program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0) (async)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
mknodat$loop(r3, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
rename(&(0x7f0000000140)='./file1\x00', &(0x7f0000001900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
unlinkat(r3, &(0x7f0000000240)='./file1\x00', 0x0) (async)
mknodat(r3, &(0x7f0000005840)='./file1\x00', 0x8000, 0x4) (async, rerun: 64)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) (rerun: 64)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) (async)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x1a09, 0x5, 0x20000000, 0xa3d, 0x2, 0xd}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {}, {0x0, 0xffe0}}}, 0x24}}, 0x0)

[   86.881865][ T5302] Bluetooth: hci0: command tx timeout
[   86.889378][   T56] cfg80211: failed to load regulatory.db
[   87.052459][ T5331] ------------[ cut here ]------------
[   87.054869][ T5331] WARNING: CPU: 0 PID: 5331 at fs/inode.c:417 drop_nlink+0xc5/0x110
[   87.058350][ T5331] Modules linked in:
[   87.060160][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.064206][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.068784][ T5331] RIP: 0010:drop_nlink+0xc5/0x110
[   87.070949][ T5331] Code: 70 07 00 00 be 08 00 00 00 e8 e7 d4 e7 ff 3e 48 ff 83 70 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc cc e8 dc 86 80 ff 90 <0f> 0b 90 eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5b ff ff ff
[   87.079255][ T5331] RSP: 0018:ffffc9000d3cf2e8 EFLAGS: 00010293
[   87.081773][ T5331] RAX: ffffffff823f8c74 RBX: ffff8880366a2ec8 RCX: ffff888035e0c900
[   87.084842][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   87.087991][ T5331] RBP: 0000000000000000 R08: ffffc9000d3cf2a7 R09: 1ffff92001a79e54
[   87.091083][ T5331] R10: dffffc0000000000 R11: fffff52001a79e55 R12: 1ffff11006cd45e2
[   87.094495][ T5331] R13: 000000006925df29 R14: ffff8880366a2f10 R15: dffffc0000000000
[   87.097897][ T5331] FS:  00007f5f3bdf56c0(0000) GS:ffff88808d72f000(0000) knlGS:0000000000000000
[   87.101879][ T5331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.104671][ T5331] CR2: 00007f5f3bdf4fc8 CR3: 0000000042689000 CR4: 0000000000352ef0
[   87.107947][ T5331] Call Trace:
[   87.109478][ T5331]  <TASK>
[   87.110719][ T5331]  shmem_unlink+0x1f5/0x2d0
[   87.112856][ T5331]  shmem_rename2+0x22d/0x360
[   87.114887][ T5331]  ? __pfx_shmem_rename2+0x10/0x10
[   87.117173][ T5331]  vfs_rename+0xb34/0xe80
[   87.119094][ T5331]  ? __pfx_vfs_rename+0x10/0x10
[   87.121221][ T5331]  ? __pfx___mutex_lock+0x10/0x10
[   87.123502][ T5331]  ovl_do_rename+0x13c/0x210
[   87.125529][ T5331]  ? __pfx_ovl_do_rename+0x10/0x10
[   87.127649][ T5331]  ? lock_two_directories+0x104/0x220
[   87.130027][ T5331]  ovl_create_or_link+0xaf7/0x1410
[   87.132327][ T5331]  ? validate_chain+0x897/0x2140
[   87.134371][ T5331]  ? __pfx_ovl_create_or_link+0x10/0x10
[   87.136536][ T5331]  ? __lock_acquire+0xab9/0xd20
[   87.138467][ T5331]  ? from_vfsgid+0x72/0xa0
[   87.140463][ T5331]  ? inode_init_owner+0x1ee/0x3a0
[   87.142679][ T5331]  ovl_create_object+0x234/0x310
[   87.144792][ T5331]  ? __pfx_ovl_create_object+0x10/0x10
[   87.147440][ T5331]  ? make_vfsgid+0x49/0xa0
[   87.149411][ T5331]  ? HAS_UNMAPPED_ID+0x11a/0x180
[   87.151810][ T5331]  ? inode_permission+0x149/0x470
[   87.154001][ T5331]  ? __pfx_ovl_permission+0x10/0x10
[   87.156241][ T5331]  ? bpf_lsm_inode_create+0x9/0x20
[   87.158453][ T5331]  ? __pfx_ovl_create+0x10/0x10
[   87.160656][ T5331]  path_openat+0x14f4/0x3830
[   87.163443][ T5331]  ? __pfx_path_openat+0x10/0x10
[   87.166204][ T5331]  do_filp_open+0x1fa/0x410
[   87.168221][ T5331]  ? __lock_acquire+0xab9/0xd20
[   87.170307][ T5331]  ? __pfx_do_filp_open+0x10/0x10
[   87.172619][ T5331]  ? _raw_spin_unlock+0x28/0x50
[   87.174615][ T5331]  ? alloc_fd+0x64c/0x6c0
[   87.176553][ T5331]  do_sys_openat2+0x121/0x1c0
[   87.178478][ T5331]  ? __pfx_do_sys_openat2+0x10/0x10
[   87.180644][ T5331]  ? exc_page_fault+0x82/0x100
[   87.182828][ T5331]  ? do_user_addr_fault+0xc85/0x1380
[   87.185105][ T5331]  __x64_sys_openat+0x138/0x170
[   87.187179][ T5331]  do_syscall_64+0xfa/0xfa0
[   87.189133][ T5331]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.191471][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.194062][ T5331]  ? clear_bhb_loop+0x60/0xb0
[   87.195977][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.198497][ T5331] RIP: 0033:0x7f5f3f98f749
[   87.200447][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.208362][ T5331] RSP: 002b:00007f5f3bdf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   87.212123][ T5331] RAX: ffffffffffffffda RBX: 00007f5f3fbe6180 RCX: 00007f5f3f98f749
[   87.215401][ T5331] RDX: 0000000000105042 RSI: 0000200000000080 RDI: ffffffffffffff9c
[   87.218830][ T5331] RBP: 00007f5f3fa13f91 R08: 0000000000000000 R09: 0000000000000000
[   87.222075][ T5331] R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000
[   87.225353][ T5331] R13: 00007f5f3fbe6218 R14: 00007f5f3fbe6180 R15: 00007ffdfe64edb8
[   87.228745][ T5331]  </TASK>
[   87.230022][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.233124][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.237128][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.241875][ T5331] Call Trace:
[   87.243300][ T5331]  <TASK>
[   87.244604][ T5331]  dump_stack_lvl+0x99/0x250
[   87.246663][ T5331]  ? __asan_memcpy+0x40/0x70
[   87.248824][ T5331]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.251085][ T5331]  ? __pfx__printk+0x10/0x10
[   87.253291][ T5331]  vpanic+0x237/0x6d0
[   87.255015][ T5331]  ? __pfx_vpanic+0x10/0x10
[   87.256903][ T5331]  panic+0xb9/0xc0
[   87.258438][ T5331]  ? __pfx_panic+0x10/0x10
[   87.260319][ T5331]  __warn+0x31b/0x4b0
[   87.262067][ T5331]  ? drop_nlink+0xc5/0x110
[   87.264042][ T5331]  ? drop_nlink+0xc5/0x110
[   87.266122][ T5331]  report_bug+0x2be/0x4f0
[   87.268069][ T5331]  ? drop_nlink+0xc5/0x110
[   87.270106][ T5331]  ? drop_nlink+0xc5/0x110
[   87.272136][ T5331]  ? drop_nlink+0xc7/0x110
[   87.274039][ T5331]  handle_bug+0x84/0x160
[   87.275920][ T5331]  exc_invalid_op+0x1a/0x50
[   87.278078][ T5331]  asm_exc_invalid_op+0x1a/0x20
[   87.280135][ T5331] RIP: 0010:drop_nlink+0xc5/0x110
[   87.282293][ T5331] Code: 70 07 00 00 be 08 00 00 00 e8 e7 d4 e7 ff 3e 48 ff 83 70 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc cc e8 dc 86 80 ff 90 <0f> 0b 90 eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5b ff ff ff
[   87.290321][ T5331] RSP: 0018:ffffc9000d3cf2e8 EFLAGS: 00010293
[   87.293063][ T5331] RAX: ffffffff823f8c74 RBX: ffff8880366a2ec8 RCX: ffff888035e0c900
[   87.296312][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   87.299725][ T5331] RBP: 0000000000000000 R08: ffffc9000d3cf2a7 R09: 1ffff92001a79e54
[   87.303297][ T5331] R10: dffffc0000000000 R11: fffff52001a79e55 R12: 1ffff11006cd45e2
[   87.306676][ T5331] R13: 000000006925df29 R14: ffff8880366a2f10 R15: dffffc0000000000
[   87.310300][ T5331]  ? drop_nlink+0xc4/0x110
[   87.312249][ T5331]  ? drop_nlink+0xc4/0x110
[   87.314214][ T5331]  shmem_unlink+0x1f5/0x2d0
[   87.316205][ T5331]  shmem_rename2+0x22d/0x360
[   87.318255][ T5331]  ? __pfx_shmem_rename2+0x10/0x10
[   87.320512][ T5331]  vfs_rename+0xb34/0xe80
[   87.322482][ T5331]  ? __pfx_vfs_rename+0x10/0x10
[   87.324532][ T5331]  ? __pfx___mutex_lock+0x10/0x10
[   87.326631][ T5331]  ovl_do_rename+0x13c/0x210
[   87.328719][ T5331]  ? __pfx_ovl_do_rename+0x10/0x10
[   87.331000][ T5331]  ? lock_two_directories+0x104/0x220
[   87.333273][ T5331]  ovl_create_or_link+0xaf7/0x1410
[   87.335296][ T5331]  ? validate_chain+0x897/0x2140
[   87.337334][ T5331]  ? __pfx_ovl_create_or_link+0x10/0x10
[   87.339705][ T5331]  ? __lock_acquire+0xab9/0xd20
[   87.341785][ T5331]  ? from_vfsgid+0x72/0xa0
[   87.343670][ T5331]  ? inode_init_owner+0x1ee/0x3a0
[   87.345768][ T5331]  ovl_create_object+0x234/0x310
[   87.347804][ T5331]  ? __pfx_ovl_create_object+0x10/0x10
[   87.350104][ T5331]  ? make_vfsgid+0x49/0xa0
[   87.352008][ T5331]  ? HAS_UNMAPPED_ID+0x11a/0x180
[   87.353949][ T5331]  ? inode_permission+0x149/0x470
[   87.356078][ T5331]  ? __pfx_ovl_permission+0x10/0x10
[   87.358401][ T5331]  ? bpf_lsm_inode_create+0x9/0x20
[   87.360637][ T5331]  ? __pfx_ovl_create+0x10/0x10
[   87.362690][ T5331]  path_openat+0x14f4/0x3830
[   87.364721][ T5331]  ? __pfx_path_openat+0x10/0x10
[   87.366775][ T5331]  do_filp_open+0x1fa/0x410
[   87.368706][ T5331]  ? __lock_acquire+0xab9/0xd20
[   87.370896][ T5331]  ? __pfx_do_filp_open+0x10/0x10
[   87.372915][ T5331]  ? _raw_spin_unlock+0x28/0x50
[   87.374937][ T5331]  ? alloc_fd+0x64c/0x6c0
[   87.376870][ T5331]  do_sys_openat2+0x121/0x1c0
[   87.378966][ T5331]  ? __pfx_do_sys_openat2+0x10/0x10
[   87.381199][ T5331]  ? exc_page_fault+0x82/0x100
[   87.383249][ T5331]  ? do_user_addr_fault+0xc85/0x1380
[   87.385508][ T5331]  __x64_sys_openat+0x138/0x170
[   87.387600][ T5331]  do_syscall_64+0xfa/0xfa0
[   87.389584][ T5331]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.391844][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.394416][ T5331]  ? clear_bhb_loop+0x60/0xb0
[   87.396445][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.398959][ T5331] RIP: 0033:0x7f5f3f98f749
[   87.400847][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.408646][ T5331] RSP: 002b:00007f5f3bdf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   87.412345][ T5331] RAX: ffffffffffffffda RBX: 00007f5f3fbe6180 RCX: 00007f5f3f98f749
[   87.415612][ T5331] RDX: 0000000000105042 RSI: 0000200000000080 RDI: ffffffffffffff9c
[   87.418721][ T5331] RBP: 00007f5f3fa13f91 R08: 0000000000000000 R09: 0000000000000000
[   87.422099][ T5331] R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000
[   87.425310][ T5331] R13: 00007f5f3fbe6218 R14: 00007f5f3fbe6180 R15: 00007ffdfe64edb8
[   87.428425][ T5331]  </TASK>
[   87.429979][ T5331] Kernel Offset: disabled
[   87.431646][ T5331] Rebooting in 86400 seconds..