program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x3000080, &(0x7f0000000300)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYRES8], 0x15, 0x2e3, &(0x7f0000000380)="$eJzs3U1rFEkcx/Ff9UySyWbIdh6WhT1mN7B7WbLZy7KXCTIvQjyImhkhOEQ0EdSLUTyJ6N27b8G3IHhR9CroyZMvYAShpaprnnu6ZyTTncHvBwyd7vp3/2v6oeo/YFoAfljn6h+e//vJ/jNSSSXp0f9SIKkilSX9ol8rtw6PD45bzUbKftqRY6OM4kgz0mj/sJkUW5GP8EL7W1nV/nWYjSiK9j5KOio6ERTK3f0JAmnJ351ueyX3zNLd/864k1POY94Ye1Zva7XoPAAAxfLjf+DH+aqfvweBtO2H/TM5/scWpo5ozySPsyRK3Wraavvx31VZkbHn92e3qVfvuRLObg86VeIkRx4+G4uKr6yBCabJqipdLsHy1YNW8+/9661GoAeqeX3NNt3PRnzpdmRku5VQm456P+HeFN8rSTPKFdeHBduH3TH5byTtbppPe1rmlXljLppQz9Tozv/KkbGnyZ2pcOhMxfnvjN+j62VoW8k/Nmq1WjDQZM0d5Dd/BC+jl5XkikSdK2pNg18QhFl5uqj1oai4d/9kRG3EUXvLA1G7nd/GRG0OHMv2pns1jz/erJkn5rzZ0me9UL1v/h/Y/LaVemf27hqzHQ8F7hOP+7OYfLiy22c4MnKc6EJ1cE33U1wal/qXKHUzvHf+CXwvpc1jXdF/Wj26c/daqdVq3rQLlxMWblS7axYeSoltClgI1Fujk96mJcVfRI5EdQalPFP961R3aJ8fmY3tXZZLB8/MlVDEQv11vhdSEQt5PKhQtN5Jz2z6MpeEkDc374rrv756ZcdN9uyPMGWenl5k9iqgyM6xuxVQZSB+3S39NFUFtzK+gpu05vr9T+mP7qqvUcYRQ5/nfIjSpn6WqeutLvH9PwAAAAAAAAAAAAAAAAAAwLzJ478TFN1HAAAAAAAAAAAAAAAAAAAAAADmXff9v+q8/1eTvf93+C9/l+I3vJzK+3+fHor3/wKz9y0AAP//SPqKJA==")
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x13760f6, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = creat(&(0x7f00000004c0)='./file0\x00', 0x124)
fallocate(r4, 0x1, 0x0, 0x280404)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
fstat(r5, &(0x7f0000000000))
getsockname$packet(r5, &(0x7f0000000040)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003240)=@newtfilter={0x38, 0x28, 0xd27, 0x1000000, 0x0, {0x0, 0x0, 0x0, r6, {0x4, 0x9}, {0x6}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0x5}}]}}]}, 0x38}}, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0xa, 0x2)
r9 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r9, &(0x7f0000000240)={0x11, 0x2, 0x0, 0x1, 0x8, 0x6, @remote}, 0x14)
r10 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000012c0), 0x2000, 0x0)
ioctl$CDROM_SET_OPTIONS(r10, 0x5320, 0x4)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})

[   74.020162][ T5295] Bluetooth: hci0: command tx timeout
[   74.091097][ T5315] loop0: detected capacity change from 0 to 64
[   74.140303][ T5315] loop0: detected capacity change from 64 to 0
[   74.148037][ T5315] =======================================================
[   74.148037][ T5315] WARNING: The mand mount option has been deprecated and
[   74.148037][ T5315]          and is ignored by this kernel. Remove the mand
[   74.148037][ T5315]          option from the mount to silence this warning.
[   74.148037][ T5315] =======================================================
[   74.170397][  T173] Buffer I/O error on dev loop0, logical block 8, lost async page write
[   74.175300][  T173] Buffer I/O error on dev loop0, logical block 9, lost async page write
[   74.179995][  T173] Buffer I/O error on dev loop0, logical block 10, lost async page write
[   74.183727][  T173] Buffer I/O error on dev loop0, logical block 11, lost async page write
[   74.187370][  T173] Buffer I/O error on dev loop0, logical block 16, lost async page write
[   74.192322][  T173] Buffer I/O error on dev loop0, logical block 17, lost async page write
[   74.196077][  T173] Buffer I/O error on dev loop0, logical block 18, lost async page write
[   74.201973][ T5316] overlayfs: failed to resolve './file1': -2
[   74.205349][  T173] Buffer I/O error on dev loop0, logical block 19, lost async page write
[   74.210438][ T5315] Buffer I/O error on dev loop0, logical block 62, lost sync page write
[   74.214514][ T5315] hfs: unable to read volume bitmap
[   74.227957][  T173] Buffer I/O error on dev loop0, logical block 8, lost async page write
[   74.235196][ T5315] ------------[ cut here ]------------
[   74.237723][ T5315] !buffer_uptodate(bh)
[   74.237735][ T5315] WARNING: fs/buffer.c:1180 at mark_buffer_dirty+0x299/0x440, CPU#0: syz.0.0/5315
[   74.243978][ T5315] Modules linked in:
[   74.245738][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.249954][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.254344][ T5315] RIP: 0010:mark_buffer_dirty+0x299/0x440
[   74.257052][ T5315] Code: 4c 89 f7 e8 69 01 da ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 d4 60 fb ff e8 9f 4d 6e ff eb 8c e8 98 4d 6e ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 8a 4d 6e ff 90 0f 0b 90 e9 cf fd ff ff
[   74.265746][ T5315] RSP: 0018:ffffc9000dfd7ba8 EFLAGS: 00010283
[   74.269199][ T5315] RAX: ffffffff82574dd8 RBX: ffff888047e38910 RCX: 0000000000100000
[   74.273600][ T5315] RDX: ffffc9000ec1a000 RSI: 00000000000021e2 RDI: 00000000000021e3
[   74.277020][ T5315] RBP: 1ffff11006db6001 R08: ffff888047e38917 R09: 1ffff11008fc7122
[   74.280315][ T5315] R10: dffffc0000000000 R11: ffffed1008fc7123 R12: dffffc0000000000
[   74.283765][ T5315] R13: ffff888036db0638 R14: ffff888055bb1c0b R15: ffff888055bab492
[   74.287302][ T5315] FS:  00007fb49de5e6c0(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000
[   74.291240][ T5315] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.294409][ T5315] CR2: 00007fb49d1170e0 CR3: 0000000040562000 CR4: 0000000000352ef0
[   74.298156][ T5315] Call Trace:
[   74.299772][ T5315]  <TASK>
[   74.301101][ T5315]  hfs_mdb_commit+0x84b/0x1150
[   74.303544][ T5315]  hfs_sync_fs+0x1d/0x30
[   74.305948][ T5315]  sync_filesystem+0x1cf/0x230
[   74.308161][ T5315]  hfs_reconfigure+0x66/0x270
[   74.310463][ T5315]  reconfigure_super+0x227/0x8a0
[   74.312856][ T5315]  path_mount+0xdc5/0x10e0
[   74.315248][ T5315]  ? user_path_at+0xd4/0x160
[   74.317760][ T5315]  __se_sys_mount+0x31d/0x420
[   74.320150][ T5315]  ? __pfx___se_sys_mount+0x10/0x10
[   74.322368][ T5315]  ? __x64_sys_mount+0x20/0xc0
[   74.324504][ T5315]  do_syscall_64+0x14d/0xf80
[   74.326517][ T5315]  ? trace_irq_disable+0x3b/0x150
[   74.328813][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.331950][ T5315]  ? clear_bhb_loop+0x40/0x90
[   74.334449][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.337582][ T5315] RIP: 0033:0x7fb49cf9c799
[   74.339555][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.348282][ T5315] RSP: 002b:00007fb49de5e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   74.351936][ T5315] RAX: ffffffffffffffda RBX: 00007fb49d215fa0 RCX: 00007fb49cf9c799
[   74.355345][ T5315] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000
[   74.359410][ T5315] RBP: 00007fb49d032bd9 R08: 0000000000000000 R09: 0000000000000000
[   74.363351][ T5315] R10: 00000000013760f6 R11: 0000000000000246 R12: 0000000000000000
[   74.366869][ T5315] R13: 00007fb49d216038 R14: 00007fb49d215fa0 R15: 00007ffea8f74478
[   74.370231][ T5315]  </TASK>
[   74.371638][ T5315] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.374775][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.378676][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.383071][ T5315] Call Trace:
[   74.384547][ T5315]  <TASK>
[   74.385826][ T5315]  vpanic+0x56c/0xa60
[   74.387600][ T5315]  ? __pfx__printk+0x10/0x10
[   74.389641][ T5315]  ? __pfx_vpanic+0x10/0x10
[   74.391752][ T5315]  ? is_bpf_text_address+0x292/0x2b0
[   74.393944][ T5315]  ? is_bpf_text_address+0x26/0x2b0
[   74.396348][ T5315]  panic+0xc5/0xd0
[   74.398091][ T5315]  ? __pfx_panic+0x10/0x10
[   74.400155][ T5315]  __warn+0x315/0x4f0
[   74.402021][ T5315]  ? mark_buffer_dirty+0x299/0x440
[   74.404244][ T5315]  ? mark_buffer_dirty+0x299/0x440
[   74.406887][ T5315]  __report_bug+0x29a/0x540
[   74.409233][ T5315]  ? mark_buffer_dirty+0x299/0x440
[   74.411723][ T5315]  ? __pfx___report_bug+0x10/0x10
[   74.414077][ T5315]  ? sync_inodes_sb+0xb52/0xbd0
[   74.416286][ T5315]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   74.418727][ T5315]  ? mark_buffer_dirty+0x299/0x440
[   74.420912][ T5315]  report_bug+0x16a/0x220
[   74.422715][ T5315]  ? mark_buffer_dirty+0x299/0x440
[   74.424852][ T5315]  ? mark_buffer_dirty+0x29b/0x440
[   74.427002][ T5315]  handle_bug+0x98/0x200
[   74.428729][ T5315]  exc_invalid_op+0x1a/0x50
[   74.430609][ T5315]  asm_exc_invalid_op+0x1a/0x20
[   74.432768][ T5315] RIP: 0010:mark_buffer_dirty+0x299/0x440
[   74.435285][ T5315] Code: 4c 89 f7 e8 69 01 da ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 d4 60 fb ff e8 9f 4d 6e ff eb 8c e8 98 4d 6e ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 8a 4d 6e ff 90 0f 0b 90 e9 cf fd ff ff
[   74.443947][ T5315] RSP: 0018:ffffc9000dfd7ba8 EFLAGS: 00010283
[   74.446929][ T5315] RAX: ffffffff82574dd8 RBX: ffff888047e38910 RCX: 0000000000100000
[   74.450458][ T5315] RDX: ffffc9000ec1a000 RSI: 00000000000021e2 RDI: 00000000000021e3
[   74.453760][ T5315] RBP: 1ffff11006db6001 R08: ffff888047e38917 R09: 1ffff11008fc7122
[   74.457138][ T5315] R10: dffffc0000000000 R11: ffffed1008fc7123 R12: dffffc0000000000
[   74.460558][ T5315] R13: ffff888036db0638 R14: ffff888055bb1c0b R15: ffff888055bab492
[   74.463973][ T5315]  ? mark_buffer_dirty+0x298/0x440
[   74.466253][ T5315]  ? mark_buffer_dirty+0x298/0x440
[   74.468541][ T5315]  hfs_mdb_commit+0x84b/0x1150
[   74.470614][ T5315]  hfs_sync_fs+0x1d/0x30
[   74.472448][ T5315]  sync_filesystem+0x1cf/0x230
[   74.474590][ T5315]  hfs_reconfigure+0x66/0x270
[   74.476671][ T5315]  reconfigure_super+0x227/0x8a0
[   74.478905][ T5315]  path_mount+0xdc5/0x10e0
[   74.480808][ T5315]  ? user_path_at+0xd4/0x160
[   74.482898][ T5315]  __se_sys_mount+0x31d/0x420
[   74.484923][ T5315]  ? __pfx___se_sys_mount+0x10/0x10
[   74.486981][ T5315]  ? __x64_sys_mount+0x20/0xc0
[   74.489116][ T5315]  do_syscall_64+0x14d/0xf80
[   74.490996][ T5315]  ? trace_irq_disable+0x3b/0x150
[   74.493029][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.495422][ T5315]  ? clear_bhb_loop+0x40/0x90
[   74.497185][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.499365][ T5315] RIP: 0033:0x7fb49cf9c799
[   74.501375][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.509807][ T5315] RSP: 002b:00007fb49de5e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   74.513650][ T5315] RAX: ffffffffffffffda RBX: 00007fb49d215fa0 RCX: 00007fb49cf9c799
[   74.517854][ T5315] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000
[   74.522109][ T5315] RBP: 00007fb49d032bd9 R08: 0000000000000000 R09: 0000000000000000
[   74.526680][ T5315] R10: 00000000013760f6 R11: 0000000000000246 R12: 0000000000000000
[   74.531430][ T5315] R13: 00007fb49d216038 R14: 00007fb49d215fa0 R15: 00007ffea8f74478
[   74.535190][ T5315]  </TASK>
[   74.536837][ T5315] Kernel Offset: disabled
[   74.538759][ T5315] Rebooting in 86400 seconds..