last executing test programs:

888.665764ms ago: executing program 1 (id=2):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180)='./file0/file0\x00')
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r2 = socket$netlink(0x10, 0x3, 0x0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000280)={0x8000000000000001, {0x8, 0xfffffffffffffff1, 0x7, 0x7, 0x7}})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
chdir(&(0x7f0000000140)='./bus\x00')

853.132875ms ago: executing program 2 (id=3):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180)='./file0/file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r2 = socket$netlink(0x10, 0x3, 0x0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000280)={0x8000000000000001, {0x8, 0xfffffffffffffff1, 0x7, 0x7, 0x7}})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
chdir(&(0x7f0000000140)='./bus\x00')

847.433145ms ago: executing program 0 (id=1):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
chdir(&(0x7f00000003c0)='./file0\x00')
rename(&(0x7f00000003c0)='./file0\x00', 0x0)
syz_read_part_table(0x5c3, &(0x7f00000005c0)="$eJzs2z9I22kYB/A31lBohw7XqVPbocPRpaVjM7QlSVsqhKiL3KCgiJgpghC5gKAHmkExgzi6iJDFP5Mxg5Oi4Czi4CE4uNyhi+BiDvG97e7wUI8rfD7w48n75vu+T54h4y/wXWsJvzebzUQIofnwrxPNfzjdWUtnvjzPfch3xMvCfPWXH64+Jv48HW99GdeHcb0w/6gxefY5WTtoP3/VvVlpid+PxufxYr3zDsbjni2ltp6MjRezU6XUwH62fDyxt9u2fJrO179Vqitfk596Y2471tZYh0IpjITB0BMKoRD6QvGO+s/Vjt5cPsvW1vrfX2Qa0xtvYy53yzlv2n/4xUxXtfzx9erT2Xel9Z38yYPrXOFv/l0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPy/LKW2noyNF7NTpdTAfrZ8PLG327Z8ms7Xv1WqK1+Tn3pjbjvW1liHQimMhMHQEwohEfpC8Y76z9WO3lw+y9bW+t9fZBrTG29jLnfLOW/af/jFTFe1/PH16tPZd6X1nfzJg+tc4eE9/QAAAAAAAAAAAAAAAAAAAAAIIaQzX57nPuQ7QkiEn0Jr+PG3n1uu9pvxffdEzL2M9TDuL8w/akyefU7WDtrPX3VvVn6N+6PxebxY7/zPh+Ff+yMAAP//17OV3g==")

841.701225ms ago: executing program 3 (id=4):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
socket$packet(0x11, 0xa, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'wg0\x00'})
sendto$packet(r1, &(0x7f0000000180)="0b03feff4f00020002004788aa96a13bb1000011000088ca1a00", 0x1a, 0x0, 0x0, 0x0)

635.710089ms ago: executing program 4 (id=5):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
rename(0x0, &(0x7f0000000180)='./file0/file0\x00')
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18)
chdir(&(0x7f0000000140)='./bus\x00')
mount$overlay(0x0, &(0x7f00000001c0)='./file2\x00', &(0x7f0000000240), 0x22a2070, &(0x7f0000000440)={[{@metacopy_off}, {@metacopy_off}, {@workdir={'workdir', 0x3d, './file1'}}, {@verity_off}, {@nfs_export_off}, {@uuid_off}], [{@context={'context', 0x3d, 'staff_u'}}, {@appraise}, {@subj_user={'subj_user', 0x3d, '{,\'%+\'!.!'}}, {@dont_appraise}, {@dont_hash}]})

546.91041ms ago: executing program 0 (id=6):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001400)={{r2}, 0x0, &(0x7f00000013c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

0s ago: executing program 4 (id=7):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180)='./file0/file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r1 = socket$netlink(0x10, 0x3, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000280)={0x8000000000000001, {0x8, 0xfffffffffffffff1, 0x7, 0x7, 0x7}})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
chdir(&(0x7f0000000140)='./bus\x00')
mount$overlay(0x0, &(0x7f00000001c0)='./file2\x00', &(0x7f0000000240), 0x22a2070, &(0x7f0000000440)={[{@metacopy_off}, {@metacopy_off}, {@workdir={'workdir', 0x3d, './file1'}}, {@verity_off}, {@nfs_export_off}, {@uuid_off}], [{@hash}, {@context={'context', 0x3d, 'staff_u'}}, {@appraise}, {@subj_user={'subj_user', 0x3d, '{,\'%+\'!.!'}}, {@dont_appraise}, {@dont_hash}]})

kernel console output (not intermixed with test programs):

][   T30] audit: type=1400 audit(1743808374.967:65): avc:  denied  { siginh } for  pid=242 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.10.12' (ED25519) to the list of known hosts.
[   26.150658][   T30] audit: type=1400 audit(1743808382.157:66): avc:  denied  { integrity } for  pid=282 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[   26.175120][   T30] audit: type=1400 audit(1743808382.177:67): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   26.177051][  T282] cgroup: Unknown subsys name 'net'
[   26.198275][   T30] audit: type=1400 audit(1743808382.177:68): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.225395][  T282] cgroup: Unknown subsys name 'devices'
[   26.225419][   T30] audit: type=1400 audit(1743808382.207:69): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.458386][  T282] cgroup: Unknown subsys name 'hugetlb'
[   26.464092][  T282] cgroup: Unknown subsys name 'rlimit'
[   26.674367][   T30] audit: type=1400 audit(1743808382.677:70): avc:  denied  { setattr } for  pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   26.697719][   T30] audit: type=1400 audit(1743808382.677:71): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   26.722184][   T30] audit: type=1400 audit(1743808382.677:72): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   26.750275][  T286] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   26.759210][   T30] audit: type=1400 audit(1743808382.767:73): avc:  denied  { relabelto } for  pid=286 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   26.784846][   T30] audit: type=1400 audit(1743808382.767:74): avc:  denied  { write } for  pid=286 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   26.814788][   T30] audit: type=1400 audit(1743808382.817:75): avc:  denied  { read } for  pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   26.840291][  T282] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   28.230528][  T293] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.237665][  T293] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.244978][  T293] device bridge_slave_0 entered promiscuous mode
[   28.265376][  T294] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.272877][  T294] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.280677][  T294] device bridge_slave_0 entered promiscuous mode
[   28.287296][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.294143][  T293] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.301706][  T293] device bridge_slave_1 entered promiscuous mode
[   28.319278][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.326872][  T294] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.334239][  T294] device bridge_slave_1 entered promiscuous mode
[   28.408084][  T296] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.414948][  T296] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.422426][  T296] device bridge_slave_0 entered promiscuous mode
[   28.430777][  T296] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.437713][  T296] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.445184][  T296] device bridge_slave_1 entered promiscuous mode
[   28.460179][  T295] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.467238][  T295] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.474548][  T295] device bridge_slave_0 entered promiscuous mode
[   28.494136][  T295] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.501044][  T295] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.508459][  T295] device bridge_slave_1 entered promiscuous mode
[   28.574898][  T297] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.581830][  T297] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.589123][  T297] device bridge_slave_0 entered promiscuous mode
[   28.606003][  T297] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.612910][  T297] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.620242][  T297] device bridge_slave_1 entered promiscuous mode
[   28.726519][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.733383][  T293] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.766738][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.773589][  T294] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.780729][  T294] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.787501][  T294] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.801492][  T296] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.808364][  T296] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.815455][  T296] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.822277][  T296] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.834417][  T295] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.841306][  T295] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.848386][  T295] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.855158][  T295] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.911385][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.918722][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.925820][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.933245][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.940501][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.947835][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.954984][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.963891][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   28.971442][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   28.997665][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.005242][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.013619][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.022177][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.029106][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.051871][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.060134][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.068735][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.075611][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.083226][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.092022][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.098919][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.106045][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.114557][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.121523][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.128716][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.136852][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.143689][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.151042][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.159066][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.165893][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.195951][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.205685][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.213772][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.222242][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.230284][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.238165][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.246031][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.266697][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.275111][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.283411][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.290305][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.298154][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   29.306932][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.314929][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.321795][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.329033][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   29.336506][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.343799][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   29.352245][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.360679][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.367671][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.374996][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   29.383479][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.391786][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.398633][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.413394][  T294] device veth0_vlan entered promiscuous mode
[   29.424590][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   29.432504][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   29.440878][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.450451][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   29.458446][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.466630][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.473928][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.484824][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   29.493195][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.510267][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   29.518315][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.526776][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   29.534736][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.542999][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   29.551342][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.562540][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   29.570571][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.587610][  T293] device veth0_vlan entered promiscuous mode
[   29.595327][  T295] device veth0_vlan entered promiscuous mode
[   29.601613][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.609349][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.616781][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   29.625194][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.633183][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   29.641343][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.649338][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   29.657188][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.665107][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.672612][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.684727][  T294] device veth1_macvtap entered promiscuous mode
[   29.702060][  T293] device veth1_macvtap entered promiscuous mode
[   29.708988][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.717416][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   29.725667][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.734361][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   29.742093][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   29.750269][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.758519][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   29.766525][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   29.781398][  T296] device veth0_vlan entered promiscuous mode
[   29.792767][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   29.801053][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.809485][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   29.817441][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.831975][  T297] device veth0_vlan entered promiscuous mode
[   29.841553][  T295] device veth1_macvtap entered promiscuous mode
[   29.848583][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.856561][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.863853][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.871891][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.879808][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.887852][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   29.895826][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.903960][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   29.911579][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   29.920265][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   29.928917][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   29.937455][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   29.945655][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   29.954050][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   29.962714][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   29.970927][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   29.985260][  T296] device veth1_macvtap entered promiscuous mode
[   29.998855][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   30.007356][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   30.015480][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   30.023456][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   30.031902][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   30.048053][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   30.056498][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   30.071823][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   30.081118][  T294] request_module fs-gadgetfs succeeded, but still no fs?
[   30.081906][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   30.098176][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   30.106608][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   30.121059][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   30.147836][  T297] device veth1_macvtap entered promiscuous mode
[   30.181463][  T321] loop1: detected capacity change from 0 to 1024
[   30.213816][  T327] loop2: detected capacity change from 0 to 1024
[   30.219915][  T323] loop0: detected capacity change from 0 to 2048
[   30.236488][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   30.244798][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   30.253542][  T321] =======================================================
[   30.253542][  T321] WARNING: The mand mount option has been deprecated and
[   30.253542][  T321]          and is ignored by this kernel. Remove the mand
[   30.253542][  T321]          option from the mount to silence this warning.
[   30.253542][  T321] =======================================================
[   30.292628][  T327] EXT4-fs (loop2): Ignoring removed nobh option
[   30.299388][  T323] Alternate GPT is invalid, using primary GPT.
[   30.299617][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   30.305541][  T323]  loop0: p1 p2 p3
[   30.313330][  T327] EXT4-fs (loop2): Ignoring removed bh option
[   30.322973][  T327] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   30.335808][   T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   30.346866][  T321] EXT4-fs (loop1): Ignoring removed nobh option
[   30.356451][  T321] EXT4-fs (loop1): Ignoring removed bh option
[   30.362424][  T321] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   30.402056][  T332] loop4: detected capacity change from 0 to 1024
[   30.417798][  T327] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[   30.450058][  T321] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[   30.472145][  T327] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3876: comm syz.2.3: Allocating blocks 497-513 which overlap fs metadata
[   30.490438][  T327] EXT4-fs (loop2): pa ffff8881111a71f8: logic 128, phys. 385, len 8
[   30.495900][  T332] EXT4-fs (loop4): Ignoring removed nobh option
[   30.498358][  T327] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 1
[   30.514766][  T293] ------------[ cut here ]------------
[   30.536286][  T293] WARNING: CPU: 1 PID: 293 at fs/inode.c:332 drop_nlink+0xc1/0x110
[   30.554073][  T321] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3876: comm syz.1.2: Allocating blocks 497-513 which overlap fs metadata
[   30.557684][  T332] EXT4-fs (loop4): Ignoring removed bh option
[   30.572764][  T293] Modules linked in:
[   30.573865][  T332] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   30.583586][  T293] CPU: 1 PID: 293 Comm: syz-executor Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0
[   30.590743][  T321] EXT4-fs (loop1): pa ffff8881111a7150: logic 128, phys. 385, len 8
[   30.607450][  T321] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 1
[   30.625362][  T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   30.646469][  T293] RIP: 0010:drop_nlink+0xc1/0x110
[   30.647423][  T332] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[   30.651538][  T293] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 d7 f5 f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9f 88 ae ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c
[   30.698698][  T293] RSP: 0018:ffffc90000997c88 EFLAGS: 00010293
[   30.700188][  T321] overlayfs: failed to resolve './file1': -2
[   30.704766][  T293] RAX: ffffffff81c1e411 RBX: 0000000000000000 RCX: ffff88811f6662c0
[   30.718394][  T293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   30.726139][  T293] RBP: ffffc90000997cb0 R08: ffffffff81c1e394 R09: 0000000000000003
[   30.733963][  T293] R10: fffff52000132f80 R11: dffffc0000000001 R12: dffffc0000000000
[   30.741940][  T293] R13: 1ffff11025032987 R14: ffff888128194bf0 R15: ffff888128194c38
[   30.749768][  T293] FS:  0000555581912500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   30.759441][  T293] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.765862][  T293] CR2: 0000001b2e212ff8 CR3: 0000000124927000 CR4: 00000000003506a0
[   30.773836][  T293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   30.781643][  T293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   30.789555][  T293] Call Trace:
[   30.792656][  T293]  <TASK>
[   30.795433][  T293]  ? show_regs+0x58/0x60
[   30.799613][  T293]  ? __warn+0x160/0x2f0
[   30.803650][  T293]  ? drop_nlink+0xc1/0x110
[   30.808026][  T293]  ? report_bug+0x3d9/0x5b0
[   30.812363][  T293]  ? drop_nlink+0xc1/0x110
[   30.817111][  T293]  ? handle_bug+0x41/0x70
[   30.821211][  T293]  ? exc_invalid_op+0x1b/0x50
[   30.823555][  T332] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3876: comm syz.4.5: Allocating blocks 497-513 which overlap fs metadata
[   30.825724][  T293]  ? asm_exc_invalid_op+0x1b/0x20
[   30.825753][  T293]  ? drop_nlink+0x44/0x110
[   30.850687][  T293]  ? drop_nlink+0xc1/0x110
[   30.854956][  T293]  ? drop_nlink+0xc1/0x110
[   30.859325][  T293]  ? drop_nlink+0xc1/0x110
[   30.859740][  T332] EXT4-fs (loop4): pa ffff888111183e70: logic 128, phys. 385, len 8
[   30.863614][  T293]  shmem_rmdir+0x59/0x90
[   30.871473][  T332] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 1
[   30.875641][  T293]  vfs_rmdir+0x324/0x470
[   30.890148][  T293]  incfs_kill_sb+0x113/0x230
[   30.894643][  T293]  deactivate_locked_super+0xad/0x110
[   30.900054][  T293]  deactivate_super+0xbe/0xf0
[   30.904610][  T293]  cleanup_mnt+0x45c/0x510
[   30.908885][  T293]  __cleanup_mnt+0x19/0x20
[   30.913294][  T293]  task_work_run+0x129/0x190
[   30.918039][  T293]  exit_to_user_mode_loop+0xc4/0xe0
[   30.923132][  T293]  exit_to_user_mode_prepare+0x5a/0xa0
[   30.928684][  T293]  syscall_exit_to_user_mode+0x26/0x160
[   30.934112][  T293]  do_syscall_64+0x47/0xb0
[   30.938560][  T293]  ? clear_bhb_loop+0x35/0x90
[   30.943381][  T293]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   30.949589][  T293] RIP: 0033:0x7f912b039497
[   30.954004][  T293] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   30.974029][  T293] RSP: 002b:00007ffd59463798 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   30.982716][  T293] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f912b039497
[   30.990692][  T293] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd59463850
[   31.000350][  T293] RBP: 00007ffd59463850 R08: 0000000000000000 R09: 0000000000000000
[   31.022390][  T293] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd594648e0
[   31.030333][  T293] R13: 00007f912b0b908c R14: 00000000000076df R15: 00007ffd59464920
[   31.042027][  T293]  </TASK>
[   31.044884][  T293] ---[ end trace 8f93fe263669164f ]---
[   31.057612][  T293] ==================================================================
[   31.065523][  T293] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   31.071591][  T293] Write of size 4 at addr 0000000000000170 by task syz-executor/293
[   31.079399][  T293] 
[   31.081572][  T293] CPU: 0 PID: 293 Comm: syz-executor Tainted: G        W         5.15.178-syzkaller-00034-g5e1b899f19c3 #0
[   31.093213][  T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   31.103217][  T293] Call Trace:
[   31.106332][  T293]  <TASK>
[   31.109111][  T293]  dump_stack_lvl+0x151/0x1c0
[   31.113625][  T293]  ? io_uring_drop_tctx_refs+0x190/0x190
[   31.119091][  T293]  ? _raw_spin_lock+0xa4/0x1b0
[   31.123691][  T293]  ? _raw_spin_trylock_bh+0x190/0x190
[   31.129019][  T293]  kasan_report+0x16f/0x1c0
[   31.133616][  T293]  ? ihold+0x20/0x60
[   31.137343][  T293]  ? ihold+0x20/0x60
[   31.141080][  T293]  kasan_check_range+0x293/0x2a0
[   31.146020][  T293]  __kasan_check_write+0x14/0x20
[   31.150803][  T293]  ihold+0x20/0x60
[   31.154355][  T293]  vfs_rmdir+0x201/0x470
[   31.158531][  T293]  incfs_kill_sb+0x113/0x230
[   31.162952][  T293]  deactivate_locked_super+0xad/0x110
[   31.168159][  T293]  deactivate_super+0xbe/0xf0
[   31.172674][  T293]  cleanup_mnt+0x45c/0x510
[   31.176929][  T293]  __cleanup_mnt+0x19/0x20
[   31.181191][  T293]  task_work_run+0x129/0x190
[   31.185605][  T293]  exit_to_user_mode_loop+0xc4/0xe0
[   31.190638][  T293]  exit_to_user_mode_prepare+0x5a/0xa0
[   31.195934][  T293]  syscall_exit_to_user_mode+0x26/0x160
[   31.201314][  T293]  do_syscall_64+0x47/0xb0
[   31.205569][  T293]  ? clear_bhb_loop+0x35/0x90
[   31.210081][  T293]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   31.215814][  T293] RIP: 0033:0x7f912b039497
[   31.220061][  T293] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   31.239704][  T293] RSP: 002b:00007ffd59463798 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   31.247950][  T293] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f912b039497
[   31.255847][  T293] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd59463850
[   31.263661][  T293] RBP: 00007ffd59463850 R08: 0000000000000000 R09: 0000000000000000
[   31.271472][  T293] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd594648e0
[   31.279285][  T293] R13: 00007f912b0b908c R14: 00000000000076df R15: 00007ffd59464920
[   31.287101][  T293]  </TASK>
[   31.289960][  T293] ==================================================================
[   31.297856][  T293] Disabling lock debugging due to kernel taint
[   31.306768][  T293] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   31.314493][  T293] #PF: supervisor write access in kernel mode
[   31.320511][  T293] #PF: error_code(0x0002) - not-present page
[   31.326304][  T293] PGD 1282ab067 P4D 1282ab067 PUD 0 
[   31.331562][  T293] Oops: 0002 [#1] PREEMPT SMP KASAN
[   31.336742][  T293] CPU: 1 PID: 293 Comm: syz-executor Tainted: G    B   W         5.15.178-syzkaller-00034-g5e1b899f19c3 #0
[   31.347926][  T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   31.357910][  T293] RIP: 0010:ihold+0x25/0x60
[   31.362248][  T293] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 b1 80 ae ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 c0 ed f0 ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 34 84 ae
[   31.381928][  T293] RSP: 0018:ffffc90000997cc8 EFLAGS: 00010246
[   31.388028][  T293] RAX: ffff88811f666200 RBX: 0000000000000001 RCX: ffff88811f6662c0
[   31.395840][  T293] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 00000000ffffffff
[   31.403649][  T293] RBP: ffffc90000997cd8 R08: ffffffff8141a9ab R09: 0000000000000003
[   31.411609][  T293] R10: fffffbfff0e9aa4c R11: dffffc0000000001 R12: dffffc0000000000
[   31.419395][  T293] R13: ffff8881111cc220 R14: 0000000000000000 R15: 1ffff1102223984a
[   31.427204][  T293] FS:  0000555581912500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   31.435968][  T293] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   31.442394][  T293] CR2: 0000000000000170 CR3: 0000000124927000 CR4: 00000000003506a0
[   31.450207][  T293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   31.458014][  T293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   31.465833][  T293] Call Trace:
[   31.468953][  T293]  <TASK>
[   31.471737][  T293]  ? __die_body+0x62/0xb0
[   31.475899][  T293]  ? __die+0x7e/0x90
[   31.479637][  T293]  ? page_fault_oops+0x7f9/0xa90
[   31.484414][  T293]  ? _raw_spin_unlock+0x4d/0x70
[   31.489118][  T293]  ? kernelmode_fixup_or_oops+0xd0/0xd0
[   31.494484][  T293]  ? __schedule+0xcd4/0x1590
[   31.499017][  T293]  ? exc_page_fault+0x510/0x7f0
[   31.503685][  T293]  ? asm_exc_page_fault+0x27/0x30
[   31.508544][  T293]  ? check_panic_on_warn+0x5b/0xb0
[   31.513486][  T293]  ? ihold+0x25/0x60
[   31.517219][  T293]  ? ihold+0x20/0x60
[   31.520959][  T293]  vfs_rmdir+0x201/0x470
[   31.525032][  T293]  incfs_kill_sb+0x113/0x230
[   31.529460][  T293]  deactivate_locked_super+0xad/0x110
[   31.534673][  T293]  deactivate_super+0xbe/0xf0
[   31.539189][  T293]  cleanup_mnt+0x45c/0x510
[   31.543525][  T293]  __cleanup_mnt+0x19/0x20
[   31.547773][  T293]  task_work_run+0x129/0x190
[   31.552200][  T293]  exit_to_user_mode_loop+0xc4/0xe0
[   31.557231][  T293]  exit_to_user_mode_prepare+0x5a/0xa0
[   31.562526][  T293]  syscall_exit_to_user_mode+0x26/0x160
[   31.567910][  T293]  do_syscall_64+0x47/0xb0
[   31.572161][  T293]  ? clear_bhb_loop+0x35/0x90
[   31.576682][  T293]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   31.582405][  T293] RIP: 0033:0x7f912b039497
[   31.586654][  T293] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   31.606098][  T293] RSP: 002b:00007ffd59463798 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   31.614346][  T293] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f912b039497
[   31.622153][  T293] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd59463850
[   31.629965][  T293] RBP: 00007ffd59463850 R08: 0000000000000000 R09: 0000000000000000
[   31.637778][  T293] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd594648e0
[   31.645676][  T293] R13: 00007f912b0b908c R14: 00000000000076df R15: 00007ffd59464920
[   31.653490][  T293]  </TASK>
[   31.656355][  T293] Modules linked in:
[   31.660099][  T293] CR2: 0000000000000170
[   31.664094][  T293] ---[ end trace 8f93fe2636691650 ]---
[   31.669371][  T293] RIP: 0010:ihold+0x25/0x60
[   31.673720][  T293] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 b1 80 ae ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 c0 ed f0 ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 34 84 ae
[   31.693154][  T293] RSP: 0018:ffffc90000997cc8 EFLAGS: 00010246
[   31.699057][  T293] RAX: ffff88811f666200 RBX: 0000000000000001 RCX: ffff88811f6662c0
[   31.707049][  T293] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 00000000ffffffff
[   31.714877][  T293] RBP: ffffc90000997cd8 R08: ffffffff8141a9ab R09: 0000000000000003
[   31.722801][  T293] R10: fffffbfff0e9aa4c R11: dffffc0000000001 R12: dffffc0000000000
[   31.730858][  T293] R13: ffff8881111cc220 R14: 0000000000000000 R15: 1ffff1102223984a
[   31.738666][  T293] FS:  0000555581912500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   31.747447][  T293] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   31.753851][  T293] CR2: 0000000000000170 CR3: 0000000124927000 CR4: 00000000003506a0
[   31.761671][  T293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   31.769496][  T293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   31.777296][  T293] Kernel panic - not syncing: Fatal exception
[   31.783473][  T293] Kernel Offset: disabled
[   31.787611][  T293] Rebooting in 86400 seconds..