last executing test programs:

142.657925ms ago: executing program 2 (id=3):
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x4c, &(0x7f00000000c0), 0x4)
landlock_restrict_self(r0, 0x0) (async, rerun: 64)
mknodat(0xffffffffffffff9c, &(0x7f0000000880)='./file7\x00', 0x11c0, 0x0) (rerun: 64)

114.829006ms ago: executing program 2 (id=5):
r0 = socket$inet6(0xa, 0x80002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r1, &(0x7f0000000dc0)='syz0\x00', 0x1ff)
r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010102020d0000090582020002"], 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000dc0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000c80)={0x20, 0x80, 0x1c, {0xfff, 0xb, 0x1, 0x2, 0x4, 0x0, 0x5, 0xa0, 0xffff, 0x5, 0x3, 0x5}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
r3 = openat$cgroup_freezer_state(r1, &(0x7f00000002c0), 0x2, 0x0)
write$cgroup_freezer_state(r3, &(0x7f00000000c0)='FROZEN\x00', 0x7)
sendfile(r3, r3, 0x0, 0x8000002)
recvmmsg(r0, &(0x7f0000007180)=[{{&(0x7f00000001c0)=@can, 0x80, &(0x7f0000000440)=[{&(0x7f0000000040)=""/25, 0x19}, {&(0x7f0000000380)=""/145, 0x91}, {&(0x7f0000000240)=""/18, 0x12}, {&(0x7f0000000300)=""/22, 0x16}, {&(0x7f00000028c0)=""/4096, 0x1000}], 0x5, &(0x7f00000004c0)=""/98, 0x62}, 0x3}, {{&(0x7f0000000540)=@un=@abs, 0x80, &(0x7f0000000740)=[{&(0x7f00000005c0)=""/73, 0x49}, {&(0x7f0000000640)}, {&(0x7f0000000680)=""/184, 0xb8}], 0x3, &(0x7f0000003d00)=""/4096, 0x1000}, 0xd}, {{&(0x7f0000000780)=@isdn, 0x80, &(0x7f0000000840)=[{&(0x7f0000000800)=""/18, 0x12}], 0x1, &(0x7f00000072c0)=""/95, 0x5f}, 0x8}, {{&(0x7f0000003940)=@in={0x2, 0x0, @remote}, 0x80, &(0x7f0000006f00)=[{&(0x7f00000039c0)=""/183, 0xb7}, {&(0x7f0000003a80)=""/63, 0x3f}, {&(0x7f0000004d00)=""/4096, 0x1000}, {&(0x7f0000005d00)=""/4096, 0x1000}, {&(0x7f0000003ac0)=""/171, 0xab}, {&(0x7f0000003b80)=""/64, 0x40}, {&(0x7f0000003bc0)=""/238, 0xee}, {&(0x7f0000006d00)=""/255, 0xff}, {&(0x7f0000006e00)=""/239, 0xef}], 0x9, &(0x7f0000006fc0)=""/103, 0x67}}, {{0x0, 0x0, &(0x7f0000007080)=[{&(0x7f0000007040)=""/26, 0x15}], 0x1, &(0x7f00000070c0)=""/152, 0x98}, 0xc4}], 0x5, 0x40000002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000140)={'wpan4\x00'})
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
getpid()
read$FUSE(0xffffffffffffffff, &(0x7f0000000880)={0x2020, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
r6 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
write$uinput_user_dev(r6, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@upperdir={'upperdir', 0x3d, './file2'}}, {@nfs_export_on}, {@metacopy_on}], [], 0x2c})
syz_open_procfs$pagemap(r5, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000280)=[{&(0x7f0000000080)="580000001500add405000000000000000a117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ffff0100f5c71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)

77.254997ms ago: executing program 3 (id=4):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x1010, 0xffffffffffffffff, 0xffffd000) (async)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) (async)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@xino_auto}], [], 0x2c})
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x80, 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) (async)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000180)={0x3, {{0xa, 0x4e20, 0xa3f, @mcast2, 0xbfd}}, {{0xa, 0x4e24, 0x20, @loopback, 0xfffffe01}}}, 0x108) (async)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f00000002c0)={0x0, {{0xa, 0x4e20, 0x4, @mcast2, 0x3}}, {{0xa, 0x4e21, 0x4e11, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}}}, 0x108) (async)
getsockopt$inet6_buf(r1, 0x29, 0x30, &(0x7f0000000180)=""/214, &(0x7f0000000080)=0xd6)
r2 = getpid() (async)
r3 = syz_clone(0x20820000, 0x0, 0x0, 0x0, 0x0, 0x0)
kcmp(r2, r3, 0x3, 0xffffffffffffffff, 0xffffffffffffffff)
r4 = socket$pppl2tp(0x18, 0x1, 0x1) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async)
connect$pppl2tp(r4, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x1000, 0x0, @private2}}}, 0x32)

0s ago: executing program 3 (id=6):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6) (async, rerun: 64)
r1 = socket(0x1e, 0x2, 0x0) (rerun: 64)
sendmsg$tipc(r1, &(0x7f0000000200)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x43, 0x1, 0x2}}, 0x10, 0x0}, 0x4800) (async)
rt_sigprocmask(0x2, &(0x7f0000000040)={[0x3]}, &(0x7f0000000080), 0x8)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@acquire={0x134, 0x17, 0x1, 0x0, 0x0, {{@in=@loopback, 0x400}, @in6=@remote, {@in6=@private1, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e21, 0x0, 0x4e21, 0x0, 0x0, 0x0, 0x56befe125658cb64, 0x62}, {{@in6=@loopback, @in6=@loopback, 0xfffe, 0x0, 0x0, 0x0, 0xa, 0x80, 0x20, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x0, 0x0, 0x200000000000002, 0x5}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2}, 0xfffffff9, 0x0, 0x6f6}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0xc}}]}, 0x134}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.15' (ED25519) to the list of known hosts.
[   21.454938][   T36] audit: type=1400 audit(1774843704.360:64): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.456077][  T282] cgroup: Unknown subsys name 'net'
[   21.477675][   T36] audit: type=1400 audit(1774843704.360:65): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.504915][   T36] audit: type=1400 audit(1774843704.390:66): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.505086][  T282] cgroup: Unknown subsys name 'devices'
[   21.647692][  T282] cgroup: Unknown subsys name 'hugetlb'
[   21.653323][  T282] cgroup: Unknown subsys name 'rlimit'
[   21.765461][   T36] audit: type=1400 audit(1774843704.670:67): avc:  denied  { setattr } for  pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.788690][   T36] audit: type=1400 audit(1774843704.680:68): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.813465][   T36] audit: type=1400 audit(1774843704.680:69): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   21.822552][  T284] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   21.845458][   T36] audit: type=1400 audit(1774843704.750:70): avc:  denied  { relabelto } for  pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.870985][   T36] audit: type=1400 audit(1774843704.760:71): avc:  denied  { write } for  pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.902537][   T36] audit: type=1400 audit(1774843704.810:72): avc:  denied  { read } for  pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.902994][  T282] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   21.928131][   T36] audit: type=1400 audit(1774843704.810:73): avc:  denied  { open } for  pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.765985][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.773051][  T290] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.780366][  T290] bridge_slave_0: entered allmulticast mode
[   22.786750][  T290] bridge_slave_0: entered promiscuous mode
[   22.794633][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.801747][  T290] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.809702][  T290] bridge_slave_1: entered allmulticast mode
[   22.815961][  T290] bridge_slave_1: entered promiscuous mode
[   22.881800][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.889129][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.896331][  T292] bridge_slave_0: entered allmulticast mode
[   22.902520][  T292] bridge_slave_0: entered promiscuous mode
[   22.919788][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.926915][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.934061][  T292] bridge_slave_1: entered allmulticast mode
[   22.940402][  T292] bridge_slave_1: entered promiscuous mode
[   22.962619][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.969788][  T291] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.976891][  T291] bridge_slave_0: entered allmulticast mode
[   22.983197][  T291] bridge_slave_0: entered promiscuous mode
[   22.989633][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.996708][  T291] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.003761][  T291] bridge_slave_1: entered allmulticast mode
[   23.010011][  T291] bridge_slave_1: entered promiscuous mode
[   23.016072][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.023107][  T289] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.030210][  T289] bridge_slave_0: entered allmulticast mode
[   23.036467][  T289] bridge_slave_0: entered promiscuous mode
[   23.044474][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.051549][  T289] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.058665][  T289] bridge_slave_1: entered allmulticast mode
[   23.064803][  T289] bridge_slave_1: entered promiscuous mode
[   23.220477][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.227576][  T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.234846][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.241905][  T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.255460][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.262738][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.282211][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.289293][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.307647][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.314697][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.337745][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.344787][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.352430][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.359561][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.400463][  T290] veth0_vlan: entered promiscuous mode
[   23.424981][  T290] veth1_macvtap: entered promiscuous mode
[   23.437231][  T293] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.444289][  T293] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.453579][  T289] veth0_vlan: entered promiscuous mode
[   23.469238][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.476310][  T293] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.490834][  T293] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.497916][  T293] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.508844][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.515910][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.550596][  T290] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   23.568151][  T289] veth1_macvtap: entered promiscuous mode
[   23.612080][  T292] veth0_vlan: entered promiscuous mode
[   23.636999][  T291] veth0_vlan: entered promiscuous mode
[   23.662856][  T292] veth1_macvtap: entered promiscuous mode
[   23.674198][  T291] veth1_macvtap: entered promiscuous mode
[   23.681119][  T289] ------------[ cut here ]------------
[   23.686705][  T289] WARNING: CPU: 1 PID: 289 at fs/overlayfs/util.c:602 ovl_dir_modified+0x15a/0x190
[   23.696102][  T289] Modules linked in:
[   23.700087][  T289] CPU: 1 UID: 0 PID: 289 Comm: syz-executor Not tainted syzkaller #0 9f86d9c18f1652eb5f7cacfb207b3899f57a91b2
[   23.711779][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   23.721913][  T289] RIP: 0010:ovl_dir_modified+0x15a/0x190
[   23.727789][  T289] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 de 75 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f6 48 3f ff <0f> 0b e9 3e ff ff ff e8 ea 48 3f ff 0f 0b e9 6e ff ff ff 44 89 f9
[   23.747774][  T289] RSP: 0018:ffffc9000b6bfb48 EFLAGS: 00010293
[   23.753856][  T289] RAX: ffffffff824861ba RBX: 0000000000000000 RCX: ffff88810438a600
[   23.762160][  T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   23.770277][  T289] RBP: ffffc9000b6bfb70 R08: ffff88811663445f R09: 1ffff11022cc688b
[   23.778322][  T289] R10: dffffc0000000000 R11: ffffed1022cc688c R12: 0000000000000000
[   23.786371][  T289] R13: dffffc0000000000 R14: ffff8881166343c0 R15: ffff8881166a0880
[   23.794530][  T289] FS:  000055558441b500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   23.803637][  T289] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.810316][  T289] CR2: 00007f4e58200218 CR3: 000000012a17e000 CR4: 00000000003526b0
[   23.818399][  T289] Call Trace:
[   23.821675][  T289]  <TASK>
[   23.824620][  T289]  ovl_do_remove+0x81b/0xda0
[   23.829290][  T289]  ? ovl_set_redirect+0x780/0x780
[   23.834330][  T289]  ? down_write+0xee/0x2b0
[   23.838822][  T289]  ? __cfi_down_write+0x10/0x10
[   23.843688][  T289]  ovl_rmdir+0x1e/0x30
[   23.847781][  T289]  vfs_rmdir+0x3e3/0x560
[   23.852130][  T289]  incfs_kill_sb+0x109/0x230
[   23.856792][  T289]  deactivate_locked_super+0xd5/0x2a0
[   23.862180][  T289]  deactivate_super+0xb8/0xe0
[   23.866912][  T289]  cleanup_mnt+0x406/0x4a0
[   23.871345][  T289]  __cleanup_mnt+0x1d/0x40
[   23.876067][  T289]  task_work_run+0x1e5/0x260
[   23.880760][  T289]  ? __cfi_task_work_run+0x10/0x10
[   23.886045][  T289]  ? __x64_sys_umount+0x12e/0x180
[   23.891118][  T289]  ? __cfi___x64_sys_umount+0x10/0x10
[   23.896531][  T289]  ? __kasan_check_read+0x15/0x20
[   23.901574][  T289]  resume_user_mode_work+0x35/0x50
[   23.906733][  T289]  syscall_exit_to_user_mode+0x63/0xb0
[   23.912208][  T289]  do_syscall_64+0x63/0xf0
[   23.915549][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   23.916688][  T289]  ? clear_bhb_loop+0x50/0xa0
[   23.928790][  T289]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   23.934680][  T289] RIP: 0033:0x7f279339da57
[   23.939163][  T289] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   23.958867][  T289] RSP: 002b:00007ffd7c6f1398 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   23.967426][  T289] RAX: 0000000000000000 RBX: 00007f2793432048 RCX: 00007f279339da57
[   23.975420][  T289] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd7c6f1450
[   23.983448][  T289] RBP: 00007ffd7c6f1450 R08: 00007ffd7c6f2450 R09: 00000000ffffffff
[   23.991503][  T289] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7c6f24e0
[   23.999508][  T289] R13: 00007f2793432048 R14: 0000000000005c66 R15: 00007ffd7c6f2520
[   24.007547][  T289]  </TASK>
[   24.010562][  T289] ---[ end trace 0000000000000000 ]---
[   24.021039][  T289] ------------[ cut here ]------------
[   24.026655][  T289] WARNING: CPU: 0 PID: 289 at fs/overlayfs/util.c:602 ovl_dir_modified+0x15a/0x190
[   24.036018][  T289] Modules linked in:
[   24.039924][  T289] CPU: 0 UID: 0 PID: 289 Comm: syz-executor Tainted: G        W          syzkaller #0 9f86d9c18f1652eb5f7cacfb207b3899f57a91b2
[   24.053171][  T289] Tainted: [W]=WARN
[   24.057013][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   24.067128][  T289] RIP: 0010:ovl_dir_modified+0x15a/0x190
[   24.072965][  T289] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 de 75 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f6 48 3f ff <0f> 0b e9 3e ff ff ff e8 ea 48 3f ff 0f 0b e9 6e ff ff ff 44 89 f9
[   24.092655][  T289] RSP: 0018:ffffc9000b6bfb48 EFLAGS: 00010293
[   24.098821][  T289] RAX: ffffffff824861ba RBX: 0000000000000000 RCX: ffff88810438a600
[   24.106854][  T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   24.114835][  T289] RBP: ffffc9000b6bfb70 R08: ffff88811663445f R09: 1ffff11022cc688b
[   24.122830][  T289] R10: dffffc0000000000 R11: ffffed1022cc688c R12: 0000000000000000
[   24.131122][  T289] R13: dffffc0000000000 R14: ffff8881166343c0 R15: ffff8881166a0880
[   24.139149][  T289] FS:  000055558441b500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   24.148139][  T289] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   24.154723][  T289] CR2: 00007fffaade8368 CR3: 000000012a17e000 CR4: 00000000003526b0
[   24.162732][  T289] Call Trace:
[   24.166072][  T289]  <TASK>
[   24.169000][  T289]  ovl_do_remove+0x81b/0xda0
[   24.173588][  T289]  ? ovl_set_redirect+0x780/0x780
[   24.178662][  T289]  ? down_write+0xee/0x2b0
[   24.183092][  T289]  ? __cfi_down_write+0x10/0x10
[   24.188062][  T289]  ovl_rmdir+0x1e/0x30
[   24.192147][  T289]  vfs_rmdir+0x3e3/0x560
[   24.196439][  T289]  incfs_kill_sb+0x1a0/0x230
[   24.201060][  T289]  deactivate_locked_super+0xd5/0x2a0
[   24.206730][  T289]  deactivate_super+0xb8/0xe0
[   24.211603][  T289]  cleanup_mnt+0x406/0x4a0
[   24.216071][  T289]  __cleanup_mnt+0x1d/0x40
[   24.220499][  T289]  task_work_run+0x1e5/0x260
[   24.225083][  T289]  ? __cfi_task_work_run+0x10/0x10
[   24.230237][  T289]  ? __x64_sys_umount+0x12e/0x180
[   24.235325][  T289]  ? __cfi___x64_sys_umount+0x10/0x10
[   24.240740][  T289]  ? __kasan_check_read+0x15/0x20
[   24.245829][  T289]  resume_user_mode_work+0x35/0x50
[   24.250944][  T289]  syscall_exit_to_user_mode+0x63/0xb0
[   24.256449][  T289]  do_syscall_64+0x63/0xf0
[   24.260889][  T289]  ? clear_bhb_loop+0x50/0xa0
[   24.265605][  T289]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   24.271615][  T289] RIP: 0033:0x7f279339da57
[   24.276093][  T289] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   24.295754][  T289] RSP: 002b:00007ffd7c6f1398 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   24.304175][  T289] RAX: 0000000000000000 RBX: 00007f2793432048 RCX: 00007f279339da57
[   24.312173][  T289] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd7c6f1450
[   24.320267][  T289] RBP: 00007ffd7c6f1450 R08: 00007ffd7c6f2450 R09: 00000000ffffffff
[   24.328297][  T289] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7c6f24e0
[   24.336357][  T289] R13: 00007f2793432048 R14: 0000000000005c66 R15: 00007ffd7c6f2520
[   24.344399][  T289]  </TASK>
[   24.347522][  T289] ---[ end trace 0000000000000000 ]---
[   24.366656][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   24.385571][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   24.414989][    T9] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   24.430519][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   24.440227][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   24.449207][    T9] usb 3-1: Product: syz
[   24.453411][    T9] usb 3-1: Manufacturer: syz
[   24.458077][    T9] usb 3-1: SerialNumber: syz
[   25.667382][    T9] cdc_ncm 3-1:1.0: bind() failure
[   25.673166][    T9] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[   25.680096][    T9] cdc_ncm 3-1:1.1: bind() failure
[   25.937703][  T323] overlayfs: conflicting options: nfs_export=on,metacopy=on
[   26.952821][   T31] usb 3-1: USB disconnect, device number 2