Extracting prog: 7m24.445857157s
Minimizing prog: 18m31.084453166s
Simplifying prog options: 0s
Extracting C: 29.710487005s
Simplifying C: 7m44.964407092s


extracting reproducer from 18 programs
testing a last program of every proc
single: executing 4 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-pwrite64-getsockopt$inet6_IPV6_IPSEC_POLICY-ioctl$PAGEMAP_SCAN-openat$null-getsockopt$inet_IP_XFRM_POLICY-read$snapshot-ioctl$sock_FIOGETOWN-syz_open_procfs-getsockopt-syz_genetlink_get_family_id$ethtool-sendmsg$ETHTOOL_MSG_FEATURES_GET-creat-ioctl$NILFS_IOCTL_GET_BDESCS-socket-ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL-ioctl$sock_SIOCGIFCONF-openat$ttyS3-ioctl$KDGETLED-ioctl$OCFS2_IOC_RESVSP64-ioctl$KVM_GET_REG_LIST-ioctl$KVM_TPR_ACCESS_REPORTING-ioctl$KVM_CREATE_VM-syz_kvm_setup_cpu$x86-setsockopt$CAN_RAW_FILTER-openat$binfmt_register-fadvise64-fallocate-setsockopt$inet_MCAST_MSFILTER-bind$bt_hci
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x5, 0x6)
pwrite64(r0, &(0x7f0000000000)="a3d5d63b6318090c88cffe7f2935d1f0af4b92dd4992f68dccc350e5ac2e6f98e8121e93c23c24eaf5594aec267ed931149ef343448787bb2d95bb980c36ce5a1af541fe1a9aaf2d7539ea83379c428e480f62622e4dd484f159a276c07c43556567b9c491a8c09c661e132f97476f676f9f195541e0e74258d84af97b936e5dc697e0de48af318a6566db2ac3a2b5aaf4367916a42162d987ae", 0x9a, 0x6)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000000c0)={{{@in=@multicast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@private0}, 0x0, @in6=@mcast2}}, &(0x7f00000001c0)=0xe8)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000280)={0x60, 0x2, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f0000000200)=[{0x6, 0x87, 0x2}, {0x8, 0x8000000000000000, 0x249}, {0x10000, 0x1, 0x81}], 0x3, 0x6, 0x1a, 0x20, 0x4b})
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000340)={{{@in=@dev}}, {{@in=@private}, 0x0, @in6=@remote}}, &(0x7f0000000440)=0xe8)
read$snapshot(r2, &(0x7f0000000480)=""/4096, 0x1000)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000001480)=<r3=>0x0)
r4 = syz_open_procfs(r3, &(0x7f00000014c0)='fdinfo/3\x00')
getsockopt(r0, 0xfffffa9f, 0x4, &(0x7f0000001500)=""/141, &(0x7f00000015c0)=0x8d)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001640), r4)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r2, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001700)={&(0x7f0000001680)={0x78, r5, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20008014}, 0xc800)
r6 = creat(&(0x7f0000001780)='./file0\x00', 0x11)
ioctl$NILFS_IOCTL_GET_BDESCS(r4, 0xc0186e87, &(0x7f0000001840)={&(0x7f00000017c0)=[{0x4, 0x3, 0xffff, 0x8, 0xa}, {0x7, 0xd1, 0xffffffffffffff01, 0x2, 0x7}, {0xfffffffffffffffa, 0xffff, 0x0, 0x4, 0x1}], 0x3, 0x28, 0x1000, 0x400})
socket(0x67412ccd182c6578, 0x2, 0x1000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000001900)={'syztnl1\x00', &(0x7f0000001880)={'syztnl2\x00', r1, 0x29, 0x7, 0x8, 0xb, 0x40, @empty, @loopback, 0x7800, 0x40, 0x2, 0x13c0000}})
ioctl$sock_SIOCGIFCONF(r6, 0x8912, &(0x7f0000001a00)=@buf={0x83, &(0x7f0000001940)="5bff3133990c154bfc29e60a9ca85ae03487e2cdd6ddf1e74a07833a508ec637336223c4553b3d47955188c518bc14daf377643fe3c795a478e2bf2e0abd30b3c96e74393b6f0cf6d5d4772ee2de4e7d5a4090495425bcd567f5624eb55ce25306d343d55dbc2705e0ce4d9a6c3bf6eb55bcad67bcfb0c24effb4e7fbb228f8c9a9254"})
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001a40), 0x210280, 0x0)
ioctl$KDGETLED(r7, 0x4b31, &(0x7f0000001a80))
ioctl$OCFS2_IOC_RESVSP64(r0, 0x4030582a, &(0x7f0000001ac0)={0x2, 0x0, 0x3ff, 0xd486, 0x0, 0x1})
ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, &(0x7f0000001b00)={0x5, [0x80000001, 0x401, 0x63, 0x4, 0xff]})
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000001b40)={0x433d3eb9, 0x7ca16064})
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x11)
syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001bc0)=[@text64={0x40, &(0x7f0000001b80)="c4a3995e5152740f1c65a1b9800000c00f3235002000000f30660fc731400f23450f060f20c035000000200f22c0420f4dd7410fa7c026673e0f07", 0x3b}], 0x1, 0x40, &(0x7f0000001c00), 0x0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000001c40)=[{{0x3, 0x0, 0x1, 0x1}, {0x4, 0x1}}, {{}, {0x0, 0x1, 0x0, 0x1}}, {{0x3, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x1}}], 0x18)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000001c80), 0x1, 0x0)
fadvise64(r7, 0x3, 0x6, 0x5)
fallocate(r7, 0x4b, 0x1ff, 0x81)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000001cc0)={0x8, {{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x1, 0x2, [{{0x2, 0x4e24, @remote}}, {{0x2, 0x4e23, @multicast2}}]}, 0x190)
bind$bt_hci(r6, &(0x7f0000001e80)={0x1f, 0x3, 0x3}, 0x6)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYRESOCT=0x0], 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-syz_usb_connect-syz_usb_control_io$uac1-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm-syz_usb_control_io-syz_usb_control_io$cdc_ecm
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_on}]})
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="4011040000000b8e04a60e0dfd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000ec0)={0x84, &(0x7f0000000a80)={0x40, 0xe, 0x3d, "e06705d890b4a497ed9d7466a53eed3ca06b96d84397b838887483ed7877c951f86659f1cc269e2878245649dc794a3e565e1e4519190a2710003b7177"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0xf0}, 0x0, &(0x7f0000000b80)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f0000000bc0)={0x20, 0x0, 0x8, {0x1e0, 0x10, [0xff0]}}, &(0x7f0000000c00)={0x40, 0x7, 0x2, 0x7}, &(0x7f0000000c40)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000c80)={0x40, 0xb, 0x2, "a212"}, &(0x7f0000000cc0)={0x40, 0xf, 0x2, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000880)={0x1c, &(0x7f0000000700)={0x40, 0x8, 0x4, "46e514d3"}, 0x0, 0x0})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): write$tun-socket$nl_netfilter-mprotect-mremap-futex_waitv-socket$key-sendmsg$key-syz_usb_connect
detailed listing:
executing program 0:
write$tun(0xffffffffffffffff, 0x0, 0x4e)
socket$nl_netfilter(0x10, 0x3, 0xc)
mprotect(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1)
mremap(&(0x7f0000880000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000000000/0x2000)=nil)
futex_waitv(&(0x7f0000001cc0)=[{0x7, &(0x7f0000000000)=0x7f, 0x82}, {0x7fffffffffffffff, &(0x7f0000000040)=0x1, 0x2}, {0x4, &(0x7f0000000080)=0x8000, 0x2}, {0x8, &(0x7f00000000c0)=0x5, 0x2}, {0x80000001, &(0x7f0000000100)=0x1, 0x2}, {0x80000001, &(0x7f0000000200)=0x1000, 0x2}, {0x4, &(0x7f00000002c0)=0x6, 0x2}, {0x9, &(0x7f0000000300)=0x6, 0x2}, {0x0, &(0x7f0000000340)=0x7fffffff, 0x2}, {0x2, &(0x7f0000000380)=0x101, 0x82}, {0x8203, &(0x7f00000003c0)=0xb, 0x82}, {0x0, &(0x7f0000000400)=0x7fffffff, 0x2}, {0x1, &(0x7f0000000440)=0x200, 0x82}, {0x7fffffffffffffff, &(0x7f0000000480)=0x7, 0x82}, {0x5, &(0x7f00000004c0)=0x3764, 0x82}, {0x5, &(0x7f0000000500)=0x6, 0x82}, {0x6, &(0x7f0000000540)=0xe, 0x2}, {0x800, &(0x7f0000000580)=0xd, 0x82}, {0x0, &(0x7f00000005c0)=0x2ff, 0x82}, {0x1, &(0x7f0000000600)=0x2, 0x82}, {0x8000000000000000, &(0x7f0000000640)=0xfffffffffffffffb, 0x2}, {0x5, &(0x7f00000006c0)=0x7, 0x2}, {0x7fffffff, &(0x7f0000000700)=0x9, 0x82}, {0x0, &(0x7f0000000740), 0x2}, {0x3, &(0x7f0000000780), 0x82}, {0x5, &(0x7f00000007c0)=0x5, 0x82}, {0x8, &(0x7f0000000800)=0x7, 0x82}, {0xf, &(0x7f0000000840)=0x7, 0x2}, {0x4, &(0x7f0000000880)=0x1ff, 0x2}, {0x9, &(0x7f00000008c0)=0x8000000000000001, 0x82}, {0x54, &(0x7f0000000900)=0x9, 0x2}, {0x9, &(0x7f0000000940)=0x5, 0x2}, {0x6, &(0x7f0000000980)=0x1, 0x2}, {0x3, &(0x7f00000009c0)=0x1f9c, 0x2}, {0x7, &(0x7f0000000a00)=0x2, 0x2}, {0x4, &(0x7f0000000a40), 0x2}, {0x7979c168, &(0x7f0000000a80), 0x2}, {0x4193, &(0x7f0000000ac0)=0x8, 0x2}, {0x9, &(0x7f0000000b00)=0x4, 0x82}, {0x8, &(0x7f0000000b40)=0x40, 0x2}, {0x6, &(0x7f0000000b80)=0xebd, 0x2}, {0x3fffffffc0000, &(0x7f0000000bc0)=0x4, 0x2}, {0x47, &(0x7f0000000c00)=0x6, 0x82}, {0x1, &(0x7f0000000c40)=0xdb4, 0x82}, {0x1, &(0x7f0000000c80)=0x857, 0x82}, {0xffff, &(0x7f0000000cc0)=0x7, 0x82}, {0x7, &(0x7f0000000d00)=0x7f, 0x2}, {0xffffffffffffffff, &(0x7f0000000d40)=0x533, 0x2}, {0x80, &(0x7f0000000d80)=0xffffffff920ab670, 0x2}, {0xfffffffffffffff8, &(0x7f0000000dc0)=0x7, 0x2}, {0x18d, &(0x7f0000000e00)=0x8, 0x2}, {0x8, &(0x7f0000000e40)=0x4, 0x2}, {0x8000000000000001, &(0x7f0000000e80), 0x82}, {0x1, &(0x7f0000000ec0)=0x2, 0x82}, {0xe, &(0x7f0000000f00)=0x8bbd, 0x82}, {0x9, &(0x7f0000000f40)=0x2, 0x2}, {0x0, &(0x7f0000000f80)=0xf, 0x82}, {0x2, &(0x7f0000000fc0)=0x8, 0x2}, {0x3, &(0x7f0000001000)=0x1, 0x1}, {0x8, &(0x7f0000001040), 0x2}, {0x2, &(0x7f0000001080)=0x2, 0x82}, {0xeb1, &(0x7f00000010c0)=0x10001, 0x2}, {0x9, &(0x7f0000001100), 0x2}, {0xfffffffffffffff9, &(0x7f0000001140)=0x80000000, 0x82}, {0x401, &(0x7f0000001180)=0x5, 0x82}, {0x4, &(0x7f00000011c0)=0x9, 0x2}, {0x62d, &(0x7f0000001200)=0x7, 0x82}, {0x0, &(0x7f0000001240)=0x7, 0x2}, {0x6, &(0x7f0000001280)}, {0x4, &(0x7f00000012c0)=0x9, 0x82}, {0x4, &(0x7f0000001300), 0x2}, {0x66, &(0x7f0000001340)=0x1, 0x82}, {0xffffffffffff8000, &(0x7f0000001380)=0xfffffffffffffffd, 0x82}, {0x7, &(0x7f00000013c0), 0x2}, {0x727a, &(0x7f0000001400)=0x4, 0x82}, {0x6, &(0x7f0000001440)=0x4, 0x82}, {0x0, &(0x7f0000001480)=0xd35, 0xc138dd234986ef56}, {0xffff, &(0x7f00000014c0)=0x78db, 0x2}, {0x7ec0, &(0x7f0000001500)=0x3}, {0x2, &(0x7f0000001540)=0x1, 0x82}, {0x5, &(0x7f0000001580)=0x3, 0x82}, {0x2, &(0x7f00000015c0)=0x4, 0x82}, {0x8, &(0x7f0000001600)=0x5, 0x82}, {0x10001, &(0x7f0000001640)=0x8000000000000000, 0x80}, {0x8000000000000000, &(0x7f0000001680)=0x100000000, 0x2}, {0x1, &(0x7f00000016c0), 0x82}, {0xfffffffffffffffe, &(0x7f0000001700)=0x9, 0x82}, {0x800, &(0x7f0000001740)=0x4, 0x2}, {0x7f, &(0x7f0000001780)=0x2ed7f5aa, 0x82}, {0x8, &(0x7f00000017c0), 0x2}, {0x7fff, &(0x7f0000001800)=0x8, 0x2}, {0x5, &(0x7f0000001840)=0x40, 0x82}, {0xffffffffffff0001, &(0x7f0000001880)=0x10, 0x82}, {0xede1, &(0x7f00000018c0)=0x4, 0x82}, {0x1, &(0x7f0000001900)=0x3, 0x2}, {0x3, &(0x7f0000001940)=0xa3b, 0x82}, {0x3, &(0x7f0000001980)=0x6, 0x82}, {0x3, &(0x7f00000019c0), 0x82}, {0x9, &(0x7f0000001a00)=0xfd9, 0x226792cf3a8fd292}, {0x4, &(0x7f0000001a40)=0x6, 0x2}, {0xa, &(0x7f0000001a80)=0x6, 0x3}, {0x8000000000000001, &(0x7f0000001ac0)=0x2, 0x82}, {0x2, &(0x7f0000001b00)=0x60032b5e, 0x2}, {0x80000001, &(0x7f0000001b40)=0xfffffffffffff801, 0x82}, {0x7, &(0x7f0000001b80), 0x2}, {0x1, &(0x7f0000001bc0)=0x3, 0x2}, {0x8, &(0x7f0000001c00)=0x9, 0x82}, {0x2, &(0x7f0000001c40)=0x4, 0x2}, {0x4, &(0x7f0000001c80)=0x4, 0x82}], 0x6d, 0x0, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x700, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000014000000f0ffffff0000000005000600000000000a0080ff00000000fc010000000000000000000000000000000000000000000005000500000000000a0000000000000000000000000000000000000000000000000000000000000008001200"], 0xa0}}, 0x4000)
syz_usb_connect(0x3, 0x59, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x8e, 0xcf, 0xd0, 0x8, 0xace, 0x1602, 0xe270, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x47, 0x2, 0x7f, 0x24, 0x80, 0x5, "", [{{0x9, 0x4, 0x9f, 0x5, 0x2, 0xcd, 0xa1, 0xbf, 0x2, [@uac_control={{0xa, 0x24, 0x1, 0x8000, 0xa}}], [{{0x9, 0x5, 0xa253e6fea1f253f3, 0x3, 0x10, 0x6, 0x5, 0xf4}}, {{0x9, 0x5, 0x8, 0x1, 0x40, 0xb9, 0x5, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x9c43a4be336c78a, 0xf, 0x9000}]}}]}}, {{0x9, 0x4, 0x5c, 0x14, 0x0, 0x50, 0x50, 0x3, 0x3, [@generic={0x2, 0xb}]}}]}}]}}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0})

program did not crash
single: failed to extract reproducer
bisect: bisecting 18 programs with base timeout 30s
testing program (duration=34s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 6, 10, 10, 2, 11, 9, 9, 22, 8, 6, 7, 9, 1, 14, 1, 11, 30]
detailed listing:
executing program 2:
writev(0xffffffffffffffff, &(0x7f0000004080)=[{&(0x7f0000003040)="5d02", 0x2}], 0x1)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
r2 = fcntl$dupfd(r0, 0x406, r0)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000000140)={&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000003880)=""/4089, 0xff9})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x2202, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000080)=ANY=[@ANYBLOB='-5'], 0x9)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
executing program 3:
write(0xffffffffffffffff, &(0x7f0000000180)="aae8838aec578005be21c1e54e3cb9b1885f19c705b61e430aa28a89b32eae42b9c115da0836bb29869ec944bbfac713fc18adfc0aaa42aea8563ac50908ac45cee02e5d40f4e94dcc9b58664ae249b17d6b0c618a09440d93f1bc8118141eee7b6b7ee3d07d41bd79bce7322945b1bf34f166db94537fe0975358a552c6b20ed6e9331c04062e64f358d58cc52998b303ba079c25ddb9ca2905", 0x9a)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10, &(0x7f0000000300)=0x80, 0x4)
syz_usb_connect$uac2(0x3, 0x7b, &(0x7f0000000100)={{0x12, 0x1, 0x111, 0x0, 0x0, 0x0, 0x20, 0x7fd, 0x1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x69, 0x3, 0x1, 0x80, 0xd0, 0x9, {0x8, 0xb, 0x1, 0x1, 0x1, 0xb, 0x20, 0x2e}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0x4, 0xb, 0x9, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x5, 0xc9, 0x5, {0x8, 0x25, 0x1, 0x182, 0x3f, 0x2, 0xffff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x3, 0x1, 0xf, {0x8, 0x25, 0x1, 0x0, 0xf, 0x3, 0x9}}}}}}}}]}}, 0x0)
executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="500100001000130700002100fcdbdf2500000000000000000000000000000000ac1e0001000000000000000000000000000000024e210002020000001d000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc010000000000000000000000000000000000fe32000000fe80000000000000000000000000000000000000000000000000fdffffffffffffff04000000000000000100000000000000090000000000000000000000000000004305000020000000090000000000030000000000000000000300000000000000feffffffffffffff0300000000000000060000002cbd70000035000002000100500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000008000000021046821a8d9aa540db9a200000000c538c7cb7e"], 0x150}}, 0x48080)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201"], 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
fstat(r2, &(0x7f0000000100))
syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])
syz_usb_connect$uac3(0x1, 0xec, &(0x7f0000000100)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x582, 0x582, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xda, 0x3, 0x1, 0x0, 0xd0, 0xfd, {0x8, 0xb, 0x2, 0x1, 0x1, 0x23, 0x30, 0x1}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0xe, 0x5f, 0x9}, [@source_unit={0xc, 0x24, 0xb, 0x1, 0x2, 0x4, 0x0, 0x8}, @processing_unit={0x11, 0x24, 0x9, 0x6, 0x5, [0x0, 0x2, 0x1]}, @processing_unit={0x19, 0x24, 0x9, 0x1, 0x4, [0x0, 0x3, 0x1, 0x3, 0x0]}, @cluster_info_segment={0x6, 0x20, 0x1, 0x86, 0x7}, @processing_unit={0xd, 0x24, 0x9, 0x3, 0x1, [0x1, 0x2]}, @source_unit={0xc, 0x24, 0xb, 0x9, 0x1, 0x5, 0x4, 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@as_header={0x17, 0x24, 0x1, 0x17, 0x6df, 0x6, 0x1001, 0xff, 0x80, 0x6, 0x8}]}, {{0x9, 0x5, 0x1, 0x9, 0x4, 0x3, 0x8, 0xe1, {0xa, 0x25, 0x25, 0xffffffff, 0x3, 0xfff4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x7, 0x7, 0x5f, {0xa, 0x25, 0x25, 0x9, 0x2, 0x80}}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x250, 0x2, 0x4, 0xa5, 0x10, 0xf3}, 0xc, &(0x7f0000000280)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0xc, 0x4, 0xd13a}]}, 0x4, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x1007}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x44a}}, {0xe5, &(0x7f0000000780)=ANY=[@ANYBLOB="e5032fb4e510a3f8a558efb2752c6959ecd117dc31b66b14ad89f965bec17928f2a140fe5899586ace1f5e76a6990c563b542dd5572e67817677c921e4f0a46e01c56b5defe0b4f2eee7e6439014698a99b764e388b936da946322d1df515611ee7b8382f02685d891db559f795331850939cad9aaca961cba910ce2b9512f393a015b85b6cd4b7a8299ba1c33f01faf4986caada52cdb9d403d73432d0340e41cc11368289c3f631e3f977778c9d99eade0ca8d7f02004b9f7373b2f0093e4eae95cb2ec7aa9be34335502996d25d74468fb3d2563d9665bea856b165f48cf736991a9492ac2550177600000000"]}]})
ioctl$HIDIOCGRAWINFO(0xffffffffffffffff, 0x80084803, &(0x7f0000000680)=""/199)
executing program 0:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]})
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x382, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r2, &(0x7f0000000100)=ANY=[@ANYBLOB='unlock '], 0xc)
ioctl$TCFLSH(r1, 0x400455c8, 0x1000000000)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
mknodat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x4, 0x5) (async, rerun: 64)
rename(&(0x7f0000000140)='./file0\x00', &(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (rerun: 64)
executing program 1:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f00000000c0)=0x3, 0x4)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1fe)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x200000, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40000, 0x120)
getdents64(r1, &(0x7f0000000400)=""/264, 0x108)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000180)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x0, 0x0, 0x2481bc76}, 0x1c)
executing program 1:
add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, &(0x7f0000000140)="1081b3", 0x3, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$pptp(0x18, 0x1, 0x2)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000180)={0x9, <r2=>r0, 'id0\x00'})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x80086601, &(0x7f0000000280)={'lo\x00', @link_local={0x2, 0x80, 0xc2, 0xc}})
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r1, 0x4018f50b, &(0x7f0000000000)={0x1, 0x1375aa25, 0x10001})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'bridge_slave_1\x00', &(0x7f0000000080)=@ethtool_cmd={0x24, 0x0, 0x3, 0x6, 0xff, 0x0, 0x0, 0xff, 0x0, 0xfa, 0x20000000, 0x7883, 0x0, 0x1, 0x1, 0x6162b9dd, [0x47cb, 0x80000001]}})
executing program 1:
r0 = syz_clone(0x6040000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (rerun: 64)
poll(0x0, 0x0, 0x8000007) (async)
r3 = syz_pidfd_open(r0, 0x0)
setns(r3, 0x4000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) (async, rerun: 32)
madvise(&(0x7f0000863000/0x3000)=nil, 0x3000, 0x17) (rerun: 32)
executing program 1:
r0 = gettid()
process_vm_readv(r0, &(0x7f0000001140)=[{&(0x7f0000000000)=""/87, 0x62}, {&(0x7f0000001200)=""/4096, 0x100a}], 0x2, &(0x7f00000011c0)=[{0xfffffffffffffffc, 0x19000}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb2993000)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00')
r2 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002200"], 0x1c}], 0x1}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendto(r5, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000780)=""/227, 0xe3}, {&(0x7f0000001a40)=""/217, 0xd9}, {&(0x7f0000003500)=""/4096, 0x1000}, {&(0x7f0000000340)=""/177, 0xb1}, {&(0x7f0000002c40)=""/146, 0x92}, {&(0x7f0000000400)=""/112, 0x70}, {&(0x7f0000000000)=""/260, 0x104}, {&(0x7f0000000140)=""/74, 0x4a}], 0x8}, 0xe}, {{0x0, 0x0, 0x0}, 0xa}], 0x2, 0x100, 0x0)
sendmmsg$inet6(r4, &(0x7f0000001980)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x64}, 0x10}, 0x1c, 0x0}}], 0x40000000000024e, 0x20002040)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r6, 0x1000)
r7 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
poll(&(0x7f0000000040)=[{r7, 0x1}], 0x1, 0x101)
close_range(r6, 0xffffffffffffffff, 0x0)
ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000000))
close_range(r3, 0xffffffffffffffff, 0x0)
executing program 1:
write$tun(0xffffffffffffffff, 0x0, 0x4e)
socket$nl_netfilter(0x10, 0x3, 0xc)
mprotect(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1)
mremap(&(0x7f0000880000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000000000/0x2000)=nil)
futex_waitv(&(0x7f0000001cc0)=[{0x7, &(0x7f0000000000)=0x7f, 0x82}, {0x7fffffffffffffff, &(0x7f0000000040)=0x1, 0x2}, {0x4, &(0x7f0000000080)=0x8000, 0x2}, {0x8, &(0x7f00000000c0)=0x5, 0x2}, {0x80000001, &(0x7f0000000100)=0x1, 0x2}, {0x80000001, &(0x7f0000000200)=0x1000, 0x2}, {0x4, &(0x7f00000002c0)=0x6, 0x2}, {0x9, &(0x7f0000000300)=0x6, 0x2}, {0x0, &(0x7f0000000340)=0x7fffffff, 0x2}, {0x2, &(0x7f0000000380)=0x101, 0x82}, {0x8203, &(0x7f00000003c0)=0xb, 0x82}, {0x0, &(0x7f0000000400)=0x7fffffff, 0x2}, {0x1, &(0x7f0000000440)=0x200, 0x82}, {0x7fffffffffffffff, &(0x7f0000000480)=0x7, 0x82}, {0x5, &(0x7f00000004c0)=0x3764, 0x82}, {0x5, &(0x7f0000000500)=0x6, 0x82}, {0x6, &(0x7f0000000540)=0xe, 0x2}, {0x800, &(0x7f0000000580)=0xd, 0x82}, {0x0, &(0x7f00000005c0)=0x2ff, 0x82}, {0x1, &(0x7f0000000600)=0x2, 0x82}, {0x8000000000000000, &(0x7f0000000640)=0xfffffffffffffffb, 0x2}, {0x5, &(0x7f00000006c0)=0x7, 0x2}, {0x7fffffff, &(0x7f0000000700)=0x9, 0x82}, {0x0, &(0x7f0000000740), 0x2}, {0x3, &(0x7f0000000780), 0x82}, {0x5, &(0x7f00000007c0)=0x5, 0x82}, {0x8, &(0x7f0000000800)=0x7, 0x82}, {0xf, &(0x7f0000000840)=0x7, 0x2}, {0x4, &(0x7f0000000880)=0x1ff, 0x2}, {0x9, &(0x7f00000008c0)=0x8000000000000001, 0x82}, {0x54, &(0x7f0000000900)=0x9, 0x2}, {0x9, &(0x7f0000000940)=0x5, 0x2}, {0x6, &(0x7f0000000980)=0x1, 0x2}, {0x3, &(0x7f00000009c0)=0x1f9c, 0x2}, {0x7, &(0x7f0000000a00)=0x2, 0x2}, {0x4, &(0x7f0000000a40), 0x2}, {0x7979c168, &(0x7f0000000a80), 0x2}, {0x4193, &(0x7f0000000ac0)=0x8, 0x2}, {0x9, &(0x7f0000000b00)=0x4, 0x82}, {0x8, &(0x7f0000000b40)=0x40, 0x2}, {0x6, &(0x7f0000000b80)=0xebd, 0x2}, {0x3fffffffc0000, &(0x7f0000000bc0)=0x4, 0x2}, {0x47, &(0x7f0000000c00)=0x6, 0x82}, {0x1, &(0x7f0000000c40)=0xdb4, 0x82}, {0x1, &(0x7f0000000c80)=0x857, 0x82}, {0xffff, &(0x7f0000000cc0)=0x7, 0x82}, {0x7, &(0x7f0000000d00)=0x7f, 0x2}, {0xffffffffffffffff, &(0x7f0000000d40)=0x533, 0x2}, {0x80, &(0x7f0000000d80)=0xffffffff920ab670, 0x2}, {0xfffffffffffffff8, &(0x7f0000000dc0)=0x7, 0x2}, {0x18d, &(0x7f0000000e00)=0x8, 0x2}, {0x8, &(0x7f0000000e40)=0x4, 0x2}, {0x8000000000000001, &(0x7f0000000e80), 0x82}, {0x1, &(0x7f0000000ec0)=0x2, 0x82}, {0xe, &(0x7f0000000f00)=0x8bbd, 0x82}, {0x9, &(0x7f0000000f40)=0x2, 0x2}, {0x0, &(0x7f0000000f80)=0xf, 0x82}, {0x2, &(0x7f0000000fc0)=0x8, 0x2}, {0x3, &(0x7f0000001000)=0x1, 0x1}, {0x8, &(0x7f0000001040), 0x2}, {0x2, &(0x7f0000001080)=0x2, 0x82}, {0xeb1, &(0x7f00000010c0)=0x10001, 0x2}, {0x9, &(0x7f0000001100), 0x2}, {0xfffffffffffffff9, &(0x7f0000001140)=0x80000000, 0x82}, {0x401, &(0x7f0000001180)=0x5, 0x82}, {0x4, &(0x7f00000011c0)=0x9, 0x2}, {0x62d, &(0x7f0000001200)=0x7, 0x82}, {0x0, &(0x7f0000001240)=0x7, 0x2}, {0x6, &(0x7f0000001280)}, {0x4, &(0x7f00000012c0)=0x9, 0x82}, {0x4, &(0x7f0000001300), 0x2}, {0x66, &(0x7f0000001340)=0x1, 0x82}, {0xffffffffffff8000, &(0x7f0000001380)=0xfffffffffffffffd, 0x82}, {0x7, &(0x7f00000013c0), 0x2}, {0x727a, &(0x7f0000001400)=0x4, 0x82}, {0x6, &(0x7f0000001440)=0x4, 0x82}, {0x0, &(0x7f0000001480)=0xd35, 0xc138dd234986ef56}, {0xffff, &(0x7f00000014c0)=0x78db, 0x2}, {0x7ec0, &(0x7f0000001500)=0x3}, {0x2, &(0x7f0000001540)=0x1, 0x82}, {0x5, &(0x7f0000001580)=0x3, 0x82}, {0x2, &(0x7f00000015c0)=0x4, 0x82}, {0x8, &(0x7f0000001600)=0x5, 0x82}, {0x10001, &(0x7f0000001640)=0x8000000000000000, 0x80}, {0x8000000000000000, &(0x7f0000001680)=0x100000000, 0x2}, {0x1, &(0x7f00000016c0), 0x82}, {0xfffffffffffffffe, &(0x7f0000001700)=0x9, 0x82}, {0x800, &(0x7f0000001740)=0x4, 0x2}, {0x7f, &(0x7f0000001780)=0x2ed7f5aa, 0x82}, {0x8, &(0x7f00000017c0), 0x2}, {0x7fff, &(0x7f0000001800)=0x8, 0x2}, {0x5, &(0x7f0000001840)=0x40, 0x82}, {0xffffffffffff0001, &(0x7f0000001880)=0x10, 0x82}, {0xede1, &(0x7f00000018c0)=0x4, 0x82}, {0x1, &(0x7f0000001900)=0x3, 0x2}, {0x3, &(0x7f0000001940)=0xa3b, 0x82}, {0x3, &(0x7f0000001980)=0x6, 0x82}, {0x3, &(0x7f00000019c0), 0x82}, {0x9, &(0x7f0000001a00)=0xfd9, 0x226792cf3a8fd292}, {0x4, &(0x7f0000001a40)=0x6, 0x2}, {0xa, &(0x7f0000001a80)=0x6, 0x3}, {0x8000000000000001, &(0x7f0000001ac0)=0x2, 0x82}, {0x2, &(0x7f0000001b00)=0x60032b5e, 0x2}, {0x80000001, &(0x7f0000001b40)=0xfffffffffffff801, 0x82}, {0x7, &(0x7f0000001b80), 0x2}, {0x1, &(0x7f0000001bc0)=0x3, 0x2}, {0x8, &(0x7f0000001c00)=0x9, 0x82}, {0x2, &(0x7f0000001c40)=0x4, 0x2}, {0x4, &(0x7f0000001c80)=0x4, 0x82}], 0x6d, 0x0, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x700, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000014000000f0ffffff0000000005000600000000000a0080ff00000000fc010000000000000000000000000000000000000000000005000500000000000a0000000000000000000000000000000000000000000000000000000000000008001200"], 0xa0}}, 0x4000)
syz_usb_connect(0x3, 0x59, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x8e, 0xcf, 0xd0, 0x8, 0xace, 0x1602, 0xe270, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x47, 0x2, 0x7f, 0x24, 0x80, 0x5, "", [{{0x9, 0x4, 0x9f, 0x5, 0x2, 0xcd, 0xa1, 0xbf, 0x2, [@uac_control={{0xa, 0x24, 0x1, 0x8000, 0xa}}], [{{0x9, 0x5, 0xa253e6fea1f253f3, 0x3, 0x10, 0x6, 0x5, 0xf4}}, {{0x9, 0x5, 0x8, 0x1, 0x40, 0xb9, 0x5, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x9c43a4be336c78a, 0xf, 0x9000}]}}]}}, {{0x9, 0x4, 0x5c, 0x14, 0x0, 0x50, 0x50, 0x3, 0x3, [@generic={0x2, 0xb}]}}]}}]}}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0})
executing program 0:
syz_open_dev$loop(0x0, 0x7, 0x184a81)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_BACKING_CLOSE(r0, 0x4004e502, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x100000})
socket$nl_audit(0x10, 0x3, 0x9)
executing program 0:
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
ioctl$BLKPG(r0, 0x1269, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = socket(0x10, 0x3, 0xc)
write(r1, &(0x7f0000000040)="ef", 0x1)
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_on}]})
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="4011040000000b8e04a60e0dfd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000ec0)={0x84, &(0x7f0000000a80)={0x40, 0xe, 0x3d, "e06705d890b4a497ed9d7466a53eed3ca06b96d84397b838887483ed7877c951f86659f1cc269e2878245649dc794a3e565e1e4519190a2710003b7177"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0xf0}, 0x0, &(0x7f0000000b80)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f0000000bc0)={0x20, 0x0, 0x8, {0x1e0, 0x10, [0xff0]}}, &(0x7f0000000c00)={0x40, 0x7, 0x2, 0x7}, &(0x7f0000000c40)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000c80)={0x40, 0xb, 0x2, "a212"}, &(0x7f0000000cc0)={0x40, 0xf, 0x2, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000880)={0x1c, &(0x7f0000000700)={0x40, 0x8, 0x4, "46e514d3"}, 0x0, 0x0})
executing program 3:
syz_usb_connect(0x4, 0x2d, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYBLOB="ebcaea7c5a36e900f66070f0727426faf84a64fcaab0049474dcfc55df1127562e5e68d1c9d6a2086aba26a106242eb27bf9acedadc572cdf34bcefdb9567d27afb34e0ea3d08b6d0d2edca8d74d10f98baba91f2034a248f3848645e0d1d2d02fea39d30bbc27e23df5e0a9502cb839830a92b00d4c543d26f96da4d4a442bcd102006f2e9e7025432e20b6dec8ba10780e5e6981b513b9a7bab895e9fdcee12074c6e93f21c02221f90000000000000000000000000000fe4f3b13d4fb00467ab2daecf3472d848031418d37d32474e0fee1663bd5f9913addb7397922b07f88e7bad9938131b35afcbc19b80000000000000000000000000000006573d04f097af5a35e8f6a9e0818b8c52e4d274182def4c4cdf3184370988799fae51fda853f611caab8b6caa77e9d403246fca034dd9fd8e3c5c44748b95c2d5be720d3bfcba0f83f904261f0e0c3fc5ac1e97579edff1d129c582cbed4ae8fbb1c6370d6a325dfd9149da3d90ac7dc7e8c0b8795f9e9dfc03cc7ce21be2c17780b414a543e55e7210da7c68f9215f900c7c2b6371bbabd958868e029ec1c5ae1"], 0x0)
executing program 2:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x989680}, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
finit_module(r0, 0x0, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
cachestat(r1, &(0x7f00000000c0)={0x8000000000000000, 0x7}, &(0x7f0000000100), 0x0)
ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000005580)='./file0\x00', &(0x7f00000055c0)='system.posix_acl_default\x00', 0x0, 0x0, 0x2)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x4ee98000, 0x4c8300)
ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000000)={0x11, 0x0, 0x0})
executing program 2:
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYRESOCT=0x0], 0x0)
executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)
executing program 3:
r0 = socket$inet6(0xa, 0x5, 0x6)
pwrite64(r0, &(0x7f0000000000)="a3d5d63b6318090c88cffe7f2935d1f0af4b92dd4992f68dccc350e5ac2e6f98e8121e93c23c24eaf5594aec267ed931149ef343448787bb2d95bb980c36ce5a1af541fe1a9aaf2d7539ea83379c428e480f62622e4dd484f159a276c07c43556567b9c491a8c09c661e132f97476f676f9f195541e0e74258d84af97b936e5dc697e0de48af318a6566db2ac3a2b5aaf4367916a42162d987ae", 0x9a, 0x6)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000000c0)={{{@in=@multicast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@private0}, 0x0, @in6=@mcast2}}, &(0x7f00000001c0)=0xe8)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000280)={0x60, 0x2, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f0000000200)=[{0x6, 0x87, 0x2}, {0x8, 0x8000000000000000, 0x249}, {0x10000, 0x1, 0x81}], 0x3, 0x6, 0x1a, 0x20, 0x4b})
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000340)={{{@in=@dev}}, {{@in=@private}, 0x0, @in6=@remote}}, &(0x7f0000000440)=0xe8)
read$snapshot(r2, &(0x7f0000000480)=""/4096, 0x1000)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000001480)=<r3=>0x0)
r4 = syz_open_procfs(r3, &(0x7f00000014c0)='fdinfo/3\x00')
getsockopt(r0, 0xfffffa9f, 0x4, &(0x7f0000001500)=""/141, &(0x7f00000015c0)=0x8d)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001640), r4)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r2, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001700)={&(0x7f0000001680)={0x78, r5, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20008014}, 0xc800)
r6 = creat(&(0x7f0000001780)='./file0\x00', 0x11)
ioctl$NILFS_IOCTL_GET_BDESCS(r4, 0xc0186e87, &(0x7f0000001840)={&(0x7f00000017c0)=[{0x4, 0x3, 0xffff, 0x8, 0xa}, {0x7, 0xd1, 0xffffffffffffff01, 0x2, 0x7}, {0xfffffffffffffffa, 0xffff, 0x0, 0x4, 0x1}], 0x3, 0x28, 0x1000, 0x400})
socket(0x67412ccd182c6578, 0x2, 0x1000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000001900)={'syztnl1\x00', &(0x7f0000001880)={'syztnl2\x00', r1, 0x29, 0x7, 0x8, 0xb, 0x40, @empty, @loopback, 0x7800, 0x40, 0x2, 0x13c0000}})
ioctl$sock_SIOCGIFCONF(r6, 0x8912, &(0x7f0000001a00)=@buf={0x83, &(0x7f0000001940)="5bff3133990c154bfc29e60a9ca85ae03487e2cdd6ddf1e74a07833a508ec637336223c4553b3d47955188c518bc14daf377643fe3c795a478e2bf2e0abd30b3c96e74393b6f0cf6d5d4772ee2de4e7d5a4090495425bcd567f5624eb55ce25306d343d55dbc2705e0ce4d9a6c3bf6eb55bcad67bcfb0c24effb4e7fbb228f8c9a9254"})
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001a40), 0x210280, 0x0)
ioctl$KDGETLED(r7, 0x4b31, &(0x7f0000001a80))
ioctl$OCFS2_IOC_RESVSP64(r0, 0x4030582a, &(0x7f0000001ac0)={0x2, 0x0, 0x3ff, 0xd486, 0x0, 0x1})
ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, &(0x7f0000001b00)={0x5, [0x80000001, 0x401, 0x63, 0x4, 0xff]})
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000001b40)={0x433d3eb9, 0x7ca16064})
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x11)
syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001bc0)=[@text64={0x40, &(0x7f0000001b80)="c4a3995e5152740f1c65a1b9800000c00f3235002000000f30660fc731400f23450f060f20c035000000200f22c0420f4dd7410fa7c026673e0f07", 0x3b}], 0x1, 0x40, &(0x7f0000001c00), 0x0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000001c40)=[{{0x3, 0x0, 0x1, 0x1}, {0x4, 0x1}}, {{}, {0x0, 0x1, 0x0, 0x1}}, {{0x3, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x1}}], 0x18)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000001c80), 0x1, 0x0)
fadvise64(r7, 0x3, 0x6, 0x5)
fallocate(r7, 0x4b, 0x1ff, 0x81)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000001cc0)={0x8, {{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x1, 0x2, [{{0x2, 0x4e24, @remote}}, {{0x2, 0x4e23, @multicast2}}]}, 0x190)
bind$bt_hci(r6, &(0x7f0000001e80)={0x1f, 0x3, 0x3}, 0x6)

program crashed: WARNING in ovl_dir_modified
bisect: bisecting 18 programs
bisect: split chunks (needed=false): <18>
bisect: split chunk #0 of len 18 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=33s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 9, 22, 8, 6, 7, 9, 1, 14, 1, 11, 30]
detailed listing:
executing program 1:
add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, &(0x7f0000000140)="1081b3", 0x3, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$pptp(0x18, 0x1, 0x2)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000180)={0x9, <r2=>r0, 'id0\x00'})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x80086601, &(0x7f0000000280)={'lo\x00', @link_local={0x2, 0x80, 0xc2, 0xc}})
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r1, 0x4018f50b, &(0x7f0000000000)={0x1, 0x1375aa25, 0x10001})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'bridge_slave_1\x00', &(0x7f0000000080)=@ethtool_cmd={0x24, 0x0, 0x3, 0x6, 0xff, 0x0, 0x0, 0xff, 0x0, 0xfa, 0x20000000, 0x7883, 0x0, 0x1, 0x1, 0x6162b9dd, [0x47cb, 0x80000001]}})
executing program 1:
r0 = syz_clone(0x6040000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (rerun: 64)
poll(0x0, 0x0, 0x8000007) (async)
r3 = syz_pidfd_open(r0, 0x0)
setns(r3, 0x4000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) (async, rerun: 32)
madvise(&(0x7f0000863000/0x3000)=nil, 0x3000, 0x17) (rerun: 32)
executing program 1:
r0 = gettid()
process_vm_readv(r0, &(0x7f0000001140)=[{&(0x7f0000000000)=""/87, 0x62}, {&(0x7f0000001200)=""/4096, 0x100a}], 0x2, &(0x7f00000011c0)=[{0xfffffffffffffffc, 0x19000}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb2993000)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00')
r2 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002200"], 0x1c}], 0x1}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendto(r5, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000780)=""/227, 0xe3}, {&(0x7f0000001a40)=""/217, 0xd9}, {&(0x7f0000003500)=""/4096, 0x1000}, {&(0x7f0000000340)=""/177, 0xb1}, {&(0x7f0000002c40)=""/146, 0x92}, {&(0x7f0000000400)=""/112, 0x70}, {&(0x7f0000000000)=""/260, 0x104}, {&(0x7f0000000140)=""/74, 0x4a}], 0x8}, 0xe}, {{0x0, 0x0, 0x0}, 0xa}], 0x2, 0x100, 0x0)
sendmmsg$inet6(r4, &(0x7f0000001980)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x64}, 0x10}, 0x1c, 0x0}}], 0x40000000000024e, 0x20002040)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r6, 0x1000)
r7 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
poll(&(0x7f0000000040)=[{r7, 0x1}], 0x1, 0x101)
close_range(r6, 0xffffffffffffffff, 0x0)
ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000000))
close_range(r3, 0xffffffffffffffff, 0x0)
executing program 1:
write$tun(0xffffffffffffffff, 0x0, 0x4e)
socket$nl_netfilter(0x10, 0x3, 0xc)
mprotect(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1)
mremap(&(0x7f0000880000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000000000/0x2000)=nil)
futex_waitv(&(0x7f0000001cc0)=[{0x7, &(0x7f0000000000)=0x7f, 0x82}, {0x7fffffffffffffff, &(0x7f0000000040)=0x1, 0x2}, {0x4, &(0x7f0000000080)=0x8000, 0x2}, {0x8, &(0x7f00000000c0)=0x5, 0x2}, {0x80000001, &(0x7f0000000100)=0x1, 0x2}, {0x80000001, &(0x7f0000000200)=0x1000, 0x2}, {0x4, &(0x7f00000002c0)=0x6, 0x2}, {0x9, &(0x7f0000000300)=0x6, 0x2}, {0x0, &(0x7f0000000340)=0x7fffffff, 0x2}, {0x2, &(0x7f0000000380)=0x101, 0x82}, {0x8203, &(0x7f00000003c0)=0xb, 0x82}, {0x0, &(0x7f0000000400)=0x7fffffff, 0x2}, {0x1, &(0x7f0000000440)=0x200, 0x82}, {0x7fffffffffffffff, &(0x7f0000000480)=0x7, 0x82}, {0x5, &(0x7f00000004c0)=0x3764, 0x82}, {0x5, &(0x7f0000000500)=0x6, 0x82}, {0x6, &(0x7f0000000540)=0xe, 0x2}, {0x800, &(0x7f0000000580)=0xd, 0x82}, {0x0, &(0x7f00000005c0)=0x2ff, 0x82}, {0x1, &(0x7f0000000600)=0x2, 0x82}, {0x8000000000000000, &(0x7f0000000640)=0xfffffffffffffffb, 0x2}, {0x5, &(0x7f00000006c0)=0x7, 0x2}, {0x7fffffff, &(0x7f0000000700)=0x9, 0x82}, {0x0, &(0x7f0000000740), 0x2}, {0x3, &(0x7f0000000780), 0x82}, {0x5, &(0x7f00000007c0)=0x5, 0x82}, {0x8, &(0x7f0000000800)=0x7, 0x82}, {0xf, &(0x7f0000000840)=0x7, 0x2}, {0x4, &(0x7f0000000880)=0x1ff, 0x2}, {0x9, &(0x7f00000008c0)=0x8000000000000001, 0x82}, {0x54, &(0x7f0000000900)=0x9, 0x2}, {0x9, &(0x7f0000000940)=0x5, 0x2}, {0x6, &(0x7f0000000980)=0x1, 0x2}, {0x3, &(0x7f00000009c0)=0x1f9c, 0x2}, {0x7, &(0x7f0000000a00)=0x2, 0x2}, {0x4, &(0x7f0000000a40), 0x2}, {0x7979c168, &(0x7f0000000a80), 0x2}, {0x4193, &(0x7f0000000ac0)=0x8, 0x2}, {0x9, &(0x7f0000000b00)=0x4, 0x82}, {0x8, &(0x7f0000000b40)=0x40, 0x2}, {0x6, &(0x7f0000000b80)=0xebd, 0x2}, {0x3fffffffc0000, &(0x7f0000000bc0)=0x4, 0x2}, {0x47, &(0x7f0000000c00)=0x6, 0x82}, {0x1, &(0x7f0000000c40)=0xdb4, 0x82}, {0x1, &(0x7f0000000c80)=0x857, 0x82}, {0xffff, &(0x7f0000000cc0)=0x7, 0x82}, {0x7, &(0x7f0000000d00)=0x7f, 0x2}, {0xffffffffffffffff, &(0x7f0000000d40)=0x533, 0x2}, {0x80, &(0x7f0000000d80)=0xffffffff920ab670, 0x2}, {0xfffffffffffffff8, &(0x7f0000000dc0)=0x7, 0x2}, {0x18d, &(0x7f0000000e00)=0x8, 0x2}, {0x8, &(0x7f0000000e40)=0x4, 0x2}, {0x8000000000000001, &(0x7f0000000e80), 0x82}, {0x1, &(0x7f0000000ec0)=0x2, 0x82}, {0xe, &(0x7f0000000f00)=0x8bbd, 0x82}, {0x9, &(0x7f0000000f40)=0x2, 0x2}, {0x0, &(0x7f0000000f80)=0xf, 0x82}, {0x2, &(0x7f0000000fc0)=0x8, 0x2}, {0x3, &(0x7f0000001000)=0x1, 0x1}, {0x8, &(0x7f0000001040), 0x2}, {0x2, &(0x7f0000001080)=0x2, 0x82}, {0xeb1, &(0x7f00000010c0)=0x10001, 0x2}, {0x9, &(0x7f0000001100), 0x2}, {0xfffffffffffffff9, &(0x7f0000001140)=0x80000000, 0x82}, {0x401, &(0x7f0000001180)=0x5, 0x82}, {0x4, &(0x7f00000011c0)=0x9, 0x2}, {0x62d, &(0x7f0000001200)=0x7, 0x82}, {0x0, &(0x7f0000001240)=0x7, 0x2}, {0x6, &(0x7f0000001280)}, {0x4, &(0x7f00000012c0)=0x9, 0x82}, {0x4, &(0x7f0000001300), 0x2}, {0x66, &(0x7f0000001340)=0x1, 0x82}, {0xffffffffffff8000, &(0x7f0000001380)=0xfffffffffffffffd, 0x82}, {0x7, &(0x7f00000013c0), 0x2}, {0x727a, &(0x7f0000001400)=0x4, 0x82}, {0x6, &(0x7f0000001440)=0x4, 0x82}, {0x0, &(0x7f0000001480)=0xd35, 0xc138dd234986ef56}, {0xffff, &(0x7f00000014c0)=0x78db, 0x2}, {0x7ec0, &(0x7f0000001500)=0x3}, {0x2, &(0x7f0000001540)=0x1, 0x82}, {0x5, &(0x7f0000001580)=0x3, 0x82}, {0x2, &(0x7f00000015c0)=0x4, 0x82}, {0x8, &(0x7f0000001600)=0x5, 0x82}, {0x10001, &(0x7f0000001640)=0x8000000000000000, 0x80}, {0x8000000000000000, &(0x7f0000001680)=0x100000000, 0x2}, {0x1, &(0x7f00000016c0), 0x82}, {0xfffffffffffffffe, &(0x7f0000001700)=0x9, 0x82}, {0x800, &(0x7f0000001740)=0x4, 0x2}, {0x7f, &(0x7f0000001780)=0x2ed7f5aa, 0x82}, {0x8, &(0x7f00000017c0), 0x2}, {0x7fff, &(0x7f0000001800)=0x8, 0x2}, {0x5, &(0x7f0000001840)=0x40, 0x82}, {0xffffffffffff0001, &(0x7f0000001880)=0x10, 0x82}, {0xede1, &(0x7f00000018c0)=0x4, 0x82}, {0x1, &(0x7f0000001900)=0x3, 0x2}, {0x3, &(0x7f0000001940)=0xa3b, 0x82}, {0x3, &(0x7f0000001980)=0x6, 0x82}, {0x3, &(0x7f00000019c0), 0x82}, {0x9, &(0x7f0000001a00)=0xfd9, 0x226792cf3a8fd292}, {0x4, &(0x7f0000001a40)=0x6, 0x2}, {0xa, &(0x7f0000001a80)=0x6, 0x3}, {0x8000000000000001, &(0x7f0000001ac0)=0x2, 0x82}, {0x2, &(0x7f0000001b00)=0x60032b5e, 0x2}, {0x80000001, &(0x7f0000001b40)=0xfffffffffffff801, 0x82}, {0x7, &(0x7f0000001b80), 0x2}, {0x1, &(0x7f0000001bc0)=0x3, 0x2}, {0x8, &(0x7f0000001c00)=0x9, 0x82}, {0x2, &(0x7f0000001c40)=0x4, 0x2}, {0x4, &(0x7f0000001c80)=0x4, 0x82}], 0x6d, 0x0, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x700, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000014000000f0ffffff0000000005000600000000000a0080ff00000000fc010000000000000000000000000000000000000000000005000500000000000a0000000000000000000000000000000000000000000000000000000000000008001200"], 0xa0}}, 0x4000)
syz_usb_connect(0x3, 0x59, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x8e, 0xcf, 0xd0, 0x8, 0xace, 0x1602, 0xe270, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x47, 0x2, 0x7f, 0x24, 0x80, 0x5, "", [{{0x9, 0x4, 0x9f, 0x5, 0x2, 0xcd, 0xa1, 0xbf, 0x2, [@uac_control={{0xa, 0x24, 0x1, 0x8000, 0xa}}], [{{0x9, 0x5, 0xa253e6fea1f253f3, 0x3, 0x10, 0x6, 0x5, 0xf4}}, {{0x9, 0x5, 0x8, 0x1, 0x40, 0xb9, 0x5, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x9c43a4be336c78a, 0xf, 0x9000}]}}]}}, {{0x9, 0x4, 0x5c, 0x14, 0x0, 0x50, 0x50, 0x3, 0x3, [@generic={0x2, 0xb}]}}]}}]}}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0})
executing program 0:
syz_open_dev$loop(0x0, 0x7, 0x184a81)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_BACKING_CLOSE(r0, 0x4004e502, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x100000})
socket$nl_audit(0x10, 0x3, 0x9)
executing program 0:
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
ioctl$BLKPG(r0, 0x1269, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = socket(0x10, 0x3, 0xc)
write(r1, &(0x7f0000000040)="ef", 0x1)
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_on}]})
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="4011040000000b8e04a60e0dfd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000ec0)={0x84, &(0x7f0000000a80)={0x40, 0xe, 0x3d, "e06705d890b4a497ed9d7466a53eed3ca06b96d84397b838887483ed7877c951f86659f1cc269e2878245649dc794a3e565e1e4519190a2710003b7177"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0xf0}, 0x0, &(0x7f0000000b80)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f0000000bc0)={0x20, 0x0, 0x8, {0x1e0, 0x10, [0xff0]}}, &(0x7f0000000c00)={0x40, 0x7, 0x2, 0x7}, &(0x7f0000000c40)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000c80)={0x40, 0xb, 0x2, "a212"}, &(0x7f0000000cc0)={0x40, 0xf, 0x2, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000880)={0x1c, &(0x7f0000000700)={0x40, 0x8, 0x4, "46e514d3"}, 0x0, 0x0})
executing program 3:
syz_usb_connect(0x4, 0x2d, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYBLOB="ebcaea7c5a36e900f66070f0727426faf84a64fcaab0049474dcfc55df1127562e5e68d1c9d6a2086aba26a106242eb27bf9acedadc572cdf34bcefdb9567d27afb34e0ea3d08b6d0d2edca8d74d10f98baba91f2034a248f3848645e0d1d2d02fea39d30bbc27e23df5e0a9502cb839830a92b00d4c543d26f96da4d4a442bcd102006f2e9e7025432e20b6dec8ba10780e5e6981b513b9a7bab895e9fdcee12074c6e93f21c02221f90000000000000000000000000000fe4f3b13d4fb00467ab2daecf3472d848031418d37d32474e0fee1663bd5f9913addb7397922b07f88e7bad9938131b35afcbc19b80000000000000000000000000000006573d04f097af5a35e8f6a9e0818b8c52e4d274182def4c4cdf3184370988799fae51fda853f611caab8b6caa77e9d403246fca034dd9fd8e3c5c44748b95c2d5be720d3bfcba0f83f904261f0e0c3fc5ac1e97579edff1d129c582cbed4ae8fbb1c6370d6a325dfd9149da3d90ac7dc7e8c0b8795f9e9dfc03cc7ce21be2c17780b414a543e55e7210da7c68f9215f900c7c2b6371bbabd958868e029ec1c5ae1"], 0x0)
executing program 2:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x989680}, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
finit_module(r0, 0x0, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
cachestat(r1, &(0x7f00000000c0)={0x8000000000000000, 0x7}, &(0x7f0000000100), 0x0)
ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000005580)='./file0\x00', &(0x7f00000055c0)='system.posix_acl_default\x00', 0x0, 0x0, 0x2)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x4ee98000, 0x4c8300)
ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000000)={0x11, 0x0, 0x0})
executing program 2:
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYRESOCT=0x0], 0x0)
executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)
executing program 3:
r0 = socket$inet6(0xa, 0x5, 0x6)
pwrite64(r0, &(0x7f0000000000)="a3d5d63b6318090c88cffe7f2935d1f0af4b92dd4992f68dccc350e5ac2e6f98e8121e93c23c24eaf5594aec267ed931149ef343448787bb2d95bb980c36ce5a1af541fe1a9aaf2d7539ea83379c428e480f62622e4dd484f159a276c07c43556567b9c491a8c09c661e132f97476f676f9f195541e0e74258d84af97b936e5dc697e0de48af318a6566db2ac3a2b5aaf4367916a42162d987ae", 0x9a, 0x6)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000000c0)={{{@in=@multicast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@private0}, 0x0, @in6=@mcast2}}, &(0x7f00000001c0)=0xe8)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000280)={0x60, 0x2, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f0000000200)=[{0x6, 0x87, 0x2}, {0x8, 0x8000000000000000, 0x249}, {0x10000, 0x1, 0x81}], 0x3, 0x6, 0x1a, 0x20, 0x4b})
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000340)={{{@in=@dev}}, {{@in=@private}, 0x0, @in6=@remote}}, &(0x7f0000000440)=0xe8)
read$snapshot(r2, &(0x7f0000000480)=""/4096, 0x1000)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000001480)=<r3=>0x0)
r4 = syz_open_procfs(r3, &(0x7f00000014c0)='fdinfo/3\x00')
getsockopt(r0, 0xfffffa9f, 0x4, &(0x7f0000001500)=""/141, &(0x7f00000015c0)=0x8d)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001640), r4)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r2, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001700)={&(0x7f0000001680)={0x78, r5, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20008014}, 0xc800)
r6 = creat(&(0x7f0000001780)='./file0\x00', 0x11)
ioctl$NILFS_IOCTL_GET_BDESCS(r4, 0xc0186e87, &(0x7f0000001840)={&(0x7f00000017c0)=[{0x4, 0x3, 0xffff, 0x8, 0xa}, {0x7, 0xd1, 0xffffffffffffff01, 0x2, 0x7}, {0xfffffffffffffffa, 0xffff, 0x0, 0x4, 0x1}], 0x3, 0x28, 0x1000, 0x400})
socket(0x67412ccd182c6578, 0x2, 0x1000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000001900)={'syztnl1\x00', &(0x7f0000001880)={'syztnl2\x00', r1, 0x29, 0x7, 0x8, 0xb, 0x40, @empty, @loopback, 0x7800, 0x40, 0x2, 0x13c0000}})
ioctl$sock_SIOCGIFCONF(r6, 0x8912, &(0x7f0000001a00)=@buf={0x83, &(0x7f0000001940)="5bff3133990c154bfc29e60a9ca85ae03487e2cdd6ddf1e74a07833a508ec637336223c4553b3d47955188c518bc14daf377643fe3c795a478e2bf2e0abd30b3c96e74393b6f0cf6d5d4772ee2de4e7d5a4090495425bcd567f5624eb55ce25306d343d55dbc2705e0ce4d9a6c3bf6eb55bcad67bcfb0c24effb4e7fbb228f8c9a9254"})
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001a40), 0x210280, 0x0)
ioctl$KDGETLED(r7, 0x4b31, &(0x7f0000001a80))
ioctl$OCFS2_IOC_RESVSP64(r0, 0x4030582a, &(0x7f0000001ac0)={0x2, 0x0, 0x3ff, 0xd486, 0x0, 0x1})
ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, &(0x7f0000001b00)={0x5, [0x80000001, 0x401, 0x63, 0x4, 0xff]})
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000001b40)={0x433d3eb9, 0x7ca16064})
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x11)
syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001bc0)=[@text64={0x40, &(0x7f0000001b80)="c4a3995e5152740f1c65a1b9800000c00f3235002000000f30660fc731400f23450f060f20c035000000200f22c0420f4dd7410fa7c026673e0f07", 0x3b}], 0x1, 0x40, &(0x7f0000001c00), 0x0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000001c40)=[{{0x3, 0x0, 0x1, 0x1}, {0x4, 0x1}}, {{}, {0x0, 0x1, 0x0, 0x1}}, {{0x3, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x1}}], 0x18)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000001c80), 0x1, 0x0)
fadvise64(r7, 0x3, 0x6, 0x5)
fallocate(r7, 0x4b, 0x1ff, 0x81)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000001cc0)={0x8, {{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x1, 0x2, [{{0x2, 0x4e24, @remote}}, {{0x2, 0x4e23, @multicast2}}]}, 0x190)
bind$bt_hci(r6, &(0x7f0000001e80)={0x1f, 0x3, 0x3}, 0x6)

program crashed: WARNING in ovl_dir_modified
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 1, 14, 1, 11, 30]
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_on}]})
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="4011040000000b8e04a60e0dfd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000ec0)={0x84, &(0x7f0000000a80)={0x40, 0xe, 0x3d, "e06705d890b4a497ed9d7466a53eed3ca06b96d84397b838887483ed7877c951f86659f1cc269e2878245649dc794a3e565e1e4519190a2710003b7177"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0xf0}, 0x0, &(0x7f0000000b80)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f0000000bc0)={0x20, 0x0, 0x8, {0x1e0, 0x10, [0xff0]}}, &(0x7f0000000c00)={0x40, 0x7, 0x2, 0x7}, &(0x7f0000000c40)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000c80)={0x40, 0xb, 0x2, "a212"}, &(0x7f0000000cc0)={0x40, 0xf, 0x2, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000880)={0x1c, &(0x7f0000000700)={0x40, 0x8, 0x4, "46e514d3"}, 0x0, 0x0})
executing program 3:
syz_usb_connect(0x4, 0x2d, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYBLOB="ebcaea7c5a36e900f66070f0727426faf84a64fcaab0049474dcfc55df1127562e5e68d1c9d6a2086aba26a106242eb27bf9acedadc572cdf34bcefdb9567d27afb34e0ea3d08b6d0d2edca8d74d10f98baba91f2034a248f3848645e0d1d2d02fea39d30bbc27e23df5e0a9502cb839830a92b00d4c543d26f96da4d4a442bcd102006f2e9e7025432e20b6dec8ba10780e5e6981b513b9a7bab895e9fdcee12074c6e93f21c02221f90000000000000000000000000000fe4f3b13d4fb00467ab2daecf3472d848031418d37d32474e0fee1663bd5f9913addb7397922b07f88e7bad9938131b35afcbc19b80000000000000000000000000000006573d04f097af5a35e8f6a9e0818b8c52e4d274182def4c4cdf3184370988799fae51fda853f611caab8b6caa77e9d403246fca034dd9fd8e3c5c44748b95c2d5be720d3bfcba0f83f904261f0e0c3fc5ac1e97579edff1d129c582cbed4ae8fbb1c6370d6a325dfd9149da3d90ac7dc7e8c0b8795f9e9dfc03cc7ce21be2c17780b414a543e55e7210da7c68f9215f900c7c2b6371bbabd958868e029ec1c5ae1"], 0x0)
executing program 2:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x989680}, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
finit_module(r0, 0x0, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
cachestat(r1, &(0x7f00000000c0)={0x8000000000000000, 0x7}, &(0x7f0000000100), 0x0)
ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000005580)='./file0\x00', &(0x7f00000055c0)='system.posix_acl_default\x00', 0x0, 0x0, 0x2)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x4ee98000, 0x4c8300)
ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000000)={0x11, 0x0, 0x0})
executing program 2:
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYRESOCT=0x0], 0x0)
executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)
executing program 3:
r0 = socket$inet6(0xa, 0x5, 0x6)
pwrite64(r0, &(0x7f0000000000)="a3d5d63b6318090c88cffe7f2935d1f0af4b92dd4992f68dccc350e5ac2e6f98e8121e93c23c24eaf5594aec267ed931149ef343448787bb2d95bb980c36ce5a1af541fe1a9aaf2d7539ea83379c428e480f62622e4dd484f159a276c07c43556567b9c491a8c09c661e132f97476f676f9f195541e0e74258d84af97b936e5dc697e0de48af318a6566db2ac3a2b5aaf4367916a42162d987ae", 0x9a, 0x6)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000000c0)={{{@in=@multicast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@private0}, 0x0, @in6=@mcast2}}, &(0x7f00000001c0)=0xe8)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000280)={0x60, 0x2, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f0000000200)=[{0x6, 0x87, 0x2}, {0x8, 0x8000000000000000, 0x249}, {0x10000, 0x1, 0x81}], 0x3, 0x6, 0x1a, 0x20, 0x4b})
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000340)={{{@in=@dev}}, {{@in=@private}, 0x0, @in6=@remote}}, &(0x7f0000000440)=0xe8)
read$snapshot(r2, &(0x7f0000000480)=""/4096, 0x1000)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000001480)=<r3=>0x0)
r4 = syz_open_procfs(r3, &(0x7f00000014c0)='fdinfo/3\x00')
getsockopt(r0, 0xfffffa9f, 0x4, &(0x7f0000001500)=""/141, &(0x7f00000015c0)=0x8d)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001640), r4)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r2, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001700)={&(0x7f0000001680)={0x78, r5, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20008014}, 0xc800)
r6 = creat(&(0x7f0000001780)='./file0\x00', 0x11)
ioctl$NILFS_IOCTL_GET_BDESCS(r4, 0xc0186e87, &(0x7f0000001840)={&(0x7f00000017c0)=[{0x4, 0x3, 0xffff, 0x8, 0xa}, {0x7, 0xd1, 0xffffffffffffff01, 0x2, 0x7}, {0xfffffffffffffffa, 0xffff, 0x0, 0x4, 0x1}], 0x3, 0x28, 0x1000, 0x400})
socket(0x67412ccd182c6578, 0x2, 0x1000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000001900)={'syztnl1\x00', &(0x7f0000001880)={'syztnl2\x00', r1, 0x29, 0x7, 0x8, 0xb, 0x40, @empty, @loopback, 0x7800, 0x40, 0x2, 0x13c0000}})
ioctl$sock_SIOCGIFCONF(r6, 0x8912, &(0x7f0000001a00)=@buf={0x83, &(0x7f0000001940)="5bff3133990c154bfc29e60a9ca85ae03487e2cdd6ddf1e74a07833a508ec637336223c4553b3d47955188c518bc14daf377643fe3c795a478e2bf2e0abd30b3c96e74393b6f0cf6d5d4772ee2de4e7d5a4090495425bcd567f5624eb55ce25306d343d55dbc2705e0ce4d9a6c3bf6eb55bcad67bcfb0c24effb4e7fbb228f8c9a9254"})
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001a40), 0x210280, 0x0)
ioctl$KDGETLED(r7, 0x4b31, &(0x7f0000001a80))
ioctl$OCFS2_IOC_RESVSP64(r0, 0x4030582a, &(0x7f0000001ac0)={0x2, 0x0, 0x3ff, 0xd486, 0x0, 0x1})
ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, &(0x7f0000001b00)={0x5, [0x80000001, 0x401, 0x63, 0x4, 0xff]})
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000001b40)={0x433d3eb9, 0x7ca16064})
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x11)
syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001bc0)=[@text64={0x40, &(0x7f0000001b80)="c4a3995e5152740f1c65a1b9800000c00f3235002000000f30660fc731400f23450f060f20c035000000200f22c0420f4dd7410fa7c026673e0f07", 0x3b}], 0x1, 0x40, &(0x7f0000001c00), 0x0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000001c40)=[{{0x3, 0x0, 0x1, 0x1}, {0x4, 0x1}}, {{}, {0x0, 0x1, 0x0, 0x1}}, {{0x3, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x1}}], 0x18)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000001c80), 0x1, 0x0)
fadvise64(r7, 0x3, 0x6, 0x5)
fallocate(r7, 0x4b, 0x1ff, 0x81)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000001cc0)={0x8, {{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x1, 0x2, [{{0x2, 0x4e24, @remote}}, {{0x2, 0x4e23, @multicast2}}]}, 0x190)
bind$bt_hci(r6, &(0x7f0000001e80)={0x1f, 0x3, 0x3}, 0x6)

program crashed: WARNING in ovl_dir_modified
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
bisect: split chunks (needed=true): <6>
bisect: split chunk #0 of len 6 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 11, 30]
detailed listing:
executing program 2:
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYRESOCT=0x0], 0x0)
executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)
executing program 3:
r0 = socket$inet6(0xa, 0x5, 0x6)
pwrite64(r0, &(0x7f0000000000)="a3d5d63b6318090c88cffe7f2935d1f0af4b92dd4992f68dccc350e5ac2e6f98e8121e93c23c24eaf5594aec267ed931149ef343448787bb2d95bb980c36ce5a1af541fe1a9aaf2d7539ea83379c428e480f62622e4dd484f159a276c07c43556567b9c491a8c09c661e132f97476f676f9f195541e0e74258d84af97b936e5dc697e0de48af318a6566db2ac3a2b5aaf4367916a42162d987ae", 0x9a, 0x6)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000000c0)={{{@in=@multicast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@private0}, 0x0, @in6=@mcast2}}, &(0x7f00000001c0)=0xe8)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000280)={0x60, 0x2, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f0000000200)=[{0x6, 0x87, 0x2}, {0x8, 0x8000000000000000, 0x249}, {0x10000, 0x1, 0x81}], 0x3, 0x6, 0x1a, 0x20, 0x4b})
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000340)={{{@in=@dev}}, {{@in=@private}, 0x0, @in6=@remote}}, &(0x7f0000000440)=0xe8)
read$snapshot(r2, &(0x7f0000000480)=""/4096, 0x1000)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000001480)=<r3=>0x0)
r4 = syz_open_procfs(r3, &(0x7f00000014c0)='fdinfo/3\x00')
getsockopt(r0, 0xfffffa9f, 0x4, &(0x7f0000001500)=""/141, &(0x7f00000015c0)=0x8d)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001640), r4)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r2, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001700)={&(0x7f0000001680)={0x78, r5, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20008014}, 0xc800)
r6 = creat(&(0x7f0000001780)='./file0\x00', 0x11)
ioctl$NILFS_IOCTL_GET_BDESCS(r4, 0xc0186e87, &(0x7f0000001840)={&(0x7f00000017c0)=[{0x4, 0x3, 0xffff, 0x8, 0xa}, {0x7, 0xd1, 0xffffffffffffff01, 0x2, 0x7}, {0xfffffffffffffffa, 0xffff, 0x0, 0x4, 0x1}], 0x3, 0x28, 0x1000, 0x400})
socket(0x67412ccd182c6578, 0x2, 0x1000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000001900)={'syztnl1\x00', &(0x7f0000001880)={'syztnl2\x00', r1, 0x29, 0x7, 0x8, 0xb, 0x40, @empty, @loopback, 0x7800, 0x40, 0x2, 0x13c0000}})
ioctl$sock_SIOCGIFCONF(r6, 0x8912, &(0x7f0000001a00)=@buf={0x83, &(0x7f0000001940)="5bff3133990c154bfc29e60a9ca85ae03487e2cdd6ddf1e74a07833a508ec637336223c4553b3d47955188c518bc14daf377643fe3c795a478e2bf2e0abd30b3c96e74393b6f0cf6d5d4772ee2de4e7d5a4090495425bcd567f5624eb55ce25306d343d55dbc2705e0ce4d9a6c3bf6eb55bcad67bcfb0c24effb4e7fbb228f8c9a9254"})
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001a40), 0x210280, 0x0)
ioctl$KDGETLED(r7, 0x4b31, &(0x7f0000001a80))
ioctl$OCFS2_IOC_RESVSP64(r0, 0x4030582a, &(0x7f0000001ac0)={0x2, 0x0, 0x3ff, 0xd486, 0x0, 0x1})
ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, &(0x7f0000001b00)={0x5, [0x80000001, 0x401, 0x63, 0x4, 0xff]})
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000001b40)={0x433d3eb9, 0x7ca16064})
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x11)
syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001bc0)=[@text64={0x40, &(0x7f0000001b80)="c4a3995e5152740f1c65a1b9800000c00f3235002000000f30660fc731400f23450f060f20c035000000200f22c0420f4dd7410fa7c026673e0f07", 0x3b}], 0x1, 0x40, &(0x7f0000001c00), 0x0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000001c40)=[{{0x3, 0x0, 0x1, 0x1}, {0x4, 0x1}}, {{}, {0x0, 0x1, 0x0, 0x1}}, {{0x3, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x1}}], 0x18)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000001c80), 0x1, 0x0)
fadvise64(r7, 0x3, 0x6, 0x5)
fallocate(r7, 0x4b, 0x1ff, 0x81)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000001cc0)={0x8, {{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x1, 0x2, [{{0x2, 0x4e24, @remote}}, {{0x2, 0x4e23, @multicast2}}]}, 0x190)
bind$bt_hci(r6, &(0x7f0000001e80)={0x1f, 0x3, 0x3}, 0x6)

program crashed: WARNING in ovl_dir_modified
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <3>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-pwrite64-getsockopt$inet6_IPV6_IPSEC_POLICY-ioctl$PAGEMAP_SCAN-openat$null-getsockopt$inet_IP_XFRM_POLICY-read$snapshot-ioctl$sock_FIOGETOWN-syz_open_procfs-getsockopt-syz_genetlink_get_family_id$ethtool-sendmsg$ETHTOOL_MSG_FEATURES_GET-creat-ioctl$NILFS_IOCTL_GET_BDESCS-socket-ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL-ioctl$sock_SIOCGIFCONF-openat$ttyS3-ioctl$KDGETLED-ioctl$OCFS2_IOC_RESVSP64-ioctl$KVM_GET_REG_LIST-ioctl$KVM_TPR_ACCESS_REPORTING-ioctl$KVM_CREATE_VM-syz_kvm_setup_cpu$x86-setsockopt$CAN_RAW_FILTER-openat$binfmt_register-fadvise64-fallocate-setsockopt$inet_MCAST_MSFILTER-bind$bt_hci
detailed listing:
executing program 3:
r0 = socket$inet6(0xa, 0x5, 0x6)
pwrite64(r0, &(0x7f0000000000)="a3d5d63b6318090c88cffe7f2935d1f0af4b92dd4992f68dccc350e5ac2e6f98e8121e93c23c24eaf5594aec267ed931149ef343448787bb2d95bb980c36ce5a1af541fe1a9aaf2d7539ea83379c428e480f62622e4dd484f159a276c07c43556567b9c491a8c09c661e132f97476f676f9f195541e0e74258d84af97b936e5dc697e0de48af318a6566db2ac3a2b5aaf4367916a42162d987ae", 0x9a, 0x6)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000000c0)={{{@in=@multicast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@private0}, 0x0, @in6=@mcast2}}, &(0x7f00000001c0)=0xe8)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000280)={0x60, 0x2, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f0000000200)=[{0x6, 0x87, 0x2}, {0x8, 0x8000000000000000, 0x249}, {0x10000, 0x1, 0x81}], 0x3, 0x6, 0x1a, 0x20, 0x4b})
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000340)={{{@in=@dev}}, {{@in=@private}, 0x0, @in6=@remote}}, &(0x7f0000000440)=0xe8)
read$snapshot(r2, &(0x7f0000000480)=""/4096, 0x1000)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000001480)=<r3=>0x0)
r4 = syz_open_procfs(r3, &(0x7f00000014c0)='fdinfo/3\x00')
getsockopt(r0, 0xfffffa9f, 0x4, &(0x7f0000001500)=""/141, &(0x7f00000015c0)=0x8d)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001640), r4)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r2, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001700)={&(0x7f0000001680)={0x78, r5, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20008014}, 0xc800)
r6 = creat(&(0x7f0000001780)='./file0\x00', 0x11)
ioctl$NILFS_IOCTL_GET_BDESCS(r4, 0xc0186e87, &(0x7f0000001840)={&(0x7f00000017c0)=[{0x4, 0x3, 0xffff, 0x8, 0xa}, {0x7, 0xd1, 0xffffffffffffff01, 0x2, 0x7}, {0xfffffffffffffffa, 0xffff, 0x0, 0x4, 0x1}], 0x3, 0x28, 0x1000, 0x400})
socket(0x67412ccd182c6578, 0x2, 0x1000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000001900)={'syztnl1\x00', &(0x7f0000001880)={'syztnl2\x00', r1, 0x29, 0x7, 0x8, 0xb, 0x40, @empty, @loopback, 0x7800, 0x40, 0x2, 0x13c0000}})
ioctl$sock_SIOCGIFCONF(r6, 0x8912, &(0x7f0000001a00)=@buf={0x83, &(0x7f0000001940)="5bff3133990c154bfc29e60a9ca85ae03487e2cdd6ddf1e74a07833a508ec637336223c4553b3d47955188c518bc14daf377643fe3c795a478e2bf2e0abd30b3c96e74393b6f0cf6d5d4772ee2de4e7d5a4090495425bcd567f5624eb55ce25306d343d55dbc2705e0ce4d9a6c3bf6eb55bcad67bcfb0c24effb4e7fbb228f8c9a9254"})
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001a40), 0x210280, 0x0)
ioctl$KDGETLED(r7, 0x4b31, &(0x7f0000001a80))
ioctl$OCFS2_IOC_RESVSP64(r0, 0x4030582a, &(0x7f0000001ac0)={0x2, 0x0, 0x3ff, 0xd486, 0x0, 0x1})
ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, &(0x7f0000001b00)={0x5, [0x80000001, 0x401, 0x63, 0x4, 0xff]})
ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000001b40)={0x433d3eb9, 0x7ca16064})
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x11)
syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001bc0)=[@text64={0x40, &(0x7f0000001b80)="c4a3995e5152740f1c65a1b9800000c00f3235002000000f30660fc731400f23450f060f20c035000000200f22c0420f4dd7410fa7c026673e0f07", 0x3b}], 0x1, 0x40, &(0x7f0000001c00), 0x0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000001c40)=[{{0x3, 0x0, 0x1, 0x1}, {0x4, 0x1}}, {{}, {0x0, 0x1, 0x0, 0x1}}, {{0x3, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x1}}], 0x18)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000001c80), 0x1, 0x0)
fadvise64(r7, 0x3, 0x6, 0x5)
fallocate(r7, 0x4b, 0x1ff, 0x81)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000001cc0)={0x8, {{0x2, 0x4e21, @rand_addr=0x64010100}}, 0x1, 0x2, [{{0x2, 0x4e24, @remote}}, {{0x2, 0x4e23, @multicast2}}]}, 0x190)
bind$bt_hci(r6, &(0x7f0000001e80)={0x1f, 0x3, 0x3}, 0x6)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 11]
detailed listing:
executing program 2:
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYRESOCT=0x0], 0x0)
executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-setsockopt$inet6_group_source_req-socket$inet6-close_range-write$binfmt_register-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 1 programs left: 

executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)


bisect: trying to concatenate
bisect: concatenate 1 entries
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-setsockopt$inet6_group_source_req-socket$inet6-close_range-write$binfmt_register-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
bisect: concatenation succeeded
found reproducer with 11 syscalls
minimizing guilty program
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-setsockopt$inet6_group_source_req-socket$inet6-close_range-write$binfmt_register-mkdirat-mount$overlay-chdir-mkdir
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-setsockopt$inet6_group_source_req-socket$inet6-close_range-write$binfmt_register-mkdirat-mount$overlay-chdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-setsockopt$inet6_group_source_req-socket$inet6-close_range-write$binfmt_register-mkdirat-mount$overlay-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-setsockopt$inet6_group_source_req-socket$inet6-close_range-write$binfmt_register-mkdirat-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-setsockopt$inet6_group_source_req-socket$inet6-close_range-write$binfmt_register-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x4, 0x3a, 'upperdir', 0x3a, 'workdir', 0x3a, './bus', 0x3a, [0x43, 0x46, 0x50]}, 0x37)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-setsockopt$inet6_group_source_req-socket$inet6-close_range-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
close_range(r0, r1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-setsockopt$inet6_group_source_req-socket$inet6-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-setsockopt$inet6_group_source_req-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-socket-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
socket(0x80000000000000a, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, 0x0, 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, 0x0, 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, 0x0, &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', 0x0, 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, 0x0)
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080))
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(0x0, 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000), 0x82, 0x0)

program did not crash
testing program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x82, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=42.573899618s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
simplifying C reproducer
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program did not crash
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program did not crash
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program did not crash
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
testing compiled C program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
program crashed: WARNING in ovl_dir_modified
testing program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
validation run: crashed=true
testing program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
validation run: crashed=true
testing program (duration=42.573899618s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mkdirat-mount$overlay-chdir-mkdir-mount$incfs
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x140)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x82, 0x0)

program crashed: WARNING in ovl_dir_modified
validation run: crashed=true
reproducing took 36m21.383507702s
repro crashed as (corrupted=false):
veth0_vlan: entered promiscuous mode
veth1_macvtap: entered promiscuous mode
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Not tainted syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812180d2df R09: 1ffff11024301a5b
R10: dffffc0000000000 R11: ffffed1024301a5c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812180d240 R15: ffff88811390daa0
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000064f6 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812180d2df R09: 1ffff11024301a5b
R10: dffffc0000000000 R11: ffffed1024301a5c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812180d240 R15: ffff88811390daa0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cb8000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000064f6 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812180e4ff R09: 1ffff11024301c9f
R10: dffffc0000000000 R11: ffffed1024301ca0 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812180e460 R15: ffff8881139ff990
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 000000000000679d R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812180e4ff R09: 1ffff11024301c9f
R10: dffffc0000000000 R11: ffffed1024301ca0 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812180e460 R15: ffff8881139ff990
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cb7000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 000000000000679d R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881211b40bf R09: 1ffff11024236817
R10: dffffc0000000000 R11: ffffed1024236818 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881211b4020 R15: ffff888113926aa0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006a46 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881211b40bf R09: 1ffff11024236817
R10: dffffc0000000000 R11: ffffed1024236818 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881211b4020 R15: ffff888113926aa0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006a46 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212aa89f R09: 1ffff11024255513
R10: dffffc0000000000 R11: ffffed1024255514 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212aa800 R15: ffff888113a13220
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006cff R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212aa89f R09: 1ffff11024255513
R10: dffffc0000000000 R11: ffffed1024255514 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212aa800 R15: ffff888113a13220
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006cff R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881213207ff R09: 1ffff110242640ff
R10: dffffc0000000000 R11: ffffed1024264100 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121320760 R15: ffff888113933cc0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006f9f R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881213207ff R09: 1ffff110242640ff
R10: dffffc0000000000 R11: ffffed1024264100 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121320760 R15: ffff888113933cc0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006f9f R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212ec0bf R09: 1ffff1102425d817
R10: dffffc0000000000 R11: ffffed102425d818 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212ec020 R15: ffff888113a2aee0
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007250 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212ec0bf R09: 1ffff1102425d817
R10: dffffc0000000000 R11: ffffed102425d818 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212ec020 R15: ffff888113a2aee0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cbb000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007250 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212f52df R09: 1ffff1102425ea5b
R10: dffffc0000000000 R11: ffffed102425ea5c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212f5240 R15: ffff888121336770
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000074f9 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212f52df R09: 1ffff1102425ea5b
R10: dffffc0000000000 R11: ffffed102425ea5c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212f5240 R15: ffff888121336770
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cc0000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000074f9 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881211bc7ff R09: 1ffff110242378ff
R10: dffffc0000000000 R11: ffffed1024237900 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881211bc760 R15: ffff888113934880
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000077a4 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881211bc7ff R09: 1ffff110242378ff
R10: dffffc0000000000 R11: ffffed1024237900 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881211bc760 R15: ffff888113934880
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cbf000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000077a4 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88811be9167f R09: 1ffff110237d22cf
R10: dffffc0000000000 R11: ffffed10237d22d0 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88811be915e0 R15: ffff88812133a000
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007a4d R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88811be9167f R09: 1ffff110237d22cf
R10: dffffc0000000000 R11: ffffed10237d22d0 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88811be915e0 R15: ffff88812133a000
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007a4d R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212547ff R09: 1ffff1102424a8ff
R10: dffffc0000000000 R11: ffffed102424a900 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121254760 R15: ffff8881212bb770
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007cf6 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212547ff R09: 1ffff1102424a8ff
R10: dffffc0000000000 R11: ffffed102424a900 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121254760 R15: ffff8881212bb770
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cc3000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007cf6 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff888121221dbf R09: 1ffff110242443b7
R10: dffffc0000000000 R11: ffffed10242443b8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121221d20 R15: ffff888121396330
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007f9f R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff888121221dbf R09: 1ffff110242443b7
R10: dffffc0000000000 R11: ffffed10242443b8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121221d20 R15: ffff888121396330
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cc8000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007f9f R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812133ddbf R09: 1ffff11024267bb7
R10: dffffc0000000000 R11: ffffed1024267bb8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812133dd20 R15: ffff888113a32880
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000008247 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812133ddbf R09: 1ffff11024267bb7
R10: dffffc0000000000 R11: ffffed1024267bb8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812133dd20 R15: ffff888113a32880
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7d00000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000008247 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812132babf R09: 1ffff11024265757
R10: dffffc0000000000 R11: ffffed1024265758 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812132ba20 R15: ffff888113ae8330
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000084ee R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812132babf R09: 1ffff11024265757
R10: dffffc0000000000 R11: ffffed1024265758 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812132ba20 R15: ffff888113ae8330
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000084ee R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881213280bf R09: 1ffff11024265017
R10: dffffc0000000000 R11: ffffed1024265018 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121328020 R15: ffff888113aaccc0
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000008796 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881213280bf R09: 1ffff11024265017
R10: dffffc0000000000 R11: ffffed1024265018 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121328020 R15: ffff888113aaccc0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7d02000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000008796 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812125045f R09: 1ffff1102424a08b
R10: dffffc0000000000 R11: ffffed102424a08c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212503c0 R15: ffff888113aec660
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000008a3f R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812125045f R09: 1ffff1102424a08b
R10: dffffc0000000000 R11: ffffed102424a08c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212503c0 R15: ffff888113aec660
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cca000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:

final repro crashed as (corrupted=false):
veth0_vlan: entered promiscuous mode
veth1_macvtap: entered promiscuous mode
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Not tainted syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812180d2df R09: 1ffff11024301a5b
R10: dffffc0000000000 R11: ffffed1024301a5c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812180d240 R15: ffff88811390daa0
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000064f6 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812180d2df R09: 1ffff11024301a5b
R10: dffffc0000000000 R11: ffffed1024301a5c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812180d240 R15: ffff88811390daa0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cb8000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000064f6 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812180e4ff R09: 1ffff11024301c9f
R10: dffffc0000000000 R11: ffffed1024301ca0 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812180e460 R15: ffff8881139ff990
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 000000000000679d R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812180e4ff R09: 1ffff11024301c9f
R10: dffffc0000000000 R11: ffffed1024301ca0 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812180e460 R15: ffff8881139ff990
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cb7000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 000000000000679d R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881211b40bf R09: 1ffff11024236817
R10: dffffc0000000000 R11: ffffed1024236818 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881211b4020 R15: ffff888113926aa0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006a46 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881211b40bf R09: 1ffff11024236817
R10: dffffc0000000000 R11: ffffed1024236818 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881211b4020 R15: ffff888113926aa0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006a46 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212aa89f R09: 1ffff11024255513
R10: dffffc0000000000 R11: ffffed1024255514 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212aa800 R15: ffff888113a13220
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006cff R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212aa89f R09: 1ffff11024255513
R10: dffffc0000000000 R11: ffffed1024255514 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212aa800 R15: ffff888113a13220
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006cff R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881213207ff R09: 1ffff110242640ff
R10: dffffc0000000000 R11: ffffed1024264100 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121320760 R15: ffff888113933cc0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006f9f R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881213207ff R09: 1ffff110242640ff
R10: dffffc0000000000 R11: ffffed1024264100 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121320760 R15: ffff888113933cc0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000006f9f R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212ec0bf R09: 1ffff1102425d817
R10: dffffc0000000000 R11: ffffed102425d818 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212ec020 R15: ffff888113a2aee0
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007250 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212ec0bf R09: 1ffff1102425d817
R10: dffffc0000000000 R11: ffffed102425d818 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212ec020 R15: ffff888113a2aee0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cbb000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007250 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212f52df R09: 1ffff1102425ea5b
R10: dffffc0000000000 R11: ffffed102425ea5c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212f5240 R15: ffff888121336770
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000074f9 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212f52df R09: 1ffff1102425ea5b
R10: dffffc0000000000 R11: ffffed102425ea5c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212f5240 R15: ffff888121336770
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cc0000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000074f9 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881211bc7ff R09: 1ffff110242378ff
R10: dffffc0000000000 R11: ffffed1024237900 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881211bc760 R15: ffff888113934880
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000077a4 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881211bc7ff R09: 1ffff110242378ff
R10: dffffc0000000000 R11: ffffed1024237900 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881211bc760 R15: ffff888113934880
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cbf000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000077a4 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88811be9167f R09: 1ffff110237d22cf
R10: dffffc0000000000 R11: ffffed10237d22d0 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88811be915e0 R15: ffff88812133a000
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007a4d R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88811be9167f R09: 1ffff110237d22cf
R10: dffffc0000000000 R11: ffffed10237d22d0 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88811be915e0 R15: ffff88812133a000
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007a4d R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212547ff R09: 1ffff1102424a8ff
R10: dffffc0000000000 R11: ffffed102424a900 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121254760 R15: ffff8881212bb770
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007cf6 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881212547ff R09: 1ffff1102424a8ff
R10: dffffc0000000000 R11: ffffed102424a900 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121254760 R15: ffff8881212bb770
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cc3000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007cf6 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff888121221dbf R09: 1ffff110242443b7
R10: dffffc0000000000 R11: ffffed10242443b8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121221d20 R15: ffff888121396330
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007f9f R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff888121221dbf R09: 1ffff110242443b7
R10: dffffc0000000000 R11: ffffed10242443b8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121221d20 R15: ffff888121396330
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cc8000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000007f9f R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812133ddbf R09: 1ffff11024267bb7
R10: dffffc0000000000 R11: ffffed1024267bb8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812133dd20 R15: ffff888113a32880
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000008247 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812133ddbf R09: 1ffff11024267bb7
R10: dffffc0000000000 R11: ffffed1024267bb8 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812133dd20 R15: ffff888113a32880
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7d00000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000008247 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812132babf R09: 1ffff11024265757
R10: dffffc0000000000 R11: ffffed1024265758 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812132ba20 R15: ffff888113ae8330
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000084ee R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812132babf R09: 1ffff11024265757
R10: dffffc0000000000 R11: ffffed1024265758 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88812132ba20 R15: ffff888113ae8330
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 00000000000084ee R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881213280bf R09: 1ffff11024265017
R10: dffffc0000000000 R11: ffffed1024265018 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121328020 R15: ffff888113aaccc0
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000008796 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff8881213280bf R09: 1ffff11024265017
R10: dffffc0000000000 R11: ffffed1024265018 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888121328020 R15: ffff888113aaccc0
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7d02000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x1a0/0x230 fs/incfs/vfs.c:1972
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000008796 R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 0 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 0 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812125045f R09: 1ffff1102424a08b
R10: dffffc0000000000 R11: ffffed102424a08c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212503c0 R15: ffff888113aec660
FS:  000055555b2da500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555b2fd958 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 ovl_remove_upper fs/overlayfs/dir.c:841 [inline]
 ovl_do_remove+0x81b/0xda0 fs/overlayfs/dir.c:912
 ovl_rmdir+0x1e/0x30 fs/overlayfs/dir.c:945
 vfs_rmdir+0x3e0/0x560 fs/namei.c:4348
 incfs_kill_sb+0x109/0x230 fs/incfs/vfs.c:1968
 deactivate_locked_super+0xd8/0x2a0 fs/super.c:478
 deactivate_super+0xb8/0xe0 fs/super.c:511
 cleanup_mnt+0x406/0x4a0 fs/namespace.c:1380
 __cleanup_mnt+0x1d/0x40 fs/namespace.c:1387
 task_work_run+0x1e5/0x260 kernel/task_work.c:246
 resume_user_mode_work+0x35/0x50 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x63/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x63/0xf0 arch/x86/entry/common.c:84
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f651099e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe24a6df08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f651099e097
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe24a6dfc0
RBP: 00007ffe24a6dfc0 R08: 00007ffe24a6efc0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe24a6f0b0
R13: 00007f6510a321ca R14: 0000000000008a3f R15: 00007ffe24a70180
 </TASK>
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
WARNING: CPU: 1 PID: 379 at fs/overlayfs/util.c:605 ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Modules linked in:
CPU: 1 UID: 0 PID: 379 Comm: syz-executor Tainted: G        W          syzkaller #0 34657ac36494637a46594e839f4fce42f3877519
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ovl_dir_version_inc fs/overlayfs/util.c:605 [inline]
RIP: 0010:ovl_dir_modified+0x15a/0x190 fs/overlayfs/util.c:623
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 2e 51 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 56 b2 3e ff <0f> 0b e9 3e ff ff ff e8 4a b2 3e ff 0f 0b e9 6e ff ff ff 44 89 f9
RSP: 0018:ffffc90003aefb48 EFLAGS: 00010293
RAX: ffffffff8249147a RBX: 0000000000000000 RCX: ffff888114f2a600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003aefb70 R08: ffff88812125045f R09: 1ffff1102424a08b
R10: dffffc0000000000 R11: ffffed102424a08c R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8881212503c0 R15: ffff888113aec660
FS:  000055555b2da500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000d65e7cca000 CR3: 0000000113e6e000 CR4: 00000000003526b0
Call Trace: