program:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x90)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="340000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="80400100000000000c002b8008060000", @ANYRES32=r0, @ANYBLOB="374e3d194f1d29967e8a4b9bd3c9006df0f760f55ef1461d9d8aea33e73b85f9"], 0x34}, 0x1, 0x0, 0x0, 0x40088d4}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x1f4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)
syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1810002, &(0x7f00000007c0)=ANY=[@ANYBLOB="002ecbc55fe6d6100837adda58fa7d10ab54aee93b992510be054d731ab7da7e75676e729a84f3b6a90100db5e477dbfee9ea3db9e2cdf0af3e9f7718732aaccc2158ad1dc498162eb5e87e3ec955164b6a97fb2a48d7a569258274a727cb0c7227e8f51529264e568b34e6f7ee018b3562d8fdd26e1b83ab2b09862ea8ac241fca01893c02becc286b2b17bd8c515b3dd02562333f6a7273bc91c9841bf3cb673bc8942336c5cebffbb08f82ba108af50c8dabb9628fc8e59c207395f370146898f1f3400f50f5e0566363558fe2c744cbebda08fe49b2155b62fcbb938b0d78d5e36b5e6b7d1c01f8b6423066333a94bb51f311c1d70dc272c6528d8057273e9bffbc8747d7c8a65b368828d39c69fc42125281702192328142ebb5b396e66db522ca6f2ae2ca64ab0d9d3f0eeb890d6b5a376ab004afb2ccc83293222ce378ef0e8d88e873ee168d615985aaabc293ce789dd163747e965405c11730f23faf8053fb37e93d5a54cdce54c1ce09598258ec5892938c5a16cf0c548695c973b45a0bc95feff28efd824744057c5da581fe9215d1a9e358a9da84b4ceb0f586c2ddbabbe2347dd728b8e05ecf90b4c7c9861ce1af7709c9babcdc2bd2175a8496a48942dc2755a5ed6296745ec0810e42050e657b2c0965d423077136da0140277053c8ce91d0000000000000000000000f81a60f8321a29d95e555edc5822e904e5b3821224bb704efb9aea0f736fa06f46b1023fc644c7879a6315e96f6695f65fef95d6dbf22d80c068a20fc98bad02dbeb3c9f478063d2f2f8fd5e8af7a5d5937e5626c71efa3369e99787e78597c01acfa3b273102993abd03263ae4115a65254d32c517eddeb58bbc458d025fdc566906ac145a9db74f46d10805e6c7560f6740cf29445f6aec713655cdd27032c6413f342d8e76782bdc2d96870cf7e84d15838c48aa6af77086acec169846791fbb50b0f648adbc6f4058870827efcf4da44b43c62f3", @ANYRESDEC=r0, @ANYRES64=0x0, @ANYRESOCT=0x0, @ANYRES32, @ANYRES16, @ANYRES16=r0, @ANYBLOB="2da97369bd5bd2a022e4fea628166430fb7a26dae38cd827ad7f8cff5d224613a8fbc6a23601da47409ecba43e29d9a778e4a37f2f57fa7ce2366b5b89b5b9529791fb53b47e83c2014cd577bb91a7dd8a0de70a50b2baf658b32d6d108efa8d3b6101762c8308a5b3351fd14516c9c33e6c6bd15e956f84604a2717d3853b39df8186d0a3930803bc325b8ebb315aff3e39aa98ba22dffb1b6a7c1acafedad4ef2377e435262da6ed52f8595f77f679e98e0000000000000000", @ANYRES32=r0, @ANYRESOCT, @ANYRESHEX=r1], 0x1, 0x1d9, &(0x7f0000000bc0)="$eJzs20tu00Acx/GfHcduyvu1YYXEAjbEkEaC7ugBuAC7qjVVhQuIsmmFBN1wD47BjptwgUSCExjZcZQ4xI/YiU2a70dqMxnNb+YfKeOMI0UANtbN6L8hQ23JkYIg+PJA0utXkqzpkYYxE7XrrBPA8gXhrg7S2fO7t7JTANZD6/f8fid1g/8YN0yuAsA6G+61onPAT0P69efzwSD+axc8Pwz3TKkVP5nK29JWofzF6LbiviUNpvKOkhMYX1POL99H+UdK5jtF64/X357Jb+cFw1um0IUZPTx+mMxfkXRV0jVJ1yXdiO+1bkm6PWf9w5n17xWsH6gifPd1Ez3JbWsWyXczBjjZ+XD+N8e+9zSv0BTtOP+sZN6O872K+Z2SeSfOdw/e+4epo16WnB3IZv6z/xeTu/9TTb4+rLL/rYr7H9hkp2fnb/d93/u4eMMslarWcGpci0a1xvggGfaEl+n81LfGa66v0VnGPJ0VVtjwhQnAyrmfTj64p2fnT45P9o+8I+9dr7/7or/T6z/fdaNzuVvldA7gfzb50C823lp1QQAAAAAAAAAAAAAAYGF3JN1tuggAAAAAtajjB09Nv0YAAAAAAAAAAAAAAAAAAADgsvgbAAD//+UKO2I=")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000140)={0x0, 0x2, 0xff, 0x87a, 0x800, 0x4}, 0x14)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$int_in(r3, 0x5421, &(0x7f0000000000)=0xc0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_STATS(r5, &(0x7f0000000e40)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x14, 0x5, 0x1, 0x5, 0x0, 0x0, {0xa}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x22004081)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000e80)=ANY=[@ANYBLOB="c40000001900674c0000000000000000fe8000000000000000000000000000aae000000100000000000000000000000000000000000000000a00800000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000c803ce29684858500000000000000000000000000000000000000000f9ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0014e95c07350000000000236ff44d4dda7fbbfb991ef960f5f96f38689d68448ec236142e6d52c3c42fd8d6863cd95d16cb8e1d436c1baf9c1daecc8b4e6e90d95a585f290f00cc89bcd8654b818b4d7800f45cc92a44b110056ecfaef70ddf269b72d984e2d22b3131fe6d3985f61ffa4caf00f314aef911e3f4c53ba90803d7a305b46faaddaa62"], 0xc4}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000700)=ANY=[@ANYBLOB="00ffffffffffbbbbbbbbbbbb86dd606b88ef00083a00fc01000000000000000000000002ffffffffffffff00000000296f659a12ea77477c3e30b2a1000000000000aa8100907800000000e6733c958f1b373e"], 0x0)
ioctl$FIOCLEX(r4, 0x5451)
r6 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="1201000000000008d8040d0000000000000109022400010000a008090400fe01030001000921fffffd012205000905810308000300fdae9e40cf24a88bc4c81a2d8b3f9888ffaf"], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io(r6, &(0x7f0000000080)={0x2c, &(0x7f00000012c0)=ANY=[@ANYBLOB="000b050000000800000060"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$I2C(&(0x7f0000000100), 0xffffffffffffff7c, 0x4901)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000280)={0x0, 0x8, 0x5, &(0x7f0000000240)={0x0, "0f5dbf9b3c00000000c4f5f9c6974700510000000000000000000200"}})
connect$netrom(r3, &(0x7f0000000080)={{0x6, @null}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48)
connect$netrom(r3, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000001100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c})
chdir(&(0x7f0000000540)='./file0\x00')
r7 = userfaultfd(0x80800)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9fef010018000000002700080000000200000000000000000000030000000005000000040000010400"/50], 0x0, 0x32, 0x0, 0xa}, 0x28)
ioctl$AUTOFS_IOC_PROTOSUBVER(r7, 0x80049367, &(0x7f0000000040))

[   74.773900][ T5312] Bluetooth: hci0: command tx timeout
[   74.811159][ T5334] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'.
[   74.835741][ T5334] loop0: detected capacity change from 0 to 64
[   74.905836][ T5334] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'.
[   75.163565][ T5326] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.313583][ T5326] usb 5-1: Using ep0 maxpacket: 8
[   75.318852][ T5326] usb 5-1: config 0 interface 0 has no altsetting 0
[   75.321788][ T5326] usb 5-1: New USB device found, idVendor=04d8, idProduct=000d, bcdDevice= 0.00
[   75.326341][ T5326] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.332421][ T5326] usb 5-1: config 0 descriptor??
[   75.756690][ T5326] hid-generic 0003:04D8:000D.0002: unknown main item tag 0x0
[   75.760234][ T5326] hid-generic 0003:04D8:000D.0002: unknown main item tag 0x0
[   75.764863][ T5326] hid-generic 0003:04D8:000D.0002: unknown main item tag 0x0
[   75.768383][ T5326] hid-generic 0003:04D8:000D.0002: unknown main item tag 0x6
[   75.784009][ T5326] hid-generic 0003:04D8:000D.0002: hidraw1: USB HID vff.ff Device [HID 04d8:000d] on usb-dummy_hcd.0-1/input0
[   75.951725][ T5334] ------------[ cut here ]------------
[   75.955265][ T5334] UBSAN: shift-out-of-bounds in fs/minix/inode.c:415:57
[   75.958611][ T5334] shift exponent 1792 is too large for 64-bit type 'unsigned long'
[   75.962270][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.962288][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.962297][ T5334] Call Trace:
[   75.962305][ T5334]  <TASK>
[   75.962312][ T5334]  dump_stack_lvl+0x189/0x250
[   75.963025][ T5334]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.963035][ T5334]  ? __pfx__printk+0x10/0x10
[   75.963050][ T5334]  ubsan_epilogue+0xa/0x40
[   75.963063][ T5334]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   75.963124][ T5334]  minix_statfs+0x31c/0x340
[   75.963138][ T5334]  vfs_statfs+0x147/0x2d0
[   75.963153][ T5334]  ovl_fill_super+0x855/0x5a90
[   75.963171][ T5334]  ? check_path+0x21/0x40
[   75.963184][ T5334]  ? check_noncircular+0xda/0x150
[   75.963202][ T5334]  ? lockdep_unlock+0x89/0x120
[   75.963222][ T5334]  ? __lock_acquire+0x6b6/0x2cf0
[   75.963245][ T5334]  ? __pfx_ovl_fill_super+0x10/0x10
[   75.963265][ T5334]  ? __mutex_trylock_common+0x153/0x260
[   75.963281][ T5334]  ? __pfx___mutex_trylock_common+0x10/0x10
[   75.963303][ T5334]  ? rcu_is_watching+0x15/0xb0
[   75.963316][ T5334]  ? trace_contention_end+0x39/0x100
[   75.963332][ T5334]  ? shrinker_register+0x124/0x230
[   75.963345][ T5334]  ? __mutex_unlock_slowpath+0x1a1/0x730
[   75.963417][ T5334]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   75.963435][ T5334]  ? __raw_spin_lock_init+0x45/0x100
[   75.963460][ T5334]  ? sget_fc+0x962/0xa40
[   75.963475][ T5334]  ? __pfx_set_anon_super_fc+0x10/0x10
[   75.963489][ T5334]  ? __pfx_ovl_fill_super+0x10/0x10
[   75.963503][ T5334]  get_tree_nodev+0xbb/0x150
[   75.963520][ T5334]  vfs_get_tree+0x92/0x2a0
[   75.963537][ T5334]  do_new_mount+0x302/0xa10
[   75.963547][ T5334]  ? apparmor_capable+0x137/0x1a0
[   75.963564][ T5334]  ? __pfx_do_new_mount+0x10/0x10
[   75.963574][ T5334]  ? ns_capable+0x8a/0xf0
[   75.963589][ T5334]  ? path_mount+0x628/0xff0
[   75.963599][ T5334]  ? kmem_cache_free+0x197/0x620
[   75.963622][ T5334]  __se_sys_mount+0x313/0x410
[   75.963638][ T5334]  ? __pfx___se_sys_mount+0x10/0x10
[   75.963652][ T5334]  ? do_syscall_64+0xbe/0xf80
[   75.963675][ T5334]  ? __x64_sys_mount+0x20/0xc0
[   75.963688][ T5334]  do_syscall_64+0xfa/0xf80
[   75.963706][ T5334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.963718][ T5334]  ? clear_bhb_loop+0x60/0xb0
[   75.963731][ T5334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.963742][ T5334] RIP: 0033:0x7ff84898f7c9
[   75.963754][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.963762][ T5334] RSP: 002b:00007ff8497d7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   75.963777][ T5334] RAX: ffffffffffffffda RBX: 00007ff848be5fa0 RCX: 00007ff84898f7c9
[   75.963785][ T5334] RDX: 0000200000000200 RSI: 00002000000003c0 RDI: 0000000000000000
[   75.963792][ T5334] RBP: 00007ff848a13f91 R08: 0000200000001100 R09: 0000000000000000
[   75.963800][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.963806][ T5334] R13: 00007ff848be6038 R14: 00007ff848be5fa0 R15: 00007ffc33e90ef8
[   75.963825][ T5334]  </TASK>
[   76.115689][ T5334] ---[ end trace ]---
[   76.118099][ T5334] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   76.122037][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.125965][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.130663][ T5334] Call Trace:
[   76.132251][ T5334]  <TASK>
[   76.133649][ T5334]  dump_stack_lvl+0x99/0x250
[   76.135838][ T5334]  ? __asan_memcpy+0x40/0x70
[   76.138070][ T5334]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.140493][ T5334]  ? __pfx__printk+0x10/0x10
[   76.142551][ T5334]  vpanic+0x237/0x6d0
[   76.144421][ T5334]  ? __pfx_vpanic+0x10/0x10
[   76.146596][ T5334]  panic+0xb9/0xc0
[   76.148402][ T5334]  ? __pfx_panic+0x10/0x10
[   76.150541][ T5334]  ? __pfx__printk+0x10/0x10
[   76.152771][ T5334]  check_panic_on_warn+0x89/0xb0
[   76.155117][ T5334]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   76.158132][ T5334]  minix_statfs+0x31c/0x340
[   76.160200][ T5334]  vfs_statfs+0x147/0x2d0
[   76.162295][ T5334]  ovl_fill_super+0x855/0x5a90
[   76.164407][ T5334]  ? check_path+0x21/0x40
[   76.166335][ T5334]  ? check_noncircular+0xda/0x150
[   76.168434][ T5334]  ? lockdep_unlock+0x89/0x120
[   76.170465][ T5334]  ? __lock_acquire+0x6b6/0x2cf0
[   76.172628][ T5334]  ? __pfx_ovl_fill_super+0x10/0x10
[   76.174879][ T5334]  ? __mutex_trylock_common+0x153/0x260
[   76.177194][ T5334]  ? __pfx___mutex_trylock_common+0x10/0x10
[   76.179650][ T5334]  ? rcu_is_watching+0x15/0xb0
[   76.181914][ T5334]  ? trace_contention_end+0x39/0x100
[   76.184381][ T5334]  ? shrinker_register+0x124/0x230
[   76.186845][ T5334]  ? __mutex_unlock_slowpath+0x1a1/0x730
[   76.189444][ T5334]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   76.192217][ T5334]  ? __raw_spin_lock_init+0x45/0x100
[   76.194713][ T5334]  ? sget_fc+0x962/0xa40
[   76.196755][ T5334]  ? __pfx_set_anon_super_fc+0x10/0x10
[   76.199337][ T5334]  ? __pfx_ovl_fill_super+0x10/0x10
[   76.201855][ T5334]  get_tree_nodev+0xbb/0x150
[   76.204072][ T5334]  vfs_get_tree+0x92/0x2a0
[   76.206255][ T5334]  do_new_mount+0x302/0xa10
[   76.208074][ T5334]  ? apparmor_capable+0x137/0x1a0
[   76.210361][ T5334]  ? __pfx_do_new_mount+0x10/0x10
[   76.212781][ T5334]  ? ns_capable+0x8a/0xf0
[   76.214786][ T5334]  ? path_mount+0x628/0xff0
[   76.217041][ T5334]  ? kmem_cache_free+0x197/0x620
[   76.219406][ T5334]  __se_sys_mount+0x313/0x410
[   76.221694][ T5334]  ? __pfx___se_sys_mount+0x10/0x10
[   76.224070][ T5334]  ? do_syscall_64+0xbe/0xf80
[   76.226325][ T5334]  ? __x64_sys_mount+0x20/0xc0
[   76.228632][ T5334]  do_syscall_64+0xfa/0xf80
[   76.230790][ T5334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.233606][ T5334]  ? clear_bhb_loop+0x60/0xb0
[   76.235806][ T5334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.238487][ T5334] RIP: 0033:0x7ff84898f7c9
[   76.240530][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.249348][ T5334] RSP: 002b:00007ff8497d7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   76.253145][ T5334] RAX: ffffffffffffffda RBX: 00007ff848be5fa0 RCX: 00007ff84898f7c9
[   76.256681][ T5334] RDX: 0000200000000200 RSI: 00002000000003c0 RDI: 0000000000000000
[   76.260045][ T5334] RBP: 00007ff848a13f91 R08: 0000200000001100 R09: 0000000000000000
[   76.263488][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.267048][ T5334] R13: 00007ff848be6038 R14: 00007ff848be5fa0 R15: 00007ffc33e90ef8
[   76.270625][ T5334]  </TASK>
[   76.272439][ T5334] Kernel Offset: disabled
[   76.274468][ T5334] Rebooting in 86400 seconds..