program:
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x800082, &(0x7f0000000680)=ANY=[@ANYBLOB="756d61736b3d30303030303030303030303030303030303030333537372c616c6c6f775f7574696d653d30303030303030332c000000000083ec4c0d6e84de0249d09f31ef580c3d00000000"], 0x1, 0x1b1, &(0x7f0000000240)="$eJzs3cFqE0EYB/Bv23UbxEPP4mHBi6egPkFUWiguCMoe9KRQvbQi2MvqqW/hG/gqvo7k1FskTmhoWcEetrvJ/n6XfOx/wnwzgcwpk/cPPp8cfzn79PPXj5hMsshnMYuLLPZjJ3YjOY8rstanAMDGuFgs4vci+Y/hz2+hJQCgYzc8/wGALeD8B4Dxcf4DwPi8efvu5bOqOnhdlpOI+XlTN3V6TfnhUXXwuPxrf/2uedPUu5f5k5SXV/M7cXeVP23Ni3j0MOXL7MWrKuV5GtHUe3Hc1vAs62AXAAAAAAAAAAAAAAAAAAAAAADgdk3LS633+0ynxT/yVB0eFatn1+/3yeN+3jJh0ckyAAAAAAAAAAAAAAAAAAAAYKOdfft+8uH09OPX4RbzYbQxtOJe55/g3mqGvle67cVynwfQxrWixy8lAAAAAAAAAAAAAAAAAAAYqfWPfvvuBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6s/7//+6K5Tw7fS8UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBR+xMAAP//+cFD/w==")
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) (async)
open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a)
mount(&(0x7f0000000240)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800) (async)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0x8)
recvfrom(r4, &(0x7f0000000700)=""/235, 0xeb, 0x10080, &(0x7f0000000800)=@ethernet={0x306, @remote}, 0x80) (async)
bind$ax25(r4, &(0x7f0000000000)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast]}, 0x10)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x4dc8aa39}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe0b5bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x40800) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r5, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) (async)
rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

[   73.518477][ T4662] Bluetooth: hci0: command tx timeout
[   73.575655][ T5314] loop0: detected capacity change from 0 to 256
[   73.688373][ T5315] loop0: detected capacity change from 256 to 0
[   73.693104][   T72] I/O error, dev loop0, sector 20 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2
[   73.710619][   T72] Buffer I/O error on dev loop0, logical block 5, lost sync page write
[   73.718342][ T5316] ------------[ cut here ]------------
[   73.721010][ T5316] !buffer_uptodate(bh)
[   73.721026][ T5316] WARNING: fs/buffer.c:1181 at mark_buffer_dirty+0x299/0x440, CPU#0: syz.0.0/5316
[   73.727001][ T5316] Modules linked in:
[   73.729586][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   73.733457][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   73.737943][ T5316] RIP: 0010:mark_buffer_dirty+0x299/0x440
[   73.740815][ T5316] Code: 4c 89 f7 e8 a9 05 da ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 44 61 fb ff e8 8f 4e 6e ff eb 8c e8 88 4e 6e ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 7a 4e 6e ff 90 0f 0b 90 e9 cf fd ff ff
[   73.749376][ T5316] RSP: 0018:ffffc9000dedf890 EFLAGS: 00010293
[   73.752066][ T5316] RAX: ffffffff82574da8 RBX: ffff88801c8b80e8 RCX: ffff888000124900
[   73.755479][ T5316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   73.759106][ T5316] RBP: ffff88801c825901 R08: ffff88801c8b80ef R09: 1ffff1100391701d
[   73.762612][ T5316] R10: dffffc0000000000 R11: ffffed100391701e R12: dffffc0000000000
[   73.766049][ T5316] R13: ffff888047e47b58 R14: ffffea000110fc58 R15: 0000000000000000
[   73.769609][ T5316] FS:  00007fa7d01d46c0(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[   73.773449][ T5316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   73.776401][ T5316] CR2: 00007f0217f7ede0 CR3: 00000000375a1000 CR4: 0000000000352ef0
[   73.779928][ T5316] Call Trace:
[   73.781453][ T5316]  <TASK>
[   73.782847][ T5316]  mark_buffer_dirty_inode+0x86/0x2f0
[   73.785268][ T5316]  fat_remove_entries+0x181/0x400
[   73.787558][ T5316]  msdos_rename+0xf4e/0x1370
[   73.789783][ T5316]  ? __pfx_msdos_rename+0x10/0x10
[   73.792079][ T5316]  ? down_write_nested+0x174/0x210
[   73.794433][ T5316]  ? __pfx_down_write_nested+0x10/0x10
[   73.796847][ T5316]  ? do_raw_spin_unlock+0x4d/0x210
[   73.799208][ T5316]  ? try_break_deleg+0x5b/0x180
[   73.801475][ T5316]  ? __pfx_msdos_rename+0x10/0x10
[   73.803632][ T5316]  vfs_rename+0xa96/0xeb0
[   73.805510][ T5316]  ? __pfx_vfs_rename+0x10/0x10
[   73.807671][ T5316]  ? do_raw_spin_unlock+0x4d/0x210
[   73.810181][ T5316]  ? bpf_lsm_path_rename+0x9/0x20
[   73.815201][ T5316]  ? security_path_rename+0x17d/0x460
[   73.817898][ T5316]  filename_renameat2+0x539/0x9c0
[   73.820124][ T5316]  ? __pfx_filename_renameat2+0x10/0x10
[   73.822374][ T5316]  ? getname_long+0xbc/0x130
[   73.824461][ T5316]  ? do_getname+0x151/0x250
[   73.826437][ T5316]  __se_sys_rename+0x55/0x2c0
[   73.828753][ T5316]  do_syscall_64+0x14d/0xf80
[   73.830811][ T5316]  ? trace_irq_disable+0x3b/0x150
[   73.832939][ T5316]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.835595][ T5316]  ? clear_bhb_loop+0x40/0x90
[   73.837390][ T5316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.839712][ T5316] RIP: 0033:0x7fa7d3d9c629
[   73.842063][ T5316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   73.850940][ T5316] RSP: 002b:00007fa7d01d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[   73.854671][ T5316] RAX: ffffffffffffffda RBX: 00007fa7d4016180 RCX: 00007fa7d3d9c629
[   73.857677][ T5316] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000200000000000
[   73.861821][ T5316] RBP: 00007fa7d3e32b39 R08: 0000000000000000 R09: 0000000000000000
[   73.865327][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.869005][ T5316] R13: 00007fa7d4016218 R14: 00007fa7d4016180 R15: 00007ffef5bf2bb8
[   73.872304][ T5316]  </TASK>
[   73.873691][ T5316] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   73.876582][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   73.880783][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   73.884997][ T5316] Call Trace:
[   73.886469][ T5316]  <TASK>
[   73.887783][ T5316]  vpanic+0x56c/0xa60
[   73.889577][ T5316]  ? __pfx__printk+0x10/0x10
[   73.891780][ T5316]  ? __pfx_vpanic+0x10/0x10
[   73.894052][ T5316]  ? is_bpf_text_address+0x292/0x2b0
[   73.896345][ T5316]  ? is_bpf_text_address+0x26/0x2b0
[   73.898530][ T5316]  panic+0xc5/0xd0
[   73.900098][ T5316]  ? __pfx_panic+0x10/0x10
[   73.902051][ T5316]  __warn+0x315/0x4f0
[   73.903910][ T5316]  ? mark_buffer_dirty+0x299/0x440
[   73.905983][ T5316]  ? mark_buffer_dirty+0x299/0x440
[   73.908178][ T5316]  __report_bug+0x29a/0x540
[   73.910216][ T5316]  ? mark_buffer_dirty+0x299/0x440
[   73.912412][ T5316]  ? __pfx___report_bug+0x10/0x10
[   73.914555][ T5316]  ? irqentry_exit+0x59e/0x620
[   73.916616][ T5316]  ? trace_irq_disable+0x3b/0x150
[   73.918840][ T5316]  ? mark_buffer_dirty+0x29b/0x440
[   73.921022][ T5316]  ? mark_buffer_dirty+0x299/0x440
[   73.923294][ T5316]  ? mark_buffer_dirty+0x299/0x440
[   73.925451][ T5316]  report_bug+0x16a/0x220
[   73.927310][ T5316]  ? mark_buffer_dirty+0x299/0x440
[   73.929385][ T5316]  ? mark_buffer_dirty+0x29b/0x440
[   73.931393][ T5316]  handle_bug+0x98/0x200
[   73.933173][ T5316]  exc_invalid_op+0x1a/0x50
[   73.935201][ T5316]  asm_exc_invalid_op+0x1a/0x20
[   73.937364][ T5316] RIP: 0010:mark_buffer_dirty+0x299/0x440
[   73.939805][ T5316] Code: 4c 89 f7 e8 a9 05 da ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 44 61 fb ff e8 8f 4e 6e ff eb 8c e8 88 4e 6e ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 7a 4e 6e ff 90 0f 0b 90 e9 cf fd ff ff
[   73.948044][ T5316] RSP: 0018:ffffc9000dedf890 EFLAGS: 00010293
[   73.951027][ T5316] RAX: ffffffff82574da8 RBX: ffff88801c8b80e8 RCX: ffff888000124900
[   73.955001][ T5316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   73.958426][ T5316] RBP: ffff88801c825901 R08: ffff88801c8b80ef R09: 1ffff1100391701d
[   73.961883][ T5316] R10: dffffc0000000000 R11: ffffed100391701e R12: dffffc0000000000
[   73.965553][ T5316] R13: ffff888047e47b58 R14: ffffea000110fc58 R15: 0000000000000000
[   73.968905][ T5316]  ? mark_buffer_dirty+0x298/0x440
[   73.971181][ T5316]  mark_buffer_dirty_inode+0x86/0x2f0
[   73.973704][ T5316]  fat_remove_entries+0x181/0x400
[   73.976544][ T5316]  msdos_rename+0xf4e/0x1370
[   73.979124][ T5316]  ? __pfx_msdos_rename+0x10/0x10
[   73.981848][ T5316]  ? down_write_nested+0x174/0x210
[   73.984674][ T5316]  ? __pfx_down_write_nested+0x10/0x10
[   73.987664][ T5316]  ? do_raw_spin_unlock+0x4d/0x210
[   73.990448][ T5316]  ? try_break_deleg+0x5b/0x180
[   73.993161][ T5316]  ? __pfx_msdos_rename+0x10/0x10
[   73.995943][ T5316]  vfs_rename+0xa96/0xeb0
[   73.998294][ T5316]  ? __pfx_vfs_rename+0x10/0x10
[   74.000494][ T5316]  ? do_raw_spin_unlock+0x4d/0x210
[   74.002664][ T5316]  ? bpf_lsm_path_rename+0x9/0x20
[   74.004973][ T5316]  ? security_path_rename+0x17d/0x460
[   74.007447][ T5316]  filename_renameat2+0x539/0x9c0
[   74.009741][ T5316]  ? __pfx_filename_renameat2+0x10/0x10
[   74.012134][ T5316]  ? getname_long+0xbc/0x130
[   74.013926][ T5316]  ? do_getname+0x151/0x250
[   74.015981][ T5316]  __se_sys_rename+0x55/0x2c0
[   74.017872][ T5316]  do_syscall_64+0x14d/0xf80
[   74.019870][ T5316]  ? trace_irq_disable+0x3b/0x150
[   74.021785][ T5316]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.024287][ T5316]  ? clear_bhb_loop+0x40/0x90
[   74.026279][ T5316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.028909][ T5316] RIP: 0033:0x7fa7d3d9c629
[   74.030922][ T5316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.039310][ T5316] RSP: 002b:00007fa7d01d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[   74.042882][ T5316] RAX: ffffffffffffffda RBX: 00007fa7d4016180 RCX: 00007fa7d3d9c629
[   74.046316][ T5316] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000200000000000
[   74.049739][ T5316] RBP: 00007fa7d3e32b39 R08: 0000000000000000 R09: 0000000000000000
[   74.053188][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.056543][ T5316] R13: 00007fa7d4016218 R14: 00007fa7d4016180 R15: 00007ffef5bf2bb8
[   74.059778][ T5316]  </TASK>
[   74.061514][ T5316] Kernel Offset: disabled
[   74.063309][ T5316] Rebooting in 86400 seconds..