Extracting prog: 5m12.003928787s
Minimizing prog: 48m9.896638732s
Simplifying prog options: 0s
Extracting C: 1m56.565939318s
Simplifying C: 12m31.889582763s


extracting reproducer from 30 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 5, 7, 15, 12, 10, 9, 9, 4, 2, 5, 11, 8, 7, 3, 17, 11, 4, 3, 19, 27, 7, 5, 2, 4, 8, 6, 4, 21, 4]
detailed listing:
executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x7cb641, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000006c0)={0x0}}, 0x40094)
recvmmsg(r3, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000040)=""/40, 0x28}, {&(0x7f0000000540)=""/189, 0xbd}, {&(0x7f0000002ac0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/74, 0x4a}], 0x4}, 0x5f}], 0x1, 0x10022, 0x0)
executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002100)=@newtaction={0x894, 0x30, 0x12f, 0x0, 0x0, {}, [{0x880, 0x1, [@m_police={0x87c, 0x1, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80000000, 0x0, 0x5, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x5, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0xfffffffc, 0xb, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x5, 0x0, 0x3, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x6, 0xffffffff, 0x7f, 0x401, 0x2, 0x0, 0x2, 0x80000000, 0x7fffffff, 0x5, 0x8, 0x0, 0x7fff, 0x75ba, 0x7fffffff, 0x5, 0xffffffff, 0x7ff, 0x2, 0x9, 0x2, 0x0, 0x1000, 0x1, 0x3, 0x6, 0x0, 0xfa, 0x4, 0x0, 0xf, 0x80000001, 0x7, 0xfffffffb, 0x1, 0x20, 0x5, 0x8, 0x1, 0x2f2, 0x7fff, 0x0, 0x81, 0x206, 0x1ff, 0x7, 0x3, 0x5, 0x3, 0x9, 0x1000, 0x401, 0x1, 0x6, 0x7, 0x2, 0x4, 0x7f, 0x5, 0xfffffffb, 0x1, 0x4, 0x5, 0x8, 0x2000009, 0x9, 0x10, 0x9, 0x7, 0xffffff00, 0x97, 0x0, 0x4, 0x8, 0x8, 0x1, 0x958, 0x1fe, 0x4, 0x6, 0x7, 0x80, 0x5, 0xe53, 0x0, 0xfffffffe, 0x4, 0x8, 0x9, 0x7fff, 0x30, 0x8, 0xfffffff7, 0x4, 0x9, 0x1, 0x4, 0x7, 0x9, 0x5, 0x7, 0x6, 0x0, 0x5, 0x2, 0x7, 0x3, 0xcdd, 0x2, 0xd67, 0x7, 0x4, 0x25, 0x9dc5, 0x7, 0xfffffff7, 0x2, 0x400, 0x8, 0x0, 0x7, 0x5, 0x9, 0xa, 0xa, 0x9, 0x5, 0xdb5, 0x101, 0x4, 0x74e4, 0x7fff, 0x7, 0x7ff, 0x1, 0xd70, 0x1, 0x8, 0x8, 0x800007, 0x1, 0x82, 0x52e, 0x7, 0x1, 0x5, 0x26, 0x1, 0x1b2a, 0x81, 0x9, 0x1c, 0x767, 0x7, 0x9, 0x10, 0xc2a, 0xff, 0x7, 0x6, 0x7, 0x3, 0xfffffff4, 0x8, 0x3, 0xfff, 0x8, 0x2, 0x5, 0x6, 0x3, 0xd7c3, 0x2, 0x10000, 0x7fff, 0x5, 0x5, 0x0, 0xfffffff7, 0x4, 0x2, 0x0, 0x6ee1847d, 0x10001, 0x7ff, 0x1, 0xf0, 0x7, 0x2, 0x7, 0x4, 0x6, 0x4, 0x7, 0x2, 0x0, 0x1, 0x4, 0x3, 0xfff, 0x80000001, 0x7, 0x676, 0x3, 0x9, 0x4, 0x4, 0x7fff, 0x4a5, 0x23, 0x4, 0x9, 0x8, 0x4000000, 0x8000, 0xa, 0x9, 0xca000000, 0x3, 0xfffffffa, 0x3, 0x7, 0x9, 0x7, 0x65fe, 0x9, 0x6, 0x4, 0x80000000, 0x5, 0x801, 0xb848, 0x6, 0x6, 0x800, 0x7, 0x1, 0xb, 0x80, 0x2, 0x3, 0x6, 0x9, 0x4, 0x4, 0xc, 0x80000001, 0x5, 0x5, 0x10000002, 0xb, 0x7, 0x5, 0x2, 0x4]}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x9}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x1, 0x7, 0x4, 0x1, {0x7, 0x0, 0x3, 0x7, 0x7, 0x80000001}, {0x4, 0x2, 0x1, 0xa, 0x1ff, 0x1c0000}, 0x9, 0xbc, 0xdf72c67}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x894}}, 0x0)
executing program 1:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1004}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1, 0x0, 0x5}, 0x18)
r2 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x8, 0x0, 0x401}, 0xc)
setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000080)=0xc, 0x4)
executing program 1:
r0 = socket(0x10, 0x803, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2642, 0x0)
writev(r2, &(0x7f0000000180)=[{&(0x7f0000000040)="93d90400000300", 0x7}, {&(0x7f0000000c00)="0500000000029e", 0x7}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
prlimit64(0x0, 0xe, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc)
mlock2(&(0x7f0000495000/0x2000)=nil, 0x2000, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg(r3, 0x0, 0x4000884)
syz_genetlink_get_family_id$nl80211(0x0, r0)
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x7cb641, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000006c0)={0x0}}, 0x40094)
recvmmsg(r3, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000040)=""/40, 0x28}, {&(0x7f0000000540)=""/189, 0xbd}, {&(0x7f0000002ac0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/74, 0x4a}], 0x4}, 0x5f}], 0x1, 0x10022, 0x0)
executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0xc, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000280), 0x84, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x1c}, 0x1c}}, 0x0)
executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = gettid()
process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
stat(&(0x7f0000002580)='./file1\x00', &(0x7f00000025c0))
getresgid(&(0x7f0000005d00), 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x8, &(0x7f000001fa80), 0x8}, 0x94)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x1c, 0x13, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}]}, 0x1c}}, 0x24004050)
executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000080008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000400000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000018c0000000c0a01030000000000000000070000080900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b802c0001800a0001"], 0x110}}, 0x0)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0xfffffffc)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', <r4=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r4, @ANYBLOB="b4000280b0000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880)
executing program 3:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x2, 0xbfdffffc}, 0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r1, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0, 0x2, 0x1, {0x1}})
io_uring_enter(r2, 0x47f6, 0x0, 0x4, 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]})
ioctl$BTRFS_IOC_BALANCE_CTL(r0, 0x40049421, 0x2)
close_range(r4, 0xffffffffffffffff, 0x0)
executing program 4:
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$inet(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0)
sendmsg$tipc(r1, &(0x7f0000002700)={0x0, 0x0, 0x0}, 0x0)
recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
executing program 4:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aac020000060a0b040000000000000000020000003c020480380201800a0001006d6174636800000028020280080002400000000114020300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbad362baa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657eb"], 0x2d4}}, 0x4048010)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="480000001200ffffff7f00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800e00010069703667726574617000"], 0x48}}, 0x0)
executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000094ae94405f0520c4336a0000000109021200010000000009"], 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000004c0)='./file0\x00', 0x3000046, &(0x7f0000000140), 0x1, 0x558, &(0x7f0000001600)="$eJzs3d9rW1UcAPDvTX/sJ66DMVRECntwMpdurT8m+DAfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EN/13cfhP+BfMdDBkFH0wZfITW66bE3arMuWbvl84JZzcm9y7vfe+z09NychAQytyexPIeKViPg2iTgQEUm+bjTylZPN7dbuX53NliTq9c/+ThrbZfXWa7Wety+vvBwRv38dcaywsd3qyupCqVxOlyJOZ/Wp2uKlqerK6vELi6X5dD69OD0zc+qdmen333u3b7G+efbfHz69/dGpb46sff/r3YM3kzgd+/N17XE8gWvtlcmYzI/JWDPINif70NhOkgx6B9iWkTzPxyLrAw7ESJ71wIvvq4ioA0Mqkf8wpFrjgNa9fZ/ug58b9z5s3gBtjH+0+d5I7G7cG+1dSx66M8rudyf60H7Wxm9/3bqZLdG/9yEAtnTtekScGB3d2P8lef+3fSd62ObRNvR/8OzczsY/b3Ua/xTWxz/RYfyzr0PubsfW+V+424dmusrGfx90HP+uT1pNjDRrI3k9OX+hnGZ920sRcTTGdmX1zeZzTq3dqXdb1z7+y5as/dZYMN+Pu6O7Hn7OXKlW2m68j7p3PeLVjuPfZP38Jx3Of3Z0zvbYxuH01uvd1m0d/9NV/znijY7n/8GMVrL5/ORU43qYal0VG/1z4/Af3dofdPzZ+d+7efwTSft8bfXx2/hp939pt3UPxR+9X//jyeeN8nj+2JVSrbZ0MmI8+WTj49MPnnul1Hqx5vZZ/EePbN7/dbr+90TEFz3Gf+PQL6/1FP+Azv/cY53/xy/c+fjLH7u131v/93ajdDR/pJf+r9cdfJJjBwAAAAAAADtNISL2R1IorpcLhWKx+fmOQ7G3UK5Ua8fOV5YvzkXju7ITMVZozXQfaNaT1ucfJtrq44/UZyLiYER8N7KnUS/OVspzgw4eAAAAAAAAAAAAAAAAAAAAdoh9Xb7/n/lzZNB7Bzx1fvIbhteW+d+PX3oCdiT//2F4yX8YXvIfhpf8h+El/2F4yX8YXvIfhpf8BwAAAAAAAAAAAAAAAAAAAAAAAAAAgL46e+ZMttTX7l+dzepzl1eWFyqXj8+l1YXi4vJscbaydKk4X6nMl9PibGVxq9crVyqXTk7H8pWpWlqtTVVXVs8tVpYv1s5dWCzNp+fSsWcSFQAAAAAAAAAAAAAAAAAAADxfqiurC6VyOV1SUNhWYXRn7MaLVYgY+G4MumcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAf+DwAA//8KqDRV")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
syz_io_uring_setup(0x186, &(0x7f0000000180)={0x0, 0xe3f9, 0x13100, 0x3}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {}, 0x1})
timer_settime(0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000040)={'erspan0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x80, 0x80, 0x7, 0x6, {{0x5, 0x4, 0x1, 0x4, 0x14, 0x67, 0x0, 0x3, 0x2f, 0x0, @loopback, @loopback}}}})
getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000140)={@local, @dev}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x0)
executing program 4:
r0 = epoll_create1(0x0)
r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f0000000040)='GPL\x00'}, 0x94)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000140)={@cgroup=r1, r2, 0x11, 0x0, r1}, 0x11)
executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x11)
ioctl$FIONREAD(r0, 0x541b, 0x0)
executing program 4:
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
syz_open_dev$I2C(&(0x7f00000000c0), 0x79, 0x40080)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_io_uring_setup(0xec5, &(0x7f0000000380)={0x0, 0x0, 0x1000, 0x10000000, 0xffffffff}, 0x0, &(0x7f0000000340))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
fallocate(r0, 0x23, 0x3, 0x7f)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r2 = memfd_create(&(0x7f0000000480)='y\x105\x14\xf8u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\x15]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xb4\x95\xd1\xc8s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV\x06\xee\x91\'\xae\x9c\x06\xb2\xd4\xfa,\xc0\xca\xd90$\xd7\xfe\xae\xddf?$\xb1\xeeE\b\xbc\xd1[\xd5tO`Z\x15 1\v\xa6\xd0[K!+>,FE\x10\t\xbb\x90Jj\xb8{', 0x2)
ftruncate(r2, 0x400ffff)
fcntl$addseals(r2, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000100)={r2, 0x0, 0x0, 0x1000000})
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x1, &(0x7f00000010c0)={0x2, 0x4e23, @private=0xa010100}, 0x10)
r3 = socket(0x2, 0x80805, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r5=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f00000000c0)={r5, 0xa}, 0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={r5, 0x10, &(0x7f0000001140)=[@in={0x2, 0x4e24, @loopback}]}, &(0x7f0000000180)=0x10)
getsockopt$bt_hci(r3, 0x84, 0x3, &(0x7f0000000000)=""/4102, &(0x7f0000001080)=0x1006)
r6 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r6, 0x114, 0x1d, 0x0, 0x0)
r7 = io_uring_setup(0xf08, 0x0)
r8 = socket(0x10, 0x3, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
io_setup(0x6, &(0x7f0000004680)=<r10=>0x0)
r11 = eventfd2(0x7ff, 0x801)
io_submit(r10, 0x2, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x499, r9, 0x0, 0x0, 0x62, 0x0, 0x1, r11}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x6, r9, &(0x7f0000000180)="f6", 0x1, 0x7fffffffffffffff}])
sendmsg$nl_generic(r8, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_NAPI(r7, 0x1c, 0x0, 0x1)
executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000200), &(0x7f0000000280)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0xa010101}, 0x10, 0x0}, 0x0)
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000200)={[{@quota}, {@debug}]}, 0x1, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000700)={0x0, 0x2904c, 0x1, 0x10003, '\x00', [{0x0, 0x0, 0x700, 0x7}, {0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x40000000000000}], ['\x00']})
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x24, 0x2b, 0xb, 0x0, 0x0, {0x9}, [@nested={0x10, 0x1, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x24}}, 0x0)
executing program 4:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val={'init_itable', 0x3d, 0x7ff}}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x66}}, {@user_xattr}, {@nolazytime}, {@quota}]}, 0x3, 0x43d, &(0x7f0000002200)="$eJzs28tvG0UYAPBv7aRt+iChKo+mBQIFEfFImrSUHriAQOIAEhIcyjHkUYW6DWqCRKsIAkLliCpxRxyR+As4wQUBJySucEeVKpRLCyejtXcT27HzqlOH+veTtp3ZHWvm8+5nz+7EAXStofSfJOJgRPwREf3Van2Doep/t5cXJ/9ZXpxMolx++++k0u7W8uJk3jR/3YG80hNR+DyJY036nb9y9cJEqTR9OauPLlz8YHT+ytXnZy9OnJ8+P31p/OzZ06fGXjwz/sKm4ujZ4Hga163Bj+eOH3393etvTp67/t4v3yV5/A1xtMnQegefKpcrb1LS5k475VBNOdnoZLBrFLPc6a3kf38UazKpP177rKODA3ZUuVwuP9j68FIZuIcl0ekRAJ2Rf9Gn97/51nI2sK/t04+Ou/ly9QYojft2tlWP9EQha9PbcH/bTkMRcW7p36/TLXbmOQQAQJ0f0vnPc83mf4WofS50X7aGMhAR90fE4Yg4ExFHIuKBiErbhyLi4S3237hIsnb+U7ixrcA2KZ3/vZStbdXP//LZXwwUs9qhSvy9ycxsafpk9p4MR+/etD62Th8/vvr7l62O1c7/0i3tP58LZuO40bO3/jVTEwsTdxJzrZufRgz2NIs/WVkJSCLiaEQMbrOP2We+Pd7q2Mbxr6MN60zlbyKerp7/pWiIP5esvz45ui9K0ydH86tirV9/u/ZWq/7vKP42SM///qbX/0r8A0nteu381vu49ucXLe9ptnv970neqdv30cTCwuWxiD3JG9VB1+4fb2g3vto+jX/4RPP8Pxyr78SxiEgv4kci4tGIeCwb++MR8UREnFgn/p9fefL97ce/s9L4p7Z0/lcLe6JxT/NC8cJP39d1OrCV+NPzf7pSGs72bObzbzPj2t7VDAAAAP8/hYg4GElhZKVcKIyMVP+G/0jsL5Tm5heenZn78NJU9TcCA9FbyJ909dc8Dx3Lbuvz+nhD/VT23PirYl+lPjI5V5rqdPDQ5Q60yP/UX8VOjw7YcX6vBd1L/kP3kv/QveQ/dK8m+d/XiXEAd1+z7/9POjAO4O5ryH/LftBF3P9D95L/0L3kP3Sl+b7Y+EfyCgprClHYFcPICzO7Yxj3TqHTn0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5dn5s8=")
r0 = open(&(0x7f0000000000)='./file2\x00', 0x147842, 0x1ef)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
preadv2(r0, &(0x7f0000000d80)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0x1, 0x0, 0x0, 0x1b)
executing program 2:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x2, 0xbfdffffc}, 0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r1, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0, 0x2, 0x1, {0x1}})
io_uring_enter(r2, 0x47f6, 0x0, 0x4, 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]})
ioctl$BTRFS_IOC_BALANCE_CTL(r0, 0x40049421, 0x2)
close_range(r4, 0xffffffffffffffff, 0x0)
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000640)=ANY=[@ANYBLOB="fc0000001900010027bd700000000000e0000002000000000000000000000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000000000000080400002000000000000080000000000000000000100000000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff0000000000000000000000000200000004"], 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=ANY=[@ANYBLOB="a00000002100010000000000f6fffffffb0200000000000000000000000000006401010200000000000000000000000000000002000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="040000000000000050001100ac1414aa000000000000000000000000ffffffff000000000000000000000000e0000002000000000000000000000000fe8000000000000000000000000000aa3c040000020000000a"], 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7ffc1ffb}]})
writev(0xffffffffffffffff, 0x0, 0x0)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYRES64=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r2, 0x0, 0x7}, 0x18)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0xa00, 0xb)
r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000140)={r3, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "280991800000598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f000000155cc30cf11d0bc000", [0x4, 0x40000000000000]}})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r6 = memfd_secret(0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r7, r6, 0x2e, 0x4608, @void}, 0x10)
close_range(r7, 0xffffffffffffffff, 0x0)
executing program 3:
r0 = epoll_create1(0x0)
r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000040)='GPL\x00'}, 0x94)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000140)={@cgroup=r1, r2, 0x11, 0x0, r1}, 0x11)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program crashed: WARNING in ovl_copy_up_file
single: successfully extracted reproducer
found reproducer with 6 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
program crashed: WARNING in ovl_copy_up_file
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
program crashed: WARNING in ovl_copy_up_file
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
program crashed: WARNING in ovl_copy_up_file
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
program crashed: WARNING in ovl_copy_up_file
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
program crashed: WARNING in ovl_copy_up_file
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
program crashed: WARNING in ovl_copy_up_file
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
program crashed: WARNING in ovl_copy_up_file
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
program crashed: WARNING in ovl_copy_up_file
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program crashed: WARNING in ovl_copy_up_file
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program crashed: WARNING in ovl_copy_up_file
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$squashfs-mkdirat-mkdirat-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e642c0042742d8d5224fcca151088a9b7d04697c677c35700ad775f9ee1ae34b796b23373b3e00423b045d36ecccd4c1eaec2f355610ffff6fefb6c2c10025111e6b245d3564424ccdd6aa0a2d64ff8205926329ad3a32794c60c193afe8024cab7e5f4353fab45117b67"], 0x0, 0x188, &(0x7f0000000540)="$eJzsVb9OOkEQ/pZbDn6/wlgbEwuJQiEchxo7rQwP4ANI4ETi4R+ORCEUZ8V72PAaFr6DhcYGC2NigbXmzO7OnUuvBpL9kuWb+XZnZ3bDzR4HF0EGwOdkUMceJCws4IExcAArTGn7GcWvtuIi+S9ccYH0G+JH4qDXP6n5vtf5ReMvchhj/o2IzUQZs2TAUp/prNTzw8a3u3udwpvsZfeTQV0YhwCiKIqE1lCD6WvEzdxpa5a4HMxClKwRzU846wBK3fZ5Kej1N1rtWtNreqeuW9l2Nh1nyy0dtXzPUb9MS5FSlw/BBQCip/7T5tMAnqjB/lf0QSEybVwazTMVm5axttac86uYQkqLjZnhNslLvV3+OQ6whiyAy5Bpak7uwiGPVAWDRU6Za/WpXFk5Uayf+Y0hGFgcNgJP9iiPkU4cV3cqO2Fc9pA4R1wlHhGPieM3K36LuNzhmbx8CNi4qnW7nbKQlJVobqK5i6F+YSLruz19uOUMDAwMDAwMDAzmDF8BAAD//5ETX+k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program crashed: WARNING in ovl_copy_up_file
validation run: crashed=true
reproducing took 1h14m9.265692174s
repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 8
------------[ cut here ]------------
WARNING: fs/overlayfs/copy_up.c:276 at ovl_copy_up_file+0x63b/0x690 fs/overlayfs/copy_up.c:276, CPU#1: syz.0.17/6038
Modules linked in:
CPU: 1 UID: 0 PID: 6038 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:ovl_copy_up_file+0x63b/0x690 fs/overlayfs/copy_up.c:276
Code: e9 2d ff ff ff e8 75 e8 89 fe 49 bc 00 00 00 00 00 fc ff df e9 14 ff ff ff e8 61 e8 89 fe 90 0f 0b 90 eb 09 e8 56 e8 89 fe 90 <0f> 0b 90 41 bd fb ff ff ff 48 8b 5c 24 10 e9 92 fb ff ff e8 4d d2
RSP: 0018:ffffc90003677020 EFLAGS: 00010293
RAX: ffffffff83366e7a RBX: ffffc900036770a0 RCX: ffff888030691e40
RDX: 0000000000000000 RSI: fc0000000000000a RDI: 0000000000000000
RBP: ffffc90003677150 R08: ffffc900036770af R09: 0000000000000000
R10: ffffc900036770a0 R11: fffff520006cee16 R12: dffffc0000000000
R13: fc0000000000000a R14: ffff888029654e00 R15: ffff88805985ea48
FS:  000055556ee2b500(0000) GS:ffff888125b03000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 000000005f3ea000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:885 [inline]
 ovl_do_copy_up fs/overlayfs/copy_up.c:999 [inline]
 ovl_copy_up_one fs/overlayfs/copy_up.c:1202 [inline]
 ovl_copy_up_flags+0x166a/0x3170 fs/overlayfs/copy_up.c:1257
 ovl_open+0x138/0x2f0 fs/overlayfs/file.c:211
 do_dentry_open+0x953/0x13f0 fs/open.c:965
 vfs_open+0x3b/0x340 fs/open.c:1097
 do_open fs/namei.c:3975 [inline]
 path_openat+0x2ee5/0x3830 fs/namei.c:4134
 do_filp_open+0x1fa/0x410 fs/namei.c:4161
 do_sys_openat2+0x121/0x1c0 fs/open.c:1437
 do_sys_open fs/open.c:1452 [inline]
 __do_sys_openat fs/open.c:1468 [inline]
 __se_sys_openat fs/open.c:1463 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1463
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fad4138eec9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd4d6926f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fad415e5fa0 RCX: 00007fad4138eec9
RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c
RBP: 00007fad41411f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fad415e5fa0 R14: 00007fad415e5fa0 R15: 0000000000000004
 </TASK>

final repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 8
------------[ cut here ]------------
WARNING: fs/overlayfs/copy_up.c:276 at ovl_copy_up_file+0x63b/0x690 fs/overlayfs/copy_up.c:276, CPU#1: syz.0.17/6038
Modules linked in:
CPU: 1 UID: 0 PID: 6038 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:ovl_copy_up_file+0x63b/0x690 fs/overlayfs/copy_up.c:276
Code: e9 2d ff ff ff e8 75 e8 89 fe 49 bc 00 00 00 00 00 fc ff df e9 14 ff ff ff e8 61 e8 89 fe 90 0f 0b 90 eb 09 e8 56 e8 89 fe 90 <0f> 0b 90 41 bd fb ff ff ff 48 8b 5c 24 10 e9 92 fb ff ff e8 4d d2
RSP: 0018:ffffc90003677020 EFLAGS: 00010293
RAX: ffffffff83366e7a RBX: ffffc900036770a0 RCX: ffff888030691e40
RDX: 0000000000000000 RSI: fc0000000000000a RDI: 0000000000000000
RBP: ffffc90003677150 R08: ffffc900036770af R09: 0000000000000000
R10: ffffc900036770a0 R11: fffff520006cee16 R12: dffffc0000000000
R13: fc0000000000000a R14: ffff888029654e00 R15: ffff88805985ea48
FS:  000055556ee2b500(0000) GS:ffff888125b03000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 000000005f3ea000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:885 [inline]
 ovl_do_copy_up fs/overlayfs/copy_up.c:999 [inline]
 ovl_copy_up_one fs/overlayfs/copy_up.c:1202 [inline]
 ovl_copy_up_flags+0x166a/0x3170 fs/overlayfs/copy_up.c:1257
 ovl_open+0x138/0x2f0 fs/overlayfs/file.c:211
 do_dentry_open+0x953/0x13f0 fs/open.c:965
 vfs_open+0x3b/0x340 fs/open.c:1097
 do_open fs/namei.c:3975 [inline]
 path_openat+0x2ee5/0x3830 fs/namei.c:4134
 do_filp_open+0x1fa/0x410 fs/namei.c:4161
 do_sys_openat2+0x121/0x1c0 fs/open.c:1437
 do_sys_open fs/open.c:1452 [inline]
 __do_sys_openat fs/open.c:1468 [inline]
 __se_sys_openat fs/open.c:1463 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1463
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fad4138eec9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd4d6926f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fad415e5fa0 RCX: 00007fad4138eec9
RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c
RBP: 00007fad41411f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fad415e5fa0 R14: 00007fad415e5fa0 R15: 0000000000000004
 </TASK>