ec8f0286a027d7247f1d2bd2413035f89cb780cfe2219c4b6ad5c80597a0dc0e5930ef6e5092bdb3dacedd11f32d3407d52e1dd708db433835765ff0c1f5b2433a6421afd5618f15964be73a821898032d301d5baca2ec4412834b86200a12f4222d8a3cbc844bf357c1d8e22dfba532994c27888f2de05fc2bfbb29cd6e20f9e6b1bc2d74899ebfe6834daa6f4bb50120f0d9ccb3359c1440fc30708e40e1d98bfc357fc155e2f6e7761e373197f2444e971f566fd4c8c9284bf5d2d14884a5f861b829d76b76d92ec94b690d36c5059d80f0eb54cf9e0e3201cf3177f034501c66233b69b0816f6424da77d4ce543b3f7047a96fc97ce916776e8fd02c6dac812a7ee737db24ed11c24cfbb68c69be4e2962c7ff9034b28d0b62348b68e5f42ecc82c214dfb8ead52f07701e81bc2980054abd27773ad3070934944bf5ac309b4abff5b3e132e8b8f84c0a60f3f2f5c86302a3c2de71703139ec7d91da13e0b23dbd19501fbc525e591b80862b5f230a8754a3bb4b0f8aa9778415c01ff4c4d7cef779749bf1618813c03edb5371daf2c0715a560aac7c68d54bb18cf2221334019304c478a24548f14e7509acfc68bae91ac3c60ea6bb93faf02beb5c9ded7e81e09ee9dcc2d9acaee8d5327c60ac1ddfec9c0da9ed6db600107483d0a5a86dd0982bc7ea4156f247688e33c0d5fbd77d9a745d479b741bb2eeb9e4436b983e0472c6dde7fd12b24a79a9923ac64ed8a7d0ab4b1b6e3a7510ad445903f226e70339672d0a53ef1f90a07277d59d0a104dab8a0a559205ec092eeccf48ba86892c1d999a8822afdf8824a148efb154a12ff7c717b82ca0c39d69cb1800abde85cbeaa2cb9902f08d5c0b2eadc6d3b098320ca03bed6a2627265eb3216239b954faf6a53578ffe95887897842f426caf2f5a6ff55b8d327d8e80381348d96ab3f137046bce52043c84f0fcec925f54f43515d40a6b0bcb5c893776f801ba01f954426d7471101fe7d6cdc1e26918f3639a60a6fcbca3c849867d7b6445375475dda0d6025ab68d3f003ab80c039d2c699469c4c6164ff815222b8f7ce149a61f80cfc5cc93f3e82eb3ae92051d788b92f5d5be19ba5b1265da71c4bf217dfbfb091d0a816c1f49d04c07aba7b1e0890a7d7ee8d37cc1985f1efc21863ac26ba713489143a8cc4f62ac68103bb2384faf6d0d58d62167138274d17f5cdb69c327f20172fa23ca63d630f991f5781bff908e793ea32ff4c90fbf091979793bb017c1bf4217ff3d740552f977d34dd8bb9be9fb81e1c704b06f38d1bd56def25c215b1ea5ae087a08c1f24f2637526835e0e41b732242d56517cb5cca0a8dd06a88c016bad5f63031b0ee414fd9ae03eaba7e9e7e122579cab7601819d3d1b556705301f7f0abc2bc59859a6b309b52e6707cf35636bd228d0a83cb53872e24d06c82d4a60c404a94773a198c2a3cb7c544b13d0c26a70fad17cdb65d57ceec4073b0ffc44be5d7f5dd5457d4fc752c3fd9f9c2ede51032eaa9d1435fe8b20c776604003b67779220bcd5a7df5d938a8fe370ba8e65cd601e0a81980664727bcc2ff6997b27560282482a0f7aa2f940474da4fcb624a11761b4e1054f32249a8a6fd414fc0f486ef6c209c62096c349dcb4f28a5ff7612f9c44a841b66c5ef6315e5dc3852a63e202a8e172e64c41f43c7f10d7902120d27632a89ef0b6420050829f9e482cb271ee4ad88e47a677c8d9fda99a1a69bca8a2a426c973560d39993a69e8e1d592240f432ff79c49263e6475cab307437dee403ad9bdbda409f606d7b7715f1498b16f11fb80a7e5e68319058256df11181b972dbea1018dd44eb119871ea18d46c6e783e59f98b670b24fead457fc70efbe218c5acfbc1a23d9921d7acfd5489b9d71fae4894f5385de761bcfd8c651a76fb752e86514c09739aa00b336771269a58ec1a9239d13ed0e0eb205a4a3258268786cc9febeac10f53b506aaf7e2233fae7bdcc8cacf112ada4f7eecce878c0e0be15be2b4c5b593ee0e00d83ce08b3b08238bcc88d78a4ae95ae5bb699b6918774778a60cfc1b6151c2e8083c1c3fb94a8b73c3a8478d241a0df0bde3168218b71ad43e1f7b0d227d0abacfba219a720be05ad9eacb13ec8d58325ebcab8ea42934814ed4e7b4b825fbf9470610fcd76b0428a0ff5001c3fd6faf33a93a1e9fdc92a7ec59b35b6410be92c3d3cd55149dc756efe8abf91cef92fb80520d6f7018e479c0f736a7bc732a2eccc48a8439c07a716c600577d0a4a1f00c0f6826b28a7f5b638107d78563af8f075d5169c4be6e16c648f41886c7e5b3dbf6d2e2216cd5c78068b6bf03d71cfb1c9e0990d8835ccc49eeb33c840cf252348849e552ea4c8f12c755f0d9a03a9082a24600af1ad93bd9d88dfe5d91251aa8bf99b68c1bb13d0b32d0fe460ce8c37c6edffc923df9e870513c9020d52b12b36b872db6d4989bc8b7ca9135ca174f407dd89c7284d8b637478cafabeecc3260ce3133933755657540b0ba770173356bb063eaaecfb84bb0b39906f8801709734a191e233b968d18ac647007cc276894b575623c848a1a8b67c02fe904eb5734696e98df3fdf34ed25497f92af95308a9dac2fb0654ae3f384899a8d04cfd65f41fb68683d6e164c47a0a4d73e201806fd58f33ca3aa3866e2df6f0916bcd4fcf96fd32236995927df2538039860569df3cb3e5099aa2ec00ccfc1e40184617ae4ad0472f14909c80b90f0d6a6e49e4f881203bc7199952407ffb3d73b5d371ce7bcbdfc24485f8d25e10199fe9d59821ae5330e78364476dc71a0df322d420eafc70583180a99d35a134be3d5dcd60a958ec7dc31b1616597c8f56b8549031ec80ae6a854e0bb6afdfd1f9eb9eea56f405a6d3cb7c222ed4dcafaa4d1e72e9f07197c61f5475f58accefa58ba6820468f8ad268aeaf5a355f39888b15bde44caa388d195658c9390675e3adf3bfba125503e1a3c099b91eb839360cebe1f4ec362b5059e4e799b8da3942c089fe17dc6f3dd3d46d660e169d4864a247ee53c2411cf8d0cf4a9791193d4380c7a87fa7ca4e8470e98c8842d2d841289593e0a9aa623c5634136b25f7b38c350e3050260468e7c5ec63b569cd8261957896f0aeb7afc48d3cccfd162cdf841786ca65956e50807b6a3a0fa8823d67c97eb1785054fc06a0e440b6ac2c9b7477fb2e4ae1173f9f89e0e4538887969858d527105f537be0b228c1c429bb87a296a615cba665c9ba00818fb993f8fc5bb1c3d4976408f6e789edf4cd54bd4c10078d95639d7e03acba5bddb8b0953ceed084cd1b8bcdbd40a7014a771100f16f53a364fd622447ab11f20d8f11c6b620d27a261f8944899718f9250ff9cf73b0377f204ca55020da201230974d51e131c2d8927162f58d600f6afa7eba7a0e4f30cab0820937a3597c5ae9d5ff524926486b1fdce916622ec4501d7aae8b516bf1bec51e7e55da12a1a11806f0af92409005e58f91226dd1243303b0fc09715a9fb6919dee07abeb67387533dff59ce89ad35bc75e054173b715c462eeceba40ff29d54f6b1b924c9f4a1201c37cee8076fb5da82e8e1cb191d2e9ad5f19786d3e3c747698725638514bbde6cb286f5edef4de32b26222c5de49e11ddf74f995594e1d56b1493c0560bf326baac65e2b4334d0a312648487c4c4f5b112c3e11fc3ac5ad7b11a9599725963b00fdaf55cf59ca783c66d0bf0fff2ad778c0ee554dac11f955fe4b1c54fda1b125dc4ca18811eaec053bfcc82d0687188431b4c39ec2af8d801ecc7f60fbec430def4039965eeaefc2d42c5bdb0d52323dc7435f61a07263232edf706ef5e0a3c33e7c25e56d2b3b254aaa633f6883ad0e129f152c98f1cc1ffcff5423f8a42194d446e14a18d0953de0bff7cbbb2cf074c1d391cb043520392ad8ab25c449e0634c610e3d6930a7ff9ce58e881b3b638f97608238fa64c83ad9775e19ef487527ae17a0de6d42d222e4736e4751e48d312abad86e5a85973a003e39e3019588a9f1ddcc2140bc76daaad50dce9a076df98463ad527717eb1bb51040d68a9177d39a95b39f5ebbdba2b2cfa47c2331d8c6c967c8c030a674de88f270c728fab4070886a9718af58839e56cb3ab344a870d0a9d5d1a517824b3e576b86deae20211e800a1dbdb94684a6bf2d6ef85a36d530cf63563dc9ec112174edd7b0bd6435e9929507714026b076bb840f00146e040ca798fadd771f58027584c64527208722c25ab32a5c017fb78d3004ac3909fc945b949fde510f138b82647cd6a587ce5996448188d0203b19f4dc4e037abe4c92853201a29bb288d4d4e1f98999b9a6e78bb799287436dea61b699a14a1a4835ceb3c19c477711b29da339e1cea5127c9ae9447594170b779e2769ab3f47b47585a5edcecea5a33893dfaf027fca2395b86c6b0d1841aad40d70395e051567796b11699756961552c82654c927f19e8b4dbf55b80e13d1ab00b54055553ac8ab5691ec3e535050acdda5c2cfae5af52372ed5180675ba95afc2df304ad36032e5ff9fcdca1891f79e3b599fc75b0a45b0262c58f2e44cb27e2c65ecc95d35f143cfe770c990d586942881d4e91c27cbc8d6bf1a198c377317cff7542fb7af63a36ffc46de2334036b7f843fc3716ae7f197f5fa8d8c4e3d55503f1551fac864438f8c5e89af02522910fbcbad0db7f13454e388d4554e07337b08d882c46a9bcfd8dd8128453636ad9b5da82556bbf1c8cb00dda7cecb50272956ee50ecf19e4502cb448aac4402650395d3de51fbaf0e693e346ff6695401e1267ca3dd349bb064aa55571d08c844b6b8a18968a4d15810bffc6ea28b909d6366da6bdb532c946161db04d954de1d93a9841faede4ba8922b32cfaca3b0b81db746cd70c447987104fd89852775e6b4d047d9625099db413895b987d3bc2499821bd3e4e776dc2db230635a313541a639d77b749ea57aad66ff1f211474dd60623418928df8759da865319bd776cb8356d6034fd9cee4ad8cba0024a7dac299ee7c99f9479ab755ee32c3799e6fb24228efd2b62fb2f7d897fd9eb05f790ead20fbe01b11c499cc4ec100f4ae517cb8414effa24c8d5d2a8c08dd29c4edc3dda00ae22e53504c5d6ade2fb7e156d28ba52d93d8ba4a3489845414abe85ef74152984e9d9e8d35406ae0d0227f3e28e2dbaf155d831c2668fdd3ca8efcaee3ae50cd432dec01bd952a8374e0beb56bd00182c4bd031cda28a9ba1d7491cec1942d5d799af636a5066e"}) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r6, 0x0, 0x8400fffffffa) 20:08:06 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:06 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 600.716266] overlayfs: missing 'lowerdir' [ 600.722045] FAT-fs (loop5): bogus number of reserved sectors [ 600.741069] FAT-fs (loop5): Can't find a valid FAT filesystem 20:08:06 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:06 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 600.917030] overlayfs: missing 'lowerdir' 20:08:06 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:06 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:06 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 601.148979] overlayfs: missing 'lowerdir' 20:08:06 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:06 executing program 4 (fault-call:6 fault-nth:0): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 601.177369] FAT-fs (loop2): bogus number of reserved sectors [ 601.204193] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:06 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 601.312024] overlayfs: missing 'lowerdir' [ 601.366704] FAULT_INJECTION: forcing a failure. [ 601.366704] name failslab, interval 1, probability 0, space 0, times 0 [ 601.421733] CPU: 1 PID: 14458 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 601.429649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 601.439004] Call Trace: [ 601.441609] dump_stack+0x1b2/0x281 [ 601.445260] should_fail.cold+0x10a/0x149 [ 601.449431] should_failslab+0xd6/0x130 [ 601.453519] kmem_cache_alloc+0x28e/0x3c0 [ 601.457682] getname_flags+0xc8/0x550 [ 601.461484] ? SyS_unlinkat+0x70/0x70 [ 601.465284] do_unlinkat+0x9e/0x5c0 [ 601.468918] ? do_rmdir+0x3c0/0x3c0 [ 601.472541] ? fput+0xb/0x140 [ 601.475640] ? SyS_write+0x14d/0x210 [ 601.479348] ? SyS_read+0x210/0x210 [ 601.482963] ? __do_page_fault+0x159/0xad0 [ 601.487188] ? do_syscall_64+0x4c/0x640 [ 601.491157] ? SyS_unlinkat+0x70/0x70 [ 601.494959] do_syscall_64+0x1d5/0x640 [ 601.498843] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 601.504013] RIP: 0033:0x466459 [ 601.507222] RSP: 002b:00007f103e279188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 601.515029] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 20:08:07 executing program 5 (fault-call:6 fault-nth:0): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 601.522307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 601.529587] RBP: 00007f103e2791d0 R08: 0000000000000000 R09: 0000000000000000 [ 601.536868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.544121] R13: 00007ffc0a9b1e7f R14: 00007f103e279300 R15: 0000000000022000 [ 601.639661] FAULT_INJECTION: forcing a failure. [ 601.639661] name failslab, interval 1, probability 0, space 0, times 0 [ 601.661486] CPU: 1 PID: 14469 Comm: syz-executor.5 Not tainted 4.14.228-syzkaller #0 [ 601.669413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 601.678776] Call Trace: [ 601.681380] dump_stack+0x1b2/0x281 [ 601.685030] should_fail.cold+0x10a/0x149 20:08:07 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:07 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:07 executing program 4 (fault-call:6 fault-nth:1): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:07 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = memfd_create(&(0x7f0000000100)='\x00', 0x6) ioctl$int_out(r1, 0x5462, &(0x7f0000000140)) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000080)=ANY=[@ANYBLOB="0200000000000000010000000200000000000000000000000700000000000000ffffffffffffffff00100000000000000600000007000000ccffffff05000011000000000000000000000080070000000000000000008100"/104]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) [ 601.689211] should_failslab+0xd6/0x130 [ 601.693205] kmem_cache_alloc+0x28e/0x3c0 [ 601.697366] getname_flags+0xc8/0x550 [ 601.701175] ? SyS_unlinkat+0x70/0x70 [ 601.705079] do_unlinkat+0x9e/0x5c0 [ 601.708718] ? do_rmdir+0x3c0/0x3c0 [ 601.712354] ? fput+0xb/0x140 [ 601.715465] ? SyS_write+0x14d/0x210 [ 601.719193] ? SyS_read+0x210/0x210 [ 601.722831] ? __do_page_fault+0x159/0xad0 [ 601.727077] ? do_syscall_64+0x4c/0x640 [ 601.731068] ? SyS_unlinkat+0x70/0x70 [ 601.734886] do_syscall_64+0x1d5/0x640 [ 601.738790] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 601.743989] RIP: 0033:0x466459 [ 601.747185] RSP: 002b:00007fded9971188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 601.749593] FAULT_INJECTION: forcing a failure. [ 601.749593] name failslab, interval 1, probability 0, space 0, times 0 [ 601.754983] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 601.754989] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 601.754993] RBP: 00007fded99711d0 R08: 0000000000000000 R09: 0000000000000000 20:08:07 executing program 5 (fault-call:6 fault-nth:1): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 601.754998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.755002] R13: 00007ffe6c9f617f R14: 00007fded9971300 R15: 0000000000022000 [ 601.805227] CPU: 0 PID: 14478 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 601.813150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 601.822494] Call Trace: [ 601.825069] dump_stack+0x1b2/0x281 [ 601.828679] should_fail.cold+0x10a/0x149 [ 601.832812] should_failslab+0xd6/0x130 [ 601.836791] kmem_cache_alloc+0x28e/0x3c0 [ 601.840941] __d_alloc+0x2a/0xa20 [ 601.844394] d_alloc+0x46/0x240 [ 601.847686] d_alloc_parallel+0xd6/0x16b0 [ 601.851817] ? __lock_acquire+0x5fc/0x3f20 [ 601.856061] ? __lock_acquire+0x5fc/0x3f20 [ 601.860279] ? __d_lookup_rcu+0x640/0x640 [ 601.864412] ? lock_acquire+0x170/0x3f0 [ 601.868367] ? lookup_slow+0x129/0x400 [ 601.872238] lookup_slow+0x175/0x400 [ 601.875941] ? follow_dotdot_rcu+0xf00/0xf00 [ 601.880326] ? lookup_fast+0x430/0xe30 [ 601.884199] ? ns_capable_common+0x127/0x150 [ 601.888591] walk_component+0x6a1/0xbc0 [ 601.892551] ? lookup_fast+0xe30/0xe30 [ 601.896437] ? selinux_is_enabled+0x5/0x50 [ 601.900651] ? revert_creds+0x268/0x380 [ 601.904608] ? security_inode_permission+0xb5/0xf0 [ 601.909518] ? ovl_getattr+0x6c0/0x6c0 [ 601.913390] link_path_walk+0x823/0x10a0 [ 601.917438] ? walk_component+0xbc0/0xbc0 [ 601.921568] path_parentat+0x41/0x120 [ 601.925352] filename_parentat+0x176/0x520 [ 601.929567] ? getname+0x20/0x20 [ 601.932919] ? check_stack_object+0x86/0xa0 [ 601.937251] ? __phys_addr_symbol+0x1f/0x60 [ 601.941552] ? __check_object_size+0x179/0x230 [ 601.946119] ? strncpy_from_user+0x210/0x2c0 [ 601.950509] ? getname_flags+0x22e/0x550 [ 601.954553] ? SyS_unlinkat+0x70/0x70 [ 601.958336] do_unlinkat+0xc2/0x5c0 [ 601.961946] ? do_rmdir+0x3c0/0x3c0 [ 601.965556] ? fput+0xb/0x140 [ 601.968660] ? SyS_write+0x14d/0x210 [ 601.972357] ? SyS_read+0x210/0x210 [ 601.975984] ? __do_page_fault+0x159/0xad0 [ 601.980214] ? do_syscall_64+0x4c/0x640 [ 601.984170] ? SyS_unlinkat+0x70/0x70 [ 601.987951] do_syscall_64+0x1d5/0x640 [ 601.991823] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 601.996993] RIP: 0033:0x466459 [ 602.000163] RSP: 002b:00007f103e279188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 602.007851] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 602.015107] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 602.022375] RBP: 00007f103e2791d0 R08: 0000000000000000 R09: 0000000000000000 [ 602.029625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 20:08:07 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) [ 602.036874] R13: 00007ffc0a9b1e7f R14: 00007f103e279300 R15: 0000000000022000 20:08:07 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:07 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 602.125106] overlayfs: missing 'lowerdir' [ 602.142853] FAT-fs (loop2): bogus number of reserved sectors 20:08:07 executing program 4 (fault-call:6 fault-nth:2): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 602.188145] FAT-fs (loop2): Can't find a valid FAT filesystem [ 602.243656] overlayfs: missing 'lowerdir' [ 602.252086] FAULT_INJECTION: forcing a failure. [ 602.252086] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 602.263915] CPU: 0 PID: 14495 Comm: syz-executor.5 Not tainted 4.14.228-syzkaller #0 [ 602.271803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.281164] Call Trace: [ 602.283766] dump_stack+0x1b2/0x281 [ 602.287501] should_fail.cold+0x10a/0x149 [ 602.291666] __alloc_pages_nodemask+0x22c/0x2720 [ 602.296453] ? __lock_acquire+0x5fc/0x3f20 [ 602.300724] ? _copy_from_user+0x96/0x100 [ 602.304892] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 602.309754] ? get_pid_task+0x91/0x130 [ 602.313660] ? lock_downgrade+0x740/0x740 [ 602.317826] ? get_pid_task+0xb8/0x130 [ 602.321726] ? proc_fail_nth_write+0x7b/0x180 [ 602.326241] cache_grow_begin+0x91/0x630 [ 602.330325] ? check_preemption_disabled+0x35/0x240 [ 602.335357] cache_alloc_refill+0x273/0x350 [ 602.339694] kmem_cache_alloc+0x333/0x3c0 [ 602.343855] getname_flags+0xc8/0x550 [ 602.347667] ? SyS_unlinkat+0x70/0x70 [ 602.351483] do_unlinkat+0x9e/0x5c0 [ 602.355203] ? do_rmdir+0x3c0/0x3c0 [ 602.358828] ? fput+0xb/0x140 [ 602.361934] ? SyS_write+0x14d/0x210 [ 602.365655] ? SyS_read+0x210/0x210 [ 602.369291] ? __do_page_fault+0x159/0xad0 [ 602.373539] ? do_syscall_64+0x4c/0x640 [ 602.377526] ? SyS_unlinkat+0x70/0x70 [ 602.377627] FAULT_INJECTION: forcing a failure. [ 602.377627] name failslab, interval 1, probability 0, space 0, times 0 [ 602.381330] do_syscall_64+0x1d5/0x640 [ 602.381347] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 602.381354] RIP: 0033:0x466459 [ 602.381365] RSP: 002b:00007fded9971188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 602.412481] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 602.419740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 602.426993] RBP: 00007fded99711d0 R08: 0000000000000000 R09: 0000000000000000 [ 602.434260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 602.441592] R13: 00007ffe6c9f617f R14: 00007fded9971300 R15: 0000000000022000 [ 602.448884] CPU: 1 PID: 14506 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 602.456922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.466282] Call Trace: [ 602.468885] dump_stack+0x1b2/0x281 [ 602.472530] should_fail.cold+0x10a/0x149 [ 602.475763] overlayfs: unrecognized mount option "workdi" or missing value [ 602.476685] should_failslab+0xd6/0x130 [ 602.476699] kmem_cache_alloc+0x28e/0x3c0 20:08:07 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:07 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:08 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 602.476710] __d_alloc+0x2a/0xa20 [ 602.476722] d_alloc+0x46/0x240 [ 602.498574] d_alloc_parallel+0xd6/0x16b0 [ 602.502731] ? __lock_acquire+0x5fc/0x3f20 [ 602.506988] ? __d_lookup_rcu+0x640/0x640 [ 602.511149] ? lock_acquire+0x170/0x3f0 [ 602.515137] ? lookup_slow+0x129/0x400 [ 602.519038] lookup_slow+0x175/0x400 [ 602.522771] ? follow_dotdot_rcu+0xf00/0xf00 [ 602.527193] ? lookup_fast+0x430/0xe30 [ 602.531098] ? ns_capable_common+0x127/0x150 [ 602.535521] walk_component+0x6a1/0xbc0 [ 602.539508] ? lookup_fast+0xe30/0xe30 [ 602.543406] ? selinux_is_enabled+0x5/0x50 [ 602.547648] ? revert_creds+0x268/0x380 [ 602.551634] ? security_inode_permission+0xb5/0xf0 [ 602.556588] ? ovl_getattr+0x6c0/0x6c0 [ 602.560493] link_path_walk+0x823/0x10a0 [ 602.564579] ? walk_component+0xbc0/0xbc0 [ 602.568745] path_parentat+0x41/0x120 [ 602.572563] filename_parentat+0x176/0x520 [ 602.574583] overlayfs: unrecognized mount option "workdi" or missing value [ 602.576809] ? getname+0x20/0x20 [ 602.576823] ? check_stack_object+0x86/0xa0 20:08:08 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 602.576837] ? __phys_addr_symbol+0x1f/0x60 [ 602.595830] ? __check_object_size+0x179/0x230 [ 602.600427] ? strncpy_from_user+0x210/0x2c0 [ 602.604846] ? getname_flags+0x22e/0x550 [ 602.608919] ? SyS_unlinkat+0x70/0x70 [ 602.612909] do_unlinkat+0xc2/0x5c0 [ 602.617505] ? do_rmdir+0x3c0/0x3c0 [ 602.621144] ? fput+0xb/0x140 [ 602.624259] ? SyS_write+0x14d/0x210 [ 602.627985] ? SyS_read+0x210/0x210 [ 602.631632] ? __do_page_fault+0x159/0xad0 [ 602.635884] ? do_syscall_64+0x4c/0x640 [ 602.639871] ? SyS_unlinkat+0x70/0x70 20:08:08 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 602.643689] do_syscall_64+0x1d5/0x640 [ 602.647594] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 602.651083] overlayfs: unrecognized mount option "workdi" or missing value [ 602.652785] RIP: 0033:0x466459 [ 602.652791] RSP: 002b:00007f103e279188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 602.652801] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 602.652806] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 602.652811] RBP: 00007f103e2791d0 R08: 0000000000000000 R09: 0000000000000000 20:08:08 executing program 5 (fault-call:6 fault-nth:2): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:08 executing program 4 (fault-call:6 fault-nth:3): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 602.652815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 602.652824] R13: 00007ffc0a9b1e7f R14: 00007f103e279300 R15: 0000000000022000 20:08:08 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x18) fcntl$setstatus(r0, 0x4, 0x6900) ftruncate(r0, 0x3) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r3, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) write(r3, &(0x7f0000000100)="82de2206ff37d5653d44f0687f709c338fa1879bb4f69b744dd47f046271a774036c1d3b263b1ec2aa3fcf0cbabaa597e2a0d451fc8e1dffb9db5f91294a31847fc246a25b5e285edd572ec27148ad06132dc23d463207fd53c4e1dafc266b7cce31cbe6c634c5d0e8d30aa33bbcbbc30b5e42f9be6d521f230fc630840c55be2ac4e445b25c47f38196b45b2dd7a845", 0x90) r4 = accept(r1, &(0x7f00000001c0)=@alg, &(0x7f0000000240)=0x80) sendmsg$nl_route(r4, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000016800000426bd7003fbdbdf250a000300180000000c000400"], 0x1c}, 0x1, 0x0, 0x0, 0x20008011}, 0x10) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0) ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f00000000c0)=0x3) [ 602.762798] overlayfs: missing 'lowerdir' [ 602.873596] FAULT_INJECTION: forcing a failure. [ 602.873596] name failslab, interval 1, probability 0, space 0, times 0 [ 602.896624] FAULT_INJECTION: forcing a failure. [ 602.896624] name failslab, interval 1, probability 0, space 0, times 0 [ 602.912276] CPU: 1 PID: 14532 Comm: syz-executor.5 Not tainted 4.14.228-syzkaller #0 [ 602.920190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.929550] Call Trace: [ 602.932162] dump_stack+0x1b2/0x281 [ 602.935802] should_fail.cold+0x10a/0x149 [ 602.939952] should_failslab+0xd6/0x130 [ 602.943922] kmem_cache_alloc+0x28e/0x3c0 [ 602.948060] __d_alloc+0x2a/0xa20 [ 602.951498] d_alloc+0x46/0x240 [ 602.954763] d_alloc_parallel+0xd6/0x16b0 [ 602.958896] ? __lock_acquire+0x5fc/0x3f20 [ 602.963118] ? __d_lookup_rcu+0x640/0x640 [ 602.967252] ? lock_acquire+0x170/0x3f0 [ 602.971214] ? lookup_slow+0x129/0x400 [ 602.975100] lookup_slow+0x175/0x400 [ 602.978907] ? follow_dotdot_rcu+0xf00/0xf00 [ 602.983297] ? lookup_fast+0x430/0xe30 [ 602.987174] ? ns_capable_common+0x127/0x150 [ 602.991565] walk_component+0x6a1/0xbc0 [ 602.995550] ? lookup_fast+0xe30/0xe30 [ 602.999420] ? selinux_is_enabled+0x5/0x50 [ 603.003637] ? revert_creds+0x268/0x380 [ 603.007597] ? security_inode_permission+0xb5/0xf0 [ 603.012510] ? ovl_getattr+0x6c0/0x6c0 [ 603.016401] link_path_walk+0x823/0x10a0 [ 603.020464] ? walk_component+0xbc0/0xbc0 [ 603.024599] path_parentat+0x41/0x120 [ 603.028386] filename_parentat+0x176/0x520 [ 603.032605] ? getname+0x20/0x20 [ 603.035957] ? check_stack_object+0x86/0xa0 [ 603.040262] ? __phys_addr_symbol+0x1f/0x60 [ 603.044571] ? __check_object_size+0x179/0x230 [ 603.049140] ? strncpy_from_user+0x210/0x2c0 [ 603.053532] ? getname_flags+0x22e/0x550 [ 603.057577] ? SyS_unlinkat+0x70/0x70 [ 603.061361] do_unlinkat+0xc2/0x5c0 [ 603.064974] ? do_rmdir+0x3c0/0x3c0 [ 603.068582] ? fput+0xb/0x140 [ 603.071669] ? SyS_write+0x14d/0x210 [ 603.075364] ? SyS_read+0x210/0x210 [ 603.078973] ? __do_page_fault+0x159/0xad0 [ 603.083191] ? do_syscall_64+0x4c/0x640 [ 603.087148] ? SyS_unlinkat+0x70/0x70 [ 603.090932] do_syscall_64+0x1d5/0x640 [ 603.094809] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 603.099982] RIP: 0033:0x466459 [ 603.103154] RSP: 002b:00007fded9971188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 603.110847] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 603.118099] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 603.125352] RBP: 00007fded99711d0 R08: 0000000000000000 R09: 0000000000000000 [ 603.132607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 603.139861] R13: 00007ffe6c9f617f R14: 00007fded9971300 R15: 0000000000022000 [ 603.147143] CPU: 0 PID: 14533 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 603.155038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.164397] Call Trace: [ 603.166997] dump_stack+0x1b2/0x281 [ 603.170637] should_fail.cold+0x10a/0x149 [ 603.174803] should_failslab+0xd6/0x130 [ 603.178796] kmem_cache_alloc+0x28e/0x3c0 [ 603.182960] __d_alloc+0x2a/0xa20 [ 603.186429] ? is_bpf_text_address+0x91/0x150 [ 603.190933] d_alloc+0x46/0x240 [ 603.194230] d_alloc_parallel+0xd6/0x16b0 [ 603.198407] ? __lock_acquire+0x5fc/0x3f20 [ 603.202624] ? trace_hardirqs_on+0x10/0x10 [ 603.206843] ? __save_stack_trace+0xa0/0x160 [ 603.211231] ? deref_stack_reg+0x124/0x1a0 [ 603.215446] ? lock_downgrade+0x740/0x740 [ 603.219580] ? __d_lookup_rcu+0x640/0x640 [ 603.223718] ? lock_acquire+0x170/0x3f0 [ 603.227707] ? lookup_slow+0x129/0x400 [ 603.231599] lookup_slow+0x175/0x400 [ 603.235296] ? lock_downgrade+0x740/0x740 [ 603.239427] ? follow_dotdot_rcu+0xf00/0xf00 [ 603.243820] ? d_lookup+0x156/0x220 [ 603.247431] lookup_one_len_unlocked+0x3a0/0x410 [ 603.252219] ? vfs_link+0xb40/0xb40 [ 603.255887] ovl_lookup_single+0x33/0x6d0 [ 603.260022] ? check_preemption_disabled+0x35/0x240 [ 603.265031] ovl_lookup_layer+0x2ef/0x3d0 [ 603.269163] ? d_alloc_parallel+0x666/0x16b0 [ 603.273554] ? ovl_lookup_single+0x6d0/0x6d0 [ 603.277944] ? lock_downgrade+0x740/0x740 [ 603.282076] ovl_lookup+0x352/0x1120 [ 603.285772] ? d_alloc_parallel+0x82e/0x16b0 [ 603.290166] ? ovl_path_next+0x200/0x200 [ 603.294213] ? __d_lookup_rcu+0x640/0x640 [ 603.298346] ? lock_acquire+0x170/0x3f0 [ 603.302304] ? lookup_slow+0x129/0x400 [ 603.306179] lookup_slow+0x20a/0x400 [ 603.309880] ? follow_dotdot_rcu+0xf00/0xf00 [ 603.314273] ? lookup_fast+0x430/0xe30 [ 603.318166] ? ns_capable_common+0x127/0x150 [ 603.322558] walk_component+0x6a1/0xbc0 [ 603.326519] ? lookup_fast+0xe30/0xe30 [ 603.330388] ? selinux_is_enabled+0x5/0x50 [ 603.334609] ? revert_creds+0x268/0x380 [ 603.338568] ? security_inode_permission+0xb5/0xf0 [ 603.343478] ? ovl_getattr+0x6c0/0x6c0 [ 603.347351] link_path_walk+0x823/0x10a0 [ 603.351400] ? walk_component+0xbc0/0xbc0 [ 603.355547] path_parentat+0x41/0x120 [ 603.359340] filename_parentat+0x176/0x520 [ 603.363563] ? getname+0x20/0x20 [ 603.366918] ? check_stack_object+0x86/0xa0 [ 603.371222] ? __phys_addr_symbol+0x1f/0x60 [ 603.375526] ? __check_object_size+0x179/0x230 [ 603.380091] ? strncpy_from_user+0x210/0x2c0 [ 603.384507] ? getname_flags+0x22e/0x550 [ 603.388551] ? SyS_unlinkat+0x70/0x70 [ 603.392334] do_unlinkat+0xc2/0x5c0 [ 603.395945] ? do_rmdir+0x3c0/0x3c0 [ 603.399553] ? fput+0xb/0x140 [ 603.402641] ? SyS_write+0x14d/0x210 [ 603.406338] ? SyS_read+0x210/0x210 [ 603.409949] ? __do_page_fault+0x159/0xad0 [ 603.414174] ? do_syscall_64+0x4c/0x640 [ 603.418144] ? SyS_unlinkat+0x70/0x70 [ 603.421935] do_syscall_64+0x1d5/0x640 [ 603.425810] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 603.430984] RIP: 0033:0x466459 [ 603.434181] RSP: 002b:00007f103e279188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 603.441875] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 603.449129] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 603.456383] RBP: 00007f103e2791d0 R08: 0000000000000000 R09: 0000000000000000 [ 603.463661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 603.470915] R13: 00007ffc0a9b1e7f R14: 00007f103e279300 R15: 0000000000022000 20:08:09 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:09 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:09 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:09 executing program 5 (fault-call:6 fault-nth:3): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:09 executing program 4 (fault-call:6 fault-nth:4): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 603.617589] overlayfs: missing 'lowerdir' 20:08:09 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:09 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x129082, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x200, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100)='batadv\x00', r2) r5 = socket(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, r4, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8000}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x44}, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) [ 603.660592] kauditd_printk_skb: 12 callbacks suppressed [ 603.660602] audit: type=1804 audit(1617134889.152:2575): pid=14541 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1192/bus" dev="sda1" ino=14304 res=1 20:08:09 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 603.726067] FAULT_INJECTION: forcing a failure. [ 603.726067] name failslab, interval 1, probability 0, space 0, times 0 [ 603.728095] FAULT_INJECTION: forcing a failure. [ 603.728095] name failslab, interval 1, probability 0, space 0, times 0 [ 603.761905] CPU: 0 PID: 14554 Comm: syz-executor.4 Not tainted 4.14.228-syzkaller #0 [ 603.769831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.779192] Call Trace: [ 603.781788] dump_stack+0x1b2/0x281 [ 603.785425] should_fail.cold+0x10a/0x149 [ 603.789569] should_failslab+0xd6/0x130 [ 603.793529] __kmalloc+0x2c1/0x400 [ 603.797060] ? ovl_lookup+0x4d3/0x1120 [ 603.800326] audit: type=1804 audit(1617134889.182:2576): pid=14541 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1192/bus" dev="sda1" ino=14304 res=1 [ 603.800949] ovl_lookup+0x4d3/0x1120 [ 603.800959] ? d_alloc_parallel+0x82e/0x16b0 [ 603.800972] ? ovl_path_next+0x200/0x200 [ 603.835916] ? __d_lookup_rcu+0x640/0x640 [ 603.840061] ? lock_acquire+0x170/0x3f0 [ 603.844031] ? lookup_slow+0x129/0x400 [ 603.847929] lookup_slow+0x20a/0x400 [ 603.851647] ? follow_dotdot_rcu+0xf00/0xf00 [ 603.856045] ? lookup_fast+0x430/0xe30 [ 603.859934] ? ns_capable_common+0x127/0x150 [ 603.864349] walk_component+0x6a1/0xbc0 [ 603.868319] ? lookup_fast+0xe30/0xe30 [ 603.872191] ? selinux_is_enabled+0x5/0x50 [ 603.876419] ? revert_creds+0x268/0x380 [ 603.880384] ? security_inode_permission+0xb5/0xf0 [ 603.885293] ? ovl_getattr+0x6c0/0x6c0 [ 603.889164] link_path_walk+0x823/0x10a0 [ 603.893212] ? walk_component+0xbc0/0xbc0 [ 603.897349] path_parentat+0x41/0x120 [ 603.901135] filename_parentat+0x176/0x520 [ 603.905354] ? getname+0x20/0x20 [ 603.908710] ? check_stack_object+0x86/0xa0 [ 603.913013] ? __phys_addr_symbol+0x1f/0x60 [ 603.917317] ? __check_object_size+0x179/0x230 [ 603.921882] ? strncpy_from_user+0x210/0x2c0 [ 603.926277] ? getname_flags+0x22e/0x550 [ 603.930321] ? SyS_unlinkat+0x70/0x70 [ 603.934106] do_unlinkat+0xc2/0x5c0 [ 603.937722] ? do_rmdir+0x3c0/0x3c0 [ 603.941331] ? fput+0xb/0x140 [ 603.944416] ? SyS_write+0x14d/0x210 [ 603.948112] ? SyS_read+0x210/0x210 [ 603.951721] ? __do_page_fault+0x159/0xad0 [ 603.956111] ? do_syscall_64+0x4c/0x640 [ 603.960067] ? SyS_unlinkat+0x70/0x70 [ 603.963878] do_syscall_64+0x1d5/0x640 [ 603.967762] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 603.971987] audit: type=1804 audit(1617134889.252:2577): pid=14563 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1048/bus" dev="sda1" ino=14332 res=1 [ 603.972946] RIP: 0033:0x466459 [ 603.998927] RSP: 002b:00007f103e279188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 604.006639] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 604.013909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 604.021185] RBP: 00007f103e2791d0 R08: 0000000000000000 R09: 0000000000000000 [ 604.028451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 604.035709] R13: 00007ffc0a9b1e7f R14: 00007f103e279300 R15: 0000000000022000 [ 604.042992] CPU: 1 PID: 14552 Comm: syz-executor.5 Not tainted 4.14.228-syzkaller #0 [ 604.050887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 604.060243] Call Trace: [ 604.062841] dump_stack+0x1b2/0x281 [ 604.066529] should_fail.cold+0x10a/0x149 [ 604.070688] should_failslab+0xd6/0x130 [ 604.075114] kmem_cache_alloc+0x28e/0x3c0 [ 604.075128] __d_alloc+0x2a/0xa20 [ 604.075139] ? is_bpf_text_address+0x91/0x150 [ 604.075150] d_alloc+0x46/0x240 20:08:09 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 604.075161] d_alloc_parallel+0xd6/0x16b0 [ 604.075186] ? __lock_acquire+0x5fc/0x3f20 [ 604.075197] ? trace_hardirqs_on+0x10/0x10 20:08:09 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 604.075206] ? __save_stack_trace+0xa0/0x160 [ 604.075215] ? deref_stack_reg+0x124/0x1a0 [ 604.075223] ? lock_downgrade+0x740/0x740 20:08:09 executing program 5 (fault-call:6 fault-nth:4): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 604.075233] ? __d_lookup_rcu+0x640/0x640 [ 604.075243] ? lock_acquire+0x170/0x3f0 [ 604.075252] ? lookup_slow+0x129/0x400 20:08:09 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 604.075267] lookup_slow+0x175/0x400 [ 604.075277] ? lock_downgrade+0x740/0x740 [ 604.075291] ? follow_dotdot_rcu+0xf00/0xf00 [ 604.075307] ? d_lookup+0x156/0x220 [ 604.075319] lookup_one_len_unlocked+0x3a0/0x410 [ 604.075329] ? vfs_link+0xb40/0xb40 [ 604.075344] ovl_lookup_single+0x33/0x6d0 [ 604.075354] ? check_preemption_disabled+0x35/0x240 [ 604.075364] ovl_lookup_layer+0x2ef/0x3d0 [ 604.075373] ? d_alloc_parallel+0x666/0x16b0 [ 604.075384] ? ovl_lookup_single+0x6d0/0x6d0 [ 604.075392] ? lock_downgrade+0x740/0x740 [ 604.075404] ovl_lookup+0x352/0x1120 [ 604.075413] ? d_alloc_parallel+0x82e/0x16b0 [ 604.075426] ? ovl_path_next+0x200/0x200 [ 604.075439] ? __d_lookup_rcu+0x640/0x640 [ 604.075450] ? lock_acquire+0x170/0x3f0 [ 604.075457] ? lookup_slow+0x129/0x400 [ 604.075472] lookup_slow+0x20a/0x400 [ 604.075488] ? follow_dotdot_rcu+0xf00/0xf00 [ 604.075497] ? lookup_fast+0x430/0xe30 [ 604.075512] ? ns_capable_common+0x127/0x150 [ 604.075523] walk_component+0x6a1/0xbc0 [ 604.075534] ? lookup_fast+0xe30/0xe30 [ 604.075543] ? selinux_is_enabled+0x5/0x50 [ 604.075552] ? revert_creds+0x268/0x380 [ 604.075564] ? security_inode_permission+0xb5/0xf0 [ 604.075572] ? ovl_getattr+0x6c0/0x6c0 [ 604.075585] link_path_walk+0x823/0x10a0 [ 604.075599] ? walk_component+0xbc0/0xbc0 [ 604.075611] path_parentat+0x41/0x120 [ 604.075622] filename_parentat+0x176/0x520 [ 604.075634] ? getname+0x20/0x20 [ 604.075649] ? check_stack_object+0x86/0xa0 [ 604.075659] ? __phys_addr_symbol+0x1f/0x60 [ 604.075666] ? __check_object_size+0x179/0x230 [ 604.075677] ? strncpy_from_user+0x210/0x2c0 [ 604.075689] ? getname_flags+0x22e/0x550 [ 604.075697] ? SyS_unlinkat+0x70/0x70 [ 604.075707] do_unlinkat+0xc2/0x5c0 [ 604.075719] ? do_rmdir+0x3c0/0x3c0 [ 604.075729] ? fput+0xb/0x140 [ 604.075738] ? SyS_write+0x14d/0x210 [ 604.075746] ? SyS_read+0x210/0x210 [ 604.075754] ? __do_page_fault+0x159/0xad0 [ 604.075762] ? do_syscall_64+0x4c/0x640 [ 604.075770] ? SyS_unlinkat+0x70/0x70 [ 604.075778] do_syscall_64+0x1d5/0x640 [ 604.075793] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 604.075801] RIP: 0033:0x466459 [ 604.075805] RSP: 002b:00007fded9971188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 604.075816] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 604.075822] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 604.075828] RBP: 00007fded99711d0 R08: 0000000000000000 R09: 0000000000000000 [ 604.075832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 604.075837] R13: 00007ffe6c9f617f R14: 00007fded9971300 R15: 0000000000022000 [ 604.183193] overlayfs: missing 'lowerdir' [ 604.302616] overlayfs: unrecognized mount option "lower" or missing value [ 604.430935] FAULT_INJECTION: forcing a failure. [ 604.430935] name failslab, interval 1, probability 0, space 0, times 0 [ 604.430948] CPU: 0 PID: 14590 Comm: syz-executor.5 Not tainted 4.14.228-syzkaller #0 [ 604.430954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 604.430957] Call Trace: [ 604.430973] dump_stack+0x1b2/0x281 [ 604.430988] should_fail.cold+0x10a/0x149 [ 604.431003] should_failslab+0xd6/0x130 [ 604.431015] __kmalloc+0x2c1/0x400 [ 604.431024] ? ovl_alloc_entry+0x1e/0x70 20:08:10 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:10 executing program 5 (fault-call:6 fault-nth:5): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:10 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c653197834b2c6c6f7765726469723d2e"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:10 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 604.431036] ovl_alloc_entry+0x1e/0x70 [ 604.431045] ovl_lookup+0x724/0x1120 [ 604.431059] ? ovl_path_next+0x200/0x200 [ 604.431072] ? __lock_acquire+0x5fc/0x3f20 [ 604.431083] ? __d_lookup_rcu+0x640/0x640 [ 604.431094] ? lock_acquire+0x170/0x3f0 [ 604.431104] ? lookup_slow+0x129/0x400 [ 604.431119] lookup_slow+0x20a/0x400 [ 604.431135] ? follow_dotdot_rcu+0xf00/0xf00 [ 604.431143] ? lookup_fast+0x430/0xe30 [ 604.431164] ? ns_capable_common+0x127/0x150 [ 604.431179] walk_component+0x6a1/0xbc0 [ 604.431191] ? lookup_fast+0xe30/0xe30 [ 604.431200] ? selinux_is_enabled+0x5/0x50 [ 604.431210] ? revert_creds+0x268/0x380 [ 604.431221] ? security_inode_permission+0xb5/0xf0 [ 604.431229] ? ovl_getattr+0x6c0/0x6c0 [ 604.431243] link_path_walk+0x823/0x10a0 [ 604.431257] ? walk_component+0xbc0/0xbc0 [ 604.431271] path_parentat+0x41/0x120 [ 604.431281] filename_parentat+0x176/0x520 [ 604.431293] ? getname+0x20/0x20 [ 604.431308] ? check_stack_object+0x86/0xa0 [ 604.431318] ? __phys_addr_symbol+0x1f/0x60 [ 604.431326] ? __check_object_size+0x179/0x230 [ 604.431339] ? strncpy_from_user+0x210/0x2c0 [ 604.431350] ? getname_flags+0x22e/0x550 [ 604.431360] ? SyS_unlinkat+0x70/0x70 [ 604.431370] do_unlinkat+0xc2/0x5c0 [ 604.431382] ? do_rmdir+0x3c0/0x3c0 [ 604.431392] ? fput+0xb/0x140 [ 604.431401] ? SyS_write+0x14d/0x210 [ 604.431410] ? SyS_read+0x210/0x210 [ 604.431419] ? __do_page_fault+0x159/0xad0 [ 604.431430] ? do_syscall_64+0x4c/0x640 [ 604.431438] ? SyS_unlinkat+0x70/0x70 [ 604.431449] do_syscall_64+0x1d5/0x640 [ 604.431464] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 604.431472] RIP: 0033:0x466459 [ 604.431477] RSP: 002b:00007fded9971188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 604.431487] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 604.431493] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 604.431499] RBP: 00007fded99711d0 R08: 0000000000000000 R09: 0000000000000000 [ 604.431505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 604.431511] R13: 00007ffe6c9f617f R14: 00007fded9971300 R15: 0000000000022000 [ 604.459081] overlayfs: unrecognized mount option "lower" or missing value [ 604.779833] FAT-fs (loop2): bogus number of reserved sectors [ 604.809420] overlayfs: failed to resolve './file1K': -2 [ 604.895065] audit: type=1804 audit(1617134890.382:2578): pid=14612 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1049/file1/bus" dev="sda1" ino=14941 res=1 [ 604.939390] FAULT_INJECTION: forcing a failure. [ 604.939390] name failslab, interval 1, probability 0, space 0, times 0 [ 604.974376] overlayfs: failed to resolve './file1K': -2 [ 604.989735] FAT-fs (loop2): Can't find a valid FAT filesystem [ 605.003378] CPU: 1 PID: 14610 Comm: syz-executor.5 Not tainted 4.14.228-syzkaller #0 [ 605.011301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 605.020656] Call Trace: [ 605.023239] dump_stack+0x1b2/0x281 [ 605.026852] should_fail.cold+0x10a/0x149 [ 605.031006] should_failslab+0xd6/0x130 [ 605.034966] __kmalloc+0x2c1/0x400 [ 605.038487] ? ovl_alloc_entry+0x1e/0x70 [ 605.042531] ovl_alloc_entry+0x1e/0x70 [ 605.046398] ovl_lookup+0x724/0x1120 [ 605.050101] ? ovl_path_next+0x200/0x200 [ 605.054147] ? __d_lookup_rcu+0x640/0x640 [ 605.058279] ? lock_acquire+0x170/0x3f0 [ 605.062233] ? lookup_slow+0x129/0x400 [ 605.066109] lookup_slow+0x20a/0x400 [ 605.069808] ? follow_dotdot_rcu+0xf00/0xf00 [ 605.074200] ? lookup_fast+0x430/0xe30 [ 605.078077] ? ns_capable_common+0x127/0x150 [ 605.082472] walk_component+0x6a1/0xbc0 [ 605.086455] ? lookup_fast+0xe30/0xe30 [ 605.090325] ? selinux_is_enabled+0x5/0x50 [ 605.094542] ? revert_creds+0x268/0x380 [ 605.098502] ? security_inode_permission+0xb5/0xf0 [ 605.103411] ? ovl_getattr+0x6c0/0x6c0 [ 605.107310] link_path_walk+0x823/0x10a0 [ 605.111377] ? walk_component+0xbc0/0xbc0 [ 605.115520] path_parentat+0x41/0x120 [ 605.119309] filename_parentat+0x176/0x520 [ 605.123529] ? getname+0x20/0x20 [ 605.126884] ? check_stack_object+0x86/0xa0 [ 605.131279] ? __phys_addr_symbol+0x1f/0x60 [ 605.135584] ? __check_object_size+0x179/0x230 [ 605.140166] ? strncpy_from_user+0x210/0x2c0 [ 605.144595] ? getname_flags+0x22e/0x550 [ 605.148643] ? SyS_unlinkat+0x70/0x70 [ 605.152454] do_unlinkat+0xc2/0x5c0 [ 605.156068] ? do_rmdir+0x3c0/0x3c0 [ 605.159680] ? fput+0xb/0x140 [ 605.162770] ? SyS_write+0x14d/0x210 [ 605.166474] ? SyS_read+0x210/0x210 [ 605.170097] ? __do_page_fault+0x159/0xad0 [ 605.174350] ? do_syscall_64+0x4c/0x640 [ 605.178411] ? SyS_unlinkat+0x70/0x70 [ 605.182196] do_syscall_64+0x1d5/0x640 [ 605.186074] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 605.191269] RIP: 0033:0x466459 [ 605.194445] RSP: 002b:00007fded9971188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 605.202138] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 20:08:10 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:10 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:10 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(r0, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x26) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000080)={r2, 0x4, 0x2, 0xf9}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000500)='tmpfs\x00', &(0x7f0000000540)='./file0\x00', 0xfff, 0x3, &(0x7f00000016c0)=[{&(0x7f0000000580)="82f30a5c9321eba1ebf9ea363e4c9e5d2ce8cef6098db5a703a59f0e7ac6bb406a69e349803dfb48452093315b2a9a38324b3d9ff6f9e2910e8f9ac00527f911056fa5753e4a1f1961a262a4a1c95d16f5039c71bed878adcd053f6c020d6b50df09b22bc695e79ada4199603ab3b9d61c1c490f51d42c44cbf88e6430c957bda2a7917e25f116f7e87429538ba0acc3da5b455cccf379ca433ed0d61f02e86f529febcf4e10fbe3280a4416a5688616ee41068a8a1e0d9fb45118ce24e0e14154f47f5ba6e281b175dbbac73deed23c44e37d1879e811d816eec695a621b16e292e5a45", 0xe4, 0x6}, {&(0x7f0000000680)="3ddd81eeaa4eb35a8520473f5ad75d646bf0f303", 0x14, 0x7fff}, {&(0x7f00000006c0)="20d743d5ed210603254b0e2456a5d8ebb92c42b27ae58498c12d41ae32ad94af6c5c20c801a203764bdfb1496c401ff1b36f9e8bbf216f549a6b4c18f1e7886a05889058702bb706c6244886fe9cd49981d578132df624cbc72f8a606b23ebaff320a8690fc47a6fbe2e113ca5ba774c5f8dc55438d7135cf7a8edaa5233aefeddfe57d7933b6d09a91e600b173e53fad98340b8384329379e0ce47b94fff619ec7dee2a0081bb997c1e4c4f9b836e25fe6df1009d5187ad827d63a474925f15a171b513ac828bbdfa24f0dfd0cb6f17d4f6e1acda9b69a27b9bc014a9b612c32696ca956f2a9c35a28598d4372931b87820a76a0c92df12ac7f0d8d5d217e0d0505c52c19381b768647df5023e74f5d3cce85cfc4671a849500caab6d82d2ab21d111af1a518ad11ac4b0ec00124c97019953d29930bd2af24236d456d552040f030c8ac7f31b5e610cac469687ba19f3a1634cd813103af9d180dba8e93dc0936b0bb760cb5351b4952593ed21cbef55932e222fca05e4d8a2779179a102bd6cf3be217ed20f45a73447e3a434c5bc8d78be5cff8d4c73794f939f563657b59c3c27e281955a1e3a3a7ea2540dacc31f2beaf0386cd19aa22f4912e4831e496697cd2bb35728a3c9cb8db578a1d62b0d2fd5e5dd033f2e648ca216d0e6c2588bfd496c4c865e44fdc1f78d0822805602f66cea975899eed58d55e7e5320d59c3bd364cd292a9ce54b20a97ac6bc0325e1dd3e90cfb79706a06a28632a499c438f696c3be96a35f67121843947f5ae89ae866b8d1cbbfb3ff75090e859095b51815d7305388da0cde4cc7561c95302a62736efd7dca07f3cc187afac7cc81daf03677506edf16358508f5d78180d5f7ecd61e869ce464157ff643574082d0384b755c30c5324151c48aebe4d19992b52c0b7e7e43ee26a9b0f44d39ca2c9fca451ed12f88b7941297c1d6923b2bd0d88b155055d8a661214dc59be9c63fbca0e3c795f9b5b3db8fc8b36befcd5ccf7ed62cec0602c6b41f4cb676dfe927a0b429650769214a0de94cc598ba5424e09cdbccb681af75bdfd50e13d8c8cfe3c6dd4f0216d6c52f1160d21dcf16a53570cc7b4bdd49e59402b4cb8577f2a0b8061a313317f6c98b874955be57351a2bb6dbb19a2715e28381ffa2827c1f9a743807e657dd6e26e006139984a4037b7490dd6bf7fe4c3339a868cebda25779ba23530289f873599418e3aab699ee11629bda976063bb78863ac364fb36359532cf6c8fd8538d726b67ed92fe244698d1ad1d19f47f560835d3393fa5e42b9239ea2b8399646715f4d88b65d3ae3c18445926ba86ba94299f18ee4189d7e7b79eb634496ccb0202cf716b77258880a912f113411eac4c4bb98b4314045e590cf193c71954e6ad9120c5c54949a1a14aee32d2de8c106f76dbe8638e064eff0abda7dd803ae37170a93f837ce84929939c15b99bee15ad93eed93465634c174899dbea395df712cc6fc09f6d96ed02101378e9179f90e83acc61d013771b65913fa476a0586eff8bd6c36e1f1b530e47afd4577eb4f152f7c5cd5ee8e802f7244100ccb0d0c51766c01ef399783869038cd01530311ac82ae0aab94dd319b427adb62b33f39c4d15be7cbbf4f9348e3b33cc7df2fb6570496d9b6f3e23e68d5ff4232e6a9d09b7d3b903b805a517ad7ea4e011527361310785219a1315802b0425f36c9e2f8d98859cf7796daef1eff5170d739621c69958442760cfbca990bdbc97b879041aff7060c5c3e1d24167e23854648ef13915900bcbd50a1ce6547b478294bfe174abe8c8055480f72a01ac1846593295887dd792be0bdd2b84bd256daa5222eb8970eb4ceb547b146011d440774eb909be237e0e548c06db957f7c1b560f398e31a59919513e399f2c6db3aafd51320873565b6babd181f7e412e21e7d2359958bb67209269f7cb80ea83ca50d7c189e2aaabb7974da79117ae921199711585837d443b239f077a50833dfee7977c56b198ec0a7be2f3e7118cef2634bb2c5c0698c505f8124f3e23751f1e0d19f2668d93ce18c11c275a7fc9157a1f7e29b5af6bad52078cc50ad03919d9ff08adcf1db062ec0505c74a3d49722c4839d5bf9bf48f4b031ca6ef3f342625ad9b1acf86a233553a9f579d5fde3a1dc53e7fde3585f0a688731b8b848fea8d47e3d1b7a859e3af1a646de58dee190525c9fc60d979b4d48fe353165bc3dd01680eb70cf27d52a66900f68c97d6d03780780939fa75f4443c39dc5a87ce05dbefe348b59fda881818cef34888e371b6b888d8c2589f40f8aff28b9cb1177bf07c819017f432fa55b4d9c02b8cf5742189f46da0fa0e71a7c08e27156138afc99f2beb0e9407290b5924d77931aa973846529c0245a95658405dd3a817f507ec6baca67c71351422dae6a1cf6d96ba302bd827ffb70400d007fbb4abe10f01e37c73813a62321ab7fe9b6af7a513b4f43cb348e794ef0c4ab7c4545a9220fcaef327698b179f8a6901f7fee457143369589445eb6a03ddc391bafaa91737c8881edb65b6f246fe42bf29a4738e35d149c310c6ca9031b2b226b13e5d048d3f8adc5f2b18c96efdf74b9cde1daf679ea77cf09ff9bcea835e03a71d1aa316fa567dc8681dca5375b0018ddaaac0cf827d043be160ff5e67096d60dd66e8a2a4f61b4bb1314a36186bd96dc544e8836e56959faf49ae02e6c80bfc8b062caa397b957484088332ef56f081fbe06c58f9652a93c4ce29ee98bf1e3dbdc93f0de4470e59732338aa5f1016597c52ea4517eebfa145ff38d956a78cd2b122baf1600b08ec6109aa62bb981eae8dcb5973219b5591f805b7a66e3d560516ba7ae3119c8bb809f97f80f9882caaab65e7824731691f836f24dca4827b5035225a773240824afad27f381b9fe0b81579722db2e806479014219f9805cf853374ada70ed15271e0e37bf31db8b8eefc7ca676b987c3b21ec70d58b90113f18b1d52d68d4b4297bf259bf03fbdfe5b447df8de33bf94fda69da3bbfafd231c195f3aaa5cc961d5f289b9e30e816edb466a5401a8c9bf17ab8baaff0ba84f2d832107c584d7654caca2c600a950c8018922ddfde1b9f49fad7f7e77762b90cddc83af7133e848734964a9b106b08d128546acb0c39dcfe71cccc278a30e03a2f62d696635937050b83931322e0a804cfd3e172e13e900758d5b171b0a7c2645c4ee04083dc1c6419f8c0ce1b1c7622d7e4764111b57ee27ba4fa2d6d93ae50053c25bee6fb2dd0f9cf5a538ff7f691d1fa3b815a75e19a94ab2d77f09239b9564f68973112e5b8882f2463c5796a1397cd988619b4b849a5874d2883dd57c0c488f9da324acaf2c3d366698c1bbf812d6e331853fe5df8882292978b4d078f8055cb5c166529afab398e4a1fdba27c88fa7940bf320da28a082ba6c963433ad394af8948c8529eb3075f9a8f656442d4b3388a56c00c70445688c495facf7e51c2c38d7545e825dbc78d3f32878b96b789c5231ef372329d349c210ba74116a786de950a6dee881186602dbe47d7bc8e6deb0d8bccb331f99673c18fa39060b532ae850aaa85e857e108e0771fbfd22263047fd6d67548a10c87aa5a0d00420f7bd54495929b1624bf3fa02e7ef9362523d0872dd2e54230fd4cefbe08b521b3fd9941920af4a7ab3f414921727d22861bd6aaa0f67c0548e3999b47aad9cb8f4f7bd99fd27038e93d8f5cc10697f28722f11e5d58dcc329c61130b1a3d0c2d34305a64c6c130da5a0162451795898d72778a67a96d992b0fd5387da7cd3f5a3d3d4ea3dc4591bb0b1b75d8254e222f29e0c1b11c4f3747b23dcdb3a90948d04a9d0915f1af98862ae159cb065d083c63140a6c97e85c29fa6033cdf14c95d2cbb246aefb510d16b38d2cd092284f57d5cd6f911a66f6940cc2650d8333aaffe9eda434af2118dfc15f67e568c23b8f2e3128ca099f470c04fc88043302c8d9a5d5a27ae6b5da9eeeba7a80552ee28a66a36e18e62911ce2e0d6b9d11ea91898fbca43d064d7e0d5d4006fd0561d84f595608a7032124d8d6cb0f1f0e3e6d961665c6a76cd5a860e09b1b4b7cdcdb1bff5909d9f1ec4fbedd36afcf06f669d3eacd1e8097b29d6828419a128b845b2cd0ec4502c2df6b7a8c31816b68b22aed84fceb9c9604f51b1d56118f144907bb34c59ee9ee61dfea30dea3b3ada15b6bbfc784e55dcb7c757e19d58f6fa11b1eb47c2348fbd1371ab053590d9c7e550d9919d571be32e30fc2df0131871815257960bd39ced579ad996dfac305c6d589a2cd61fb1643512709066b5b64c860f5327293103577265e484ea9c69260a857bc67097c298cfc0484d8f0b17dec6d4175f80691b20adfade7b1ca34f566995bf750f415f6cfaa293431e9501a8cb2786840946009396c1774995800360c6d2c7a42a7b35061a6a2e864d2811b0c6093c65d62340ec060b9295b40bc1b81fdd3d954a26203a34f9ab1d73896bf9a58bc11f240fbafecd5ac3cf63d7b9ddd9f9b06650566b10d591e6ea0c499933bdb8babeea6fa0356588355b70b8c3db001fbb3f15f9c11f2ef73c325abb41c2dc9cd9bd0ac597229fe19d79124f0cd7bcf4f4e0ee0e90a2bab921c139971a3250cc88423807fde585df2e5fa5ca9fec7735362c7049a7f609185c90e461f1228f5ff69637f7e4b4d8b0364d7b91465ac99ab933b8785c0cefe503fa11ab0249a9d0b6bc6d3a06585b5f764b7a6e1fe12be38f3bba702e2bf20923a14815d5d44be6f2867e10f7bed64b7ec9a3f6d83c58c9c660c75448121182e77dc7fc1c2719c9b5da20db152976daa9f71690583e3e6066869d849eae85f4f73a3dc95eafe0b6476476c888b14717ea81d7549805023e878b53046492df932ec42f342dc762df9f20e0d0987d6e530e97dc0d3d700d1f1f1729513d0acb6391e7102876919cb0054bcca518960b0ccaa72f4b1ab8600b49bb951440b1091265b72a3b07528a79f3c9410a3c976a537c39e7f0224cd1390c470c01783d4747b48f68970f20583a81900b1f3fb5f4ac1646dc1f3c06d93b4c6ed49dc49c8c3091c3a6728b680ca4d28b6848256f7e8aea499afb62f7aa73624413792d2489577d666e92dfa13373899b1f575d85c6db90035d7872332ce613d8a63f752cd146ebd57f6a335e4babe0ef91cabbba780607d20a211216bc95802661f363d4e9cf1828f22e6f1f1255bfe6ffa8a53c99646003dd7d1fc835903b46a5d6358353da6af916d90d633c98b290d153a7fb6456ecb45432a4f49a2a73c99c15d6a2d78ce94bbfedbdf3794984f53a6a4d33165df955f2d1e0966eca455f71ecef4d9fb62a4e308b34b044311a7dbb50131e1bcce1c98ed418e15c4ad0542fbc2b1239413d88837123dff59bf7f6b6bc36edc57c9325483c721f3013699789dc2e5ead20ee60f22de208a3b2f857347bc0647e19a9a412b34a485cf195c09a08eae028905c23d0a52dc3b422c5aa5c016ea2f3b7a71330fe7f56e6799009d4c74d669e137c84654e9af193137c4bc08ae45ded07945776b5b4fcf904dfa967fdc79b9f8c00197d0c7abbe76341fd60784bcf24500a9287021f8b02a1917a572dd4a745cd15b829b3516bbf2816b9579d950bced2941eefef05562cf2f989e52975c97e5bd4a4a06069cebe4004a494a14f5d7d8183ffec182bfc53efc01279d908d3280d88371f5171c15cb62ecc27fa9e26657a37f1a2d89046fedbbc7d822fe2e2a13a91010dbc9b7bb0eb6bc124b839896537e", 0x1000, 0x80}], 0x2000, &(0x7f0000001740)={[], [{@smackfsfloor={'smackfsfloor', 0x3d, '/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00'}}, {@obj_type={'obj_type', 0x3d, '/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00'}}]}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x1010, r4, 0x0) syz_mount_image$vfat(&(0x7f0000001800)='vfat\x00', &(0x7f0000001840)='./file0\x00', 0x9, 0x1, &(0x7f0000001980)=[{&(0x7f0000001880)="976d3c0c3ef1a15d4c250cae6dac690453394da4413f2f20f0cc069d1abd44ea5eab8471fba401ed7816809ab19048d3212a45a48a3a155743cef8250e98517608e8edb3aca022db1a1cb8047e19d5d461689c59b14eff4153f59b765768d9cd51691c6793566b3430e8c3cb0c1b4a3ab82e5d063209bf67e41c2f0cce8dcca6652aaa80379134d51021de29b4490e3fdcf862dded5c28716543e7666980876291c95ba762e4b273e4213c6cfcb2f05a237981165b43f19b75187fcd4926d7df1f0c0635ecaa03bccefb16c9", 0xcc, 0x86d}], 0x800000, &(0x7f00000019c0)={[{@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@utf8no='utf8=0'}, {@uni_xlateno='uni_xlate=0'}, {@fat=@showexec='showexec'}, {@utf8='utf8=1'}, {@uni_xlateno='uni_xlate=0'}]}) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendfile(r3, r4, &(0x7f00000000c0)=0x8, 0xbe7) r5 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0x1, 0x0) preadv(r5, &(0x7f00000004c0)=[{&(0x7f00000001c0)=""/130, 0x82}, {&(0x7f0000000280)=""/223, 0xdf}, {&(0x7f0000000380)=""/81, 0x51}, {&(0x7f0000000400)=""/177, 0xb1}], 0x4, 0x0, 0x4) [ 605.209388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 605.216638] RBP: 00007fded99711d0 R08: 0000000000000000 R09: 0000000000000000 [ 605.223887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 605.231138] R13: 00007ffe6c9f617f R14: 00007fded9971300 R15: 0000000000022000 20:08:10 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75703065726469723d2e726b6469723d2e2f66696c65312c6c6f77ecfac70765030000003da1"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:10 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 605.313647] overlayfs: unrecognized mount option "lower" or missing value 20:08:10 executing program 5 (fault-call:6 fault-nth:6): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 605.362970] audit: type=1804 audit(1617134890.832:2579): pid=14622 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1194/bus" dev="sda1" ino=14902 res=1 [ 605.383121] overlayfs: unrecognized mount option "up0erdir=.rkdir=./file1" or missing value [ 605.459979] FAT-fs (loop0): bogus number of reserved sectors [ 605.468469] overlayfs: unrecognized mount option "up0erdir=.rkdir=./file1" or missing value [ 605.469020] FAT-fs (loop0): Can't find a valid FAT filesystem 20:08:11 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 605.506876] overlayfs: unrecognized mount option "lowerdir" or missing value 20:08:11 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./bus/file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus/file0\x00', 0x120) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000440)='./bus/file0\x00') chdir(&(0x7f00000001c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) creat(&(0x7f00000002c0)='./bus/file0\x00', 0x124) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000240)=0xc) mount$9p_fd(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140)='9p\x00', 0x810, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',loose,version=9p2000,dfltgid=', @ANYRESHEX=0xee00, @ANYBLOB=',dfltuid=', @ANYRESHEX, @ANYBLOB=',fowner>', @ANYRESDEC=r2, @ANYBLOB=',subj_type=overlay\x00,hash,\x00']) rmdir(&(0x7f0000000000)='./bus/file1\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:11 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:11 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(0x0) [ 605.586586] FAULT_INJECTION: forcing a failure. [ 605.586586] name failslab, interval 1, probability 0, space 0, times 0 [ 605.638950] overlayfs: unrecognized mount option "lowerdir" or missing value [ 605.649057] CPU: 1 PID: 14645 Comm: syz-executor.5 Not tainted 4.14.228-syzkaller #0 [ 605.656989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 605.666359] Call Trace: [ 605.668966] dump_stack+0x1b2/0x281 [ 605.672621] should_fail.cold+0x10a/0x149 [ 605.676795] should_failslab+0xd6/0x130 [ 605.680784] kmem_cache_alloc+0x28e/0x3c0 [ 605.684943] ? ovl_i_callback+0x20/0x20 [ 605.689012] ? ovl_lock_rename_workdir+0x50/0x50 [ 605.693781] ovl_alloc_inode+0x18/0x180 [ 605.697769] ? ovl_i_callback+0x20/0x20 [ 605.698586] FAT-fs (loop2): bogus number of reserved sectors [ 605.701752] alloc_inode+0x5d/0x170 [ 605.701764] iget5_locked+0x169/0x450 [ 605.701774] ? ovl_inode_test+0x50/0x50 [ 605.701785] ovl_get_inode+0x1b3/0xaf0 [ 605.701797] ovl_lookup+0x7f2/0x1120 [ 605.701812] ? ovl_path_next+0x200/0x200 [ 605.730753] ? __d_lookup_rcu+0x640/0x640 [ 605.734915] ? lock_acquire+0x170/0x3f0 [ 605.738451] FAT-fs (loop2): Can't find a valid FAT filesystem [ 605.738892] ? lookup_slow+0x129/0x400 [ 605.738909] lookup_slow+0x20a/0x400 [ 605.738925] ? follow_dotdot_rcu+0xf00/0xf00 [ 605.738936] ? lookup_fast+0x430/0xe30 [ 605.760682] ? ns_capable_common+0x127/0x150 [ 605.765104] walk_component+0x6a1/0xbc0 [ 605.769092] ? lookup_fast+0xe30/0xe30 [ 605.772990] ? selinux_is_enabled+0x5/0x50 [ 605.777243] ? revert_creds+0x268/0x380 [ 605.781235] ? security_inode_permission+0xb5/0xf0 [ 605.786175] ? ovl_getattr+0x6c0/0x6c0 [ 605.790078] link_path_walk+0x823/0x10a0 [ 605.794155] ? walk_component+0xbc0/0xbc0 [ 605.798318] path_parentat+0x41/0x120 [ 605.802138] filename_parentat+0x176/0x520 [ 605.806388] ? getname+0x20/0x20 [ 605.809779] ? check_stack_object+0x86/0xa0 [ 605.814117] ? __phys_addr_symbol+0x1f/0x60 [ 605.818447] ? __check_object_size+0x179/0x230 [ 605.823043] ? strncpy_from_user+0x210/0x2c0 [ 605.827467] ? getname_flags+0x22e/0x550 [ 605.831570] ? SyS_unlinkat+0x70/0x70 [ 605.835389] do_unlinkat+0xc2/0x5c0 20:08:11 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(0x0) [ 605.839032] ? do_rmdir+0x3c0/0x3c0 [ 605.842672] ? fput+0xb/0x140 [ 605.845791] ? SyS_write+0x14d/0x210 [ 605.849519] ? SyS_read+0x210/0x210 [ 605.853153] ? __do_page_fault+0x159/0xad0 [ 605.857401] ? do_syscall_64+0x4c/0x640 [ 605.861392] ? SyS_unlinkat+0x70/0x70 [ 605.865208] do_syscall_64+0x1d5/0x640 [ 605.869116] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 605.874313] RIP: 0033:0x466459 [ 605.877505] RSP: 002b:00007fded9971188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 605.881020] audit: type=1804 audit(1617134891.322:2580): pid=14665 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1050/file1/bus" dev="sda1" ino=14923 res=1 [ 605.885219] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 605.885225] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 605.885230] RBP: 00007fded99711d0 R08: 0000000000000000 R09: 0000000000000000 [ 605.885235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 20:08:11 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:11 executing program 5 (fault-call:6 fault-nth:7): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 605.885240] R13: 00007ffe6c9f617f R14: 00007fded9971300 R15: 0000000000022000 [ 605.899841] overlayfs: failed to resolve './file1': -2 [ 605.979679] overlayfs: failed to resolve './file1': -2 20:08:11 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./bus/file0\x00', &(0x7f0000000100)='trusted.overlay.upper\x00', &(0x7f0000000140)={0x0, 0xfb, 0x1e, 0x1, 0x81, "f8579df40a4b1185f13d33977b4c7453", "e80c7294881300d13e"}, 0x1e, 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowdrdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 606.059286] overlayfs: unrecognized mount option "lowerdir" or missing value [ 606.118717] overlayfs: unrecognized mount option "lowdrdir=." or missing value [ 606.132446] audit: type=1804 audit(1617134891.622:2581): pid=14630 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1194/bus" dev="sda1" ino=14902 res=1 [ 606.147748] overlayfs: unrecognized mount option "lowdrdir=." or missing value [ 606.205717] print_req_error: 4 callbacks suppressed [ 606.205723] print_req_error: I/O error, dev loop0, sector 0 [ 606.226617] FAT-fs (loop0): bogus number of reserved sectors [ 606.260586] audit: type=1804 audit(1617134891.652:2582): pid=14630 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1194/bus" dev="sda1" ino=14902 res=1 [ 606.288632] FAT-fs (loop0): Can't find a valid FAT filesystem 20:08:11 executing program 0: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:08:11 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:11 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(0x0) 20:08:11 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x128) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:11 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x1) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 606.379357] overlayfs: unrecognized mount option "lowerdir=" or missing value 20:08:11 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 606.441373] overlayfs: filesystem on './bus' not supported as upperdir 20:08:12 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:12 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(0x0) 20:08:12 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f00000000c0)='\x00', 0x6, 0x6, &(0x7f0000000600)=[{&(0x7f0000000100)="d8e93388658ad5f97f80b621f92a4ea92f5d8c996712d5db547c2e79af4c7108de2b214228ddd8f4c3c5f4eeaeb0f938747532a62f1154c6695ba09272536c6cca9e9958a2822edfe144a7ab3378c1a40cc7d85e672ada64032a3b83805041376d530908ccdb4f767a4cda9cc9e8601781f1b31beff6a35a1cb9d8991ce1ec147cd2ab76de6f22ec93e103655e1b74a891c2c7379cf9f9aeb408e7e89a63", 0x9e, 0xfffffffffffffffe}, {&(0x7f00000001c0)="841883dd639dfe38e1dfdafc65b6f4d403b19059ad8ef7841547227793cc494df534dd00668cfd93b41b746f399a31e32af55bd815f859ae959a92658d8929a4e6fb12340085a4a8673b684684edac881dcb806ffa1e2f7d0cccba152557c178768d11947cbf64fac0d49d07144731769bb0c3", 0x73, 0xd60}, {&(0x7f0000000240)="17f9ab30eb678b1fc4e161ef454d5137b96311b4e0a3b2e944a115c35f970cea23afec1594ce7ce0695b2a24bf96360795afc120803f90cdb7e2e56d0d111a12ab0b6c1993231a07891d6afe7b57b2b48c3dd7f37868c4f01c649af15f5412de619381de7074fca69242ef8466f3da9363921cc20f6ffc201d62998d7e662430d4f6ab47adf55bdc8411ba2647bc8fe3c4f906db83b80d4c60c945fd2914b49313fb070d70f73ec9be0352a214c9dcbe77ca858768b310886a2648fd2ab44b31fc0fd1861dcc3d59dfc0181521f4f657e5d007caae851921c111a41a2cc26afe", 0xe0, 0xfbc}, {&(0x7f0000000340)="c732a49a34325ef7652191ce6277d52dd7d276527bad2620cbd6dad7909f102834ac4fded959c85189206b320f325f63b81b41b22256e38fcc64993370433291b248825fb5044683387c226676b0c71cfa020df31f9c916aa840a037618af7068c15cb9aaa822481e7c096c29dca53fb26482a9c99db9264329ab96d5673a1159c0e6792fb42efb55aea3910076ffafeafba23ff4b7c169271fe07b61b2f98de06a65456c48b5bae5aae72e879dc2cc548277a50c45bbe147081275d54d735c1e0c7eedd30a38ab75624c648915aabaa18ce74bf40ba2d99b719686c186fa3deced9c0f2ebe82bf6bd858e04b5d8bc9d2e06529b9c88cb69e88aa81123", 0xfd, 0x8}, {&(0x7f0000000440)="785fd3737474b96aaadc97b345eaaa38677e80532b4221f85a5f0a89494c41afedad90501626aff0cfea4ea5c2c611dc6803feaf4d9c546bb8b3dac79f2062c6a0cfdf005a4cd39452a0c13f5d6d5da8b7777cbd114a109e25daaa87f19709213a51122c1b6c77dcfc3940349fb9ddc07ac27bcfb2d32821e262abb5ea6b967bd4523fa318133d6b569b15b7d9fca6737c1e", 0x92, 0x8}, {&(0x7f0000000500)="71ca24236e515a06e12bd7b2f23d9884d3127e4c14b76f687097c7c8eed18df003f997c4c47f2d0551999508e8e9ec4e703bcfb2401b01bb91370b95c698c3ef239d9b2f7ec24f52a44c4a5cc689658c36d13d6c4c40e422c0ded63d6b7beae139e976c475c2e27f6182d1456c42b55d83e0a0a01993cb258c5bda80e46cf73469dfea5659b386f6de4805db93f53280c586528773008de0e9bc62d634f2ed49afaa66bbe4bb08344dd3057afb226e8d79c47fe1cbe3ccc50f92c3601869b8a8f09e8972020792da156ee1dea2197215fa08825a67ea85ce6072de03f544077c0d6275e1ee98b719431405f01d053754", 0xf0, 0x54b8}], 0x2000000, &(0x7f00000006c0)={[{@nouser_xattr='nouser_xattr'}], [{@subj_type={'subj_type'}}, {@hash='hash'}, {@measure='measure'}, {@hash='hash'}, {@euid_lt={'euid<', 0xee01}}]}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000740)='/dev/mISDNtimer\x00', 0x410402, 0x0) fstat(r2, &(0x7f0000000780)) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:08:12 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x10) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x24000, &(0x7f0000000280)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) connect$netrom(r0, &(0x7f0000000100)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x7}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @null, @bcast]}, 0x48) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 606.495452] overlayfs: unrecognized mount option "lowerdir=" or missing value [ 606.514558] overlayfs: filesystem on './bus' not supported as upperdir 20:08:12 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="757070ff016469723d2e2f627567b52e052c776f726b6469723d10f27256cca2ff25b2ecc28f2cc44bb60cd846a7e27fa22252b97d0d33d6e66c09065c963d6275f7fde45cf7dd4fdfcbd7e41d874d5d9316253359eefc80df190d16eb7622a82d201a92b7413f73c1f545910740e820d6f5c942b33c3a955403437aff8ab17ea8a2af0a65ca33c08d2f59f1c2c251f38982259542ba4dc8d88e015eba82c5865e2e944d9d9eeca2aae889893b45fea3e73f3bdc48a17952887263de691600d5efcd44840c74b3eb0eaf4b39770626d28bdfe9c33d5b52f2960da90ae24c163d8c2525d09194c0a5ea4b2e424be41b5fe8ed7dac2e36a86e75b47163939294678603517334ee73fae00f4cd01b9bc6488b9694979471dce56a3b8434dbd5cbbc34ade8d907db47c07cabd20ccd3e4ecd7c2d1ebec043b6894c03337ea06c2a24a56a8becd2afb42df7ec1c838eb98fac2a170e265ca83fe742f1889c"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:12 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 606.603037] audit: type=1804 audit(1617134892.092:2583): pid=14736 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1196/bus" dev="sda1" ino=14917 res=1 20:08:12 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="75707065726169723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f776572646972c697f157ba49d489dd3d2e"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 606.674270] FAT-fs (loop2): bogus number of reserved sectors [ 606.683150] FAT-fs (loop2): Can't find a valid FAT filesystem [ 606.712795] overlayfs: unrecognized mount option "lowerdir=" or missing value 20:08:12 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 606.744223] audit: type=1804 audit(1617134892.232:2584): pid=14750 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1051/file1/bus" dev="sda1" ino=14903 res=1 [ 606.758420] overlayfs: unrecognized mount option "uppdir=./bug." or missing value 20:08:12 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 606.788587] overlayfs: unrecognized mount option "upperair=./bus" or missing value [ 606.821018] overlayfs: unrecognized mount option "upperair=./bus" or missing value 20:08:12 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="7517a9cf80b35c366d2e2f627573fa376f726b6469721b2e2f66696c65312c6c6f7765726469723d2e"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 606.872510] overlayfs: unrecognized mount option "uppdir=./bug." or missing value 20:08:12 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 606.951757] overlayfs: unrecognized mount option "lowerdir" or missing value 20:08:12 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r1 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r0, r1) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r2, r3) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x1800888, &(0x7f0000000340)={[{@upperdir={'upperdir', 0x3d, './bus/file0/file0'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@default_permissions='default_permissions'}, {@metacopy_on='metacopy=on'}, {@index_on='index=on'}, {@index_on='index=on'}], [{@fowner_gt={'fowner>', r0}}, {@euid_lt={'euid<', r2}}]}) chdir(&(0x7f00000001c0)='./bus\x00') mkdir(&(0x7f0000000180)='./file1\x00', 0x1b1) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 607.000929] overlayfs: unrecognized mount option "uπ\6m./bus7orkdir./file1" or missing value [ 607.057428] overlayfs: unrecognized mount option "uπ\6m./bus7orkdir./file1" or missing value [ 607.092425] overlayfs: unrecognized mount option "metacopy=on" or missing value [ 607.128905] overlayfs: filesystem on './bus' not supported as upperdir 20:08:12 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:12 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./bus\x00', 0x6, 0x1) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:12 executing program 1 (fault-call:10 fault-nth:0): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:12 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:12 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) chdir(&(0x7f0000000180)='./file0\x00') keyctl$get_persistent(0x16, r1, r2) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='tmpfs\x00', 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=r0, @ANYBLOB="2c6e725f696e6f6465733d706d29c9606d6f64653d30303030303030303030303030303030303030303230302c61707072616973655f747970653d696d617369672c7569643e", @ANYRESDEC=r1, @ANYBLOB=',pcr=00000000000000000051,smackfstransmute=overlay\x00,fsuuid=41638206-5bfb-8cfe-feeY-\x00Qfcf1f2,subj_role=overlay\x00,audit,fsname=,audit,rootcontext=system_u,\x00']) 20:08:12 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = socket(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) dup(0xffffffffffffffff) sendmsg$nl_route_sched(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="5400000024000b0f00"/20, @ANYRES32=r3, @ANYBLOB="00000000ffffffff000000000800010068686600040002008692a28cd78b20240002801c00010000000000000000000000000000000000000000000000000004000200e41508386bebeeb54a7d01a99c9e8cf9269ad2391c08f81edc4d139bba02d3a19d68c688953287519dc7d6a0829e6122d146b2c9715461d24155cd31ae1ed25147e80dec4aca7b796c10e7f5de62cca63db67f11acdcb24c50c0c9ed881cdfd78c4ad0c16350baab1c0bb599deffc1618e276879fa2a6fe732059452d95b9ce5b1af8a86a55a3a62f8f9a118c10d16f347ba237a0f6c8723bbc82dfd458a0bf574ea402479d2acf260b3f2386db010def9174d3171c11749e59094984335640e773881d771da978eebea3f3efa4620a9"], 0x54}}, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=@deltclass={0x58, 0x29, 0x100, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x8}, {0xf, 0xe}, {0x9, 0x9}}, [@TCA_RATE={0x6, 0x5, {0xf9, 0x1}}, @TCA_RATE={0x6, 0x5, {0x36, 0x5}}, @tclass_kind_options=@c_atm={{0x8, 0x1, 'atm\x00'}, {0x1c, 0x2, [@TCA_ATM_FD={0x8, 0x1, r4}, @TCA_ATM_FD={0x8, 0x1, r0}, @TCA_ATM_FD={0x8, 0x1, r0}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40810}, 0x40000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r6, 0x0, 0x8400fffffffa) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r7, 0x0) preadv(r7, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCEXCL(r7, 0x540c) [ 607.441537] FAT-fs (loop2): bogus number of reserved sectors [ 607.449807] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:13 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="75708a6503000000726b6469723d2e2f666926d6a5ab6c6f776589186c77e779e446730c947bcf662ce81d7d5e9f23bd68d538fb8978ed1afac163280505757c5911d0ad4ea80a5291a021e346f2ab31dfc4f2dec610e25046f1845221dc1469bc9a8046646ea0389a22f4c83b80f07feae1aec46885451c726dc4202e038db5a443650b927b54844b98e5f108a9a059a6a47403d7967766ec503210bee055e4d4468aa7a07d2a1963daf6ffd13ab70f965a7d749d19bc5fc0e5700f3f2286debf057a7bf8798647d4f41dd2e5676a6906f53238b1cd5a39e862d61c9df384fd215447a6bcaa8d70e99874a38178475c58a9df81483b471c16f32deca1779f327faa6747659cf03bd154"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') execveat(0xffffffffffffff9c, &(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000280)=[&(0x7f0000000140)='overlay\x00', &(0x7f0000000180)='}!\x00', &(0x7f0000000240)='+\x00'], &(0x7f0000000480)=[&(0x7f0000000340)='overlay\x00', &(0x7f0000000380)='\'.-&,*((\x00', &(0x7f00000003c0)='-/\'/)#(,\x00', &(0x7f0000000400)=':,\x9f2\x00', &(0x7f0000000440)='overlay\x00'], 0x800) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) recvmsg$can_raw(r0, &(0x7f00000009c0)={&(0x7f0000000600)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @initdev}}}}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000006c0)=""/237, 0xed}, {&(0x7f00000007c0)=""/173, 0xad}, {&(0x7f0000000880)=""/199, 0xc7}], 0x3, &(0x7f0000000980)=""/32, 0x20}, 0x10000) [ 607.499013] overlayfs: filesystem on './bus' not supported as upperdir [ 607.531478] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. 20:08:13 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:13 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@mcast2, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@dev}}, &(0x7f0000000140)=0xe8) mount$fuse(0x0, &(0x7f00000000c0)='./bus/file0\x00', &(0x7f0000000100)='fuse\x00', 0x20002, &(0x7f0000000440)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@blksize={'blksize', 0x3d, 0x1600}}], [{@audit='audit'}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@hash='hash'}, {@subj_type={'subj_type', 0x3d, '$]'}}]}}) syz_mount_image$qnx4(&(0x7f0000000180)='qnx4\x00', &(0x7f0000000240)='./bus/file0\x00', 0x1ff, 0x2, &(0x7f0000000600)=[{&(0x7f0000000540)="cea109089eb667761b6bd8f6e550f1fa10a5935b510e3d3733585be958f61164d7db6fb5243b7987e243475b99ca8eadb4987d604e4629fa600c1e5fc65a2f88529eba73d8efca3967bb5047bcc823a9daa1247dbd1207d2b09d77d083d38da279927662d935451fa3abcbbb6b2b44f2b5b4f4b09e109589fcfc01316cc0c9dc46353665319650397ce1eb9c9705", 0x8e, 0x3f}, {&(0x7f00000006c0)="94185fe08e4c9d0708b7331bb0fff2ac883ce1dfbfd2b2a2538511085bffe7d07bb29fddb79e9f138bad4b7b4763ef2ed11f94487c55e82a32b9f324e4c719f1ddf4867c02051e5e1808fa8b8926d7fcd48264a9daf5969bdf37cc3713efb5d4c1452d0b0e3ccec16156a3e10f0f4ca34589229a876c567daa6068d318fcc7c62e725a8f7f5233505b7345c09c6ebcc9ba94aec5545ebc622662c53d08176084ff9e1a6b46fe28db96a645a7ce332b25d64ab876e6a65523de8f28eca09dc4f89fb206479052085dbe2876c9931eddbecf24f7cd9da9b9b25998a7f1f69b8b6253f57ab33993bf4836e681e9220f43cc20c2", 0xf2, 0x9}], 0x10004, &(0x7f0000000640)={[{'$]'}, {'-{#'}, {'blksize'}], [{@mask={'mask', 0x3d, '^MAY_APPEND'}}]}) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') chdir(&(0x7f00000007c0)='./file1\x00') [ 607.590969] FAULT_INJECTION: forcing a failure. [ 607.590969] name failslab, interval 1, probability 0, space 0, times 0 [ 607.627304] overlayfs: unrecognized mount option "upe" or missing value [ 607.644694] CPU: 0 PID: 14803 Comm: syz-executor.1 Not tainted 4.14.228-syzkaller #0 [ 607.652616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 607.661977] Call Trace: [ 607.664577] dump_stack+0x1b2/0x281 [ 607.668221] should_fail.cold+0x10a/0x149 [ 607.672386] should_failslab+0xd6/0x130 [ 607.676379] kmem_cache_alloc+0x28e/0x3c0 [ 607.680552] getname_flags+0xc8/0x550 [ 607.684368] ? SyS_unlinkat+0x70/0x70 [ 607.688188] do_unlinkat+0x9e/0x5c0 [ 607.691828] ? do_rmdir+0x3c0/0x3c0 [ 607.695466] ? fput+0xb/0x140 [ 607.698583] ? SyS_write+0x14d/0x210 [ 607.702295] ? SyS_read+0x210/0x210 [ 607.705919] ? __do_page_fault+0x159/0xad0 [ 607.710166] ? do_syscall_64+0x4c/0x640 [ 607.714145] ? SyS_unlinkat+0x70/0x70 [ 607.717971] do_syscall_64+0x1d5/0x640 [ 607.721868] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 607.727062] RIP: 0033:0x466459 [ 607.730248] RSP: 002b:00007f57daf07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 607.737963] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 20:08:13 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 607.739227] overlayfs: unrecognized mount option "upe" or missing value [ 607.745233] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 607.745240] RBP: 00007f57daf071d0 R08: 0000000000000000 R09: 0000000000000000 [ 607.745244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 607.745249] R13: 00007fff1c3bfaff R14: 00007f57daf07300 R15: 0000000000022000 20:08:13 executing program 1 (fault-call:10 fault-nth:1): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 607.793328] qnx4: no qnx4 filesystem (no root dir). [ 607.865785] qnx4: no qnx4 filesystem (no root dir). [ 607.905192] overlayfs: filesystem on './bus' not supported as upperdir [ 607.949230] FAULT_INJECTION: forcing a failure. [ 607.949230] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 607.961069] CPU: 1 PID: 14842 Comm: syz-executor.1 Not tainted 4.14.228-syzkaller #0 [ 607.968955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 607.978312] Call Trace: [ 607.980914] dump_stack+0x1b2/0x281 [ 607.984551] should_fail.cold+0x10a/0x149 [ 607.988712] __alloc_pages_nodemask+0x22c/0x2720 [ 607.993480] ? __lock_acquire+0x5fc/0x3f20 20:08:13 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000100)='./bus/file0\x00', 0x0, 0x0, 0x13, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat(r0, &(0x7f00000000c0)='./file1/file0\x00', 0x50080, 0x102) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 607.997723] ? _copy_from_user+0x96/0x100 [ 608.001875] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 608.006723] ? get_pid_task+0x91/0x130 [ 608.010621] ? lock_downgrade+0x740/0x740 [ 608.014779] ? get_pid_task+0xb8/0x130 [ 608.018671] ? proc_fail_nth_write+0x7b/0x180 [ 608.023175] cache_grow_begin+0x91/0x630 [ 608.027238] ? check_preemption_disabled+0x35/0x240 [ 608.032260] cache_alloc_refill+0x273/0x350 [ 608.036592] kmem_cache_alloc+0x333/0x3c0 [ 608.040746] getname_flags+0xc8/0x550 [ 608.044595] ? SyS_unlinkat+0x70/0x70 [ 608.048404] do_unlinkat+0x9e/0x5c0 [ 608.052036] ? do_rmdir+0x3c0/0x3c0 [ 608.052645] overlayfs: filesystem on './bus' not supported as upperdir [ 608.055658] ? fput+0xb/0x140 [ 608.055669] ? SyS_write+0x14d/0x210 [ 608.055679] ? SyS_read+0x210/0x210 [ 608.055691] ? __do_page_fault+0x159/0xad0 [ 608.055700] ? do_syscall_64+0x4c/0x640 [ 608.055708] ? SyS_unlinkat+0x70/0x70 [ 608.055716] do_syscall_64+0x1d5/0x640 [ 608.055731] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 608.055738] RIP: 0033:0x466459 [ 608.055743] RSP: 002b:00007f57daf07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 608.055753] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 608.055758] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 608.055763] RBP: 00007f57daf071d0 R08: 0000000000000000 R09: 0000000000000000 [ 608.055767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 608.055773] R13: 00007fff1c3bfaff R14: 00007f57daf07300 R15: 0000000000022000 20:08:13 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:13 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(0x0) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:13 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file1\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:13 executing program 1 (fault-call:10 fault-nth:2): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:13 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount(&(0x7f00000000c0)=@sg0='/dev/sg0\x00', &(0x7f0000000100)='./file1/file0\x00', &(0x7f0000000180)='efivarfs\x00', 0x4000000, &(0x7f0000000400)='overlay\x00') mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) lsetxattr$security_evm(&(0x7f0000000280)='./bus/file0\x00', &(0x7f0000000380)='security.evm\x00', &(0x7f00000003c0)=ANY=[@ANYBLOB="0405216191c1fdacb3c70566"], 0xc, 0x3) chdir(&(0x7f00000001c0)='./bus\x00') creat(&(0x7f0000000140)='./bus/file0/file0\x00', 0x10) mkdir(&(0x7f0000000340)='./file1\x00', 0x8) unlink(&(0x7f0000000200)='./bus/file0\x00') lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r1 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r0, r1) syz_mount_image$qnx4(&(0x7f0000000240)='qnx4\x00', &(0x7f00000005c0)='./bus/file0\x00', 0x101, 0x8, &(0x7f0000001b40)=[{&(0x7f00000006c0)="778015569f60a81dfb1f4b5d4439d8dd6ae9e1498b7558f5a43dd36a17ef925ad7f0f3993728fabd0d62664173f0351c81cecd258eccff7599a2a914b2ff569c3e9887b7d228769d3934b01c7d2e8915947660d027ab5c9590b72ec85b545313c00a39606ca6871780a097ed055c7c95daaf19cc84a65ebe5e090e4cc195ac14562cc05284ffed8565ebe7c10a06bb53c53d171570319c48c7d2a6e5aa1577d37ef642f5a2de24c0516fa4106d0b7e7db4b68929fae6c09e522869d8ac335c73f137162b59ef73b70dab0a75597b8ab56cf069d7b524325369cc37ad", 0xdc}, {&(0x7f00000007c0)="eb0a5ae0094c9c12b00228c9ba62bdb87f2fe52c04b3780365d3d22e38b1b61adcd2a4797649b6e67c5b5cfa6d3d4f774387aa450cc947e52c76233b5b028fe6186ba0351f207ddeae3d81f17099dacb1b124b38e219be3175cdae5067fc745a9239003f5bca2f20a3b016c84e27442bccaa046d433bcb18c637298cb76bb0f5b5399c9728788de5823a824fdaf41205e0a285e232a0a1c845cce0d9fb9918149727f2bcb811a0e5d90246d7aca46ec9ea6ef850c6d2d034c579454d5f8b160a866864dd33ade694f73e262744fef940fd74a492262c8650579cad76ffd44ec577375bde000b2296aada903404412521a31776679601799de7c0b8a3b7438b01269cef4a0d3cc64f0e0a96b3690a17d08155acab6a7a2b949397a069e44842b53ff12a6abb4b0edf301aadd884c29c07b69c1fd06d73b5bc482c9cd588491c72c6b2225435beae8c7e8960ed21401c9d6235ee04a9dc82a4964e893a67362974d38d85bcce8ed271861144625ace12429c9563b7138957df9f82b3f240cf3d9aca2d5322696287295d001006f7a14df9802b92913b664bf7fc71cddd27cae8ac3c089c42f09507e33b3602fd5bca673ea2642768565abab498d958e316452b269b12e59689fb83edb2f3035be1d5ebe73131c5f96eebdbaeef4b923ae84e385aaca3fcbb12c6c47456b3184251aeee1b4a1e95193d09196f574086a48a300277a5a305fccc81e83ba7ed7c0c68f55aa17158393711e0e2acfa24816a32604d0d725f796dfdda1f3c029f151e1e9bd26baf25b1c9bce4b5e78c647620cabbd8c861a610d6dd197d2a16c4b6524179b2f327ebe476be02f65b8c85c00780473e08a7bd16f85045ee32a6be17439d25efa9a3b8ba8a704791374558407d1410e8ef14400ed900c96fd33bfc7d21308f46812175725febb048b3a0803b6b09868765652061b2b1b844fa357e623e76019603be88407e5caec67cb0ea8669fad024f977a2a48233867b5e65aea1a70b5a70f7d1a08028d255134924db80bbc791cba020cdc8ee71fbd05de9729b6c2ffb5318fc31862e5bb48e0940368d13dc69c286433ddb4e2bddeff3719e183349f9f9ece69ef3cbcf9db6aeb4ed3adc977fffe10ad5356de4f874d9eb204bc5682ca04a8216f19f9a832a76d8b01614f36c6049a30b04b1d4df7b5fc11c987a62f0dd7cdfd70da7d757b664ebce676e96cd7ad9901735f2b28552056623392a129817c05d546881727bda82c94728fc8cdfda2f9bce2376d67f26c252f331c53fb1189f8c33117c4cb686b800d8d2056b4c010d3344caa71e9a3dc63c006e5dac2523ea9b53240a8e345ddb48bfb9ca75a076699144440f0c2f204d8ef54ce1380d12c18fda5ab70c8a651be019a1e27649f53b2424c2e98b597e704934e2775c148a4bccb25e0454bdf3cdcfb74fc23717a79021997476c36297ca404234e8de43a764ea6aa531a9e69287ccc9812e79741f95ffcc347dc6528a68a2b8491cb182663013cfcfa359c0a664257d5b3314a0864dee7ed204655ef88029f1f267c3e288ab68392541bbee4ed2a048c123ab6567831fe4d3da28c0925e5267dad064f06feb31c94f47d295314c29e88d6c8a60a58a1fd6c2665b91b8dd21df6546975e4b8a544c97df5b8b66b227c813fc81177979459c0aef95c9e09c7db72a137f1d4029f818ba89aa14f6c94cfd08efa5eb2dcba7b14c74507d67039a600356ef654a1a224cceb4569e6765a5ce7261f120fc26029db35a807c5da0175d3ad171bdca16b09783ad99d30c1ef185a0ebfde47aef6c2d6410bd99b7294c32f5c6c4cd1b66186217d0248ade48b4c7ac2eb8023d1f078fedd8b72444f8366d718d88e96cf0357ff507d2da9baf44227310ad7d2387fedcbd419f2a1e8fd6c1ea8a2f67b9837f74ad2eb8f46738b7b605cfd18568cbe84387501faae1c071b87c0a1ca5524e2113b0a378df6e474b8d43714f63d279c16737343f466f1c6c74adf5982baa27a111765cea8608908d37f459b3f8a8ee9659fe6cbfd6ea27cfbf4376ec5e9459515344e1464c2ecc6ae525c0e1f9f7d0402e0a6d0efc195cec85281a87bdab8b1f1033bef02aff314ac25d8f36c994e5e845c3a4347d61b958d794b2120abf895a131a001006345e78e963a51e72cbfe5b7b3fa248d799491f5fe24d1020ce15439137f3451a7400e806fc6b673a37adaa5d7124ff44d76d3d01a8e43ccac4ccf96246f9631c3f2511d750e7d67d249015f7688060514be4e42699d02438c8ef3a5de012ff93f7ed46268321a1d6f7da1cf3ea709050bea87beb9ee31378ea53358d743036b232ad8af3e6f57e3c3a511a569076f50248110094a9f5f4b694e549900b90f5e5aa959ac7a8c2961f7899a67315dbbae2073182809fb83b3ba31027bb9bba5a0ea88a7091e2efdb53e2b43e252d6ca2d9aa803345b589b150e4299a9075dc033f4842447af1b27a2d47ca62e1768e50a8082010b009f4ee8154e83280251e309a3088816cd315ca8c8304266502b0caf1a3b215a2fde2c35e9bc3161504e9b63ea1e547284f88383eec76c78f068870ac1e0e61eb5debd0b15459f97912c8c366aa7d3bb0629a0539f1c66aadbcc775c1bc56824ca9c1a4a094d52899a502536d703c6a851196b49f27351c9f6d9dacb6bc44203cec48efbd3c103c34c40ffa6f98736f281a56e65097f2e223662b547baa681bfb806edeea2d70d0105d635190b28c3374a55772173d92c107d2aaba137581568452d72a50a2f70d53a1cecf221bbee7884f703da4078b53af0cba653bce1a43ec9cff942da204c7eec8a64c1121f60e76b705ed83caa690d1c4b422725cb5b7f26f8add2555e9dbd83e611558399558050abced966fea4231ece4f41ac20048c5e3bf745ee5d4576a4749fdf8bd0d973a63dedbbb2fdcf1208312e6d09b8e6b6f42d645e3ca0b86fb4ef6b36fdd69d1bf7b93b564963d9fbc1e4646251f0354cf6275a4c4c24cd984aecdceaa1f3540e6f2c7346f9eef51673beddaedb68f9c4cd222b782b56bc65492b3b820b7a54b1ca75382276ae76dae58c454d2dcd674170d5721aa1c9154291cc94894a0bc3f6be256ec037b42673990beb59c7596b2cc44c98f3b0778efa11ad13eb201bca7daa6f3ae212abeebf7c4321e8eca97aa866b63e928f73d19c8e0436d97e9580d29e11b3bcf7fbd5a5865bda99422228bb86cabbc816814379c61b99acd07f67d60b506a956bffb5df1b3f8431c8abc16f7bd45f890a797a6ddeb46f39da532912bb5bf13561223fa85d7e923a779f1524dc4142fc0e4c96c67fc86522e13e0085d22bd048cae2cedfd899f9fbb90ee19dab469140a4cc9bdc5da4ee076ada17027e52c0228c9e8b1dc3578bf715c34d73ec9b626d033b5055550f12c7bd3feb7ebd50a60a3f97cfbccdc035fd62f1990a8087705d78163607f771c2bff4f1887d7b112901371863f11f0918b04eb2308e82c87f780d9a4db0d3ce42b25d9df1bc463f969b77024175d3fc688faf721f9942296b0ea3267f2af07bfa2b70139bfc5dd52b3811ada6080f435be17ff04548d97c006693f50cdb8bcb64d5b205596300fdec3f9142a1b09461ccd0f4f5e7bcf38df564c4ecc4fffbf831b5eda71446568fbe9ff1cfb47b2985082c1b7e81f2e2a49edb55bda12c22b23fa459e88680953b298fa66759a311b1ff9aee4cad278e800e359768a042b5e9ff7d951e8f32397a1ff84f58ffaa9aacf69a377f66754e65a8be8fd2053f82632707d7ef46f3b1da47155ac25d5896836c2c7093e6dfac21aee2baf7f7749c38f723c3f01d80b3cbedb9b1420207fc5bd414b03a3e8ea4c55d6525f4b0beddfbf3caa392b09fab061f796702a0b17fa16d2e2b5762ceee61b7c1e223679a910f7e73f9f423ea0e7a5bd1bd19f164b745b917f8e7650cc1cfefcd0126f047c4a3cc95ed33f7036e484c381aba6895e777152c3f2d322dbfa9e19ca7104cb35da84cececcf63821c3e601810b39c41331de12e5f585f7afc85223e13d36c328f505e86b1ac412004966196c72b632777fd4b81d672940d4b50f33010e9d11fceab5ed01a5612b877e9256a255d37bb824a1bb819567e0b1698f32a61c9b6ce5f09d6c0fd508211c13f9b19e0cf7a62ae249daea6ed14134504c65561e198cd20fba65d5a8129c90b8c7a69d579d7c01e8624b022a59db8c7451c92865d2e6fbcda634efec73cbce174f7ea03b102741659f3099df116ad2b0d6312b4b767f5c082791a5e16d6201f947be759a1d0256ac6fce175930ea4718ed7c3e7e321e8d689f5ae098154d02deac116e575280f40ed541b482dc289dbedc049c2687b4c642a3972ba20e9886d463558aef89610bfc627fc5f0c58a5bb874d133e9fee9cbd2d495141fb54bd5017cd33ebc9db7b75db31de7706e52aac14fcf58bc406eee2dcd30d973fe594fb27809482b2aa75818b7c53c5f20316367d5dea56fa4d23b3c3f0096f3d9cc49ac528f4fa2644d0436735e23f7f5374b6601af0c781eb9d24edd8f7872d7db94e6e846ccccb84aa8f208694a9f7b8a84909c211d275bc9daa0e03b9ceb1e7d722e74d5beb75f7c90ca3749abe554c8b128a2377bc08f094e74d61caf8d4e4d8777212bdd5121ffe893caef9be44e67251be7726ef41267c5e61fac0d18313c2706f488915f9fb2e44baaea5d8480ff9a58b5ff71b9633f60b44a807be08bd6d8feb67375c7319eaedc15854ca2cefc7fa1508178c068327203e3a21f072e667200758fa3d2ff4a5d266354238a6f8167d3fe4ce6aec01a01f42712f127e0a5372e84d17bff469ee660809022ad96d953eecc437b4cf76081dde68692339842f4496856e9df33b704194e25f61beb89959bd034cc85658c43091ede79e809f680b27f6d22c2ab9539a606faf7a1b2ab90a41aea556adeb5355edf090fabca030816e63f76f0a314ed7c5c62d003ccd0e602601bf25924456c2d37461fb40671dbabd941437267baeb984ec08b80cf829dd4dd784af7def40ea2f8a097ad80de20ecc285c90b71144f283122d767f4beb178cf1ded63459a808a7f9ad7d14f4e16e9d6553b82e1a4a4ffe4e35f8d4a5e86af2fe1bfeb478da7d66ebb66b904cff5c660c51c95c3bedfe2d1fafc4ff2767f5f7cb40ed5f18db2fc8144ec39d7726014e56ca3382eb429d735db94cd4f7d64133321f703b30de189f7ac3330451caeb643563204ae025ce45dab7658bdf3fa691b9b3fe8c9fe8ad9af6344ac66c08a126f0ff06a3c1deaf727064fe73ab3b7d082d82a623199c306d7e06df5fb025d08ad62157f1136cded241b692fdd2e6adef48bae1ac2df502d7df255aad0157d3991afbd57a7287bdf8c5a3e14eb52d8dc5be5b9612b3908c827c732625b6369861ba944034186e6170c423f1237056fbc0ddfac25d44cb53064cd0ef6e467ec254e8ed54ddfd565b7d32b7f2b990177b9205116ca8b2f197a1c9371aedad2d6a8db0d32e1ea2f2072c50a9fb52129ebdd39ceba2ffd89a4ff8edf132d8b197c73e80d13ad87d5d95de7dfc96d3971ca1613572507778f687357b0bc20a3287b1a87a8e928a262e9f60e434e012dc4bdff38bc179a37200640877cb3a5bf30f370f8be6d3f322625ee2dd3edb42dce94895f55bdb0843e111109182d2f8d71e23ca1fdd8710017fa4397fa8d03ce4ef02a4c28af0cdf9314b473b64e0172d178d234de6be1d1c7f99f52740e413366b14d6d5e3523e3ea3299be0543480a6b05584a7da764f7", 0x1000, 0x101}, {&(0x7f00000017c0)="078470701322b877e5c5211bee0a15401b55fc83cf5039c2c8119234d1dac6ca694c4140e8f9924b039cfdf2df869d75ac50fa63c47e8477c7673ba714403178a7b321250410d5f9d219125db720944115ad6203da2c434cb2d621664607ec3d914c90d6705947075f58f7beb118bc4f5aa06b4fd907ac1c8e4d57b63d077f2ad7abfc469430b6493858b175fd52d1228b1ec45452da591702d73a83cca61b3e90702406945fcde523a732190cc5268ee27af6038eec65ad1546ed9ee57cadf185155e99018b7ee2a0f1efca2ad2207d0534807e2c5d0f3b777160ea0f0cf56d3a936d74c634e05ba0a80296", 0xec, 0x3}, {&(0x7f0000000600)="5ec87140cde159a00eed7efcc13c873075e0d9feba6bb7ef301364e76bf5b5e685ef2559856409e18b4bcb397f1e10e1aa9e922f8aef4604e8dfa1f04404fbfcff978f210d2b90f73c07cad975520836b4c5f0b78d3fef2f6d0a70a49a", 0x5d, 0x10000}, {&(0x7f00000018c0)="de5c526fef2603fe238c0f29af78f97c16", 0x11, 0xffffffffffffff01}, {&(0x7f0000001900)="23502facbf338377ea4b1933097bf282196436c596aae1c96518d955d3b2b82e277e60d6bcfe62512b1e7bbcffc5ec7f834f64fe1690b74db158c098b1797e38b41c34a6420a87fb864637f1a4f6d11c0a057bce216df7a9bf89a4290b0cbd47c2a3ed68d8", 0x65, 0x7}, {&(0x7f0000001980)="7c3ef09719647d157bffee138fce3de9de3352dbb3f95b064acd7cf04a4d449647d7751a0e4db051dfeb71cd3e7aefdefedd8508e6e0f0f9fe02b17d34e2b3d79641dd9692cfb86d39d8c02f8dbe9db15153ef4c8c705a292942ba132a1207a192715a31227b7a54a7ea963a841236dece9d85de19bd55979d020d9853185cab1e6e327088e1be7c8133fa4a5d85304159fba65c5f6271410b0f4b740a23f5d825a420c25eb69c3248bd2663fd87c1c68304dfb6009edbfe2dd152f50996908109f4d7bd3ffc7832f0ce5b1a72c060916a62c8c7abc79b16d438f6fe559e", 0xde, 0x5}, {&(0x7f0000001a80)="fb2494ff3ac93814429592921045aa23b6210a1b792435b03eb47cd40753517778ec26c18a2533909d7a23fc41934272737b7fedb682babaaa0ccd59023ae63a81de7ead7ce789b571dc27103eda030774fac598cc89574aeb6c75f35c77869465c391ebeecddc505560b90c16c00af3a20b2fde99c2cf3c822cd845bfc7b6816dccfad12bd8da892cd080c1efd022a263", 0x91, 0x8001}], 0x10002c4, &(0x7f0000001c00)={[{'-:.(['}, {}], [{@euid_gt={'euid>', r0}}, {@obj_role={'obj_role', 0x3d, '.'}}, {@appraise='appraise'}, {@seclabel='seclabel'}]}) setxattr$trusted_overlay_upper(&(0x7f0000000440)='./bus\x00', &(0x7f0000000480)='trusted.overlay.upper\x00', &(0x7f00000004c0)={0x0, 0xfb, 0xe1, 0x4, 0x9, "45cc9e91e4161bab5d2d551c7f556974", "e2fd2d537227fb86e051fba641183caa882028aededb7d7f043d647e5b6d165a5342dccab58541ff8f189c2a1c7451d84d6b49ddb83b46a33751cc6f52f3ac96641fc150587c12cd2b7b49ba7f02b4026b34e1b28b3f6b80579a0eed0d61f8406ccf6d4102e400a7ce33ea8deb1d7822496cf2dd4b5f272d8d1f10bdc53a26dbe85c82d75d97ac326484aa8369a2518970dff881e79e401b8ddff78671fb848e475a672cb4d9065689eb519cbf4c2cf4fc6c0662b040788edbde224f6e9ba9f0b2e545985de9cae5e41a0e7c"}, 0xe1, 0x0) [ 608.325363] FAT-fs (loop2): bogus number of reserved sectors [ 608.336851] FAT-fs (loop2): Can't find a valid FAT filesystem [ 608.351799] overlayfs: missing 'lowerdir' [ 608.351981] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. 20:08:13 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:13 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000000100)={{r1}, 0x0, 0x4, @inherit={0x80, &(0x7f0000000080)={0x0, 0x7, 0x2, 0xd5, {0x4, 0x9, 0xf000000000000000, 0x840, 0x3}, [0x0, 0x4268, 0xa7, 0x1f, 0x8e, 0x80d, 0xfffffffffffffffb]}}, @devid}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000001100)='/dev/btrfs-control\x00', 0x21a000, 0x0) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000001180)={0x3, &(0x7f0000001140)=[{}, {}, {}]}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) [ 608.423724] FAULT_INJECTION: forcing a failure. [ 608.423724] name failslab, interval 1, probability 0, space 0, times 0 20:08:13 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065726469723d322f6275732c776f726b646972dc21fd9e816162436469723d2e"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 608.466645] overlayfs: missing 'lowerdir' [ 608.504431] CPU: 0 PID: 14871 Comm: syz-executor.1 Not tainted 4.14.228-syzkaller #0 [ 608.512355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 608.521719] Call Trace: [ 608.524317] dump_stack+0x1b2/0x281 [ 608.527959] should_fail.cold+0x10a/0x149 [ 608.532116] should_failslab+0xd6/0x130 [ 608.536097] kmem_cache_alloc+0x28e/0x3c0 [ 608.540253] __d_alloc+0x2a/0xa20 [ 608.543717] d_alloc+0x46/0x240 [ 608.547001] __lookup_hash+0x101/0x270 [ 608.550894] do_unlinkat+0x219/0x5c0 [ 608.554612] ? do_rmdir+0x3c0/0x3c0 [ 608.558234] ? fput+0xb/0x140 [ 608.561403] ? SyS_write+0x14d/0x210 [ 608.565095] ? SyS_read+0x210/0x210 [ 608.568808] ? __do_page_fault+0x159/0xad0 [ 608.573067] ? do_syscall_64+0x4c/0x640 [ 608.577024] ? SyS_unlinkat+0x70/0x70 [ 608.580860] do_syscall_64+0x1d5/0x640 [ 608.584733] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 608.589901] RIP: 0033:0x466459 [ 608.593079] RSP: 002b:00007f57daf07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 20:08:14 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000240)='bpf\x00', 0x400, &(0x7f0000000440)={[{@mode={'mode', 0x3d, 0x2}}, {@mode={'mode', 0x3d, 0x7fffffff}}, {@mode={'mode', 0x3d, 0x200}}, {@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x100000000}}, {@mode={'mode', 0x3d, 0x9}}], [{@fsname={'fsname', 0x3d, '!:'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'xfs\x00'}}, {@euid_lt={'euid<', 0xee00}}]}) chdir(&(0x7f00000001c0)='./bus\x00') syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./bus/file0\x00', 0x6, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140), 0x0, 0x7}], 0x4000, &(0x7f0000000340)={[{@qnoenforce='qnoenforce'}, {@filestreams='filestreams'}, {@logbufs={'logbufs', 0x3d, 0x8}}, {@prjquota='prjquota'}, {@largeio='largeio'}, {@grpquota='grpquota'}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@fowner_eq={'fowner', 0x3d, 0xee00}}, {@fsmagic={'fsmagic', 0x3d, 0x80000000}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@pcr={'pcr', 0x3d, 0x2}}, {@smackfsroot={'smackfsroot', 0x3d, '*'}}, {@dont_measure='dont_measure'}, {@dont_appraise='dont_appraise'}, {@context={'context', 0x3d, 'root'}}]}) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:14 executing program 1 (fault-call:10 fault-nth:3): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 608.600774] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 608.608034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 608.615286] RBP: 00007f57daf071d0 R08: 0000000000000000 R09: 0000000000000000 [ 608.622533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 608.629780] R13: 00007fff1c3bfaff R14: 00007f57daf07300 R15: 0000000000022000 20:08:14 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 608.759016] overlayfs: unrecognized mount option "workdir!abCdir=." or missing value [ 608.788606] overlayfs: filesystem on './bus' not supported as upperdir [ 608.809839] overlayfs: unrecognized mount option "workdir!abCdir=." or missing value [ 608.818590] FAULT_INJECTION: forcing a failure. [ 608.818590] name failslab, interval 1, probability 0, space 0, times 0 [ 608.844935] CPU: 0 PID: 14904 Comm: syz-executor.1 Not tainted 4.14.228-syzkaller #0 20:08:14 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 608.852857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 608.862223] Call Trace: [ 608.864823] dump_stack+0x1b2/0x281 [ 608.868459] should_fail.cold+0x10a/0x149 [ 608.872613] should_failslab+0xd6/0x130 [ 608.876592] __kmalloc+0x2c1/0x400 [ 608.880135] ? ovl_lookup+0x4d3/0x1120 [ 608.884026] ovl_lookup+0x4d3/0x1120 [ 608.887747] ? fs_reclaim_release+0xd0/0x110 [ 608.892163] ? ovl_path_next+0x200/0x200 [ 608.896226] ? __d_alloc+0x2a/0xa20 [ 608.899852] ? d_alloc+0x1c7/0x240 [ 608.903399] ? lock_acquire+0x170/0x3f0 [ 608.907547] ? lock_downgrade+0x740/0x740 [ 608.911692] ? _raw_spin_unlock+0x29/0x40 [ 608.915821] ? d_alloc+0x1cc/0x240 [ 608.919344] __lookup_hash+0x1bb/0x270 [ 608.923211] do_unlinkat+0x219/0x5c0 [ 608.926941] ? do_rmdir+0x3c0/0x3c0 [ 608.930547] ? fput+0xb/0x140 [ 608.933629] ? SyS_write+0x14d/0x210 [ 608.937322] ? SyS_read+0x210/0x210 [ 608.940925] ? __do_page_fault+0x159/0xad0 [ 608.945153] ? do_syscall_64+0x4c/0x640 [ 608.949104] ? SyS_unlinkat+0x70/0x70 [ 608.952881] do_syscall_64+0x1d5/0x640 [ 608.956749] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 608.961914] RIP: 0033:0x466459 [ 608.965098] RSP: 002b:00007f57daf07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 608.972780] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 608.980045] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 608.987293] RBP: 00007f57daf071d0 R08: 0000000000000000 R09: 0000000000000000 [ 608.994541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 609.001789] R13: 00007fff1c3bfaff R14: 00007f57daf07300 R15: 0000000000022000 20:08:14 executing program 2: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r0, 0x800) r1 = socket(0x10, 0x3, 0x10001) r2 = socket(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r0, 0x0, 0x2) setsockopt$inet_dccp_buf(r0, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r0, r5, 0x0, 0x8400fffffffa) 20:08:14 executing program 1 (fault-call:10 fault-nth:4): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:14 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000100)='./bus/file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat(r0, &(0x7f00000000c0)='.\x00', 0xc200, 0xc6) 20:08:14 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f9665726069723d2edc1d357a9d3c9b5b9237670890616a44bc9b1343c3a9459c02ee30ed84da27f2e7e3853b6cdb7418d5cb70d7f3021e4cac39b1ad288f93933c13e16b8b702052f5db940dec6e57eb86c33b2124a57ecab0b4f9b7febab81ecd756a37ba6e70085124cc379754282b4f5ce25f25da08e209917377722f6778212bec02086c3d2271047d3d39e75fbcb8a4ed4f4c0ef7451136386d05639ce457f58f033bae965c9660007bf0999f0979422b33078087f65ca7c1bbd983ec32abee38fbd2dd04d3872bca526a4460ac52293dad96f488e52f823b1e57659f203f08aae5e11298b5444473274226e4a9ce5424337284543bf50add06f91f8cb7c54344530a5bac36382054cd48ad55b5dca5f5b7a25740eb15aff26a81cf26216bc818f3ad5141d73693558ae541e048587a9d0229caad4cb9ebc891b1c4b08502ae4b0aae6a6ea91964d91da97affd1327c893467aa0ac35c520cd4ebbcd009d7625af5be1fae35daf20eb8ae848912a11f3bfbb2d45aceebbd65f1"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:14 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 609.222455] overlayfs: unrecognized mount option "loer`ir=.5z<[7gajDCéE0';ltpL9(<kp R۔nW;!$~ʰuj7npQ$7T(+O\_% swr/gx!+l="q}=9_OLE68mcW;\`" or missing value [ 609.234967] FAT-fs (loop2): bogus number of reserved sectors [ 609.255422] FAULT_INJECTION: forcing a failure. [ 609.255422] name failslab, interval 1, probability 0, space 0, times 0 [ 609.283041] overlayfs: filesystem on './bus' not supported as upperdir [ 609.290556] FAT-fs (loop2): Can't find a valid FAT filesystem [ 609.303002] CPU: 0 PID: 14935 Comm: syz-executor.1 Not tainted 4.14.228-syzkaller #0 [ 609.310905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.312926] overlayfs: unrecognized mount option "loer`ir=.5z<[7gajDCéE0';ltpL9(<kp R۔nW;!$~ʰuj7npQ$7T(+O\_% swr/gx!+l="q}=9_OLE68mcW;\`" or missing value [ 609.320256] Call Trace: [ 609.320301] dump_stack+0x1b2/0x281 [ 609.320315] should_fail.cold+0x10a/0x149 [ 609.320334] should_failslab+0xd6/0x130 [ 609.354437] kauditd_printk_skb: 8 callbacks suppressed [ 609.354445] audit: type=1804 audit(1617134894.792:2593): pid=14950 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1054/file1/bus" dev="sda1" ino=14982 res=1 [ 609.356123] __kmalloc+0x2c1/0x400 [ 609.356136] ? ovl_alloc_entry+0x1e/0x70 [ 609.392278] ovl_alloc_entry+0x1e/0x70 [ 609.396148] ovl_lookup+0x724/0x1120 [ 609.399845] ? ovl_path_next+0x200/0x200 [ 609.403892] ? __d_alloc+0x2a/0xa20 [ 609.407506] ? d_alloc+0x1c7/0x240 [ 609.411029] ? lock_acquire+0x170/0x3f0 [ 609.414984] ? lock_downgrade+0x740/0x740 [ 609.419112] ? _raw_spin_unlock+0x29/0x40 [ 609.423235] ? d_alloc+0x1cc/0x240 [ 609.426761] __lookup_hash+0x1bb/0x270 [ 609.430650] do_unlinkat+0x219/0x5c0 [ 609.434345] ? do_rmdir+0x3c0/0x3c0 [ 609.437999] ? fput+0xb/0x140 [ 609.441091] ? SyS_write+0x14d/0x210 [ 609.444785] ? SyS_read+0x210/0x210 [ 609.448393] ? __do_page_fault+0x159/0xad0 [ 609.452622] ? do_syscall_64+0x4c/0x640 [ 609.456584] ? SyS_unlinkat+0x70/0x70 [ 609.460367] do_syscall_64+0x1d5/0x640 [ 609.464300] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 609.469520] RIP: 0033:0x466459 [ 609.472699] RSP: 002b:00007f57daf07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 20:08:15 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 609.480394] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 609.487660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 609.494923] RBP: 00007f57daf071d0 R08: 0000000000000000 R09: 0000000000000000 [ 609.502174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 609.509425] R13: 00007fff1c3bfaff R14: 00007f57daf07300 R15: 0000000000022000 [ 609.570825] audit: type=1804 audit(1617134895.062:2594): pid=14953 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1198/bus" dev="sda1" ino=14975 res=1 20:08:15 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x71e41b09c4af3161, &(0x7f0000000340)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@default_permissions='default_permissions'}, {@nfs_export_off='nfs_export=off'}, {@workdir={'workdir', 0x3d, './bus'}}, {@xino_on='xino=on'}], [{@uid_eq={'uid', 0x3d, 0xee00}}, {@hash='hash'}, {@smackfsroot={'smackfsroot', 0x3d, '$#'}}, {@hash='hash'}, {@context={'context', 0x3d, 'root'}}, {@fowner_gt={'fowner>'}}]}) 20:08:15 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b3d2e2f66696c652e2c6c6f7765726469723d2e41b0cf25bc59af2176abac54a3d90f3fa5221d02ea1aa12b5dea54f57a3c89793e294eca2ed555bac5cc571255588bcc70de01656f47fa2b2a726141a355163f4a551955df5d57434d2cfb1f8c78f64b2a1596498108c82d10e635fa35e34afb"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:15 executing program 1 (fault-call:10 fault-nth:5): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 609.620266] audit: type=1804 audit(1617134895.092:2595): pid=14892 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1198/bus" dev="sda1" ino=14975 res=1 20:08:15 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 609.686908] overlayfs: unrecognized mount option "work=./file." or missing value [ 609.719049] FAULT_INJECTION: forcing a failure. [ 609.719049] name failslab, interval 1, probability 0, space 0, times 0 [ 609.744998] overlayfs: unrecognized mount option "work=./file." or missing value [ 609.760309] CPU: 1 PID: 14971 Comm: syz-executor.1 Not tainted 4.14.228-syzkaller #0 [ 609.768231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.768556] overlayfs: filesystem on './bus' not supported as upperdir [ 609.777591] Call Trace: [ 609.777613] dump_stack+0x1b2/0x281 [ 609.777629] should_fail.cold+0x10a/0x149 [ 609.777643] should_failslab+0xd6/0x130 [ 609.777655] kmem_cache_alloc+0x28e/0x3c0 [ 609.777667] getname_flags+0xc8/0x550 [ 609.777678] do_unlinkat+0x9e/0x5c0 [ 609.777689] ? do_rmdir+0x3c0/0x3c0 [ 609.777701] ? fput+0xb/0x140 [ 609.777709] ? SyS_write+0x14d/0x210 [ 609.777717] ? SyS_read+0x210/0x210 [ 609.777725] ? __do_page_fault+0x159/0xad0 [ 609.777737] ? do_syscall_64+0x4c/0x640 [ 609.832457] ? SyS_unlinkat+0x70/0x70 [ 609.836275] do_syscall_64+0x1d5/0x640 [ 609.840176] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 609.845379] RIP: 0033:0x466459 [ 609.848654] RSP: 002b:00007f57daf07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 609.856360] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 609.863632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 609.870902] RBP: 00007f57daf071d0 R08: 0000000000000000 R09: 0000000000000000 [ 609.878174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 609.885450] R13: 00007fff1c3bfaff R14: 00007f57daf07300 R15: 0000000000022000 20:08:15 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) statx(0xffffffffffffff9c, &(0x7f0000000340)='./bus\x00', 0x2000, 0x10, &(0x7f0000000380)) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c000000f703100029bd7000fcdb14644c26df250b000000070000002e2f6275732f66696c65302e2f66696c"], 0x2c}, 0x1, 0x0, 0x0, 0x40001}, 0x24000000) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX]) openat(0xffffffffffffff9c, &(0x7f0000000140)='./bus/file0\x00', 0x240, 0x20) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:15 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065726469192f000000000000776f726b6469723d2e2f6669deb9f7c31c6ebdb5d265312c6c6f"]) stat(&(0x7f0000000140)='./file1\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000004c40)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r2, @ANYRES32=r2, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB], 0x8c, 0x0) stat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000004c40)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r4, @ANYRES32=r4, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB], 0x8c, 0x0) r5 = getegid() fstat(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getgid() setxattr$system_posix_acl(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='system.posix_acl_default\x00', &(0x7f0000000a00)=ANY=[@ANYBLOB="02000000010006000000000002000200", @ANYRES32=r0, @ANYBLOB="02000500", @ANYRES32, @ANYBLOB="02000300", @ANYRES32, @ANYBLOB="040001000000000008000600", @ANYRES32=r2, @ANYBLOB="08000500", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0xee00, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0xee01, @ANYBLOB="08000500", @ANYRES32=r4, @ANYBLOB="08000200", @ANYRES32=r5, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r6, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r7, @ANYBLOB="10000300000000002000020000150d848b9fe39e4909000000"], 0x84, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) r8 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000900)='/proc/thread-self/attr/current\x00', 0x2, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000500)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000880)=[{&(0x7f0000000580)="9a396581471a379fcfd135b7d31be373e9929b78c8cf2dd6da376a90f35b97e83394feb6870d1505609f608f702db658a6b9cd596d9c70dc7011d295ab36c6e031decfb6e7bc6f4f2feae44377fae4bec27a030eb267f96344", 0x59}, {&(0x7f00000006c0)="10546658afb281267f873e09c3ca3fdae181ce9a3b3e8365e3a152bc9b96c419983f47420385abde70613977fd4e55801a83a0e7d8134fff40274c37140ebd40abcc3bc76855acf67d46681ebf0f58e960e68398de8532b82e63d47fd2df4b43ce6d6d7c0ac38cf87a0af2392750d11af2619f5b22a186d8c43d17bb34ce7cc80451e76f442657e12c4388113f77ae49a68f", 0x92}, {&(0x7f0000000600)="f3b8787203f29a420e5df43cd849e049ef222b9bb21bfe73e086396749cbfe3eed244e8a482cc9859b467333ee0e94d93f5bfc086458f84f5ef71272e5b34feca75d85d9fc95ab8c3ef9396af0d80d41feeb4102e423489672a14434a4e9f31590c888e43e0930015678420162e38caa09f6cb0d0152c49cb61f", 0x7a}, {&(0x7f0000000780)="2ed8bc4c31e65e3d16243a9b1d03b0f3fdef89269876e298da9b004fabfd68f859d4abe5fd18e2cd1c23342b0ef0be474823c64ba93917b43278d0708507dde038ba7507940813f516bc7be9", 0x4c}, {&(0x7f0000000800)="8cb089ab33e735d3ecb8c2c81acce3332a72a74cc0321fd40e3b251ffdea53da3eb74f16d4cd6d0e99b668753a32665c194618dc97d6d5e2aef1819c5754d3cb4a9639c76e65fa94d1ba50dd7dcae4c78da091fd76ecfae6b6036f6bc797921b0b5e22c8db975ada899b0804d558495a0b996dc7fd5f7908db5e", 0x7a}], 0x5, &(0x7f0000000940)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, r1}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r3, r6}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r8]}}], 0x78, 0x4004005}, 0x8000) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:15 executing program 2: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r0, 0x800) r1 = socket(0x10, 0x3, 0x10001) r2 = socket(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r0, 0x0, 0x2) setsockopt$inet_dccp_buf(r0, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r0, r5, 0x0, 0x8400fffffffa) 20:08:15 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 610.008544] overlayfs: unrecognized mount option "0xffffffffffffffff" or missing value [ 610.055356] overlayfs: unrecognized mount option "0xffffffffffffffff" or missing value [ 610.071842] overlayfs: unrecognized mount option "upperdi/" or missing value 20:08:15 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f6669000000006c6f776572935230c08ba5145a2e1e288ea8f09fc6fdc59329abb2f02bf712e23ac809a985b2f9669bdccf680956a711a78dccee24671f8046d918629cb859c4682dad1b0873cb7417f4"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000240)='./bus\x00') chdir(&(0x7f00000001c0)='./bus\x00') rename(&(0x7f00000000c0)='./bus/file0\x00', &(0x7f0000000100)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:15 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f00000d1000/0x3000)=nil, 0x3000, 0x3800001, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x0, 0xd9f, 0x40000000) dup(r0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid\x00', 0x800, 0x0) r4 = creat(&(0x7f00000000c0)='./bus\x00', 0xb2) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00', 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_SPLIT(r5, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000340)={0x44, r6, 0x1, 0x0, 0x0, {}, [{{@pci={{0x0, 0x1, 'pci\x00'}, {0x0, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x8}}]}, 0x44}}, 0x0) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r4, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0x128, r6, 0x431, 0x70bd25, 0x25dfdbfd, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}}]}, 0x128}, 0x1, 0x0, 0x0, 0x800}, 0x40000) fcntl$setsig(r3, 0xa, 0x10) [ 610.106845] FAT-fs (loop2): bogus number of reserved sectors [ 610.142372] overlayfs: unrecognized mount option "upperdi/" or missing value [ 610.151472] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:15 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:15 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65e5367f2b471b8c312c6c6f775c1a70866565720b6755f93787c4166fa374acfe5ecfb437d314a3af5884134b8d975bfb4babd6651ff01e73bb1ea63c661c522624d5bf0fe83e8f48f8379cad01be8a66e9a27cb28e47f595b79c56a235947dac3b59415a907c899ef272487a31b6df9ef20d0ddc3e980a55485172269b74580f151ce61ed21d2bd6a30caad4e7b672dbf817bdd2dc7044077460abd15ca9431fb46ac0e381bda10bc98cc940ac0770f19ddc09b78f70fbc7b48a0ecbe06ba12e4138a32144f5eccaa4261c15b11bd9745ae061a139ae17c4d2335a47074ddbdb65ecfd32f803a7c873"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 610.195206] overlayfs: missing 'lowerdir' [ 610.212573] audit: type=1804 audit(1617134895.703:2596): pid=15005 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1199/bus" dev="sda1" ino=14963 res=1 [ 610.263152] overlayfs: missing 'lowerdir' 20:08:15 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:15 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) creat(&(0x7f0000000340)='./bus\x00', 0x42) chdir(&(0x7f0000000180)='./bus/file0\x00') mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.upper\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="00fb3102407cb53a0000000086a0e908dc67fb0132c93cfa49b64c2922ce53c5ada1cf5ebaf9ee86b66638126ba326555c"], 0x31, 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) unlink(&(0x7f0000000240)='./file1/file0\x00') chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 610.292697] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. [ 610.325750] audit: type=1804 audit(1617134895.733:2597): pid=14995 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1055/file1/bus" dev="sda1" ino=14154 res=1 [ 610.353334] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. [ 610.363546] overlayfs: unrecognized mount option "low\peer gU7ot^ϴ7XK[KesH7f|GV5};YAZ|rHz1ߞ> [ 610.363546] UHQr&tX+֣ rpDt`\Cjぽ Ɍ@p pǴk.A8!Dʤ&tZa93ZGMe2s" or missing value [ 610.436024] audit: type=1804 audit(1617134895.783:2598): pid=15016 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1199/bus" dev="sda1" ino=14963 res=1 20:08:16 executing program 1 (fault-call:10 fault-nth:6): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:16 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x6) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x2f, 0x8, 0xff, 0xde65, 0xa, @local, @dev={0xfe, 0x80, [], 0x10}, 0x80, 0x1, 0x800, 0x1f}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@newtclass={0x24, 0x28, 0x10, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x1, 0x8}, {0xe, 0x2}, {0xa, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x9000) lseek(r1, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:08:16 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:16 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') open(&(0x7f00000000c0)='./bus/file0\x00', 0x0, 0x4) [ 610.476047] overlayfs: unrecognized mount option "low\peer gU7ot^ϴ7XK[KesH7f|GV5};YAZ|rHz1ߞ> [ 610.476047] UHQr&tX+֣ rpDt`\Cjぽ Ɍ@p pǴk.A8!Dʤ&tZa93ZGMe2s" or missing value [ 610.518878] audit: type=1804 audit(1617134895.843:2599): pid=15020 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1199/bus" dev="sda1" ino=14963 res=1 [ 610.547315] audit: type=1804 audit(1617134895.843:2600): pid=15016 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1199/bus" dev="sda1" ino=14963 res=1 [ 610.573660] audit: type=1804 audit(1617134896.043:2601): pid=15037 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1200/bus" dev="sda1" ino=14984 res=1 [ 610.599810] audit: type=1804 audit(1617134896.093:2602): pid=15037 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1200/bus" dev="sda1" ino=14984 res=1 [ 610.675895] overlayfs: filesystem on './bus' not supported as upperdir [ 610.692539] FAULT_INJECTION: forcing a failure. [ 610.692539] name failslab, interval 1, probability 0, space 0, times 0 [ 610.712909] CPU: 1 PID: 15045 Comm: syz-executor.1 Not tainted 4.14.228-syzkaller #0 [ 610.720827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 610.730194] Call Trace: [ 610.732792] dump_stack+0x1b2/0x281 [ 610.736438] should_fail.cold+0x10a/0x149 [ 610.740597] should_failslab+0xd6/0x130 [ 610.744578] __kmalloc+0x2c1/0x400 [ 610.748121] ? ovl_lookup+0x4d3/0x1120 [ 610.752014] ovl_lookup+0x4d3/0x1120 [ 610.755731] ? fs_reclaim_release+0xd0/0x110 [ 610.760147] ? ovl_path_next+0x200/0x200 [ 610.764217] ? __d_alloc+0x2a/0xa20 [ 610.767846] ? d_alloc+0x1c7/0x240 [ 610.771421] ? lock_acquire+0x170/0x3f0 [ 610.775387] ? lock_downgrade+0x740/0x740 [ 610.779528] ? _raw_spin_unlock+0x29/0x40 [ 610.783661] ? d_alloc+0x1cc/0x240 [ 610.787189] __lookup_hash+0x1bb/0x270 [ 610.791058] do_unlinkat+0x219/0x5c0 [ 610.794766] ? do_rmdir+0x3c0/0x3c0 [ 610.798384] ? fput+0xb/0x140 [ 610.801468] ? SyS_write+0x14d/0x210 [ 610.805171] ? SyS_read+0x210/0x210 [ 610.808797] ? __do_page_fault+0x159/0xad0 [ 610.813014] ? do_syscall_64+0x4c/0x640 [ 610.816979] ? SyS_unlinkat+0x70/0x70 [ 610.820769] do_syscall_64+0x1d5/0x640 [ 610.824668] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 610.829860] RIP: 0033:0x466459 [ 610.833028] RSP: 002b:00007f57daf07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 610.840723] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 610.847978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 610.855251] RBP: 00007f57daf071d0 R08: 0000000000000000 R09: 0000000000000000 [ 610.862537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 610.869791] R13: 00007fff1c3bfaff R14: 00007f57daf07300 R15: 0000000000022000 20:08:16 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$SOUND_MIXER_READ_RECMASK(r0, 0x80044dfd, &(0x7f0000000080)) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:08:16 executing program 5: clone(0x4000, &(0x7f00000000c0)="6c1cb458ee17e46bebf0ccdbc74c9e0f397a5879ed18f953444dc71bdc8888cdcba2db646412cf96ed49ad7720ba98467826e1a4e49f46f432a9935108ee1a75ad309cace7efb67fdf1ec061eec65b2b48f0f44d16f50140bf8a32c4bb48acd73fbac6c7d5401f536d7df773ae00f76ba307789b6b5aa99ddd94097567dafde4303fc2b6742317", &(0x7f0000000180), &(0x7f0000000240), &(0x7f0000000340)="281d5accd9b39296a87df8a6065450e1622ffa98b0657fbb42c2be5b8c80ead608dafe610fe060df1095209cdc269f469228d29feb137c3214f4867c9a2adceb9cba4193d0246f89db27429b82153d8f74b95c863d025d93f3561fe43f338c571c0f716ca829fe9ca16b6ee2a92935d88581aa6bd197796fba2d8d3b8a7a88dd321c96e7227855ff94f8791ab00cde2ef22dd79a47575175110987b60817bbf87e0e0ec1281d85f90388e0c7909ff71b6cf2a1d0c2bbe34aa2f9adcb7fd28d329b12dc0a65ec1d73d5abc3139950a42594b482f237b046ee859db917af63ffdfc21918600f12cf76205a536ae104d9f3bf") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:16 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:16 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') lsetxattr$security_ima(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='security.ima\x00', &(0x7f0000000140)=@sha1={0x1, "18f5e3e099cbe15a7dc4a1626cdb78eb1473b87b"}, 0x15, 0x2) 20:08:16 executing program 2: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r0, 0x800) r1 = socket(0x10, 0x3, 0x10001) r2 = socket(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b1a3b1e4ae47798"], 0x86) lseek(r0, 0x0, 0x2) setsockopt$inet_dccp_buf(r0, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r0, r5, 0x0, 0x8400fffffffa) 20:08:16 executing program 1 (fault-call:10 fault-nth:7): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:16 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 611.036165] FAT-fs (loop2): bogus number of reserved sectors [ 611.036549] FAULT_INJECTION: forcing a failure. [ 611.036549] name failslab, interval 1, probability 0, space 0, times 0 [ 611.075042] FAT-fs (loop2): Can't find a valid FAT filesystem [ 611.102106] CPU: 0 PID: 15064 Comm: syz-executor.1 Not tainted 4.14.228-syzkaller #0 [ 611.110032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.119381] overlayfs: filesystem on './bus' not supported as upperdir [ 611.126062] Call Trace: [ 611.128668] dump_stack+0x1b2/0x281 [ 611.132332] should_fail.cold+0x10a/0x149 [ 611.136497] should_failslab+0xd6/0x130 [ 611.140480] kmem_cache_alloc+0x28e/0x3c0 [ 611.144633] __d_alloc+0x2a/0xa20 20:08:16 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x58a00, 0x54) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="75706c65726469723d2e2f6275730c776f416b6469723d2e2e66696c65312c6c6f776572a89b3506b058d0d3e71f1b09000000000000001157fa80e6913bb50bbe938aae0814724ea0b933c95e46165fa38d0146558def43c952726b15c5b19dfe2a4b66ed00"/111]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 611.145314] overlayfs: filesystem on './bus' not supported as upperdir [ 611.148083] ? d_lookup+0x172/0x220 [ 611.158384] d_alloc+0x46/0x240 [ 611.161674] __lookup_hash+0x101/0x270 [ 611.165567] do_unlinkat+0x219/0x5c0 [ 611.169290] ? do_rmdir+0x3c0/0x3c0 [ 611.172920] ? fput+0xb/0x140 [ 611.176028] ? SyS_write+0x14d/0x210 [ 611.179744] ? SyS_read+0x210/0x210 [ 611.183374] ? __do_page_fault+0x159/0xad0 [ 611.187612] ? do_syscall_64+0x4c/0x640 [ 611.191585] ? SyS_unlinkat+0x70/0x70 [ 611.195459] do_syscall_64+0x1d5/0x640 20:08:16 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./bus/file0/file0\x00', &(0x7f0000000100)='fuse\x00', 0x1000000, &(0x7f0000000340)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1800}}, {@blksize={'blksize', 0x3d, 0x1700}}, {@blksize={'blksize'}}], [{@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@func={'func', 0x3d, 'CREDS_CHECK'}}, {@obj_user={'obj_user', 0x3d, '(,'}}, {@audit='audit'}, {@fsmagic={'fsmagic', 0x3d, 0x1}}]}}) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:16 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:16 executing program 1 (fault-call:10 fault-nth:8): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 611.199347] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 611.204531] RIP: 0033:0x466459 [ 611.207709] RSP: 002b:00007f57daf07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 611.215399] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 611.222784] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 611.230039] RBP: 00007f57daf071d0 R08: 0000000000000000 R09: 0000000000000000 [ 611.237295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 611.244561] R13: 00007fff1c3bfaff R14: 00007f57daf07300 R15: 0000000000022000 [ 611.362659] overlayfs: unrecognized mount option "uplerdir=./bus woAkdir=..file1" or missing value [ 611.400678] overlayfs: filesystem on './bus' not supported as upperdir 20:08:16 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 611.423039] FAULT_INJECTION: forcing a failure. [ 611.423039] name failslab, interval 1, probability 0, space 0, times 0 [ 611.446753] overlayfs: unrecognized mount option "uplerdir=./bus woAkdir=..file1" or missing value [ 611.483074] CPU: 1 PID: 15092 Comm: syz-executor.1 Not tainted 4.14.228-syzkaller #0 [ 611.491001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.500362] Call Trace: [ 611.502964] dump_stack+0x1b2/0x281 [ 611.507566] should_fail.cold+0x10a/0x149 [ 611.511728] should_failslab+0xd6/0x130 [ 611.515708] __kmalloc+0x2c1/0x400 [ 611.519255] ? ovl_lookup+0x4d3/0x1120 [ 611.523149] ovl_lookup+0x4d3/0x1120 [ 611.526871] ? fs_reclaim_release+0xd0/0x110 [ 611.531313] ? ovl_path_next+0x200/0x200 [ 611.535375] ? __d_alloc+0x2a/0xa20 [ 611.539003] ? d_alloc+0x1c7/0x240 [ 611.542551] ? lock_acquire+0x170/0x3f0 [ 611.546532] ? lock_downgrade+0x740/0x740 [ 611.550688] ? _raw_spin_unlock+0x29/0x40 [ 611.554840] ? d_alloc+0x1cc/0x240 [ 611.558390] __lookup_hash+0x1bb/0x270 [ 611.562287] do_unlinkat+0x219/0x5c0 [ 611.566008] ? do_rmdir+0x3c0/0x3c0 [ 611.569639] ? fput+0xb/0x140 [ 611.572748] ? SyS_write+0x14d/0x210 [ 611.576465] ? SyS_read+0x210/0x210 [ 611.580109] ? __do_page_fault+0x159/0xad0 [ 611.584354] ? do_syscall_64+0x4c/0x640 [ 611.588334] ? SyS_unlinkat+0x70/0x70 [ 611.592142] do_syscall_64+0x1d5/0x640 [ 611.596043] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 611.601331] RIP: 0033:0x466459 [ 611.604520] RSP: 002b:00007f57daf07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 611.612229] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 611.619660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 611.627072] RBP: 00007f57daf071d0 R08: 0000000000000000 R09: 0000000000000000 [ 611.634329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 611.641580] R13: 00007fff1c3bfaff R14: 00007f57daf07300 R15: 0000000000022000 20:08:17 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@ipv4={[], [], @broadcast}, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r1, r2) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r3, r4) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r6 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r5, r6) fstat(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f00000006c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) setxattr$system_posix_acl(&(0x7f00000000c0)='./bus/file0\x00', &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f0000000540)=ANY=[@ANYBLOB="02000000010001000000000002000000", @ANYRES32=r0, @ANYBLOB="02000000", @ANYRES32=r1, @ANYBLOB="02000000", @ANYRES32, @ANYBLOB="0200acd9b7d712a57b22a768939fd027", @ANYRES32=r3, @ANYBLOB="02000000", @ANYRES32=r5, @ANYBLOB="02000500", @ANYRES32=r7, @ANYBLOB="040005000000000008000000", @ANYRES32=r8, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="10000300000000002000070000000000"], 0x64, 0x1) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:17 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) stat(&(0x7f0000001240)='./bus/file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x202000, &(0x7f00000003c0)={[{@index_off='index=off'}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@nfs_export_off='nfs_export=off'}, {@workdir={'workdir', 0x3d, './file0'}}, {@xino_on='xino=on'}, {@xino_off='xino=off'}, {@xino_off='xino=off'}, {@index_off='index=off'}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'overlay\x00'}}, {@euid_lt={'euid<', r0}}, {@euid_lt={'euid<', 0xee01}}, {@obj_user={'obj_user', 0x3d, '!*:&*[-!(@+#^*)'}}]}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvmmsg(r1, &(0x7f0000001140)=[{{&(0x7f00000004c0)=@nfc, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000540)=""/124, 0x7c}, {&(0x7f00000005c0)=""/87, 0x57}, {&(0x7f00000006c0)=""/130, 0x82}, {&(0x7f0000000180)=""/10, 0xa}, {&(0x7f0000000780)=""/125, 0x7d}, {&(0x7f0000000800)=""/151, 0x97}, {&(0x7f0000000240)=""/31, 0x1f}], 0x7, &(0x7f0000000640)=""/61, 0x3d}, 0x6}, {{&(0x7f0000000940)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000000d40)=[{&(0x7f00000009c0)=""/10, 0xa}, {&(0x7f0000000a00)=""/52, 0x34}, {&(0x7f0000000a40)=""/124, 0x7c}, {&(0x7f0000000ac0)=""/222, 0xde}, {&(0x7f0000000bc0)=""/118, 0x76}, {&(0x7f0000000c40)=""/206, 0xce}], 0x6, &(0x7f0000000dc0)=""/241, 0xf1}, 0x1ff}, {{&(0x7f0000000ec0)=@in={0x2, 0x0, @remote}, 0x80, &(0x7f0000001040)=[{&(0x7f0000000f40)=""/27, 0x1b}, {&(0x7f0000000f80)=""/184, 0xb8}], 0x2, &(0x7f0000001080)=""/184, 0xb8}}], 0x3, 0x40010000, &(0x7f0000001200)={0x0, 0x989680}) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f45088469723d2e2f66696c65312c6c6f7765726469723d2e"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') recvmsg$can_bcm(r2, &(0x7f00000015c0)={&(0x7f0000001280)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000140)=""/40, 0x28}, {&(0x7f0000001300)=""/223, 0xdf}, {&(0x7f0000001400)=""/164, 0xa4}, {&(0x7f00000014c0)=""/5, 0x5}], 0x4, &(0x7f0000001540)=""/122, 0x7a}, 0x100) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:17 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:17 executing program 1 (fault-call:10 fault-nth:9): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:17 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, 0x0, 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:17 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x281) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f000055d000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000080)="64660f38804b46670f01df0f30b82200f30f1efdba2000b07bee000072d505ea00608f00f30f012c260f08d35d01", 0x2e}], 0x1, 0x22, &(0x7f0000000100), 0x0) r4 = socket$caif_stream(0x25, 0x1, 0x2) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000100)={r4, 0x0, 0x9, "2987a6e2d454f566494ecf3065137c9aef31a8b19373c43e4b270187bcfbb2773cc2edca3a81b30fe1c681043aff9e45063b071ad0dbfba0b9210b9513eae6a84c7cbccc04e2a635ff142553f88739bfb9edfe8b657d266d33e4819214e58d7faa7401dc3b2a82ed3dc7c5e87dcc9374485e34c3f5a80da30984bee4b7fcf1bec00a210fc749b9d2588e05429d91580f853804004684fcf9de1c3fd01084f9ad75d150748464c4da1fd829f0d41d695b"}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/91, 0x5b}, {&(0x7f0000000240)=""/60, 0x3c}], 0x2, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x2) sendfile(r0, r5, 0x0, 0x8400fffffffa) [ 611.964673] FAT-fs (loop2): bogus number of reserved sectors [ 611.991873] FAULT_INJECTION: forcing a failure. [ 611.991873] name failslab, interval 1, probability 0, space 0, times 0 [ 612.000544] overlayfs: unrecognized mount option "woEir=./file1" or missing value 20:08:17 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 612.008551] FAT-fs (loop2): Can't find a valid FAT filesystem [ 612.015344] overlayfs: filesystem on './bus' not supported as upperdir [ 612.063221] CPU: 1 PID: 15124 Comm: syz-executor.1 Not tainted 4.14.228-syzkaller #0 [ 612.071143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.080501] Call Trace: [ 612.083098] dump_stack+0x1b2/0x281 [ 612.086731] should_fail.cold+0x10a/0x149 [ 612.090887] should_failslab+0xd6/0x130 [ 612.094871] __kmalloc+0x2c1/0x400 [ 612.098413] ? ovl_alloc_entry+0x1e/0x70 [ 612.102480] ovl_alloc_entry+0x1e/0x70 [ 612.106371] ovl_lookup+0x724/0x1120 [ 612.110096] ? ovl_path_next+0x200/0x200 [ 612.114159] ? __d_alloc+0x2a/0xa20 [ 612.117788] ? d_alloc+0x1c7/0x240 [ 612.121328] ? lock_acquire+0x170/0x3f0 [ 612.125304] ? lock_downgrade+0x740/0x740 [ 612.129462] ? _raw_spin_unlock+0x29/0x40 [ 612.133627] ? d_alloc+0x1cc/0x240 [ 612.137175] __lookup_hash+0x1bb/0x270 [ 612.141073] do_unlinkat+0x219/0x5c0 [ 612.144807] ? do_rmdir+0x3c0/0x3c0 [ 612.148446] ? fput+0xb/0x140 [ 612.151564] ? SyS_write+0x14d/0x210 [ 612.155289] ? SyS_read+0x210/0x210 [ 612.158922] ? __do_page_fault+0x159/0xad0 [ 612.163164] ? do_syscall_64+0x4c/0x640 [ 612.167146] ? SyS_unlinkat+0x70/0x70 [ 612.170956] do_syscall_64+0x1d5/0x640 [ 612.174851] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 612.180045] RIP: 0033:0x466459 [ 612.183235] RSP: 002b:00007f57daf07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 612.190944] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 612.198219] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200 [ 612.205493] RBP: 00007f57daf071d0 R08: 0000000000000000 R09: 0000000000000000 20:08:17 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 612.212764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 612.220035] R13: 00007fff1c3bfaff R14: 00007f57daf07300 R15: 0000000000022000 20:08:17 executing program 4: mkdir(&(0x7f0000000400)='./bus\x00', 0x20) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r1 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r0, r1) mount$9p_tcp(&(0x7f0000000040)='127.0.0.1\x00', &(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000340)={'trans=tcp,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@access_client='access=client'}], [{@uid_gt={'uid>', 0xffffffffffffffff}}, {@uid_lt={'uid<', r0}}, {@context={'context', 0x3d, 'unconfined_u'}}]}}) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000300)='./bus\x00', &(0x7f0000000480)='overlay\x00', 0x212004, &(0x7f00000016c0)={[{@index_on='index=on'}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_off='nfs_export=off'}, {@xino_off='xino=off'}, {@xino_on='xino=on'}, {@xino_auto='xino=auto'}, {@xino_auto='xino=auto'}, {@nfs_export_on='nfs_export=on'}, {@xino_auto='xino=auto'}, {@default_permissions='default_permissions'}], [{@seclabel='seclabel'}, {@fowner_lt={'fowner<', r0}}, {@audit='audit'}, {@smackfstransmute={'smackfstransmute'}}, {@hash='hash'}, {@obj_user={'obj_user', 0x3d, 'overlay\x00'}}, {@audit='audit'}, {@context={'context', 0x3d, 'root'}}, {@measure='measure'}, {@subj_type={'subj_type', 0x3d, '!-\\-}}'}}]}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="7570706575732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2e0000000000000010"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) add_key(&(0x7f0000000180)='pkcs7_test\x00', &(0x7f00000003c0)={'syz', 0x0}, &(0x7f00000006c0)="11cdde68ab4b885046c7f4f4df554f34a9e02cfe8e05f5e0774a9b2fb6b21e2d29c619011a4b08c8cfc037d2a383df5abe35e443f9c55954acecee08a1a86864306c13131b501c5f2b525296041249e48cebe440b6bcae97d3627ddc60a19a6c89147713c5ed7adddd186a22ed4082e6973d3f08619d02293e8e0cf340de811be1cf37c93f8f5c9d92cef5f71fc28e620a8464bb3d5dffd48671a5ac8e60f1807d5afb62e44cba6e2fe1120a44f269760ab62f711775aa1bee4eb00d8c4a5378e801466bbc429b18fc6ebcaac1674e99905ddb800cb0bd23f48aac2d52852118064db2eff8a1032f4a6525a6e61b9f417cea9d1109cff03b3e7c591a3ad31fddde35c87dacc25ed2b81775547935e72b1855b7ec6604f7d8e43ccf485ad5256f3a7074d07740d2c666632145a0a0cdacd45f9f2f49482b6895ee6742cdcf417173c736eeeb7bb28278eaaaac3aa13e55aaf8d0ef7d8aaacd8812aa7fc3c86270c5112b0cf28477066b45f4a9c8a4b43f244ddbdc479c4d741a0e5dbbe741c13022d2290021f19b5f9720ae0d9908901b2826f00a3ab00cd180edb2006a8498cfa651f11a9b11aecc6068a0fbfe846f6f74ff4bd6e5f4de90a8a37c98059179aaa63034b4547703e469ca9b7450bd82a8c4e4e770945fe47503aaedc0620d1d3bd8d9ffd2cb278f041873c42b031ab197e08b62159158b3eb483d8345facaad239f49e6a1d2ad38e7eb5a331f444731068aec195de0ad77f1604df01babb70ca6b6a25d31ce5edd046ce989ac63af9f7b214ce73c1d7620fdaa396ab5e2c2be97b5f54d0df6238d4095e8373e0b15f18e5120d167ecf7b3ac45329a40af8d864f2289607b3a05daf0947d0789d413fc0c51f10fba12e864ef510674ab5ce6d1dd053e4ef6274f651c3551e1003fc69b7f66071623c67b45484b86284fb6026cc0873b390c5a570f3823d383b613b46925ba8b91a8d749a8822edd44009c99f0f984ec1210c45fd2bba912c569d9877811e7e638955157a1417375bddb53d2d96377fcae27fff1fd7644f9a10d83f16f27bf3d953d2fcafb1576bd20538cf59a2ff2dced47624cc6e3cc5a48c7376440b8dacfbbfd167cc927359b68bf6998c01908d057d5a07bc574601df7b183fa519d03912369e28b82d18f1817db3185c8a5c9d33ce0dd21a66a63cfe051d182043a82520756dde75fcbbcef0371122af3d0c41a9d7e2a4ac96bc3ba86147597b99fa4da76c78032debf2d64c5625ffa83377dc5c187fbe4aecb52724b144b2993a53da56e983e52b8fa0b9d94afd081380f479df5019e78febd33f63263f1f45717b9572ab7960424984bce52477f75242e36e697832c4f5013c723860ca550d915465fc859ad11d3ecca06ceadaa9ab89ae311e75a86edb63861228357e4e3ed018a6806e8d70cc27d64f6fa0c911bc01678b158304ede975b7d17b81fd7fb650f2e3db2d23c40dd6e8749f34d59b00ee7e80e830f751a6132f1d010b87deb4084feef40eb3585f1c91e4dde5abea0352a770364ee9071909a4553441bf6e31ca9302ce9cd38910ceea8e615da1c7ea6a38468f4d90415cf4b26f00e47b843307dbcdd777d2ba13c2ab8b3d632cc823d6f42020b45265d364aa8b6102811ff75a4846401dffd1be25904bd282ed709c1489b8bb265bccb934de342db9fc4c10f892f1804e2f9512443f0ce36e2f077447aa119d364bc70f4b9155258275a7b81752046a0a96c913fa1193ccee3f3762ede539555efa9122e093eab070e74461a1fa1f934add5cc3501be8a723a5950a4753dc474603fe744e550e7ad0dc0fb407aa10a593079f660c639c21855b8c7f4e9fb414e76310efc86804db2ccd5d1c1f5cd21a3d566165cd5a8aeac638b564fb880ac1640dc32fc36c3c05b614c2ec8f5680c4194b98c87065765a6d01091120f851e734b1afe75d949f1ae4c3e5c37807340650a56cd3c04e78eb078df795d384e13b317f9f1169c47b0655a2d1e204101656beed0a82ec662c09241add9a43e78c045df01a3854528e40ffab1db44439ba2e18f4c1c97503de6b3edcab791d3a3cd962e2cc3bce8fe76e3ac79aa17e85418e153969a30221ddab4b821deb3fe3ae2cd9b8e1a5d921465511a0c861c6c84c12e9442610d39a6d25ad78fac5562bc97fbd326d48968f8f1ee642eb1685dcd677b0b65637f8fb4a22f2d83e4297761398d8680c90a28e9bfcfbda691dd3b49c39afc8705fac68c4ffb5d678e6ba406b57b2ac21d4fbef72c0590477958da218694ee4c9eb0602dbdccec7d0c4541a6c03c8f7251e8051d10847ecc76a0414d37f1af8cf76dfd223c3f07fc4c431f8ef650db25b8002dd5f7472d6420fd5b288effe99debba34ea250a24fa624897456654fc606142731aa7db8824ca82d56b628e7e710e922e2b3dbf2b79577fc8ab8f7be6a41b68be404c2d6c30fb354eb11b4bc2d069ed759cd4a9af2fb61959ea5f5d07b0cde5d9d82d03c6b7968237633cc2cab6717362503d942823cdcfb7f73626eb60d5aff07b81711f989f36857ac179f4244a1779362fd3dfdc732b0977a0cc387c5a1c95e10cca8aa8055a4abd01e3f918bf6b2465b8a3c234d47030d19eb2440fb60e3972935d6fa381ad0d9d3b6251f6f71f0d486a675fe1ecef959e96e7d4d590840048dbcb8ce7be87e64b00f1b686d31721c735653d46c05f9b829cae22be887dee4ad50914d8be42114131ccb7f2818da9dc825bd384b4d97d083fcfdc1b99217ef445875652c358b0a386fa0d88e7679ad9c177ec1937da08f4deaea87de6e7db1fda8afe87b0d7f209119ad2b4e1204f4df0c40de58e348362653344b3e6063525012ed6ce4ff81bbe564e2eafdf9447996a6fb19f5cd5fbf7a91cc36e3cb69c465f37460468116b5ad9c57307f825edd62f6e3bd62a73da5211f0a6b7e13316f019db4d89f35b7f2159f463d3ac7c3a7096c4eb685b04942c8b9d711475527f8ab6d2b0495041f5f1ff33f5a61defb50bcd6aed1bf8e36aa4990e8825806017ff37ce95104a49bdfd1aa14c38552038a377084f711135e820d987717f90fb01e197f30ccf23fca85e1d983628b94f093d453270a3446349c6bc5c8ed4413f85d6e113a34cdd8efa049d2d1b7bccf94f3bc13205639804ff71e0156d5e71ed85aa5d3f4362b9792740e58e3aa0eae40a185fe1874bcbd065e959ecbf8ab40ff647941e292de3e95c12614ed0306d1bf05a3025293916e63d821252ae8ff253aeee74f3937c2232405e86278dd1016ae2da068bb09d8331bcfad6bf6a8e6fb66639049c9f360c7825f59dd3c10fa556cfeb99c90b04a34c46df7f60a431b8855567735c7c82eb9367d1ef5653e288d7a2bc1edff67d1808382b18ea93ca560d6a367cec038c517d5e2c1d8d32d33df99646d216aa083c54c15eca521ea755ea02456d02b054cb5cf3ea03d39f31ebb561b9845927e14053cd471162a8ec37f2c29d9ab5d5f151510184290e5286f34f88f03d40f48f3c732d90eb7103acffcd422a074d1ac3eb7f50ff63969b407692b5bb109a8504c255fbc3ee084dc31dd82edf2173ba458ddc1197b510de41185eeb78a367a3dd0660f19be13d6a6952eb1036e28778ed91c78ac37c20db96f78c2c6f66600dcb562b261f0c2ea474b9dd8abc6505136175763acd95a8734bafbf0357fe11812d6a90da8a29e286a815da7bd0196f975afcbf0a9d2dad1084c5001fc0d625fcd857e78b11edb3c59099251e02f364e35e8f836212f08bf28cf044e49aa5b8c32eff2cd06f1dc445140653eab02220a09d64bb751a522e25ca238f5b980a596a0c5860897f8775e815846a3f178b34a277223545cc7b0608c5dbecfd8f0887d0ced5bcf69a92b133d2e60a4ebfbed3513fd8f970473238aa58cc3871ba3256bf2cf9d39f2986d5162c3c77734cae1c69a8006ab3185c24300613271574129117ffa8d7a3cdf444e41f809e34cc8b46b4806c01658fc9fdb93663a127d169e8ea10f290396bd9e97f4c837d3789aeaac3c7447d6b0bae47cf8f58c3f5e99eec50de31db5f93b95533285aa5069875283f6417c7a23cd8fa12f4c40635acf643a9ae4139411df0db3d03d773ef93b36aa11f0a984511387b84c6fb7b00258ea402678f4b7e38d15b1a6143567de93645efcfa724216d43ded3ea6ad63e84792d2443e9ab9bf57bf75fdd5078f6cff586db559fc03278d5db5770ec26265df781b2bb7f5b605db70fd05fd246237a7b0b14224c33e81428c58571cc7c5121d668dc8d939a583b9950dfff43ce7edfbce3ab8a88edbea2fc260701e19d30f7a6d5feaafbcdb2c57b041167f8d5c5b029e8836850a95bccdb46cad86e098e710d80d5f1f399925100ccaab904a5cc2f1f83acd58f42909c01752af5df3838482433ae851c40405a14fb0bec6787a3175d5932debb427315a498964c87451daa00180546c50963847a426464e0d43c17336e313a75cbfdbe3dcc72358f03e355f4c135f74a31b85240ddef3ea38638652aa10578ddc91813e045a6c92146ad7cfbb8735a6082af4b4fca87e9c5e6a658f411882002f449c8a28c7b25dd6f39cdf4f25e333d2bd11f2b9a6bf1960b291ac2dae0413ee16d51e8a99bc1a3b7e0c8333e3a144e1ca305d86dd98bc4b62d73417606414909b4aa69bf1b038e9e67883827f004ea116c4517e43b8b6c20b5bc2c484d20df409a2ecb83c9ec54f664cd38fab658244744ee7d0f18b0e2bdc84d455ebfaeeb64e0c489aa2577f17560fe86deb0a6a92f6b167118a2666d5285e6648edcaff0d0599d7f44021e147dfbb6a87558dab55e10675989b817eabb12a9f0b59972472b982c813379c70608a5a5001e7f23cbaf37d6a8bd19f6b2c78d91ffb7887a75b63d67990f6c4802986fd7517a8036533c5dd268146e016f28df23a43a1d8a2202be874562be4beffa939d9c9dbfc95a441139a4e08f5399cc03ed37951169cb823c0a9bb060666d9630b7bec5416f8cbd1a3fac020ade1721a0170e220ee139708ae6e4ab584461033aa6a165baf0ece4fe30a2c89c6c7c856d5d0e137d90c41c8942216f5527b2927eac3ede04cc7c3f9e513d9ce39c337770dfd94c1d038c0d5b6cb40380e52d33de9fb621ec5248439f7a1569aa69466f541ce23168389368d1683c781a83049e4a2bbc6338d87da295d4a190acfbf4d92d259e2cdda984112aecad23612720792d1f29c6a68c0bd97c99f92bec7d6dd237c529acf30f655b4b384cd2b2f82eea0fb2c5ae3ca4bab5105162a4fbd3cfa6b0cd3083583b79c752026aff60f5478dd2df3caa81e294858739caa9c69e1f2b12c60bcdd8359557024f0516151f567c22f8ae6d8d5c9a84d47ce78aee04eca5fb5a58c43d1f39a5d0fa8553cc2c25c59d9bcf817d6e63e8bcdab06b951d2b085c2eb72986bde436aca1bc1eed7adcb552624f6c46babb963cb5dc8c60ec32dbad41871e1f42aee99186fad85d86531440a41e13616c202f1233d98e8e459b5aa71f15bc62355bfded0839306c3808adf88c43d336534a00aee94d770486a4ba5b76740983181917d161586b7d01f158a6651f558402f0c800a8fbc6d444e4e9c6727ee97491f0ec9e06441fa2def2cdd1bea3d9529d3ed172bd51ee39204ab4d17440a25d2c7513538f9665c31050cb5c5842885e0e9a892eab8b22164ab05936c395d51cc90d2db2086c4471cda7c5d112e48bf1a3e4cc2eaa0c1f0cc7e7e40e22b036e70213d7eb6e8b53d3f09d5c7d4dd4d9fb915c9677", 0x1000, r1) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:17 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 612.394520] overlayfs: unrecognized mount option "uppeus" or missing value [ 612.461550] overlayfs: unrecognized mount option "uppeus" or missing value 20:08:18 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b64697266696c65312c6c6f776572646972bd2e3cb4f00c12e6000000"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:18 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 612.637867] overlayfs: unrecognized mount option "workdirfile1" or missing value 20:08:18 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x141000, 0x0) sendfile(r0, r1, &(0x7f0000000100)=0x100000000, 0x6) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 612.688666] overlayfs: unrecognized mount option "workdirfile1" or missing value [ 612.725607] overlayfs: unrecognized mount option "woEir=./file1" or missing value 20:08:18 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) syz_mount_image$affs(&(0x7f0000000100)='affs\x00', &(0x7f0000000140)='./bus\x00', 0xffff, 0x9, &(0x7f0000001940)=[{&(0x7f0000000340)="ecf9b9eef21b0d929adecec53501d3a7479926473b91c065b8c895bb030beeac2c3f3783f8d17039f234b7686eee0e7d6479ea478c9ac7f5f08400058404c74dfe968508f4c1af76b181c318c9fb141352ae6eb72c9d0805e784fdd50efcd2622e4479de3d2b77643f705789b64ab0967d2cc96339e1ec2310079ea20aee53", 0x7f, 0x200}, {&(0x7f00000006c0)="8318d807c733a0f15002fc4cd98794e4f7116e587f2c2d7a8ae4035eb6152728f312dd620b472f61a19e0c3c0fee826305eb73e69ffe7b0ffd7785b86a8de85904a2714be8f8b5f3b98603a84083988d8a8178247ba7057cddb3b944ac335b23c266f3a57c4c099de0173db0f8c1cdd0b565bc9daae04a5fde7d2311e07659a9b3ba0969aa90e4a8590639af29a2cf24ece398168cd359b8cc71415578dec97babd8f34ecfc8d34559f71416ad3f9500c7fda7054e23e579bd7c72160ca6f4e2f49e2f8519eb99b6ce11964c5a8c476c4dee50ef3717d7e757591c1d94191fe0f16e839f6cac768ef752b399acaa6918656b124563ceae32b94253e4dac31cab5068f0d8c399c7055732fed506e311ef486a7789d48a5a2d8d6708a2e6002c1e4471483f540139554b3acacb29b32b133cfec9dc48ecb613f810b3db38ae746a886939aa2862c2e879cc18674e8aceba64b10719a512f5fc5bed3266491193c9c2127de22db5474d33e06a6d2c2e7235c6c24ded6f4ddbeea270b78dc59e54e81a067a2eb92945ae4c80c389ec655508574ec810d082ca1c4c86d1464e1fbab0e4c77404ac37a7ede057979ebe529ea58a22f5c58cb39dc5ef187db4c851fa43c791fcab066d01b7e9c3eb58fccd96f51f88c8793ae46b86b087ff8867671fe14a1cb486f10abe1f807da057af547fd8a9872986aa5a59a2cd2fd6ac6b1de35b4d1cd48133724c13aba38adf7fa2b90d2f506d74dc8be7c59bdc3bf397b65ac3700c834084e89eacdbfc1e343fef0613a34147573c2664689ac41808f7a0186b8393877f26f882343fc174edbc25d18571270c44997b0149f5726314dac32b51d33cb9cf4c450346fe58390beedef58ada306afd0e5a2fd131363f218354566648a32558359eae7c8daeacc77c47015ad38eec192d34394325d1382e16d5bf5aabc999b108867583a2502e12c9e7ad45315cebefabb2b384a19a9c44d21976610c7dc7711295517edc2dc875769622afa9832ea78c51cce0350cd4ccce55764ab029f1720a1e8cc48ce937282b378c0bc4e333405a4ac28b90c2d3183578d02bb09cd5f94e7ea0b29ae24583ec011eab58f52222a518eb098f1eba96867484aeab5fd686607641b5d731289580de22a7b2c1fbba585cd0f505f81ab34e5fd0f78226e0b303b2b45bba4e5ec4b260b97dd696d8ea4ed52b3b7692a64fb0d8d022ee61ffd0de6181587cf44869f8ecb374bc4ac68d59a67291ae07fb200c1afc39fb236fbefe47b07b0bfb0268d5af68926411806d45ebb1a78d4189e576f1b18ac30d39157cef1db2103e3987b8e590230cb2e23ec3fe82d171d5b678235cb16f57ae3f19a4f3ffe7650b07c872454e3d23596a36beed84f3ee94ba8d14cb7e3cb623b2e8d1d1ff1860f896c131245ece987839c1f4d43ad94b5e308648e5e770d239e8df780138a3e22860916bd41e5a4da56162adeb4390ca17970ed4e644e53d55a02990a7d0d5cd7b76b6631c69a43674d9106bccfcf23dd6ba90fd9fc06dc46648edc4177c5173a64fc908cd38797eabac8b0e5c55828b91fbcae196bb069aaa170c5c9be8d7df007225f16ae600735cd6dc5bc6261c34b7e7df2052af24803f8b4b76f7534e8dcc3b3b10122e9f7a427aace463b04a3f2403f909ed1aeb26eb91a666c71ff068012e450a487623b2d052d2917d3912257352134ae4376360c5812f84c745812aabe1a45719e68c9fc1ab4d73d4c4301ea42d8a1dc9ab96e049b2a0d56d6912a29b5b37d5152552cba23de01d0a1425ea9926ac96f17e0997312a41476a58dd297a71f96df62b18cdbe2994922c86d93d7f6c32aae2352bd7141774f7fe6a20bd938d0da4f796ee696cfc2c7a5c8706e2a147450cd96619cd27e6e32ef79089dc74ffe5c889aa8551f7a7a23786a20c1346be8542d8f8e81554a5fa0aae0eef65d014e7cb004214fbbccdbc2548a478f69997f9997618916049e236529d7bfd4e5d4d67be42f961e57cf9e3a846ed5946a7808a9be00ab0c55bf67e5e99bf6b989ee8b659c36bf082fed6df7c920396830f51df1edb6a6484b1a0303312d6b5066ddd4afffd58f3ae2752dbd5f758f38826cbedbf5352e2af0f80aa95244fd02c210d0239855c10a860b6f78c8714f6532b80d22886a0e86004b7b9cf3abd24632320df9127158abc7a70ed40ca3bcab2e0f394561e6582c70cd7ce879114ebe44447df77f91f5985424bd6617cf259b47820a1d923334c111c54cdfe7a75e7fe786379696aa7ff9206e8dbb869d1dce80cfa48cbaffa7dbf39d61fa46f29853573d82a5a6132458e77b752e64e3ed906fcdfe9ce10e580699ce55d63f61d71f36c50fa15031a4e0539594e024f90b9d409ed4a067fb0bdc82e69befa249860ff96708857d359895c71e605dbb41c4afc9468ca4d15ca069b990b337a6469e397f634434a04dcdec05b8efbf65a2f0a6cee4cfd9caf21d9333972c8d32946e5c0c461dc00eef3cd252abb650e456e8ff4301a17f0547082fc39071dbfab787df882718b1a9faa52b9b2d64837094de298b6376bc3c98a75503ea9f5b4854b667593844aad3dab054473594ba24cc2339012cf64a8239000a237e22144cb8e94f410aff5b6fe76ffef4ffc72d8129f5f812424fa6ae8743f31bc4830451047fa575906683ef6c8c73ce8ce684c2a486604a2a6820d908c095aa6ebaf51516efb6c930a83e165fe4fec66c960baebfcff133bb25cd47c1de776ec1d884693d96c2ed4efb5d4b10502b56fd0a1449c31aba7be1bb26150bc6fde026cf1b3eaa3811a117b33ca902ac5c36956307b1fdc607c2eefceb962963c27a392e09872587d67ba560b40961007552d1c1a0fc0828d8c404efdbc0b9eb8281ca81afecdb0072ddde774da5c45f381d21984afc242fb8c4a61906785042e0459e30a5b0dbe534f750036681cbd389ca2197fec0c79d38c4181449e00205a15c41def6ff21cee549e1509ea04333861592e6ea859c1e1c075e2d77c57e7d603a708ccac95370283a203b621807330b9a1aa89fa81dafadb4aee5d87a4798fd413b655fa60162dab4c811d7c2cea114ca67d4d2b43aa22738d34e3a715b2106b4034c7da30d2fa7776b41bc67c7cafee5ec8d5f21770c179291cbb65cf2fc43c8b8f75106e21661f7fe9761494954be79554533ff2c3a97efafb4943b0109462a9c7ba269991d0cccc2905d2d4b19c7581f19530292c2c8755055d8af154d935beeb173fa7218223fdc9a5d11694fb2a0f2184ce1b17ac9b95a8348aa462e18c8c0593e919a6d9f1c18dab954363c58a9255da648a182b429c739de58af5f0720f6beca833f23997ee1d813291ce4585d1292c34de81111f6eb5055d5a872f726877ed1a20d6ba633201fc7726aaa089daef40d5f977cfb8ba0dc77fabf5c36f63975f0e45e74f8e5f959c9a32aabd022e5f59a1bc94a7407bb12a410c2c8d482ec8c118b9d89f332382ebe11d14a15f67b20cd97a90541f9c711f043bbbad6c378f0ee53a12c71b80925ab12d976bad0af4dca059d52609c502f606a09ef0f1d344a5a4adee2f3d897ddcae4100fcfa2b0981a52398a40b7f29fe82efbb2789920a372909955b00760bda0e90f30948066030b47053c8403fb02bf68d8572fd9701d56e729c32be17c973c5b46a254ae3bd81b3c6792208e190460e2c7f8b681c73ee4dbc0880e698a8b334f6924b1e8f2a7aac2bc07f7ae6ebd98cd14af7612deb28f9e5e6afef06e38f61a24e09028bed26b05c1c6304c5c269827b55aff96de44b4e944dc745b9f176e33ce4926688e2846b871974910fa3339dbb8dbf81201dcf4cbeabe84555849b2f74458ee6779d701ada9b981415fbff43c9f4184868335fa1117d13f62352929f776c754f17c0898fc034ed1209dd1aff2bbc6b7e635fef3db68780728be37e22f0b1ea966f2070e94ed062bd716c25f160526b3d2ff2e4b2781d101bc09aef7bfe9faa865168fd4f99ca0f841c3171a93d542f95d87b709ed6d7724829b5c4bf8bd96d0852ea40c7311b1b2cb9610d24d548ccce119ee41a449646ef32e6621abfc8f50c5ab1a31779e98fd5ebf533a489cfc70a09a66922ceade37c448cbdef21cc750783b2ba4310918245973b6d34c483db95081fd63f56360e25917158ace540df424e4749d566bf8f64b857d700d82d57a1d1758ab75ec1b162ae91d6c46b001291ab4c52aecdcfca57fa5ae1f6b6a4b8f65e64b891f195ffca16127226ed697df238a8085919e036ce03ead23e953bdbd8e676cfcf7710c24da7a5784ca9e8bf99debd01abd15ec7fb23b5248b4f7dfa195f303929c1ed03853f5d4e420502b1d2ef3bcc5e42cc3dac8ce09f2a37ab0ce2155f4d376161e68f1777e39e40a801398ab41bca73fce0384a1fbb645d7ccb404cf88eedb66159a4aa950f4f24d243f7d8934407b3e9a2c518316851d6e751871792daadacd4e905e1c504c3989318cd6a3a5bd97696ed222d6f824b7594ca0c0858202ce04350990e0b00219ee9cebe5389d39cb8783ff0b5d87f842c70a9fbb53d9506dde6a6280c6b8bce92234be6cc4c22b577dd3b974e881ea70e6262407dd34537947dbfd13a8abc8444c0a744e3841415ae5599c48d7f94ed7b9d63ebd783f79da6e025efc079cd0f2228a164bb6ae256e8eca1d2f1db4333da696adfb7ae09c057b9a41d80bee599d1dd6471b6cf4b14c55a0218803fa017361d4a19064fdcdddb55c361ff1f801696acfa23a29fef0e6b4f74ef6c31760e5bac27659979f1d251f46e6b1bc942ac1648133a61bce1ddbe181ecb10cf8670a18f0f72eabc45bd25c305626008ac66f0816da3ef14e27378bb590637526f4217c728f048dad831b0e9de17d8f12f0e24e29c1df748205248fb6f09fa1c2fd66a6ab8df5d37a41732fe6872d617f23f4d217d04ad59540fef6cbc911d3f10149e5a2d558d356ff0635a597f230b773f73846ae6f2371656c916c2560ca7be80081f55af64bac46b4cbd7a2b35e52c792e5bdfb23321585e5d3644dd46977aa63c7aca72d9452140179a4e5063c79fae34ecfa162b095cd79021109e7862b49c3e8ad4c2d66f613da9c424182bf3658e81b41083c20fa8f6bd1124c64bd15d15517285e09a716e671e2e9c1c95e57d20f71b4606229b25c23019ef92213f55922a1161726a9be6a3cac19e5e285f128c725262ffadb61a878a63709242ff33e311fd6383023d4b43d55e4b707d1af1b0eb1901b3a463a54c2d9121293794568c8aef23e9158536d6b4a29f1a9e0a6b54a8ae629073a13f5701d4c481a33e69c9269ea99597870701e4d8729e572202a9a7b6279790e80ee586507d87efa656edd33e90723e1364f79919b0d1620dc95c6ad6dea93937567de38bad2f03b56958ead75795efc8273645035e5149d2660cca886096befbfb981e53319dd8826eae11972c77e97141f0544ff24a2934e6f85ce5cfb847ea840f924288b298bfe1e12be49fe807b9ac4fd6e301e44019e1803ef3d6404b7cc85753c0008df7d819588962fafdb42c5b7c7bd4366f5106d927708e831841b6afabfdccda1f9ec97749aabd6c684e8a93f5dd4dc46fb1c216ca900b200622f14cb793494db8a2f4294d5c137e9b2d9636f7409cfc3cf37a406dd49d2984a5f763f4efd36db0e9257a0ce3b8204c4cb95e651b0637248950a5594a944199a979fb7fbd3ddfaaf0c6641a71d0a770726819bfce656855781eb47bd06f5b88bb5e65adf20822aaed91e333c722b5", 0x1000, 0x9}, {&(0x7f00000003c0)="fe8347f6f4b67968dc04ef43d716a302947c905ae70467f8deedcb2eeb5ff378d255a850c1e1327b7d1faf00c70a0617a6fff2e7b5ee18b29533720c55d0cd0d6ebe97c4390f3d0b96d20960", 0x4c, 0xab}, {&(0x7f0000000440)="1efa0865af866cbde0f2a210645496874d44847826071003eb9e8c73aed205a317b245515987a3f3587022e505120458f8febb412e78f680510702130f410ed8673c15ecba7891586be52f66e39d20142168a319a137535866102f2f1e7c480c6a7f360f94208c9a2db58d32960ffcb2ed5e46b7ce026741e8c88b997a23bc33b657ae1744d7f5bdd0dd08ae5dc5e276503473844cd418b44750ef8f9fe9cfaa3e6af358700ef1351a4f9222c1b459e58ce129b329dd2035515e40cda2c2b0", 0xbf, 0x5}, {&(0x7f0000000540)="f644bbef16a0eb9e93048fbb8e906ed6da1372af71ffc1fcff3d9420c3eebb3213f76024b6e9080cbb441fc4f65bcf6bc989395c7a3c7173011c24e795a0869b30965d0ce46c0a1ae2c78aa65a9f24ab8205db33233fe8e6c24598e571fb61974800583b91d79de3b8fefffd81fe99440bb3869bf9d47dc5f3e684dd9da348e82446573408e65429228e175a", 0x8c, 0x6}, {&(0x7f00000016c0)="2be6bc5dbbb7789e8363a1cecd92cfd43b479f802555707df9024e514acf3898fa8facd05f87455caacaaf0559965d1f368cfa4a3d3986c3c277b4393623ac501a2ac05051ee2fd363b20eb1e20a0ff5e44c2c82192a3d7fdc9478fe6871e624edbc420ce72f65c945027600e23c865057956556f2670a0aae97bca6ec877501f9cec091b103ae756063ff02d7f099e2d818c777dfb07a0d047b4ba91a98c0ea694661d79af0ef0c427a313c", 0xac, 0xffff}, {&(0x7f0000000600)="68b8958cc3998fca7247395fa160fd6502e72e8285486a5297e1f9530579e839a8a478146290ab625f530770e191c98598a716b193b470a59adc809309b76b41fe03238f7370ada8002ecc73f550630ee940891fc0c2dda4f521db4e3c4b11f44205bc22fb89a8de", 0x68, 0x7ff}, {&(0x7f0000001780)="6d22c24b5cd6f53d28a8bae095bfd5b87f4317ebf927fcdae864214a9b3b5915a1c2d9af322dcb8e8e927f800d5e70661098767d5445043b712025136ba8cb2695bcb6eb28988a039e9bb11f525209991cc410fcd1796723254edcf00f8913261e61b8c6dc939caa58520aa82b85732853e2e8e4afd31b8c38e9d167b8b1478aefe5015dec599b4fb2107c8c081630807dd136f6a40e5de30bb04654fdc13327830eb8893725860f2e364fff8cff916992a3bd12f41f446609916b52c775e8773dc53b021ec3bf5a", 0xc8}, {&(0x7f0000001880)="c9b86c0c0d621f3a2fd438fbcf7b2b6d5e22ebb930fa0bde3e5d3bb0e0006b45d673e7e4bee56d5faad054ff8e2531d439dbea2d1e5d21f1df29b900384cd92a84c76aa3c0e4a0e2a8c4c3a18f5e5ab3bb3c5ce1bb33e14c42321d6d089ec45ee82dfcd530e76a6eb43bba783cdec916e80594fb184b22d8d40fac67c49390fe3ba38fbe04", 0x85, 0x2}], 0x8089, &(0x7f0000001a40)={[{'%)/@@'}, {'-'}, {'overlay\x00'}, {'@.+:%#}).-\\..'}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@obj_user={'obj_user', 0x3d, 'overlay\x00'}}]}) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:18 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, 0x0, 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:18 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:18 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) syz_kvm_setup_cpu$x86(r0, r0, &(0x7f0000383000/0x18000)=nil, &(0x7f0000000340)=[@text16={0x10, &(0x7f0000000240)="dbf50f3066f30f1ed0f3661ef3af0fc75f00baf80c66b8e8ae968966efbafc0ced0fc9650f23c5260fc732", 0x2b}], 0x1, 0x8, &(0x7f0000000380)=[@vmwrite={0x8, 0x0, 0x17, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000001}, @cr0={0x0, 0x4}], 0x2) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_mount_image$jfs(&(0x7f00000003c0)='jfs\x00', &(0x7f0000000400)='./bus/file1\x00', 0xffffffffffffffff, 0x2, &(0x7f0000000580)=[{&(0x7f0000000440)="71f8c9c30f9708af0380ce8ae029763dae592c913b056afda0d1e3f59bb3ed88af4495313a5308dea7331ca032d92ab3bf1f37d9dbc9f6efd7f0f6499f837c4a569a35802b629e3ca3ac148577d536da7b2b5aa988bc98d2dfc542d4a01603a5000938afb42ba35abb2b90386323366320ed54812d8b6866e8a20019458e09c6bf6a87fb81e167c6a8fe724c4440b6cfad780b05831a141866ea42f77ba604dda0205332a38e1b9c39a83bc12943", 0xae, 0x1}, {&(0x7f0000000500)="26080c6755b8d2468a4557ff9f3dc15e76063d4da0b7dd7613bab3e8d28f557d1759217d347da49e3708663aba902b9eadec4b54a544425bc6f2c2951f04fa69e3c50aeb6054", 0x46, 0x8000}], 0x200000, &(0x7f00000005c0)={[{@usrquota='usrquota'}]}) sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x3f7, 0x400, 0x70bd29, 0x25dfdbff, {0x5, 0x7, './bus', './file1'}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x820}, 0x84) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 612.888124] overlayfs: filesystem on './bus' not supported as upperdir [ 612.908799] FAT-fs (loop2): bogus number of reserved sectors 20:08:18 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') setxattr$incfs_size(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='user.incfs.size\x00', &(0x7f0000000140)=0x3, 0x8, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:18 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) dup2(r1, 0xffffffffffffffff) r2 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x8c6, 0x280282) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r3, r4) sendmsg$nl_netfilter(r2, &(0x7f0000001480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001440)={&(0x7f0000000180)={0x129c, 0xc, 0x2, 0x5, 0x70bd25, 0x25dfdbfc, {0x1, 0x0, 0x3}, [@nested={0x37, 0xb, 0x0, 0x1, [@generic="b72b85a345b95dcd2b0e6cf6832189c41186124d970b8f6787a3791bc72bee7df48df961be5c6e504d149fc32cf63f2c7fcfe1"]}, @typed={0xe6, 0xb, 0x0, 0x0, @binary="2056af3a81a9205951750e6d20f98173c4083f11bf55dbbe6921022208b833327d58121b01188e11f943b59ed931a83480a19e5cdf6fd481171cb1c1e6ba596102fccfdfc7d13f9e831481a0022323ef11c9a01df4200de4aca4e0d8241caaaff47225b6a5205e32dc1c4670cd57b3ab6e9a178630d363d410aa80b33e93a9dba041c7479f0921473e663e72b117e37995ccd6440e343d84ff2ae0a087a2440ee7ebbad094ee99a771caf41b0b4e0caa64fe66936dcef2ac5af8618c1a8ba3771500f71f5b9ae21ac86ac91e6bde9a007955d4aaccd9671b4014a816944e035cad13"}, @nested={0xd7, 0x48, 0x0, 0x1, [@typed={0x8, 0x94, 0x0, 0x0, @uid=r3}, @typed={0x8, 0x50, 0x0, 0x0, @u32=0x5}, @generic="cf0779d14afbd04c938aae0baf6b997e955bec2162f1a7d1f70545b05e6f87fe95699b64b0f8c663c8b9817576dab925ce4e75cc65b0267bd7020d513f2796f8a2c5e61264a2865361db596a16ded4e61e68b08da9d00042030f3901b7a9d6a7bcaba0829a292c28d7bebbed9279e3202ab0385b34272f7c632dca053389e138326c6c80587db63e5b95432a441da5550bdf1b2bf9b00cad1647cbc70feaa2d3e583674708c039ed566edd6dbd9f5694291072c5f767bd63864c9fb2b7a574c6f2e506"]}, @nested={0x108f, 0x68, 0x0, 0x1, [@generic="49c26ff18e329b1b47c100eebdedce8768c310c5ec8769105a0272033396f8cabe5fe373885a3283e9861f9402caffcf86375c41abf4a94c0bc729a8830c67b134744cfee56b0bf6f0dd0322b3d1d46cab22b4c4a9027ad5ef622994a784b9a0ac4449fec4c54b684143f7fc3961bf8bc819f5bb7cacd93bd0273d6b17afd6cdfd1bfcc2d095b989973405ceb8e94368601859014ad259f230ec50e37be6900c4eac922a2b021aaacaf0e3099a4044f73d22744cbf37fb64893513fa126e610d3e0e1a03ad300530076fcdf629a87ed46a214af90fdd9f338224b7c2bd74e64f37bf69f0da9b4f5f43906abcf510f5a8e04d60b5e6e202d9af81e64b68425c5cc14523e4f38d91d3967c6e44a068b72f96fc981aa8feebdce4066d8d2553cae32f860d69f6ee5cf85c73d8b641815b1b52dbd4585f69f982f54b2e2bc2d980ff8018f73fd568360ccb9c13b4b36a6267d50cee223bdda6bbad8dad7b1718e8e57e4df42263ebb2146db0b9b173e8852acfb82f0a68b3e0cece94ceffe5c86856904dc73f41f2d60c45fd8c003b1f29a717f8ec49565b44c43802cd836414d565cb51bf2bf950170a509f744e79e582f4bc4673f5f3e5848f20a4a909d8e8b5105dee48f023c2444da3b1cc0c9dd8557372e1946e6489896f46e643b41591580b7e3b228dfc1f17a0ea2bfa5f7e681568ea60eb92c898563cf2bd748ae6a64951dc077cdd1913ad070c39621f7dd4afdcb53efc614088d0bb18b421c3507f84e22846084630f0c9b3ebcfa94073a8bb12ecf0bffbbf64cbc9b5fbca6ce052f32112ba9837deac08ac3a9abff41ea7dfb96e1226f1768552b14ac6702024d722ab2a45fe7c54d7f9ee7dae7c6b69e59f51a88e13e0aaccfb0d17e0b3ec486cb24389b32cb7649a36c955ed29d1c9e498ee8eec8f7233ea3fe2d46fa5100da2d15e1c64f7d2b4625234a13c248154388181877f16692e7425066c7a331bd333852f39064437bb3f4dc5d317a1e36a97737e2953a9c59cfdfe1575e01de4bb73a6528f6ea465031e1220a34bb4fc9d59f9b924d83d6d5f5611478d3a0f76460e7563147c8a1795e242212dd5c70ecb2a9e867351543c151478363d2033758edee2edebcf42aa9245b9d82ae5aa4a6bcf54ef0473401823cf234cd8a39266b559f8f2d156e099960fc30f5a20b8bf7dd5fad46e736f7e1ae085b82d21e527377a04a0ff91f71a7e0859e92db80b1088db06b9a7c35fa67b40b3ddf4ea3ba1bf34c9ced7b6f809ce06c45881ef96f56ea387051f5d0c8c215e1d2c148319ecaa49e31907852b65db69f70a7ee723587a6f0aa66a0a8633af5a1e00c14fb83b993d1effcf7ca27954e18893b7252ba703585d55e76910adeb9b0d1b5aa21786abd2ee04cbf192eab8730a431201e15804e51abe4b7bb7fac148e24b2370cf191073bec40be40336bd776062e70188895bc80331a987727efd197263c6d7de9ff7813bfc75bc4178ff59621ce80a2cd14ee35154cf803ea6331cb4ffbe6e99bfdcc4dbd22a27003c383a700d78d20211cfcac1e252bde9a832ed4cb5ccceaa9e66c626d6dbeb518892c7e892f1904063fce657b9dffbf337a24fc3719d4f7c5b8f0dbe2fffb009909745f39fac9e2baf4a7a47b6bf96b1b76d9ad07a544b5b764761c59abfb794ea382a0a57c6d47737938a03522b2e76a2eb2e1b41d1ef0847309d1b34eb6887da0aa8499bae3dba2221388ec68de25c4c4550ef9f736b127313b69ce70914207547226562098373e06b44c17cf05b64c6d5f755dfb2b712eefad5433722434e6c5c137c848747f2245292f44644214e32abe37dccdc1a1d5bbce1f83d38eebf2dbd4adf457b67ba48376bff654f1e81dd75fd6fd7fc05efe844f536e1c373e641c4463d574b736a3718d57effaa679460924982fe4887494820442ed65fddd57e8b740e798b94dd76c9044c9a283028669d0bfe26b32506cf41ded4438921a5857d5c28ee574799e72ae4fcc3a33fc92d60ba91cc423f05e108426c180c9f3048c730aa2a9a0c0ad84c4235340d2f36afcbbde23878acfcaeb1982b02e42348f5aa441748fadc0090233756c2f84b0f021bbd863e86eadf7a56eb07667d85eb2b530aa8708e0a6080179bbbbb4415a042d4644e7ae6226f1e2a4f5dc8011cc04030cc02d4c7d6108d5d057cad41a876fdc67a133dd43f838b617091c4c2e79aa213337634f107c121b41a36e0a6499baac9ca6639e792ee651a256fcb56e1083951804081d9dd5df4cd5fb3815d7b6da789a79160c81a8d7baad79a89e4ae9e52d7f2ab6900d110a4112376d85ed15bd297fdd8d4506933d4f70400c15669a827c00027e631dff655b29333a3c3c7c8d9a2315be65cf10775ac05b627eaa47c0168d0c8099e4550d5acca25bfd6f548623513e677f945aa719e731811205fb8c976b450d3c9b90ff89509510afed75beb456eb5b59776388f9ee267567301dba6480f5c33dcb19929f49da1c6fc2f3d58c52384fcbbea81a8e2dc357a73d900d86cdebc154e5e5903a82ea289f778beac6e4b0dd3c3cf1e402a79396815c98380a61016c27b8e61a5c4ef361fa61f34e0f303d2ea9f037ad5d7500140f4c7bee3cc2e2d6fbd5b725aaadba16026bba7de31a65ff338ebcc58ca1096d5c4abe7caba062c19a7bb3edf0d9f1edfaa32e0493555bf88831d2dcd850a61aec61efe191d7642533b0ab26a40f6694fe0d7471e242fd723ec21c83a4ae874f616a9098d1fdf89a65ac728204b2a05608f7f050f4beacf1191e78d7019daa1849cac73d4d7438d710bd7bb7375eb0d414249c555d475db03f8cf8850d6694cda2ca45dd8476d5c0dfc315d63749aa60b963c2f3b61dadb9f72e192a26c61b6ad662c770589704e1f08c6c2cdea181143a9a988cb964f1734c14a0d0b9cd43186ac3f6d69f0869408afc35f4277803b31b325cc9e3e2c4e9cac5a08b890cb55b4a5924a87eb9b7361f400849170920c4555940992471ba814922c799daa07a4a27ce7fbd7aa337b26c949782a5e46bed87e3aa8ae45ce4300592b469f4f9f63e1c645d5f47dac8ab08f453fe2e7bceb07f762c8c8e484b02ae62a70cd8fafc2c031e911989e65b0b1014a15959afd6ad17184519335b13f52c1e743d2f8e6b3e90e2dd1dc02f753cfe2a18c9f9490b20055f77f0bd1af17dedb3facb27876ad63aaea708556fb5c0ce3ef243be4090c0fa2f47dff0aa254b8fe04a70a692ac291af123d970c29e379e4c2b63e6d91208da3ae8fac186fe74864b3376140032a31a26172ff80e623e1eed042a215eddf2f5e082ab2d7a63b2b7ee853fe24dfd6af338fcb14ae9b5f2a4e4684fd55319152e4e2eb0fab70972f4b75a9666ea60d7f1f556d76710430f772ec3022cb4c909b1b3b946a23b8063ff5e78aa3a397aed4a101bb4ebe5b90bf8fbad00a8f86be0a00fa26c8f750962ab40a1b1632e8fcdfceb64595f711f46d8559841ba93110e97cd9c7423ffe58e99dcda3dfa630d32f7c594f0c9961cbe70dffc6517217c55e1cef770732c17fd7ed106f12a9f53f781e54119d82140353e98da9eca9e2c68d3af10995b52e1f482dab296f24580023b9ab829ddf9349af802625f3346e8a5110b5218881db3b75617232d0190e15bc39178366efa5e1f3201f27ad4c4d446c7a68b747745bea1bb07721190b61c80bd3bce0712033b3385ddc4bc798cbea6deb62ca2dee893ad10ce1e8f05e0cdff77f5be87580fa8fa0f60e43937f7fe9b728a82103c58938f1417ff7ccf6fcd33ddb89a484f0b7c0b60355290123dfc962f96da0f97a0cf83c1a987360d5e53a639c4a8211646bb18b2a399c8ba83e2e5274d7498db09f26879afff62f224dd48cd177b17176ba24223215f701256409526a250794dadd612412549f16f0d5f88ca4f1e4f4b3bc720e1d2cf256ce94fc36dbe61cf521323ee97d595a399c6ca3f7774c8aa7fb65df21934340c36d8e2a72a80a3eb74f1ee60a96c3f91dd9e858997fe291237fd5ab1d17ed11c660cb0f6ab4b82254160783bc32ccd29f23fab1ef57ebee0e43d168cd0ad5b2062318716b0051bceb1474ecb13c04e6b4f25b5c9a7f29fad756d2031e94c22055817e9982a60e0800e46743f3532d6f8497a9b18c199ba7a1eae86a27c284210dbad52c3146053b7b2a2be33f9e56534ee1fa8efdf1c5824f95da3746829e95c99267381f46885a2d81fb9bfd01d3a00a32b6bd4da8e14dbb91e0969873cb21c27bb3e9efc765e1d42a7cf91a0abcb89b99d439ab542574c6f06a9cf0dfe35e2f9caee0f986cabadb444ae626193842253ecb74caed207c1307169fc3420274036bac551fd13e8fcaa5544f7cef3622e7f440bea7ccf716d7191a05f30a5d156b349f477489f6eac4e5fead982e86ffbabc9f442dbec556a568195a6c49dcb87b82ea88ece06081a33c621a96793444d75f243b2a1682ef9b7f5e236cd861f81b237dac6d4fa1b17cb392476590c6933964963bd39a2975f8a6c65a63127bdbbcd2dc152cf5d0e21cfcd5041b9ee49e2d6e83e100ee27775cafde63401bea1eec19cb677a60bcf270d8cfab43286b8ff4d5715eb87a2efddb27119c910c44671f8a1b6de6f5c9e51344cad2d8186b9718be4ef1c5786ce9d18bea33fc6f33bedc7a63373219f51fefd3e8a7b68952443415d6117c4408db1e47f6d5115fb5c4eb636c1ee8a236ad2cb32d9d3ac2383197513f38279782b00584ca768292e638484cfd9228cdd38cf1b47a3e1847a97305412d2beb666deb9e80570dcac520dcce4fb8d61f13dbba78d7a703d8c6a41555e725e2ff386b087d091c84add9baf8b1658996e435543a3eba6569ba30d27fd1037b162b4fe1c531515eaf5e53a28df4047301ef8bbd7e8c002a828d2fe51affb783cb6c18e4df26ed64a30ff151eac145dfeee151aa128cd19b909f45019e11477565e7a35a934942dcee3f0648c110726ff405c6832ee1426b04f0bf7cc8ffc83ca886829d6bd0fbaff1955c3a7852edea8037cab4e714fd6f29d253c382a0d7086029f89b44b4c90b2f2a551e1bd69b4df558049f365d1ae3f4d7e400bff6a121bac6caf0f13e0d4ac61005e4faad4a3b2f008c7857da827ee4803f4b82d11d85a9e74e419a7c5c506b1dfca6d90fb42126b1b5214930e8667d260308451b9ac383c33f90efc18e776a45db3ba880013d44b33dc735add1599873e3fca1edf2243162dc4c2c5358c0597318463eb3704af0a02239a5aa30fef7dee4525d499349a1c0b5e262e6a55a97cc69e8609de93f6faccd9a871b8808fa1c43362849e5810a0464414691ebf40869013d1cc28ef4e3b48955d646db8a417f069a8126a7ae428e2e3c7cd5a89dce176b9a399adbde699e5765b967a5ffcb907afa68e6d6cfea6f5e421097f360b045bc72af9b6b3f82c1e5eb0b1d84754f5795e413f148fa057086017a5e6fb674001b4c1f4a120f08af90b0033609e022df7c9dfcb9fc3c00a76d764ae3c5b57b54b4fe28fc3454b7c2dc6e316e640307f47040dbeee6c69e6aba913f9027be77dddbc7f4a988b8ac26faedbca2ef2cb22d7e0dd3f9c03a64db35eecdba7848db2b5a1b44edea854cff36683ee0ce97d8a01d8c4c80e19c35570d0ed725013ec9bdffc121ac026a68b59c6f5a3a8da9335d707f3d48c2cb3ea817d51791370db5d4d63ce88ed37c6640599f7f00f754af393b800f203da52032954e8728a58be89421948e869aa99dce4bacc87cff2a2afefc869af01ea74b81", @generic="a7cc480ebce264bcadc6c4b03c1971cfe1328300f6475a83f711d127261c79354ef972b5559f57f585603cffccf4b5e3bcc973a7347de44ce787bb958a4cfb80ffe6fa767f19f4efeaa47d73cb5c548b4852ef87cf17379e0004957eb05d2022fa79932d5c138b16773cdc1ea309f1ef5a741b955cdd9bbe95cb427e7717ec2ccaedb53cb71279ba1e34ef"]}]}, 0x129c}, 0x1, 0x0, 0x0, 0x91}, 0x8000) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x42, &(0x7f0000000080)={'TPROXY\x00'}, &(0x7f00000000c0)=0x1e) ioctl$SNAPSHOT_ATOMIC_RESTORE(r0, 0x3304) lseek(r0, 0x0, 0x2) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r5, 0x0, 0x8400fffffffa) [ 612.932620] affs: Unrecognized mount option "%)/@@" or missing value [ 612.947981] FAT-fs (loop2): Can't find a valid FAT filesystem [ 612.967945] affs: Error parsing options 20:08:18 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 613.045268] print_req_error: I/O error, dev loop1, sector 0 [ 613.066048] overlayfs: filesystem on './bus' not supported as upperdir [ 613.097079] affs: Unrecognized mount option "%)/@@" or missing value [ 613.129986] affs: Error parsing options 20:08:18 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$kcm(0x29, 0x2, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200002) sendfile(r0, r1, 0x0, 0x80001d00c0d0) truncate(&(0x7f0000000180)='./file1\x00', 0x1000) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 613.197721] overlayfs: filesystem on './bus' not supported as upperdir [ 613.207942] overlayfs: filesystem on './bus' not supported as upperdir 20:08:18 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(0x0) 20:08:18 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat(0xffffffffffffffff, &(0x7f00000000c0)='./bus\x00', 0x380, 0x40) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:18 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) syz_mount_image$ext4(&(0x7f0000002dc0)='ext2\x00', &(0x7f0000002e00)='./bus/file0\x00', 0x101, 0x1, &(0x7f0000002e80)=[{&(0x7f0000002e40), 0x0, 0xd4d0}], 0x1800, &(0x7f0000002ec0)={[{@bsdgroups='bsdgroups'}], [{@appraise_type='appraise_type=imasig'}]}) read$FUSE(r0, &(0x7f0000000d40)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$ext4(&(0x7f0000000640)='ext2\x00', &(0x7f0000000780)='./bus\x00', 0x8, 0x7, &(0x7f0000000c80)=[{&(0x7f00000007c0)="1f48daa4461b82a2976734b1126fb0ea2bcda623c685aae807ec354a208e34feb5694b6c4252bd48f3e228196793c4799a1bfe7e251d6efb630780303605a06944e1590e05d5993fb7d07fd3", 0x4c, 0x6}, {&(0x7f0000000840)="ead987350bf6e2015ac28b47bcf85662567192d4107d11", 0x17, 0x9}, {&(0x7f0000000880)="d388fb9de6ac9047bea8898dd22fbe7f221dafbb459fdc05029fb6b7297e082156f43d92cdf46f951fa5bf620201f7fa5d13d5bb2368ac7687b3a2bec8a9c65f88a355137ea022782cf2f2bfa5758a4aeb6ecf0b5245b62178fba1f7328c697ec8596268bd4acecc49efd1ab8fab371742016aa183bcedaf8368af181684a028970432bd6009122753bfe885668108a6d0ebe9bc85510d3c88e2cc5dee340b4a39c445856a7bf1b77dc6983ab9d364f6654292903fdcf450c0716a3dcf203b26d88336b6fd586c09e2c09a76543ecbfd644f59503a0c90a7f3d41dd982dc13ce211de5f6f6de3ca54c38edf97ae3a6fe8ffbd78a66e4af49", 0xf8, 0x1}, {&(0x7f0000000980)="44c4d7d8f7cbd69be4af5f4f2e1640f55cafeab278778672f8144418728855d064741b2bb436dc799ca9e29ea2da330f49836c6d5c9a94ec46c10a33131d1a0957b7624fbe25a3f9c5023773af8321400ab472d0badb98ecf1c7beb14f315c542ef1e01fdb1360385db32c140060738a5803f65b31a39fbdb5187a1af4e814ec0b9952b8", 0x84, 0x5}, {&(0x7f0000000a40)="9e14f47d7cbc5298a355d7199365bea8bc613f5cb7727655ad30e8ddc70d0945c948cc476f1c7f0adecd7b49f8c8438f6a29d4f03e5f2a6baaa47d5a705b6a5f8c82e739e6579c9ef25e47d6629e3367aeecd4ecb1da7ddb0f40d465d358f24138c593cefc5ca9c56301799875a4d9", 0x6f}, {&(0x7f0000000ac0)="b2c25c354fec9b7fed3f8593005eed9031192ab413c97d0cc8c6e3f290da115a2e10cfe672e97979457a1d13f199b2bd8220004d7694491b7dde9b2b40b59b606d45f492a58bce481bccbf5bd91260ba0ed3e29335200b6218631f37b3191392b010b7676be0aa9a514c847ef0dc774ba09b647bf0663bfc6ae33d7f6895e14d418829251334dc5ad8dd1cf6e00f4a1f6e0ddc224d3bbdad3e2e66bebbdd045fa7ab21f6f9", 0xa5, 0x9}, {&(0x7f0000000b80)="c9a7a3e14661ff769fff3f08ab3dfbd536c63875e1739b184a1642b8143afad40c078160950d2e616b09f4c31a78a20787617e5bcf5c53685afeb55e1cec146edc9382c566979591e1a15b3bbf9f26fa9e193520ee4ace7d6a50f36a723804300d5b73b737430138299fac0ce92b0fa5ce273771c6e81683201dab3ea73f1b22be8d3f60b47e4adc7719dc4e971efdfa26c0bacfa37917de8a1be0810876587ed23f449738f8abd941ef2fed407ace68df1ed73792059fb82e1ad06ab2467a5f2c10c9fe4528873dda64f4efb2c4d4d94f5450927654", 0xd6, 0x8}], 0x40, &(0x7f0000002d80)={[], [{@dont_appraise='dont_appraise'}, {@subj_role={'subj_role', 0x3d, ':^:'}}, {@fowner_gt={'fowner>', r1}}]}) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r2, r3) syz_mount_image$nfs(&(0x7f0000000240)='nfs\x00', &(0x7f00000004c0)='./bus/file0\x00', 0xff, 0x1, &(0x7f0000000600)=[{&(0x7f00000005c0)="1bf5220be705d345eda6b20a1d1144a9a836619e20d60126", 0x18, 0x9}], 0x80009, &(0x7f00000006c0)={[{}, {'dont_measure'}, {'!%%'}, {'dont_measure'}, {'unconfined_u'}, {':^:'}, {'permit_directio'}, {'unconfined_u'}, {'{'}, {':^:'}], [{@obj_role={'obj_role', 0x3d, '{'}}, {@uid_lt={'uid<', r2}}, {@smackfsroot={'smackfsroot', 0x3d, 'unconfined_u'}}]}) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') syz_mount_image$squashfs(&(0x7f0000000100)='squashfs\x00', &(0x7f0000000140)='./file1\x00', 0x7, 0x2, &(0x7f0000000180)=[{&(0x7f0000000340)="32caa7266385414086ac395b80442abe2031838e75d5fbe73e4a10da8c355b93f953e39325f4afae52c0c47e2578bddc11dd666e2d04f56d2d29370441a3245a79765eda79b1ef4dbec9c08044e79a9b9202d172d29b79fe58318a3bbe2957cd59fb9f59b6dfcbd05268dce27b0fa513bd6badae9f714cbd970d8b5f909089f6c34ed20b1ba5279085c12af35743715b5d3619586b5e65da1bdb32b0906b5679c01dc66a59920eb388e7", 0xaa, 0x6000000000}, {&(0x7f0000000400)="62645cc4910b9bcba145db7af38b2a69e3843c7233ea3c9acd4f4aa630a1a6b5f87140c0b7a213e657691d25bf1f11a289625a5abfa5255daa6f3210545534be16489eeaf88207ccce054e1bcf2f9504675522c7d7b590305747c7194962e311311548869f2de047890e90c1b6c63662030c470cf18b4ca8f4e63d7baf90bb870b1633ac38e67846d3ac5bc7bd69106fcf00d0c2", 0x94, 0x1f}], 0x100000, &(0x7f0000000540)={[{'overlay\x00'}, {'overlay\x00'}, {':^:'}, {'overlay\x00'}], [{@permit_directio='permit_directio'}, {@dont_measure='dont_measure'}, {@context={'context', 0x3d, 'unconfined_u'}}, {@hash='hash'}, {@euid_lt={'euid<', 0xee01}}]}) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:19 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(0x0) [ 613.459462] overlayfs: filesystem on './bus' not supported as upperdir [ 613.536393] overlayfs: filesystem on './bus' not supported as upperdir [ 613.548507] EXT4-fs (loop1): VFS: Can't find ext4 filesystem 20:08:19 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:19 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x100) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065746469723d2e2f6275776f726b6469723d2e2f66696c65312cd7004000000000003d2e"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') truncate(&(0x7f0000000100)='./file1\x00', 0x5) mkdir(&(0x7f00000000c0)='./bus/file0\x00', 0x8) 20:08:19 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(0x0) [ 613.731028] overlayfs: filesystem on './bus' not supported as upperdir 20:08:19 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, 0x0, 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:19 executing program 4: ioctl$DRM_IOCTL_GET_STATS(0xffffffffffffffff, 0x80f86406, &(0x7f0000000840)=""/159) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2e8305bd9bc3cf5c5a765b36b37f1a23970402fe1679503075955dfe0069a3273ce127f71dedeb1ff8294fd54763c9ab8d767242aba85b01b640baaed7154b63aa26cb7bf1f875673b"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) truncate(&(0x7f00000006c0)='./bus/file0\x00', 0x1f) chdir(&(0x7f00000001c0)='./bus\x00') getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@remote, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @dev}}, 0x0, @in6=@dev}}, &(0x7f0000000600)=0xe8) syz_mount_image$tmpfs(&(0x7f00000000c0)='tmpfs\x00', &(0x7f0000000100)='./bus/file0\x00', 0x8fa, 0x4, &(0x7f0000000480)=[{&(0x7f0000000140)="42df03aa7573986bd838550347085c36d434163789c403392b48cfbf9319175a2f0c86f52edcbba4cfa6f458fcec2a64", 0x30, 0x7fffffff}, {&(0x7f0000000180)="a8d1811bec35162bb74c902aceea3ba885922f7081a48846fb66b90aee", 0x1d, 0x1}, {&(0x7f0000000340)="98f564dd07b2ad256d10bca9fdec8989ea11256886a1efd8cd8e9853242e4fe90d349f6c20c54cda9f3d716d11d77ee641370021f646122aa10940a958a84eb96b02637d109ee56d4fd6cb055d15e65de9d72a4a542a2b880859e798330ddbf2981bf1deb13d5b2128f6396f2baebc5eaa255012f494d5b92082735ead9219", 0x7f, 0x6}, {&(0x7f00000003c0)="9e65d4419d5c33f1b3fdd4d0001ecf5004ab4cf227c87dee79d9edf20f4244cfed1440501ebedb41242934d98270f03298e3f46a8d5fefd9a9e408951e72fb7fba70d613d78508369a1b4c3df0b6b2799ffc58dbcee0eb60c21c46a856d50ad2f8df951b760c187c8a95cf27c424926cb45fb115b3c9f4e24679108e949456ecad3f717d1240f6ada1977ce63edcb5f7efc04c28ce73e33aa2decc3f51cc30571d5e05", 0xa3, 0xf0}], 0x804030, &(0x7f0000000700)=ANY=[@ANYBLOB='nr_blocks=kp58pxp,huge=within_size,size=m%,huge=within_size,mode=00000000000000000000011,uid=', @ANYRESHEX=r0, @ANYBLOB="2c646f6e745f61007072616973652c00fce95210b931065b2815eaf1396080dc6d4bfd98ea07"]) umount2(&(0x7f0000000240)='./bus\x00', 0x4) chdir(&(0x7f0000000280)='./bus/file0\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') setxattr$security_capability(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000d80)='security.capability\x00', &(0x7f0000000dc0)=@v1={0x1000000, [{0x7fffffff, 0x3f}]}, 0xc, 0x2) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000a80)={{{@in=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@loopback}}, &(0x7f0000000b80)=0xe8) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r2, r3) syz_mount_image$tmpfs(&(0x7f0000000640)='tmpfs\x00', &(0x7f0000000900)='./bus/file0\x00', 0x62, 0x2, &(0x7f0000000a40)=[{&(0x7f0000000940)="3432dda6e0368912524a7d1a34395d8800293eedf91ad9677d0300f9eef43c537985d0aef86dd60d460e4c2762bcfbfc2c9d8cb4b5962aedc0e026108ef50673e463a59d529fc08f403b2efcb9cdf322c23c67ee38064e65fce6ce363afcf0bf5b467c200340d7f36dbea239ba665697492182248a1716d3632dd911cbcff8e46440bdd534644e45f6c3ea11ab44", 0x8e}, {&(0x7f0000000a00)="80705ad5c020d692847cddc4c8dc31e4f4b95e4866fe4d861a31b192aad28df79f8ec7c402a77ea74ad1e3d52a587e375f0690c2ded9", 0x36, 0x4}], 0x8015, &(0x7f0000000bc0)={[{@uid={'uid', 0x3d, 0xffffffffffffffff}}, {@huge_within_size='huge=within_size'}, {@huge_never='huge=never'}, {@huge_always='huge=always'}, {@huge_never='huge=never'}, {@nr_inodes={'nr_inodes', 0x3d, [0x25]}}, {@uid={'uid', 0x3d, r1}}, {@uid={'uid', 0x3d, r0}}, {@huge_never='huge=never'}, {@huge_advise='huge=advise'}], [{@uid_gt={'uid>', r2}}, {@uid_eq={'uid'}}, {@permit_directio='permit_directio'}, {@smackfsroot={'smackfsroot', 0x3d, 'overlay\x00'}}, {@euid_lt={'euid<', r0}}, {@pcr={'pcr', 0x3d, 0x3c}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'tmpfs\x00'}}, {@appraise_type='appraise_type=imasig'}, {@permit_directio='permit_directio'}]}) [ 613.849636] overlayfs: unrecognized mount option "uppetdir=./buworkdir=./file1" or missing value [ 613.871013] FAT-fs (loop2): bogus number of reserved sectors [ 613.914445] FAT-fs (loop2): Can't find a valid FAT filesystem [ 613.917891] overlayfs: unrecognized mount option "uppetdir=./buworkdir=./file1" or missing value 20:08:19 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x58, 0x0, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@SEG6_ATTR_HMACKEYID={0x8}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x200}, @SEG6_ATTR_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1f}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x3]}]}, 0x58}, 0x1, 0x0, 0x0, 0x80880}, 0x40) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:08:19 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2e969b4ec95466458329c1f2f2ef7af9d892e0edf3316ce0b09136ea0957208b6a260a937f2327142c9b283e52af1a1adf9f3ce854c248bd0106133e34046e116c560f0f3f8d9b2251495f7e7991e163ca201f1080f93719ecf6cc380655cce6186c1ae3d6c724443458d2c12d546847ee7b174c4ee945c4b0adf683dd8f9a44976a538bda3c0d010a135deafbeaccef46e3"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') recvmmsg(0xffffffffffffffff, &(0x7f0000000bc0)=[{{&(0x7f00000000c0)=@l2tp={0x2, 0x0, @multicast2}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000140)=""/28, 0x1c}, {&(0x7f0000000340)=""/229, 0xe5}, {&(0x7f0000000440)=""/129, 0x81}, {&(0x7f0000000500)=""/81, 0x51}, {&(0x7f0000000180)=""/15, 0xf}, {&(0x7f0000000580)=""/207, 0xcf}, {&(0x7f0000000240)=""/57, 0x39}, {&(0x7f00000006c0)=""/182, 0xb6}, {&(0x7f0000000780)}, {&(0x7f00000007c0)=""/223, 0xdf}], 0xa}, 0x4}, {{&(0x7f0000000980)=@nl=@proc, 0x80, &(0x7f0000000b00)=[{&(0x7f0000000a00)=""/87, 0x57}, {&(0x7f0000000a80)=""/40, 0x28}, {&(0x7f0000000ac0)=""/51, 0x33}], 0x3, &(0x7f0000000b40)=""/127, 0x7f}, 0xfffffbff}], 0x2, 0x40002101, &(0x7f0000000c40)={0x77359400}) [ 613.980279] overlayfs: failed to resolve '.Zv[6#yP0u]': -2 20:08:19 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$kcm(0x29, 0x2, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200002) sendfile(r0, r1, 0x0, 0x80001d00c0d0) truncate(&(0x7f0000000180)='./file1\x00', 0x1000) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:19 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f00000003c0)=0x0) mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./bus/file0\x00', &(0x7f0000000380)='fuseblk\x00', 0x0, &(0x7f0000000540)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@allow_other='allow_other'}, {@max_read={'max_read', 0x3d, 0x1}}, {@allow_other='allow_other'}, {@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions='default_permissions'}, {@max_read={'max_read'}}], [{@fsuuid={'fsuuid', 0x3d, {[0x36, 0x61, 0x34, 0x32, 0x6b, 0x32, 0x32, 0x30], 0x2d, [0x62, 0x37, 0x66, 0x39], 0x2d, [0x65, 0x64, 0x63, 0x35], 0x2d, [0x33, 0x0, 0x35, 0x33], 0x2d, [0x38, 0x61, 0x37, 0x64, 0x36, 0x65, 0x6, 0x64]}}}]}}) mkdir(&(0x7f0000000300)='./bus\x00', 0x28) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000900)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) stat(0x0, &(0x7f0000002940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f00000029c0)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04e083cedcf79505bcb18b36d5ee7245cfe933a5fb3253471d2cd516c3520300000069d0aefd", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r3, @ANYRES32=r3, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB], 0x8c, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000400)='./file1\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f0000000480)={{}, {0x1, 0x4}, [{0x2, 0x4}], {0x4, 0x2}, [{0x8, 0x4, 0xee01}, {0x8, 0x1, 0xee00}, {0x8, 0x4}, {0x8, 0x7, 0xffffffffffffffff}, {0x8, 0x5, 0xffffffffffffffff}, {0x8, 0x2, r2}, {0x8, 0x8, r3}], {0x10, 0x6}, {0x20, 0x6}}, 0x64, 0x2) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00', 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="030b00000000000000001300000004000980"], 0x18}}, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000006c0)={0x23c, r5, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffffffffffffff33}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}]}, @TIPC_NLA_NET={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x81}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x81}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xccb4}]}, @TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_BEARER={0x54, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @multicast2}}, {0x14, 0x2, @in={0x2, 0x4e22, @multicast2}}}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x200}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x800}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfced}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}]}, @TIPC_NLA_MEDIA={0xe8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd1c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xaf7c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}]}]}, 0x23c}, 0x1, 0x0, 0x0, 0x10}, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 614.119755] overlayfs: unrecognized mount option "(>Rߟ4nlV?"QI_~yc 78Ul$D4X-ThG{LNEİݏDjS< [ 614.119755] ]F" or missing value [ 614.143570] overlayfs: failed to resolve '.Zv[6#yP0u]': -2 [ 614.228975] overlayfs: unrecognized mount option "(>Rߟ4nlV?"QI_~yc 78Ul$D4X-ThG{LNEİݏDjS< [ 614.228975] ]F" or missing value 20:08:19 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='trusted.overlay.upper\x00', &(0x7f0000000380)={0x0, 0xfb, 0xc0, 0x1, 0x7, "a66482be816bc6a9838c46574c085d9f", "db2f3b79ebc21114f049729a5a914248788d4ba7e922d1048009adc4bb2a789d8e07e53efb41e00ca0eebf19855ff4e3643d6924aa9b05120ff7486df1ccc4947ff43176aa4dfea6b7394b3580792f34a98ddcaad83948fa8dfe89b20b63588515670b05361d52c45b2223d810ca2277bcb54e3ffef4601ee5ddb4a5b93e3b921745e85a526fa2f10eade3cbedc9acc2ae6813533cc638187070212419d798e8c49fb348f254663e0ac125"}, 0xc0, 0x2) mount(&(0x7f0000000140)=@nullb='/dev/nullb0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='exofs\x00', 0x24, &(0x7f0000000480)=',!-#\x00p\xee\xb6\xc9\x9bA\x1b\xd6\xc0\x16\xbc*iB_\x8cg3\xe9\xd2\x03X\x80\x01}\x98\xf8\x1b%\xc5{/\x10\xc3e\x12\x81L|\x12') mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRES32=0x0]) rmdir(&(0x7f0000000440)='./bus/file0\x00') r0 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='k', 0x1, 0xfffffffffffffffe) keyctl$set_timeout(0xf, r0, 0x80000001) add_key$keyring(&(0x7f0000000340)='keyring\x00', 0x0, 0x0, 0x0, r0) lsetxattr$security_capability(&(0x7f0000000680)='./bus\x00', 0x0, 0x0, 0x52, 0x1) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:19 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$kcm(0x29, 0x2, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200002) sendfile(r0, r1, 0x0, 0x80001d00c0d0) truncate(&(0x7f0000000180)='./file1\x00', 0x1000) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:19 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) chdir(&(0x7f00000000c0)='./file1\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x89902c, &(0x7f0000000140)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 614.368813] overlayfs: filesystem on './bus' not supported as upperdir [ 614.467489] overlayfs: missing 'lowerdir' [ 614.527695] overlayfs: missing 'lowerdir' 20:08:20 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2ee6f5470bd399e4d5da9dd4b2eb5d609ba3978f50a0632d95571b1abdcae15604000000bf6ef13f4d96d494d6f52795aaaade5d7a2af43b88b0d5b103da732179c14c5e0f8ef65042d807cfdb5b0865975587ababc506b7f90117556056aa3b54c08cc87ba34b3a0efe6f8afac4971b7465dd38891925f23887cf06d45466a1b254e9f6e5e2dffb8f08bfb0f82b415e1c1ff6d9eac008d5faa9f0e3cda81a26121a8dc78fe8948a81142c1c47eb2448bdb19b594e2d45fd0411ad6d531958f0e4a7fcece579d77b0685d63b77882b5c4f612605d45dede425e04e19ab8c94398f86b64e33f62856b5b2c74bf5bb82d9cf29"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) bind(r0, &(0x7f00000000c0)=@nfc_llcp={0x27, 0x1, 0x1, 0x6, 0xfe, 0xff, "8b324993f9ba4bf44c68f6d48d4a7882042660078ebf5169e350ceea8ee16f71c55f30496600138a9349d6b72a47ce995f0da1896c11877355a40d802459e6", 0x3e}, 0x80) unlink(&(0x7f0000000200)='./bus/file0\x00') r1 = socket(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@getqdisc={0x28, 0x26, 0x500, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xc, 0xd}, {0xc06cfd2f1d061d0e, 0x6}, {0x1, 0xb}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x1000}, 0x0) 20:08:20 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') syz_mount_image$msdos(&(0x7f0000000a40)='msdos\x00', &(0x7f0000000a80)='./bus/file1\x00', 0x532, 0x1, &(0x7f0000001ac0)=[{&(0x7f0000000ac0)="3c73721189c7048e4a20a48a6bab70970bd2ba37c0899721a11c3ce4e27723f62907c97bc3483daa4f3b5152808234dc01b890a523b3fc9b63e26c7cbd7321060ed946e02d4d4f892ab83e301df028eb2d4f1f471861fa646693d039567de478e4f49510c4e6189f710589faf692fa59545964dd3552c0a5e432e085460618a82cede5974aa65baa6980819ccb9e2d3a93804206f4be3c628fa39df032ddfe81d1e68711b66f7feaced0eaee501c5c1f78f075dc0b1d4963563108320a3ecc38546706c657aafa28d373792ed49d7bd3edd1e6bd07fd5d13a77bb06b494c90cfd700e61da648b55d7b64f508293b46a04fb1aa4f5d9e903d206afad9cd52d024df27cddb7c41b722787b743c1d949e75997f1fa6c7e8970413faa2e3eb066bcadf5563b22da6459a9c77b086ab25817f10a51bc3fe7ff1b128557ffdbc75e1c3ddd7e3fe3e70f7a0e92f3c1c9c0d1948482c769397c9b86e3e1081e768e65d4301150a3ac0c463e92623f8963429199070b5e0ee1f4608f48a6dfc4e94fd8e9720d5b350da17fe6fabdac60f397575435ccb7d1688ad6c8ce6fe6a462c24b9ae0e07d1564fded8ae722a57373997cf3f983ea0d0ac2b8a5244235f505c3486511c7407d244b2cb568f89f583467e09dc976bbb82dc86fdee5063bde3414431e7e72b6c02a6c20eee7b516572b86dda959c0a067f7a1aea4b891de01bad30ff82a78bc9b8bd693edb5c57b2d5a08d3f59fd01911b074e74cae56e4ba428399d95af10fb38a7d6a9496bcb71c874c2888af4479a83e5a95382c823a5ce2cbf9e5b134f84b66afc5d8bd9372aba01abc270cc10166e3c150ef17a2a8c484030ba55bcba3eff5b9b57028fe29bec93d97e6915bb4ccac357e604056207da0d572043983a30a3365cf0572fdbbf7cd0c9d9904fb17ad603d7b36251175783825b7b841da2abaa63d8379744252e8737540fe7fd2d4eeab849423e414264adb41e0fb4332e4e65b7c4cafc58cd1d55e2578ddaab81523c250557b089700f3b8a5f2735ca7c0305293831666ed1ff88826f7fc4682a3260c0e3259d921842974fb6eeab7b231cbceef905b81b730c3037094f78721c67d5d607cd940c6589bc136dc693c004c7e8c50177473d5e9d1f41a30d8a6795cd023504e950c41c36ba140591608ada6540cb9a06cee7bd2cce09725fed0cbd9ee155fa3a7df5d410f80dd2cfa2989aeb92aff338876cee67aadcdea554d4db6105e7f2a06bfc31c586f3fea35ebe786e7a7109f2827cb6e9b2ff8ed731e9b4fd2f22280e18adaed97bf1b28cb76732b0b946fb789d928d34f3909ba3c3b0933643741b4675a7c50d976e949711fc08680fae1c33686239d998d7ceaf7f69131d6dabbfb85469541cb25271eeaeb05ed12d542474028b507f48b1ffa3840148938bb395c41765d8182cac3b1d8dcc3981813e999298c8e94f7b2f1ef587ea1cf3c8e8794c49dc7ac46965bd5b6cec7aefac87a25e5c1e01e8d03b1c495dff7b86a46fc3efc7aafa42de63728bf5b5d39874c544f365a1298eee27ee9b2d6b905adf5ab6e590ecc7d8dafe09f50678d5765c4b93d696d5a7a9b0864d2ccda329b6f2e123bd1df6b89390e379745464d01408dc913b0b366df93a487c8898a558fb5323c48cbaa6218415729de9eb806d6b682c80b3e84fd769db27b42259c77da0eccf55ecf2c71fd574234bf15f7eee9391dfcc1ed65742b2a071ecfeaccc49d32b66952139cb6914e6f0f71147b99ab754ca9b17e83028d1ec7b2b013d602b34d5040786c61ae2d302a32d84c026adf2f663ea2d083c94604f80bc231bbb1a2339cb80d8d3db2c96049a3ed329b63881aa8db275a417f9cfa6c0f29806ed3fb715b1de52e7cd2d3d7230635214da0281afdca02a5e99aa83c44ee337f41fe8335958ebe2867de3c1dda5169a1651874d48d95f6f0104f8f80fe44e816823e0aa4c641827e2fc5f64bd1d4ce0ecd16b127cf4596bfb7c93d7d434f104dcea32d34a0dc6e100286d280e40dadc12730a98c7ed29937377d2ef8e88d28af6a81f4fc06266fea8bd5fd076adf657baf4b31050e007dc59e12fc9b253c99fc63be0f47b837f381a071dc8a69e144abc253bc3453558179defb41c1375c828fafcb7cada7cd9b3c4960aa4c39e07e2687010e47bd07ca419544ed6649e47f134535cf06712aa5fd4ce492ccfe417cd20232329d256fee93a0db4c46dd349be3c3dd4a62c6a4507def933ab2217aea14865bf6c0b3925e0de374d76ee72d3e7545c6e8d3445a0b88f37b1d62f006b70032ea06971f2ea83aa6fcd5ff0fb9a9e8433454f35c226a94b7cc8625dcd40bb6ee2138c31eec27546e3e4309fd967aadf68580f813fe32016f6be723b47bfe6baaf82a7988e012b832ab65b4ffddb0847a3cdeaf37ed3ba7f3b50adee977dd803cc1f7c9b5439fdd350661057c3d9c4fae4aba5f2749d25d21174bfad2bc81e04964fe9d10cbf8b6f880157112227adf015218ee609c213bebe74c98eb15fb3a968671ff65a30c2039cffe5cb77c161aae610fdb4d0bd6f6c3829c3f9b090a67023e7eecf333080b71781ea9dbbe2c49a69f74f90677738b4a4219bb465e59178d6f52870c8812e3807ca20274d19ec01739a947013c0ecfbc00b4f191cf6940d014f64f11f72a9f524970057ec24872c1e52da34f2cbbe5ed606d1f92fcec455bdb5f0dce837cac0454c6e224f6647a8ad99283d1041aa4373215660032c7c85e2e908ec226941b9c07982c01e7eb405a2e2dbff847087a867ec93006698f159cff016c453edd4be783360913d18e5fce3766ce0b37c1bf933b4232ea3a4c69566f6279a4bdf99a166e949f39e2fa408376999f697edc0b3dcb00f97ebfe3a20faaee87b109d368a91ae0251603c555cc8b728825d58d97f626c7692c2cf7b555df761ddbcad17519c01dc16c35056e1501862724f6c4b88d4e02788b2069fead52d3c85e97f142868c035107c8de08d2fa1cfa54a7c46c442ab8dbf2f30825c12581565edb7d940499670ee600d2ae86af2b7779c7e47773f5167e46fba44aa4f48243033dc06cb139b74a443ed0b022963e15b22f015c4f4f16e86d1f1afac6719a56163f01fe290e910c934ea80d8f3701e4d8ddbf9796a97a9832c8f82e2a60b54ceea081af675c6dd8f9b041c259f1e26d8eafc395086da902dd1f886c70f70a85ba329c2ffdd6354fd954e842eee7578677d6cf58f5fd92590b384ea538bde0228f7c271ea6937000d72f446deede4a1674ecb1c71db3e9c9ace393f217b44527cbb5a2c29e672c4396c86c9600103ead57be18029c65bae08dee155ed3139e96e32dbdbd3892cf149b05ff6b40b64144547fd3dd29c324ee66f303648f44f972ad60c7fe2c42777058090db696d0f0ce6235c24116a0c90217e077d4ecf59c1eba81c365ff929ef22c73455aea19ed98ca76c90aaedae50d989d465e2f752d3aadc50281c8f1418bca0bdf32246fc8ab8214febe0eee0032cbfc8f8822858613dc036d01e116bee95a7b3bba0348040469aa867f1fd46c00c5e605ad9da90fb0e0fb5bd7e9cf5fde09419a1346137aeb89c4e6c362034c4572a12d36618f6619ad1bf25b608e299430f678a8c3666de87997e6ad8d7fd3766a5644e16ce03a9f554238995a43bd0d9b3b4352398e72506f8d6545fdd0aa167dd331c2f56289d36b51482e7120f4f4d3782e98c57ca30805cf28fb78399c3dd48eb80f062f4df25e27e88ce819f83af22c58cffff1dd1f582af8ce14f3aba39d4fce63960ceedc8943aaec01346235371d4e9cd6631cb1157f3a40a3f20b2a128661e2bdcde24c20cbc94f96a22bfcc6769619583c7f71e2623156bc81dd447ed221a057b5c62786ffa9035775fce6439eab06374dfcffdbc08ae0f6f784f5d50ec5e0ae859b07422a0747a8c71eb04fa6962833cbceb1dfe2579b26f0b7cced143c5084e069812a9bc30fd2030fdf942abebc7d63644ee76cb39904eb166c5d2914a30988a35c98fb475e09fb48cd26bc289ed34f5dc93f28e73106f3568a1d2397c45944143c830bad531c3310837b661610aa5ce901ba2aaa3e2c037a003d221d6746b59f32842cdddf9ef83a636d18fc96dd5045b2ef0ffef630c1e3952e962e6074452998d4fafd87354137427c09e5ce73c4ba468aa1464741cc24e0234c7c21a07509ffeec32c62e37316962011e1a298ff0236bc0498f302bb9092efd9eb156e41bf2cd2ba605da93402254d8c88b8814884285d5940cfa4208804d6bb7387fbc35ca771af267a7385e9a1791a59a00a9c1e558e0b34a6229dc4a74d8604c5ad51066c86e274209c788c71c8cc4650c05d8beba62959d1edd235dbcc13b2d131f3873052546e94afb3c470d798e327eb1d8d1cf72f7a5722660c1ea33c59c647d3003eb48b00c10056c15fcba736edd7c42fadf169df1f666878933498ac87901076961dbc861acc5597baf6a5cae0cdb49e18ca7ada6b4f626ea4c9b1fa598717ef9b0517994949edcf7ec071f867fef69589164a40eb57df67b515adcceb210da81597d2dfb77836b1086841e5319e537d0fbf07bea4ac7fb0eb24e810f7d1d6f1606e9481810cfaf682bf3899db173b611747cb78855144e7af750be01ec570251d7c083552040655bf22254859fb08847216bbffda6c7ea00c37dafd076decd84f11474acb484e8a9b2de3af5cf22cd2f8deb84930b269bcfb43fa6cae16868512eb5f2ca147dac8797a7729ea1f3ee352f0dd35659c24b9a97fad7991ad7614df46fe67132e31264bb549549d920694e0211c2627c1c813be73f807cbce41554a39c479a11276481ccde34519eaf45f6df2d1458af5d2b1f4e41b58d4697111271401c8d456983f9560e250dd98d4d12eb3ec58904ca077eca2683641ac03232894c3ad6d1e7862d31b3bce67481a1f52404200fbcaf246ee2a85b93be72d86013c9ce75d9ce6d31e04117efe481789d0606d9ab252e0902518eda90e1040d436124542adc6889763a96aca63e37fb6bfbec24f771e38f6790b9e46f8cef5086345431ed34d8314d01e197d95f670239443ba4a4d86d8d16a6509091daeb149a5a33f05e274b49efa77cca2fdf69abed26c3c2ec0d1cfefaf34edff25bd7bd665022747a8eb85c622c3c94d742dcbdba2da8ba499a0e2e873c1ba0f01eea8731bc2a53cb2a04e39ec7aca58c8194a3d0b63939667834842143070b4871d6234a1b26165e54eca53998dc73333e1f69e08568e58fb4a52a6e2c1caa898b0a91395b9b4bd68f71df03393d9461e05cba1249263d303c5971b976bc7b35e77beb02d1ec65ccd4152ad3d93f56686e08546407c06f826b00b9b9cd00e6af60637a28ef809a6d490226f609701459804b5c9fa805320aa8d3e3dad016655fb718b954e828e89b7adcf315ecaf0cfd54c4bf4c77af3f7cb52fe6e39b82f114f6ce7d08228c53b47487d6b90a2fee410491fc891711bb457376c54140667eb786e1ba82aea918e22d7378f01c48d37ea3e31edfd1101f1b4279b820dfdc0c0bb61060afcfa1556ecd82b8e16577117012eb19141c40be5ef1c5d498dd6e7687f5e9e5d185a8034ee424bc1bc8b5a6ad3b5f0c5358ef7c7021a0863c3370768e0ba06c5e506cda1773c60ae5c2c26584aaf458944a1dfec8f211acc743bab95045f6b05eae90c04e57a0da3d97ab0d1ae52d72ca30e545142a003579158ecd9d007f1bc5a5234db5eceefa0fc8f20ec03dae756667b50a9f375080f01c8cd52e1a", 0x1000, 0x9}], 0x0, &(0x7f0000001b00)={[{@nodots='nodots'}]}) syz_mount_image$hpfs(&(0x7f00000000c0)='hpfs\x00', &(0x7f0000000100)='./bus/file1\x00', 0x800, 0x7, &(0x7f00000007c0)=[{&(0x7f0000000140)="9930b17650dcd08327a4180ddbdae7028af97b62b02573798097930c0e19f33ab4167ec919850b044a5b06b0922289151ed34cc024c63d1db6d89e5d645f52bc52778faa85e6e4820b80ab816d82ec976597485c09a79c74a392463e9f07dfec1c7b3cc51edf1f39282173b03a694a", 0x6f, 0x6}, {&(0x7f0000000340)="640830d6086c8ead5e02c17356b293d08050bbf8be2378abd953a6e04ee5053566d09fc55832f6eeb827d7e3b94656d8e444126ba2f32bd110a475847da39413264a982662b96a7eefbb75fe4fc0908141a69e95418182d4eccfa5e3b33c477143045c30b811e3de37da6b78835dbfa4c394f49fcf115197f6851bc4b55507bf6d7b62ace2277e3cb1ab706e9becc07e5c6b82d6e76508743ce57f90791e681da165021bd68eb828d98dbac444b1e32954a7220e743ee54762edc7b2a030d57ddd901ab1670ce6b0754e7140f6", 0xcd, 0x8112}, {&(0x7f0000000440)="c070a2302c3564c3217699506806d3dc25dda6137b134ad3545e230ba69a7b6640f75d8d9c60def57708fdc7d4bba38fd08982957c99781b4d95f05a807b598a386ccc5961e26531c7a45276e75ecf1ffb8f3a85c5802a0c58", 0x59, 0x1ff}, {&(0x7f00000004c0)="ad7a23f0b390cff65884582f7a31695fd03d50b436f390b273745d964d30f4eb794df1df01eea5a20137cf9eb7a44f056d1d75a02d7a277db129238d5bd2abd8ef2d272d5f675689bd9ad5041ac923c8c600b9b833658629436dd79fad92419e1b5e256487029a332b989312ce4bd3c84db27a4b21c19ea2e39b13f2b47ea3099e7e2a56322fa5", 0x87, 0x7}, {&(0x7f0000000580)="e11df658fe3526b351828c033462dd8580f52a447b168d590d81331acaff142ec959a153a77d113446481bb15e43e1bbdfb0d622762b39bd4cd5f6b718b4b46ea0f40edb57b6e6e9fac263047867de2da4ee5cce56a060b538046d8eb8e4daab478be45c04e6", 0x66, 0x7}, {&(0x7f00000006c0)="55e1bbb6612782e1cf27c781fb1da18bd6d716117e03e94041d0d2caf817cc359299c4a83db6794bda829afbc0887be1ec43ac33b55fcf0085af813e609ac05a484990f8f6e6bc037ad5944ac742095c1a7c13f983bba9747e0544ab69f55f8e01d62b6d994d44a34dcb59b01f50a626411d9d4db69c6b1fb5e5c9a938c86d1a15e7bb1b79ab01eec1bc64c5fad39cacf7d0eb590f8221dbeafbf6c49907fc9dc7815aecfce2abae06f5932fb42e6e2bb39e8f31f063c6303c95e9c58f581b80d373501448ea1a710f9bb39a4964f240176cba489a741ad359548e656ee36af5fdfb175c67a6ae0c2c33c47a1474ca105f17547b162e53f3", 0xf8, 0x3ff}, {&(0x7f0000000240)="3d9a1ce9bb119168aae9c14d238e04cc320699", 0x13, 0x1}], 0x0, &(0x7f0000000600)={[{}, {'overlay\x00'}, {'^'}], [{@fowner_eq={'fowner'}}, {@context={'context', 0x3d, 'system_u'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}]}) stat(&(0x7f0000000900)='./bus/file1\x00', &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000880)='./bus/file1\x00', &(0x7f00000008c0)='overlay\x00', 0x800000, &(0x7f00000009c0)={[{@nfs_export_off='nfs_export=off'}, {@redirect_dir={'redirect_dir', 0x3d, './bus/file1'}}], [{@euid_lt={'euid<', r0}}, {@uid_gt={'uid>', 0xee00}}]}) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:20 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$kcm(0x29, 0x2, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200002) sendfile(r0, r1, 0x0, 0x80001d00c0d0) truncate(&(0x7f0000000180)='./file1\x00', 0x1000) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:20 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) [ 614.688653] overlayfs: failed to resolve '.G әڝԲ]`Pc-WV': -2 [ 614.744450] FAT-fs (loop4): invalid media value (0x6b) 20:08:20 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c65312c6c6f7765726469723d2e00000000000500000000000000"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) r1 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, 0x0, r1) stat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000004c40)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r2, @ANYRES32=r2, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB], 0x8c, 0x0) r3 = getpid() sched_setattr(r3, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x7, 0x3, 0x0, 0x2}, 0x0) ptrace$cont(0xffffffffffffffff, r3, 0x401, 0x3) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001880)={0x0, 0x0, 0x0}, &(0x7f00000018c0)=0xc) sendmmsg$unix(r0, &(0x7f00000019c0)=[{&(0x7f0000000100)=@file={0x0, './bus/file0\x00'}, 0x6e, &(0x7f0000000180)=[{&(0x7f0000000340)="be977a21f52a233603c00d1163bf993aaebfd90c8a0f2711f604f6a4210a295d1535c1bcff568c2e75f3c8110354020844b69212fd6d99d566c8831c53436a8ad89639a630a09b679773f20dd663281a0c8d11afd2ccf7b04e75cad742c60a1f1ae4acaa622e913418deb8165ba6161283ecc7459253bcde0daa8ab650e870134e3f09923d4b73b284e87d19cc534c09aa988413f8bf560d1c2cfbf6cd0053a151fba5417c1319453b6988cf41a1de8fb5e42e962159d5d028b2b62d17a6c93f02895a3c2fd0199f256f3c5bcfedd0a31e0e2cb7aab225073cdacb05c8cf5c5d4f010ed2d430c30ffbbf01c329", 0xed}], 0x1, &(0x7f00000006c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, 0xee01}}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @cred={{0x1c}}], 0xa0, 0x4000}, {&(0x7f0000000780)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000940)=[{&(0x7f0000000640)}, {&(0x7f0000000800)="1599e2367ba01085948b7ae7af95b9973a0cf05a306574956dbe3cb1d76890ad9f5e39d0605894d30e3cb0ca398a582c1e26f65d06879c5a98b1d7d5ea7f9d76da5881445bf41d4f8c48a9a2b8c40648716213908c7a91785537d877cd75eba6ccc4a2698fc1a73423eb53115f701b29e6c43301070f867453a1daa4049301479ca2dc5080caa83bc19252ae8c8dedf4ee60aac01e199be28a26605d8dbfda95ce5d28d6ba2e07ab56a85e14e1e015f4097cf4f498044ef42b9438c6c5ecf8efa4293195823c9aa8ed3fc5204167d53d35fbbce9d443", 0xd6}, {&(0x7f0000000900)}], 0x3, &(0x7f0000000a00)=[@rights={{0x1c, 0x1, 0x1, [r0, r0, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x60}, {&(0x7f0000000a80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000b00)="7220c66e2d28af412ba6890000080247e33eb3b68e55acf3f793c46cbd0d2ff8481f4e8464d1c51d154fbf4b424f455315b0fae4dc2e3e039e7eb7a1e551b891b0b97c73daa393411ca6c434a43ba7b2fd531879e3d2caaaab", 0x59}, {&(0x7f0000000b80)="71e461c314510077b276c66b751a1b6548bab8dea4619c9ef5a6fb0d2a124c53b7a5f5b1d888f125649015a659ea4bc6e777c028c2bfa9dc63bb87dd429e541eda65acc1ad4fe8ac048ba56d60e31c0b", 0x50}], 0x2, &(0x7f0000000d80)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @rights={{0x18, 0x1, 0x1, [r0, r0]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, r0, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x80, 0x8005}, {&(0x7f0000000e00)=@file={0x1, './bus/file0\x00'}, 0x6e, &(0x7f0000001180)=[{&(0x7f0000000e80)="d9029209c564d90a49f6b4173692af910c3cddb4e7bd7b040cf9b8a47b465a49b53259f4b2b3129c5c5a60df6e4451cbada6e8c8ae057f8e57adaa08cf68265d8c30", 0x42}, {&(0x7f0000000f00)="a95189bb1711388c6c0c6af04e09da7787f8128eca436818db92604f25a4b3dc4f7c52845b18e0fb8d111e4ac0c990817f7a6677930dddbacb5eadd21150b194395573e45803a29998a1231d41e29c58a2becad8463a8d4bcf86791db0458f31fbc2e3d9d5106f2055c1efd6b6df25fd378bd61e95b27377cae79eeb76cf34f0c33d326ee6f2c83052fb03301d3742d496fc8c34414e49ae0265dcc0444ec921c07b0c063145", 0xa6}, {&(0x7f0000000fc0)="242a1357e07816945e6ed43cfd84c37ca3ce93858bfd03ddfe0acf8b6e88cf538709c2a1e342347fb069ab12794861a22ece909ea50811d5f8e48d9649f25438988fb294b148143bbf58bacd2de51e91db240ddfe3e3e72a7dec2b012bfa739bb5f8938d01f5896a520e5bac4d15d9a7da2d4f24384ef1e68f6a6ee2c9a016d1f8b66d72a8cccb7a3fee2ec58b2bd4d565c1feaa09fb449b829db8b97e4e71dd56cbeb3795d67a587dfb9101abb044b89d340a55", 0xb4}, {&(0x7f0000001080)="7790c0cdd8e6266e8b2a7c0597d283a01e3c8d854e459a3816c8392846f4800d5ca17f12b4c23656ca02056bf0ff12706e4a6b97c3161857994d258e40371c88d6aab73b14d638e73dac828cfb2aef45b3181a33201790290c488e1628301db968b6778bff9c82d5d480dce1a38549c58d3e170f392b2a107bc910768598b8c870744fd2d7cd8f30af89be089f7ced544df7d4b93c39", 0x96}, {&(0x7f0000001140)="695ff7239283d807601a7e13beb2948504d1495ac9c1b8ea24a3f622c912ee85de8ffb2596c75963749b040fc384a88939e66a2cd91f0c6cea9c", 0x3a}], 0x5, &(0x7f0000001340)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c}}], 0x40, 0x11}, {&(0x7f0000001380)=@file={0x0, './file1/../file0\x00'}, 0x6e, &(0x7f0000001580)=[{&(0x7f0000001400)="824e17b71953e53b2f0435ea5c9ca672da60202ebdb601cb84f28c0d6728cbf052a8199069699bf1850a64f9484b42308962b2c5360bfb68761ed0d6a951c5baa5ca0213984790746d57f0a3ba3bebbafa2a2d41dc47b01b6ac6277e62c0d643375134888041de458958e0069c8f91b8356033181cb50a", 0x77}, {&(0x7f0000001480)}, {&(0x7f00000014c0)="ab7e4f90b324124b5809c6c846acf9e5820d74a139ff4e56ae93e4be3e15be1415b8d2d1ce23fd869aa269d27bad617a00c01302b87c8a5faac5ccd2566b9aafe076dcdec824703b8bdeb2a325dfa8a23cda8c4e1036b529293de4ae050432b674e3247ae0c330efc7345964e69b7f56adac668051781cafeb95a00980f04bfb71cf542f4064b1049de4ea874552689fddd7e67e9be9df8e740b28afa54565322b35bacf8bab48a96b6be3a1429dd7e32b07dc0d", 0xb4}], 0x3, &(0x7f0000001900)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r2}}}, @cred={{0x1c, 0x1, 0x2, {r3, 0xee00, r4}}}], 0xb8, 0x4}], 0x5, 0x4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 614.769746] overlayfs: failed to resolve './file1': -2 [ 614.778126] FAT-fs (loop4): Can't find a valid FAT filesystem [ 614.797438] FAT-fs (loop2): bogus number of reserved sectors [ 614.810150] FAT-fs (loop2): Can't find a valid FAT filesystem [ 614.839272] hpfs: bad mount options. [ 614.868939] overlayfs: unrecognized mount option "e1" or missing value [ 614.891977] kauditd_printk_skb: 14 callbacks suppressed [ 614.891987] audit: type=1804 audit(1617134900.383:2617): pid=15353 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1060/file1/bus" dev="sda1" ino=14408 res=1 [ 614.927110] overlayfs: unrecognized mount option "nfs_export=off" or missing value [ 614.941686] overlayfs: unrecognized mount option "e1" or missing value [ 614.957330] overlayfs: filesystem on './bus' not supported as upperdir [ 614.965362] audit: type=1804 audit(1617134900.443:2618): pid=15368 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1204/bus" dev="sda1" ino=14394 res=1 [ 614.996848] audit: type=1804 audit(1617134900.493:2619): pid=15368 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1204/bus" dev="sda1" ino=14394 res=1 20:08:20 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mount(&(0x7f0000000240)=@filename='./file1\x00', &(0x7f0000000340)='./bus\x00', &(0x7f0000000380)='ubifs\x00', 0x2000020, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') mount(&(0x7f00000000c0)=@sg0='/dev/sg0\x00', &(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000140)='hfsplus\x00', 0x93024, &(0x7f0000000180)='\x00') 20:08:20 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1060bc48}, 0xc, &(0x7f0000000440)={&(0x7f00000006c0)=@deltclass={0x548, 0x29, 0x20, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x10, 0xffe0}, {0xa, 0x1}, {0x10, 0xa}}, [@tclass_kind_options=@c_cbq={{0x8, 0x1, 'cbq\x00'}, {0x4b8, 0x2, [@TCA_CBQ_FOPT={0x10, 0x3, {{0x0, 0xffff}, 0x6, 0x7}}, @TCA_CBQ_RATE={0x10, 0x5, {0x85, 0x2, 0x2, 0x702, 0x2, 0xe5}}, @TCA_CBQ_LSSOPT={0x18, 0x1, {0x3b, 0x1, 0x14, 0x1, 0x63, 0x3, 0x1, 0xff}}, @TCA_CBQ_FOPT={0x10, 0x3, {{0xfff2, 0x10}, 0x4, 0x7fff}}, @TCA_CBQ_LSSOPT={0x18, 0x1, {0x21, 0x3, 0x3, 0xf9, 0x5098, 0x40, 0xffffff9f, 0x638a}}, @TCA_CBQ_FOPT={0x10, 0x3, {{0x1, 0x1}, 0x6, 0x9}}, @TCA_CBQ_RTAB={0x404, 0x6, [0x2, 0x9, 0x1, 0xfffffff7, 0xfffffff8, 0x10001, 0x7f, 0x7, 0x0, 0xffffffff, 0x8, 0x10000, 0x0, 0x9, 0x6, 0x434e, 0x10000, 0x7b0, 0x93c, 0x4000, 0x1, 0xffffffff, 0x1, 0x40, 0x9, 0x4, 0x98, 0x4, 0x2, 0x1, 0x2, 0x81, 0x88c0, 0x5, 0x5, 0x800, 0x2, 0x4, 0x80000000, 0x9, 0x64f, 0x2, 0x800, 0x4, 0xffffffff, 0x3, 0x8, 0x9f, 0x7, 0x800, 0x2, 0x80000000, 0x3, 0x80, 0x101, 0x4, 0x1, 0x5, 0x5, 0x8, 0xc714, 0xffff86af, 0x6, 0x800, 0x3ff, 0x0, 0xffffffff, 0x8, 0x2, 0x6, 0x0, 0x1ff, 0xee, 0x4, 0x7, 0x3, 0x4800, 0x2, 0x5, 0xb, 0x40, 0x2, 0xfffffffb, 0xc0000000, 0x6, 0x2, 0x9, 0x2, 0x9, 0x1, 0x85, 0xff, 0x1, 0x8, 0x100, 0xffffffe9, 0x3ff, 0x7ff, 0x10000, 0x7, 0x1, 0x2, 0x7f, 0x8, 0x9f, 0x8c67, 0x200, 0x1f, 0x1, 0x3, 0x8, 0x5, 0x8, 0xd82, 0x9, 0x3, 0xcc4, 0xfffffe01, 0x100, 0x100, 0x9, 0x1, 0x3, 0x3, 0x89, 0x5, 0x9, 0x1f, 0x7f, 0x80000000, 0x1, 0x5, 0xf5337fa6, 0xffff0001, 0x5, 0x0, 0x63, 0x7, 0x3ff, 0x3, 0x1, 0x147ce15c, 0x6, 0xff, 0x1, 0xcbe, 0x7d1, 0x3, 0x7fff, 0xffffffff, 0x2, 0x0, 0x1, 0x1, 0x0, 0x2, 0xff, 0x1b, 0x400, 0xdd, 0xd108, 0x3, 0x0, 0x1, 0x5, 0x8, 0x7fffffff, 0x1, 0x3, 0x400, 0x7, 0x6, 0x58, 0x2, 0x3, 0xee47, 0x7f, 0x1ff, 0xa0, 0x1, 0x7, 0x4, 0x9, 0xfffffff7, 0x297, 0xfffffc00, 0x8, 0x2, 0x101, 0x81, 0x6, 0x0, 0x8, 0x7, 0x200, 0x8, 0x8, 0x2, 0x1, 0x3a35, 0x2, 0x8, 0x200, 0x4, 0x7, 0x65, 0x1ff, 0x81, 0x9, 0x3b, 0x4, 0x80000000, 0x3224, 0x3ff, 0xffffffff, 0x846, 0x8, 0x1, 0x7, 0x81, 0xc8b1, 0x0, 0x0, 0x9, 0x302, 0x5, 0x8000, 0x0, 0x6, 0x8001, 0x9, 0x7, 0x2, 0x3, 0x8bcb, 0x1, 0x0, 0x7f, 0x1, 0x4, 0x6, 0x1, 0xfffff800, 0x401, 0xfffffffc, 0x1ff, 0x10000, 0xf, 0x9, 0x7, 0x1, 0x9, 0xfe40, 0x3f, 0x3]}, @TCA_CBQ_RATE={0x10, 0x5, {0x5, 0x0, 0xe0fe, 0x1, 0x4000, 0x2}}, @TCA_CBQ_LSSOPT={0x18, 0x1, {0x18, 0x1, 0x14, 0xf2, 0x1, 0x1, 0x1, 0x4}}, @TCA_CBQ_LSSOPT={0x18, 0x1, {0x22, 0x3, 0x5, 0xf8, 0x8, 0x101, 0x1, 0x7}}]}}, @tclass_kind_options=@c_taprio={0xb, 0x1, 'taprio\x00'}, @tclass_kind_options=@c_cbq={{0x8, 0x1, 'cbq\x00'}, {0x2c, 0x2, [@TCA_CBQ_FOPT={0x10, 0x3, {{0x5, 0x4}, 0x8, 0x87}}, @TCA_CBQ_LSSOPT={0x18, 0x1, {0x2e, 0x0, 0x10, 0x4, 0x6, 0x8, 0x4, 0x1}}]}}, @TCA_RATE={0x6, 0x5, {0x7f, 0x5}}, @tclass_kind_options=@c_ingress={0xc, 0x1, 'ingress\x00'}, @TCA_RATE={0x6, 0x5, {0x2, 0x3b}}, @tclass_kind_options=@c_sfb={0x8, 0x1, 'sfb\x00'}]}, 0x548}, 0x1, 0x0, 0x0, 0x40}, 0x1) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') stat(&(0x7f0000000180)='./bus/file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x84002, &(0x7f00000003c0)={[{@upperdir={'upperdir', 0x3d, './bus/file0'}}, {@workdir={'workdir', 0x3d, './bus/file0'}}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'overlay\x00'}}, {@euid_gt={'euid>', r1}}]}) 20:08:20 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$kcm(0x29, 0x2, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200002) sendfile(r0, r1, 0x0, 0x80001d00c0d0) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:20 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000100)='./bus/file0\x00', 0xdf3f39d7c0cace8f) mkdir(&(0x7f00000000c0)='./bus\x00', 0x4d) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2ea24d470163b3836e312514be9ee928cdd5b07473e9463be5e9c66797e8f63983dcc11e45a3f37ef109788ef147449a00cf39ce56"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x2) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 615.028519] print_req_error: I/O error, dev loop4, sector 0 20:08:20 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x410a00, 0x0) recvmsg$can_raw(r3, &(0x7f0000000280)={&(0x7f0000000100)=@ipx, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)=""/76, 0x4c}, {&(0x7f0000000200)=""/37, 0x25}], 0x2}, 0x40) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000001480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001440)={&(0x7f0000000400)=@newchain={0xb18, 0x64, 0x4, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x10, 0x5}, {0xc, 0x2}, {0xd, 0xe}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x19c, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x3}, @TCA_MATCHALL_ACT={0x180, 0x2, [@m_csum={0x17c, 0x3, 0x0, 0x0, {{0x9, 0x1, 'csum\x00'}, {0x74, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0xfffffffffffffe2e, 0x1, {{0x8f1, 0x1, 0x3, 0x1, 0xe68db0a9}, 0x3e}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x0, 0x1, 0x9, 0x5}, 0x42}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x7, 0x6, 0x480}, 0x78}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0xfffffffc, 0x5, 0x5, 0x10001}, 0x78}}]}, {0xe0, 0x6, "cf1e8c8999c6af763df2e9c4e0b68b552d83d7fc4ca8b7accdf743768a88ad42ef4815fd279e6ed3d53f2095f3bbec8ad989af7554f921b94a4e10aec8c617124eb4a8db2e0017ec5db4f5baeaae7f325235c9df62496d400867d9da7e786b9651ffdfb1123941279b5ee3688efe5760f21cfe7c669004aebea9db4c443b78e2bedcb29ac1fd6302fb02e9d4ba72cc6ef733053959480881e14082e12172d05d9acc9367e8776dea51bcbd59d7f3199c0e60b6abeefc73a414313dd3000b33ad03a88b3ff0609dd32bd8f98d4151668e37f34fdeee27e60ae233598f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}, @filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x10, 0x2, [@TCA_BPF_FD={0x8, 0x6, r1}, @TCA_BPF_ACT={0x4}]}}, @TCA_RATE={0x6, 0x5, {0x1, 0x1f}}, @TCA_RATE={0x6, 0x5, {0x4, 0x3f}}, @filter_kind_options=@f_route={{0xa, 0x1, 'route\x00'}, {0x524, 0x2, [@TCA_ROUTE4_POLICE={0xc, 0x5, [@TCA_POLICE_RESULT={0x8, 0x5, 0x9}]}, @TCA_ROUTE4_FROM={0x8, 0x3, 0x43}, @TCA_ROUTE4_TO={0x8, 0x2, 0x42}, @TCA_ROUTE4_ACT={0x4e4, 0x6, [@m_vlan={0x140, 0x14, 0x0, 0x0, {{0x9, 0x1, 'vlan\x00'}, {0x50, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x5}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x9}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x305}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0xffff8001, 0x401, 0x3, 0x7f, 0x7f}, 0x3}}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0xc6, 0x6, "166212e4a79eef22304cfa6e697fb9246280acd1dd95cb44ffea2843a69d1d560793ddec2e3f39f51fe984ae898751f1b41074f355e88cfdde2a0cf2c34fe55d84c04eebeb1a7e9da3e371bee459be7d3343723f85e5701a4e60e633a8a4f7916f559f842c0a62081d2b90360c11126b8c4235643c3566d10cd9d12e06435883f3aa752302d968afdcdc663bf0ff95cb3a05d908f751f44d5f55b2fd42046845b1bb946bbc5b28deffad701c53acf3e030c2a917c8284221a8258da6286e5e69e54a"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ipt={0x104, 0xf, 0x0, 0x0, {{0x8, 0x1, 'ipt\x00'}, {0xc, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8}]}, {0xd3, 0x6, "ea0034c51bf00fa091d77d14eb43b1b72ad65ce2f579cc1e0bda74ed0954465c995533c33657bfda096f593127fb43b1d0ca5ab01e1cdd8fdc0d20f8e212efdaeddf28a76053e27cce96df12839c2c8dc86a42cdea4533642fb822b0357f7998ba3c68caf98ac8c5e0462863caf0f69745e857799e9e97ee9200724c195222ce5d785f58478ee451024405ad0e8e0b7b33b294e1ef574de0afed699a57e6aea363852945e93908e4352e31fd5b4e05232598e20d4b46cb4a5da8a96a6935afe26a16880b6518cf23f72a09114b1a73"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x128, 0x5, 0x0, 0x0, {{0xb, 0x1, 'skbmod\x00'}, {0x80, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x3}, @TCA_SKBMOD_SMAC={0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @TCA_SKBMOD_SMAC={0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x2, 0x10, 0x5, 0x1ff, 0x8}, 0xf}}, @TCA_SKBMOD_ETYPE={0x6}, @TCA_SKBMOD_SMAC={0xa, 0x4, @random="3818a3fe41a1"}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x0, 0x8, 0x3, 0x6, 0x1}, 0xf}}]}, {0x7f, 0x6, "3566cdddd0e3b1e9f7fba3d973bf1288d44c9d76704fe06f11a0d2ddf1d9b873e3cddb72cc7d52d1da583b406c2196c99b856f1e78ff838f183103f3fcb595ed829278502e527bd439a07647c24df759be70a24e36f40303da3f515dcbda27307d2f0205c575c5915bf87c614e6f2ac51f8ecf13a366b9374fdce9"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_simple={0x174, 0x1f, 0x0, 0x0, {{0xb, 0x1, 'simple\x00'}, {0x88, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x4, 0x2, 0x7, 0x7, 0x7f}}, @TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x0, 0x2, 0x0, 0x1}}, @TCA_DEF_DATA={0xa, 0x3, '\\-(-$\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0xfffffffc, 0x400, 0x8, 0x1}}, @TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x0, 0x1, 0x5, 0x4}}, @TCA_DEF_PARMS={0x18, 0x2, {0x1ff, 0x7fff, 0x3, 0x1, 0xff}}]}, {0xc2, 0x6, "27e75908289a38e50c0f8b212966e32ec4c8ed8cc244a53aad4fa04c54f3517bf9b112694bcd907e6f091fd57de2b5b3de60e941a720c5d4986fae5896b348d297b7929ee10c806e5c65fbfaa5c3c8a3029253de1f1b44f038f64998b29b2481dcc552d5c4354a6572544b5b07ad6fd869430336fc6eaa9b67de15d4ac25b5b15a5001655c8250747acbe2c31f82b547f73af94e09bb55cee2ddcdd6aa99ac7e35ba809b12d46f1cb34b6bbe2210e8bef90968015ff05f5380812f4ed12f"}, {0xc}, {0xc, 0x8, {0x3}}}}]}, @TCA_ROUTE4_POLICE={0x20, 0x5, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x1}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7fffffff}, @TCA_POLICE_RESULT={0x8, 0x5, 0x7fffffff}]}]}}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x3c4, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private0}, @TCA_RSVP_SRC={0x14, 0x3, @ipv4={[], [], @loopback}}, @TCA_RSVP_CLASSID={0x8, 0x1, {0xfff3, 0xb}}, @TCA_RSVP_ACT={0x390, 0x6, [@m_mirred={0xa0, 0x1, 0x0, 0x0, {{0xb, 0x1, 'mirred\x00'}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x39, 0x89, 0x8, 0x5, 0x80}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x10001, 0x9, 0x10000000, 0x8, 0x2}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xfffffc00, 0x4, 0x20000000, 0x9, 0x10000}, 0x4}}]}, {0x11, 0x6, "1e347df28bc1d4119bf9841751"}, {0xc, 0x7, {0x253fb1d41b6f3232, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_mirred={0xac, 0x18, 0x0, 0x0, {{0xb, 0x1, 'mirred\x00'}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x7, 0x8001, 0x10000000, 0x8}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x131, 0x1000, 0x8, 0x4, 0x5}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x3, 0xf939cb22b6245235, 0x10001, 0x8}, 0x4}}]}, {0x1f, 0x6, "3634538b084595671ca0f1e51e105f0a636ef9f9601e237b694dd9"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_vlan={0x74, 0xc, 0x0, 0x0, {{0x5f, 0x1, 'vlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xc6d}]}, {0x3f, 0x6, "4009b4cf150f1e6de35d957fad57fd4e46ef47f2378694dc65ddc074185191f4c0e7a72a3d5e3cb5d8846b0f35595f9405df0ba6ae35f62d303ace"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}, @m_ipt={0x44, 0x16, 0x0, 0x0, {{0x8, 0x1, 'ipt\x00'}, {0xc, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x1}]}, {0x12, 0x6, "0bc4117245faf0e1558ebacde81a"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_tunnel_key={0x188, 0x12, 0x0, 0x0, {{0xf, 0x1, 'tunnel_key\x00'}, {0x78, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @multicast2}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x6, 0x0, 0x5, 0x2d31}, 0x1}}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e22}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x484}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @private0={0xfc, 0x0, [], 0x1}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3f, 0x9, 0x1, 0x8, 0x8}, 0x1}}]}, {0xe2, 0x6, "ab7302d1a51477e13a596f4ff84175c734f62c7952e5702736d91f4fba89c2e88ca97b4803c32a121c3b6d9ae836d7d3b17b05093b432a8550d702199bf7375cd37009482c08cc979f9c5276e66756813d053c127aaf2a9e7fc9827ff8bfc0f92c8deaa26c4fd7e890dd0f87a996d4173d9b2d11dc486371d3eecce08ab2b458b42d71a251219110b035b13ab64b1bbba973354e81f2795d8691e6362067557c77fcb35062d98b964239fcd113a9cdab3dc8b980530ff34a823cbbe16018049968b8af19756eecbf05cae23ee372479e30c70c43e063548db6c0d2f9dbec"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x8}, @TCA_RATE={0x6, 0x5, {0xff, 0x1f}}, @TCA_CHAIN={0x8, 0xb, 0x80}, @TCA_RATE={0x6, 0x5, {0x9, 0x5}}]}, 0xb18}, 0x1, 0x0, 0x0, 0x4000}, 0x8004) r4 = openat(r2, &(0x7f0000000080)='./bus/file0\x00', 0x4000, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) close(r4) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r5, 0x0, 0x8400fffffffa) [ 615.173145] overlayfs: failed to resolve './file1': -2 [ 615.183405] overlayfs: filesystem on './bus' not supported as upperdir 20:08:20 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$kcm(0x29, 0x2, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x200002) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:20 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYRESHEX=r1]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) fstat(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$vxfs(&(0x7f0000000140)='vxfs\x00', &(0x7f0000000180)='./file1\x00', 0x17, 0xa, &(0x7f0000000900)=[{&(0x7f0000000240)="f2222e74a1746fe5a4cbae793a012116357a90d780851198057781748b8c334064b0bed7c89d130cf171bc9016a5820f38a6f1424441975d975da002d9bc1411d53df3e30c09c73ebf76d7ddf91ccdd38a794abac83efb094de50626ae4aff466275cc1582afdb2faea515b08621", 0x6e, 0x7}, {&(0x7f0000000340)="aaea70bb7e57ba45e12fed", 0xb, 0x1}, {&(0x7f0000000380)="057220653d71c421ca5fb8d7e1c344f8cb6e6b016551d497c79db0a782d2bf2ca5fdaf48a6b6bee6aeff722847466a2b029185c7a4d126d24f504040f6afd8d66f", 0x41, 0x7}, {&(0x7f0000000400)="136d4a9aed2d2ccfb4bb0408b61706dd702278fe522cf427aa96c5339cc18df25cb2738b993e02cb14d234de8842072f056860cdcb650434f1cd86b0da05cf15a499325f2f2fa28b24c3b5aaa6883d1207f9d9dddd7cd9186fc17310c0456d901361dee10c612c5f9117493ed1e6d671fc20b54ff749d74f83ef2cc42b44deefec6b8ec216f5efcd5937cc37ba8b15744115610b1c8b3bc5ee81719e6a724f151222d7b26e9744f57c496d9ba4d3fe10a6c3a07758d58cab0140e6f8db47afbc33c04492aadc2524f9f6a39b7acba513694aaa320106ad9d51bb0583835908adbd098a", 0xe3, 0xebc}, {&(0x7f0000000540)="d19dfaad7b364f9569afe577ea212528597b3bd48d5c1fade93e1118e62ffd960e4854dc638661f14d3d2c8fd08dc724180dfbc31884d314e94a5d1c0754ef83817421a73a23e4516489bf2c984da0c940fe89b60ebdc18ffd73c1c7562b1c85c2a9a162df5d4457df8223613950f46b1f642422a189dc99e3a4eb7c7cd09bbad6e7f1e290a5da2320c41435103ea704ba107c898427f71f3efc11ea8b9f6d187deb4de10f9902648a65d47224e54671bbac2baabca6398ca19cd4cb6503e52af6a58f7ac2e0ae7a0cab51e7ee05feb24a560e494db4e2bb9a6de9435fe1e8", 0xdf, 0x7ff}, {&(0x7f00000006c0)="b4a464e36fcd81949698799de39564fa4001b7ea36c22b31cd594e0f33d69feb3888663f01fc5c9001757289cb6bdb5a40541fa1f642dc6b0988697f8bcbbf56632b4383394b6c6f5a2f12b4953a68243645089afad2f319f8afd49874bf06a5d315f05acb50faa6426823201a636b2abc8f8b50b160f171ef134ed9f74eb37167d4e2fd4ac125c4f9a6bc0fac7a4a7283ae37df6641070b72fcd4469aa0dc", 0x9f, 0x5}, {&(0x7f0000000780)="6d5d48c943a3551b3e1826ecd9e769efc7e90cea16e5e952f25d2472eddf703c7a73e7928fe7136ec9320716899827cf8bcfaecdb424849983b666ba0b953f76c32b9787b9f059a3ed10a76b3d68312cd7e489bb522ffe9cac2b93e9f0d870240d2db086482c2033ca1e8f82fd9cb0a7880caa0bda8fffefb1f03606f0395bd42c9e80e36b70e7e54437302e05b0ad9da12f8e111c352943c4b1e6eb556087ee1e241ac6bb2ac31d769c7c87253927", 0xaf, 0x211d}, {&(0x7f0000000840)="d2d397c4a07d554c21a66ddd23dd48b3dd6571d706d52fcc433c169e5669f8d4daa2067672d7884bed2be7db3616fc9db079ecc92c4757330d4e821f950e6c97b0af3d076d2e651f186dc0edcb6eb4c553eb2756d63232efd269707dc73a6da2a2e51971350ab808e895a024a3ab", 0x6e, 0x7}, {&(0x7f0000000640)="8dc13c1c89f56f4457c5", 0xa, 0x2}, {&(0x7f00000008c0)="3baa33d3f055ae6033665a52368765da319a1288694a9633c70dd5", 0x1b}], 0x10000, &(0x7f0000000a80)={[{'overlay\x00'}, {}, {'overlay\x00'}, {}, {'[{'}, {'overlay\x00'}, {'^:$'}], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@appraise='appraise'}, {@subj_role={'subj_role', 0x3d, 'overlay\x00'}}, {@subj_user={'subj_user', 0x3d, '\'+'}}, {@appraise='appraise'}, {@dont_measure='dont_measure'}, {@obj_type={'obj_type', 0x3d, '}'}}, {@uid_gt={'uid>', r2}}]}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:20 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) mknodat$null(0xffffffffffffff9c, &(0x7f00000000c0)='./bus/file0\x00', 0xc000, 0x103) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:20 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x11, 0x1, "7656dfd84b785fab45"}, &(0x7f0000000140), 0x1000) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 615.222979] overlayfs: failed to resolve './file1': -2 [ 615.243054] audit: type=1804 audit(1617134900.733:2620): pid=15396 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1205/bus" dev="sda1" ino=14315 res=1 [ 615.340773] overlayfs: filesystem on './bus' not supported as upperdir [ 615.394363] overlayfs: unrecognized mount option "0x0000000000000004" or missing value [ 615.404262] overlayfs: filesystem on './bus' not supported as upperdir 20:08:20 executing program 4: mkdir(&(0x7f0000000140)='./file1\x00', 0x14a) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mkdirat(r0, &(0x7f0000000080)='./bus/file0\x00', 0x45) [ 615.489630] vxfs: WRONG superblock magic 00000000 at 1 [ 615.514060] vxfs: WRONG superblock magic 00000000 at 8 [ 615.527598] vxfs: can't find superblock. 20:08:21 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:21 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$kcm(0x29, 0x2, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:21 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="7515def2d66469723d2e386252732c7702c63e9c5654156f726b6469723d2e2f66696c65312c723d2e41d11b129e88c14cadd061b77da68a042402e993050ecf8bd743c72488b643b4e738f33abd3f0000000000000000f70461881eeace03e5e2959d74a3a101a3eef08526a5aece483614bae60b06e8c54024b2dc1e68d333b7257eb53d7305cfc6"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:21 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) truncate(&(0x7f00000000c0)='./bus\x00', 0x7) lsetxattr$security_capability(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140)='security.capability\x00', &(0x7f0000000180)=@v2={0x2000000, [{0x6, 0x7}, {0x5b, 0x8}]}, 0x14, 0x1) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 615.564417] print_req_error: I/O error, dev loop1, sector 0 [ 615.570271] Buffer I/O error on dev loop1, logical block 0, async page read [ 615.577612] print_req_error: I/O error, dev loop1, sector 4 [ 615.583765] Buffer I/O error on dev loop1, logical block 2, async page read [ 615.591009] print_req_error: I/O error, dev loop1, sector 6 [ 615.597345] Buffer I/O error on dev loop1, logical block 3, async page read [ 615.658125] vxfs: WRONG superblock magic 00000000 at 1 [ 615.668875] vxfs: WRONG superblock magic 00000000 at 8 [ 615.688130] FAT-fs (loop2): bogus number of reserved sectors [ 615.692342] vxfs: can't find superblock. [ 615.712564] FAT-fs (loop2): Can't find a valid FAT filesystem [ 615.726554] overlayfs: unrecognized mount option "udir=.8bRs" or missing value [ 615.738545] print_req_error: I/O error, dev loop1, sector 0 [ 615.744819] Buffer I/O error on dev loop1, logical block 0, async page read [ 615.752105] print_req_error: I/O error, dev loop1, sector 4 20:08:21 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$kcm(0x29, 0x2, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 615.757999] Buffer I/O error on dev loop1, logical block 2, async page read [ 615.761970] overlayfs: filesystem on './bus' not supported as upperdir [ 615.765356] print_req_error: I/O error, dev loop1, sector 6 [ 615.778928] Buffer I/O error on dev loop1, logical block 3, async page read [ 615.788807] audit: type=1804 audit(1617134901.283:2621): pid=15444 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1061/file1/bus" dev="sda1" ino=15047 res=1 20:08:21 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRESOCT]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') lstat(&(0x7f00000006c0)='./file1\x00', &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000600)='./bus/file0\x00', &(0x7f0000000640)='overlay\x00', 0x30001, &(0x7f0000000780)={[{@xino_off='xino=off'}, {@workdir={'workdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@xino_auto='xino=auto'}, {@nfs_export_off='nfs_export=off'}, {@workdir={'workdir', 0x3d, './file0/../file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0/../file0'}}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfsroot={'smackfsroot', 0x3d, 'euid>'}}, {@euid_eq={'euid', 0x3d, r0}}, {@smackfshat={'smackfshat', 0x3d, 'euid'}}]}) lsetxattr$security_capability(&(0x7f00000000c0)='\x00', &(0x7f0000000100)='security.capability\x00', &(0x7f0000000140)=@v3={0x3000000, [{0x4, 0x7}, {0x9, 0x3}], 0xffffffffffffffff}, 0x18, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') fstat(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000003c0)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in=@empty}}, &(0x7f00000004c0)=0xe8) mount$overlay(0x0, &(0x7f0000000180)='./file1\x00', &(0x7f0000000240)='overlay\x00', 0x100000, &(0x7f0000000500)={[{@default_permissions='default_permissions'}, {@workdir={'workdir', 0x3d, './bus'}}, {@index_off='index=off'}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@obj_role={'obj_role', 0x3d, 'security.capability\x00'}}, {@euid_eq={'euid'}}, {@euid_gt={'euid>', r1}}, {@fowner_gt={'fowner>', r2}}, {@smackfsdef={'smackfsdef', 0x3d, ':'}}, {@dont_measure='dont_measure'}, {@uid_lt={'uid<'}}]}) [ 615.849884] overlayfs: unrecognized mount option "udir=.8bRs" or missing value [ 615.989267] overlayfs: unrecognized mount option "01777777777777777777777" or missing value [ 616.074474] audit: type=1804 audit(1617134901.573:2622): pid=15462 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1205/bus" dev="sda1" ino=14315 res=1 20:08:21 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x9, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) r3 = socket$packet(0x11, 0x2, 0x300) readahead(r3, 0x9, 0x7c7) listen(r3, 0x1) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r3, 0x0) ioctl$BTRFS_IOC_START_SYNC(r3, 0x80089418, &(0x7f0000000080)) 20:08:21 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lwerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:21 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7570706572646972002e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2ea5a32b5ceaca4a3752b5991b93960f3330d500f6b082f12f8d6bb7db41895108251bc94f9b55c753d63f4a40af608e59d160ba0adea43546e4ddebe6eb68b66c3a22574aac5ca1b90ddd0231e9ebe7fbed3c9a6e2cec5ae5b872e864f3c76c010d19a164c15f667ec63ea32147a7d8687a850759333975307314e757486694dded0a0ba0bb65873d9f347bab1ff70a"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:21 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) socket$kcm(0x29, 0x2, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:21 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x6) r0 = syz_mount_image$ubifs(&(0x7f00000000c0)='ubifs\x00', &(0x7f0000000100)='./bus\x00', 0x6, 0x1, &(0x7f0000000140)=[{&(0x7f0000000340)="95341882a3e6ab9ef8da315f4644e5fa79c2439fc85049ff826cfc5b8edc04289d768f1733fd9577cc39c801fc6b6419acdde799ea5e02e870fbbdf0f7cbd7e86fa83174a1710d52230c9e54072f115765cbe25ce65d9d0c9250a08153494c4bb629e1ee80d5ec53170ee4714e4179d9106ff25130dd634f97abf7fbc2fea3f9afefb1c5ad1faffc838e48c9adade54e802e910e6c5eb18adff7f90f5e6edb4962bc5e822729bef160fc8a2093115c0d54df7a889bdb63e147ccc602cdb4b855fea2e77d5ddf7437fd6d43986f66eb27cf3e58", 0xd3, 0x8}], 0x20000, &(0x7f0000000440)={[{@compr_none='compr=none'}, {@compr_none='compr=none'}], [{@obj_role={'obj_role', 0x3d, 'overlay\x00'}}, {@dont_measure='dont_measure'}, {@subj_type={'subj_type'}}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) truncate(&(0x7f0000000180)='./bus\x00', 0x1) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRES64=r1]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/4096, 0x1000}], 0x2, 0xad, 0x1000) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 616.110443] audit: type=1804 audit(1617134901.603:2623): pid=15463 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1205/bus" dev="sda1" ino=14315 res=1 [ 616.172824] overlayfs: unrecognized mount option "upperdir" or missing value [ 616.186542] audit: type=1804 audit(1617134901.673:2624): pid=15474 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1206/bus" dev="sda1" ino=14412 res=1 20:08:21 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 616.231300] overlayfs: unrecognized mount option "lwerdir=." or missing value [ 616.249019] overlayfs: unrecognized mount option "" or missing value [ 616.270966] overlayfs: unrecognized mount option "upperdir" or missing value [ 616.307000] overlayfs: unrecognized mount option "" or missing value [ 616.327725] overlayfs: unrecognized mount option "lwerdir=.C" or missing value [ 616.354201] audit: type=1804 audit(1617134901.693:2625): pid=15477 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1206/bus" dev="sda1" ino=14412 res=1 20:08:22 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) mknodat$loop(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x200, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mkdir(&(0x7f0000000100)='./bus\x00', 0x134) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:22 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000480)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000180)={{}, r2, 0x0, @inherit={0x58, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000000000020000000000e20009e1fffffffffffffe0f000000000000000000000000f4000200000000000000080000000000000007000000000000008100000000003000"]}, @subvolid=0x7}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000080)={{r0}, r2, 0x1c, @unused=[0x2, 0x7, 0x200, 0x7fffffff], @name="29a83f9c295584e6f06cc73d4da3abb2811373d9a1bf9e524ac2c70a4de1c9aca635c60983d36d98b037431e1e6ec800701e778a8eebd2a94d3058f29914efe953ee946fdf23a3e5bafd3197d07bf5e266cddebeb2ee5b3f21631e4d3017f49a67a7c24c152318328bb512600b3ca673f68bc8d950f7f37f9cc53b4efca62a898679f718c8e86328b58b1ced9f763438f512edf8dad6f6a8171469c8a53b62245b6f7ba7ad253cda7a9ec8a694f2f0a0aa2e2faf7f2477c3af65598ebc292d8327b3714c6f9b2fc1da280a5c97e59817b62cbc265a855e6c9e3eb3a8c18a980fef424a946ae587dd1bf3fb68dc345446ae046602024810769822bdd72555b57ee686ca1724e57dc85142e23c7d58eedb585ae75381fc9e5f4ba5f476da7ea0a47873ab825cd403b1cdbea26620a3d2399d3c6f4db88bd38f0ee46fe87d90df6a8b0a886947ac4726ff2c4d99521d2b7e98610f51d0ba6e62ae5f4066bd1a9a09f01113f730bbe98ba72557fb6e60a9dba35b5ea60933a2e286464b4789c9c5d022d0df0e147987e49ededc27e23c158aea41a19800f898a9494268ea723e478df7340959fc6eec821597ab49497c29207612fba116414d7dff50184ee030df6c3375c133e51ad3ac66f0e34ae6ad9fab9300566d2f018c59b04f543367035c8d2cfe33c56e3d68f07e53cd5b7b619b1e32ef7a763ee31b552363f19672382b18dc2baeb8cc622107d9b581d5227e1464e7191893b02dce5323c509d1d3ff7b5eefe4ff5a57b3ee2b3f9e6c666c31889a385641453fca95dbc584092bfed8c842578f24899c17074ae720368662f5fafa424acb40945c4a7898175f69ddf9835527d7fe39a754a15fce769c8d0968cd1b1c63eab4b7ce0d344d6e2fa4dd380d50116a65e27976cb521aca6469b551ca36ee995a6ef9e723d514f7d1763cd12669787eb080bca4dd53a77bda39656820ad5bd6f3bc4857ad0de533e5dc613d1690c7385f10c42f74d83312b0238a86a3d6f7fb4e122bd89a7072a13edff0103726258b191e55932a42e4cc3df3a99b3c519f19f60d9b64e58004e71c7297de86f78dae96289b7abd95f4eb09858963d9d6470cdb2edd4326d06d33433eff50023b185866872ee0eea87b2e22a0b76b16318aab0a59e0b5208d69f3462df1054078dd83eaab2bc6a7b0cfc0ede660531f7746be9226d2ad8e9f6ca5f75bdc1774e0810c61ef2612259bbb7b54dcc1ccd5dcb00e2b803546b4ed04c3ed770caa0c458ec8e54788ba7fdbf2f0d55047af71ab8c81b71d6d4d06d9368ab3e1fa95bc55417703a11a410e2201629123936850bfcb88cf813b2a068cb2e7e19753007110be6ecd237732e355323d2e533c0b19b9eb25df69446612fa1e7e593aed5056c6a6d60a638bb2bc394f4fc9211c069b2167c7231917ed3d74854db6b031f0293386a973f37c88e7fb18b03165eec0fefd0a894fad69e9f8bde60c39eab568cf0d4b0840c049b1ef8cc1507e2aec9ffb953c6ec59589bb3a9ff8cf6189a313f8422fbd71789748a69ee1364fc28f8c23736757f9288e461cca13c1575f1e8b6bfca2f5765e89f3b46855ee7b19daf07c5bfa99a0121cf4654861c44d27db3c2ac4c0af6983332471f48b702a59a89444459bcf0e24111e96455ffb1cd32810f2c93ab00a54357597edfa6d1015d7f490fe9f0cb798fe64b9a73961cb6f1d16bd7897c9c176d6dd8ad5034e75eb00201b8e74a92384f1846630c462e20c8c4a5b2b23510859df10b92cc483e70f8cb78745600045044bae88d13020c505f3436f149f1847dfbef540e4f05f861c18519d840a7965bb4b2996cc2efd8c93a30551c5366a9a13dddec22bcf9630c470593fc7089a1a6b99e321622e00306f3b23c52120568d1b29b4fe1e6c35c30a24e065985c26cb0cdd7cc9ab85fda9e6a01584b121fe8095a34cdc10b61c46e1c2f861b2087e2353a1afc4229b982d7b6add2c95b36120cef20b9de17684650493f16eb570ca09493953b2dbe8d29e1b5ee90d22c8867a39eab9ce66054ce17c2648873887ccd7dd01c3150493f1c9ec2d4bd5110b01fbddab230074228d3d8c3bf2f26e86c249f7bd8bcb8e99f0c581950d66a95659f1ac3f715f582099b32abbfdf5e8acdb6e76a6e5eaf0b67765e2a4480cc9bc64a25f4559d18934c143586d43023b9d6f99830ac581f3ccd2f6da1c89625cf3d79ddcee2e7fc9095d51c99ebdbf3deb15d3de7af0d9e0a928d11d15c720e59e13fda61e561c70b1f7224d75d7442de8446fa4086629836c22e5f4fb4d14ec41cf194795c478e15cb76397a79e138f3a70acea7e9c0ac21df006fc499205adbb483f6c04913b867219c3191a6572690379f6aa8a2cab96b1d80d08188c349e72e143a092dff2931238952da8825d7579c2af09800684e1275dac000792442a2efe2a60d0b62b6af20e0ba4ddaaa6d0aaab1318d2106c623970b519c966b6b31ef0457d1b2e8056ffc3496e16da520279647e03cad6b6bf543c6cdc3aadc73099b72fa4eb3dd3e45ec78d3cd73447acd574fda0c4ff000aebff31616f2bbc99045ee66f61949a854141bdf7fb3817d606175c8f61545e432cec69dd14fae8e38ef36fb3ef341d9e6491375dd49d0d80e6e3174955a6274d9076fd1590e5ece44530242e99494a19e3f33ffe4698d21e66a68b64712b90a7dee84a079df86449f9d5848ac840c7d9594db47756895a0e47d5b4d85026f36a87a389ff3ce08693bf9194205e894b17cc74e332e97e2490c43ded201d5c8b7791bb1f35432c337e73fa5753565c173bfe6e3e6ff869444ca95251cc1095d8c70320897581093f5a31cb7a062470f2e3e69e75480b371b267d27397fd1ce0969299ddea85823fc1b88f49d69bd983cbc0c36b99324c2e64efc70943168004166d628b4ba87ac4553aed152a8c4c4732398298c6c53629a425c4e56a3fb2c23347507c3530462e26e30f7c39c00c1ad7fdddf1625db0ae395befd691599d925d415c973dca6e166c9e488425ca226305b0fd4ce6a5993208954dfb32ef31b3c16ebdace5c87a9f5c5f503827992f0f59a042fb2e9c55c36505eccb4ff7ba12171022a6aca3f766ef821457cd22f6d96a561a9f0ffd6810d6ed82f359d86870cb839b269de80fd6a6560de8582e4953de72ff553c6d456bb6eef20e4d6ef601e342b056a8801fd16ff95e8be565e4c1c4be1c639a4dbf47242d428750433cf06a3bbf4a78dd440d68d08c1c8cc5fc3611ba1becb862ab59876de38fd1d70427a6419b836c02568ed144c27d165e7936b3475e1cc91642e7df0fec1ea24b93027ad944e4255d20a15b832a2cc72d27b8322f7be76d92d57645bd2affb8e72b78002bc49bc50d3a23a7c4ceda155536cbd839ca3054b10ee8e3b3de229075ba3311b5b40363d96152c25e83b4e15c38ea07e58a9d1c9949f80fbdc5292e4cef13421876e0dc6e3ae3fc443cd7fa334983f85033a883f674cf654dc388ed27856bb271b5fbe81e4c266539efc5dcfe7d1a1f0ac79b0b077521bd00bec42f7ae753c1cd079fcf0bf389fb54474aaac17b7397781e07dc1115b0b5ed549c10f7c52b6a3ef6ac67685628831d36948d48d7ee6d2189e26900bf8d19bcbf5e1e628ea3bf3d7c0f40fb35e330c70368b5479877d79d257272f2a6ab596669ef4e1fbc05b6e55ff574e9ba389afbc78c80e94ab130d4b09974e8ded3193e06c219d40dbe4adc0d666cefd2a72ed4f7018b827af738c3875dde113b9f137ece11f095595d394ab505d8df856413c0d8f8aedcbcfc6ca44e7ad8a9f305888743ede4a41e6c215861bfcd52c770db1f3a0ee93a57c7011019d94e8d0c643fdc2ade3187c596c554e77162f20ce16dbdd1f9430f9a8b2cafbeaca1714054bba32522a50eb24e88cca7ad5385a6c1811d48e66d5e7a310414c8262c14cf588fe82f874254e38293ca2ecaabc377f542da3521bf07c13f7184ce0699cf792d160600906cf5b9a372084827da78d765e31795078c57b66d26ae82a87c8666fcc232c540c7bb498bca87e3de0292d406a4a7f25f5532e170c3c358fa433420de65dd8317dfbde9b4fcf02f2976b8e647b3954a9398061a1f7856b8c5d918396a051254d8d88fba2138d456f36034901cd3e5fbe46079dc0ca497578e2c2bb75463ffef7b4431ef27c5a19873d7f94b5e98b2b41b0b0c5c509bad4fcf5292c90d2e060ee2e604a267e2c5bbdee678b0b4390eb640237853add09f854c2271eaf0a54bd0626f0d42bc30d0b3128602c412b33f58168edde8ba341359b446ad8da68f563667334c61cc597b05949466f8cbacccc019ba8be8dbe2c762b2b12092ed4306532249347373a12770b614e5e5ee6705cbdd9eea1fc8ae39a3433f4faa8466a1ebc48273bb882a2e3e41a460106251097d7012332ee0f3e88fcfef185399f3f93403472a5e4bafba7fb052995ca3fbac621050b79c56d686e2883a2645fff462f358f616b9c95cf46609b11efb7a21187b1a10710781be6e56c9e606dff9734dd54a041c7f82f1f48cdc67d66442502b8c60649ef3200c864b0d5cb6dc648caf74cdff08ca972ca903bcbf3539f7d225078a75610beb3b6a2399e01207d4230720a6d58cc59ce895956e1ba7d5feb17e348f4f2bf9af607f5b8bbc79184caa072d4cbaad4a1a1295c317170e1e58b5b9651fa18b1372dc6344442190db38a7d7ab01a18022be30ca48d5a4ce0200ab250f9621e3bf90236fd41237654aa1818c3870ec4128989555d6f6d8d6113b91af8849230cb4bface2546a6673c8a05a7080cfd4f5c5b2bb22b33b93571d9664292af30b1869cfd07db1198fdbc672ba0c4ccf061a5b1e5f2eaebd01018c3917997a8fb0bc73d077df9cd290280bbdacf66932c569fcd219a23c596cba1d749165ad2a7ce59d33565afed00098a4ca1fd3435c1e4e43e0102bafb1c642fe8009c7330cd4092842fde56eecd4e89f4f0a36fde01a2f8234bf925d83ce802eebba1eeb8120b1997a244013b189c30c49fea0e978c13e53cf50f8e3338507d7b10f5e22284906fdd5b7626525b9d00b4c6ec49c5b2453f2f64898422abce24504375e17ce7a052df34dc6166b478fbea74c8b976e93749ff070d6825a14fb780de0d992b74ed50b5cabff0a2da4567c9081d816bb9594c90e2aa286e8c16f4f756d1a9a4b4bcdd1a88a1dd5645c264450acb74b64277e9c0af74123d5ff65ba2d7875d9dba915e30947f271de0cab95f2daf36dfcf37c44ae0ea6214132a08a5cc72a767b75e44af0baa9621b61b044017dd578e454cb313cfdd60b51695d4ca06681e3a403ba952a6702b3e9e81c32f2f30d2039238dd2753753ef2ffbc052b05775510e5121b13093165c439aae89a2298f68ffad90448b7eb11c8b97ee155c758b015e07b45e50459c064fea617c5450741c112113ae2a7ecb2f145af3c7ed61665f01bc303f3e606c22324cb4b6780b5804ed5b4f921688d32422131d8e7025710ad68a9d13f07fdc624ed33d4812150e165d5498ef1df27f16212bc2bf3249f6f7b846a907a5617ee6b889ac97e74d081c3bcb6e7c1272c2e37a326e26ef75ac5d7d57e70ebf7acb536b3b4a174ba9a0e6c62cd1be886f2ef94aa41dd73792634c80f9a82be180631087c50b40d4dd57ea4b714ba6f6136dd4f5727f56b83a98d8740cbe9b01baa"}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000578000/0x1000)=nil, 0x1000, 0x100000b, 0x30, r0, 0x85c77000) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:08:22 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000280)={0x2, 0x1000}, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) bind$packet(r0, &(0x7f00000000c0)={0x11, 0x15, 0x0, 0x1, 0x3}, 0x14) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lstat(&(0x7f0000000480)='./bus/file0\x00', &(0x7f0000000400)) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f62756c00000000000000723d2e2f66696c65312c6c6f7765726469723d2ed84033cfbc14c9ee8fff2889162c4457cd787f29932d00cf4244888e97210be570c02836152cb37642528e593da430173838c7a7fcb46f8589a9c0915726fa290c0b232f337e809cc1c65dd303f0a3ddcfb3874ed7698d633cbfa40d5576c18c3abf"]) chdir(&(0x7f00000001c0)='./bus\x00') write(r0, &(0x7f0000000340)="fa6bfdcf66453b0bebb44c5454ba3720f32596762168ba4c8f2eccce5cf626991d78a648a5c09c2767dc683e45448422e881fcfd6a02f62397e71c7e5f3ea7f6a01eab9890d002118de9015555712b12a90c1f458f17405d3cc0565a433407783ad6c893d292a1044dea37541651784c5910ff4afc0770bc37cf138edd807084dd65c6815719df9b5099a6bf6ee8fd", 0x8f) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000240)=@req3={0x10000, 0x0, 0x7, 0x4, 0x7ff, 0x95, 0xb439}, 0x1c) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:22 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="726480723d2e2f6275732c776f2c6c6f7765726458723d3ec27c708987cbaf22a670b6a0b4c2c8813b43a57383b6191f41b6c5e20932c33828fa43fcb94e4392d456471f8d90d8a7d8cb5905953792490ea9aa72a7f66d5fc1f4fc251499b6b2632003175afe33a2ddb94a38d960475ecfeda81b376f9773571c49c4b3e283063052bbe6d899a1e98fca4857ec0add05f027aea708198af58a69c171a9d479a0d62da7cc74f02966d44bedfaaea30b3d6ec23d7b0aeb2e294953e05d168444b8f250251da8"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) mkdir(&(0x7f0000000100)='./bus/file1\x00', 0x94663e1c5bac20ad) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:22 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x400000000001, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:22 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) [ 616.545574] audit: type=1804 audit(1617134902.043:2626): pid=15510 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1207/bus" dev="sda1" ino=15050 res=1 [ 616.595476] FAT-fs (loop2): bogus number of reserved sectors [ 616.621254] overlayfs: unrecognized mount option "rdr=./bus" or missing value [ 616.621289] overlayfs: missing 'lowerdir' [ 616.637567] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:22 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x400000000001, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 616.666060] overlayfs: filesystem on './bus' not supported as upperdir [ 616.695349] overlayfs: unrecognized mount option "rdr=./bus" or missing value 20:08:22 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') syz_mount_image$qnx4(&(0x7f00000000c0)='qnx4\x00', &(0x7f0000000100)='./bus/file0\x00', 0x401, 0x1, &(0x7f0000000140)=[{&(0x7f0000000340)="ee60bcf3d23d5946cf62d294826ce71ad2f9b5214777c89a903f5fb112e354cf26728584450173aa6f0ef66e31f3e7492f81f8e5178e591c62bc0a8cd9c2c59cbd174721d85dacbc9685585553b74014f4dee48aad73b2897c02455aefbf63464d7fce47f6752b9c4fd8db902ef5fdbf240412826c62b6d83374a0dc4147bbf3fee28a1cda06a9db92c92b4bb91ef3615df3b46638ab1ecbc7c2e1429a4e8e7a369ce572cbeec1ae25b758237367a5a1d586a6359786214d581a5c49214e2cef296d613385306f996fb03624daaac9", 0xcf, 0x7}], 0x20400, &(0x7f0000000180)={[{'))%'}, {}, {'\\##'}, {'overlay\x00'}, {'G'}], [{@audit='audit'}]}) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 616.728155] overlayfs: missing 'lowerdir' 20:08:22 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file1\x00', 0x0, 0x10}, 0x10) mkdir(&(0x7f00000002c0)='./file1\x00', 0x89) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000340)={{{@in=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@private0}}, &(0x7f0000000240)=0xe8) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='overlay\x00', 0x1408, &(0x7f0000000440)={[{@xino_on='xino=on'}], [{@hash='hash'}, {@appraise='appraise'}, {@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@euid_gt={'euid>', r0}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x63, 0x30, 0x63, 0x39, 0x66, 0x30, 0x63], 0x2d, [0x39, 0x65, 0x31, 0xa298bec57e3c2d8b], 0x2d, [0x63, 0x33, 0x32, 0x64], 0x2d, [0x32, 0x63, 0x33, 0x3e], 0x2d, [0x66, 0x9, 0x62, 0x35, 0x64, 0x35, 0x39, 0x39]}}}, {@subj_user={'subj_user'}}, {@fsmagic={'fsmagic', 0x3d, 0x80}}]}) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:22 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000100)='./file1\x00') 20:08:22 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x400000000001, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 616.942432] overlayfs: filesystem on './bus' not supported as upperdir [ 616.945988] overlayfs: filesystem on './bus' not supported as upperdir 20:08:22 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000100)='./bus\x00', 0x0) write$P9_RREADLINK(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e7553"], 0xe) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi2=./fIle!,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) open(&(0x7f0000000140)='./bus/file0\x00', 0x0, 0x18) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 617.007090] print_req_error: I/O error, dev loop5, sector 0 [ 617.020190] overlayfs: filesystem on './bus' not supported as upperdir [ 617.126460] overlayfs: unrecognized mount option "workdi2=./fIle!" or missing value [ 617.153721] overlayfs: unrecognized mount option "workdi2=./fIle!" or missing value 20:08:22 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:22 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:22 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) recvfrom$inet6(r0, &(0x7f0000000080)=""/4096, 0x1000, 0x1040, &(0x7f0000001080)={0xa, 0x4e20, 0x401, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x199}, 0x1c) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:08:22 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:22 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./file1\x00', 0x0, 0x0, 0xd, 0x6) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:22 executing program 1: syz_mount_image$squashfs(&(0x7f0000000000)='squashfs\x00', &(0x7f0000000100)='./file0\x00', 0x20000000000001f8, 0x1, &(0x7f0000000080)=[{&(0x7f0000010000)="6873717307000000911d675f004000000100000003000e00e0000200040000001201000000000000f801000000000000ac01000000000000e0010000000000007f000000000000001f0100000000000076010000000000009a010000000000001a73797a6b616c6c6572203a200020438c01200000009820002838001100009e001d0200ed0100000100911d675f40012b0100644c002a7d00032d6e001a040f000300ff277c005901006d08264c00000e2f746d702f73797a2d696d61676567656e3431393737363339322f66696c6530b5000129750102c40b7d00294d00074d0009297d000529f5010a2da402e6177e04bc002add00065d0160de0328232cdc006d0dff410000291f000100c027ed0007dc04651f545d1a085c001100004800130100a100034d00204c00090200040066696c65304000015002b2013104d404f7050200088003032e636f6c647e590201f9069e4001ec080131d60005273100322a3100331100000b00136000a1001fdc0011000069010000000000001a001200c1007edd0020dd0040dd009edd00d6de001201bc001100007e0100000000000008805cf90100535f0100a2010000000000001b001e00000600786174747231060000c401274d0032274d00321100000d001200c100024d00244c00110000b4010000000000000100000000000000d101", 0x1f2}], 0x0, &(0x7f0000000040)=ANY=[]) statfs(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000180)=""/97) r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) syz_mount_image$ext4(&(0x7f0000000340)='ext2\x00', &(0x7f0000000380)='./file1\x00', 0x0, 0x1, &(0x7f00000004c0)=[{&(0x7f00000003c0)="1c2f8ed90b3923c5975b8fd17a2f6daf131829d38c380acae3d1e5372eb8f99a02c3a99a63204a34442005ecfe9a7e1e144897e9994b7cc25e6d911f511e85deecaf224fc28060371c8b217d16dab56fa521ce9bf7ff8db0a161fe1354d36de91d425445e8f7400355b5ff59a1d7ae4062403232e54adc7ac534a9ff606018919ec7d5fb242d017b54349c3bab8df239b1bc5f5b4d49d2ca538335cc6336a25a2c7a7025a113dc8e344205b6645153d9bade7fecda76c03492bfefae2f08dfd376509d13b81130390f355df7e5ec46c07e76ba", 0xd3, 0x6b}], 0x88010, &(0x7f0000000540)={[{@nodelalloc='nodelalloc'}, {@barrier='barrier'}, {@orlov='orlov'}, {@sysvgroups='sysvgroups'}, {@noquota='noquota'}], [{@measure='measure'}, {@obj_type={'obj_type', 0x3d, 'squashfs\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x3}}, {@measure='measure'}, {@smackfsdef={'smackfsdef'}}]}) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount(&(0x7f0000000100)=@filename='./file1\x00', &(0x7f0000000140)='./bus/file0\x00', &(0x7f0000000180)='aufs\x00', 0x20580ac, &(0x7f0000000240)='overlay\x00') mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 617.431819] FAT-fs (loop2): bogus number of reserved sectors [ 617.452912] FAT-fs (loop2): Can't find a valid FAT filesystem [ 617.466702] overlayfs: failed to resolve './file1': -2 [ 617.508822] overlayfs: failed to resolve './file1': -2 20:08:23 executing program 5: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x1c6) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000180)='overlay\x00', 0x2020048, &(0x7f0000000240)={[{@index_off='index=off'}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@audit='audit'}]}) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:23 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 617.613632] overlayfs: filesystem on './bus' not supported as upperdir [ 617.644607] overlayfs: filesystem on './bus' not supported as upperdir 20:08:23 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') listxattr(&(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000340)=""/163, 0xa3) 20:08:23 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') stat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRESHEX, @ANYBLOB="5ea037e68fd15d52e1a8e9fc6a138bc3a9d164485b8f1858c75a456742e88402001f957c961d6b86150ca1ced6f27ce0a7073edfdc832dc298c32296a75173f9b552f8d46013091168864e6f631434735dde03f44f7c8519398daf2bdcb43b2af18dc4a50f73a51b584c09125ca19206b61c0a7724acfe36bd9ef8651fa8be1c5e508d764488ac22658baee4ee18a22d3622a1171bed847ee17eb7f87d5ad0f0da6c526aee55f418c154f9491fc70967d87e740a8903e4cfa88ab417abafd8178076"], 0x8c, 0x2) mount$fuseblk(&(0x7f00000000c0)='/dev/loop0\x00', &(0x7f0000000100)='./file1\x00', &(0x7f0000000140)='fuseblk\x00', 0x100400, &(0x7f0000000340)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions='default_permissions'}, {@max_read={'max_read', 0x3d, 0x3}}], [{@hash='hash'}]}}) open(&(0x7f0000000040)='./file1\x00', 0x0, 0x11a) unlink(&(0x7f0000000200)='./bus/file0\x00') creat(&(0x7f0000000240)='./bus/file0\x00', 0x68) open(&(0x7f0000000440)='./bus\x00', 0x56440, 0x21) 20:08:23 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) mkdir(&(0x7f0000000140)='./file1\x00', 0x41) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) umount2(&(0x7f0000000180)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x800, &(0x7f0000000100)=ANY=[@ANYRESHEX=r0]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') open(&(0x7f00000000c0)='./bus\x00', 0x4000, 0x2d) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:23 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) umount2(&(0x7f00000000c0)='./file1\x00', 0x4) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 617.971251] overlayfs: unrecognized mount option "0x0000000000000003" or missing value [ 617.973073] overlayfs: filesystem on './bus' not supported as upperdir [ 617.986787] overlayfs: filesystem on './bus' not supported as upperdir [ 618.038268] overlayfs: unrecognized mount option "0x0000000000000003" or missing value 20:08:23 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:23 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:23 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) write(r0, &(0x7f0000000080)="f64527e968057a4cff1370f1e06d6422c0c49af503da399a39acea0df3554d69640f951b9d8992e3b09e115737b0d1af0e1e7d78f95fd257856b35808254c68359b282e6a87695cad9120be690fb92ed215b2b65684174be1f70470bdef67a3260952f42113e", 0x66) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:08:23 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='./bus/file0\x00', 0x0, 0x102) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="7570706572646972726b6469723d2e2f66956469723d2e8e9a90ca1bd86ba2a2dd76bb614414ce3cf85e5320e75ef0976b9bacbd530cd91ce5dbe457730d35ca05d9a36782ffc53782ac40191270d9eb07fc640d5436903907f05df7cd6b33b6771009000eebd81ccabb412a1c08659af611476fbfc580769d4e783899973c514de5b920955665bb586478e6d3260128e5d06440244b3dbe65756bf76236af94072034694345d640ed06d82e06b7aceee3d16a7a4c31c5fe6f5ce999e86e79b12d82fd85bccf1cf84cae973bfd1f771d3f567d19a280fe49faa85380998f88934e538e2f9dc9e1bfb1814c72fa7295f4e86213dbc217ae52b7e6c0248440773e776557df18cd24eb4dcd42e59ef8c6f799856384c2d12bf4b274d24b33bf433ceb0b767df47496fa624f6c"]) acct(0x0) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mkdir(&(0x7f0000000100)='./bus/file0\x00', 0x34) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) open(&(0x7f0000000140)='./file1\x00', 0x220000, 0x40) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800000, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:23 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) stat(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:23 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lstat(&(0x7f0000000140)='./bus/file0\x00', &(0x7f0000000180)) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) creat(&(0x7f00000000c0)='./file1\x00', 0x0) chdir(&(0x7f0000000100)='./bus/file0\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:23 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 618.331358] FAT-fs (loop2): bogus number of reserved sectors [ 618.346143] FAT-fs (loop2): Can't find a valid FAT filesystem [ 618.432861] overlayfs: unrecognized mount option "upperdirrkdir=./fdir=.kvaD<^S ^kS Ws5٣g7@pdT69]k3w " or missing value [ 618.484612] overlayfs: filesystem on './bus' not supported as upperdir 20:08:24 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat(r0, &(0x7f00000000c0)='./bus\x00', 0x88000, 0x94) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:24 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="ff707065736469723d34a8d16638b9baf00baf2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2e0a2f24af34a2bbb7e300"/70]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000100)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:24 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="75707065726469722e2f6275732c776f726b643ea86f1646d53313192e2f66686c65312c6c6f7765726469723d2e3442d300c290d1ef97aad2654c4ac238d04bd8e2b771df79c0acfa6cf7599e0181ed74fe000000000000000000000000000000b3218c47abf32feeda203be63253f5d4201e48f49f53ac214d747db0db62a55bd2b45426501f55eadc5ea8fbb13691788532f286ff326372da7fcfe2de21f6c2721aa31fbc73d27abec4e2fda8afc3416fc7e4470994aac3a9be96b02f8a5ac2bfb64ec40dbff9ee7917e84834bdbae92ff88d93275abecfa7f1d74758a5765e36222034ca68600ff7149ff479241b9a198505ccea910e061831fa45865753d7eec7df1c5c37066cb516c0b0d1efbd00b78d345d326a8fbb81863bdc6ff5f7d85fd19f1c945691a650be8b51ac5afcaebd8d2333a7f5d27a145e1bc77207c71b62183fc0"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') mkdir(&(0x7f00000000c0)='./file1\x00', 0x8) mkdir(&(0x7f0000000240)='./file1\x00', 0x11a) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x0, 0x0) statx(r0, &(0x7f0000000180)='./file1\x00', 0x4800, 0x400, &(0x7f0000000340)) [ 618.543732] overlayfs: unrecognized mount option "upperdirrkdir=./fdir=.kvaD<^S ^kS Ws5٣g7@pdT69]k3w " or missing value 20:08:24 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 618.663532] overlayfs: unrecognized mount option "ppesdir=4f8 ./bus" or missing value [ 618.705934] overlayfs: unrecognized mount option "upperdir./bus" or missing value [ 618.743912] overlayfs: unrecognized mount option "ppesdir=4f8 ./bus" or missing value 20:08:24 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 618.763458] overlayfs: failed to resolve '.C': -2 [ 618.782821] overlayfs: unrecognized mount option "upperdir./bus" or missing value [ 618.832434] overlayfs: failed to resolve './bus': -2 20:08:24 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:24 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000140)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75727065726469723d2e2f6275732c776f726b6469723d2e2f66c8325e652b80696c65312c6c6f7765"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000040)='./file1\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 619.184261] FAT-fs (loop2): bogus number of reserved sectors [ 619.190020] overlayfs: unrecognized mount option "urperdir=./bus" or missing value [ 619.194466] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:24 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) lseek(r2, 0xffffffffffffffff, 0x2) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:08:24 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000100)='./bus\x00') 20:08:24 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f0000000100)='./bus/file0\x00', 0x2, 0x8, &(0x7f0000000840)=[{&(0x7f0000000340)="c22bdbc0510d1fcfd3ed689e5be6caebefd2464938600207149a0c1a515d5d9d21b1b7c199fda41fd9db001a8b4b5306deed71dfdebd1e0008194d1439760611889d1c89e11f41c96b48cdf205258c3c79a824f6f7226a84f5374cf8d0bfec852902c3f971840750348dcb750dd19fbcefcf6a87cbf09494f8ff7116295099ad87bdd73af673b21075712cf302fae91deaebd3dac473adfa588ab8cac8baeaed37d1db4181b2a308112c2e9935ec1f7a765e8501", 0xb4, 0x8}, {&(0x7f0000000400)="04278c7543ab9adb2932f944f65fc5357e8c0adc6b1b0f4c39151a9a8bc2a529cedaec98f36a4cea13a29387666ce511563bab3f26580470953c07220dc482a7924eb5a53720f506dbfa94096304b4eec1f483d5ffe4b90dbdc9656262e23659f6df00945e4b4ccbebade19d6af60f8f7e5aeeb6a5f30ac19fa07493b1d3fb6848c57e7a41e0ff29581132b2f320276242b48d23275ffc1bcd6543c59d9b209cf343257a7619d7511fa72eb4e2092729d3f703235e60a9d2a5d8937acac34e30eb3181a41a7ab3b1682f7bb3d604c0e3b820bdfa5c564554876980cd75d02cc0f100c2f3d89701d41c0e812d", 0xec, 0x3}, {&(0x7f0000000140)="78b99428a822992728013f334d63649e4d2e728bfe7a7b836d09031c4eb9efb99a7c5b", 0x23, 0x48}, {&(0x7f0000000180)="a552dbc411482131d0fc0b05d79b424fda8600457c5474f187c683978a60c53e842dea923ce6", 0x26, 0x800}, {&(0x7f0000000500)="52a5db3943871f4c7e10ce4e025c25c51cf4aedb27ce99723b17b578da675a904419ecf0d1e9f3d45f0fcea7caa3d5c37500757c1ac9ee79f22aa39dc71c96c73f920e8d603389c989ea1fad06a5689bc8be77d16841e5533abd6ddb8413988b03bef8da0e1169495f21897faa35c87d16417a3155a04410186a6ba37cb354a5c368bb3684878308ec938f254d7bbcef51d51d2e26cf82fa73cf35a7ab4938be9d1ec5178cff6c80bbf7cb3f790622cd764ae90bdea8a2bc58221aa6a1785c8e0aa95a34045a3cfddd12", 0xca, 0x4}, {&(0x7f0000000600)="3378098866213a32178b94629ac18e111aa84cc5e1fb34f50b946fb8003025fb19a241eb32b4254f32097926a09b8cf4d7ba1a090cb344fc19ee12b1819b1ab756cc67af8632ba27a843c792f8bbeafb9b80b9b793e9a9be752dcf13652900ba12f4d988c4543fbe72b1612f3110bbd5cc3b20bb", 0x74, 0x7fffffff}, {&(0x7f00000006c0)="e1186fd1e1c33298537fd064e5b4b769aa1c8a89b2fba667269e60f886d23de6f6cfe4f99df86e6c5cb6144bce6b1c152cd80d959c69e7fb944ed2b70be0362d864f0d0b2d39b1c567823145a4c2d8419ce4529389aa514e2e7f164034796c48e4595b9161eb91031843d2da9ffaf35c104af74a42ec2e3d084b8efdfaad216b3babbff5dadcd91fd5f0af4542441ee51c26ec2c533504e5bd678eba800b61d86aee4e031a6b3f9d79fc08111a169d4e2a813e470cc5b9a4c7dccd72cc30a128dfcfd9583c5868377f3e427694727fba84b8697145", 0xd5, 0x7}, {&(0x7f00000007c0)="58cd13aedde2904d7645ca00b41b79bb8032a7aea878da40123956dc3945c685f549ec8ff64e3f03b6ce5da1b73982aacbfdae91a033bd4b0b244a52e4d1909eb2e710dd2fc61139", 0x48, 0x6}], 0x310000, &(0x7f0000000900)={[{'overlay\x00'}, {'overlay\x00'}, {'##/-]]'}, {'(%#%{${\']'}, {'('}, {}, {'overlay\x00'}, {'overlay\x00'}], [{@appraise='appraise'}, {@obj_user={'obj_user', 0x3d, '[\x97+@[%#'}}, {@euid_lt={'euid<', 0xee01}}, {@pcr={'pcr', 0x3d, 0x34}}, {@hash='hash'}, {@func={'func', 0x3d, 'FILE_MMAP'}}]}) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707865726469723d2e2f6275732c776f72141aa76aab1e34f46b6469723d2e2f66696c65312c6c6f"]) lsetxattr$security_capability(&(0x7f0000000240)='./file1\x00', &(0x7f00000009c0)='security.capability\x00', &(0x7f0000000a00)=@v2={0x2000000, [{0x4, 0x1000}, {0x3, 0x6e}]}, 0x14, 0x1) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:24 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) lsetxattr$security_capability(&(0x7f0000000340)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:24 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) umount2(&(0x7f0000000240)='./bus/file0\x00', 0x1) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') read$FUSE(r0, &(0x7f00000006c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$ntfs(&(0x7f0000000100)='ntfs\x00', &(0x7f0000000140)='./file1\x00', 0x6, 0x2, &(0x7f0000000180)=[{&(0x7f0000000340)="f89719a16aa3433831028014cf15f60f34efa6e10f79ebe931c90aa9f5e15a4161beecdf90c56db5ab738ef755c6535c307ec9441204dab49911f44053754f6dbe137a16d2b85e6435cabfb2f98a09756acc4913e1d1fe944f1109037ef21ceee98b18be20afa8aeef1812187aeee92fab3e6b209727836e", 0x78, 0x2}, {0xfffffffffffffffc, 0x0, 0x1}], 0x100000, &(0x7f0000002700)={[{@show_sys_files_yes='show_sys_files=yes'}, {@gid={'gid', 0x3d, r1}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x3}}, {@dmask={'dmask', 0x3d, 0x6}}, {@fmask={'fmask'}}, {@case_sensitive_yes='case_sensitive=yes'}, {@disable_sparse_yes='disable_sparse=yes'}, {@show_sys_files_no='show_sys_files=no'}], [{@seclabel='seclabel'}, {@subj_role={'subj_role', 0x3d, 'overlay\x00'}}, {@appraise='appraise'}, {@obj_role={'obj_role', 0x3d, 'overlay\x00'}}, {@obj_type={'obj_type', 0x3d, '\'^'}}, {@context={'context', 0x3d, 'unconfined_u'}}, {@pcr={'pcr', 0x3d, 0x2}}, {@fscontext={'fscontext', 0x3d, 'user_u'}}]}) 20:08:24 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00', 0x101001, 0x4) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:25 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) mount(&(0x7f00000000c0)=@md0='/dev/md0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='exfat\x00', 0x2040041, &(0x7f0000000180)='overlay\x00') chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 619.424524] overlayfs: unrecognized mount option "upxerdir=./bus" or missing value [ 619.442804] overlayfs: filesystem on './bus' not supported as upperdir [ 619.446605] overlayfs: filesystem on './bus' not supported as upperdir 20:08:25 executing program 1: ioctl$BTRFS_IOC_SPACE_INFO(0xffffffffffffffff, 0xc0109414, &(0x7f00000006c0)={0x8e6, 0x101, [[], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], []]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75c670657264698f33baca776f726b6469723d2e2f44696c65312c6c6f77"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 619.517978] overlayfs: unrecognized mount option "upxerdir=./bus" or missing value 20:08:25 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x1b) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:25 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 619.684718] overlayfs: unrecognized mount option "uperdi3workdir=./Dile1" or missing value [ 619.708966] overlayfs: filesystem on './bus' not supported as upperdir [ 619.757816] overlayfs: unrecognized mount option "uperdi3workdir=./Dile1" or missing value [ 619.760287] overlayfs: filesystem on './bus' not supported as upperdir 20:08:25 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:25 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="757070657cffff723d2e2f6275732c776f8f6b66696c65312c6c6f7765726451723d2eb6e4c884cd188f0e26662eeecfd00fd380fa41d6c78c343f3496348022c4e43f2ee9f72b36798784902985f0cca3de0b91433d60392f8dbf33f9f6d932ef84e9ccb0eb3f8022dc8843b6d29fd903cda3b03f582a06f68f8cde3718288f3f7542a51a2b3982c598138557788232dd000000000000000000000000000000000000000cac9e2a8af498698fc3fcae4913b5ec6d99fd0a56c3b874121df5690ef1111991c3fc3e152e8ee16fe3e781feae59ee74d55f0be38b767346e6d46ed318ad74d48f3e7a5be515af31a40a18fe8dca3983f529c8edb2936eec00d7f20110116107fb89977dd8055c53d42afb17c4755124432f39882e92776609e159a00959f817202f746d5d1db303b07eed8672605679f4aea11bf92d4bd6bde2c28b2d850ae22c3dc343d7f31bf0"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000140)={0x4}) chdir(&(0x7f00000001c0)='./bus\x00') rename(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='./file1\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000180)=0x0) ioctl$BTRFS_IOC_RM_DEV_V2(r0, 0x5000943a, &(0x7f00000006c0)={{r1}, r2, 0x8, @unused=[0x6, 0x2, 0x3ff, 0xf4], @subvolid=0x2}) [ 620.048447] overlayfs: unrecognized mount option "uppe|r=./bus" or missing value [ 620.059834] FAT-fs (loop2): bogus number of reserved sectors [ 620.067202] FAT-fs (loop2): Can't find a valid FAT filesystem [ 620.076896] overlayfs: unrecognized mount option "uppe|r=./bus" or missing value [ 620.097562] kauditd_printk_skb: 14 callbacks suppressed [ 620.097571] audit: type=1804 audit(1617134905.593:2641): pid=15773 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1066/file1/bus" dev="sda1" ino=14415 res=1 20:08:25 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) ioctl$BTRFS_IOC_FS_INFO(r1, 0x8400941f, &(0x7f0000000080)) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) [ 620.165644] audit: type=1804 audit(1617134905.663:2642): pid=15780 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1210/bus" dev="sda1" ino=15026 res=1 20:08:25 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:25 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x40, &(0x7f0000000100)=ANY=[@ANYRES16=r0]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:25 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="7581000000000000002e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2e"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:25 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus/file0\x00', &(0x7f0000000080)='overlay\x00', 0x100000, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi,lowereir=.\x00\x00\x00\x00\x00\x00\x00\x00\x00']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') chdir(&(0x7f0000000040)='./bus/file0\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 620.267542] overlayfs: unrecognized mount option "" or missing value [ 620.291559] overlayfs: unrecognized mount option "u" or missing value 20:08:25 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRESDEC]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') truncate(&(0x7f0000000040)='./file1\x00', 0x6) 20:08:25 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 620.306364] audit: type=1804 audit(1617134905.803:2643): pid=15793 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1211/bus" dev="sda1" ino=15048 res=1 [ 620.342936] overlayfs: unrecognized mount option "" or missing value 20:08:25 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x300000e, 0x12, r0, 0xb8a34000) truncate(&(0x7f0000000100)='./file1\x00', 0x670151cc) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 620.369371] overlayfs: unrecognized mount option "u" or missing value 20:08:25 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000140)='tracefs\x00', 0x20, &(0x7f0000000180)='$L#\x00') 20:08:26 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 620.474904] overlayfs: unrecognized mount option "18446744073709551615" or missing value [ 620.549439] overlayfs: unrecognized mount option "18446744073709551615" or missing value [ 620.576096] overlayfs: filesystem on './bus' not supported as upperdir 20:08:26 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:26 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) fcntl$setlease(r0, 0x400, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000001800)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b644a723d2e2f66696c65312c6c6f7765726469723d2e8f104a92e0815e92a07bbc45bda1a71af0e21c8109b73a41fedf4c34bd5e29f0300000a0942386f385a4edad31fade665c918c2fbf4d1d2596dab146ff0f80c1f1d33dd40d29850e1df8b72f6bfe3330c70b23a0f65925ffb8f00d34d4fa411df4e7b4275a1465f19ef2b48cad97342795336ca6a92aa77b843f35aae90dd92d7379cf50ed6017ecd838c1e0249a41de085e4dc55e5db336d945ce342ab51f2c240a209af8cd55dc96b90b5a7d32c502cc87295b717344ec45f75ef0de2eda540910efd2775c0d056d75429334949040a882c9e7976ca2382cd86e3eba7eeedfabadf8243404e2012bf0191eb03f59891b66d83b2e139c5de438e8864a9362010b49df9102f067f447199fa0da1eeec15b320d094552691039564d2680684066ae9d0e4cf44ac8d70e68bca1ad66e57791ddc2a176437260ba333132d0c1"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) setxattr$incfs_metadata(&(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000140)='user.incfs.metadata\x00', &(0x7f00000006c0)="3f5f3c140ca73951e9fc878c3269e9b1b459fc9ad5869e0bf864e7a1616f162675f88b21266830382c2ed5be47806866ca9c2c6076b8b02716dcbda6c723b15ced358c10e95e32b5bb44d878d44a0703ed10f53d60993698f8ab65f264776c91ec10b77bf7d6a1ccc4a8724be3fcbc991ff7a7c07dedfc707f60325f1cc456629ae08ebb4d80e63c4107fce982cd3c3ef126732134d902faf3439942360afd25fdbb93dd7030d3573b0ff7265502ac1d5e0245dd7c9b60645724e98c68e7d2a4d350a1028aa3f7a2909e878dc9a604d10bc5acaa3637e3d4732e448c0f9dbe6d4e518006784e99eb629314a2b86ce909aa16a3bf82237144ef18aa45e3100cabaeec039f59dcd0cd3d08ff2f5ba0b70e09c534ebe82a8b5cac8c5b701db3ff9b11428503af918480c84ab05c8dcfa41a5b64bf966c7d4a39da8e949c3705c7bd4edb35e4b7c1c6deef545cb584ca2fc409d81eb977d3414ee636d6632f6486586c4bfbf1518e73274b67c446740afe34febc33d805b2817f378d401fd4bbeaecd9059cd11e6977f7043c46304da788da88d4050fdb5db1047951304204f0984bda61eef5c5c98ac40d011d5d321312b9eb0a4bc6973a220fb767c8e89189ff8c9d50479ecb75ca3258b4485677d8bd8dba5048ae4cc357c819d23fb319b7e6afbb467a52efe019320d63c4ded03fa9b9342f1aa86180b74a7be9f498bf545f1a38376efbc607f0b169c4be44e449e8dd3dd94c57b502ec4c763fcc565aecbc3ab663d0f07c7fcb67945714f11064179d33f3a2e4c3c42bd5391820a11a316630da942c60b51c075c3fcd25dafa8284053acdc666d11db5834ac8444cf91f1b6e2345ec2a60b0242a4b6dc208cc18163ab168e6d077f09a6c8c320926b68a30742c8add594136ebaeae0d4b87a03c22b4890566128acf918ed3c1e30d53ff04761015e5ee6e0d136d4951c9058d0bf3865bd09e4e8efb61827073f381d49fa5fecaa285429d3907e6b829b3abe44e221f834511c48cc8e549938b14651ace3a576d480b952e32ff98d016bcc28056f5d8d52e67ae2bf2db0c76a7a6fae8ce65a774c70c8bd834d7f35972104a9b6c72be1c7e15ea96276b48d65351262cb7edbc2ededcd7fbaca57cebfecc95fd5ebec7ff630e06285f533f96d9e3248fcfd265efb4f91b335db08d694ebbd80d033b10467d54af842761f775ea1208eb062d33f23d6c1f42a2eaf28b49f7a0edb12d24345831d454ec0dd1b6a6dee0bcccb4287c376c9661fb7063b73d8f96f65ba48cd8eb204ad78c70c53c42a9838d68fa7090bfea1ed450ad80e32f7768d883c30d4e2ece5cc2b05bfaa31fb5f96913635fd256c1f0dd0223acea35b9678cd2d3a3bbfd7b8bf51fb93e74f8498867cf3bfb251f17302e04bfea86dabc610ca2a9c22c7358e6f3e03779e90059c0b219a1d039c3242c77b5b7e80e9304d90efb8850b1c08da4c6fb448f5b225aa2d39bf8100f641ce15f6059c4fc1fa9c8ffea44a80c768c299b5275bf4f2ab1e64de40e790d79b5fde7419261a35ab7b46338880695095d5b9ceaa82b775de67b2d6d1d7448b4781ab674d8cbbc342ff752d3e46b0d3f9522222fef603257a0518da9ebe4880449ad542053a128cb98ee44d369e71b1f1b2f5a8cd1aa7bd7dea9c85c8b7e21044cd567dee9b092621ca405116d343e5625bc3b89d3f849287c7187f3f2e7533a582f0ce7daa768662882127f4e15c8b82639e0786eafdff35b70f2bd47002e9956bdc2e0cd674bc07fe9c58984c4018b32a1ffbf9292ab6ae810601018b9d71161c7f4064d80cbb306e6cca69ffca0d812b228d938275b0115d979b3fa52f337032adecde2fcb90ecd3ff0f6ba7c562028a8a945a9ec501184c3973942b2f1180cbb5c9beb45d50bec313c43bce3a87528e0f0c24e080849559f82c8dffdcda295358f74de029e87a881e79f2c3af25d9f0f4122bdaf1e0d5a5baf40901349ea1791cfc8abda5fffed9db04c71eb47960b710da860ea7a0bef27be1639589c153b4e8c0a1a3af837b0ecad046dd1fc76b4d0fcc8d55f9aa56a08ab33446071ab76685e257c5e4140c96a23b4182640840fad1b1ab8914d4646e44ec6a7ca4c344f883451db25ed6f8a51cc974a1fec4ee32d4933a60aaaf5440c51bffa1583eba906f1ad4076c223d2c093241e66e8a66e24774f01f0a080ac6ffa3006725361c9f0b54b86225d1569a1ac4d57b54f6fc2f949980c56f50297340f2bf2df9b6d5056ad682f30c70c72916640fc6e254aff009b9314d5452fcb9f4bde13f6a7cca2a096a7ab5c9c0c22649b0a1990be5b475b31d3033924f9297b1ce0af3b9f0f3eff6f9be7bacec8d55a46f3e89d89d613b2e34487fb0510e53a81bec67f65fd94f2b29f09034431c0535f461dce62f970d73934369198deb2dd5acb79b58674906b45d5939193c99cbddb8f9e52a007cd99974e86aeb6e19156140f99a12b893263ce6fbbe05ce5348bb8b7aec3ea6864a91405fb57fdcb1853ad57156c2438244a0c32e3386cc799491ebff3396ba9a8e48fc5a5899e3f9559b4860c72a141d67a0b52f66957c803beef4845ce2b799ba96823fa6616b8865b5ff34d854ea62c84da17ff581775ec5cbe93eff36bce0e50163ffbdb9aaf1cd2a27ffad4808712f307e814df884c159845ebdab4ceba7fca79cecf065db1e69c18955d0dc7c285252813d0bc48f2381972d75c065cc8b8e844198737cb538c6d9488a5dab595926f4dcf895d06f242227d3ea26ef58dde84b500a8114d99d1431b3e44ea71f72f004b1836d41940609a7d86066c132684d18d0285b29eee254bfd6ca2e83cb7989d624328e5ada37f42a285fae03836fb3f0b2f5936ec4c0df3a2f1104ad926b7f0b42f40f48eaeb8c5581b2912e2d8082112e1917dddd7cf447d632065e4e211060a0c23e7c967a9b80ecdad4cf7b0eef195c3e444af9ead5185971392037a01cffb4349e7d5a10a52f2a91339d431d476b78021aa4d5b823e1cb9a873df15d400fe56b5beff6c6faff6c1e5e37beeab8a4308d9b56035bc0fc84b5d2e1697ab351500f12c1cc75392e96f4bac7c8abbcfbe356ac5bfdf27474564b6f873ad1f655074494e433de5f2ad90f7cb24b5962d0362a4cf8cd2918d009134493b982e742c605c441e70fe6d4e35ce0245b85360d44f515bcd42bc7c7a2dc2a57b5125f46c74bc537a74486b3fe5092cbf4f697be1e93f2ef693de0100690560decc28adde15339d68ac9f6c39bfc0724349fdf025eac1d8d2408c1291d1d0b08672444df7a57324467a94abd41bb5c06cb27ca95591bad9c85bbebec8a76ed8d62913bd6050a4412ae4296609345bfdfa672416d5f79b47b3eef4b8a908153771f97ce0a89bb98d71e7a5a0fe10f2141c87fa64c5a3df54fd94c62336023386245169b7dc3a71307e63f3ab580d1a88a7b1411358106607e4a222b28536f59952a90f96e7be8d813bac3ce5db355822c682fe35a54c4fe4fe5f108872a865785236a99d1618422c1ba26ad678db450304bb62a842fb67baf6050c1602ab4296c4cbde7c74a50b9a4d065c2e53d7331e6d333a690df4ab87a706e1dcf3e5bfbec251bfb74b6a47452038b55b3fa2d7faedbc51deae872780373aefbbaa7eaa316a724a49085cbfda1932db0999973de3d60b44d14f7c5811136cc691177703f277054fdeed7d77687d489d6143c288a70ed1681fecba87908d37d7cb58197e3423b158d84515eb29f56cb44cd3d21af7107a1a8ec23a189764402c22041e76d6f72e8e0470e98ba8bba74dd4f0e34f2b371243fe7ac17e20cf2bb579436b9f1d02a9803d57a2f83ba8eef5155b9870cacb271fc7170868dbddbdea589f83a837379b83fc8b5b0a4f506d0f0649578be166fec0eca5efcda361d7b23322d5095b9baff078a8332784814a97f5864d57bf20809b9cb1de6bcb7a744da1920ad0a7cb8d998add5743eec58cf98f6debb0e474587fc319ef39d418b2c5b5ed73ec13921b307d3e0bcb45f135a73df07980efeabed31f985ab78c1dd5af55365b3cb935fbffb1460bd0d2865bd7057720a4c341e18130c82cac6dfb5b499dca49226673377f47341f57ef3d2da3118a188cc27e21a27ec307eebe6a817f451ea382a16954c71134355f5f11f8eb013db9dfe28973d8e3962bc354037965157c5fbb25544acfa44f1e02a904f892bead9e699a8526c05635f2e9ac299da69e1e71d0e2c34707c862d096d9c2825ee8689197c4bf320049a06baf07e4169145097ddeaf32d0b59d2716204c0655830a403c5eb10cdcc349890f3b0c26a4fd1d2c7be7aa692f16825a3f60a677b65a28d6ea2c9629c9c23ed62d3b424ed5146b37d263031a1df595db5c1c557683893d903276f1cef5c37279a6c5c24bfd4baae9330f45bbc83a47c4a4f505927904022d6a7aaaec6f650da6f29377d96737cbeb37df67140198cc9b1072cda5b0b78940a1441023c5162ece5b9f8f2a2ce84e8f344af735c86aabda82e107f1458b19dc5b8759acae26168e8c4672cbd88a027841ac57e7d952c6610d94409ca0daa9d80506caf7bd6abb5ed7af90e0dcc4ead82cd38d4bddff066c211cdf18ddea7a713868e15cddd6c9027a68fa19eea56207df688ff34e3671322b146aae31eb822858a815c275cf305ea636ef78bccfc775e05a605a8d1a1aeb814ae3fb1cba58b69c46b3d188f72d8bc21a3e63620ff9ac7e226432adc64e99e17c8cb05ddc5ec3c3b3ca01db0a9a85a9ff7e2c29b6ab13998d11a0bf6e6ca6a12a470ce2f3d1f741f230c55765ec262f6f6f79e01b970dfd11463785fa4264eae05804d3f7a4b69b1b53bf93c4b2bcd5e48b7f6b66a4fd2db5d72c534354399aa191c5d16ad9c7102434b508e80205920ffedda19bc1741814bd54ab5f6c225e5fcdcda3dd01231d04ed38680a1af20e7a8f9be63ea5f2fb6c7a0276059fdbb6c7ecbd84ed4e0265ee51aeed5cc20d5bdf86619822081df4dad23523ef0afe62da7af305efe31ce7c1f202cb32cd9cf57f17e4144768e2e47efc60911a1f4f614f3be80a7b7c65de7adf871ae34f0dd42d7481a2bad8ca867e09fbd95059fe219cdcc0c14b788a4443e29632f666b948e860a342a2e6dba272e69ab77832b1a5f506d4b033f7e8714a99ee6308f77be1ad51ec09001f4ddfec5b5fdcdabf2b87d5e725d309f2823a943b0ff9c4d170a02c2f2e193e2e771a9f3671b529a00ed82a5b0e09a9f7d6731e83ccf0c6bcfbff5dec8e117c540cd656e0fdf050aca6fa97a178e2a4c82cefc3012cb9b9065eb6d63834056ec839028419efd135a52a65db1f40536f7e46360c8f4018a4d4fb7a45f119a6d27d834d5c231a19993645ee63d1ccecb1ff64a54d87805c3a7d9745d4a6527e086824c83ea9cb559193da30351cb8bfbd1f6de9ae75bacb4d78f6fef23017acf453a9396bc6bd8620507029b446526b1c2c113267dae7d1a353d4661cb6cb66235357f3d33631cda32891cdb397928fc4cb3f83b8345c6ae7d7d8e7956dc2a377a9d742d2a527097ef378c6c5a96da662b6bc9493bee45609658245c5384935cdb571a59ec6e8d6485db2ed2ddc8c0a7702f12be4a0117c50ae4a0e575784c4b4bc916485be433a5d6c5e254669cf82e27495ff061b3762dc77db166a11829379b1c53d35fa8727fc1ef03f0eda0b2ca92564545644acb483f17b0ff05b8aa6f76cabfc0d39e3836dde6e9c0b0bc3847f998da881122c021b9fc954ed407267ae26177962a2", 0x1000, 0x1) chdir(&(0x7f0000000180)='./file1\x00') preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r2, r3) mount$overlay(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000340)='overlay\x00', 0x821020, &(0x7f00000016c0)=ANY=[@ANYBLOB="6e66735f6578706f72743d6f666665783d6f6e2c696e6465783d6e66735f6578706f72743d6f6e2c686173682c7569643d00000055f8ee8d004163ed72f9d912a777e7a4e7e07f60df1cca732803c5dfa6dc8c28bf3954e94103cf11faf1bda69837d5489379fe2fa090b4d6062e8c31a44011147230a02d56ba520ffa473abef1ff003e517e201f0000000000000091ac8392cc8092", @ANYRESDEC=0x0, @ANYBLOB=',uid<', @ANYRESDEC=r2, @ANYBLOB="2c7375626a5f726f6c653d757365722e696e6366732e6d65746164617461002c726f6f74636f6e746578743d73797374656d5f752c6673757569643d35343363323666372d053033392d356451352d316c31372d65633861373563302c7065726d69745f646972656374696f2c00"]) request_key(&(0x7f0000000480)='ceph\x00', &(0x7f00000004c0)={'syz', 0x1}, &(0x7f0000000540)='+(,\x00', 0x0) [ 620.929442] FAT-fs (loop2): bogus number of reserved sectors [ 620.935856] FAT-fs (loop2): Can't find a valid FAT filesystem [ 620.951779] audit: type=1804 audit(1617134906.443:2644): pid=15827 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1067/file1/bus" dev="sda1" ino=14401 res=1 [ 620.981136] overlayfs: unrecognized mount option "workdJr=./file1" or missing value [ 621.001658] overlayfs: unrecognized mount option "workdJr=./file1" or missing value [ 621.107999] audit: type=1804 audit(1617134906.603:2645): pid=15838 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1211/bus" dev="sda1" ino=15048 res=1 20:08:26 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = socket$l2tp6(0xa, 0x2, 0x73) pwritev(r1, &(0x7f0000000180)=[{&(0x7f00000000c0)="575795b947cb319bf8562ff9147b674407bfaa484bbb163aa25d1d62bbff48402aa83bda74f845d57fc3569bea0e4f182e7ddbd02e19abdd012293dd74e70008b6f2cb9d26c586acca852d636f8333e8b798fc410a18dfb4dc2915e31304b47d8dafba9081ea1c823e8c766e280d75099ccbd7c4de38881a0c99f5539fd1ac8451195a8b447bd23537faa130350aeb79bd270fb845ba3a9c5fb0a2b6bcfc66f0b016693e66fd60aaeabb4ed72068d46f9ea40fbf338500334e95d1ce2191", 0xbe}], 0x1, 0x7d, 0x8000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f0000000080)) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:08:26 executing program 4: mkdir(&(0x7f0000000280)='./file0\x00', 0x180) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275736cf04f1470dcc7259ea3833d2c776f72756469723dcb722e2f66ec35b6f92c6c6f7765726469723d2e4c1e15c4a086697ea351bfb687091b7f14146dc59f4e9ddb0bea00c04779ae0059992b456be59ab006f2ad53eae8a9f720cccf"]) r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) fanotify_mark(0xffffffffffffffff, 0x20, 0x4000100b, r0, &(0x7f0000000180)='./file0\x00') lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000140)='./file0\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:26 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x68) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:26 executing program 5: bind$phonet(0xffffffffffffffff, &(0x7f00000003c0)={0x23, 0xd3, 0x0, 0x20}, 0x10) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000400)='./bus/file0\x00', &(0x7f0000000440)='overlay\x00', 0x80002, &(0x7f0000000480)={[{@metacopy_off='metacopy=off'}, {@index_on='index=on'}, {@xino_off='xino=off'}, {@xino_auto='xino=auto'}, {@xino_on='xino=on'}], [{@appraise_type='appraise_type=imasig'}, {@euid_lt={'euid<', 0xee00}}, {@obj_role={'obj_role', 0x3d, 'overlay\x00'}}, {@audit='audit'}, {@pcr={'pcr', 0x3d, 0x7}}, {@measure='measure'}]}) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') syz_mount_image$romfs(&(0x7f00000000c0)='romfs\x00', &(0x7f0000000100)='./file1\x00', 0x2c2a, 0x1, &(0x7f0000000240)=[{&(0x7f0000000140)="96c3e0cc27c0ba5f555205aa15125d67ee55c50c5912d50161c25559a082d4b8e1b54cdadc58b160c333c7765f5c93e7bb28dc629221c21fd8c2d9d7a5e7c61e0a42b5de25cbdf5907280144d15cbf270285b3adc93306f6716b3cce7339f3f2996e00acab", 0x65, 0xf2}], 0x400, &(0x7f0000000340)={[{'overlay\x00'}, {'overlay\x00'}, {'\\.*}\xe4&'}, {'overlay\x00'}, {'overlay\x00'}, {'*!%)'}, {}], [{@permit_directio='permit_directio'}]}) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:26 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x68) rmdir(&(0x7f0000000100)='./bus/file0\x00') mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r1]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 621.136984] audit: type=1804 audit(1617134906.633:2646): pid=15793 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1211/bus" dev="sda1" ino=15048 res=1 20:08:26 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 621.236743] overlayfs: unrecognized mount option "0x0000000000000004" or missing value [ 621.249057] audit: type=1804 audit(1617134906.683:2647): pid=15845 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1212/bus" dev="sda1" ino=14423 res=1 [ 621.256076] MTD: Attempt to mount non-MTD device "/dev/loop5" 20:08:26 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upper~ir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:26 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000080)='overlay\x00', 0x920024, &(0x7f0000000180)=ANY=[]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) lchown(&(0x7f0000000040)='./file1\x00', 0xee01, 0xee01) chdir(&(0x7f00000001c0)='./bus\x00') mkdir(&(0x7f00000000c0)='./file1/file0\x00', 0x10e) rmdir(&(0x7f0000000100)='./file1/file0\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 621.323481] romfs: VFS: Can't find a romfs filesystem on dev loop5. 20:08:26 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 621.427216] overlayfs: filesystem on './bus' not supported as upperdir [ 621.471227] overlayfs: unrecognized mount option "upper~ir=./bus" or missing value [ 621.498685] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 621.524348] romfs: VFS: Can't find a romfs filesystem on dev loop5. [ 621.557341] overlayfs: unrecognized mount option "upper~ir=./bus" or missing value [ 621.577757] overlayfs: failed to resolve './file1': -2 20:08:27 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') rename(&(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='./bus\x00') 20:08:27 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:27 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 621.778296] overlayfs: filesystem on './bus' not supported as upperdir [ 621.830926] overlayfs: failed to resolve './file1': -2 [ 621.835058] FAT-fs (loop2): bogus number of reserved sectors [ 621.844810] FAT-fs (loop2): Can't find a valid FAT filesystem [ 621.881182] audit: type=1804 audit(1617134907.373:2648): pid=15893 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1068/file1/bus" dev="sda1" ino=14384 res=1 20:08:27 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7504000000000000002c776f726b6469723d2e2f66696c65312c6c6f776572ad8f64000000000000000000"]) mount$overlay(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140)='overlay\x00', 0x20d101, &(0x7f0000000240)={[{@nfs_export_off='nfs_export=off'}, {@redirect_dir={'redirect_dir', 0x3d, './file1'}}, {@xino_on='xino=on'}, {@redirect_dir={'redirect_dir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@index_on='index=on'}], [{@obj_user={'obj_user', 0x3d, 'overlay\x00'}}]}) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000180)='./bus\x00', 0x100) fstat(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r3, r5) mount$fuse(0x0, &(0x7f0000000340)='./bus/file0\x00', &(0x7f0000000380)='fuse\x00', 0x0, &(0x7f00000006c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@allow_other='allow_other'}, {@blksize={'blksize', 0x3d, 0x800}}, {@max_read={'max_read', 0x3d, 0x4}}, {@blksize={'blksize', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0x7f}}, {@blksize={'blksize', 0x3d, 0x600}}, {@max_read={'max_read', 0x3d, 0x5}}, {@max_read={'max_read', 0x3d, 0x95dd}}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}], [{@obj_user={'obj_user', 0x3d, '\'^)]'}}, {@uid_lt={'uid<', 0xee00}}, {@smackfsdef={'smackfsdef', 0x3d, 'overlay\x00G\xcc\x1aQ\x97\xb9\xae\xa7\a\x838\xc9\x8cc\xd4\x1f\xcdg\xfd\x8c\xef\x1b\xdc\x9a\xee\x97<\xe2\xe6\xb7>\xc8L\xd6,\xde\xffmBh\xab\xcaL2\xed\x88\xf8b\xacf}v.\x16\xceQ\xcaz\x97\n\xf1\x89i\xdb\xaeX\xbd\xd5\a}ai\x85J\x93V'}}, {@fowner_lt={'fowner<', r3}}, {@obj_role={'obj_role'}}, {@obj_type={'obj_type', 0x3d, 'upperdir'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}]}}) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') stat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000004c40)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r6, @ANYRES32=r6, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB], 0x8c, 0x0) stat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000004c40)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r7, @ANYRES32=r7, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB], 0x8c, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f0000000980)=ANY=[@ANYBLOB="02000000010000000000000002000640", @ANYRES32=r3, @ANYBLOB="00000000daaed55e8ea9fc2ed44241627c2835761f8e00000036a14a21cf1b73b43ad59f4a6d568a941a9ebba3fe85834a79c97e54cfa64d576cd2b51f294e9d87d6f98cb1c813ad6253645cf4db326e1dd8e7c763a8474a42029df0beab3d10bca2261868fb1f83d827243dead283fc1b9d50cb2b527878b69745d30c04207d5afb6d5c755b99079d2800000036677e6ba868b9808189808cebf17d60d3a1e7fae6613a69b653c81b0afc3e615c621c82ae53efdcc9273fc1d9d7d8da2cd5bf291feb59fdcbd8036019e7976a", @ANYRES32=r6, @ANYBLOB="02000000", @ANYRES32=r3, @ANYBLOB="02000400", @ANYRES32=0x0, @ANYRES64, @ANYRESDEC=r1, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32, @ANYBLOB="040005000000000008000200", @ANYRES32=r4, @ANYBLOB="08000500", @ANYRES32=r4, @ANYBLOB="08000400", @ANYRES32=r6, @ANYBLOB="08000200", @ANYRES32=r7, @ANYBLOB="08000400", @ANYRES64=r3, @ANYBLOB="08000300", @ANYRESOCT, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r2, @ANYBLOB="08000600", @ANYRES32=r2, @ANYBLOB="10000300000000002000020000000000"], 0x9c, 0x3) lsetxattr$trusted_overlay_origin(&(0x7f0000000440)='./file1\x00', &(0x7f0000000480)='trusted.overlay.origin\x00', &(0x7f00000004c0)='y\x00', 0x2, 0x3) 20:08:27 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469810594cdd428cd228ada5dfb2b775f8c723d2e2f"]) rmdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f00000000c0)='./file1\x00', 0x40) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') open$dir(&(0x7f0000000100)='./file1\x00', 0x29200, 0x1) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:27 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:27 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xfffffffd}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) vmsplice(r2, &(0x7f00000003c0)=[{&(0x7f0000000080)="492aca4067a7b406024e047b15fb7419fa4826f55874e437", 0x18}, {&(0x7f00000000c0)="7710bf2debd6acb779c4eefe4dc8c931c6155a24690e053886972ec91c1fb65ee7a5c068f1dced4722b67f11ccc507586c6d229482bf32d2e422ec372800979ccbbae8dd1e84f5cb1de0b0ef06f49217a702b8ec", 0x54}, {&(0x7f0000000140)="1602377b09904c20617c0b0739d325af588b76e261666f88744f2167f6d90bded42f5d78174c0cc5ed5e2331cec78d41213408dfd3b542e5762e855a49752d604f788d7adfffaebafe36859cc24bef159b2b9a99012c803115e1772bd7e8cc1b6b86cfa3142e2f71c5a99acc1b558fd140d9276b7b262e5e1cf8382633a09770e6073f9cd81f451ef1022921bafb9d3cc991db83f27f55c30b2517c35c61ae4f7e25719688936a0f231d3bea6dda8df3d9540e9f69f07ccaadbe7055b10b979f94", 0xc1}, {&(0x7f0000000240)="88cfb28ee0f69a9e5164fb23067b16bd3a43a180f130966fab6941ff56b7c2eac85ad6a1839e2b260bf790e27fd3fbeec715f301ef1e3a9678cf06ed616c933708a3d517d8170c4f028817cb4a934093b828cdabfafbad7ec3a4dc4dd247d02ebc532bd1853c85d83ba0c74a85d34efdf7cf72d7d43e26ea07eff5164a4885e99da6365886e28cf39f5f3a7c375be3643eb8410b0ea14c0b", 0x98}, {&(0x7f0000000300)="b6361e28478938113d720426", 0xc}, {&(0x7f0000000340)="014d6af4c39574b552dfea6b484333b363936d2c3dc1239eeebf34320c1ea0e228b9b41ed3141802ceaae8", 0x2b}, {&(0x7f0000000380)="8a4c47c3f7823798c59f4ea58c28f9b9431491341a37e1e373f737f0a5b9c4e1e366", 0x22}], 0x7, 0xa) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) sendmsg$IPSET_CMD_PROTOCOL(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, 0x1, 0x6, 0x401, 0x0, 0x0, {0xa, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44800}, 0x4800) 20:08:27 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) stat(0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000004c40)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRES32, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB], 0x8c, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@private0, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@ipv4}}, &(0x7f0000000180)=0xe8) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000240)={0x7fff, 0x800, {0xffffffffffffffff}, {0xffffffffffffffff}, 0x81, 0x9}) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r4, r5) mount$fuse(0x0, &(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000140)='fuse\x00', 0x80000, &(0x7f0000000880)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other='allow_other'}, {@blksize={'blksize', 0x3d, 0x200}}, {@max_read={'max_read', 0x3d, 0x9}}, {@blksize={'blksize', 0x3d, 0x1a00}}], [{@dont_hash='dont_hash'}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@euid_eq={'euid', 0x3d, r2}}, {@permit_directio='permit_directio'}, {@smackfsdef={'smackfsdef', 0x3d, '!6$[*.]/}#-%#\x8b!\v&{[$'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '&$'}}, {@fowner_lt={'fowner<', r3}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'overlay\x00'}}]}}) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) open(&(0x7f0000000440)='./file0\x00', 0x101000, 0x40) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 622.006444] audit: type=1804 audit(1617134907.503:2649): pid=15901 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1212/bus" dev="sda1" ino=14423 res=1 [ 622.030937] audit: type=1804 audit(1617134907.523:2650): pid=15902 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1212/bus" dev="sda1" ino=14423 res=1 20:08:27 executing program 3: mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 622.126726] overlayfs: unrecognized mount option "u" or missing value [ 622.135600] overlayfs: unrecognized mount option "workdi("]+w_r=./" or missing value [ 622.150715] overlayfs: failed to resolve './file1': -2 [ 622.153714] overlayfs: unrecognized mount option "u" or missing value 20:08:27 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x4) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 622.211933] overlayfs: unrecognized mount option "workdi("]+w_r=./" or missing value [ 622.225229] overlayfs: filesystem on './bus' not supported as upperdir 20:08:27 executing program 3: mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:27 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) truncate(&(0x7f00000000c0)='./bus/file0\x00', 0xac3) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:27 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1\b\x00owerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) write$P9_RREADLINK(r0, &(0x7f0000000100)={0xe, 0x17, 0x1, {0x5, './bus'}}, 0xe) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') readlink(&(0x7f0000000140)='./bus\x00', &(0x7f0000000340)=""/76, 0x4c) mount$overlay(0x0, &(0x7f0000000400)='./bus/file0\x00', &(0x7f0000000240)='overlay\x00', 0x20048, &(0x7f00000003c0)={[{@redirect_dir={'redirect_dir', 0x3d, './bus/file0'}}], [{@smackfstransmute={'smackfstransmute', 0x3d, ']-)'}}, {@context={'context', 0x3d, 'root'}}]}) [ 622.371944] overlayfs: filesystem on './bus' not supported as upperdir [ 622.379716] overlayfs: filesystem on './bus' not supported as upperdir [ 622.446142] overlayfs: missing 'lowerdir' [ 622.476824] overlayfs: missing 'lowerdir' 20:08:28 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1b"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:28 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c528e8794b5070000002e000100"/54]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:28 executing program 3: mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:28 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='./file1\x00') mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus/file0\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) chroot(&(0x7f0000000180)='./bus\x00') lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') syz_mount_image$hpfs(&(0x7f0000000140)='hpfs\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000580)=[{&(0x7f0000000340)="754d814b03b81864a1452890816dcca163bef73b97bb7377b2d75ef17d8082119443660552bb5936f962a23b91d1893c004581f91b1284e48a865bbe386a5b4f238d34ffb1a2e8db9981ebe6df165a3e02b8d51a767cad772c26fa24bbd1f16e79b1b37b87306e3290ef86286ab217871b436c1b65705c9ca124154beecf3649e996df2b24007b4e219be8e4fdc1220a80a22cd1c09523b4737c51e14aeb30385ed5bfdd5b6f1dc4a38415a11a239b938672", 0xb2, 0x2}, {&(0x7f0000000400)="a97545b8fcb258bb76757ace0c9a329c38babe5cd7047f80ab4893ef4c15f865d923f5fc1a70037f6a753ee23976be9361e7eadd4fbe71ae27d5d8db66fee4582df5cfe3419e", 0x46, 0x100}, {&(0x7f0000000480)="de8462d1cb78d0abe4e3013732cb1bc1acec882b2e712c77de737a9a6212c880901ad37e7455a7a64e7e16ea016d59aa0125b51ab44768ce100d4aa177210ef14100e2f5c5d6927870352daa15edd28f89334100d07b35d8364e006b266d816bad93a466cc248a71ef02323f6778adce0631d6810fcbf6803d6e0c872661afbdf9044097fa17ee22a3e661b72e851a63e68b2313b9829f5cc4a5b23bbe4f4fc534191fd85b6023bcadc592b8314b4be7ece245ee79f2fdc76946594e57491640043d93902bfca918e83c0689", 0xcc, 0xc6}], 0x2010020, &(0x7f00000002c0)={[{}, {'--)%'}], [{@subj_user={'subj_user', 0x3d, ']#-{('}}, {@appraise='appraise'}, {@smackfshat={'smackfshat', 0x3d, 'overlay\x00'}}]}) unlink(&(0x7f0000000200)='./file0\x00') 20:08:28 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00', 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f00000006c0)={0x3bc, r1, 0x800, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0x3}, @NL80211_ATTR_MDID={0x6, 0xb1, 0xfffa}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x9}, @NL80211_ATTR_IE={0x1b9, 0x2a, [@erp={0x2a, 0x1}, @perr={0x84, 0xea, {0x6, 0x10, [@not_ext={{}, @device_a, 0x3, "", 0x15}, @not_ext={{}, @broadcast, 0x7, "", 0x1d}, @not_ext={{}, @device_b, 0x9, "", 0x2c}, @not_ext={{}, @broadcast, 0x7fffffff, "", 0x16}, @not_ext={{}, @device_b, 0x9, "", 0x5}, @not_ext={{}, @broadcast, 0xe7c, "", 0x1f}, @ext={{}, @device_b, 0x4a, @device_a, 0x1f}, @ext={{}, @device_a, 0x40, @device_a, 0x42}, @not_ext={{}, @broadcast, 0x5e7, "", 0x6}, @ext={{}, @device_a, 0x1000, @device_a, 0x7}, @not_ext={{}, @broadcast, 0x7, "", 0x8}, @not_ext={{}, @broadcast, 0xffffff81, "", 0xc}, @not_ext={{}, @device_a, 0x8000, "", 0x39}, @not_ext={{}, @device_b, 0xff, "", 0x25}, @not_ext={{}, @device_b, 0x1, "", 0x38}, @ext={{}, @device_b, 0x9, @device_b, 0x24}]}}, @random_vendor={0xdd, 0x81, "18088275f53563021985dd45835b5f333b664b35a566ae034aa0469461db9ff6b3b4883131fb735726da132379754db5c43b9722ba5d7e31675637a61a336c5ce2b77a06f1ce63518cf39345912193e2bebe8a5cebb6a32577b08732fcc1b66db73ca3b9496bcab630814b51f9900ae462563492975b0f859cab0c7adaed11bc75"}, @ssid={0x0, 0x6, @default_ibss_ssid}, @mesh_id={0x72, 0x6}, @random_vendor={0xdd, 0x31, "6fa2018b9d230c5d6c35a453eade8891e61ae288208f21036034ae39a1daad97d6680127d9f0a6ff54496279a795f77e55"}]}, @NL80211_ATTR_IE={0x1a3, 0x2a, [@gcr_ga={0xbd, 0x6}, @random_vendor={0xdd, 0x95, "3ba8d1fe2b55f7d4ff75a5fbfa24bd1fb3ca53cb2c0583340d07ca59f935eb237fbae228e89a61ce267e42f5b9b5f27617d56fdc5d54c77e93cfcdce0d3dff43a07a32f3aae06e9548643b982827f79484ff32406509c958333903dc907397165bb7401a0d7f4526247ea0f6ec89089ea81b95220c1e170b9a404f539cc579c31783e693a8ba1f051a8793f2063bba9eced4b5e636"}, @ssid={0x0, 0x6, @default_ap_ssid}, @channel_switch={0x25, 0x3, {0x1, 0xa, 0x7}}, @link_id={0x65, 0x12, {@from_mac, @device_b, @device_b}}, @rann={0x7e, 0x15, {{0x0, 0x7}, 0x8, 0x8, @broadcast, 0x6, 0x6, 0x7}}, @rann={0x7e, 0x15, {{0x1, 0x2}, 0xe0, 0x9, @device_b, 0x1ff, 0x5, 0xb1}}, @sec_chan_ofs={0x3e, 0x1, 0x3}, @random_vendor={0xdd, 0xa9, "ab548be48691d23338dea2b8a3f492ba809d0e3288f4197c504133e6799f56dfdc7e3291a895b2181ecadab7adad8d8d2cd2447d8fc656f7788c4edfe66066fa973a28c4ec48fe16ef04d297871dc72c98b01c3565b85f6f3361485d785f8ea24d8ac2ab60c6b1ea3660c2f3b0b68986775d84354d2a74f318414e714a83e479b9811b1bc3894a434b54b8bfa7f7e2ad24cf17bce11c8b2b1e230a08e83c9fbdb854b1fb69918720cd"}, @challenge={0x10, 0x1, 0xd2}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x800}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x6}, @NL80211_ATTR_IE={0x18, 0x2a, [@sec_chan_ofs={0x3e, 0x1, 0x3}, @perr={0x84, 0xf, {0x1, 0x1, [@not_ext={{}, @broadcast, 0x7af, "", 0x5}]}}]}]}, 0x3bc}, 0x1, 0x0, 0x0, 0x4840}, 0x44000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000340)='/dev/null\x00', 0x400000, 0x0) preadv(r3, &(0x7f0000000480)=[{&(0x7f0000000380)=""/228, 0xe4}], 0x1, 0x400, 0x5) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') write$binfmt_elf64(r2, &(0x7f0000000a80)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x7f, 0x1e, 0x4, 0x7, 0x3, 0x3e, 0xfffff001, 0x2f1, 0x40, 0x2ac, 0xaedf, 0x3f, 0x38, 0x2, 0x2, 0xaa1, 0xff81}, [{0x5, 0x1, 0x9, 0x4, 0x786, 0x6, 0x9, 0x1}], "2857c3c19d50b2d39059bb3230dfd023bdea94170532eaba59d0b74bda3aec564f72e34876b565c7375f6253faf74778bcb73bbc46184df24a9f4111f39ba1e1f74eb9a95e9ea1883cdb69b15fa5f1ff02a5ee78c485516e5f9bb523bc42aee829c6b7924289791b35fc70a33dd4f4b182aed0eb8076717d999d29f0e7d3265e9bb3bac80719d862bdc5ae69c3e3857fc3a996e6e4e23678e0b421aebd2a0aece7cb30bdc595909425cf815ce21cd5ad028a03c0dbbcc0596cf1175621746284621b733f1049295c5653f9c661eec547a0e39b373ca5d9dea019bfd6e3d8165bbf9f32fe8562fc1888ccb76769b72806db85d7153327a67128c1391d678e37913678ee4ac16ea1f8e3e5b0aae3c3d3d233458c287afcc0e635d8b63392be811ead8096f5ddb61d201b1cc4680264c164b3d4a83073eba97d0985d0acd7de7100fad7d3fe46905c9846025fe808d649c5b10e0a9ac6e9c9bfab47e351edfe63aa54b4a0570a4ba51e491a0159f8b6dae0b064bd26d0e54237889d6d5f4b0c7516ca31d6d12cd980c16b0ecb4bceb1488e839d56386374ce1fd968e899bcf411758605452fa6ded1a02f9524cf757e5f6e94150af72b28ec4d471bb10c5655027ff621ff25a6a777531bdc8da87bb04518dbc22132b2b3d7d1103b49ffe9cc0318d6e96070c1bb5c793c3fb9daf3d618d4c0cfb7de89a334a4585507a4c350e590e0459fbda621578e90b4636166419cc61feff66541e5e6523a05520db5aac6a93ce18d1885075ba5bf921b386a11ffeebf046f46d8d7740f20d6d8ee04dd6d02bd394178df6c861bd73f8cf8ead1d9c02a585143894f6f6fb269c75b8f4359711c74d0a7eb78bc591966791331be222095e8cba68af406ffef0066db94e50c295394ac34dc35ad7997ebf06757928532cd06ee1cea79cbca61ac1fbee66f933fdd3d47b4d604fc0bfa4219483eaef4141b747e09b4f74d303be5b8e012236688354ca74d81a444224ab7beeee04a06852ec60c809c172511f144cc747ba10fe0cb968b284c8b159597bea50de36e4bc6c26dd04552f7333d2d5dee7605fec2ff9ff08c7d741a375a74d9b2eac098fde81be3057b79677ac37fa80a85d6c8c6fee1932f07ae6a413ca533cbb4fc7bf1668cd718c9bd5ee5fcbe7e68fe10806dbf8df102f5a8d5f0fcdbd83d42a52de34887954f759f86deaedd115cf48721630f3918a313b12a4752546313ab1f63168cb7a99c4aa4ab5ef131cf9a0bd1b3dcd0a02bdda85ca714221bb46968405549c0fdfbc4201f85b3b6ff6897c845c8927f09a00534ad461212cdc09528942f34444ee8d80d9da0c4a752de940747a25948c8bbcc88555a15964b3d3fb197ec0317ecf3737832c4dccdbfb71709fb5661d1b7059839591cd9901fbc8f9a26c330937e22cfee9c1aaaeefd7f586201f4e4d2cc079c7623249863d2522d63f4646c5715a9e8b8a661677e7525e5083fc317f3091a09ab22f1bb969f0d5085361be1a1c102c6e2ba853c5278ef33b480ff94c850ed48da841ad8213c77595cd429542d8f45d08c98dd794852e37c00928bbdc38e2652f696f7146e624173c33623e883ff307de4f8977c8158a670c955e50c526d44c1225200511e834d08041dd1a19bd41072b680d0b635f8f4a26d45ad5807fa3f73a48ca5a18bf68b60829a1f89bdd85be38e831db5c47c951c246ceda150b91f90c3865af9dd0dccf1c5c569c2ef319462567d5b590597b119d396a31656ab99274faee03e73b8b01e6f9c81882ed8a52282b225e73a3c3f7b760ab9030ed0c5d6a6f39926a53117c89711f509ff474b11506d7155d3488a323f865beca2a3bcf76a5cea83b2363314c653464845b9169aa5c34802adda6c82cc2745fcad384c2b126dd01bd3111dfc1623ccc6563520329bd2b857057e2aee5e5a9729f31e1bc344a6d037ed2204ce3d998f73d8a794a1cb5e11ba94176cc6498cfc22ca162e372b4f3ad422b5245b6d44474c992a860d7f8137fc0f9dec4b19848a912f8dd7051a8b71cd920d3536489a29f6df9c49b4132a6a547e9c5280e8a3fd2fc2d57b6e95b9cb6f0a288f403b88827958fa566a346fe54b2bada8d8c378a139621a0f3dbefe917d74b901195929df63145170b946d561963ddb507864382e0092cfddd9cfc8c537b4fbd1670fa53efe52f6a8d37446b7417983c51e0f396a3ed1bb14d366ab8308a011873bca2c8973d9951734292f38b843694e3d0f1db417ff4a524ff3c29cd821696a07a88f58d87acf073bc72d18bf1853697ffd0b089f935ed19656c06a1c2958ab8de3c3c7ee3e9d07d369a50e4fad13070c0d00b0837df3b040c4bd19a75aa167f2fd656d9ee3ccdc11f1b18b8d4c11e9d8db6cd90f9c877361929a59583987f6492042d9b820755d639df805ba1f768a36c9d358ec8406ee404b0a3fd9b7bf0f16b60b8b802ff25260672c354dc7b19959962194d5e79cbc78bc35c003cf78b5acf6951a3d0d728cc5bd8fb5c776695b6e5f0681e65d53c51446ec77ec8cc93cd21384c1ebd9edb36b5ded7e8ab44a17f6d4fd478fb772866b59ce40954e46758ae379fb596f661d6b51c20488a0512a5bd16d43e01e73bc66e30a6eab70f388bdd991a5e3efa56cd40218a9d71561e5e011629366a93fa6ad2f6153bdf0301b0090f31407e6de6f2204c8153e64b48beb143eb06992fb9472305429c185e127ce5f5449f63d948d56030cbfc782c624341a43611ad630f8ee7ec1cc5e9e690d00fca8332f45bcba0e334bf15fd7637555a4b76bcdd63c38a20a6d30f3dc2444c7cf5947309419a8ba9e5dc5d3f0248659a2b32d56965e297dafa1015803ec0c069ede6d2eff6eaa3bf9f432cfa0bcc3ce3180264acbe478a7512e5d48d4aca0a30988fd6183a707d93eb040f689df4a247610b384c1555c4824285c88b2438a537f57779f890ddcbbdb3f1a6b42f71f390385b25e747ea3dc69e3407941a16b8384b1d157318f2d023c44a0ac87c06cedf5089238b3cd7e3c9dc7505ed3e7c8f5855060e65d51121af3e7a2cd41b64e2b39fb32e6c2fab2d5cd87d0b54fecf055179eb289ffaa30bea1680c6c2ad31e37eb146c49418fe48118a0e5e030ecceccc4721cdceadd6bc01b9681e5b107e90b0c0447c68e165310cf9e671bb783f159186ba6aa6bde10a24819bcdd06e43052c880dcc52344596c78b8051f75581784be0f511122736f1b2e3a2e4d6aecc4e77277ed0ab573cf3dd5524d6b579705e4110b3847bf294815a057e87cbe5ee369776175826771e753e37d8af8b699f5012f0291e37713b5c3755a7624394b9d2174142c5e3c458699f19b43eae4f7a315cf1dc3c0d10044606b1faab6e29d10ca8a05982faaf7a373eeb3312d76c3927f71b7f46b266638dc291b5104a8ebdd9df2cde01758e3bd6ce9337cf113b74132a43454a24ce0650398d20f70077947c2c25a7ed0fdbb1113c910147c60b391f8c891f75ceeae63e69ac178fa4116ccdf2f57d9c51c908a9b216f537215cd0879ff210c2da5fd3957d9e4dccccf426e0598c9d539a6005040f671da42bf2eb290a611761a59b19a5d79377f87e5998c31c7202a27411b61edddfb99cdb678edc190a6a733c76f810289c7b124cecdeda99b7dd80f84f8cb5383d04ac5a10226b3c3be92099b0f2c85b0a8517b1c3cf297b45d582841a191656576b3791045513bffe2422ccde7817f8d236be4a6a8c6d595f6678fa549a8968fc8677e628341195287671bd6b2d0e2242fa9ba0dc0e70890253bb5c082af5d0586a40448333e5df4696c6a25359f98ac049fbee832f044b85793c821f0bccfe6d84c511172fdcb7394b2b0602abd4d586abc9c3ccda086015ac9aa296ceb00aeeb1f4be10a0b52308f3e36172faa7e82c33c952864f941743107cf2858d307dea99a2bb8bf9786a44a53d5e3d6bff2a902de0516de659ea4125ab8a93d33b3fd5e18b074b36650a4e4fc1404addb7d835ee04ad5a083f9c5d76d35491a8051a0f0e268a7c0260515422744ed949a136d3fae50a9d254ee339f83b64ef47ca43eb5c8c7d433c1b1a7056e7b9bb0bdc09f94c41d66d52dc4b3ededf89f9c2557d2db8fc27bab8cd7e0ce3d27b8ee5e48ed784525dd45ecb87bc809ce8dbd05b45fae27605303c1170a2108b3c9764625b87babdd4fe654b37120c8a9b0abcf9033efee83b68c47bf627b1864c9655028ee918e2fee213c87d10bc35ca7039dac018997325fcf4c123df5c6f0116249141c00f0c837bfa8fd1f10a7961ad49c94b2ffb4504c69969e76c9d454af8e5b6bd9ee19a1a500815ae1221b5090f4ea8802be7f3fb9a7d62e2f9c6e48660d24cd7476585ac6419396a87da919a48f48fcedd7d0f618dd19831ad2051232837259357dbdb2ab16c6beceeb7cce443dd5908548826e7f5c62faffaabadd67e952f5dcbd3cad60616589d1d22caf96fd9d9abb39617b955397bd6a5a20b467219fae1e84ff5e8f68542854b9dec1208442e219383ee62703f8af770dd2a5deb943b55db12a449c469a757562494a555adbab9b6bf5bc23a1215396b34d9591322b5cb49ed3942c7d61ddb5ca0abead72fce0f1550ff1b2303b8f0f3926990e78e5c1dbab43a5f247d8dd3879ab8672c0bf4e9bc00438fb751c9c678c7acdcbb96d489951be9d823dad4ef50a92f5456c5e4243263f2b14a2ccf5ee93d37b7a4e4242f2be5bbc0c592ed889f94698b5510dd2b994c23964d294c325e6b3c0484f0dcbc0296cf95a111f8eb522a12e6b058a5003d0a87571429c6a0922c05fa4032f7f93644d984ce4fa070d5a62631b9b9c5054f46eb161c7b2096dcee6315d717a21f99c84361b194c5d95d88f6acfe872409e01eda71eb66e6a6b7cfecb56bb98af21c889e7b87cf22c4ffbc4209a5b5e826a2578ff785ef8427be3dde5fa121a7b3f60885b915165d44083abec31b689fe3843614f40b85542acf3f1c3ac0cbbea59367bed379ee8b6581907b357142c4570030b97a8b45fe3fe412d74fcb9e578c9469e541f4f298dbc2f362b799a4aa03787d57529cafd0fca0e6e5c5b96944cd3d2552d4d512a9e00b1ef7b7e18fa43cb8af1ba8b596c6bce4fe958fafe662ad2a95cf9f90dcfb3d4cd7dcd95e4e4bfca7479b962f1af9658897750bcc671643e1d724d76f39d7d8d247250548e8b323e12a3064023132aa37ca2c9703f6811c6ac4e34f2f55d5b8617e88bc0a56e67f8ca929c13359c672f9aebc2ed4142a8bd5cb398bee4753d55e74a42092c4c1df7a43608441b76f1d609d92b0aec513b3fa7d3d960dde7ca15a79373e298acd6b4a1db1daf280fd02f6138130ed164a88238a1f1b895e0aafc8ab51247eeeed422971da3f1304e60c42abfe66d9bc989f79b47a8de432ad445488b82cfd86581e3bf03c2f541a3bf410ac5c75da4f7ff3f0b1c01f28ba8b3dad5cc1cce577685a2e3c3075d88e13ad7274bfef364dad6ef0f2fe4026436a5e579d55c18ba4c01ead7e2586e15a937404f9b4987022c7d118911fcf61040a5a0ea7ebcbc1a09b48a7d4886f042e88b11609fed9e97d07ef099ceb0606efb9c24e914581a7e1221a588e6b30686b9834139d830dbcd712e9165c3ecae33c35189d0c856c87891457866d125db5a4f7e5f1547ef4639abdf82453d82ed3f22844c396df4c7a63ca52fae5834a013e75599fcd8f0e55cb9a67238d7f636fb85a4a8becb07fc801103aa6fdfbfa827ff4c26fa560bcddf9d109dac7fd61fe35c9e5c884b5941", [[]]}, 0x1178) [ 622.746019] overlayfs: missing 'lowerdir' [ 622.757123] overlayfs: failed to resolve '.C': -2 [ 622.764787] overlayfs: missing 'lowerdir' [ 622.786845] FAT-fs (loop2): bogus number of reserved sectors [ 622.800948] overlayfs: missing 'lowerdir' [ 622.810153] overlayfs: failed to resolve '.C': -2 [ 622.811039] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:28 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') execveat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)=[&(0x7f0000000100)='\x84%\\(!\')[!\'\x00', &(0x7f0000000140)='overlay\x00', &(0x7f0000000180)='overlay\x00', &(0x7f0000000240)='#\x00', &(0x7f0000000340)='overlay\x00', &(0x7f0000000380)='overlay\x00', &(0x7f00000003c0)='\x96-\x00', &(0x7f0000000400)='\x00'], &(0x7f0000000540)=[&(0x7f0000000480)='overlay\x00', &(0x7f00000004c0)='\x84\x00', &(0x7f0000000500)='overlay\x00'], 0x1000) 20:08:28 executing program 3: mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:28 executing program 4: sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="140008001000150800000000000000000000000a400000feffffffffffffff00000000000c0000090900010073797a30000000000c00064000000100000000040900010073797a3100000000080003400000000624000000120a0101000000000000000007000001100004800c000240000000000000000338000000020a01040000000000000000030000050900010073000000020900010073797a300000000020000000020a01040000000000000000070000070c0004400000000000000002140000001100010004000000000000000000000a00"/228], 0xe4}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000700)={0x101, 0x1, 0x4, 0x70000, 0x0, {0x77359400}, {0x2, 0x2, 0x80, 0x5f, 0x1, 0x1, "90dc6bf5"}, 0x8a, 0x2, @fd=r0, 0x7, 0x0, 0xffffffffffffffff}) preadv(r1, &(0x7f0000000600)=[{&(0x7f0000000780)=""/104, 0x68}], 0x1, 0xd9f, 0x8004) sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f00000006c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xb4, 0x1, 0x3, 0x801, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFQA_VLAN={0x1c, 0x13, 0x0, 0x1, [@NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x6}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x70416612cc4b8eba}]}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0x9}}, @NFQA_VLAN={0x1c, 0x13, 0x0, 0x1, [@NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x7fff}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x5}]}, @NFQA_CT={0x50, 0xb, 0x0, 0x1, [@CTA_ID={0x8, 0xc, 0x1, 0x0, 0x2}, @CTA_NAT_DST={0x44, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @private=0xa010102}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @dev={0xfe, 0x80, [], 0xf}}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast2}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @local}]}]}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffb, 0xc96c}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x24004050}, 0x4810) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2ea2385a35fedf1fd0f71a9b8d5db96102b65d473cb28098532b8f808e7feddc"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000800)=ANY=[@ANYBLOB="2e2f6669ae20251ad98c436e00000c002dd86119a6bc6728cfb8252d7b856840fbc2ce025170bfb60861201fb69780610c298e0861de04af69b83b056e0bbe9e89663850556d00ae1209250061b4ffc0ba28fa9ae96d187296058cf629eebd5bfe439f70f73e94b2ac8e4deec447af694ac64fc19340edba59acde"], &(0x7f0000000340)='./bus\x00', &(0x7f0000000380)='ufs\x00', 0x20002, &(0x7f00000003c0)='-\x00') chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:28 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) openat(r0, &(0x7f0000000140)='./file0/file0\x00', 0x101000, 0x1f8) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2000, 0x8) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:28 executing program 3: mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:28 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000000080)) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) close(0xffffffffffffffff) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0xcd217000) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f00000000c0)=""/126, &(0x7f0000000140)=0x7e) preadv(r2, &(0x7f0000000280), 0x41, 0xd9c, 0x20000002) ftruncate(r1, 0x800) lseek(r1, 0xfffffffffffffffe, 0x2) r3 = open(&(0x7f0000000180)='./bus/file0\x00', 0x4b0140, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffa) [ 623.090336] overlayfs: missing 'lowerdir' [ 623.107373] overlayfs: filesystem on './bus' not supported as upperdir [ 623.119724] [ 623.121395] ====================================================== [ 623.127709] WARNING: possible circular locking dependency detected [ 623.134809] 4.14.228-syzkaller #0 Not tainted [ 623.139303] ------------------------------------------------------ [ 623.145598] overlayfs: missing 'lowerdir' [ 623.145622] syz-executor.5/15993 is trying to acquire lock: [ 623.155463] (&ovl_i_mutex_dir_key[depth]#2){++++}, at: [] path_openat+0x149b/0x2970 [ 623.164921] [ 623.164921] but task is already holding lock: [ 623.170888] (&sig->cred_guard_mutex){+.+.}, at: [] do_execveat_common+0x319/0x1f30 [ 623.177442] overlayfs: filesystem on './bus' not supported as upperdir [ 623.180372] 20:08:28 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x400) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 623.180372] which lock already depends on the new lock. [ 623.180372] [ 623.180374] [ 623.180374] the existing dependency chain (in reverse order) is: [ 623.180378] [ 623.180378] -> #3 (&sig->cred_guard_mutex){+.+.}: [ 623.180399] __mutex_lock+0xc4/0x1310 [ 623.180408] proc_pid_stack+0x13f/0x2f0 [ 623.180420] proc_single_show+0xe7/0x150 [ 623.222671] seq_read+0x4cf/0x1120 [ 623.226736] do_iter_read+0x3eb/0x5b0 [ 623.231062] vfs_readv+0xc8/0x120 [ 623.235044] default_file_splice_read+0x418/0x910 [ 623.240409] do_splice_to+0xfb/0x140 [ 623.244649] splice_direct_to_actor+0x207/0x730 [ 623.249840] do_splice_direct+0x164/0x210 [ 623.254506] do_sendfile+0x47f/0xb30 [ 623.258731] SyS_sendfile64+0xff/0x110 [ 623.263134] do_syscall_64+0x1d5/0x640 [ 623.267605] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 623.273293] [ 623.273293] -> #2 (&p->lock){+.+.}: [ 623.278392] __mutex_lock+0xc4/0x1310 [ 623.282699] seq_read+0xba/0x1120 [ 623.286690] do_iter_read+0x3eb/0x5b0 [ 623.291002] vfs_readv+0xc8/0x120 [ 623.295122] default_file_splice_read+0x418/0x910 [ 623.300597] do_splice_to+0xfb/0x140 [ 623.304845] splice_direct_to_actor+0x207/0x730 [ 623.310024] do_splice_direct+0x164/0x210 [ 623.314681] do_sendfile+0x47f/0xb30 [ 623.318898] SyS_sendfile64+0xff/0x110 [ 623.323298] do_syscall_64+0x1d5/0x640 [ 623.327755] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 623.333491] [ 623.333491] -> #1 (sb_writers#3){.+.+}: [ 623.339002] __sb_start_write+0x64/0x260 [ 623.343571] mnt_want_write+0x3a/0xb0 [ 623.347880] ovl_do_remove+0x67/0xb90 [ 623.352181] vfs_rmdir.part.0+0x144/0x390 [ 623.356832] do_rmdir+0x334/0x3c0 [ 623.360797] do_syscall_64+0x1d5/0x640 [ 623.365187] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 623.370873] [ 623.370873] -> #0 (&ovl_i_mutex_dir_key[depth]#2){++++}: [ 623.377794] lock_acquire+0x170/0x3f0 [ 623.382116] down_read+0x36/0x80 [ 623.386013] path_openat+0x149b/0x2970 [ 623.390402] do_filp_open+0x179/0x3c0 [ 623.394700] do_open_execat+0xd3/0x450 [ 623.399084] do_execveat_common+0x711/0x1f30 [ 623.403996] SyS_execveat+0x51/0x70 [ 623.408125] do_syscall_64+0x1d5/0x640 [ 623.412510] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 623.418193] [ 623.418193] other info that might help us debug this: [ 623.418193] [ 623.426313] Chain exists of: [ 623.426313] &ovl_i_mutex_dir_key[depth]#2 --> &p->lock --> &sig->cred_guard_mutex [ 623.426313] [ 623.438441] Possible unsafe locking scenario: [ 623.438441] [ 623.444479] CPU0 CPU1 [ 623.449148] ---- ---- [ 623.453792] lock(&sig->cred_guard_mutex); [ 623.458098] lock(&p->lock); [ 623.463712] lock(&sig->cred_guard_mutex); [ 623.470540] lock(&ovl_i_mutex_dir_key[depth]#2); [ 623.475553] [ 623.475553] *** DEADLOCK *** [ 623.475553] [ 623.481596] 1 lock held by syz-executor.5/15993: [ 623.486328] #0: (&sig->cred_guard_mutex){+.+.}, at: [] do_execveat_common+0x319/0x1f30 [ 623.496116] [ 623.496116] stack backtrace: [ 623.500691] CPU: 1 PID: 15993 Comm: syz-executor.5 Not tainted 4.14.228-syzkaller #0 [ 623.508557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 623.518175] Call Trace: [ 623.520755] dump_stack+0x1b2/0x281 [ 623.524380] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 623.530175] __lock_acquire+0x2e0e/0x3f20 [ 623.534314] ? trace_hardirqs_on+0x10/0x10 [ 623.538532] ? unlazy_walk+0x1da/0x4a0 [ 623.542400] lock_acquire+0x170/0x3f0 [ 623.546191] ? path_openat+0x149b/0x2970 [ 623.550242] down_read+0x36/0x80 [ 623.553694] ? path_openat+0x149b/0x2970 [ 623.557772] path_openat+0x149b/0x2970 [ 623.561654] ? prepare_creds+0x260/0x490 [ 623.565731] ? path_lookupat+0x780/0x780 [ 623.569873] ? kmem_cache_alloc+0x124/0x3c0 [ 623.574255] ? trace_hardirqs_on+0x10/0x10 [ 623.578487] ? SyS_execveat+0x51/0x70 [ 623.582278] ? do_syscall_64+0x1d5/0x640 [ 623.586329] do_filp_open+0x179/0x3c0 [ 623.590123] ? may_open_dev+0xe0/0xe0 [ 623.594046] ? trace_hardirqs_on+0x10/0x10 [ 623.598287] ? aa_alloc_task_context+0x4d/0x90 [ 623.602863] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 623.607878] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 623.612710] do_open_execat+0xd3/0x450 [ 623.616592] ? kernel_read_file_from_path+0x180/0x180 [ 623.621767] do_execveat_common+0x711/0x1f30 [ 623.626170] ? copy_strings_kernel+0x110/0x110 [ 623.630741] ? strncpy_from_user+0x210/0x2c0 [ 623.635378] ? getname_flags+0x22e/0x550 [ 623.639429] SyS_execveat+0x51/0x70 [ 623.643178] ? SyS_execve+0x50/0x50 [ 623.646795] do_syscall_64+0x1d5/0x640 [ 623.650664] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 623.655833] RIP: 0033:0x466459 [ 623.659019] RSP: 002b:00007fded9950188 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 623.666706] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 [ 623.673974] RDX: 0000000020000440 RSI: 00000000200000c0 RDI: ffffffffffffff9c [ 623.681225] RBP: 00000000004bf9fb R08: 0000000000001000 R09: 0000000000000000 20:08:29 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1b"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:29 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdar=.']) acct(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) unlink(&(0x7f0000000100)='./bus\x00') r2 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r1, r2) fchownat(r0, &(0x7f00000000c0)='./file1\x00', r1, 0xffffffffffffffff, 0x400) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 623.688475] R10: 0000000020000540 R11: 0000000000000246 R12: 000000000056c008 [ 623.695724] R13: 00007ffe6c9f617f R14: 00007fded9950300 R15: 0000000000022000 20:08:29 executing program 3: mkdir(0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:29 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="757070657264696f726b6469723d2e7765726469723d2e0000000022000000004355c27901556712b0d8e5135a1760b4e4d2720000000000000000002f3ddba94cce9c6e604019e89f7edcd7730bafa0907a190bd562bfbeb3e6b86419888160624692afc8672b8ac5a46e106b79050deda62f09618b3c5eba486514aa75ae0a337a5af62b690cef4a03f79cbc72b030da21392803f9542692700d0c4874f38c42b0015a52025b0a61e0d73ae4cc9413acf636e7d98f9b65ed03356e7de6af1ac112a2e5efa6fd18e894cb34c5c8bcd43fb4b471cdb5bc1867754f0d48487e67a2d45cc26b08e1ea535e16035390"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r1 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r0, r1) mount$overlay(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000280)='overlay\x00', 0x20080, &(0x7f0000000340)={[{@xino_off='xino=off'}, {@nfs_export_on='nfs_export=on'}, {@index_off='index=off'}, {@metacopy_off='metacopy=off'}, {@index_off='index=off'}, {@default_permissions='default_permissions'}, {@nfs_export_on='nfs_export=on'}], [{@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@fsname={'fsname', 0x3d, 'overlay\x00'}}, {@hash='hash'}, {@euid_lt={'euid<', r0}}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@fsname={'fsname', 0x3d, 'overlay\x00'}}]}) add_key(&(0x7f0000000440)='.dead\x00', &(0x7f0000000480)={'syz', 0x3}, &(0x7f00000004c0)="5f1dfef025c8a34a5c588c0d1814cad06e2d08b4be06f2e749b4b5b2129766e40e2bf998f34aaf64d42cd569a7c58c55ff21b2cff9c79575f2737563b8977f7f083a4b103510e90a09f435f62f84f08825cd68eb910041c9cb9f638225340af902f337453d8a", 0x66, 0xfffffffffffffffd) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:29 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000080)) preadv(r2, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/201, 0xc9}, {&(0x7f00000001c0)=""/19, 0x13}, {&(0x7f0000000200)=""/207, 0xcf}, {&(0x7f0000000300)=""/166, 0xa6}, {&(0x7f00000003c0)}], 0x5, 0xa, 0x6) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000480)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000180)={{}, r4, 0x0, @inherit={0x58, &(0x7f0000000000)={0x0, 0x2, 0x9, 0xfff, {0x0, 0x2, 0x8, 0x7, 0x81}, [0x40, 0x30000000000000]}}, @subvolid=0x7}) r5 = accept4$nfc_llcp(r3, &(0x7f0000001180), &(0x7f0000001200)=0x60, 0x40000) mmap(&(0x7f00005f4000/0x3000)=nil, 0x3000, 0x3000000, 0x40010, r5, 0xe8b11000) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r3, 0xc0c89425, &(0x7f0000000480)={"0fecf1d6abe045f923fb5e7d6547e0e6", r4, 0x0, {0xde5, 0x6}, {0xffffffff, 0x7}, 0x9, [0x7, 0x2, 0x8, 0x0, 0x7fffffff, 0x248f, 0xff55, 0x7b, 0xd35, 0x1, 0x3, 0x1, 0x80000000, 0x7, 0x3, 0x6]}) sendfile(r0, r2, 0x0, 0x8400fffffffa) 20:08:29 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 623.787099] overlayfs: unrecognized mount option "lowerdar=." or missing value [ 623.797950] FAT-fs (loop2): bogus number of reserved sectors [ 623.813729] overlayfs: unrecognized mount option "upperdiorkdir=.werdir=." or missing value [ 623.814854] FAT-fs (loop2): Can't find a valid FAT filesystem [ 623.827506] overlayfs: filesystem on './bus' not supported as upperdir 20:08:29 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) syz_mount_image$gfs2meta(&(0x7f00000000c0)='gfs2meta\x00', &(0x7f0000000100)='./file1\x00', 0x3ffc0000000, 0x3, &(0x7f0000000140)=[{&(0x7f0000000340)="7dd52d800ab01566cd87cc5975a52f3dd848644a3ae27a46573383bc39ab91b036b759de6910328b3ee6e9bf3cf44d22480e6e55d8f76b3ac1e31d98e58955040c2476374747fd241cd5ce070cdbf6929bfa2d9deca0034971969b99421ff744c2e7819181782ed3f15a1a24c6398090dadb910b178e9a83fc23b08308b5c490248d8faa2d43c3e64af532ebd63e86351b470f35e9d12a7a4d529d4fdc7377", 0x9f, 0x401}, {&(0x7f0000001040)="5a3e56f734145b0c1fd61b8e1f15e6c2eed3fb01d895821a8427c992d325290c1fe1548f410c5414926f279b4a050659b2ab6722eef831ed6976aebe5ce0022618f056bf1e1521948cf87b6412117b11fd6e628a006f4de978d70d36bf1d03901636cc72276ad7b245e602f4ab598944535b7036ed6f9f285082bba22ca7938db357ecb586c289cb53b72d13848e5f29222d19bc7a339a039b53004b42b24bef2d57b9b5a52ebbe98c85be55e40a217cdff3b696c63f72715a53ea10ae2a0c4273", 0xc1, 0x6}, {&(0x7f0000000500)="f9c830d3860b03666f56454961e94226517f1e706d323d2e4a8e1e9b97af1d2ed9afbebfe7f5bf3d727eefe788869ab5b8c588dce660350bc296c338b698dcc346bf05c65ea421bd8217be948ace1858ffd8bc0534c6d7e921bbc4103c82ad322523f2e4b134e082b432106231299b4d9bdd559ba8d3351da3892ec895d33de4646d0b681e6af5fdef9f23a60e053e3b60cab4786e5336e86abea7d4b05e9e3d2f53d08aaf5b996e10b3e1bce03b7134f7f62069547963871bc818aea53a78266268fe96830e386d", 0xc8, 0x1ff}], 0x41840, &(0x7f0000000f00)={[], [{@smackfstransmute={'smackfstransmute', 0x3d, 'overlay\x00$\xb4>\x10\xa0a\x9dv\x9aN\re\xff\a\xe6\x1c/\xc3\x19\xb8\xfc}\xd1k\x00\x00\x00\x00\x00\x00.\x86.rv\xc5\xb3F\xb6c\xaa>\xe5D\x8fv\bzPm\xe9C\x1e\x04\xb9\xe9d\xe8G\x10\xf6\x13<,\xea0\x12m\xb4g\xf8\xae\xe2\x8a\x892\xe4\x8c\xb5?\xfc\xe6v01\x89u&(\xeb\xe3v\x1b\n*\xa95\xbd\xa3\xf8\xb3v\xe9\xba\b#\f'}}]}) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bqs,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r1 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r0, r1) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r2, r3) syz_mount_image$vfat(&(0x7f0000000480)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x6, 0x8, &(0x7f00000014c0)=[{&(0x7f0000001240)="0e30874f830beb964172c145d5f44954dec89c7d46bd5ffabcd5f7ac232b71a89746699465a50086d98e3f00c86af0195c2ddf3d68d6b99cfc9cb60f35e495afd992ab2609cd0cb0962b92a7df34aef4669d361e58ad0806b9f46f6b46db80477165db17d4c469067ddb5bb1aafccda5c7b8f993b0d29476ab5936e591913a2993076815e1680d2aa865a3fb2f3e405476cfdee371989401fb662387c30a087672992f448124934fd11cc51186d8c09b50c20d62181aee7960ff17a9e8abe8be3f1c2e316304b7a7c3704befabdf6020e466", 0xd2, 0x8}, {&(0x7f0000000600)="35a6e9607880c64b1c622d1143c1dda105af289aabf8f241f576608224a024632d8593387383bca2300d6114cf5d44dfae9e65df010f4b81acff33737ac894a617edd1602110e0352821b8337821d8ae6b6c003a2061c04b0673c1ca8213ab7282456319d5", 0x65}, {&(0x7f0000000700)="d741552c6db6", 0x6, 0x8001}, {&(0x7f0000000e40)="245c6fc78d944e30d051171839b472174f45cfb3199c772532a5920bd954c43d7c2cecdbccfef5341d71f928c2061102a75aef73108e164ee9ddacb04e484579b6420683c5f6720864ef67ef776c09e9e6c6", 0x52, 0x1}, {&(0x7f0000001340)="365bb728a64dfb740139143bcaca703da8e360b8219e45041e8ccdb47ea2978d72477201bae7a3019d1ef4a1d564d2074b045a82a5d27d85edd75ee91dd31b81a3d3e896cdc43265a0d18d47202b82796b6907a8bd16e6cedfc346f45d5ae04594627e8fca8964b81c2afbdd617e98fd8c1ded9079dd3b2ef02f51a7b7a7b44729cc9638719c88cface1610c08071cd5", 0x90, 0x3ff}, {&(0x7f0000001400)="4816dfd47171b8fe6afffebf767d5fd63504e9742b5eebcdaeec259d5d0ff3b13a4fda232519a5f5e1d531b8d4ae3f8b8810499a50a44d295242e92ae27cb2c56a0bfebd9f0e8a5555a2447ad861f6ec0fc69d4b337e8d8643fa6e4e46c2f39daf579d523c13e3cd8cad8a6197efccdf1344c9d3dd8838029c37cefd6bb602f1dd94c6e6c798150560dcf369f333bbb077c2b34510dd", 0x96, 0x3}, {&(0x7f0000000ec0)="f4cea902c1f0d113a5267d1be33ef33d667e8054fae5ac27db92f43c022d17f1588236", 0x23, 0x10000000200}, {&(0x7f0000000fc0)="c0d705602edfdaf0dd08439e85b190aff3ce400b7c8d76ea8941dfb8e1f3b89464c90e6e9426d63b0830277a92452fc349b45d6570b29089a7b3ff0e176a160b4dab890d9ac3ceaa1747f52e5a2f7861138ed4c13e85d36ac8753baa6d79ae1f991726a499c827213a45", 0x6a, 0x7}], 0x2000, &(0x7f0000001580)={[{@shortname_lower='shortname=lower'}], [{@fowner_gt={'fowner>', r0}}, {@euid_lt={'euid<'}}, {@euid_lt={'euid<', r2}}, {@dont_appraise='dont_appraise'}]}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001800)={0x0, 0x0}, &(0x7f0000001840)=0xc) mount$9p_xen(&(0x7f0000001600)='syz\x00', &(0x7f0000001640)='./bus/file0\x00', &(0x7f0000001680)='9p\x00', 0x1, &(0x7f0000001880)={'trans=xen,', {[{@access_uid={'access'}}, {@posixacl='posixacl'}, {@cache_fscache='cache=fscache'}, {@aname={'aname', 0x3d, '@-}-#'}}, {@noextend='noextend'}, {@nodevmap='nodevmap'}, {@access_user='access=user'}], [{@dont_measure='dont_measure'}, {@obj_user={'obj_user'}}, {@smackfshat={'smackfshat', 0x3d, 'system.posix_acl_default\x00'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fowner_lt={'fowner<', r4}}, {@appraise='appraise'}, {@obj_type={'obj_type', 0x3d, './,'}}, {@smackfsdef={'smackfsdef', 0x3d, 'smackfstransmute'}}]}}) chdir(&(0x7f00000001c0)='./bus\x00') syz_mount_image$gfs2meta(&(0x7f0000000240)='gfs2meta\x00', &(0x7f00000006c0)='./bus/file0/file0\x00', 0xfff, 0x7, &(0x7f0000000c00)=[{&(0x7f0000000700), 0x0, 0x7f}, {&(0x7f0000000740)="9faac751863e8d7813179c3b85ce0b5ff23391e3d494cf49d30dd13fcdc50113d2bfb4ce1f28741b2b77e71de6a1b75fb794aa133e6dd34d827041d90a3b0dd63a82612b9edd5a2b503c469757bb69125d127c59d48e551525bb66bf7f6a33792365f8e5a4b0d968b850644222c9354f04a31f926a6f5ad2153382eb06a6d628e19c11275a768634515d6e8340207f599ea2cbd65c1a5a7d7c9e48dbaf8803ec33b088d4fd529b187c7dfdff9d98e6e0121fc0afb1238f3fc44975e23a9bdb1dcdce7561cacc86b624bb62acc79d41e825ffad652b2842e3b96f671490", 0xdd, 0xffffffff}, {&(0x7f0000000840)="b4c89b56ca1ccb32e0d541af11a5ca102861facfc9d74c3b36f172899af6119f892b1e2a436abb266876d667db9bd79242f4e7695de69d6e1131b17251015007d2fd94612b6dd67ce32fec817d74b615e8b18daa66cea66c3b6d177c1d86f99fa3de1018337a90a318d01cfa87278a43fe18ae67fbdb2126d3c11235ce828e9a653f36e08076fc0217659e4657dd97d8905b1ceb60c7734c6582ebe2f9bb3b3ea478769f614b81d9e4", 0xa9, 0x1}, {&(0x7f0000000900)="6c8324f0811591465ebaba69574444b05043e83a451d8c0e26401b8681138459eb0a282f5ebae0d90a1bd809402a032a86175a8d6123877514028036cc0ce4d905f3cee7de6d098bafeb389749b54496a772c80a1e7fca9270b22d461e6ba39f0efbf927cdf82bf9ff1994fbb5daabc5811766a61df51341b981aa3128bfe93a10eda1146a1f23d8f8aff6280d757e912a8441407fdf254c7a9d677146486a2974d20ffc882f92c2310d823b67837c9b30c4c4ce3063922584711dfdde9204e34a49806e48", 0xc5, 0x7}, {&(0x7f0000000a00)="4b0e6617bc122f4aa380a92c86c6f5a319a3175de4394c081f4d3cfd15e924531577060cf3bcd2030847682bac1c1696f637290e8b27e8b8786c878fb01e3dee7a4757a0f0bdc06b88d8d0fa58bccc37c22bd29ac575fe4efac587bf8749a6146c25c35dc1a45a8d72818315290fbef79bab995efd9b4add7868ca5e9df59e915d27826a0e56513d6a1e8d88e44e8d036da6d09f13241111e5ce08cd7ea462b61b1bbe3eb88b78f7276b9112d9123954ab67fd3a044560db885791ef5f864f2093f38c6ff034a904c131bc64c01dafa38d389dc174e3f4a8550f95fefe227c9d7c5ef11e", 0xe4, 0x6}, {&(0x7f0000000b00)="729872bc93e03293a4fd2a948da67c9fc816f7fbb7f3ef318d0f6874c4d9035f3bb5561e557f23a1a90ca47b8d3141eeba5e373846a56aaae95a799a7775f5ca202d026aa2c8cb8deebd816639d2aeb3a498c499341cefd7ccec9c401c32090f9f", 0x61, 0xfffffffffffffffb}, {&(0x7f0000000b80)="b89f25bb46a9ffa4bc6af29bb950c538d9fc567fc5f6c79f252690fef203fd54b8dd8fbb55e5cde99714f1b7b2d6e93ed6743aac28fa41ae192a44460ba3ecefee3347d252fc65ec439fb7e448b25620e2fb5e572e", 0x55, 0x6}], 0x2, &(0x7f0000000d40)={[{}, {}, {',\'@'}, {'smackfstransmute'}], [{@dont_appraise='dont_appraise'}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x66, 0x61, 0x39, 0x32, 0x63, 0x66, 0x63, 0x30], 0x2d, [0x37, 0x64, 0x65], 0x2d, [0x0, 0x31, 0x0, 0x31], 0x2d, [0x61, 0x64, 0x63, 0x66], 0x2d, [0x62, 0x61, 0x51, 0x61, 0x37, 0x66, 0x34, 0x32]}}}, {@hash='hash'}, {@smackfsdef={'smackfsdef', 0x3d, '(^%:,'}}, {@subj_type={'subj_type', 0x3d, '^h:%!:@@]%@]-(*$/!'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '},*)'}}, {@fowner_lt={'fowner<'}}, {@smackfsroot={'smackfsroot', 0x3d, '$.'}}]}) unlink(&(0x7f0000000200)='./bus/file0\x00') getxattr(&(0x7f0000000400)='./bus/file0\x00', &(0x7f0000000440)=@known='system.posix_acl_default\x00', &(0x7f0000001140)=""/222, 0xde) [ 623.850933] overlayfs: unrecognized mount option "lowerdar=.C" or missing value [ 623.873861] overlayfs: unrecognized mount option "upperdiorkdir=.werdir=." or missing value [ 623.876442] overlayfs: failed to resolve './file1': -2 20:08:29 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:29 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000e00)=[{&(0x7f0000000b40)=""/92, 0x5c}, {&(0x7f0000000bc0)=""/149, 0x95}, {&(0x7f0000000c80)=""/70, 0x46}, {&(0x7f0000000d00)=""/220, 0xdc}], 0x4, 0x1, 0x5) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x40040}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e40)={0x28, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x34}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000800}, 0x8800) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) r1 = syz_mount_image$v7(&(0x7f00000003c0)='v7\x00', &(0x7f0000000400)='./file1\x00', 0x1, 0x8, &(0x7f0000000940)=[{&(0x7f0000000440)="7947ec5e3e63d80b3d9bc33867927014455cc28ed9795f208de07dfc8ed9944ba2c6097b25a0c17da60652018caed22ceb99cc3504d716bc1a3307941e4011255b5d262d1e915ae2adec38455e9daf2c09d95e662c2b0aa7f93bb9b06cedf455f69d0757a630ca496570ea478f88b0a4ef07b624e60de8e342e38b9d5e68", 0x7e, 0x7fffffff}, {&(0x7f0000000540)="2ea0dc52dda5aec9e409a91e3e3c429460ee567c8ca95d37a139790146fc5e73b64573fb2cf006fba6a4a55ea1eae4cf2421b68069b487458a04f2bc792a3616162677ae372e6e0df9ec218dc179cb1a0915543b31ea2527a1508a492144e2ed7c96a94552f9c907f4933e86e3bceb0da8f3c6fb2312f5e0f887f2a2ac4e6ee657224a09fc0f4b01f9673eac71f2f69b9e04985a7d86ecfbfac43b46b0ebf1a9184f19508615113e8f703a4fb60eebd6f869316a2075c3a489127ed48cb85cc45ff5d4ca95505088a4bc8f56be07015a7b3a3185fa124ea4c77adc4861712518124a4660d5", 0xe5, 0xffffffff}, {&(0x7f00000006c0)="833e8ed88039b7e98481f0a799e9a6bc3ae93f1ecd7df42f2e366383542553556e599d75c078f5e39a8bf1a154446c6c9b2965e6a6ab5b437f1e22ca91fdd99663443c80b9e7cea4ff2b695d1cc951b4289fb694ff170c18c03112a75fed495f0de01ebb3ab487484cfa763f5de423734e9877762e68dfc559f50abde17750df442131553cdeb2", 0x87, 0x6}, {&(0x7f00000004c0)="c920f37dd30bfb3bc39f7ee741b4af7d", 0x10}, {&(0x7f0000000780)="446d46119d114fa04526266b4d43b30847610c8b7d2d68c84521399d25d1afa7e7b3fcc0e55a7827dabd1c5993b6e639037fcb0c5e351a806217814fbf4733738b5e2d9ccf01eca9ed9522e00c9717fd69ec8d8262ea243c6b21dad046a6f2c843efae6536d9a5a7820f504900e4952a81c565bbb06d8a73ceed7ed2f6037325629c35405492c1aa8144e5af50068aae06d79393c694cbffbb7197774322a1a057174838d515c0d1e9", 0xa9, 0x2}, {&(0x7f0000000840)="01765654a41a701340b05e9c0be29a209c7575a678da04840eb01d453c80fb0e185936113004205d9c206607af86cef3bb113cfcfb2e83be2773ae52fa66a55069ceb80352e456eb25fbaef0179f898b65f04ae408ec347029a8682f80fbebb5e072dc530b8a32dc62bf", 0x6a, 0xe4f}, {&(0x7f0000000640)="2cceb8b2ea8a042619bc7af5fae07c04b5789900ccff0b97a82a01867ce15d1575ab05e528bd2db08568a7e2923d7b9ba92e9637", 0x34, 0xf7}, {&(0x7f00000008c0)="efd8887d27256aed561283e996c0424e5801ecf4a713f55e91fb26426a16ff4af6890a45c2eb5f0086496f7d6d60484b978fbb56cfd114d53331ecd83dbab3edbde41021176989453f2b8a3810a91825375b417113602d96af898d69017527027f17731caa81712747ee852ae721eafad7454bb359b9fcea48db2a", 0x7b, 0x2000000000000000}], 0x20000, &(0x7f0000001080)=ANY=[@ANYBLOB="42cf9c752f3041cd3a160e242956fc3559d2d7cef2ca4a4a4ff9743af0daeba7833767ddbd1085de4d110bfc87aac2a8d7a2b11bc88cfdbe62276006dfa10a2e21a5771ca2c68798e7a8efe19c48212abf4e57769a56c7646b49870ab8d173c23944b080bf3a992254a959bca7256e97d9f5904c0df4cf8e3987724fce5fe06cda855ba4ec155909012ff4c109cd681c70fefbe97dec1da2d0ff4617e5f4fe69d4ee3849e86306b30391d5c018af47ea6b3347bfe77416bfa404f21080df6cb27930b5", @ANYRESDEC=0x0, @ANYBLOB="2e7365726c1b9fbad1ba282c1791ef0700877b56b6e54b18e6476dceeeb27aea8edc28a4197e1603e73f5f434d7681f6088b6560649ce84fbdbed1ba0fac8b6a52d64288a1fc379b88217f7edc343bfedd567c56acf124", @ANYRESDEC=0xee01, @ANYRESDEC=r0]) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000ac0)='./file0\x00', 0x84600, 0x30) renameat2(r1, &(0x7f0000000a80)='./bus/file0\x00', r2, &(0x7f0000000b00)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus/file0\x00', 0x0) mknodat$null(r0, &(0x7f0000000100)='./bus\x00', 0xc000, 0x103) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdirI./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r3, r4) mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='overlay\x00', 0x110000, &(0x7f0000000340)={[], [{@measure='measure'}, {@uid_lt={'uid<', r3}}, {@dont_measure='dont_measure'}, {@permit_directio='permit_directio'}, {@hash='hash'}, {@hash='hash'}]}) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:29 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)={&(0x7f0000000240)='./bus/file1\x00', 0x0, 0x10}, 0x10) mount(&(0x7f00000000c0)=@filename='./bus/file0\x00', &(0x7f0000000100)='./bus/file1\x00', &(0x7f0000000140)='reiserfs\x00', 0x40802, &(0x7f0000000180)='overlay\x00') lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 623.983095] overlayfs: failed to resolve './file1': -2 20:08:29 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 624.026748] overlayfs: failed to resolve './bqs': -2 20:08:29 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 624.055137] overlayfs: unrecognized mount option "workdirI./file1" or missing value [ 624.059712] overlayfs: filesystem on './bus' not supported as upperdir [ 624.071782] 9pnet: Could not find request transport: xen [ 624.084255] overlayfs: failed to resolve './file1': -2 [ 624.124693] overlayfs: unrecognized mount option "workdirI./file1" or missing value [ 624.125942] overlayfs: failed to resolve './bqs': -2 [ 624.178478] 9pnet: Could not find request transport: xen 20:08:30 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1b"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:30 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/228, 0xe4}, {&(0x7f0000000100)=""/160, 0xa0}, {&(0x7f0000000440)=""/140, 0x8c}], 0x3, 0x4d52, 0x7) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x0, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8001, 0x6, 0x0, 0x9, 0x3f}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) preadv(r1, &(0x7f00000008c0)=[{&(0x7f0000000540)=""/6, 0x6}, {&(0x7f0000000580)=""/183, 0xb7}, {&(0x7f00000006c0)=""/243, 0xf3}, {&(0x7f00000007c0)=""/88, 0x58}, {&(0x7f0000000840)=""/77, 0x4d}], 0x5, 0x1ff, 0xff) 20:08:30 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='uporkdir=\r/file1,lowerdir=.\x00'/41]) lsetxattr$security_capability(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') open(&(0x7f0000000100)='./bus/file0\x00', 0x503200, 0x24) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:30 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 624.654992] FAT-fs (loop2): bogus number of reserved sectors [ 624.660832] FAT-fs (loop2): Can't find a valid FAT filesystem [ 624.677385] overlayfs: unrecognized mount option "uporkdir=/file1" or missing value [ 624.720622] overlayfs: unrecognized mount option "uporkdir=/file1" or missing value 20:08:30 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:30 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') truncate(&(0x7f00000000c0)='./bus\x00', 0x2) 20:08:30 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000340)=""/203, 0xcb}, {&(0x7f0000000540)=""/253, 0xfd}], 0x2, 0x3, 0x9) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:30 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) write$binfmt_misc(r2, &(0x7f0000000080)={'syz0', "46c43f1df02a75b065bb51ba202cecf211b42643f927acad1846a9438d5c4c1c4cd3daae24bad5d1"}, 0x2c) 20:08:30 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upper$ir=./bus,workdir=./fqle1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) open(&(0x7f00000000c0)='./bus\x00', 0x70000, 0x166) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:30 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 624.904745] overlayfs: unrecognized mount option "upper$ir=./bus" or missing value [ 624.937048] overlayfs: filesystem on './bus' not supported as upperdir [ 624.944321] overlayfs: unrecognized mount option "upper$ir=./bus" or missing value 20:08:30 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:30 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') open(&(0x7f00000000c0)='./bus\x00', 0x82382, 0x10) symlink(&(0x7f0000000140)='./bus/file0\x00', &(0x7f0000000100)='./bus\x00') [ 624.956947] overlayfs: filesystem on './bus' not supported as upperdir [ 625.040349] overlayfs: filesystem on './bus' not supported as upperdir 20:08:30 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6db"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:30 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus\x00', 0x0, 0x0, 0x0, 0xf490caa4b5177961) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:30 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f62750900000000000000723d2e2f66690065312c67887765726469d41cadd84c26"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:30 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:30 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x3) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000100)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:31 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 625.533673] overlayfs: missing 'workdir' [ 625.546855] overlayfs: missing 'lowerdir' [ 625.560658] FAT-fs (loop2): bogus number of reserved sectors [ 625.567030] overlayfs: missing 'workdir' [ 625.572769] overlayfs: filesystem on './bus' not supported as upperdir 20:08:31 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) fanotify_mark(0xffffffffffffffff, 0x41, 0x1010, r0, &(0x7f0000000140)='./file1\x00') mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) truncate(&(0x7f0000000100)='./bus\x00', 0x7) chdir(&(0x7f00000000c0)='./bus/file0\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 625.578362] FAT-fs (loop2): Can't find a valid FAT filesystem [ 625.588821] overlayfs: missing 'lowerdir' [ 625.607199] overlayfs: missing 'lowerdir' [ 625.634202] kauditd_printk_skb: 11 callbacks suppressed [ 625.634210] audit: type=1804 audit(1617134911.134:2662): pid=16158 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1072/file1/bus" dev="sda1" ino=14442 res=1 20:08:31 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) open(&(0x7f0000000080)='./bus\x00', 0x400000, 0x41) 20:08:31 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000940)=[{{&(0x7f0000000340)=@generic, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000180)=""/32, 0x20}, {&(0x7f0000000240)=""/8, 0x8}, {&(0x7f00000003c0)=""/67, 0x43}, {&(0x7f0000000440)=""/104, 0x68}, {&(0x7f00000004c0)=""/192, 0xc0}, {&(0x7f0000000580)=""/39, 0x27}], 0x6, &(0x7f00000006c0)=""/106, 0x6a}, 0x9}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000740)=""/226, 0xe2}, {&(0x7f0000000840)=""/158, 0x9e}, {&(0x7f0000000640)=""/62, 0x3e}], 0x3}, 0xc71b}], 0x2, 0x1, &(0x7f00000009c0)) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000a00)='./bus/file0\x00', 0x0) setxattr$security_capability(&(0x7f00000000c0)='./bus/file0\x00', &(0x7f0000000100)='security.capability\x00', &(0x7f0000000140)=@v3={0x3000000, [{0x4, 0x80}, {0x1f, 0x5}], 0xee00}, 0x18, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c775390a20d83f8f06f726b6472723d2e2f66696c65312c6c000000006469722e2e"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a80)='./bus/file0\x00', &(0x7f0000000ac0)='hfsplus\x00', 0x800000, &(0x7f0000000b00)='.\\@{)(\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:31 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:31 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) truncate(&(0x7f0000000100)='./bus/file0\x00', 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 625.706637] audit: type=1804 audit(1617134911.204:2663): pid=16126 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1216/bus" dev="sda1" ino=15167 res=1 [ 625.736436] overlayfs: failed to resolve '.C': -2 20:08:31 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="7570709aa26469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2e"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) utime(&(0x7f00000000c0)='./bus/file0\x00', &(0x7f0000000100)={0x7, 0x2}) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 625.766856] overlayfs: failed to resolve '.C': -2 [ 625.775962] audit: type=1804 audit(1617134911.274:2664): pid=16189 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1217/bus" dev="sda1" ino=15196 res=1 [ 625.787539] overlayfs: missing 'lowerdir' [ 625.834564] overlayfs: unrecognized mount option "wSorkdrr=./file1" or missing value [ 625.845214] overlayfs: filesystem on './bus' not supported as upperdir [ 625.883608] overlayfs: unrecognized mount option "uppdir=./bus" or missing value [ 625.907506] overlayfs: unrecognized mount option "uppdir=./bus" or missing value 20:08:31 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:31 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='./bus\x00', 0xc002, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065726469723dae5f8e475d2e2f6275732c776f726b6451723d2e2f66696c65312c6c05776572"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) symlink(&(0x7f0000000140)='./bus\x00', &(0x7f0000000180)='./file1\x00') chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') write$P9_RREADLINK(r0, &(0x7f0000000100)={0x14, 0x17, 0x2, {0xb, './bus/file0'}}, 0x14) 20:08:31 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat(r0, &(0x7f00000000c0)='./file1\x00', 0xc002, 0x114) 20:08:31 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6db"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:31 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 626.406489] overlayfs: missing 'lowerdir' [ 626.409386] overlayfs: unrecognized mount option "workdQr=./file1" or missing value [ 626.423903] FAT-fs (loop2): bogus number of reserved sectors [ 626.434943] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:31 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./bus\x00', 0xc4) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f000042f000/0x1000)=nil, 0x1000, 0x280000d, 0x11, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 626.452077] overlayfs: unrecognized mount option "workdQr=./file1" or missing value [ 626.473947] overlayfs: missing 'lowerdir' 20:08:31 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus/file0\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 626.495942] audit: type=1804 audit(1617134911.994:2665): pid=16217 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1073/file1/bus" dev="sda1" ino=14401 res=1 [ 626.581823] overlayfs: failed to resolve './bus': -2 [ 626.596818] audit: type=1804 audit(1617134912.094:2666): pid=16200 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1217/bus" dev="sda1" ino=15196 res=1 20:08:32 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:32 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000240)='./bus/file0/../file0\x00', 0x20) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="75707065726469723d2e2f6255732c776f726b6469723d2e2f66696c65312c6c726469723d2e8684c8a6597fc0668c1f154be5d98957866400bedf98d240af26e1258551e38a3c18d3e1432917628835376d002baa574eef39fc9e793ea0b6f61ec9daacebe66f5025aff2bd18004daa6d8de8ebc293489146d4809923d487973318c3960431b0211faa27b55e33d6df53211d1c401a66695b95cc406d291a17e35f431c5d2ca451d6f9095bd10ffca1168895c52679ef248875454d6314c617e1921adad5a41257245da2512efa93a23283287dd053566396af52eff6e441866d61ccdc41a8c6f2eb00c126a81fffde20000000"]) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000780)={{{@in6=@ipv4={[], [], @initdev}, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@private2}}, &(0x7f0000000280)=0x6c) mount$overlay(0x0, &(0x7f0000000100)='./bus/file0/../file0\x00', &(0x7f0000000140)='overlay\x00', 0x22, &(0x7f00000006c0)={[{@redirect_dir={'redirect_dir', 0x3d, './bus/file0'}}], [{@smackfsdef={'smackfsdef', 0x3d, '.'}}, {@measure='measure'}, {@obj_role={'obj_role', 0x3d, 'overlay\x00'}}, {@appraise='appraise'}, {@smackfsfloor={'smackfsfloor'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@euid_gt={'euid>', r2}}, {@seclabel='seclabel'}, {@smackfstransmute={'smackfstransmute', 0x3d, '-$*'}}]}) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat(r0, &(0x7f0000000180)='./file1\x00', 0x2, 0x86) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:32 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='bpf\x00', 0x2000018, &(0x7f0000000340)={[{@mode={'mode', 0x3d, 0x10001}}, {@mode={'mode', 0x3d, 0x1}}, {@mode={'mode', 0x3d, 0x8}}], [{@obj_type={'obj_type', 0x3d, ':&,\''}}, {@smackfshat={'smackfshat', 0x3d, '@$'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'overlay\x00'}}, {@hash='hash'}]}) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:32 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYRESDEC]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:32 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800009, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) [ 626.635121] audit: type=1804 audit(1617134912.124:2667): pid=16200 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1217/bus" dev="sda1" ino=15196 res=1 [ 626.662819] overlayfs: unrecognized mount option "wSorkdrr=./file1" or missing value [ 626.702708] overlayfs: missing 'lowerdir' 20:08:32 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[]) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:32 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$alg(r2, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) dup3(r2, r0, 0x80000) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) [ 626.739915] overlayfs: unrecognized mount option "lrdir=.ȦYfKىWd" or missing value [ 626.753968] overlayfs: fs on '.' does not support file handles, falling back to index=off. [ 626.760850] overlayfs: unrecognized mount option "18446744073709551615" or missing value [ 626.770142] overlayfs: upper fs does not support tmpfile. [ 626.783963] overlayfs: missing 'lowerdir' 20:08:32 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 626.791565] overlayfs: unrecognized mount option "18446744073709551615" or missing value [ 626.791616] overlayfs: upper fs does not support xattr. [ 626.866000] overlayfs: missing 'lowerdir' 20:08:32 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6db"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:32 executing program 5: mkdir(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="7570706572726b64690000000066696c65312c6c6f7765726469523d2e92d5d8fc4942eb0235dd220c1bde1acc1e8c4027821c84fe408a79b79c605915aec5ef74a2"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:32 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:32 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./bus\x00', 0x30) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75037065726469723d2e2f62000400006f726b6469723d2e2f66696c6531096c6f723d2e0000000000"]) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video2\x00', 0x2, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r1, 0xd3658000) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000440)='./bus\x00', 0x15) syz_mount_image$hpfs(&(0x7f0000000240)='hpfs\x00', &(0x7f0000000300)='./bus\x00', 0x0, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000340)="c668fea2072bba1925aba9f382a82366ddfba487671c5a186119ff09001c6b4eb0a15df7968b77907cc63e688f0e0407e0c6a0202471f3bbef2849f2f2be60e4d7339c1d7ac32d708458c194ae9d4274", 0x50, 0x7fffffff}], 0x2800004, &(0x7f0000000400)={[{'overlay\x00'}, {}, {'-,]\'~'}, {'.#{&.}-}\\:\\+})'}, {'/{:\':'}, {'/dev/video2\x00'}], [{@audit='audit'}]}) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x4000010, r2, 0x4000) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) open(&(0x7f0000000140)='./file1\x00', 0x2, 0x114) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:32 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:32 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) copy_file_range(r1, &(0x7f0000000100)=0x800, r2, &(0x7f0000000140)=0x385, 0x3, 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @my=0x1}, 0x10, 0x800) open_by_handle_at(r4, &(0x7f00000000c0)={0x25, 0x7, "d067ab9adcaf591d599a95c77e2800c22c519032ca78052d0f1460843c"}, 0x8381) sendfile(r0, r3, 0x0, 0x8400fffffffa) [ 627.276629] audit: type=1804 audit(1617134912.774:2668): pid=16297 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1220/bus" dev="sda1" ino=15167 res=1 [ 627.280909] FAT-fs (loop2): bogus number of reserved sectors [ 627.310860] overlayfs: filesystem on './bus' not supported as upperdir [ 627.319705] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:32 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') mount$bpf(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='bpf\x00', 0x80020, &(0x7f0000000340)={[{@mode={'mode', 0x3d, 0x6}}, {@mode={'mode', 0x3d, 0x200000000}}, {@mode={'mode', 0x3d, 0x10000}}, {@mode={'mode'}}, {@mode={'mode', 0x3d, 0x8}}, {@mode={'mode', 0x3d, 0xfffffffffffffffd}}, {@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x8}}, {@mode={'mode', 0x3d, 0x5}}, {@mode={'mode', 0x3d, 0x1ff}}], [{@dont_appraise='dont_appraise'}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@fowner_gt={'fowner>'}}]}) rmdir(&(0x7f0000000140)='./bus\x00') 20:08:32 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) truncate(&(0x7f00000000c0)='./bus/file0\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') setxattr$trusted_overlay_nlink(&(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='trusted.overlay.nlink\x00', &(0x7f0000000180)={'U+', 0x3}, 0x16, 0x1) [ 627.321908] overlayfs: missing 'lowerdir' [ 627.343940] overlayfs: unrecognized mount option "uperdir=./b" or missing value 20:08:32 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB]) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:32 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') chdir(&(0x7f0000000000)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') chdir(&(0x7f00000000c0)='./bus\x00') [ 627.377429] audit: type=1804 audit(1617134912.844:2669): pid=16303 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir381483824/syzkaller.5OFyQi/1074/file1/bus" dev="sda1" ino=15197 res=1 [ 627.411645] hpfs: bad mount options. 20:08:32 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000100)={0x9, 0x17, 0x1}, 0x9) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x830000, &(0x7f00000000c0)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.', @ANYRESHEX]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:33 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 627.456501] overlayfs: filesystem on './bus' not supported as upperdir [ 627.464131] overlayfs: missing 'lowerdir' [ 627.474611] overlayfs: unrecognized mount option "uperdir=./b" or missing value [ 627.575332] overlayfs: unrecognized mount option "workdi" or missing value [ 627.583073] overlayfs: filesystem on './bus' not supported as upperdir 20:08:33 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) [ 628.096409] audit: type=1804 audit(1617134913.594:2670): pid=16348 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1220/bus" dev="sda1" ino=15167 res=1 20:08:33 executing program 4: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm-control\x00', 0x80a00, 0x0) ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000380)) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x4000, 0x0) mkdirat(r1, &(0x7f0000000100)='./file1\x00', 0x126) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x20004, &(0x7f0000000280)=ANY=[@ANYRESHEX]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') r2 = open(&(0x7f0000000180)='./file1\x00', 0x20002, 0x128) bind$inet(r2, &(0x7f0000000240)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) chdir(&(0x7f0000000140)='./bus\x00') 20:08:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x1b) r1 = creat(&(0x7f0000000800)='./bus\x00', 0x110) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) fstat(r1, &(0x7f0000001bc0)={0x0, 0x0, 0x0, 0x0, 0x0}) newfstatat(0xffffffffffffff9c, &(0x7f0000002100)='./file1\x00', &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000440)='./bus\x00', &(0x7f0000000480)='system.posix_acl_default\x00', &(0x7f0000002080)=ANY=[@ANYBLOB="0233a6000100010000000000edaac132", @ANYRES32, @ANYBLOB="02000100", @ANYRES32=r2, @ANYBLOB="02000400", @ANYRES32=0x0, @ANYBLOB="02000400", @ANYRES32, @ANYBLOB="040004000000000008000400", @ANYRES32=0x0, @ANYBLOB="08000600", @ANYRES32=r4, @ANYBLOB="10000100000000002000060000000000"], 0x54, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r5 = accept4(r0, &(0x7f0000000100)=@pptp={0x18, 0x2, {0x0, @remote}}, &(0x7f0000000180)=0x80, 0x800) recvmmsg(r5, &(0x7f0000004740)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/82, 0x52}, {&(0x7f00000003c0)=""/86, 0x56}], 0x2}, 0x7ffc}, {{&(0x7f0000000840)=@generic, 0x80, &(0x7f0000000600)=[{&(0x7f00000004c0)=""/14, 0xe}, {&(0x7f0000000540)=""/171, 0xab}, {&(0x7f00000006c0)=""/138, 0x8a}], 0x3}, 0x7f}, {{&(0x7f0000000780)=@vsock, 0x80, &(0x7f0000001b40)=[{&(0x7f0000004900)=""/211, 0xd3}, {&(0x7f0000000900)=""/125, 0x7d}, {&(0x7f0000000980)=""/174, 0xae}, {&(0x7f0000000a40)=""/217, 0xd9}, {&(0x7f0000000b40)=""/4096, 0x1000}, {&(0x7f0000000640)=""/52, 0x34}], 0x6}, 0x4}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000004a00)=""/257, 0x101}, {&(0x7f0000001cc0)=""/135, 0x87}, {&(0x7f0000001d80)=""/191, 0xbf}, {&(0x7f0000001e40)=""/169, 0xa9}, {&(0x7f0000001f00)=""/141, 0x8d}], 0x5, &(0x7f0000002040)=""/41, 0x29}, 0x691}, {{0x0, 0x0, &(0x7f00000043c0)}, 0x4000000}, {{&(0x7f0000004440)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x80, &(0x7f0000004680)=[{&(0x7f00000044c0)=""/210, 0xd2}, {&(0x7f00000045c0)=""/156, 0x9c}], 0x2, &(0x7f00000046c0)=""/124, 0x7c}, 0x80}], 0x6, 0x40000000, &(0x7f00000048c0)) keyctl$get_persistent(0x16, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000002180)={{{@in=@remote, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@private1}}, &(0x7f0000002280)=0xe8) setxattr$system_posix_acl(&(0x7f00000008c0)='./file1\x00', &(0x7f0000002140)='system.posix_acl_access\x00', &(0x7f00000022c0)={{}, {0x1, 0x1}, [{0x2, 0x4}, {0x2, 0x5, r6}, {0x2, 0x3, r3}], {0x4, 0x1}, [{0x8, 0x1, r4}, {0x8, 0x3, r4}], {0x10, 0x7}, {0x20, 0x4}}, 0x4c, 0x2) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:33 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:33 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="75707065726669723d2e2f6274732c776f726b6469723d2e2f66696f7725726469723d2e228094f7cb1504d83835590137b01f7fa9133495618fcac01a19c4af012dfe7d0b377bec20499f58c478efee20e9ad2ba12647a7783faba1be69dc6ebd1a8ae539dcbf6802e2319a19973501bd879fc543a109e2b82e1bbd35f7fffffff25fe4af818c9f46b5d06733dd58aa2dcfe7ce3f103cd9b7bf3071bd318f23a5135851892c105c794fbc3bfc4b7b48c0f9388e6902ec2630f4658e378c1433a4dc4569fea7c156dfc4585f371eb72995a8aae5547ad256791c46779f00000000000000000000000000000400"/252]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x127440, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') [ 628.124398] audit: type=1804 audit(1617134913.614:2671): pid=16348 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir993817058/syzkaller.gVzr7D/1220/bus" dev="sda1" ino=15167 res=1 20:08:33 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {0x0, @remote}, 0x74, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'batadv_slave_0\x00'}) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r1, 0x800) lseek(r1, 0x0, 0x2) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffa) [ 628.193661] FAT-fs (loop2): bogus number of reserved sectors [ 628.199933] overlayfs: unrecognized mount option "upperfir=./bts" or missing value [ 628.210123] overlayfs: unrecognized mount option "workdi" or missing value [ 628.214679] FAT-fs (loop2): Can't find a valid FAT filesystem [ 628.224745] overlayfs: filesystem on './bus' not supported as upperdir 20:08:33 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat(r1, &(0x7f0000000100)='./bus\x00', 0x309cc0, 0x4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:33 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469ab3d2e2f66696c65312c6c6f7765726469723d2e"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000100)={[0x6]}, 0x8) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000006c0)=@security={'security\x00', 0xe, 0x4, 0x318, 0xffffffff, 0x1d0, 0x100, 0x100, 0xffffffff, 0xffffffff, 0x280, 0x280, 0x280, 0xffffffff, 0x4, &(0x7f0000000140), {[{{@ip={@multicast2, @broadcast, 0x0, 0xffffff00, 'veth1_to_bond\x00', 'wg1\x00', {0xff}, {}, 0x6e}, 0x0, 0xc0, 0x100, 0x0, {}, [@common=@osf={{0x50, 'osf\x00'}, {'syz1\x00', 0x0, 0x0, 0x2, 0x2}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "39c47bc505761bac5467b4bf51f1d9d64a73dec22d4e1ec884cd160b489b"}}, {{@ip={@remote, @remote, 0xffffffff, 0xff, 'veth1_to_bridge\x00', 'bond0\x00', {}, {}, 0x6c, 0x1, 0x1}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @multicast, 0x3ff, 0x0, [0xa, 0x1f, 0x32, 0x15, 0x1f, 0x13, 0x17, 0x25, 0x2, 0x3c, 0xa, 0x8, 0x1, 0x1d, 0x39, 0x13], 0x0, 0xfffffff9, 0x101}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x6, 0x22, "f6e1e3d931e8f6d62ff3c8a7516d68b7316936ccb0ba3582a3ec8d3e993e"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x378) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:33 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdi']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:33 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x8f) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 628.245384] overlayfs: unrecognized mount option "upperfir=./bts" or missing value [ 628.327444] overlayfs: unrecognized mount option "workdi=./file1" or missing value [ 628.338134] overlayfs: unrecognized mount option "workdi" or missing value 20:08:33 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:33 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000001900)=ANY=[@ANYBLOB="a0e775707065726469763d2324fa2e2f66696c65fd186c6f7765796469722afd20d3e937cf4cf177ab1a47d7fe64842dbcaad143bbe00d963fee2b1be9fb52c3f1357041970ac0c92569c5844c75454af8acb514e681a2c7fa9e573f3d7446ef505bf744b21f9377d078f566a254774d8a384a0d3bc7cf8cd087b6ba3c2bf54903df64d8454c3f2e2be69484d83810d66a3be1ec1c67b9b1a7a4df3ec6ba5c22f064f67463d3fd8e202a108bf95fb5a54fa206db415c92f42fadb382134f8c5366a4fb8eda57ee970244093b7188564114f38bdfce64d9c56be131d96796c6315bcf7609936f0b542b119f110a33f09d34203947b3966a6e0bbce6c47e81166a89cd8116e2e018e7bd0c8a4dcf614479ebd3bc93f563c6"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) truncate(&(0x7f00000018c0)='./file0\x00', 0xfffffffffffff801) chdir(&(0x7f00000001c0)='./bus\x00') getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000016c0)={{{@in=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f00000017c0)=0xe8) syz_mount_image$squashfs(&(0x7f00000000c0)='squashfs\x00', &(0x7f0000000100)='.\x00', 0x6, 0x8, &(0x7f00000005c0)=[{&(0x7f0000000140)="d1aba10e2c975372d0afa0a8f89ac5590a6478cb84337a3d51da895f9d5d6097148bddb2e94a4bde9fda4da65147e01336a3fb6bba5a544266c9bb5ecef240814f873f5d4fb1", 0x46, 0x4}, {&(0x7f0000000240)="195c3b582c2b6043d5e4ea4d5d2d", 0xe, 0x6}, {&(0x7f0000000340)="ee7d998483a4a29a778c6d5112fa89cc4a4c534e42cd5590daba5957236f4ab8619b61545194cb2340889b237250adfaaccd8db6f23b1a70e4bb0e79078fea4f18113aefc7d78877599b56eb7d9f32a4227f9b3b7381aa7ff4cd8b89a976196a46153dae4a78732e7e396c9171e2d39e1fe6e622783156332cc55ef291af6ee3aceb2d712677ca2ab64e0eb6b810f2eff547701207c42bb0d911da47d06a767e4d62bb26c72902ebb861c8e98e926d", 0xaf, 0x1}, {&(0x7f00000006c0)="021c5700b4f202068a9963eb0449af3f43c8f635b4041220e90564b4fd5c280e0cedf8152b1e5deb5bd23eeb71742284f7da3c738cb4cbe624d1683a9201887698143807fe372f5b25eb244aa7dc4a7909af52c9f0b0b513a0c67a819fe27bb3c9779e5af7ef0751ac61b6bf4c1be2b50f9718555b0f1cae4026b12c4f9f3ca0b5c8d254dbc78123edbc1fefdda08cf33ddc1c206c42002866772cd2180fda14aa3e9a20bf11f2ddd5831cc634ca3d7838689e3d714ce887eb7e485f76037781e188b38886f75a16fa795d66c52cbd625d376d422cab48cf247d20ea9b8c45b3ba60444480ad2d471f871ca6a767f6699d52f90e1557e87ce1cb4ff8eeba7388879df72153dbbee6a920b6f0d9008c16d8ea122e30a8bbaa58f7021b1d6e7f7beffdfd79d9a19150b927f45b82bfef948d7bd5a00ac048ee4760aad527f276d7d559f0355989fb9d91c6df94d1e574582538bd31a1c3903ac09eb7a87d221a9c54930eef265048c99e7d7964cbeac11a8d161eefa2d7033ef5a8cd711aa05e497ecaf6e6489b906b367f8301dd4e2611e30f28e06d3803d950181c63c5c18bda506ac215864b644cd855f4c5579bb47cae22ca0771d20c7ba91fd07015769893081223f89494bb32404c19a9b3c89742a421114facf8480810a746eb1db767d8d341f37bbb333a331e3c8f5bd96264ce2b13fb9b2ffe4d60eb4206b8e11be9a1e9921f8598bfce01e728e18da73932e7b606d664b2c4be9185c8079d135132e24a04af7020c158298d05e32f8d43e54aa5a54c0c2f92b28440af6e656e8a841a44668db0e7da2abe6c94c265fbef1c79c28dbbb91ee71c68113ca9fe3c0f8d76747d397124a4ca1ad42489bbf12c615d654ac8c3f4397131cf033176c1f4f9ce08852c4a0e00c35f1133933ee53d255623bb3e829b1382b43d9eba150266c4bf261c1626179d9428c47462c440103a9489a333b2c53c5e041253d693a7d34e7ef44d7dc1f67924b9dd60df1c8cf72ca82a20687e07b143fb58f1786949ef684d0b7775ec172d1c35c43097238baaaba4b4ef625fbdbc5ca0ab4b0fa76bb3760e0cc533bbad21db22e307083b831f93210a88cf91d18046b97f2f8757911fba136f6a8e5c5b0cdab80be32fccc9d1b48f1ab746db1b69917ca7aeef7ebcd2f79fabeae9ccb95dd9d10c5c5516cd64f3216d3e75a308d0570c89bc8db11f6f77a316baaf0e94dccec589c82d83ffc826656086ab6a19df4e2312d63fa62970a8515b63c3a26586892b58c45fb435b0888649de26360a57ee0abfbb09bb315c14faaf14f0970b96b1147a1c328cfb76beeaf7e34db7eaa8d754c77b1de0e65aad8f2898935a030e06fd828cb7a27e69eddc94123d1f98fab71961aad2f9bcea41aa722006b01a981d7a7bdcf256b76f004c5c3357e3251b066c4de0945ce51684fc0e7704e9ab220834f69f1066431f302531d6cca58eb99d8542b3771db21bb39b342d8064268cb3870699d93a1f28615f3480ba3a54a315eb6051ce4c8431a987d10d33020f569cafb8370ac9e120a022b2a68619cb06bec51413143731b606dcb48dc30d62d6d13e346b4a35ea51562ea9ec1e62d3526e538e906640d431ab706910f6cc2b7109dc28f606ccea0ebb4ef7a76ff334170ac9dac72acd3eb9cbcdedd78e0d1035165b9e812005aa4dd5d7886ace0e7f27fec350231b6f9b88ed33673155725cb5c3ab7850370e0c48b812d9f15b8793743fd501b30279967737f561c15d4c205b59c84df4e9b836e1406565b1a3a1c49c4c5a1935f1f5bc7c2e2768725a6f80b943cbe1b0a5d56d20ab0d9f4229ca2509261b88cc33b839919d2472ae98c31eb2737be521cf0315dec4debb9cac88156a880c787f02232988756cd6aa6dd16870d8d91cf7755af730d65e77336df1be6cf747fbc8de757d572fade8e662333ba629a1cd1c4e9757c5d81064841f948ea98f516ebbc2db54a465c69838497a6fae0b7937bd5d301189c1c528b0ec1236bceeb18b1774c29fe1ae6638e17429510ee9172630ddf73232db390b637a96de6841a0182c32407422f1ec92377963ea4eed888b7da61a38c1ed4db9139b6f51aad8d682b7f6617fb49a13759d93c10d1da09799616837291efe81d487f767a30e65188457b01a144bdcf0795648ae3775b1c7774cc2ec6c7b66260ab62a4517580d0b47fe908b301aafd4a5339c2cd82b07a8a7406fb222276d3236b0cd30bed6ccd426b81b8cee568837fec24cc62032e404e86ad6ba922ad4d1a02e8e92ec6edd26bab0535a717b2ce4d57b1c1813c7a1ede70b2f2194ad7d6083b58cf1edd82c6b55453a00b30a610c3ee5e84521413096eb48f6e204b504994652729e1e84996bca050ae161bb1192d35bb2fb69d26ca6e895e156e33f04610dbffa3f300fd3fd2a3a680fad390f8fc7ce71dd6cb0a7760b62611d92cb509ad8b1994cb659a27b19f2be7b4be432575eb0e0c7e15b8700cc8884e1703a0391bbe590c7d818e77a5fc32ea7f1f5eceb586295089cb969049aa55c5a67ea22645b4864c8d6363801eb92bb5d7459aece58602886fadb04865b7f0c9cd4e82d89c501ba2fa11700085caab9062a591dcff494fced8c179f1ac90f70516d2fbbeee8a26410636c8dfd39d9609337c1523d44fb9d0f4b303abed65f86c17a1d88cc26ff4641223ae329ba1bc469b332d1f00e1b78aaa46054128c254950de77e81ca8ea6dfeafa94da815ee6b206a7a22da44b324db0ef65db663405f0111371988c5404c7167601a676ec70a5ead12ecec4770f235e659b1a01a78d2bfd5864a7414e663ff86fc021531cd3eb5c1f791e8d2222b08fbc2d2d9387622cf050ca95a074ac31684cf0c1218414b23c21ea13c732f0ee2d5c22f0daa3cbb61d9cc2ff74fd3f97371de598131cce5d17c58d6b49cd5ab4f16c4bec47f92acf41f62a768e2f4d07a30d3b1863e52e08c516efca22658c2c84c41af9a69c4e1e32528dbf157ebfb9ffcf22f23717929859d4920354430519c8514340449fbc6cc0e9de85df36e40b567593b82bd66ebb6db2af12effc32c1e6d29e38b692acde690216508a0dc4c378171357acaa8b137a767afe7dff4b18d3194ae3613eba8fe4a3f4cc308d246114aec1d1867b69bd07c3e1cef04e2586039094e02739de99f0b2b7270a1d461e00e13c406e6557986ca36928859fc2b8541b793ed5e27af436bc691d83b45c0498d952e9dde4358838b169f7cb5ba452ce9f176f5a8f9972f63c77faefb6d6f3ef1a9bf5a48134c689ae95cf6c6c0b06624185464e493ea779dcdf3af65362262a8b83fd7b63e0df8d851b90518c2bbb1d5b8d37d0fc23351c75400b787b7209be134bc0e5e986cd2d811143454edf4985866f7cac8ced4916fbfae7c7ea9f827d2bd161f9705593a25bd6c40bd1bf43b906cdf9701ca03bf9e08b3b630baf2cd366e3240352230f740aef1599c9cc9d84e208bfe893bfa1f6763559789430514fabe92e70f737ee0bf9c7d90bea6e1924284aaf377ed7816ed050a43ee4a247a9b1c32081d37069dd2dd1b818c1a7f06406225512c2fa557feb3523a72c7fadb2e8f5fa8dbc9471abd8ea1d58c5f20cf40ea4b91dd3e446abba49f65bd022cad8d0358e5bdb25845414fb4c71feea35697a24adad31bd221eee45d70dc29bf3762262e86312248ac6e2eb5c6d1913f1d247a91784ed80e130582abc14fdcd84081e2cbecbe5be5f66f689073e79699f65e1141674b19fa459f080863074d616577b2e82897aea051ea46744a5129f90fec918296b144fa789dcc254e348d96250f42f21ee9e256552d9aabd90ff3833f0fe5089b051706551f1b9f4945983cc5cb7e44fd78b3c0976987989ac8dadf8a292fc3dce3d5408d7da7fa70feff5b49eb7e07685a62a35340df330a061a6991a47ea79c32ea1e97bf37e5bb5dd851007776ddeff9dd674cbead9b322f24552c6fdcc5739484c8925a0a51a9a8d2706abb5d03b248780ec1a8d794a347166365b6db06cc82a6526370b4c0569b80ceb2695ca9302f4ca19d57816db76d07ae01eef6138caee166b4720006f00b92daccb2521870bba65c992aa4ff617c9508c231f7d873e6558a48bdef178ce157d48a9f1e6c8a7a9782942ffcfece23b8b3857ecc16ccbb81253d1eddf5da81738ca2c72b6838d4bf3cd2ca56d13e10f03f6bdde3bf02e01c331eaa2d5233902f8f6473cbf4673471eadf67344ff3363a30952cc2480dcc4d45305717041643c102b248404e5ae13d10654ae9e8b78cf33becb5cb1508325d21425cf39564c5f9e89f00d6beddbf63e25e45b091815826b1a0210374662bf3fdceb014442575343850eb01c4d5e71264882fd79a10508a64b3ef66517aa0c08ffcc6b31b82ee6c91fe82e9e42304894424418b354c711a870f158fadd55fd5a49f51aabbe07f68e3dd904e9eef56f6fc234213d592502c611bb7fde3f5ae0010173dc909bc64a84296c68adc95263e9bcc9872b7367a84ae6c2de9f83fa54db971798c6cdaf8e3f016abac5248ef042d946cd4a4c76bc090b01d59a4b710e2d342547518211ae930c04ea9cf7e5dc612a3863ba13ac92a25ed76b5333f802eb789e77097564197a0a84714eadfbb6c9f2f76cb6255403dd0ef43cad6009fdcb5ad326f381d4522184a2ea8e9feeb88b24fdd08cda5574839f7850972c4f4c5b90279e5fad61995ec7c1e6601ed1aeb8b665648ae0c0055be627faedea8ab27a0e23029489910acd45031f6ceabdd4314cfdbfabd219d57fe357c2a86170e2221035c26479325c31bff85f27fa7b3c722634cecddea04d49452ba56c132741e88562e94bd7e64c1971c78bab02b6ebdc1b8efd26d51d2c70ef971cc565f3b78a20b8058c853b7483718c8d61a288c46eb11f2e744dae2a7e5de0cbe38002a55b89f9472c5b059468d430235c9605d6c7bfde753d794b623ab62b8261cb5d4e70ed0939ec782919eb4c50be23fadd702c3e685e53ebb0ff41c1e745ee0a661e1a9be0d6ca5e3c8ccdf971aac02aabfdbae7f0404ad480d858ef62deeaaca1b1ea65c7d2f3b5ed4e6adacc37970a635dea42036c8d930104a2a193f6773cd3b601be27e5a5ff2ce030707a2cd09c0e6bc8deacc18e1d48d4b98891b46ff0009fe8671c3715e821b85f7fe0b3b07457af08167b4eda8a0bad7633c02fa59aa9bb096d2789111521e3d247f547f2ba945d8a6b82dc9a40d09c9748682ca3550ecfdb9886c0a545bbd64c690e356ef5ae9809de397b6a5396e3f584ca776ac7afe31e63cbcadc7c342c584762daaae8ef62679fbb26a0515dcba614541e62a77606d83b9c6f0103c3df9b971ec95bb43f36fb4a7424bd54107400be2af0422e5fa91733d73f2c0379fff0ac8cac6a7d0aa8e751592b23411a4597dfcf0bf63138c921e03f51d25c7313e45dc9ffd6c07902ec22d971e6a0588fad32362f6b9f0d5ec688c90ce1f1ac8b0f2722d2a472f39da9092ade0b0a02f9ef24bd179cea89c9b69bf59043526f7a596c7320545ea89bc4e63799016b5cb547d7d077dfffb0b33f2fa4caec3c235a75482a303e774952617ed1b269e12a8dd9fa42e3328d7d0e5bbd6e17662b5b9dd19a57d5175129400cd9582292cf1b3bb9943ba696dfe7d0b83f909df49cafd8a3edd3f261e6041219533289998cb98d6183fccefdd22ad7f7ca78f70e86ad773d7dafff11299342226738b3342e3044bf22b3d43f4f7bb967a34000b9e8c8a3e58d4b8c92dae2ce5a26624b7cda2", 0x1000, 0xff}, {&(0x7f0000000400)="632d098857628d57329d8031ba1fc07f08900556cdb2dcebdda0fe03bbb241ef9efe55cc5f", 0x25, 0x8}, {&(0x7f0000000440)="a2a491f398d3", 0x6, 0x9}, {&(0x7f0000000480)="ce66d00dd0a810e3999dff53c4796d0e360df8d4238e844a1b6ec4074c43ab859bc4b5dccf61083019cc93b5efeb9c780140f7772435d9b05329c326ded40c60c093ea17d123d4b10895487b196c15b0e4427237f30e935dd087eec34aef00526734ec7c517e111a719007e1ac4776abb9a57ec1aee7eefe7237e6b27f03a260c741d798d0b910d7f30dc43aecb709bd566dbef89823fb5337aa70347df1334bfa5aa43542fe97eeaa927de08f0047cadbd5812d9dde77597912eba5440dcbe28aff4b65432be012225e14ec7b0f6863fa0bc13591bef79e5fe0738d6d3e48b977de665c31", 0xe5, 0xfffffffffffffffb}, {&(0x7f0000000580)="efd5a44e8d93befea6", 0x9, 0x4}], 0x200040, &(0x7f0000001800)={[{'overlay\x00'}, {'))'}, {'!$(.[^'}, {'overlay\x00'}, {'overlay\x00'}, {')+-:'}, {'overlay\x00'}, {'overlay\x00'}], [{@dont_hash='dont_hash'}, {@fowner_eq={'fowner', 0x3d, r0}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'overlay\x00'}}, {@subj_role={'subj_role', 0x3d, '$'}}]}) unlink(&(0x7f0000000200)='./bus/file0\x00') chown(&(0x7f0000000280)='./bus\x00', r0, 0xffffffffffffffff) [ 628.375487] overlayfs: filesystem on './bus' not supported as upperdir [ 628.396168] overlayfs: unrecognized mount option "workdi=./file1" or missing value [ 628.407396] overlayfs: filesystem on './bus' not supported as upperdir [ 628.417322] overlayfs: missing 'lowerdir' [ 628.480063] overlayfs: unrecognized mount option "upperdiv=#$./fileloweydir* 7LwGd-C?+R5pA [ 628.480063] %ińLuEJ恢W?=tFP[DwxfTwM8J;όЇ<+IdEL?.+攄8j;g>ƺ\"dtc *_OA\/OSfWD ;qVAdk1g1[v o T+ [ 628.480063] 34 9Gjn ~j́ MaDyӼc" or missing value [ 628.520897] squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop5 [ 628.535468] overlayfs: unrecognized mount option "upperdiv=#$./fileloweydir* 7LwGd-C?+R5pA [ 628.535468] %ińLuEJ恢W?=tFP[DwxfTwM8J;όЇ<+IdEL?.+攄8j;g>ƺ\"dtc *_OA\/OSfWD ;qVAdk1g1[v o T+ [ 628.535468] 34 9Gjn ~j́ MaDyӼc" or missing value [ 628.601075] squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop5 20:08:34 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:34 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x30, 0x3f7, 0x800, 0x70bd29, 0x25dfdbfc, {0xb, 0xb, './bus/file0', './bus/file0'}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4002) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') open$dir(&(0x7f0000000100)='./bus/file0/file0\x00', 0x0, 0x20) 20:08:34 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdTr=./file1,lowe\vdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) lgetxattr(&(0x7f0000000180)='./bus/file0\x00', &(0x7f0000000240)=@known='trusted.overlay.metacopy\x00', &(0x7f0000000400)=""/56, 0x38) chdir(&(0x7f00000001c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus/file0\x00', 0x40200, 0x94) unlink(&(0x7f0000000200)='./bus/file0\x00') mount$overlay(0x0, &(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000140)='overlay\x00', 0xa1, &(0x7f0000000340)={[{@xino_off='xino=off'}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@nfs_export_off='nfs_export=off'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}], [{@fsname={'fsname', 0x3d, '/%$'}}, {@uid_lt={'uid<', 0xffffffffffffffff}}, {@obj_user={'obj_user', 0x3d, 'overlay\x00'}}]}) 20:08:34 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:34 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f00000019c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/98, 0x62}], 0x1, &(0x7f00000006c0)=""/4096, 0x1000}, 0xc0}, {{&(0x7f0000000340)=@in6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000001940)=[{&(0x7f00000003c0)=""/146, 0x92}, {&(0x7f0000000480)=""/182, 0xb6}, {&(0x7f0000000540)=""/77, 0x4d}, {&(0x7f00000005c0)=""/173, 0xad}, {&(0x7f00000016c0)=""/172, 0xac}, {&(0x7f0000001780)=""/140, 0x8c}, {&(0x7f0000001840)=""/230, 0xe6}], 0x7, &(0x7f0000000180)=""/56, 0x38}, 0x949}], 0x2, 0x10060, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 629.048256] overlayfs: missing 'lowerdir' [ 629.060948] overlayfs: unrecognized mount option "workdTr=./file1" or missing value [ 629.069967] FAT-fs (loop2): bogus number of reserved sectors [ 629.076364] overlayfs: failed to resolve '.C': -2 [ 629.090845] FAT-fs (loop2): Can't find a valid FAT filesystem 20:08:34 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./bus\x00', 0x1a9) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r1, r2) mount$bpf(0x0, &(0x7f0000000180)='./file1\x00', &(0x7f0000000240)='bpf\x00', 0x2000, &(0x7f0000000540)=ANY=[@ANYBLOB="6d6f64653d30303030303030303030303030303030303030303030372c6d6f64653d30300330303030303030303020303030303030309037372c6d6f64653d30303030303031303030303030303030303030303030302c666f776e65723c5689da0f577ceaf85b1caff697e40513b7c4c0b175d4439458436477eb809d84e9d8ffc4", @ANYRESDEC, @ANYBLOB="2c6f626a5f726f6c653d6f7665726c6179002c736d61636b66737472616e73e2051f4c3d2c5d5d292a233a5c282c7569643d", @ANYRESDEC=r1, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRESDEC=0xee01, @ANYBLOB=',subj_role=overlay\x00,euid>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') mkdir(&(0x7f0000000140)='./bus/file0\x00', 0x4) 20:08:34 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 629.106756] overlayfs: filesystem on './bus' not supported as upperdir [ 629.110468] overlayfs: failed to resolve '.C': -2 [ 629.120345] overlayfs: unrecognized mount option "workdTr=./file1" or missing value 20:08:34 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ftruncate(r0, 0x800) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) lseek(r2, 0x10000800000, 0x1) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8400fffffffa) 20:08:34 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./file0\x00') 20:08:34 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x80) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') [ 629.190305] overlayfs: missing 'lowerdir' 20:08:34 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6900) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, &(0x7f0000000080)) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000000000)='./bus\x00', 0xe8060, 0x0) sendfile(r0, r2, 0x0, 0x8400fffffffa) r3 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x5, 0x2) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r3, 0xc01064b3, &(0x7f0000000100)) 20:08:34 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) [ 629.213241] overlayfs: failed to resolve './file1': -2 [ 629.253086] overlayfs: filesystem on './bus' not supported as upperdir [ 629.258507] overlayfs: failed to resolve './file1': -2 [ 629.271289] overlayfs: filesystem on './bus' not supported as upperdir [ 629.286683] overlayfs: unrecognized mount option "lower" or missing value 20:08:35 executing program 2: r0 = syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='./bus\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6900) mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='overlay\x00', 0x800, &(0x7f0000000200)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '&#[/'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x35, 0x65, 0x63, 0x31, 0x63, 0x62, 0x32], 0x2d, [0x2c, 0x63, 0x33, 0x32], 0x2d, [0x32, 0x62, 0x32, 0x64], 0x2d, [0x64, 0x63, 0x36, 0x66], 0x2d, [0x34, 0x35, 0x65, 0x37, 0x64, 0x37, 0x38, 0x64]}}}]}) ftruncate(r1, 0x800) r2 = socket(0x10, 0x3, 0x10001) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}, @TCA_STAB={0x24, 0x2, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x10, 0x1}, {0xfff2, 0x10}, {0xd}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x24044004}, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f627573206d73646f7302206d73646f7300206d73646f7300206d73646f7300206d73646f7300206d73646f7300202e20795d5b7a2d2f5e7d270b6d3c902fcfd930f20ff1246b3e3062992c4b2ca0133c993131ce1bc2aaff27512f09930e823bef88e6dbc719e8c8a7b4752b"], 0x86) lseek(r1, 0x0, 0x2) setsockopt$inet_dccp_buf(r1, 0x21, 0x8e, &(0x7f0000000340)="ebedcaf03f7056ba73c57502e1773d2b12e86aef12a64938a2246df23b69565349f402656769c0049dbf98ddea803018adc917412c426db2b1277ef126fda589d8c431773935cbd48928c4dfc7bc077da58c7830e046b83fc6c5fa352d7ae5b5128a7f4f5f5ff0c4afc700c0717b64a1484ca5de14c8bccf3c55d742de7999a95697571deba4d9414fe0b46221fea5765c8abfe46fb97408b1483dba3e5a07293b3e5314bd1bd9", 0xa7) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000400)={0x8, 0x0, 0xc3, 0x6, 0x44a7a3ad}, 0xc) sendfile(r1, r6, 0x0, 0x8400fffffffa) 20:08:35 executing program 5: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000080)='overlay\x00', 0x250c0, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:35 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') r0 = getuid() r1 = getgid() mount$fuseblk(&(0x7f00000000c0)='/dev/loop0\x00', &(0x7f0000000100)='./file1\x00', &(0x7f0000000140)='fuseblk\x00', 0x0, &(0x7f0000000340)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@max_read={'max_read'}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0x2}}], [{@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@obj_user={'obj_user', 0x3d, '^{/)\\%,'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@dont_hash='dont_hash'}, {@seclabel='seclabel'}]}}) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:35 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66bd5accedab696c65312c686f776572"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unlink(&(0x7f0000000200)='./bus/file0\x00') 20:08:35 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:35 executing program 3: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lower']) chdir(&(0x7f00000001c0)='./bus\x00') close(0xffffffffffffffff) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) 20:08:35 executing program 4: mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c3d2ea43f2fc69a21902f66696c65312c6c6f7765f24469723d2ec44a9af6db0e1c436d9df1c41bf925d20e190ef4a92506214c62be238cb06c6329e2a0aa8973bd80782cac246f0750ec952d73425f1a2e49822af31be6198a879ae5df8ff2"]) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000200)='./bus/file0\x00') umount2(&(0x7f00000000c0)='./file1\x00', 0x0) stat(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mkdir(&(0x7f0000000480)='./bus/file0\x00', 0x13d) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000100000000000000", @ANYRESDEC=r1, @ANYBLOB="02dee0c1db04ee7245cfdb33a5fbf7a0", @ANYBLOB="3849de9e0e67c83c06f2f21f97d61ff3726919f087d052ee87507d365790b90367c0a730263625c7e5c492cbb754119256b96a7367edd275700d5f2f7816784ccb93b2f4fcfc9cf4a042259aa0aa1e049002000000bb4677f5137ce1353f105c76ec78cacbb4a432df3ebfea7b4f957b64ae13d22b8154a880d75f00d1f5f8", @ANYRESOCT=r0, @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="9fbdf4d692512b4f13aadd66f4db121e32482f332a352fc2c91ee52d6824da74da477b34c8968f8bd6ee709597322a340171c8e27dce6acbb6b4a48e357ca000fc4972c0632b1df986b8d0a1b75deca7ac026785ac1884b039ac8e24a18424a44ad7be822a9b1f2689be574ca51864e9fee633856ee7cb523afa386e4ff045023fb124d6e558b74c68c608cdf89d8b01ce03b45e84091fbf9a08e03224932dd2b03d904e95d7f74421b1fc880c7bdba6c69c173dd8b92eb44be1dbd39a9a6f29e4601b754a197cf93405db0f4925eea1ac29f2e6585d7b5eff", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32, @ANYBLOB="fe3e44247d675c96c7a5bdbfb51339609cdb35eb5f191a29318a21bb29fe6aac12c1a001febd854d5f24cdabfa8d0b6e87b38db62aae0af3fd435469ca10c77e43e35a1a92d0ad53010dac3e895f9460e89483035a5e069d659cc5b39ba9f9577af97b26f172bf56abeac5fddeef8a43d2d21534d073170c000107f1a1deb239cefaad00342e728bd94ebb5640aa67ddfc36a38a38452dd110a937b26d935e8cdaa117db8ea26d9228ea2df655c80e985f71c2771191b435e9918d300b", @ANYRES32, @ANYBLOB="d01585a2c45fc2bac65f5eda6238367f5d2834384ed2d9c94bb36b75189d00ff35ab4a3068a7136105dda6c56684134af018bf08a9de6dc0d70492"], 0x8c, 0x0) syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f0000000240)='./file1\x00', 0x2, 0x1, &(0x7f0000000280)=[{&(0x7f0000000340)="265fee26566ead3537d3dffa9a01dc11d79ca5b3ffd5d01bf6b4f791f94ad0d8f9ec38195770770398130947bc0c50832c7665da65fb2dbb1ed8398eb0bcbbe2140f593ab92bec8a2b2ecc2b68f726e34f445cd918146e50e92ce22090e720f1f034a5478042c664790513e3b8b76f6dc7fa1f65303853a9bcd16d3e8a2ac889f16819e510fb", 0x86, 0x200}], 0x40, &(0x7f0000000400)={[{@gid={'gid', 0x3d, r1}}], [{@subj_user={'subj_user', 0x3d, 'overlay\x00'}}, {@obj_user={'obj_user', 0x3d, 'overlay\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, 'overlay\x00'}}]}) [ 629.921621] overlayfs: unrecognized mount option "hower" or missing value [ 629.933128] overlayfs: unrecognized mount option "lower" or missing value [ 629.942885] overlayfs: filesystem on './bus' not supported as upperdir [ 629.952567] overlayfs: unrecognized mount option "howerC" or missing value 20:08:35 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/exe\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x45) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus/file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=.']) lsetxattr$security_capability(&(0x7f0000000680)='./bus/file0\x00', 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') umount2(&(0x7f00000000c0)='./bus/file0\x00', 0x