last executing test programs:

29.596125103s ago: executing program 3:
socketpair$tipc(0x1e, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x34e, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00cd04", 0x318, 0x3a, 0xff, @remote, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x5, 0xa, "a78c000005dc8080a2030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000005000000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea468000000000054740a5d4901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3cc271a9ff09a48b5b303f4f0"}, {0xe, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x0, 0xc, "5e14ccb44d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d180600aa89c8f267d76ece1c9f6ae2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1b96, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x204410, &(0x7f0000000740), 0xfe, 0x4a1, &(0x7f00000001c0)="$eJzs3M1vVFUbAPDn3mnLN+3Li6h8SBWNjR8tLags3Gh0p4mJLnBjUttCKgM1tCRCiFZjcGlI3BvdGKJ/gSvdGHVl4lb3hoQoMQFdmDF35t4yU2ZKW6YdcH6/5JZz5p7pOc+ce+499x6mAXStwexHErE1In6JiP5atrHAYO2f61fPT/x19fxEEpXKq78n1XLXrp6fKIoW79uSZ4bSiPTDJK+k0ezZcyfGy+Wp03l+ZO7k2yOzZ889OX1y/PjU8alTY0eOHD40+szTY0+1Jc4srmu7353Zm/S8fvHliaMX3/zhqzQidu2r7a+P47akWxaSg1ngf1SqFhd7pC2V3Tm21aWTng42hBUpRUTWXb3V8d8fpbjRef3x4gcdbRywprJr04bWu+crwH9YEp1uAdAZxYU+u/8ttnWaetwRrjxXuwHK4r6eb7U9PZHmZXrXsP77IuLo/N+fZlvk/fDP1jWsEADoet9k858nms3/0thVV257voYyEBH/i4gdEfH/iNgZEfdEVMvem89nVqK2NFRayN88/0wvrzq4Zcjmf8/ma1uN879i9hcDpTy3rRp/b3Jsujx1MP9MhqJ3Q5YfXaKOb1/4+eNW+wbr5n/ZltVfzAXzdlzuWfSAbnJ8brxdk9Ir70fs7mkWf7KwEpBExP0RsXtlv3p7kZh+7NLeVoVuHf8S2rDOVPks4tFa/8/HovgLydLrkyMbozx1cKQ4Km72408XXmle+8bbi78Nsv7f3Hj8LyrR/2dSv147u/I6Lvz6Uct7ytUe/33Ja9Ux2Ze/9s743Nzp0Yi+5KVqvuH1sRvvLfJF+Sz+oQPNx/+O/D1Z/HsiIjuI90XEAxGxP2/7gxHxUEQcWCL+759/+K0VxT+9vv0/2fT8t3D8DzT2/8oTpRPffd2q/jz+4mTbov8PV1ND+SvV898ttG5OlKciKpVVH80AAABw98luvLdGkg4vpNN0eLj2f/h3xua0PDM79/ixmTOnJmvfERiI3rR40tWfPw/N7rZHk/n8N9aej47lz4qL56WH8ufGn5Q2VfPDEzPlyQ7HDt1uS4vxn/mt1OnWAWvO97Wgey0e/2mH2gGsP9d/6F7GP3Qv4x+6V934//LMhT3VxHvVn/sXdjRdC1jiL4cAd4dF1/9Ln3eqIcC6M/+H7mX8Q/cy/qEr3c73+juT2JS3/FaF+zrf1NUlvuidLWXx1e1KeiI637DGRKRLlXkjmu8ajIg1aljcER9LuxPJMg715SaOHc+HznIKd/KsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0D7/BgAA//9ajd4t")
open(&(0x7f0000000680)='./bus\x00', 0x14927e, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
getgroups(0x2, &(0x7f0000000000)=[0xee00, <r1=>0xffffffffffffffff])
setregid(r1, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c00e281748367e272385d79a1df3d4450b634adb70219fb4e4b5c391b2895fa1e6cd095b8afad51266ca6a1e7df55c77331ce1ae3e7082e230efc754222e6ae241f8a83295e0096f5483be4ae5ec6e382e09c82a55690ff944cc5aa09c446c97f732294d916e5e91fc2431196e7b0042d0d47697e3e030870ae23326c4cb79cee41ad0cabf43329f262a1ce3fb49476a6502e77bce7ca913bb7b0473b69750208416ead40eb633ecbf80e8e5ad6517a51cca81f13c1"], 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000006c0), 0x0, &(0x7f0000000b00)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [{@pcr={'pcr', 0x3d, 0x2b}}, {@appraise_type}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@euid_eq}, {@euid_gt}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@subj_user={'subj_user', 0x3d, 'fd'}}], 0x2f})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000780)=ANY=[@ANYBLOB='\x00\x00\a'], 0x0, 0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeaf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}})

27.384434882s ago: executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020754d0400000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004000000180100002020642500000000002020207b1a00ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='ext4_journal_start\x00', r0}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001280)={r1, 0x58, &(0x7f0000002380)}, 0x10)

27.370602535s ago: executing program 3:
syz_usb_connect(0x0, 0x3f, &(0x7f0000002b80)={{0x12, 0x1, 0x0, 0x8e, 0x45, 0x71, 0x40, 0x45e, 0x43d, 0xf35a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x6a, 0x0, 0x0, [], [{{0x9, 0x5, 0x4}}, {{0x9, 0x5, 0x8}}, {{0x9, 0x5, 0x6, 0x3}}]}}]}}]}}, 0x0)

25.291481293s ago: executing program 3:
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x2b5c496, &(0x7f0000000400)={[{@init_itable_val={'init_itable', 0x3d, 0x5}}, {@data_writeback}, {@nolazytime}, {@min_batch_time={'min_batch_time', 0x3d, 0x3}}, {@usrjquota}, {@auto_da_alloc}, {@noload}]}, 0x1, 0x4f2, &(0x7f0000001ac0)="$eJzs3c9vG1kdAPDvuPnhZLOb7LIHQMCWZaGgqk7i7karPcByQgithNgjSG1I3CiKHUexU5rQQ/o/IFGJE/wRnHvizgXBjUs5IH40AjWVOBjNeJK6SdykTZuJ4s9HGs2898b+vtd23qu/bfwCGFiXI2I7IkYi4mZETOb1SX7Ep90jve/xzt2F3Z27C0l0Op//O8na07roeU3qjfw9yxHxkx9E/Dw5HLe1ubUyX6/X1vPydLuxNt3a3Lq23Jhfqi3VVqvVudm5mY+vf1R9ZWN9rzGSX3314R+3v/PLtFsTeU3vOF6l7tCH9+OkhiLiR68jWAEu5eMZKbojvJRSRLwTEe9nz/9kJNtF9wgAeN06ncnoTPaWAYCLrpTlwJJSJc8FTESpVKl0c3jvxnip3my1r95qbqwudnNlUzFcurVcr83kucKpGE7S8mx2/bRcPVC+HhFvR8SvRseycmWhWV8s8i8+ADDA3jiw/v93tLv+AwAXXPlgxWgx/QAAzs6h9R8AuPCs/wAweKz/ADB4rP8AMHis/wAweKz/ADBQfvzZZ+nR2c2//3rx9ubGSvP2tcVaa6XS2FioLDTX1ypLzeZS9p09jePer95srs1+GBt3pr671mpPtza3bjSaG6vtG9n3et+oDZ/JqACA53n7vQd/SSJi+5Ox7IievRys1XCxlYruAFCYS0V3ACjMUNEdAApzis/40gNwQRyxRe8zyhExdrCy0+l0nq05dAtwfl35kvw/DKqe/L//BQwDRv4fBpf8PwyuTic56Z7/cdIbAYDzTY4f6PPv/+/k53886p5/tnjwjvuvs1cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwvu3t/1vJ9wKfiFKpUol4MyKmYji5tVyvzUTEWxHx59Hh0bQ8W3CfAYDTKv09yff/ujL5wcTB1pHkyWh2johf/ObzX9+Zb7fX/5TWP9qvb9/P66tF9B8AOM7eOp2dez7IP965u7B3nGV//vn9iCh34+/ujMTufvyhGMrO5RiOiPH/JHm5K+nJXZzG9r2I+OJR409iIsuBlLPSwfhp7DfPNH7pmfilrK17Tn8tvvAiQW36DJkH6fzz6VHPXykuZ+ejn/9yNkOdXj7/pW+1sJvNgU/j781/l/rMf5dPGuPDP/ywezV2uO1exJeHIvZi7/bMP3vxkz7xPzhh/L9+5Wvv92vr/DbiShwdvzfWdLuxNt3a3Lq23Jhfqi3VVqvVudm5mY+vf1SdznLU0/1Xg399cvWtfm3p+Mf7xC8fM/5vnnD8v/vfzZ9+/Tnxv/2No+KX4t3nxE+n8G+dMP78+O/L/drS+It9xn/c7//VE8Z/+LetQ9uGAwDFaW1urczX67V1Fy7O/0X6R/b4m5NCevi9s4o1Ei/0qk7npWL1mzFeRdYNOA/2H/qIeFJ0ZwAAAAAAAAAAAAAAgCOdxU8sFT1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7/BwAA//9lVtOG")
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14)
r3 = socket$inet6(0x10, 0x2, 0x6)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000040)=[{0x16}]}, 0x10)
sendto$inet6(r3, &(0x7f0000000000)="1c0000002800050f0c1000000049b23e9b200a000835b3c000000001", 0x1c, 0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x14)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, &(0x7f0000000380), 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r4, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x5}}, 0x10)
sendmmsg$inet(r2, &(0x7f0000006740), 0x0, 0x20000004)
getsockopt$TIPC_DEST_DROPPABLE(r4, 0x10f, 0x84, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$packet(0x11, 0x0, 0x300)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

24.414246587s ago: executing program 3:
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000006c0)=ANY=[@ANYBLOB='shortname=mixed,shortname=mixed,fmask=00000000000000000000066,uni_xlate=0,utf8=0,rodir,shortname=lower,uni_xlate=0,nonumtail=0,utf8=0,shortname=lower,rodir,rodir,flush,nfs\x00\x00\x00\x00\x00\x00\x00?_ro,rodir,utf8=0,ro,\x00'], 0x6, 0x2c0, &(0x7f0000000300)="$eJzs3T9rLFUYB+B3NpvZUYvdwkoEF7Swupjbic0GuRfEVF62UAsN3huQ7CIkEPAPrqlsbSws/ASC4AdJ4zcQbAU7IwRGZnYmOxvXdVeykZs8T5M3Z85v5pzJYTMp5uTDF8eHj/txcPrFL5FlSbQGMYjzJHrRitpXMWfwTQAAT7PzPI/f86l1cklEZJsbFgCwQav9/m/Pyp9uZFgAwAY9eve9t3f39h68k0UWD8dfnwyLv+yLr9PjuwfxcYziSbwW3biIKB8UtqN8WijKh3meT9r9Qi9eGU9OhkVy/MFZdf7d3yLK/E50o1c2XT5tlPm39h7s9Kca+Ukxjmer6w+K/P3oxvOX4bn8/QX5GKbx6suN8d+Lbvz8UXwSo3hcDmKW/3Kn338z//aPz98vhlfkk8nJsFP2m8m3bvhHAwAAAAAAAAAAAAAAAAAAAADALXav2junE+X+PUVTtf/O1kWkxbf9Wm9+f55pPqlP1NwfKM/zSR7fN7YU7OdVx1m+HS+0mxsLAgAAAAAAAAAAAAAAAAAAwN11/Olnh/uj0ZOjaynq3QDaEfHno4j/ep5Bo+WlWN65U11zfzRqVeVcn7O02RJbdZ8kYukwiklc0235t+KZq2Ouix9+LCa4zgmzRsvriye4vfha11nUq+twP1l8DztRt2TVIvkujZj1SWPFa6X/dCiPdZZfuvBQd+25p8+VxWRJn0iWDeyNX6d3rmpJrs4iLe/qwvh2VTTiV9bGSus5smn8758VSblbR2dzH0YAAAAAAAAAAAAAAAAAAHDHzd7+XXDwdGm0lXsVGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBbYvb//9coJlV4hc5pHB3/z1MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgDvgrAAD//1ufWRg=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0)
fchown(r0, 0x0, 0xffffffffffffffff)

24.359018806s ago: executing program 3:
ptrace(0x10, 0x1)
r0 = inotify_init1(0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, <r3=>0x0})
ptrace$getenv(0x4204, r3, 0x202, &(0x7f0000000000))

2.037976248s ago: executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000040)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)
close(r0)
socket$netlink(0x10, 0x3, 0x0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0x4}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

2.035028448s ago: executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r0, 0x0, r3, 0x0, 0x8ec0, 0x0)
fcntl$setpipe(r3, 0x407, 0x0)
dup3(r1, r2, 0x0)
dup2(r2, r3)
sendmsg$nl_route_sched(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@deltfilter={0x1004, 0x2d, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0xcf4, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x4a0, 0x6, [@m_ife={0x11c, 0x0, 0x0, 0x0, {{0x8}, {0xd0, 0x2, 0x0, 0x1, [@TCA_IFE_METALST={0x18, 0x6, [@IFE_META_SKBMARK={0x8}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8}]}, @TCA_IFE_METALST={0x38, 0x6, [@IFE_META_SKBMARK={0x8}, @IFE_META_SKBMARK={0x8}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x8}, @IFE_META_SKBMARK={0x8}, @IFE_META_PRIO={0x8}, @IFE_META_TCINDEX={0x6}]}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_DMAC={0xa, 0x3, @local}, @TCA_IFE_METALST={0x2c, 0x6, [@IFE_META_TCINDEX={0x6}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8}, @IFE_META_SKBMARK={0x8}, @IFE_META_SKBMARK={0x8}, @IFE_META_SKBMARK={0x4, 0x1, @void}]}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_PARMS={0x1c}]}, {0x25, 0x6, "1cbd1aa741fa2be41aa25e89c34d90e75d20fefdf22cadd0008bb12dceffa5f29c"}, {0xc}, {0xc}}}, @m_gact={0x1c8, 0x0, 0x0, 0x0, {{0x9}, {0xa0, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc}, @TCA_GACT_PARMS={0x18}, @TCA_GACT_PARMS={0x18}, @TCA_GACT_PARMS={0x18}, @TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc}, @TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc}]}, {0xfd, 0x6, "19da5d7831f1c34de9cbf5eb4fa2405e3400fc71a4215450deba9972427e89f8a426b9ec37a0db2a67c7aa6faa38b7923e0252271744f970904f9b36fc4bed4b06f7e5c6038db52e75e0977ad9bad0012c7104ff5bc2bd36c49306be651c4960baeb576daaa2c7f23874a97c47863778d0ad6044fe49cae5fe9b2c21190e87fbb3ce5fe777a40801d8f87f21ae2da805fcce7b3fff2baf9adba936c5583d6aca8cc58b70e01e48d3e7b63493bdb52634fd3333ef3ec3150b17662d40b7197b36a7091f5619c3d710d2759144a4d1aeb19c25f2d881e63c0dde45a6165299cf71f9999039c770736049f44712deae1bff4bdd51651066872c39"}, {0xc}, {0xc}}}, @m_mpls={0xf4, 0x0, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5}]}, {0xbd, 0x6, "d61c7a3943436bd051cd0ae1097e90a511d96b9a72fabedb7ca7d7285b3b3f2636018f96ad162a872aefea27d53f9748fcf35f613681b73c62685fbdf981bb3a4315cb76acc7202ff6c8bffa25dedf44818ebd923348311740bb28ca3f758123c8373e220a2a992b76d2b0de2645eb923f3843a2ca108a61af731307fe7901e2b23c1ab56b954bc79f81e09d464e55507c48d20047165232bc8ecfe348d4be4185c477f6ec48829b704abf5a42ab8bc8dd01ff1127ae0ee298"}, {0xc}, {0xc}}}, @m_tunnel_key={0x80, 0x0, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_KEY_ID={0x8}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @remote}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8}]}, {0x21, 0x6, "72ff4ba612d00d3887c29dcc4cb9d5d669237553ac061d2c5165b34d57"}, {0xc}, {0xc}}}, @m_skbmod={0x44, 0x0, 0x0, 0x0, {{0xb}, {0x18, 0x2, 0x0, 0x1, [@TCA_SKBMOD_SMAC={0xa, 0x4, @broadcast}, @TCA_SKBMOD_ETYPE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_TO={0x8}, @TCA_ROUTE4_POLICE={0x838, 0x5, [@TCA_POLICE_RESULT={0x8}, @TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_RATE64={0xc}, @TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_PEAKRATE={0x404}, @TCA_POLICE_RATE={0x404}]}]}}, @filter_kind_options=@f_cgroup={{0xb}, {0x2ac, 0x2, [@TCA_CGROUP_ACT={0x2a8, 0x1, [@m_nat={0x1d8, 0x0, 0x0, 0x0, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @dev, @multicast1}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast2, @broadcast}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @dev, @local}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @local, @dev}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @broadcast, @multicast1}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @loopback, @multicast1}}]}, {0xbd, 0x6, "845df56554f52a6dedccff0346d79d47efa3485118af0323e9801f9714c944d31f47690b6f8065867aa8885cb4dbc63a6937117264a9cb4ac0abb547edcd043ca0f07b9c84e29a418e2a91626117d130da8a72d1caa818b78816ce8ea087bfc6340f10b25606cd94be970861e6006276d76d50b613747eb3c0ef882d4cf7a49bfea3ec4e694cb5cc53db40fd3e10edb6b90ac3c6b98e1f3b61e312927f5238a53c0fad9aeec7416994ee59153e9343723ca7135acd9fd0bbe0"}, {0xc}, {0xc}}}, @m_ife={0xcc, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0xa1, 0x6, "7f062f1f3257b959678c094726cbbb097a4629738ec6310909c3151bc38bedd3a97a1d724fcc152d6c69378ddf47b3fcd8b7f483e8ba0993692d43b332ec45d8b4543841099ae1c4d78f171840550ec67851c679b7f54d4def04da1b17383e5c1a0ab37e17098308d2a9d2d093955bcc3c296e7dcd384fd9549ba36ab95dc0c70bdce94003617a7f5915292b72cf2a798860d896fb5028d2fd018b3afc"}, {0xc}, {0xc}}}]}]}}]}, 0x1004}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$sock_bt_hci(r2, 0x400448dc, &(0x7f0000000180)="99317af9554b6c17de3424baf1539e457b8171ee325f3f50e97f7a706da9b9f4804ca30a2f27a2919c38a009bfd4be83abddcc796da2280c7754bc3a908c33a5558b2b51a2f8a44cb23b56618e5786d41bb47633f4c2ba9c218ccc51d32302cb397843620a1a36638676014095fc88d131a023bd388fbe86ebd7aa6584db8cf945f01a48b86cb662346cb28b5b632cfce7b686c4208fe8708b1b37e51c712083c8a2444f7b06c436ee7fc20052")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, r4}, 0x10)
r5 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r5, &(0x7f0000000140)={0xa, 0x4e24, 0x40, @dev, 0x7}, 0x1c)
sendmsg(r5, &(0x7f00000000c0)={0x0, 0x9506, &(0x7f0000000100)=[{&(0x7f0000000000)="3b10", 0x5a8}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

1.844320377s ago: executing program 4:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000180)={'syz0\x00'}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_DEV_CREATE(r0, 0x5501)
write$uinput_user_dev(r0, &(0x7f0000000bc0)={'syz1\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c)

1.816777351s ago: executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$mouse(0x0, 0x8, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x20, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_ZONE={0x6}]}, 0x20}}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_sync_file_exit\x00', r2}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
bind$tipc(r3, 0x0, 0x0)

1.780949767s ago: executing program 1:
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000140)='./file0\x00', 0x4000, &(0x7f0000000540)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c726f6469722c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d6c6f7765722c646f733178666c6f7070792c73686f72746e616d653d77696e39352c756e695f786c6174653d312c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c6572726f72733d636f6e74696e75652c756e695f786c6174653d312c756e695f786c6174653d312c6e66732c757466383d312c726f6469722c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c6e66732c757466383d302c726f6469722c73686f72746e616d653d6d697865642c00ea44bd4eb3e2e4e94eb1cfb53549831eec95cfb5172d8c957d6deab8e5b26e38ca4e9ecb7d4a10a8ecc205c32dbbe6c470bd1e34a8d5a53e7f567222fe87b87c58db8017759ddb95cff3daa610"], 0x1, 0x2a3, &(0x7f0000000180)="$eJzs3b9Pa3UUAPBzS2mLDu3gZEi8iQ5OBFhdSgwkxE6aDuqgRCAxtDGBhMQfsTK5ujj6F5iYuPlPuPgfmLiavO0xkNyX2977Wnil0BcK78fns3D43nO+99zLLYShp1+u9o/20zg8++HfaDSSqLRjJc6TaEUlSj/FJe1fAgB4mZ1nWTzKRuapSyKisbi2AIAFmvvv/58LbwkAWLBPPv3so61OZ/vjNG3ETv/n027+n33+dXR86zC+jl4cxHo04yIie2oU72RZNqimuVa81x+cdvPK/hd/F/tv/R8xrN+IZrSGS5frdzvbG+nIRP0g7+ON4vztvH4zmvHWlPPvdrY3p9RHtxbvvzvR/1o045+v4pvoxf6wiXH9jxtp+mH26+PvP8/by+uTwWm3Pswby5bu+UcDAAAAAAAAAAAAAAAAAAAAAMArbK2YnVOP4fyefKmYv7N0kX+zHGmpdXk+z6g+KTe6Mh9okMVv5Xyd9TRNsyJxXF+Nt6tRfZirBgAAAAAAAAAAAAAAAAAAgBfLybffHe31egfHdxKU0wDKt/U/7z7tiZV3YnZyfXyuShHO2DmWypwkYmYb+UXc0W25KVi5ruff/5h3w8bNOcuz7s/dBOXTdbSXTL+H9ShXGuVD8tdkTi1uea7adYdWixZut09t6qHm3Ndee3MYDGbkRDLrdfHBf6O2i5Xk6ouoNryrU8uXi2Ci/MqzMdfz/OzvisS0DgAAAAAAAAAAAAAAAAAAWKjxm36nHDybWVrJ6gtrCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu1fjz/+cIBkXxLZJrcXzywJcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAa+BJAAAA//9YAl9K")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x8)

1.777333078s ago: executing program 4:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x5, 0x0, 0x4)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000040)=0x90054430, 0x4)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg$can_raw(0xffffffffffffffff, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0)
setsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
ioperm(0x0, 0x0, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x881)
ioctl$LOOP_SET_DIRECT_IO(r2, 0x4c08, 0x0)
bind$can_raw(r0, &(0x7f00000000c0), 0x4b)
r3 = syz_io_uring_complete(0x0)
setsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000300)={0x0, ""/256, 0x0, <r4=>0x0})
mknodat$loop(r3, &(0x7f0000001700)='./file0\x00', 0x6000, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000500)={0x0, ""/256, <r5=>0x0})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f0000000700)={r4, r5, "2fa9ded8a90da7abd76cf26df28a53ba5babf4f34cc7dfaac95e9567a07004fd899de74f3f0ecce50be89f58e4b160f6bb1f7224ea8d9c8de088c2496bb8684d533e9754c4b221f47a0638b5ea8ea78d1ffc6bd226bb73b16b97d87a08574e5e5872e66f1c2252e748f01bf86ed860ce2e0462922f351c047e7d1f608682644132e9f9ee90d466dedf9d22beb42e7dad8a82eb8479853fe0cbe44fb9ba42c255e81d0bb701ac7f599b9ab0c14550e6f167c3405fa7349c0f5f8ad673e0b2d75efa00389264f958377c8af6f1ad516363aa14be9e064fcfcd10783d60ee765544e293ae79ef8b2f55100a59a68764aae0895df23c13a2375e9e26ee8fd8f0b4e3", "f6f6653a3d6e4f57e73efa894731d1a7c422e19aedb1b9b3959a719d323b06ac8c680ee537f6d1a2549c4961baf4012b6c481561b8da13d16e64be56f6c1de5a6328de703a019efe25c998eabe33d1ed05e5e57dd5043486924269cc910f3888df14a1da9bb55b082b47e67657b7a566ca4cc64f656b482524a9a5ea5fc07ee4d584ec82f0b547f522b64bc20c894c0a01a9d9b73320894de23078c6de2701d3a82cec0c7fe2c35cad9a851151a2e5cc5961f53a5f0af83b8a28da01cf45f315ddc276953186b1faedaa50c828ab299ae7efdb9d505262c845a505989ce410596188459d6acc0e636f87f9ad86568bbf53d42ffabb9cc8b52ac0999daeba25d4b75f24311a510f62bb26e209408363a34f422938dc6cb188f27bfd0030928269558711445c95f1e3c86049104a5a1311183daea5a94d199b496473e1fc4e3853c630b2506152c4f34699f88d97bfc8e361e3a496dc4e62c715c4a09b196812a997128c905541f6a2781d9623283d042cd4a6f44ca4f94ac2a99b4be300f49ff4a5d918ac5b4e0aa10ad60a9ba67f32a3cf62217a6278789161da1f99154a20a1cfb3cbce3139593f3871d805e5db93d3f9649f9d7716bb3e6504e8e36ac38855e87bb4dc835025f1aa6389a92fd4a8864512df7a13afa51180700f92fa11a4182abb56b97cee75207d7422b3231fd094d2e7c825684f1bc81db1494f95a36243c100548896554c8afb7aa68a0471fa857bebfc3391a42783436efd400340bbf607489b60b56662a23643df61ab45502070a456df55d5d351d23eb68df3dd098d01a36d03b5b3a7c022ae0e546a5a407467686810ee874053cc364ddc0c78e6bfd9c71ee2052ca54906104ee7cdeb0fd6cc79ac79420ef48c3ce9bbc85f2eea9094e38c2b43759c9e5ef2fc05d801200b3dbb3bd0866e207906c92c005d84d996cbaed35c7c01769d5afac4decce6382586b431a0d265bfec82a13e6a151d6372e89b3f3a53d21ee6854b7b3f9b102a52a1afcb1948cc764a9a4f4ee86aaeb97d0a3194cf2f5ba4c7c8cc321b1b461ca5c2047289da063c5851f53a01da24f279c1bff347082cacc962a3c39bf17b6fbba5b73bb4928e91d7b3d67c76d0f887d748f1812dba429e142e943626ec2ddaa3e6e3e5ecb3172ea8473cdc7c45bc9eb2a8b542c0ac633942d8ccec3ce47f9d5c62319e28a07e69d181bb4bbc0e902ef8d48b998262feeafc79af3f8d5f701b35020200fa4eb7b498c504107f7a4f54655ddebd090f33f2bdec86fa0523724002ce428835795c10e503d2d4f9531055e63cef0b9c224b626612fe56c4c026673b797045afaadec98c62fa95de46df90d038124586e2c908380918c566a819493819dce8e3349e95c782d12f7b343b04cf2cb95c2668536d8121a4ebf4689d5189e02cacf748a7ec05a2e86548663ce8eb598dd2a4c2334575ca29fb1fdc6ef8ebdd605d6b5dc36b11ce4b872e5e7ad058375994be04b87f3b3a3c7fac4b787eccea276b94dc60541f843e2631379146055f3c9c62db2838ab1c6aefff9b1550719970dbab10c82b57f4221c81df47c25e5db6b9347eec09644c28464f2d0816a9e4d0bf2a278a822d6a77f043cd1b67237e9d63b561b159ebdca565bcc4cb6fc40ab3bd13dfe384c5fca214ede22cff42a63b463ee9201d339311263f539485bd4fa400fa23639e2e9d5fdb633ca7e6410397524adb5028d09db0e262c956b55d49e58c8795d7554421c4e1259592aade1ba5082b58d03df4ba7fd6077d5446418b678ae29589cc734a4da5497841331d37b38828f9bf45460067c6322e9f616ea08a2da50a821fc7170894103d40e1e0871c9bb03e7caaf05c498b223e89cd71080273dc8a7b031a8b8825ea5a04f689fd7ff79bf081281cebb759417754370809d1c57768178189a1576bca248d8e12308db8e3d7bc918efab8bd0efd4e026716996a4cc30fc4bc3ac89e1648b4e05e9a65fd7a6dc69eb0c1a19ddc71a7bf4d06638916cd905aa127b821aa78637d187a4c74697618265d91e8def86c7f8961734463e6bd52f29eeedfce34d0818c5948e82762f80d5f18dedded3ad358dce8440392a10190e8edd4ad2f5db11dbc133b07ee9cbb889442cb1bca0597d5957820a4db828869b640c68e792a17d23b83319604ad2ef7efdf72a112666fe07cad8e7d633207c24ca74195460d11bf6f9a80e6100f6e12ba29e0dc6e3c2a8779fabd6f00cf4fd3432dc18bc4bf5e4358f92b6428db2ff8fc25bf777d8d87ac8dd6b5aa774043dc87ca0551ffc07d5f409095dc7688aaae8c4bb39c7648381c796c728ef815a742cd5fd981e71c88cda739c0aa576f05434bfff8ba74e98fc780cb8606fadadac1e523eee8d2d56eb7ad1e8aa3c6653e053b770c17b8bdc0c8d4178855f78432a26f1b80ae6abe402edee7182c79e2d3c6b73ec6352ffb3ce62b702908134eec7a3bca8fce20ba563a7b5b85a7b9f3525b7cc5923969f42821e2c7c7f81ace7f404d90e4df08ac3297183bb367e2c4a3a59c4a51ecceccbe9d908a2831902810cc268d3e4d044f0d56227f45e1c73f832f92e95723f70f64c61cb97f0d6ea6e7c457dceec20204cfd46595a0c69a599f8cc7fead98934114a485e461b647bd64fc6b467264c0f5cebbcac58a3ed370ff88228732cb832e60dfcee01ac382800aca76a45447adb3891afc01890e3e379152332aa964a425a5553eaf3c3487e2ea095ed7871da5cfee85507e4b7da1ea5b03ded1db48294a2aa5c0b7f04f1a2f7cbf8eddce77e1dc4a4edb05a44038cf41c3316ad33dbc670d4296f48082793df19782f207654b77b01d45c6d5278281158b2bfd6c2daa9262158882bf0fbd8783adfda47eb4e4e157a5395c143b6290e7a59edf79c3d8752cbbf98b80174d9f1795438b291f209e4e4bf6d9734f94893670e5046a2c88d8a7ea3e6683d782c9d06c1d66968780a92d21da57c06da9292e7b0622f8b8c799d9644c86397b4822c356cc8e8d26c2ab145028b67b656375b554dbdee885ca30d64a685842ed71da334b30631c78d994eecf794fc72bd3f093c5f35781c384d83b0214ba7089dd8e0ad57ff4b66d240269fe4e6a136410b6dae62e1d4e04aa2c7b7b5b0629c2bde4c6e2cee322da09a7aa6a35559366d8c5dd090b427a45c01af9c4bb4d939d56e0110e230aecba5a4434b47c579fd8f27e803d977bad7b4fdb3e31e8cbcccf015d42faaf1ae53f031949103412258574fc8cbf2409bb3771a4aa2bbdc2b20bc0953356c11e8de48118a40ba311b8f9f92166ced409c0581b5d8579bc20e1879d8104713b75d28be6df122245c40d3ccbd5244c31afa0007ba9cb10e8a150da3c296a7b0ceb020164f930f1a000ed1c40ebc760a01e7a5bf28148a4da50e80b8d7442dbe11a2becd4d786f8caad3a092cf40ac634888714883e5b0a89f85c35d1bab5eaa1e11983c753ada097b4800be37d1ad2d32c8d49af39a7eee2b0205b2274b3462da1810ffa79e84540e544fc32bd6de96900aea6096987794b4f1915e7e38f54ad5f8927f84934f6c5445bd2d4e8324439cc6f91e0009a7363b88b26badc87df141e99524b3d608fb033496eba5c6020cc8a620f8a2dbe09c7246240b4f1bc1b9cf2809d13bcf385316103ebdb025864c1945c494b8e5b3aff23943136ebb9e9c0db6e0cd0cc7bca4092476408b20d2f6fa7a27d1d49f59ba504d4cac44e8221f0b06384e2d24f046cfcdcb36b23cf085a86afda7691b52a7d20173bbb57810bebc93d9bfa41cd3e7e4d9f7d95c4e427e04c46b4c57bc1c55e4d85bcd2fd60272dcb0f08beb55f35624966065eff36bb0d9a9ae11ca0b8fa26d130c82ea6d3e660605250f4c489d0a45d1583d0d8c98e2415264c3fd1c3509d82d3b5d766099d4c8679883af73901c8127aec067aa983ac2e220e00344c49b036ce3960dfbdb139ef3a949449ffe9dd771d9bdd95c2b5fc6223437fc6b8bc95d9f60752803f2e03ef656cb73497f35f5a8a3a0692fbc75d163741b80d80aed3c5ff59cbed107b6fad4fb68e8043d8929ffc86afb72850646d57bde80efd63950c6248c14badbd4a55e6a596675929adcb8a49c7500ea72aace7d4288dfe0cc71e089d489e7a9026e86a30f31a9c593b3519115c22265514ac2259f87fbb8a5f5fd53dfe99351f9cb3d72d94d79e07896c8a5092f74992d7cdcc8ab189c547d6b323a22fc97b43a70f9bfedb4d9258fa13ed71b4f6067404dbbc45d23c6964208d69a3f812b3aba95002fa23c6c98efed78c00a9e22c3e25d39a01c69602c2fa24474ba7bc644a64c5b2e962add4e4fe3041b1b67ab191dec738eace3b38e199fed2401090dcef567d721ebd670bf8a1d9d529c4c069a82fb2956fd53fade2427970721e95e7a927e73e308bed0346f32f97d342fd314a48df3f2fb729f4a6911dc5b66237963c6ffdc0a2fa489dad97de7a1ca5226b7a47ac6470d25471214d0f0b3f3a836cab99ab4afb901b13306eca09e39fa1033b248331b6bf4f559c7cd06750fc160be63083b9f2257349fb1ca6c3ddf00cc9a5c73e30f5778972430c5d374e9f15183a423b51af5d008e3244b3678ec6fed1d6c956ea119091780f78124ea9c83501f23e4276b6879f7be7b2c00aff67dd3994f7ef05c776e58b28db83945efd0909590935dc59b626cb650c602aa64bde7871e4fea6ce8a1aa7fab52ef970578a6112f131172dae580bdc3faf81a318da1f00057ccab1ef81b8a97a758ead8fcd5db62ea83bd0670f4076f5bd6577ecc71893d849f53e64d736b47cc168f8b2ffaf6b398274d379b612d21eafb9a24c25ec929f93413f68b30433868ee5cd9ce4516f6aad191ca56a48d17cd84a11d2364bcac2d0ed020811cae6f56d24d5d0b01d73e97439c0370228e73b7956160725666f548841a10122d7df077fef85289ec913faade4c75cd1b2200e96a6fe9fadbc43e7290f7a3c5c0c55514d51b02d408ef8be3487de2c2ceab3459223abcbef8a169e609b6e35422ada4787fd09999dfdd647cf1d999f15ec149465d42756479be126d6c08de27c6ea2192f035a6fc6211f8180fd811c1c72a10ea39fae665efe65edae77e96a18bc2c6aa9537ab6cc85c8510777ed78b90fb6810675388fbb0b838ac9a9016769d23a9a3c090d3451127d598a3357eb38bc34e5be731f7364918e32726c420fb198acd0f1efca332815431011b1fea674aba60c5cb7a98d068d8022001def5b534d8a4aed4a68a7b9df72b1000178f00c58bd168d4066d202fa655228a4f1ea2ba9b9050030b94e9e62d66d142a3cea9fd06fbd829b95a7941911c05f1eb71ccef2ff2f1ad6e1820b5856ef3125a0964f8c7a205b31f151317bb37bf0ea472d81c86784ac"})
unshare(0x40000000)

1.528030626s ago: executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000700000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b0af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600)
write$cgroup_subtree(r3, 0x0, 0xda00)

1.502638419s ago: executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x9ca9, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)

1.475130454s ago: executing program 0:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000025c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000280)={0x2020, 0x0, <r1=>0x0}, 0x2037)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x5}}, 0x50)

1.083130784s ago: executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r0, 0x0, r3, 0x0, 0x8ec0, 0x0)
fcntl$setpipe(r3, 0x407, 0x0)
dup3(r1, r2, 0x0)
dup2(r2, r3)
sendmsg$nl_route_sched(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@deltfilter={0x1004, 0x2d, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0xcf4, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x4a0, 0x6, [@m_ife={0x11c, 0x0, 0x0, 0x0, {{0x8}, {0xd0, 0x2, 0x0, 0x1, [@TCA_IFE_METALST={0x18, 0x6, [@IFE_META_SKBMARK={0x8}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8}]}, @TCA_IFE_METALST={0x38, 0x6, [@IFE_META_SKBMARK={0x8}, @IFE_META_SKBMARK={0x8}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x8}, @IFE_META_SKBMARK={0x8}, @IFE_META_PRIO={0x8}, @IFE_META_TCINDEX={0x6}]}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_DMAC={0xa, 0x3, @local}, @TCA_IFE_METALST={0x2c, 0x6, [@IFE_META_TCINDEX={0x6}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8}, @IFE_META_SKBMARK={0x8}, @IFE_META_SKBMARK={0x8}, @IFE_META_SKBMARK={0x4, 0x1, @void}]}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_PARMS={0x1c}]}, {0x25, 0x6, "1cbd1aa741fa2be41aa25e89c34d90e75d20fefdf22cadd0008bb12dceffa5f29c"}, {0xc}, {0xc}}}, @m_gact={0x1c8, 0x0, 0x0, 0x0, {{0x9}, {0xa0, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc}, @TCA_GACT_PARMS={0x18}, @TCA_GACT_PARMS={0x18}, @TCA_GACT_PARMS={0x18}, @TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc}, @TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc}]}, {0xfd, 0x6, "19da5d7831f1c34de9cbf5eb4fa2405e3400fc71a4215450deba9972427e89f8a426b9ec37a0db2a67c7aa6faa38b7923e0252271744f970904f9b36fc4bed4b06f7e5c6038db52e75e0977ad9bad0012c7104ff5bc2bd36c49306be651c4960baeb576daaa2c7f23874a97c47863778d0ad6044fe49cae5fe9b2c21190e87fbb3ce5fe777a40801d8f87f21ae2da805fcce7b3fff2baf9adba936c5583d6aca8cc58b70e01e48d3e7b63493bdb52634fd3333ef3ec3150b17662d40b7197b36a7091f5619c3d710d2759144a4d1aeb19c25f2d881e63c0dde45a6165299cf71f9999039c770736049f44712deae1bff4bdd51651066872c39"}, {0xc}, {0xc}}}, @m_mpls={0xf4, 0x0, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5}]}, {0xbd, 0x6, "d61c7a3943436bd051cd0ae1097e90a511d96b9a72fabedb7ca7d7285b3b3f2636018f96ad162a872aefea27d53f9748fcf35f613681b73c62685fbdf981bb3a4315cb76acc7202ff6c8bffa25dedf44818ebd923348311740bb28ca3f758123c8373e220a2a992b76d2b0de2645eb923f3843a2ca108a61af731307fe7901e2b23c1ab56b954bc79f81e09d464e55507c48d20047165232bc8ecfe348d4be4185c477f6ec48829b704abf5a42ab8bc8dd01ff1127ae0ee298"}, {0xc}, {0xc}}}, @m_tunnel_key={0x80, 0x0, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_KEY_ID={0x8}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @remote}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8}]}, {0x21, 0x6, "72ff4ba612d00d3887c29dcc4cb9d5d669237553ac061d2c5165b34d57"}, {0xc}, {0xc}}}, @m_skbmod={0x44, 0x0, 0x0, 0x0, {{0xb}, {0x18, 0x2, 0x0, 0x1, [@TCA_SKBMOD_SMAC={0xa, 0x4, @broadcast}, @TCA_SKBMOD_ETYPE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_TO={0x8}, @TCA_ROUTE4_POLICE={0x838, 0x5, [@TCA_POLICE_RESULT={0x8}, @TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_RATE64={0xc}, @TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_PEAKRATE={0x404}, @TCA_POLICE_RATE={0x404}]}]}}, @filter_kind_options=@f_cgroup={{0xb}, {0x2ac, 0x2, [@TCA_CGROUP_ACT={0x2a8, 0x1, [@m_nat={0x1d8, 0x0, 0x0, 0x0, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @dev, @multicast1}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast2, @broadcast}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @dev, @local}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @local, @dev}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @broadcast, @multicast1}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @loopback, @multicast1}}]}, {0xbd, 0x6, "845df56554f52a6dedccff0346d79d47efa3485118af0323e9801f9714c944d31f47690b6f8065867aa8885cb4dbc63a6937117264a9cb4ac0abb547edcd043ca0f07b9c84e29a418e2a91626117d130da8a72d1caa818b78816ce8ea087bfc6340f10b25606cd94be970861e6006276d76d50b613747eb3c0ef882d4cf7a49bfea3ec4e694cb5cc53db40fd3e10edb6b90ac3c6b98e1f3b61e312927f5238a53c0fad9aeec7416994ee59153e9343723ca7135acd9fd0bbe0"}, {0xc}, {0xc}}}, @m_ife={0xcc, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0xa1, 0x6, "7f062f1f3257b959678c094726cbbb097a4629738ec6310909c3151bc38bedd3a97a1d724fcc152d6c69378ddf47b3fcd8b7f483e8ba0993692d43b332ec45d8b4543841099ae1c4d78f171840550ec67851c679b7f54d4def04da1b17383e5c1a0ab37e17098308d2a9d2d093955bcc3c296e7dcd384fd9549ba36ab95dc0c70bdce94003617a7f5915292b72cf2a798860d896fb5028d2fd018b3afc"}, {0xc}, {0xc}}}]}]}}]}, 0x1004}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$sock_bt_hci(r2, 0x400448dc, &(0x7f0000000180)="99317af9554b6c17de3424baf1539e457b8171ee325f3f50e97f7a706da9b9f4804ca30a2f27a2919c38a009bfd4be83abddcc796da2280c7754bc3a908c33a5558b2b51a2f8a44cb23b56618e5786d41bb47633f4c2ba9c218ccc51d32302cb397843620a1a36638676014095fc88d131a023bd388fbe86ebd7aa6584db8cf945f01a48b86cb662346cb28b5b632cfce7b686c4208fe8708b1b37e51c712083c8a2444f7b06c436ee7fc20052")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, r4}, 0x10)
r5 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r5, &(0x7f0000000140)={0xa, 0x4e24, 0x40, @dev, 0x7}, 0x1c)
sendmsg(r5, &(0x7f00000000c0)={0x0, 0x9506, &(0x7f0000000100)=[{&(0x7f0000000000)="3b10", 0x5a8}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

900.811602ms ago: executing program 1:
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000140)='./file0\x00', 0x4000, &(0x7f0000000540)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c726f6469722c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d6c6f7765722c646f733178666c6f7070792c73686f72746e616d653d77696e39352c756e695f786c6174653d312c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c6572726f72733d636f6e74696e75652c756e695f786c6174653d312c756e695f786c6174653d312c6e66732c757466383d312c726f6469722c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c6e66732c757466383d302c726f6469722c73686f72746e616d653d6d697865642c00ea44bd4eb3e2e4e94eb1cfb53549831eec95cfb5172d8c957d6deab8e5b26e38ca4e9ecb7d4a10a8ecc205c32dbbe6c470bd1e34a8d5a53e7f567222fe87b87c58db8017759ddb95cff3daa610"], 0x1, 0x2a3, &(0x7f0000000180)="$eJzs3b9Pa3UUAPBzS2mLDu3gZEi8iQ5OBFhdSgwkxE6aDuqgRCAxtDGBhMQfsTK5ujj6F5iYuPlPuPgfmLiavO0xkNyX2977Wnil0BcK78fns3D43nO+99zLLYShp1+u9o/20zg8++HfaDSSqLRjJc6TaEUlSj/FJe1fAgB4mZ1nWTzKRuapSyKisbi2AIAFmvvv/58LbwkAWLBPPv3so61OZ/vjNG3ETv/n027+n33+dXR86zC+jl4cxHo04yIie2oU72RZNqimuVa81x+cdvPK/hd/F/tv/R8xrN+IZrSGS5frdzvbG+nIRP0g7+ON4vztvH4zmvHWlPPvdrY3p9RHtxbvvzvR/1o045+v4pvoxf6wiXH9jxtp+mH26+PvP8/by+uTwWm3Pswby5bu+UcDAAAAAAAAAAAAAAAAAAAAAMArbK2YnVOP4fyefKmYv7N0kX+zHGmpdXk+z6g+KTe6Mh9okMVv5Xyd9TRNsyJxXF+Nt6tRfZirBgAAAAAAAAAAAAAAAAAAgBfLybffHe31egfHdxKU0wDKt/U/7z7tiZV3YnZyfXyuShHO2DmWypwkYmYb+UXc0W25KVi5ruff/5h3w8bNOcuz7s/dBOXTdbSXTL+H9ShXGuVD8tdkTi1uea7adYdWixZut09t6qHm3Ndee3MYDGbkRDLrdfHBf6O2i5Xk6ouoNryrU8uXi2Ci/MqzMdfz/OzvisS0DgAAAAAAAAAAAAAAAAAAWKjxm36nHDybWVrJ6gtrCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu1fjz/+cIBkXxLZJrcXzywJcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAa+BJAAAA//9YAl9K")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x8)

847.30993ms ago: executing program 2:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000080), 0xe)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed}, 0xe)

838.713671ms ago: executing program 2:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000180)={'syz0\x00'}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_DEV_CREATE(r0, 0x5501)
write$uinput_user_dev(r0, &(0x7f0000000bc0)={'syz1\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c)

784.778339ms ago: executing program 2:
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f00000000c0)={'wlan1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0xa, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000200000018000000000000000000000000000090cd58562a15002c000064a6693bad890000000000180000000000000000"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x0, &(0x7f00000000c0)='\x00', 0x0, 0x2}, 0x48)

774.526951ms ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xb}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000ecff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001540)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x1, r5}}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)

763.383383ms ago: executing program 2:
syz_usb_connect(0x0, 0x3f, &(0x7f0000002b80)={{0x12, 0x1, 0x0, 0x8e, 0x45, 0x71, 0x40, 0x45e, 0x43d, 0xf35a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x6a, 0x0, 0x0, [], [{{0x9, 0x5, 0x4}}, {{0x9, 0x5, 0x8}}, {{0x9, 0x5, 0x6, 0x3}}]}}]}}]}}, 0x0)

628.190453ms ago: executing program 4:
r0 = socket$inet(0x2, 0x802, 0x1)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
write(r0, &(0x7f0000000080)="08009edf773c8000", 0x8)
r1 = socket$netlink(0x10, 0x3, 0xa)
ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000240)={'wg1\x00', {0x2, 0x0, @initdev}})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='io\x00')
read$char_usb(r2, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x80801, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x14, &(0x7f0000000100)={@ipv4={'\x00', '\xff\xff', @local}}, 0x14)
mount(&(0x7f0000000040)=@filename='\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))
getsockopt$sock_timeval(r2, 0x1, 0x42, &(0x7f00000001c0), &(0x7f0000000280)=0x10)
mount$9p_unix(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x100000, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1000, 0x0)
mount$9p_unix(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x80097, 0x0)
chroot(&(0x7f0000000000)='./file0\x00')
r4 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c)
gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000340))
ptrace(0x10, 0x1)
r5 = inotify_init1(0x0)
fcntl$setown(r5, 0x8, 0xffffffffffffffff)
fcntl$getownex(r5, 0x10, &(0x7f0000000040)={0x0, <r6=>0x0})
ptrace$getenv(0x5, r6, 0x0, 0x0)

623.447324ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000500), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001d00)=ANY=[@ANYBLOB="bf16000000000000b707000001009fa35070000000000000280000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3010100bd2321afb56fa54f26fb0b71d0e6adff07f1d8f7faf75e0f226bd99eea7960707142fa2dc79b9723741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988ee99fbfbf9b0a4def23d410f6296b32a834388107200759cda9036b4e369a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967dec6e802f5ab3eea57b09a2ed4048d3b867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837079e468ee207d2f73902fbcfcf49822775985bf31b715f4388b24efa000000000000ffffffdf0000000000000000000000000000020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b9349e31aa3701c38c527d3237c197d61ab219efdebb7b3de8f67581cf796a1d4223b90b80fcad3f6c962b9f292324b7ab7f7da31cf41ab12012fb1e0a494034127de745409e35a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673d0499104dcfe7c0f694bd5fc9e66d058b75fa4c81e5c9f42d9383e41d277b10392a96286744f049c3f128f8f92ef992239eafce5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b2e00916de48a4e70f03cc415ba77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b638c234bbb55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bf6cf8809c3a0d46ff7f000000000000ad1e1f493354b2822b9837421134c0167d78e6c24ed0a2768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4cc302b52e2101de18a1f1f7c551b3fa00055cc1c46c5fd9c26a54d43fa050645bd6109b113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e97c870800000047546103f123f661c84726e7c7c55eff231a1b033d8f841ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef7be184f5e93ba5c8c2a4c04450b652b8d4c2ff030000000000000007c6bbd6cb2b240ce7d47ae636a5dbe9864a117d27326850a7c3b57086a4482c218b10af13d7be94987005088a83880ccab9c99220002af8c5e13d52c87c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a700a86c814459f3cdaaf99000000000000000000bf2130d1b32c826563c718d0ad23bc83ba3f3757210a057e177615c0683f000000000000006d4e0413ab52f5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fcff030000629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa63966945d93c33b038ce0d890f85f8a6ab8487c383e24d4a8051f80e1811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f207ea3df3d6c0002a41783078e56c70afe8016b3dd9dc7785b36e609f173cc747837d600283b3452c57a5d44cacd363589845637071320921d32c1663964eddec97cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c81eb7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dcb0c42c4d719347f3d16304fa000008ffffffffffffff003049ca923d059c0ab5d886a491adacb7e4b43b1b57586e5fe2aa611f6232a9b71882ce24fce75cf105fa57f000756755b7230e2c0c1fed5487271c4f2981cf8f4351ef5d08641dacaed000080000000000000000000000fa36bbac00bb77c933d3961556f3fe647b05643b0000000000000000000000967aef9c5706e13d5889e77dab80a2548ec31629b7355a2bb8b93e4b6323061f545b26accc4621b568ab0bfaf30aa4f60705532c4a09c0a4a5487c762167edf362be35b9c90ad7e372a66bbb1471aa21000000000000104061c66a7432f25687618e31dcef8c5d4a2457a93f3fc6d3d7131746c75ccf400fc1a7a51826832ef7f5fbc78827d937768443a1c1ca3aba93a34efd21aa1201d9225256df8de405d1f12c17cdaff3ad675aa333aa7e919459babd3cc1000000000000000000000000000000000000000000000000000000000000001a55fdc6a54a2a8b28fa7d9b92aeb58e78e3b8594a5ef6bb67e52bf43b6145f544273a8f62852706c0abef368bfc72f92fa99a7bf121019cff8001fd7d2f6c2c295a5cab383235fec4c1decbed258ee9df8963c0fc828ad2119ffefe36c78692fffb6942b9da0922b2aa8f6b66c14ee7f42d5951edcc986356b41c0de3549f851ca340d9e425e355c1decb785a1042a72c1c98a084b04b1d9be473e50a15d76b110eda3b7cc1f2501211773cf510a43888422c1328476dd6f42659c61a18618fd28d5cd342c276aa9c4cc035077fa09d672b8dcfb3ac1751628647047d07338a8619037e3449a173ddd697f541a0795a2de7ef1396d70675341ebf004be122de04b5275fe7e53d28ebdc5051cec00759d73ca97229d93b965926060b6f91d01324bd458b425ea51c5d5b69551d599188fc6040370ac9ca7ae9eea9e5ede79bd66bd3d616dd7d7dd4c3a8fd055a3585af6fe7f5046c61154598cd33c33a48ece1072afd04b1fd85eb1655d9f3f813392c9634200d892dc6810b436820a1e0f6b464855e28953eb63cd3d6fc1b7bfb588ce28a51af1658d45d759a8399da55a3ff6597bb9f47167fe55ca240623a001e5fe15d9ddefea06a3750501916163844106c4ce662f418d9fc509e5447f712048d53e7e36ee7de083c5ea1119969d858eb6785395fc5a2c551de9a086cb4583f55c47828645e3046258eeb8801da9abf948548f270556ee0c4549229ea97895313df594c237df307cbdbd90a6f36833ad04312dd181e1c1babcedb6b0af600155803619f9e967ff02acd8e827f9de74cdff92d069d6645857492efb289b43e5c3c2052fc396d407c6351704b0114c6f56972233ae33061a1a39adc54125a530f73c587d5dd39af8ebec91e50b1b440be4d0d791a0b6bb741105508051db0075cbe4d8c9b5e1c7a3b074abce7951dc90da7cf0315"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x5b, 0x8a}, 0x48)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000400)={r2, r3}, 0xc)

600.482108ms ago: executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x50080003)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000008c0)=""/184, 0xb8}], 0x1, 0x0, 0x0)

591.308509ms ago: executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000000000f9000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfed7)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000280), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x3ffffffffffffda, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)

49.526782ms ago: executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000600000000000000008500000007000000c5000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="340000001c00070c000000000000000007000000", @ANYRES32=r2, @ANYBLOB="020016d50a000200aaaaaaaaaabb00000c000e"], 0x34}}, 0x0)

40.292354ms ago: executing program 1:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000061100000000000006200022601aed54a7b4e0000000000957056e9fc87f019d1e21df7491cfb972eb7a80fb86a829891f916d36d6a5cb9825995653707eba4bbfa1b6fc779c32026f541294d7efa36049c9dbb856d5f5d3c891403fb6d9197bfa6cb4be493f0fd364fff7345684262c387e5786044cf192bf18c17148176c7de259878dcc39378cc2660"], &(0x7f0000000100)='GPL\x00', 0x0, 0xd2, &(0x7f00000002c0)=""/210, 0x0, 0x5}, 0x80)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20)
socketpair(0x10, 0x0, 0xb, &(0x7f0000000000))
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000040), 0x20000000}, 0x20)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x3, 0x6}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000001280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0xa, [@struct={0x8, 0x0, 0x0, 0xf, 0x0, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x1}}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x4}}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, &(0x7f0000000040)=""/249, 0x5e, 0xf9, 0x6}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r2}, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='block_plug\x00'}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x6}]}]}}, &(0x7f0000000100)=""/215, 0x2e, 0xd7, 0x1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000000000000000000000000850000006000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r3, &(0x7f0000000180), 0x40001)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xa, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)

17.890597ms ago: executing program 1:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000280), 0x84, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='block_bio_remap\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000240)='block_bio_remap\x00', r1}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600)

0s ago: executing program 1:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x0)

kernel console output (not intermixed with test programs):

66][T16331] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  530.800414][T16331] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  530.808166][T16331] Call Trace:
[  530.811323][T16331]  <TASK>
[  530.814073][T16331]  ? show_regs+0x58/0x60
[  530.818158][T16331]  ? __warn+0x160/0x3d0
[  530.822173][T16331]  ? ovl_dir_modified+0x1a5/0x1e0
[  530.827395][T16331]  ? report_bug+0x4d5/0x7d0
[  530.831881][T16331]  ? ovl_dir_modified+0x1a5/0x1e0
[  530.836729][T16331]  ? handle_bug+0x41/0x70
[  530.840995][T16331]  ? exc_invalid_op+0x1b/0x50
[  530.845577][T16331]  ? asm_exc_invalid_op+0x1b/0x20
[  530.850568][T16331]  ? ovl_dir_modified+0xa4/0x1e0
[  530.855407][T16331]  ? ovl_dir_modified+0x1a5/0x1e0
[  530.860667][T16331]  ? ovl_dir_modified+0x1a5/0x1e0
[  530.865675][T16331]  ovl_do_remove+0x7fc/0xbf0
[  530.870120][T16331]  ? ovl_set_redirect+0x670/0x670
[  530.874953][T16331]  ? selinux_inode_rmdir+0x22/0x30
[  530.879915][T16331]  ovl_rmdir+0x1a/0x20
[  530.883890][T16331]  vfs_rmdir+0x398/0x500
[  530.887971][T16331]  incfs_kill_sb+0x1b4/0x230
[  530.892451][T16331]  deactivate_locked_super+0xad/0x110
[  530.897604][T16331]  deactivate_super+0xbe/0xf0
[  530.902138][T16331]  cleanup_mnt+0x485/0x510
[  530.906368][T16331]  ? user_path_at_empty+0x14e/0x1a0
[  530.911431][T16331]  __cleanup_mnt+0x19/0x20
[  530.915666][T16331]  task_work_run+0x24d/0x2e0
[  530.920106][T16331]  ? task_work_cancel+0x2b0/0x2b0
[  530.924953][T16331]  ? __x64_sys_umount+0x122/0x170
[  530.929826][T16331]  exit_to_user_mode_loop+0x94/0xa0
[  530.934849][T16331]  exit_to_user_mode_prepare+0x5a/0xa0
[  530.940150][T16331]  syscall_exit_to_user_mode+0x26/0x140
[  530.945527][T16331]  do_syscall_64+0x49/0xb0
[  530.949805][T16331]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  530.955501][T16331] RIP: 0033:0x7f946527e257
[  530.959764][T16331] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  530.979251][T16331] RSP: 002b:00007ffd0a3f8fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  530.987436][T16331] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f946527e257
[  530.995266][T16331] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd0a3f9060
[  531.003074][T16331] RBP: 00007ffd0a3f9060 R08: 0000000000000000 R09: 0000000000000000
[  531.010882][T16331] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd0a3fa110
[  531.018682][T16331] R13: 00007f94652d96c6 R14: 000000000008146f R15: 0000000000000018
[  531.026517][T16331]  </TASK>
[  531.029371][T16331] ---[ end trace 0000000000000000 ]---
[  531.141679][T20005] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  531.149658][T20005] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  531.157587][T20005] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  531.165637][T20005] netlink: 'syz-executor.3': attribute type 2 has an invalid length.
[  531.174150][T20005] netlink: 328 bytes leftover after parsing attributes in process `syz-executor.3'.
[  531.283994][T20021] geneve1: tun_chr_ioctl cmd 1074025681
[  532.254700][T20033] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  532.262856][T20033] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  532.270958][T20033] netlink: 328 bytes leftover after parsing attributes in process `syz-executor.3'.
[  532.383101][T20043] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.390039][T20043] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.397124][T20043] device bridge_slave_0 entered promiscuous mode
[  532.407589][T20043] bridge0: port 2(bridge_slave_1) entered blocking state
[  532.414621][T20043] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.421800][T20043] device bridge_slave_1 entered promiscuous mode
[  532.463911][T20043] bridge0: port 2(bridge_slave_1) entered blocking state
[  532.470783][T20043] bridge0: port 2(bridge_slave_1) entered forwarding state
[  532.477865][T20043] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.484664][T20043] bridge0: port 1(bridge_slave_0) entered forwarding state
[  532.506260][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  532.513663][T16778] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.520861][T16778] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.529955][  T779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  532.538095][  T779] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.544950][  T779] bridge0: port 1(bridge_slave_0) entered forwarding state
[  532.555005][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  532.563112][T16778] bridge0: port 2(bridge_slave_1) entered blocking state
[  532.569949][T16778] bridge0: port 2(bridge_slave_1) entered forwarding state
[  532.588326][T20043] device veth0_vlan entered promiscuous mode
[  532.595900][  T779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  532.604059][  T779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  532.612354][  T779] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  532.618955][  T332] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  532.619709][  T779] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  532.634046][  T779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  532.641777][  T779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  532.654950][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  532.664050][T20043] device veth1_macvtap entered promiscuous mode
[  532.673424][  T779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  532.683224][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  532.931002][   T43] device bridge_slave_1 left promiscuous mode
[  532.937241][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.945768][   T43] device bridge_slave_0 left promiscuous mode
[  532.952056][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.963098][   T43] device veth1_macvtap left promiscuous mode
[  532.969192][   T43] device veth0_vlan left promiscuous mode
[  532.999357][  T332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  533.010313][  T332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  533.020024][  T332] usb 3-1: New USB device found, idVendor=172f, idProduct=0032, bcdDevice= 0.00
[  533.030403][  T332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.040112][  T332] usb 3-1: config 0 descriptor??
[  533.504990][  T332] waltop 0003:172F:0032.0060: hidraw0: USB HID v0.00 Device [HID 172f:0032] on usb-dummy_hcd.2-1/input0
[  533.902841][  T341] usb 3-1: USB disconnect, device number 46
[  534.415514][T20068] validate_nla: 2 callbacks suppressed
[  534.415534][T20068] netlink: 'syz-executor.2': attribute type 5 has an invalid length.
[  534.428905][T20068] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  534.437014][T20068] netlink: 'syz-executor.2': attribute type 5 has an invalid length.
[  534.437278][T17175] ------------[ cut here ]------------
[  534.445114][T20068] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  534.450348][T17175] WARNING: CPU: 0 PID: 17175 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  534.458126][T20068] netlink: 328 bytes leftover after parsing attributes in process `syz-executor.2'.
[  534.467556][T17175] Modules linked in:
[  534.480431][T17175] CPU: 0 PID: 17175 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  534.492068][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  534.502063][T17175] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  534.507536][T17175] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  534.527024][T17175] RSP: 0018:ffffc90002447ae0 EFLAGS: 00010293
[  534.532904][T17175] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff8881424a3cc0
[  534.540705][T17175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  534.548495][T17175] RBP: ffffc90002447b10 R08: ffffffff821f2c34 R09: ffffed1028241e0a
[  534.556331][T17175] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888112631880
[  534.564222][T17175] R13: ffff8881126318b0 R14: 1ffff110224c6316 R15: ffff88814120efa8
[  534.572079][T17175] FS:  000055555606a480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  534.580797][T17175] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  534.587200][T17175] CR2: 00007ffd8bf0fca8 CR3: 000000010f0b3000 CR4: 00000000003506b0
[  534.595052][T17175] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  534.602928][T17175] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  534.610744][T17175] Call Trace:
[  534.613847][T17175]  <TASK>
[  534.616627][T17175]  ? show_regs+0x58/0x60
[  534.620719][T17175]  ? __warn+0x160/0x3d0
[  534.624703][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  534.629570][T17175]  ? report_bug+0x4d5/0x7d0
[  534.633896][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  534.638756][T17175]  ? handle_bug+0x41/0x70
[  534.642936][T17175]  ? exc_invalid_op+0x1b/0x50
[  534.647435][T17175]  ? asm_exc_invalid_op+0x1b/0x20
[  534.652332][T17175]  ? ovl_dir_modified+0xa4/0x1e0
[  534.657070][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  534.661942][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  534.666794][T17175]  ovl_do_remove+0x7fc/0xbf0
[  534.671242][T17175]  ? ovl_set_redirect+0x670/0x670
[  534.676078][T17175]  ? selinux_inode_rmdir+0x22/0x30
[  534.681050][T17175]  ovl_rmdir+0x1a/0x20
[  534.684930][T17175]  vfs_rmdir+0x398/0x500
[  534.689024][T17175]  incfs_kill_sb+0x113/0x230
[  534.693436][T17175]  deactivate_locked_super+0xad/0x110
[  534.698645][T17175]  deactivate_super+0xbe/0xf0
[  534.703173][T17175]  cleanup_mnt+0x485/0x510
[  534.707409][T17175]  ? user_path_at_empty+0x14e/0x1a0
[  534.712462][T17175]  __cleanup_mnt+0x19/0x20
[  534.716699][T17175]  task_work_run+0x24d/0x2e0
[  534.721155][T17175]  ? task_work_cancel+0x2b0/0x2b0
[  534.725984][T17175]  ? __x64_sys_umount+0x122/0x170
[  534.730912][T17175]  exit_to_user_mode_loop+0x94/0xa0
[  534.735881][T17175]  exit_to_user_mode_prepare+0x5a/0xa0
[  534.741234][T17175]  syscall_exit_to_user_mode+0x26/0x140
[  534.746557][T17175]  do_syscall_64+0x49/0xb0
[  534.750822][T17175]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  534.756543][T17175] RIP: 0033:0x7fdfa3e7e257
[  534.760813][T17175] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  534.780333][T17175] RSP: 002b:00007ffd8bf10458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  534.788562][T17175] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fdfa3e7e257
[  534.796396][T17175] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd8bf10510
[  534.804202][T17175] RBP: 00007ffd8bf10510 R08: 0000000000000000 R09: 0000000000000000
[  534.812064][T17175] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd8bf115c0
[  534.819872][T17175] R13: 00007fdfa3ed96c6 R14: 0000000000082422 R15: 0000000000000018
[  534.827623][T17175]  </TASK>
[  534.830497][T17175] ---[ end trace 0000000000000000 ]---
[  534.836231][T17175] ------------[ cut here ]------------
[  534.841636][T17175] WARNING: CPU: 1 PID: 17175 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  534.843577][T20074] syz-executor.3[20074] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  534.851012][T17175] Modules linked in:
[  534.851019][T20074] syz-executor.3[20074] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  534.862549][T17175] 
[  534.879999][T17175] CPU: 1 PID: 17175 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  534.891447][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  534.901495][T20078] input: syz1 as /devices/virtual/input/input77
[  534.907884][T17175] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  534.913348][T17175] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  534.932787][T17175] RSP: 0018:ffffc90002447ae0 EFLAGS: 00010293
[  534.938660][T17175] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff8881424a3cc0
[  534.946510][T17175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  534.954752][T17175] RBP: ffffc90002447b10 R08: ffffffff821f2c34 R09: ffffed1028241e0a
[  534.962552][T17175] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888112631880
[  534.970461][T17175] R13: ffff8881126318b0 R14: 1ffff110224c6316 R15: ffff88814120efa8
[  534.978159][T17175] FS:  000055555606a480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  534.987007][T17175] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  534.993385][T17175] CR2: 00007f0faf2a1070 CR3: 000000010f0b3000 CR4: 00000000003506a0
[  535.001172][T17175] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  535.008981][T17175] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  535.016778][T17175] Call Trace:
[  535.019919][T17175]  <TASK>
[  535.022680][T17175]  ? show_regs+0x58/0x60
[  535.026755][T17175]  ? __warn+0x160/0x3d0
[  535.030766][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  535.035610][T17175]  ? report_bug+0x4d5/0x7d0
[  535.039972][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  535.044811][T17175]  ? handle_bug+0x41/0x70
[  535.049177][T17175]  ? exc_invalid_op+0x1b/0x50
[  535.053665][T17175]  ? asm_exc_invalid_op+0x1b/0x20
[  535.058524][T17175]  ? ovl_dir_modified+0xa4/0x1e0
[  535.063497][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  535.068273][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  535.073165][T17175]  ovl_do_remove+0x7fc/0xbf0
[  535.077996][T17175]  ? ovl_set_redirect+0x670/0x670
[  535.082878][T17175]  ? selinux_inode_rmdir+0x22/0x30
[  535.087809][T17175]  ovl_rmdir+0x1a/0x20
[  535.091722][T17175]  vfs_rmdir+0x398/0x500
[  535.095793][T17175]  incfs_kill_sb+0x1b4/0x230
[  535.100236][T17175]  deactivate_locked_super+0xad/0x110
[  535.105423][T17175]  deactivate_super+0xbe/0xf0
[  535.109966][T17175]  cleanup_mnt+0x485/0x510
[  535.114194][T17175]  ? user_path_at_empty+0x14e/0x1a0
[  535.119245][T17175]  __cleanup_mnt+0x19/0x20
[  535.123483][T17175]  task_work_run+0x24d/0x2e0
[  535.127988][T17175]  ? task_work_cancel+0x2b0/0x2b0
[  535.132876][T17175]  ? __x64_sys_umount+0x122/0x170
[  535.137709][T17175]  exit_to_user_mode_loop+0x94/0xa0
[  535.142763][T17175]  exit_to_user_mode_prepare+0x5a/0xa0
[  535.148055][T17175]  syscall_exit_to_user_mode+0x26/0x140
[  535.153434][T17175]  do_syscall_64+0x49/0xb0
[  535.157669][T17175]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  535.163414][T17175] RIP: 0033:0x7fdfa3e7e257
[  535.167652][T17175] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  535.187219][T17175] RSP: 002b:00007ffd8bf10458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  535.195444][T17175] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fdfa3e7e257
[  535.203257][T17175] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd8bf10510
[  535.211215][T17175] RBP: 00007ffd8bf10510 R08: 0000000000000000 R09: 0000000000000000
[  535.219144][T17175] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd8bf115c0
[  535.227033][T17175] R13: 00007fdfa3ed96c6 R14: 0000000000082422 R15: 0000000000000018
[  535.234887][T17175]  </TASK>
[  535.237712][T17175] ---[ end trace 0000000000000000 ]---
[  535.243515][  T779] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  535.422308][   T28] kauditd_printk_skb: 170 callbacks suppressed
[  535.422337][   T28] audit: type=1326 audit(2000000165.239:23394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326827cf29 code=0x7ffc0000
[  535.458265][   T28] audit: type=1326 audit(2000000165.239:23395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326827cf29 code=0x7ffc0000
[  535.507474][   T28] audit: type=1326 audit(2000000165.249:23396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f326827cf29 code=0x7ffc0000
[  535.531476][  T779] usb 3-1: Using ep0 maxpacket: 8
[  535.536591][   T28] audit: type=1326 audit(2000000165.249:23397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326827cf29 code=0x7ffc0000
[  535.561797][   T28] audit: type=1326 audit(2000000165.249:23398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326827cf29 code=0x7ffc0000
[  535.585952][   T28] audit: type=1326 audit(2000000165.249:23399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7f326827cf29 code=0x7ffc0000
[  535.610347][   T28] audit: type=1326 audit(2000000165.249:23400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326827cf29 code=0x7ffc0000
[  535.634361][   T28] audit: type=1326 audit(2000000165.249:23401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326827cf29 code=0x7ffc0000
[  535.658667][   T28] audit: type=1326 audit(2000000165.249:23402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f326827cf29 code=0x7ffc0000
[  535.682574][  T779] usb 3-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[  535.682602][   T28] audit: type=1326 audit(2000000165.249:23403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326827cf29 code=0x7ffc0000
[  535.769087][  T779] usb 3-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[  535.859047][  T779] usb 3-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[  535.949084][  T779] usb 3-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[  536.039067][  T779] usb 3-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  536.048291][  T779] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  536.056390][  T779] usb 3-1: SerialNumber: syz
[  536.100615][  T779] usb 3-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  536.107699][  T779] usb 3-1: No valid video chain found.
[  536.516449][T20106] loop3: detected capacity change from 0 to 256
[  536.525612][T20106] exfat: Deprecated parameter 'utf8'
[  536.544395][T20106] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5040162d, utbl_chksum : 0xe619d30d)
[  536.676116][T20112] input: syz1 as /devices/virtual/input/input78
[  537.422500][T20139] device veth0_vlan left promiscuous mode
[  537.433554][T20139] device veth0_vlan entered promiscuous mode
[  537.507175][  T332] usb 3-1: USB disconnect, device number 47
[  537.573800][T20143] loop2: detected capacity change from 0 to 256
[  537.581527][T20143] exfat: Deprecated parameter 'utf8'
[  537.592633][T20143] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5040162d, utbl_chksum : 0xe619d30d)
[  537.743842][T20145] input: syz1 as /devices/virtual/input/input79
[  537.772698][T20151] syz-executor.2[20151] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  537.772746][T20151] syz-executor.2[20151] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  538.089094][T16779] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  538.316685][T20175] input: syz1 as /devices/virtual/input/input80
[  538.560166][T16779] usb 4-1: Using ep0 maxpacket: 32
[  538.679101][T16779] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  538.689931][T16779] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  538.699565][T16779] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  538.712270][T16779] usb 4-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[  538.721227][T16779] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  538.731956][T16779] usb 4-1: config 0 descriptor??
[  538.980045][T20155] loop3: detected capacity change from 0 to 512
[  538.994541][T20155] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz-executor.3: casefold flag without casefold feature
[  539.008176][T20155] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #2: comm syz-executor.3: missing EA_INODE flag
[  539.020472][T20155] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 2 err=-117
[  539.033859][T20155] EXT4-fs (loop3): 1 orphan inode deleted
[  539.039516][T20155] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  539.072290][T20155] overlayfs: unrecognized mount option "appraise_type=imasig" or missing value
[  539.509865][T20155] 9pnet_fd: Insufficient options for proto=fd
[  539.568958][T16779] usbhid 4-1:0.0: can't add hid device: -71
[  539.574711][T16779] usbhid: probe of 4-1:0.0 failed with error -71
[  539.581320][T16779] usb 4-1: USB disconnect, device number 36
[  539.699008][T20053] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  539.777901][T20208] overlayfs: missing 'lowerdir'
[  540.032185][T20043] EXT4-fs (loop3): unmounting filesystem.
[  540.269039][T20053] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  540.279976][T20053] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  540.289568][T20053] usb 3-1: New USB device found, idVendor=172f, idProduct=0032, bcdDevice= 0.00
[  540.298491][T20053] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.306731][T20053] usb 3-1: config 0 descriptor??
[  540.348969][  T341] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  540.533329][T20226] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted
[  540.915535][  T341] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  540.925070][  T341] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  540.934505][  T341] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  540.945178][  T341] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  540.945407][T20204] loop2: detected capacity change from 0 to 4096
[  540.961826][T20204] EXT4-fs (loop2): Test dummy encryption mode enabled
[  540.969888][T20204] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  540.990116][T20053] waltop 0003:172F:0032.0061: hidraw0: USB HID v0.00 Device [HID 172f:0032] on usb-dummy_hcd.2-1/input0
[  541.119084][  T341] usb 4-1: New USB device found, idVendor=045e, idProduct=043d, bcdDevice=f3.5a
[  541.127958][  T341] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  541.135914][  T341] usb 4-1: Product: syz
[  541.139855][  T341] usb 4-1: Manufacturer: syz
[  541.144269][  T341] usb 4-1: SerialNumber: syz
[  541.149188][  T341] usb 4-1: config 0 descriptor??
[  541.192406][  T341] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  541.411770][T16779] usb 4-1: USB disconnect, device number 37
[  541.552737][T17175] ------------[ cut here ]------------
[  541.558311][T17175] WARNING: CPU: 1 PID: 17175 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  541.567825][T17175] Modules linked in:
[  541.571739][T17175] CPU: 1 PID: 17175 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  541.583375][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  541.593282][T17175] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  541.598799][T17175] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  541.618294][T17175] RSP: 0000:ffffc90002447ae0 EFLAGS: 00010293
[  541.624163][T17175] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff8881424a3cc0
[  541.631992][T17175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  541.639784][T17175] RBP: ffffc90002447b10 R08: ffffffff821f2c34 R09: ffffed1028241ef4
[  541.647576][T17175] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810ef8fcc0
[  541.655409][T17175] R13: ffff88810ef8fcf0 R14: 1ffff11021df1f9e R15: ffff88814120f6f8
[  541.663214][T17175] FS:  000055555606a480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  541.671986][T17175] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  541.678471][T17175] CR2: 00007ffd8bf0fca8 CR3: 000000010f0b3000 CR4: 00000000003506a0
[  541.686304][T17175] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  541.694252][T17175] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  541.702142][T17175] Call Trace:
[  541.705244][T17175]  <TASK>
[  541.708022][T17175]  ? show_regs+0x58/0x60
[  541.712129][T17175]  ? __warn+0x160/0x3d0
[  541.716094][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  541.720974][T17175]  ? report_bug+0x4d5/0x7d0
[  541.725294][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  541.730179][T17175]  ? handle_bug+0x41/0x70
[  541.734320][T17175]  ? exc_invalid_op+0x1b/0x50
[  541.738836][T17175]  ? asm_exc_invalid_op+0x1b/0x20
[  541.743715][T17175]  ? ovl_dir_modified+0xa4/0x1e0
[  541.748471][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  541.753609][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  541.758472][T17175]  ovl_do_remove+0x7fc/0xbf0
[  541.762915][T17175]  ? ovl_set_redirect+0x670/0x670
[  541.767766][T17175]  ? selinux_inode_rmdir+0x22/0x30
[  541.772744][T17175]  ovl_rmdir+0x1a/0x20
[  541.776610][T17175]  vfs_rmdir+0x398/0x500
[  541.780705][T17175]  incfs_kill_sb+0x113/0x230
[  541.785123][T17175]  deactivate_locked_super+0xad/0x110
[  541.790355][T17175]  deactivate_super+0xbe/0xf0
[  541.794992][T17175]  cleanup_mnt+0x485/0x510
[  541.799265][T17175]  ? user_path_at_empty+0x14e/0x1a0
[  541.804276][T17175]  __cleanup_mnt+0x19/0x20
[  541.808530][T17175]  task_work_run+0x24d/0x2e0
[  541.812972][T17175]  ? task_work_cancel+0x2b0/0x2b0
[  541.817818][T17175]  ? __x64_sys_umount+0x122/0x170
[  541.822698][T17175]  exit_to_user_mode_loop+0x94/0xa0
[  541.827712][T17175]  exit_to_user_mode_prepare+0x5a/0xa0
[  541.833020][T17175]  syscall_exit_to_user_mode+0x26/0x140
[  541.838385][T17175]  do_syscall_64+0x49/0xb0
[  541.842651][T17175]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  541.848364][T17175] RIP: 0033:0x7fdfa3e7e257
[  541.852757][T17175] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  541.872164][T17175] RSP: 002b:00007ffd8bf10458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  541.880406][T17175] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fdfa3e7e257
[  541.888211][T17175] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd8bf10510
[  541.896037][T17175] RBP: 00007ffd8bf10510 R08: 0000000000000000 R09: 0000000000000000
[  541.903841][T17175] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd8bf115c0
[  541.911658][T17175] R13: 00007fdfa3ed96c6 R14: 0000000000083fb5 R15: 0000000000000017
[  541.919588][T17175]  </TASK>
[  541.922526][T17175] ---[ end trace 0000000000000000 ]---
[  541.929710][T17175] ------------[ cut here ]------------
[  541.934993][T17175] WARNING: CPU: 0 PID: 17175 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  541.944349][T17175] Modules linked in:
[  541.948023][T17175] CPU: 0 PID: 17175 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  541.959511][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  541.969382][T17175] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  541.974822][T17175] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  541.994368][T17175] RSP: 0018:ffffc90002447ae0 EFLAGS: 00010293
[  542.000359][T17175] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff8881424a3cc0
[  542.008151][T17175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  542.016066][T17175] RBP: ffffc90002447b10 R08: ffffffff821f2c34 R09: ffffed1028241ef4
[  542.023885][T17175] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810ef8fcc0
[  542.031700][T17175] R13: ffff88810ef8fcf0 R14: 1ffff11021df1f9e R15: ffff88814120f6f8
[  542.039498][T17175] FS:  000055555606a480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  542.048255][T17175] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  542.054790][T17175] CR2: 0000001b31558000 CR3: 000000010f0b3000 CR4: 00000000003506b0
[  542.062602][T17175] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  542.070402][T17175] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  542.078201][T17175] Call Trace:
[  542.081341][T17175]  <TASK>
[  542.084107][T17175]  ? show_regs+0x58/0x60
[  542.088356][T17175]  ? __warn+0x160/0x3d0
[  542.092719][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  542.097789][T17175]  ? report_bug+0x4d5/0x7d0
[  542.102219][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  542.107067][T17175]  ? handle_bug+0x41/0x70
[  542.111246][T17175]  ? exc_invalid_op+0x1b/0x50
[  542.115742][T17175]  ? asm_exc_invalid_op+0x1b/0x20
[  542.120628][T17175]  ? ovl_dir_modified+0xa4/0x1e0
[  542.125467][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  542.130352][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  542.135186][T17175]  ovl_do_remove+0x7fc/0xbf0
[  542.139627][T17175]  ? ovl_set_redirect+0x670/0x670
[  542.144478][T17175]  ? selinux_inode_rmdir+0x22/0x30
[  542.149434][T17175]  ovl_rmdir+0x1a/0x20
[  542.153327][T17175]  vfs_rmdir+0x398/0x500
[  542.157411][T17175]  incfs_kill_sb+0x1b4/0x230
[  542.161861][T17175]  deactivate_locked_super+0xad/0x110
[  542.167036][T17175]  deactivate_super+0xbe/0xf0
[  542.171568][T17175]  cleanup_mnt+0x485/0x510
[  542.175801][T17175]  ? user_path_at_empty+0x14e/0x1a0
[  542.180862][T17175]  __cleanup_mnt+0x19/0x20
[  542.185093][T17175]  task_work_run+0x24d/0x2e0
[  542.189532][T17175]  ? task_work_cancel+0x2b0/0x2b0
[  542.194379][T17175]  ? __x64_sys_umount+0x122/0x170
[  542.196941][T20238] loop3: detected capacity change from 0 to 512
[  542.199276][T17175]  exit_to_user_mode_loop+0x94/0xa0
[  542.210458][T17175]  exit_to_user_mode_prepare+0x5a/0xa0
[  542.215731][T17175]  syscall_exit_to_user_mode+0x26/0x140
[  542.221130][T17175]  do_syscall_64+0x49/0xb0
[  542.225364][T17175]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  542.231105][T17175] RIP: 0033:0x7fdfa3e7e257
[  542.235345][T17175] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  542.254823][T17175] RSP: 002b:00007ffd8bf10458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  542.263044][T17175] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fdfa3e7e257
[  542.270853][T17175] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd8bf10510
[  542.278652][T17175] RBP: 00007ffd8bf10510 R08: 0000000000000000 R09: 0000000000000000
[  542.286481][T17175] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd8bf115c0
[  542.294292][T17175] R13: 00007fdfa3ed96c6 R14: 0000000000083fb5 R15: 0000000000000017
[  542.302108][T17175]  </TASK>
[  542.304954][T17175] ---[ end trace 0000000000000000 ]---
[  542.357846][T20238] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  542.368443][   T28] kauditd_printk_skb: 71 callbacks suppressed
[  542.368469][   T28] audit: type=1400 audit(2000000172.199:23475): avc:  denied  { getopt } for  pid=20236 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  542.425435][T20240] fuse: Bad value for 'fd'
[  542.431364][T20240] overlayfs: unrecognized mount option "appraise_type=imasig" or missing value
[  542.538641][  T341] usb 3-1: USB disconnect, device number 48
[  542.540610][T20240] 9pnet_fd: Insufficient options for proto=fd
[  542.565208][T19938] EXT4-fs (loop2): unmounting filesystem.
[  542.584675][T20242] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.591646][T20242] bridge0: port 1(bridge_slave_0) entered disabled state
[  542.599142][T20242] device bridge_slave_0 entered promiscuous mode
[  542.606105][T20242] bridge0: port 2(bridge_slave_1) entered blocking state
[  542.613511][T20242] bridge0: port 2(bridge_slave_1) entered disabled state
[  542.621090][T20242] device bridge_slave_1 entered promiscuous mode
[  542.652404][   T28] audit: type=1400 audit(2000000172.489:23476): avc:  denied  { getopt } for  pid=20254 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  542.722058][T20242] bridge0: port 2(bridge_slave_1) entered blocking state
[  542.728936][T20242] bridge0: port 2(bridge_slave_1) entered forwarding state
[  542.736023][T20242] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.742817][T20242] bridge0: port 1(bridge_slave_0) entered forwarding state
[  542.772419][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  542.780577][  T341] bridge0: port 1(bridge_slave_0) entered disabled state
[  542.787693][  T341] bridge0: port 2(bridge_slave_1) entered disabled state
[  542.820376][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  542.828417][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.835285][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  542.842555][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  542.851438][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  542.854640][T20259] loop2: detected capacity change from 0 to 40427
[  542.858293][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  542.871772][T20259] F2FS-fs (loop2): Found nat_bits in checkpoint
[  542.871990][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  542.885743][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  542.904946][T20242] device veth0_vlan entered promiscuous mode
[  542.912409][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  542.920729][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  542.921293][T20259] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  542.929319][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  542.950997][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  542.961915][T19938] syz-executor.2: attempt to access beyond end of device
[  542.961915][T19938] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  542.976339][T19938] syz-executor.2: attempt to access beyond end of device
[  542.976339][T19938] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  542.996763][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  543.006340][T20242] device veth1_macvtap entered promiscuous mode
[  543.007359][T20265] loop3: detected capacity change from 0 to 256
[  543.017132][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  543.026771][    T8] kworker/u4:0: attempt to access beyond end of device
[  543.026771][    T8] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  543.047038][   T43] device bridge_slave_1 left promiscuous mode
[  543.053169][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  543.060631][   T43] device bridge_slave_0 left promiscuous mode
[  543.066583][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  543.075397][   T43] device veth1_macvtap left promiscuous mode
[  543.081436][   T43] device veth0_vlan left promiscuous mode
[  543.176220][T16779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  544.103893][T17175] ------------[ cut here ]------------
[  544.109241][T17175] WARNING: CPU: 1 PID: 17175 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  544.118564][T17175] Modules linked in:
[  544.122328][T17175] CPU: 1 PID: 17175 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  544.133802][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  544.143767][T17175] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  544.149227][T17175] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  544.168789][T17175] RSP: 0018:ffffc90002447ae0 EFLAGS: 00010293
[  544.174738][T17175] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff8881424a3cc0
[  544.182777][T17175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  544.191457][T17175] RBP: ffffc90002447b10 R08: ffffffff821f2c34 R09: ffffed10200c008e
[  544.199265][T17175] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888112642770
[  544.207170][T17175] R13: ffff8881126427a0 R14: 1ffff110224c84f4 R15: ffff8881006003c8
[  544.215008][T17175] FS:  000055555606a480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  544.223765][T17175] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  544.230182][T17175] CR2: 00007ffd8bf0fca8 CR3: 000000010f0b3000 CR4: 00000000003506a0
[  544.237982][T17175] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  544.245808][T17175] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  544.253640][T17175] Call Trace:
[  544.256856][T17175]  <TASK>
[  544.259542][T17175]  ? show_regs+0x58/0x60
[  544.263683][T17175]  ? __warn+0x160/0x3d0
[  544.267663][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  544.272581][T17175]  ? report_bug+0x4d5/0x7d0
[  544.276865][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  544.281748][T17175]  ? handle_bug+0x41/0x70
[  544.285891][T17175]  ? exc_invalid_op+0x1b/0x50
[  544.290601][T17175]  ? asm_exc_invalid_op+0x1b/0x20
[  544.295437][T17175]  ? ovl_dir_modified+0xa4/0x1e0
[  544.300222][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  544.305071][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  544.309949][T17175]  ovl_do_remove+0x7fc/0xbf0
[  544.314363][T17175]  ? ovl_set_redirect+0x670/0x670
[  544.319234][T17175]  ? selinux_inode_rmdir+0x22/0x30
[  544.324172][T17175]  ovl_rmdir+0x1a/0x20
[  544.328071][T17175]  vfs_rmdir+0x398/0x500
[  544.332192][T17175]  incfs_kill_sb+0x113/0x230
[  544.336578][T17175]  deactivate_locked_super+0xad/0x110
[  544.341803][T17175]  deactivate_super+0xbe/0xf0
[  544.346298][T17175]  cleanup_mnt+0x485/0x510
[  544.350563][T17175]  ? user_path_at_empty+0x14e/0x1a0
[  544.355584][T17175]  __cleanup_mnt+0x19/0x20
[  544.359851][T17175]  task_work_run+0x24d/0x2e0
[  544.364264][T17175]  ? task_work_cancel+0x2b0/0x2b0
[  544.369148][T17175]  ? __x64_sys_umount+0x122/0x170
[  544.373986][T17175]  exit_to_user_mode_loop+0x94/0xa0
[  544.379128][T17175]  exit_to_user_mode_prepare+0x5a/0xa0
[  544.384403][T17175]  syscall_exit_to_user_mode+0x26/0x140
[  544.389809][T17175]  do_syscall_64+0x49/0xb0
[  544.394035][T17175]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  544.399780][T17175] RIP: 0033:0x7fdfa3e7e257
[  544.404017][T17175] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  544.423566][T17175] RSP: 002b:00007ffd8bf10458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  544.431815][T17175] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fdfa3e7e257
[  544.439611][T17175] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd8bf10510
[  544.447412][T17175] RBP: 00007ffd8bf10510 R08: 0000000000000000 R09: 0000000000000000
[  544.455251][T17175] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd8bf115c0
[  544.463050][T17175] R13: 00007fdfa3ed96c6 R14: 00000000000849e8 R15: 0000000000000017
[  544.470865][T17175]  </TASK>
[  544.473711][T17175] ---[ end trace 0000000000000000 ]---
[  544.479600][T17175] ------------[ cut here ]------------
[  544.484897][T17175] WARNING: CPU: 0 PID: 17175 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  544.494248][T17175] Modules linked in:
[  544.497886][T17175] CPU: 0 PID: 17175 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  544.509383][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  544.519263][T17175] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  544.524702][T17175] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  544.544160][T17175] RSP: 0018:ffffc90002447ae0 EFLAGS: 00010293
[  544.550055][T17175] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff8881424a3cc0
[  544.557946][T17175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  544.565769][T17175] RBP: ffffc90002447b10 R08: ffffffff821f2c34 R09: ffffed10200c008e
[  544.573679][T17175] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888112642770
[  544.581402][T17175] R13: ffff8881126427a0 R14: 1ffff110224c84f4 R15: ffff8881006003c8
[  544.589637][T17175] FS:  000055555606a480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  544.598390][T17175] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  544.604834][T17175] CR2: 0000001b2cd47000 CR3: 000000010f0b3000 CR4: 00000000003506b0
[  544.612642][T17175] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  544.620444][T17175] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  544.628246][T17175] Call Trace:
[  544.631391][T17175]  <TASK>
[  544.634148][T17175]  ? show_regs+0x58/0x60
[  544.638233][T17175]  ? __warn+0x160/0x3d0
[  544.642232][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  544.647081][T17175]  ? report_bug+0x4d5/0x7d0
[  544.651455][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  544.656294][T17175]  ? handle_bug+0x41/0x70
[  544.660459][T17175]  ? exc_invalid_op+0x1b/0x50
[  544.664960][T17175]  ? asm_exc_invalid_op+0x1b/0x20
[  544.669840][T17175]  ? ovl_dir_modified+0xa4/0x1e0
[  544.674678][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  544.679554][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  544.684488][T17175]  ovl_do_remove+0x7fc/0xbf0
[  544.688973][T17175]  ? ovl_set_redirect+0x670/0x670
[  544.693777][T17175]  ? selinux_inode_rmdir+0x22/0x30
[  544.698726][T17175]  ovl_rmdir+0x1a/0x20
[  544.702645][T17175]  vfs_rmdir+0x398/0x500
[  544.706709][T17175]  incfs_kill_sb+0x1b4/0x230
[  544.711163][T17175]  deactivate_locked_super+0xad/0x110
[  544.716345][T17175]  deactivate_super+0xbe/0xf0
[  544.720867][T17175]  cleanup_mnt+0x485/0x510
[  544.725106][T17175]  ? user_path_at_empty+0x14e/0x1a0
[  544.730164][T17175]  __cleanup_mnt+0x19/0x20
[  544.734395][T17175]  task_work_run+0x24d/0x2e0
[  544.738818][T17175]  ? task_work_cancel+0x2b0/0x2b0
[  544.743720][T17175]  ? __x64_sys_umount+0x122/0x170
[  544.748547][T17175]  exit_to_user_mode_loop+0x94/0xa0
[  544.753600][T17175]  exit_to_user_mode_prepare+0x5a/0xa0
[  544.758902][T17175]  syscall_exit_to_user_mode+0x26/0x140
[  544.764433][T17175]  do_syscall_64+0x49/0xb0
[  544.768682][T17175]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  544.774434][T17175] RIP: 0033:0x7fdfa3e7e257
[  544.778688][T17175] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  544.798118][T17175] RSP: 002b:00007ffd8bf10458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  544.806506][T17175] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fdfa3e7e257
[  544.814318][T17175] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd8bf10510
[  544.822283][T17175] RBP: 00007ffd8bf10510 R08: 0000000000000000 R09: 0000000000000000
[  544.830085][T17175] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd8bf115c0
[  544.837886][T17175] R13: 00007fdfa3ed96c6 R14: 00000000000849e8 R15: 0000000000000017
[  544.845712][T17175]  </TASK>
[  544.848567][T17175] ---[ end trace 0000000000000000 ]---
[  544.854667][T20242] ------------[ cut here ]------------
[  544.859994][T20242] WARNING: CPU: 1 PID: 20242 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  544.869291][T20242] Modules linked in:
[  544.872957][T20242] CPU: 1 PID: 20242 Comm: syz-executor.4 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  544.884476][T20242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  544.894389][T20242] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  544.899909][T20242] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  544.919472][T20242] RSP: 0018:ffffc900054b7ae0 EFLAGS: 00010293
[  544.925381][T20242] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff8881173b8000
[  544.933250][T20242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  544.941024][T20242] RBP: ffffc900054b7b10 R08: ffffffff821f2c34 R09: ffffed10200c03c1
[  544.948813][T20242] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88812021f330
[  544.956647][T20242] R13: ffff88812021f360 R14: 1ffff11024043e6c R15: ffff888100601d60
[  544.964450][T20242] FS:  0000555555f70480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  544.973245][T20242] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  544.979630][T20242] CR2: 0000555555f79818 CR3: 0000000140355000 CR4: 00000000003506a0
[  544.987524][T20242] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  544.995359][T20242] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  545.003166][T20242] Call Trace:
[  545.006269][T20242]  <TASK>
[  545.009059][T20242]  ? show_regs+0x58/0x60
[  545.013124][T20242]  ? __warn+0x160/0x3d0
[  545.017115][T20242]  ? ovl_dir_modified+0x1a5/0x1e0
[  545.022079][T20242]  ? report_bug+0x4d5/0x7d0
[  545.026403][T20242]  ? ovl_dir_modified+0x1a5/0x1e0
[  545.031291][T20242]  ? handle_bug+0x41/0x70
[  545.035428][T20242]  ? exc_invalid_op+0x1b/0x50
[  545.039954][T20242]  ? asm_exc_invalid_op+0x1b/0x20
[  545.044802][T20242]  ? ovl_dir_modified+0xa4/0x1e0
[  545.049714][T20242]  ? ovl_dir_modified+0x1a5/0x1e0
[  545.054825][T20242]  ? ovl_dir_modified+0x1a5/0x1e0
[  545.059794][T20242]  ovl_do_remove+0x7fc/0xbf0
[  545.064184][T20242]  ? ovl_set_redirect+0x670/0x670
[  545.069062][T20242]  ? selinux_inode_rmdir+0x22/0x30
[  545.073988][T20242]  ovl_rmdir+0x1a/0x20
[  545.077892][T20242]  vfs_rmdir+0x398/0x500
[  545.082003][T20242]  incfs_kill_sb+0x113/0x230
[  545.086408][T20242]  deactivate_locked_super+0xad/0x110
[  545.091628][T20242]  deactivate_super+0xbe/0xf0
[  545.096121][T20242]  cleanup_mnt+0x485/0x510
[  545.100386][T20242]  ? user_path_at_empty+0x14e/0x1a0
[  545.105408][T20242]  __cleanup_mnt+0x19/0x20
[  545.109676][T20242]  task_work_run+0x24d/0x2e0
[  545.114087][T20242]  ? task_work_cancel+0x2b0/0x2b0
[  545.118971][T20242]  ? __x64_sys_umount+0x122/0x170
[  545.123807][T20242]  exit_to_user_mode_loop+0x94/0xa0
[  545.128847][T20242]  exit_to_user_mode_prepare+0x5a/0xa0
[  545.134144][T20242]  syscall_exit_to_user_mode+0x26/0x140
[  545.139537][T20242]  do_syscall_64+0x49/0xb0
[  545.143769][T20242]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  545.149513][T20242] RIP: 0033:0x7fbb7e27e257
[  545.153754][T20242] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  545.173239][T20242] RSP: 002b:00007ffd73742828 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  545.181482][T20242] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fbb7e27e257
[  545.189265][T20242] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd737428e0
[  545.197061][T20242] RBP: 00007ffd737428e0 R08: 0000000000000000 R09: 0000000000000000
[  545.204901][T20242] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd73743990
[  545.212709][T20242] R13: 00007fbb7e2d96c6 R14: 0000000000084a41 R15: 0000000000000017
[  545.220516][T20242]  </TASK>
[  545.223360][T20242] ---[ end trace 0000000000000000 ]---
[  545.229584][T20242] ------------[ cut here ]------------
[  545.234853][T20242] WARNING: CPU: 0 PID: 20242 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  545.244207][T20242] Modules linked in:
[  545.247902][T20242] CPU: 0 PID: 20242 Comm: syz-executor.4 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  545.259400][T20242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  545.269290][T20242] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  545.274689][T20242] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  545.294596][T20242] RSP: 0018:ffffc900054b7ae0 EFLAGS: 00010293
[  545.300595][T20242] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff8881173b8000
[  545.308280][T20242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  545.316147][T20242] RBP: ffffc900054b7b10 R08: ffffffff821f2c34 R09: ffffed10200c03c1
[  545.323915][T20242] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88812021f330
[  545.331724][T20242] R13: ffff88812021f360 R14: 1ffff11024043e6c R15: ffff888100601d60
[  545.339536][T20242] FS:  0000555555f70480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  545.348291][T20242] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  545.354726][T20242] CR2: 0000001b2cd47000 CR3: 0000000140355000 CR4: 00000000003506b0
[  545.362631][T20242] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  545.370445][T20242] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  545.378233][T20242] Call Trace:
[  545.381373][T20242]  <TASK>
[  545.384137][T20242]  ? show_regs+0x58/0x60
[  545.388216][T20242]  ? __warn+0x160/0x3d0
[  545.392222][T20242]  ? ovl_dir_modified+0x1a5/0x1e0
[  545.397070][T20242]  ? report_bug+0x4d5/0x7d0
[  545.401424][T20242]  ? ovl_dir_modified+0x1a5/0x1e0
[  545.406269][T20242]  ? handle_bug+0x41/0x70
[  545.410445][T20242]  ? exc_invalid_op+0x1b/0x50
[  545.414949][T20242]  ? asm_exc_invalid_op+0x1b/0x20
[  545.419826][T20242]  ? ovl_dir_modified+0xa4/0x1e0
[  545.424582][T20242]  ? ovl_dir_modified+0x1a5/0x1e0
[  545.429454][T20242]  ? ovl_dir_modified+0x1a5/0x1e0
[  545.434303][T20242]  ovl_do_remove+0x7fc/0xbf0
[  545.438731][T20242]  ? ovl_set_redirect+0x670/0x670
[  545.443609][T20242]  ? selinux_inode_rmdir+0x22/0x30
[  545.448537][T20242]  ovl_rmdir+0x1a/0x20
[  545.452483][T20242]  vfs_rmdir+0x398/0x500
[  545.456523][T20242]  incfs_kill_sb+0x1b4/0x230
[  545.460962][T20242]  deactivate_locked_super+0xad/0x110
[  545.466158][T20242]  deactivate_super+0xbe/0xf0
[  545.470683][T20242]  cleanup_mnt+0x485/0x510
[  545.474923][T20242]  ? user_path_at_empty+0x14e/0x1a0
[  545.479982][T20242]  __cleanup_mnt+0x19/0x20
[  545.484299][T20242]  task_work_run+0x24d/0x2e0
[  545.488724][T20242]  ? task_work_cancel+0x2b0/0x2b0
[  545.493717][T20242]  ? __x64_sys_umount+0x122/0x170
[  545.498550][T20242]  exit_to_user_mode_loop+0x94/0xa0
[  545.503599][T20242]  exit_to_user_mode_prepare+0x5a/0xa0
[  545.508889][T20242]  syscall_exit_to_user_mode+0x26/0x140
[  545.514253][T20242]  do_syscall_64+0x49/0xb0
[  545.518505][T20242]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  545.524251][T20242] RIP: 0033:0x7fbb7e27e257
[  545.528486][T20242] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  545.547969][T20242] RSP: 002b:00007ffd73742828 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  545.556186][T20242] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fbb7e27e257
[  545.563997][T20242] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd737428e0
[  545.571807][T20242] RBP: 00007ffd737428e0 R08: 0000000000000000 R09: 0000000000000000
[  545.579616][T20242] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd73743990
[  545.587416][T20242] R13: 00007fbb7e2d96c6 R14: 0000000000084a41 R15: 0000000000000017
[  545.595252][T20242]  </TASK>
[  545.598094][T20242] ---[ end trace 0000000000000000 ]---
[  545.622580][T20302] bridge0: port 1(bridge_slave_0) entered blocking state
[  545.629698][T20302] bridge0: port 1(bridge_slave_0) entered disabled state
[  545.637212][T20302] device bridge_slave_0 entered promiscuous mode
[  545.643870][T20302] bridge0: port 2(bridge_slave_1) entered blocking state
[  545.650963][T20302] bridge0: port 2(bridge_slave_1) entered disabled state
[  545.658313][T20302] device bridge_slave_1 entered promiscuous mode
[  545.775307][T20302] bridge0: port 2(bridge_slave_1) entered blocking state
[  545.782181][T20302] bridge0: port 2(bridge_slave_1) entered forwarding state
[  545.789249][T20302] bridge0: port 1(bridge_slave_0) entered blocking state
[  545.796043][T20302] bridge0: port 1(bridge_slave_0) entered forwarding state
[  545.806652][T16779] bridge0: port 1(bridge_slave_0) entered disabled state
[  545.814195][T16779] bridge0: port 2(bridge_slave_1) entered disabled state
[  545.822875][T16779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  545.915882][T20320] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  545.931485][T20320] FAT-fs (loop9): unable to read boot sector
[  546.048947][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  546.056694][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  546.064100][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  546.072475][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  546.080516][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  546.087364][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  546.094574][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  546.103221][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  546.111265][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  546.118085][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  546.134123][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  546.142541][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  546.160388][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  546.168361][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  546.180317][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  546.188762][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  546.201982][T20302] device veth0_vlan entered promiscuous mode
[  546.208530][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  546.216469][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  546.230780][T20302] device veth1_macvtap entered promiscuous mode
[  546.237655][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  546.244939][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  546.252719][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  546.260999][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  546.268937][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  546.286128][T16779] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  546.294567][T16779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  546.303506][T16779] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  546.311750][T16779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  546.375833][T20337] loop2: detected capacity change from 0 to 8192
[  546.459983][   T28] audit: type=1400 audit(2000000176.299:23477): avc:  denied  { setattr } for  pid=20349 comm="syz-executor.4" name="file0" dev="sda1" ino=1975 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1
[  546.498841][   T43] device bridge_slave_1 left promiscuous mode
[  546.504957][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  546.510440][T20354] loop4: detected capacity change from 0 to 2048
[  546.518168][   T43] device bridge_slave_0 left promiscuous mode
[  546.524270][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  546.531832][   T43] device veth1_macvtap left promiscuous mode
[  546.537729][   T43] device veth0_vlan left promiscuous mode
[  546.710676][T20354]  loop4: p1 < > p4
[  546.717307][T20354] loop4: p4 size 8388608 extends beyond EOD, truncated
[  546.926024][T20366] loop4: detected capacity change from 0 to 8192
[  547.419061][T16779] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  547.658984][T16779] usb 5-1: Using ep0 maxpacket: 32
[  547.779086][T16779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  547.789838][T16779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  547.799361][T16779] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  547.811959][T16779] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[  547.820781][T16779] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  547.829054][T16779] usb 5-1: config 0 descriptor??
[  548.071161][T20380] loop4: detected capacity change from 0 to 512
[  548.079541][T20380] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz-executor.4: casefold flag without casefold feature
[  548.092601][T20380] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #2: comm syz-executor.4: missing EA_INODE flag
[  548.104567][T20380] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor.4: error while reading EA inode 2 err=-117
[  548.117307][T20380] EXT4-fs (loop4): 1 orphan inode deleted
[  548.122967][T20380] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  548.150505][T20380] overlayfs: unrecognized mount option "appraise_type=imasig" or missing value
[  548.650205][T20380] 9pnet_fd: Insufficient options for proto=fd
[  548.708986][T16779] usbhid 5-1:0.0: can't add hid device: -71
[  548.714751][T16779] usbhid: probe of 5-1:0.0 failed with error -71
[  548.721418][T16779] usb 5-1: USB disconnect, device number 52
[  549.035663][T20302] ------------[ cut here ]------------
[  549.041252][T20302] WARNING: CPU: 1 PID: 20302 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  549.050680][T20302] Modules linked in:
[  549.054394][T20302] CPU: 1 PID: 20302 Comm: syz-executor.2 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  549.066156][T20302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  549.076308][T20302] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  549.081965][T20302] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  549.101362][T20302] RSP: 0018:ffffc90000ad7ae0 EFLAGS: 00010293
[  549.107372][T20302] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff88813e89a880
[  549.115206][T20302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  549.122999][T20302] RBP: ffffc90000ad7b10 R08: ffffffff821f2c34 R09: ffffed10279becab
[  549.130817][T20302] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813ad77330
[  549.138827][T20302] R13: ffff88813ad77360 R14: 1ffff110275aee6c R15: ffff88813cdf64b0
[  549.146687][T20302] FS:  00005555569d0480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  549.155495][T20302] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  549.161894][T20302] CR2: 00005555569d9818 CR3: 0000000120d94000 CR4: 00000000003506a0
[  549.169883][T20302] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  549.177690][T20302] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  549.185608][T20302] Call Trace:
[  549.188707][T20302]  <TASK>
[  549.191506][T20302]  ? show_regs+0x58/0x60
[  549.195569][T20302]  ? __warn+0x160/0x3d0
[  549.199570][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  549.204420][T20302]  ? report_bug+0x4d5/0x7d0
[  549.208760][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  549.213657][T20302]  ? handle_bug+0x41/0x70
[  549.217784][T20302]  ? exc_invalid_op+0x1b/0x50
[  549.222326][T20302]  ? asm_exc_invalid_op+0x1b/0x20
[  549.227161][T20302]  ? ovl_dir_modified+0xa4/0x1e0
[  549.231949][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  549.236797][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  549.241853][T20302]  ovl_do_remove+0x7fc/0xbf0
[  549.246255][T20302]  ? ovl_set_redirect+0x670/0x670
[  549.251129][T20302]  ? selinux_inode_rmdir+0x22/0x30
[  549.256061][T20302]  ovl_rmdir+0x1a/0x20
[  549.259978][T20302]  vfs_rmdir+0x398/0x500
[  549.264209][T20302]  incfs_kill_sb+0x113/0x230
[  549.268632][T20302]  deactivate_locked_super+0xad/0x110
[  549.273857][T20302]  deactivate_super+0xbe/0xf0
[  549.278351][T20302]  cleanup_mnt+0x485/0x510
[  549.282629][T20302]  ? user_path_at_empty+0x14e/0x1a0
[  549.287638][T20302]  __cleanup_mnt+0x19/0x20
[  549.292014][T20302]  task_work_run+0x24d/0x2e0
[  549.296315][T20302]  ? task_work_cancel+0x2b0/0x2b0
[  549.301242][T20302]  ? __x64_sys_umount+0x122/0x170
[  549.306036][T20302]  exit_to_user_mode_loop+0x94/0xa0
[  549.311096][T20302]  exit_to_user_mode_prepare+0x5a/0xa0
[  549.316371][T20302]  syscall_exit_to_user_mode+0x26/0x140
[  549.321778][T20302]  do_syscall_64+0x49/0xb0
[  549.326005][T20302]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  549.331744][T20302] RIP: 0033:0x7f57a847e257
[  549.335983][T20302] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  549.355448][T20302] RSP: 002b:00007ffdd7620108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  549.363684][T20302] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f57a847e257
[  549.371746][T20302] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdd76201c0
[  549.379583][T20302] RBP: 00007ffdd76201c0 R08: 0000000000000000 R09: 0000000000000000
[  549.387328][T20302] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdd7621270
[  549.395156][T20302] R13: 00007f57a84d96c6 R14: 0000000000085d3c R15: 0000000000000017
[  549.402971][T20302]  </TASK>
[  549.405815][T20302] ---[ end trace 0000000000000000 ]---
[  549.411578][T20302] ------------[ cut here ]------------
[  549.416866][T20302] WARNING: CPU: 0 PID: 20302 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  549.426168][T20302] Modules linked in:
[  549.429886][T20302] CPU: 0 PID: 20302 Comm: syz-executor.2 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  549.441332][T20302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  549.451321][T20302] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  549.456686][T20302] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  549.476357][T20302] RSP: 0018:ffffc90000ad7ae0 EFLAGS: 00010293
[  549.482270][T20302] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff88813e89a880
[  549.490097][T20302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  549.497869][T20302] RBP: ffffc90000ad7b10 R08: ffffffff821f2c34 R09: ffffed10279becab
[  549.505706][T20302] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813ad77330
[  549.513518][T20302] R13: ffff88813ad77360 R14: 1ffff110275aee6c R15: ffff88813cdf64b0
[  549.521324][T20302] FS:  00005555569d0480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  549.530127][T20302] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  549.536495][T20302] CR2: 00007ffd73740f88 CR3: 0000000120d94000 CR4: 00000000003506b0
[  549.544335][T20302] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  549.552126][T20302] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  549.559934][T20302] Call Trace:
[  549.563047][T20302]  <TASK>
[  549.565833][T20302]  ? show_regs+0x58/0x60
[  549.569917][T20302]  ? __warn+0x160/0x3d0
[  549.573895][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  549.578763][T20302]  ? report_bug+0x4d5/0x7d0
[  549.583199][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  549.588046][T20302]  ? handle_bug+0x41/0x70
[  549.592221][T20302]  ? exc_invalid_op+0x1b/0x50
[  549.596732][T20302]  ? asm_exc_invalid_op+0x1b/0x20
[  549.601593][T20302]  ? ovl_dir_modified+0xa4/0x1e0
[  549.606360][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  549.611234][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  549.616103][T20302]  ovl_do_remove+0x7fc/0xbf0
[  549.620516][T20302]  ? ovl_set_redirect+0x670/0x670
[  549.625398][T20302]  ? selinux_inode_rmdir+0x22/0x30
[  549.630324][T20302]  ovl_rmdir+0x1a/0x20
[  549.634214][T20302]  vfs_rmdir+0x398/0x500
[  549.638296][T20302]  incfs_kill_sb+0x1b4/0x230
[  549.642748][T20302]  deactivate_locked_super+0xad/0x110
[  549.647928][T20302]  deactivate_super+0xbe/0xf0
[  549.652470][T20302]  cleanup_mnt+0x485/0x510
[  549.656695][T20302]  ? user_path_at_empty+0x14e/0x1a0
[  549.661742][T20302]  __cleanup_mnt+0x19/0x20
[  549.665987][T20302]  task_work_run+0x24d/0x2e0
[  549.670427][T20302]  ? task_work_cancel+0x2b0/0x2b0
[  549.675275][T20302]  ? __x64_sys_umount+0x122/0x170
[  549.680323][T20302]  exit_to_user_mode_loop+0x94/0xa0
[  549.685338][T20302]  exit_to_user_mode_prepare+0x5a/0xa0
[  549.690729][T20302]  syscall_exit_to_user_mode+0x26/0x140
[  549.696021][T20302]  do_syscall_64+0x49/0xb0
[  549.700367][T20302]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  549.705993][T20302] RIP: 0033:0x7f57a847e257
[  549.710265][T20302] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  549.729794][T20302] RSP: 002b:00007ffdd7620108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  549.738020][T20302] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f57a847e257
[  549.745847][T20302] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdd76201c0
[  549.753655][T20302] RBP: 00007ffdd76201c0 R08: 0000000000000000 R09: 0000000000000000
[  549.761472][T20302] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdd7621270
[  549.769343][T20302] R13: 00007f57a84d96c6 R14: 0000000000085d3c R15: 0000000000000017
[  549.777078][T20302]  </TASK>
[  549.780005][T20302] ---[ end trace 0000000000000000 ]---
[  549.788533][T20242] EXT4-fs (loop4): unmounting filesystem.
[  549.837459][T20436] loop4: detected capacity change from 0 to 256
[  549.863241][T20441] loop4: detected capacity change from 0 to 512
[  549.871550][T20441] EXT4-fs (loop4): 1 truncate cleaned up
[  549.877252][T20441] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  550.700977][T20242] EXT4-fs (loop4): unmounting filesystem.
[  550.712176][T20476] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  550.748638][T20302] ------------[ cut here ]------------
[  550.753966][T20302] WARNING: CPU: 0 PID: 20302 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  550.763243][T20302] Modules linked in:
[  550.767030][T20302] CPU: 0 PID: 20302 Comm: syz-executor.2 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  550.778602][T20302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  550.788575][T20302] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  550.794062][T20302] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  550.813532][T20302] RSP: 0018:ffffc90000ad7ae0 EFLAGS: 00010293
[  550.819369][T20302] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff88813e89a880
[  550.827164][T20302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  550.834996][T20302] RBP: ffffc90000ad7b10 R08: ffffffff821f2c34 R09: ffffed10279bed20
[  550.842798][T20302] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881124cbee0
[  550.850820][T20302] R13: ffff8881124cbf10 R14: 1ffff110224997e2 R15: ffff88813cdf6858
[  550.858621][T20302] FS:  00005555569d0480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  550.867504][T20302] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  550.873920][T20302] CR2: 00005555569d9818 CR3: 0000000120d94000 CR4: 00000000003506b0
[  550.881752][T20302] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  550.889564][T20302] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  550.897346][T20302] Call Trace:
[  550.900481][T20302]  <TASK>
[  550.903245][T20302]  ? show_regs+0x58/0x60
[  550.907323][T20302]  ? __warn+0x160/0x3d0
[  550.911349][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  550.916178][T20302]  ? report_bug+0x4d5/0x7d0
[  550.920528][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  550.925378][T20302]  ? handle_bug+0x41/0x70
[  550.929557][T20302]  ? exc_invalid_op+0x1b/0x50
[  550.934057][T20302]  ? asm_exc_invalid_op+0x1b/0x20
[  550.938931][T20302]  ? ovl_dir_modified+0xa4/0x1e0
[  550.943689][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  550.948558][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  550.953450][T20302]  ovl_do_remove+0x7fc/0xbf0
[  550.957842][T20302]  ? ovl_set_redirect+0x670/0x670
[  550.962723][T20302]  ? selinux_inode_rmdir+0x22/0x30
[  550.967646][T20302]  ovl_rmdir+0x1a/0x20
[  550.971567][T20302]  vfs_rmdir+0x398/0x500
[  550.975631][T20302]  incfs_kill_sb+0x113/0x230
[  550.980073][T20302]  deactivate_locked_super+0xad/0x110
[  550.985264][T20302]  deactivate_super+0xbe/0xf0
[  550.989799][T20302]  cleanup_mnt+0x485/0x510
[  550.994030][T20302]  ? user_path_at_empty+0x14e/0x1a0
[  550.999077][T20302]  __cleanup_mnt+0x19/0x20
[  551.003319][T20302]  task_work_run+0x24d/0x2e0
[  551.007746][T20302]  ? task_work_cancel+0x2b0/0x2b0
[  551.012623][T20302]  ? __x64_sys_umount+0x122/0x170
[  551.017465][T20302]  exit_to_user_mode_loop+0x94/0xa0
[  551.022511][T20302]  exit_to_user_mode_prepare+0x5a/0xa0
[  551.027796][T20302]  syscall_exit_to_user_mode+0x26/0x140
[  551.033185][T20302]  do_syscall_64+0x49/0xb0
[  551.037427][T20302]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  551.043168][T20302] RIP: 0033:0x7f57a847e257
[  551.047409][T20302] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  551.067068][T20302] RSP: 002b:00007ffdd7620108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  551.075391][T20302] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f57a847e257
[  551.083127][T20302] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdd76201c0
[  551.090921][T20302] RBP: 00007ffdd76201c0 R08: 0000000000000000 R09: 0000000000000000
[  551.098745][T20302] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdd7621270
[  551.106682][T20302] R13: 00007f57a84d96c6 R14: 00000000000863e3 R15: 0000000000000017
[  551.114459][T20302]  </TASK>
[  551.117296][T20302] ---[ end trace 0000000000000000 ]---
[  551.123325][T20302] ------------[ cut here ]------------
[  551.128632][T20302] WARNING: CPU: 1 PID: 20302 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  551.137974][T20302] Modules linked in:
[  551.141659][T20302] CPU: 1 PID: 20302 Comm: syz-executor.2 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  551.153126][T20302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  551.162993][T20302] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  551.168439][T20302] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  551.187913][T20302] RSP: 0018:ffffc90000ad7ae0 EFLAGS: 00010293
[  551.193797][T20302] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff88813e89a880
[  551.201610][T20302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  551.209453][T20302] RBP: ffffc90000ad7b10 R08: ffffffff821f2c34 R09: ffffed10279bed20
[  551.217212][T20302] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881124cbee0
[  551.225064][T20302] R13: ffff8881124cbf10 R14: 1ffff110224997e2 R15: ffff88813cdf6858
[  551.232861][T20302] FS:  00005555569d0480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  551.241662][T20302] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  551.248027][T20302] CR2: 0000555555f79818 CR3: 0000000120d94000 CR4: 00000000003506a0
[  551.255899][T20302] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  551.263806][T20302] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  551.271662][T20302] Call Trace:
[  551.274721][T20302]  <TASK>
[  551.277499][T20302]  ? show_regs+0x58/0x60
[  551.281603][T20302]  ? __warn+0x160/0x3d0
[  551.285570][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  551.290462][T20302]  ? report_bug+0x4d5/0x7d0
[  551.294856][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  551.299744][T20302]  ? handle_bug+0x41/0x70
[  551.303971][T20302]  ? exc_invalid_op+0x1b/0x50
[  551.308492][T20302]  ? asm_exc_invalid_op+0x1b/0x20
[  551.313363][T20302]  ? ovl_dir_modified+0xa4/0x1e0
[  551.318118][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  551.323019][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  551.327844][T20302]  ovl_do_remove+0x7fc/0xbf0
[  551.332306][T20302]  ? ovl_set_redirect+0x670/0x670
[  551.337128][T20302]  ? selinux_inode_rmdir+0x22/0x30
[  551.342091][T20302]  ovl_rmdir+0x1a/0x20
[  551.345980][T20302]  vfs_rmdir+0x398/0x500
[  551.350164][T20302]  incfs_kill_sb+0x1b4/0x230
[  551.354570][T20302]  deactivate_locked_super+0xad/0x110
[  551.359810][T20302]  deactivate_super+0xbe/0xf0
[  551.364416][T20302]  cleanup_mnt+0x485/0x510
[  551.368677][T20302]  ? user_path_at_empty+0x14e/0x1a0
[  551.373732][T20302]  __cleanup_mnt+0x19/0x20
[  551.377954][T20302]  task_work_run+0x24d/0x2e0
[  551.382501][T20302]  ? task_work_cancel+0x2b0/0x2b0
[  551.387330][T20302]  ? __x64_sys_umount+0x122/0x170
[  551.392207][T20302]  exit_to_user_mode_loop+0x94/0xa0
[  551.397234][T20302]  exit_to_user_mode_prepare+0x5a/0xa0
[  551.402537][T20302]  syscall_exit_to_user_mode+0x26/0x140
[  551.407902][T20302]  do_syscall_64+0x49/0xb0
[  551.412256][T20302]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  551.417969][T20302] RIP: 0033:0x7f57a847e257
[  551.422242][T20302] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  551.441728][T20302] RSP: 002b:00007ffdd7620108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  551.450027][T20302] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f57a847e257
[  551.457796][T20302] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdd76201c0
[  551.465553][T20302] RBP: 00007ffdd76201c0 R08: 0000000000000000 R09: 0000000000000000
[  551.473362][T20302] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdd7621270
[  551.481178][T20302] R13: 00007f57a84d96c6 R14: 00000000000863e3 R15: 0000000000000017
[  551.489089][T20302]  </TASK>
[  551.491919][T20302] ---[ end trace 0000000000000000 ]---
[  552.439758][T20053] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  552.453923][T17175] ------------[ cut here ]------------
[  552.459241][T17175] WARNING: CPU: 0 PID: 17175 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  552.468494][T17175] Modules linked in:
[  552.472251][T17175] CPU: 0 PID: 17175 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  552.483707][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  552.493601][T17175] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  552.499177][T17175] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  552.518597][T17175] RSP: 0000:ffffc90002447ae0 EFLAGS: 00010293
[  552.524497][T17175] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff8881424a3cc0
[  552.532306][T17175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  552.540117][T17175] RBP: ffffc90002447b10 R08: ffffffff821f2c34 R09: ffffed10279be819
[  552.547910][T17175] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813cc71770
[  552.555754][T17175] R13: ffff88813cc717a0 R14: 1ffff1102798e2f4 R15: ffff88813cdf4020
[  552.563567][T17175] FS:  000055555606a480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  552.572461][T17175] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  552.578869][T17175] CR2: 00007ffd8bf0fca8 CR3: 000000010f0b3000 CR4: 00000000003506b0
[  552.586680][T17175] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  552.594512][T17175] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  552.602321][T17175] Call Trace:
[  552.605427][T17175]  <TASK>
[  552.608201][T17175]  ? show_regs+0x58/0x60
[  552.612323][T17175]  ? __warn+0x160/0x3d0
[  552.616271][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  552.621168][T17175]  ? report_bug+0x4d5/0x7d0
[  552.625480][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  552.630355][T17175]  ? handle_bug+0x41/0x70
[  552.634506][T17175]  ? exc_invalid_op+0x1b/0x50
[  552.639030][T17175]  ? asm_exc_invalid_op+0x1b/0x20
[  552.643871][T17175]  ? ovl_dir_modified+0xa4/0x1e0
[  552.648645][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  552.653658][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  552.658501][T17175]  ovl_do_remove+0x7fc/0xbf0
[  552.662973][T17175]  ? ovl_set_redirect+0x670/0x670
[  552.667792][T17175]  ? selinux_inode_rmdir+0x22/0x30
[  552.672757][T17175]  ovl_rmdir+0x1a/0x20
[  552.676639][T17175]  vfs_rmdir+0x398/0x500
[  552.680746][T17175]  incfs_kill_sb+0x113/0x230
[  552.685146][T17175]  deactivate_locked_super+0xad/0x110
[  552.690373][T17175]  deactivate_super+0xbe/0xf0
[  552.694868][T17175]  cleanup_mnt+0x485/0x510
[  552.699135][T17175]  ? user_path_at_empty+0x14e/0x1a0
[  552.704155][T17175]  __cleanup_mnt+0x19/0x20
[  552.708581][T17175]  task_work_run+0x24d/0x2e0
[  552.713026][T17175]  ? task_work_cancel+0x2b0/0x2b0
[  552.717869][T17175]  ? __x64_sys_umount+0x122/0x170
[  552.722763][T17175]  exit_to_user_mode_loop+0x94/0xa0
[  552.727765][T17175]  exit_to_user_mode_prepare+0x5a/0xa0
[  552.733077][T17175]  syscall_exit_to_user_mode+0x26/0x140
[  552.738445][T17175]  do_syscall_64+0x49/0xb0
[  552.742734][T17175]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  552.748419][T17175] RIP: 0033:0x7fdfa3e7e257
[  552.752696][T17175] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  552.772332][T17175] RSP: 002b:00007ffd8bf10458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  552.780559][T17175] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fdfa3e7e257
[  552.788354][T17175] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd8bf10510
[  552.796183][T17175] RBP: 00007ffd8bf10510 R08: 0000000000000000 R09: 0000000000000000
[  552.804006][T17175] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd8bf115c0
[  552.811933][T17175] R13: 00007fdfa3ed96c6 R14: 0000000000086a51 R15: 0000000000000017
[  552.819721][T17175]  </TASK>
[  552.822566][T17175] ---[ end trace 0000000000000000 ]---
[  552.829709][T17175] ------------[ cut here ]------------
[  552.834986][T17175] WARNING: CPU: 0 PID: 17175 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  552.844395][T17175] Modules linked in:
[  552.848206][T17175] CPU: 0 PID: 17175 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  552.859771][T17175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  552.869582][T17175] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  552.875027][T17175] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  552.894539][T17175] RSP: 0000:ffffc90002447ae0 EFLAGS: 00010293
[  552.900400][T17175] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff8881424a3cc0
[  552.908182][T17175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  552.913438][T20520] loop2: detected capacity change from 0 to 1024
[  552.916036][T17175] RBP: ffffc90002447b10 R08: ffffffff821f2c34 R09: ffffed10279be819
[  552.925137][T20520] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  552.930035][T17175] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813cc71770
[  552.946501][T17175] R13: ffff88813cc717a0 R14: 1ffff1102798e2f4 R15: ffff88813cdf4020
[  552.954301][T17175] FS:  000055555606a480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  552.954324][T17175] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  552.954337][T17175] CR2: 00007ffd8bf0fca8 CR3: 000000010f0b3000 CR4: 00000000003506b0
[  552.954353][T17175] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  552.985200][T17175] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  552.985220][T17175] Call Trace:
[  552.985225][T17175]  <TASK>
[  552.985231][T17175]  ? show_regs+0x58/0x60
[  553.003225][T17175]  ? __warn+0x160/0x3d0
[  553.007215][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  553.012098][T17175]  ? report_bug+0x4d5/0x7d0
[  553.016417][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  553.021307][T17175]  ? handle_bug+0x41/0x70
[  553.025546][T17175]  ? exc_invalid_op+0x1b/0x50
[  553.030071][T17175]  ? asm_exc_invalid_op+0x1b/0x20
[  553.034915][T17175]  ? ovl_dir_modified+0xa4/0x1e0
[  553.039731][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  553.044536][T17175]  ? ovl_dir_modified+0x1a5/0x1e0
[  553.049422][T17175]  ovl_do_remove+0x7fc/0xbf0
[  553.053828][T17175]  ? ovl_set_redirect+0x670/0x670
[  553.058772][T17175]  ? selinux_inode_rmdir+0x22/0x30
[  553.063751][T17175]  ovl_rmdir+0x1a/0x20
[  553.067627][T17175]  vfs_rmdir+0x398/0x500
[  553.071727][T17175]  incfs_kill_sb+0x1b4/0x230
[  553.076129][T17175]  deactivate_locked_super+0xad/0x110
[  553.081361][T17175]  deactivate_super+0xbe/0xf0
[  553.085878][T17175]  cleanup_mnt+0x485/0x510
[  553.090129][T17175]  ? user_path_at_empty+0x14e/0x1a0
[  553.095313][T17175]  __cleanup_mnt+0x19/0x20
[  553.099587][T17175]  task_work_run+0x24d/0x2e0
[  553.103991][T17175]  ? task_work_cancel+0x2b0/0x2b0
[  553.108853][T17175]  ? __x64_sys_umount+0x122/0x170
[  553.113818][T17175]  exit_to_user_mode_loop+0x94/0xa0
[  553.118836][T17175]  exit_to_user_mode_prepare+0x5a/0xa0
[  553.124164][T17175]  syscall_exit_to_user_mode+0x26/0x140
[  553.129522][T17175]  do_syscall_64+0x49/0xb0
[  553.133760][T17175]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  553.139525][T17175] RIP: 0033:0x7fdfa3e7e257
[  553.143742][T17175] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  553.163222][T17175] RSP: 002b:00007ffd8bf10458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  553.171442][T17175] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fdfa3e7e257
[  553.179278][T17175] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd8bf10510
[  553.187142][T17175] RBP: 00007ffd8bf10510 R08: 0000000000000000 R09: 0000000000000000
[  553.194964][T17175] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd8bf115c0
[  553.202789][T17175] R13: 00007fdfa3ed96c6 R14: 0000000000086a51 R15: 0000000000000017
[  553.210589][T17175]  </TASK>
[  553.213436][T17175] ---[ end trace 0000000000000000 ]---
[  553.223323][T20302] EXT4-fs (loop2): unmounting filesystem.
[  554.624970][T20302] ------------[ cut here ]------------
[  554.630297][T20302] WARNING: CPU: 1 PID: 20302 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  554.639588][T20302] Modules linked in:
[  554.643276][T20302] CPU: 1 PID: 20302 Comm: syz-executor.2 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  554.654858][T20302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  554.664744][T20302] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  554.670319][T20302] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  554.689964][T20302] RSP: 0018:ffffc90000ad7ae0 EFLAGS: 00010293
[  554.695817][T20302] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff88813e89a880
[  554.703671][T20302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  554.711467][T20302] RBP: ffffc90000ad7b10 R08: ffffffff821f2c34 R09: ffffed1024024978
[  554.719273][T20302] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813cc28330
[  554.727151][T20302] R13: ffff88813cc28360 R14: 1ffff1102798506c R15: ffff888120124b18
[  554.735176][T20302] FS:  00005555569d0480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  554.743927][T20302] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  554.750345][T20302] CR2: 000000c0049ce038 CR3: 0000000120d94000 CR4: 00000000003506a0
[  554.758137][T20302] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  554.766117][T20302] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  554.768982][T20053] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  554.773945][T20302] Call Trace:
[  554.786943][T20302]  <TASK>
[  554.789767][T20302]  ? show_regs+0x58/0x60
[  554.793800][T20302]  ? __warn+0x160/0x3d0
[  554.794029][T20053] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  554.797790][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  554.811357][T20302]  ? report_bug+0x4d5/0x7d0
[  554.815677][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  554.820555][T20302]  ? handle_bug+0x41/0x70
[  554.821743][T20053] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  554.824690][T20302]  ? exc_invalid_op+0x1b/0x50
[  554.839910][T20302]  ? asm_exc_invalid_op+0x1b/0x20
[  554.844748][T20302]  ? ovl_dir_modified+0xa4/0x1e0
[  554.849552][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  554.854467][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  554.859622][T20302]  ovl_do_remove+0x7fc/0xbf0
[  554.864426][T20302]  ? ovl_set_redirect+0x670/0x670
[  554.869479][T20302]  ? selinux_inode_rmdir+0x22/0x30
[  554.874458][T20302]  ovl_rmdir+0x1a/0x20
[  554.878358][T20302]  vfs_rmdir+0x398/0x500
[  554.882450][T20302]  incfs_kill_sb+0x113/0x230
[  554.886855][T20302]  deactivate_locked_super+0xad/0x110
[  554.892163][T20302]  deactivate_super+0xbe/0xf0
[  554.896668][T20302]  cleanup_mnt+0x485/0x510
[  554.900856][T20302]  ? user_path_at_empty+0x14e/0x1a0
[  554.905917][T20302]  __cleanup_mnt+0x19/0x20
[  554.910165][T20302]  task_work_run+0x24d/0x2e0
[  554.914548][T20302]  ? task_work_cancel+0x2b0/0x2b0
[  554.919484][T20302]  ? __x64_sys_umount+0x122/0x170
[  554.924332][T20302]  exit_to_user_mode_loop+0x94/0xa0
[  554.929343][T20302]  exit_to_user_mode_prepare+0x5a/0xa0
[  554.934714][T20302]  syscall_exit_to_user_mode+0x26/0x140
[  554.940080][T20302]  do_syscall_64+0x49/0xb0
[  554.944313][T20302]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  554.950059][T20302] RIP: 0033:0x7f57a847e257
[  554.954479][T20302] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  554.973978][T20302] RSP: 002b:00007ffdd7620108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  554.982183][T20302] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f57a847e257
[  554.989988][T20302] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdd76201c0
[  554.997785][T20302] RBP: 00007ffdd76201c0 R08: 0000000000000000 R09: 0000000000000000
[  555.005614][T20302] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdd7621270
[  555.013462][T20302] R13: 00007f57a84d96c6 R14: 0000000000087183 R15: 0000000000000017
[  555.021241][T20302]  </TASK>
[  555.024084][T20302] ---[ end trace 0000000000000000 ]---
[  555.030064][T20302] ------------[ cut here ]------------
[  555.035362][T20302] WARNING: CPU: 0 PID: 20302 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  555.044857][T20302] Modules linked in:
[  555.048564][T20302] CPU: 0 PID: 20302 Comm: syz-executor.2 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  555.060073][T20302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  555.069929][T20302] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  555.075393][T20302] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  555.094950][T20302] RSP: 0018:ffffc90000ad7ae0 EFLAGS: 00010293
[  555.100829][T20302] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff88813e89a880
[  555.108625][T20302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  555.110558][T20544] fuse: Bad value for 'fd'
[  555.116488][T20302] RBP: ffffc90000ad7b10 R08: ffffffff821f2c34 R09: ffffed1024024978
[  555.128505][T20302] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813cc28330
[  555.136348][T20302] R13: ffff88813cc28360 R14: 1ffff1102798506c R15: ffff888120124b18
[  555.144135][T20302] FS:  00005555569d0480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  555.152906][T20302] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  555.159319][T20302] CR2: 0000001b2cb2c000 CR3: 0000000120d94000 CR4: 00000000003506b0
[  555.167123][T20302] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  555.174952][T20302] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  555.182776][T20302] Call Trace:
[  555.185592][   T28] audit: type=1326 audit(2000000185.019:23478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa3e7cf29 code=0x7ffc0000
[  555.185866][T20302]  <TASK>
[  555.185875][T20302]  ? show_regs+0x58/0x60
[  555.209807][   T28] audit: type=1326 audit(2000000185.019:23479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdfa3e7cc8b code=0x7ffc0000
[  555.212512][T20302]  ? __warn+0x160/0x3d0
[  555.216595][   T28] audit: type=1326 audit(2000000185.019:23480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa3e7cf29 code=0x7ffc0000
[  555.240403][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  555.244372][   T28] audit: type=1326 audit(2000000185.019:23481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdfa3e7cf29 code=0x7ffc0000
[  555.268252][T20302]  ? report_bug+0x4d5/0x7d0
[  555.268278][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  555.268298][T20302]  ? handle_bug+0x41/0x70
[  555.268313][T20302]  ? exc_invalid_op+0x1b/0x50
[  555.268327][T20302]  ? asm_exc_invalid_op+0x1b/0x20
[  555.268342][T20302]  ? ovl_dir_modified+0xa4/0x1e0
[  555.273420][   T28] audit: type=1326 audit(2000000185.019:23482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa3e7cf29 code=0x7ffc0000
[  555.296985][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  555.301387][   T28] audit: type=1326 audit(2000000185.019:23483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdfa3e7cf29 code=0x7ffc0000
[  555.306162][T20302]  ? ovl_dir_modified+0x1a5/0x1e0
[  555.382032][T20302]  ovl_do_remove+0x7fc/0xbf0
[  555.386448][T20302]  ? ovl_set_redirect+0x670/0x670
[  555.391317][T20302]  ? selinux_inode_rmdir+0x22/0x30
[  555.396253][T20302]  ovl_rmdir+0x1a/0x20
[  555.400170][T20302]  vfs_rmdir+0x398/0x500
[  555.404237][T20302]  incfs_kill_sb+0x1b4/0x230
[  555.408665][T20302]  deactivate_locked_super+0xad/0x110
[  555.413889][T20302]  deactivate_super+0xbe/0xf0
[  555.418480][T20302]  cleanup_mnt+0x485/0x510
[  555.422747][T20302]  ? user_path_at_empty+0x14e/0x1a0
[  555.427776][T20302]  __cleanup_mnt+0x19/0x20
[  555.432037][T20302]  task_work_run+0x24d/0x2e0
[  555.436449][T20302]  ? task_work_cancel+0x2b0/0x2b0
[  555.441317][T20302]  ? __x64_sys_umount+0x122/0x170
[  555.446168][T20302]  exit_to_user_mode_loop+0x94/0xa0
[  555.451218][T20302]  exit_to_user_mode_prepare+0x5a/0xa0
[  555.456494][T20302]  syscall_exit_to_user_mode+0x26/0x140
[  555.461887][T20302]  do_syscall_64+0x49/0xb0
[  555.466219][T20302]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  555.471958][T20302] RIP: 0033:0x7f57a847e257
[  555.476194][T20302] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  555.495662][T20302] RSP: 002b:00007ffdd7620108 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  555.503895][T20302] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f57a847e257
[  555.511706][T20302] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdd76201c0
[  555.519521][T20302] RBP: 00007ffdd76201c0 R08: 0000000000000000 R09: 0000000000000000
[  555.527406][T20302] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdd7621270
[  555.535377][T20302] R13: 00007f57a84d96c6 R14: 0000000000087183 R15: 0000000000000017
[  555.543348][T20302]  </TASK>
[  555.546098][T20302] ---[ end trace 0000000000000000 ]---
[  555.552392][   T28] audit: type=1326 audit(2000000185.389:23484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa3e7cf29 code=0x7ffc0000
[  555.576567][   T28] audit: type=1326 audit(2000000185.389:23485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdfa3e7a6a7 code=0x7ffc0000
[  555.601487][   T28] audit: type=1326 audit(2000000185.389:23486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdfa3e40379 code=0x7ffc0000
[  555.625508][   T28] audit: type=1326 audit(2000000185.389:23487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdfa3e7cf29 code=0x7ffc0000
[  555.678975][T20053] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  555.699369][T20053] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.730194][T20053] usb 5-1: can't set config #1, error -71
[  555.741244][T20053] usb 5-1: USB disconnect, device number 53
[  555.918070][T20565] Invalid ELF section header overflow
[  557.004287][T20592] bridge0: port 1(bridge_slave_0) entered blocking state
[  557.013756][T20592] bridge0: port 1(bridge_slave_0) entered disabled state
[  557.020967][T20592] device bridge_slave_0 entered promiscuous mode
[  557.027817][T20592] bridge0: port 2(bridge_slave_1) entered blocking state
[  557.034715][T20592] bridge0: port 2(bridge_slave_1) entered disabled state
[  557.041808][T20592] device bridge_slave_1 entered promiscuous mode
[  557.079618][T20592] bridge0: port 2(bridge_slave_1) entered blocking state
[  557.086456][T20592] bridge0: port 2(bridge_slave_1) entered forwarding state
[  557.093554][T20592] bridge0: port 1(bridge_slave_0) entered blocking state
[  557.100457][T20592] bridge0: port 1(bridge_slave_0) entered forwarding state
[  557.119613][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  557.126935][T20053] bridge0: port 1(bridge_slave_0) entered disabled state
[  557.134122][T20053] bridge0: port 2(bridge_slave_1) entered disabled state
[  557.142983][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  557.150956][ T2474] bridge0: port 1(bridge_slave_0) entered blocking state
[  557.157779][ T2474] bridge0: port 1(bridge_slave_0) entered forwarding state
[  557.169938][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  557.177928][T20053] bridge0: port 2(bridge_slave_1) entered blocking state
[  557.184763][T20053] bridge0: port 2(bridge_slave_1) entered forwarding state
[  557.192188][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  557.207873][T20592] device veth0_vlan entered promiscuous mode
[  557.214182][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  557.222390][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  557.230106][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  557.237277][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  557.244597][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  557.256603][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  557.265427][T20592] device veth1_macvtap entered promiscuous mode
[  557.277701][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  557.286086][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  557.758861][T20613] loop4: detected capacity change from 0 to 512
[  558.032587][T20621] bridge0: port 1(bridge_slave_0) entered blocking state
[  558.039562][T20621] bridge0: port 1(bridge_slave_0) entered disabled state
[  558.046872][T20621] device bridge_slave_0 entered promiscuous mode
[  558.047660][T20623] loop1: detected capacity change from 0 to 8192
[  558.053974][T20621] bridge0: port 2(bridge_slave_1) entered blocking state
[  558.066310][T20621] bridge0: port 2(bridge_slave_1) entered disabled state
[  558.073466][T20621] device bridge_slave_1 entered promiscuous mode
[  558.118149][T20621] bridge0: port 2(bridge_slave_1) entered blocking state
[  558.125020][T20621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  558.132106][T20621] bridge0: port 1(bridge_slave_0) entered blocking state
[  558.138900][T20621] bridge0: port 1(bridge_slave_0) entered forwarding state
[  558.161546][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  558.169362][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  558.176762][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  558.189576][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  558.197515][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  558.204568][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  558.212381][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  558.220758][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  558.227636][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  558.242870][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  558.251733][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  558.265405][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  558.277661][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  558.285422][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  558.292665][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  558.301135][T20621] device veth0_vlan entered promiscuous mode
[  558.311541][T20621] device veth1_macvtap entered promiscuous mode
[  558.322089][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  558.340600][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  558.348855][  T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  558.364779][T20629] loop4: detected capacity change from 0 to 256
[  558.426877][T20629] loop4: detected capacity change from 0 to 512
[  558.479897][   T43] device bridge_slave_1 left promiscuous mode
[  558.485974][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  558.493652][   T43] device bridge_slave_0 left promiscuous mode
[  558.499797][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  558.507485][   T43] device veth1_macvtap left promiscuous mode
[  558.513399][   T43] device veth0_vlan left promiscuous mode
[  558.790450][T20643] loop1: detected capacity change from 0 to 256
[  558.790727][T20642] loop4: detected capacity change from 0 to 512
[  558.806815][T20643] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  558.817390][T20643] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  558.827767][T20643] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  558.838124][T20643] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  558.848175][T20643] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  558.858318][T20641] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  558.868736][T20643] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  558.879628][T20641] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  558.890667][T20643] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  558.900743][T20641] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  559.117560][T20653] overlayfs: missing 'lowerdir'
[  559.382551][T20656] input: syz0 as /devices/virtual/input/input82
[  559.509546][   T43] device bridge_slave_1 left promiscuous mode
[  559.516732][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.531789][   T43] device bridge_slave_0 left promiscuous mode
[  559.544284][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.559908][   T43] device veth1_macvtap left promiscuous mode
[  559.797046][T20662] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.804048][T20662] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.813011][T20662] device bridge_slave_0 entered promiscuous mode
[  559.814689][T20670] loop1: detected capacity change from 0 to 256
[  559.820120][T20662] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.832159][T20662] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.839991][T20662] device bridge_slave_1 entered promiscuous mode
[  559.869393][T20670] FAT-fs (loop1): Directory bread(block 64) failed
[  559.881110][T20670] FAT-fs (loop1): Directory bread(block 65) failed
[  559.887702][T20670] FAT-fs (loop1): Directory bread(block 66) failed
[  559.894134][T20670] FAT-fs (loop1): Directory bread(block 67) failed
[  559.900612][T20670] FAT-fs (loop1): Directory bread(block 68) failed
[  559.906979][T20670] FAT-fs (loop1): Directory bread(block 69) failed
[  559.913702][T20670] FAT-fs (loop1): Directory bread(block 70) failed
[  559.921837][T20670] FAT-fs (loop1): Directory bread(block 71) failed
[  559.928292][T20670] FAT-fs (loop1): Directory bread(block 72) failed
[  559.934678][T20670] FAT-fs (loop1): Directory bread(block 73) failed
[  560.025908][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  560.038311][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  560.071081][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  560.075240][T20684] loop2: detected capacity change from 0 to 256
[  560.082829][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  560.096533][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[  560.103427][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[  560.112982][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  560.119989][T20684] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  560.121315][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  560.130931][T20684] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  560.138989][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[  560.149054][T20684] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  560.155399][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[  560.165509][T20684] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  560.185187][T20683] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  560.195380][T20683] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  560.195832][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  560.205541][T20684] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  560.212952][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  560.222675][T20683] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  560.230416][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  560.698553][T20684] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  560.705148][T16779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  560.717619][T20684] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  560.737797][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  560.750450][T20662] device veth0_vlan entered promiscuous mode
[  560.757097][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  560.766175][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  560.799177][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  560.813861][T20662] device veth1_macvtap entered promiscuous mode
[  560.838330][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  560.846644][  T341] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  560.865071][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  561.053647][T20695] loop1: detected capacity change from 0 to 512
[  561.073927][T20695] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 256 (level 2)
[  561.076833][T20699] loop2: detected capacity change from 0 to 256
[  561.094387][T20695] EXT4-fs (loop1): 2 truncates cleaned up
[  561.100825][T20695] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  561.194229][T20699] loop2: detected capacity change from 0 to 512
[  561.229170][  T341] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  561.240015][  T341] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  561.249050][  T341] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  561.290817][T20592] EXT4-fs (loop1): unmounting filesystem.
[  561.385235][T20705] input: syz0 as /devices/virtual/input/input83
[  561.429042][  T341] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  561.441083][  T341] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.449241][  T341] usb 5-1: Product: syz
[  561.453281][  T341] usb 5-1: Manufacturer: syz
[  561.457762][  T341] usb 5-1: SerialNumber: syz
[  561.510493][  T341] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[  561.517226][  T341] cdc_ncm 5-1:1.0: bind() failure
[  561.862180][T20716] loop2: detected capacity change from 0 to 256
[  561.906353][T20716] FAT-fs (loop2): Directory bread(block 64) failed
[  561.934686][T20716] FAT-fs (loop2): Directory bread(block 65) failed
[  561.969184][T20716] FAT-fs (loop2): Directory bread(block 66) failed
[  561.978429][T20716] FAT-fs (loop2): Directory bread(block 67) failed
[  562.002654][T20716] FAT-fs (loop2): Directory bread(block 68) failed
[  562.019587][T20716] FAT-fs (loop2): Directory bread(block 69) failed
[  562.037623][T20716] FAT-fs (loop2): Directory bread(block 70) failed
[  562.055837][T20716] FAT-fs (loop2): Directory bread(block 71) failed
[  562.072804][T20716] FAT-fs (loop2): Directory bread(block 72) failed
[  562.090726][T20716] FAT-fs (loop2): Directory bread(block 73) failed
[  562.321775][T20724] loop1: detected capacity change from 0 to 256
[  562.335383][T20724] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  562.345563][T20724] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  562.355532][T20724] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  562.365510][T20724] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  562.370842][T20697] loop0: detected capacity change from 0 to 131072
[  562.375687][T20724] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  562.392087][T20723] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  562.402387][T20724] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  562.402486][T20697] F2FS-fs (loop0): Test dummy encryption mode enabled
[  562.413038][T20723] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  562.429523][T20724] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  562.439646][T20723] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  562.449974][T20697] F2FS-fs (loop0): invalid crc value
[  562.479753][T20697] F2FS-fs (loop0): Found nat_bits in checkpoint
[  562.545082][T20726] loop2: detected capacity change from 0 to 40427
[  562.548996][T20697] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  562.554172][T20726] F2FS-fs (loop2): Found nat_bits in checkpoint
[  562.607564][T20726] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  562.665733][T20302] syz-executor.2: attempt to access beyond end of device
[  562.665733][T20302] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  562.793877][T20741] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  562.814407][T20743] loop2: detected capacity change from 0 to 512
[  562.832244][T20743] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  562.841474][T20743] ext4 filesystem being mounted at /root/syzkaller-testdir3608779783/syzkaller.36LewO/50/file0 supports timestamps until 2038 (0x7fffffff)
[  562.934747][T20752] loop0: detected capacity change from 0 to 512
[  562.943084][T20752] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz-executor.0: invalid indirect mapped block 256 (level 2)
[  562.956996][T20752] EXT4-fs (loop0): 2 truncates cleaned up
[  562.962711][T20752] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  563.074613][T20662] EXT4-fs (loop0): unmounting filesystem.
[  563.201717][T20760] tipc: Failed to remove unknown binding: 66,1,1/0:2618625522/2618625524
[  563.364593][T16779] usb 5-1: USB disconnect, device number 54
[  563.532869][T20770] input: syz0 as /devices/virtual/input/input84
[  563.600803][T20773] input: syz0 as /devices/virtual/input/input85
[  563.691188][T20302] EXT4-fs (loop2): unmounting filesystem.
[  563.839871][T20783] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  563.859999][T20783] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  563.954235][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  563.966937][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  563.995154][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  564.004437][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  564.013653][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  564.033665][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  564.066010][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  564.090658][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  564.374686][T20797] loop4: detected capacity change from 0 to 512
[  564.416887][T20797] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz-executor.4: invalid indirect mapped block 256 (level 2)
[  564.443843][T20797] EXT4-fs (loop4): 2 truncates cleaned up
[  564.477692][T20797] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  564.501984][T20802] loop0: detected capacity change from 0 to 256
[  564.537536][T20802] FAT-fs (loop0): Directory bread(block 64) failed
[  564.548984][T20802] FAT-fs (loop0): Directory bread(block 65) failed
[  564.559313][T20802] FAT-fs (loop0): Directory bread(block 66) failed
[  564.565993][T20802] FAT-fs (loop0): Directory bread(block 67) failed
[  564.575828][T20802] FAT-fs (loop0): Directory bread(block 68) failed
[  564.582917][T20802] FAT-fs (loop0): Directory bread(block 69) failed
[  564.590065][T20802] FAT-fs (loop0): Directory bread(block 70) failed
[  564.594644][T20799] loop2: detected capacity change from 0 to 40427
[  564.596700][T20802] FAT-fs (loop0): Directory bread(block 71) failed
[  564.603697][T20799] F2FS-fs (loop2): Wrong segment_count / block_count (64 > 16384)
[  564.616931][T20799] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  564.625152][T20802] FAT-fs (loop0): Directory bread(block 72) failed
[  564.631626][T20802] FAT-fs (loop0): Directory bread(block 73) failed
[  564.639033][T20621] EXT4-fs (loop4): unmounting filesystem.
[  564.655565][T20799] F2FS-fs (loop2): Found nat_bits in checkpoint
[  564.700738][T20799] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  564.707685][T20799] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  564.735054][T20799] syz-executor.2: attempt to access beyond end of device
[  564.735054][T20799] loop2: rw=2049, sector=53248, nr_sectors = 544 limit=40427
[  564.756126][T20799] syz-executor.2: attempt to access beyond end of device
[  564.756126][T20799] loop2: rw=2049, sector=77824, nr_sectors = 544 limit=40427
[  564.781678][T20302] syz-executor.2: attempt to access beyond end of device
[  564.781678][T20302] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  564.796238][T20302] syz-executor.2: attempt to access beyond end of device
[  564.796238][T20302] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  564.830008][    T8] kworker/u4:0: attempt to access beyond end of device
[  564.830008][    T8] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  564.984864][T20825] input: syz0 as /devices/virtual/input/input86
[  565.025760][T20830] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  565.033784][T20830] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  565.054663][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  565.065096][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  565.082200][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  565.090317][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  565.099925][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  565.108056][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  565.114464][T20833] loop4: detected capacity change from 0 to 512
[  565.118760][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  565.123943][T20833] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz-executor.4: invalid indirect mapped block 256 (level 2)
[  565.130271][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  565.143746][T20833] EXT4-fs (loop4): 2 truncates cleaned up
[  565.156437][T20833] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  565.236847][T20842] loop0: detected capacity change from 0 to 256
[  565.238395][T20831] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.250885][T20831] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.253658][T20842] FAT-fs (loop0): Directory bread(block 64) failed
[  565.258274][T20831] device bridge_slave_0 entered promiscuous mode
[  565.264504][T20842] FAT-fs (loop0): Directory bread(block 65) failed
[  565.271392][T20621] EXT4-fs (loop4): unmounting filesystem.
[  565.276685][T20842] FAT-fs (loop0): Directory bread(block 66) failed
[  565.288570][T20842] FAT-fs (loop0): Directory bread(block 67) failed
[  565.294902][T20842] FAT-fs (loop0): Directory bread(block 68) failed
[  565.301312][T20842] FAT-fs (loop0): Directory bread(block 69) failed
[  565.307705][T20842] FAT-fs (loop0): Directory bread(block 70) failed
[  565.314039][T20842] FAT-fs (loop0): Directory bread(block 71) failed
[  565.314300][T20831] bridge0: port 2(bridge_slave_1) entered blocking state
[  565.320373][T20842] FAT-fs (loop0): Directory bread(block 72) failed
[  565.333726][T20842] FAT-fs (loop0): Directory bread(block 73) failed
[  565.334073][T20831] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.347474][T20831] device bridge_slave_1 entered promiscuous mode
[  565.396285][T20850] loop1: detected capacity change from 0 to 2048
[  565.416595][T20850] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  565.427835][   T28] kauditd_printk_skb: 831 callbacks suppressed
[  565.427851][   T28] audit: type=1400 audit(2000000195.269:24319): avc:  denied  { append } for  pid=20849 comm="syz-executor.1" name="loop1" dev="devtmpfs" ino=469 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  565.434125][T20592] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  565.472541][T20592] EXT4-fs error (device loop1): __ext4_iget:5046: inode #13: block 127754: comm syz-executor.1: invalid block
[  565.484474][T20592] EXT4-fs error (device loop1): __ext4_iget:5046: inode #13: block 127754: comm syz-executor.1: invalid block
[  565.517398][T20831] bridge0: port 2(bridge_slave_1) entered blocking state
[  565.524253][T20831] bridge0: port 2(bridge_slave_1) entered forwarding state
[  565.531327][T20831] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.538121][T20831] bridge0: port 1(bridge_slave_0) entered forwarding state
[  565.561750][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  565.571577][T20592] EXT4-fs (loop1): unmounting filesystem.
[  565.574386][T20858] input: syz0 as /devices/virtual/input/input87
[  565.583673][   T24] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.597613][   T24] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.611185][   T43] device bridge_slave_1 left promiscuous mode
[  565.617780][T20860] tipc: Failed to remove unknown binding: 66,1,1/0:439736487/439736489
[  565.625907][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.638771][   T43] device bridge_slave_0 left promiscuous mode
[  565.645185][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.653568][   T43] device veth1_macvtap left promiscuous mode
[  565.659466][   T43] device veth0_vlan left promiscuous mode
[  565.779018][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  565.786933][ T2758] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.793857][ T2758] bridge0: port 1(bridge_slave_0) entered forwarding state
[  565.801091][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  565.809095][ T2758] bridge0: port 2(bridge_slave_1) entered blocking state
[  565.815919][ T2758] bridge0: port 2(bridge_slave_1) entered forwarding state
[  565.823101][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  565.830843][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  565.871800][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  565.880732][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  565.889468][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  565.897412][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  565.908595][T20831] device veth0_vlan entered promiscuous mode
[  565.954335][T20865] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.961718][T20865] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.969082][T20865] device bridge_slave_0 entered promiscuous mode
[  565.976401][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  565.983936][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  565.991952][T20865] bridge0: port 2(bridge_slave_1) entered blocking state
[  565.998831][T20865] bridge0: port 2(bridge_slave_1) entered disabled state
[  566.006083][T20865] device bridge_slave_1 entered promiscuous mode
[  566.035267][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  566.045638][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  566.082714][T20831] device veth1_macvtap entered promiscuous mode
[  566.204076][T16779] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  566.216666][T16779] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  566.226277][T16779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  566.243447][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  566.251932][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  566.282412][T20881] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  566.316105][T20053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  566.336270][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  566.344311][T16778] bridge0: port 1(bridge_slave_0) entered blocking state
[  566.351431][T16778] bridge0: port 1(bridge_slave_0) entered forwarding state
[  566.358627][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  566.367081][T16778] bridge0: port 2(bridge_slave_1) entered blocking state
[  566.373931][T16778] bridge0: port 2(bridge_slave_1) entered forwarding state
[  566.381531][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  566.398003][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  566.405812][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  566.419422][T16778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  566.430635][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  566.438406][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  566.445921][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  566.456438][T20865] device veth0_vlan entered promiscuous mode
[  566.466786][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  566.478088][T20865] device veth1_macvtap entered promiscuous mode
[  566.489831][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  566.498286][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  566.517558][T20893] loop1: detected capacity change from 0 to 256
[  566.526053][T20893] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  566.536057][T20893] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  566.546545][T20893] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  566.556547][T20893] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  566.567421][T20893] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  566.578763][T20892] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  566.584054][T20898] input: syz0 as /devices/virtual/input/input88
[  566.588819][T20893] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  566.605414][T20892] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  566.615493][T20892] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  566.626076][T20893] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  566.890777][   T43] device bridge_slave_1 left promiscuous mode
[  566.896753][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  566.904775][   T43] device bridge_slave_0 left promiscuous mode
[  566.910959][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  566.919238][   T43] device veth1_macvtap left promiscuous mode
[  566.925214][   T43] device veth0_vlan left promiscuous mode
[  566.930930][T16778] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  567.420075][T20923] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  567.431825][T20923] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  567.440157][T20923] CPU: 0 PID: 20923 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00010-gc0618d182a9c #0
[  567.451613][T20923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  567.461503][T20923] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0
2033/05/18 03:36:37 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  567.467578][T20923] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 ac 07 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 f1 04 25 00 48 89 5c 24 18 4c 8b
[  567.487026][T20923] RSP: 0018:ffffc90000ab76c0 EFLAGS: 00010246
[  567.492926][T20923] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
[  567.500736][T20923] RDX: ffffc900083ff000 RSI: 0000000000000414 RDI: 0000000000000415
[  567.508548][T20923] RBP: ffffc90000ab7818 R08: 0000000000000005 R09: ffffffff8411e3d3
[  567.516360][T20923] R10: 0000000000000004 R11: ffff888143ca1440 R12: dffffc0000000000
[  567.524172][T20923] R13: ffff88812b4478c0 R14: 1ffff92000156ee4 R15: 0000000000000000
[  567.531984][T20923] FS:  00007f706a46d6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  567.540749][T20923] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  567.547171][T20923] CR2: 0000000020010000 CR3: 000000013eff7000 CR4: 00000000003506b0
[  567.554985][T20923] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000
[  567.562796][T20923] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[