program:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0xc8d0, &(0x7f0000000080)=ANY=[@ANYRES8=0x0, @ANYRES8, @ANYRESHEX, @ANYRES32], 0x4, 0x2d5, &(0x7f0000000200)="$eJzs3L9PE2EYwPGnpZRSAtfBaDQxvNFFlwvU3dgYSIxNJEiNPxLjAVdterak12BqjOjkavwjHAgjG4nyD7C4Obm4sZg4yGA80/tRChTBQjmg309C7oHnfcr7XoE874W79fvvnxfztp43qhJNKImIiGyIpCQqgYh/jLpxXJq9kasDP79evPvg4e1MNjs2qdR4ZupaWik1NPzpxat+f9hKn6ylHq//SH9fO7t2fv3P1LOCrQq2KpWrylDT5W9VY9oy1WzBLupKTVimYZuqULLNipcve/m8VZ6bqymjNDuYnKuYtq2MUk0VzZqqllW1UlPGU6NQUrquq8GkYC+5xclJI9Nm8cwhTwYdUqlkjB4R6d+RyS2GMiEAABAqv/9vdPvRekvfTv8fa9n/L11arQ7cWx7y+/+VeL3/F2nq/59svtaW/j8hIh3v/3d2RKeL4/w7f6D+HydEvf9P+r+/rrePlkbcgP4fAAAAAAAAAAAAAAAAAAAAAICTYMNxNMdxtOAYfPSJSMK9g8T7POx5ojN4/7vb5oM7YkMi1rv53HzOO/oDVkXEElNGRJPf7s+Drx4H9wKqupR8thb8+oX5XI+byeSl4NaPiiap7fWOM34rOzaqPFvreyXZXJ8WTc60rk+3rI/LlctN9bpo8mVGymLJrH9nXFD/elSpm3ey2+r73XEAAAAAAJwGumpo7N/7mvP6zry3P/byjf11y+sD3v56pOX+PCYXYmGtGgAAAACA7mLXXhYNyzIrpy4IVrjfquB/GXYZE5HIbqlDCIJvfjxO3T6CaFtTHY7/55vSMgguG+02RibaeWVHEznoaTn34eOvwzvP15cTe6y0Y0Hv0f0FAgAAAHBUNpv+4Cs3wp0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd6CgeJxb2GgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDj4m8AAAD//87sChQ=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x48)
pwrite64(r0, &(0x7f0000003a80)='\t', 0x1, 0x8000c61)
open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x6000, 0x64)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x3, 0x0, 0x0, 0x4, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c678082004cb59d654cb9b1b165263bdbcef549ba197fce47ddfdd753abd950100172a00ffffff00f7ffffff000000f3e7f20000000200000000000600", "b7326736181c208220fffff2ff00000000000000000e00", [0x4]})
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x9)

[  104.730593][ T4650] Bluetooth: hci0: command tx timeout
[  104.909934][ T5322] loop0: detected capacity change from 0 to 128
[  104.970095][ T5322] =======================================================
[  104.970095][ T5322] WARNING: The mand mount option has been deprecated and
[  104.970095][ T5322]          and is ignored by this kernel. Remove the mand
[  104.970095][ T5322]          option from the mount to silence this warning.
[  104.970095][ T5322] =======================================================
[  105.071596][   T24] audit: type=1800 audit(1778116346.144:2): pid=5323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=1048586 res=0 errno=0
[  105.106470][  T135] I/O error, dev loop0, sector 32 op 0x1:(WRITE) flags 0x0 phys_seg 1 prio class 2
[  105.111273][  T135] Buffer I/O error on dev loop0, logical block 32, lost sync page write
[  105.116061][ T5323] loop0: detected capacity change from 128 to 0
[  105.121261][ T5322] FAT-fs (loop0): FAT read failed (blocknr 32)
[  105.135672][ T5323] FAT-fs (loop0): Directory bread(block 40) failed
[  105.139010][ T5323] FAT-fs (loop0): Directory bread(block 40) failed
[  105.149310][ T5322] Buffer I/O error on dev loop0, logical block 34, lost sync page write
[  105.154327][ T5322] FAT-fs (loop0): unable to read inode block for updating (i_pos 548)
[  105.160036][ T5323] ------------[ cut here ]------------
[  105.162892][ T5323] !buffer_uptodate(bh)
[  105.162908][ T5323] WARNING: fs/buffer.c:1087 at mark_buffer_dirty+0x299/0x410, CPU#0: syz.0.0/5323
[  105.169615][ T5323] Modules linked in:
[  105.171636][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  105.178027][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  105.184079][ T5323] RIP: 0010:mark_buffer_dirty+0x299/0x410
[  105.187027][ T5323] Code: 4c 89 f7 e8 89 5d da ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 b4 63 fb ff e8 ef 93 6d ff eb 8c e8 e8 93 6d ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 da 93 6d ff 90 0f 0b 90 e9 cf fd ff ff
[  105.195164][ T5323] RSP: 0018:ffffc900057df208 EFLAGS: 00010287
[  105.197692][ T5323] RAX: ffffffff82583af8 RBX: ffff888046d92000 RCX: 0000000000100000
[  105.201249][ T5323] RDX: ffffc90020802000 RSI: 00000000000029e1 RDI: 00000000000029e2
[  105.205146][ T5323] RBP: ffffc900057df401 R08: ffff888046d92007 R09: 1ffff11008db2400
[  105.208685][ T5323] R10: dffffc0000000000 R11: ffffed1008db2401 R12: dffffc0000000000
[  105.212498][ T5323] R13: 00000000000002a0 R14: dffffc0000000000 R15: ffff888046e3ba50
[  105.215980][ T5323] FS:  00007f247469b6c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000
[  105.219790][ T5323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  105.223134][ T5323] CR2: 00007f247469aff8 CR3: 0000000039246000 CR4: 0000000000352ef0
[  105.226572][ T5323] Call Trace:
[  105.228094][ T5323]  <TASK>
[  105.229351][ T5323]  mmb_mark_buffer_dirty+0x2f/0x200
[  105.231787][ T5323]  fat_add_entries+0x799/0x2320
[  105.234254][ T5323]  ? __pfx_fat_add_entries+0x10/0x10
[  105.236812][ T5323]  ? kasan_quarantine_put+0xbb/0x1f0
[  105.239088][ T5323]  ? lockdep_hardirqs_on+0x7a/0x110
[  105.241149][ T5323]  ? kfree+0x1c5/0x640
[  105.243152][ T5323]  ? vfat_add_entry+0x2dbf/0x3580
[  105.245023][ T5323]  vfat_add_entry+0x2def/0x3580
[  105.247133][ T5323]  ? __pfx_vfat_add_entry+0x10/0x10
[  105.249442][ T5323]  ? __mutex_trylock_common+0x158/0x260
[  105.251921][ T5323]  ? __pfx___mutex_trylock_common+0x10/0x10
[  105.255276][ T5323]  ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0
[  105.258103][ T5323]  ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0
[  105.260838][ T5323]  ? seqcount_lockdep_reader_access+0xa9/0x100
[  105.263711][ T5323]  ? lockdep_hardirqs_on+0x7a/0x110
[  105.265977][ T5323]  ? ktime_get_coarse_real_ts64_mg+0x10/0x1e0
[  105.268886][ T5323]  ? seqcount_lockdep_reader_access+0xea/0x100
[  105.272557][ T5323]  ? current_time+0x22a/0x370
[  105.275007][ T5323]  ? iput+0xdc7/0xe80
[  105.276840][ T5323]  vfat_create+0x148/0x270
[  105.278849][ T5323]  ? __pfx_vfat_create+0x10/0x10
[  105.281227][ T5323]  ? security_inode_permission+0xb7/0x2e0
[  105.284322][ T5323]  ? may_o_create+0x2d2/0x370
[  105.286534][ T5323]  ? bpf_lsm_inode_create+0x9/0x20
[  105.288819][ T5323]  ? __pfx_vfat_create+0x10/0x10
[  105.291440][ T5323]  path_openat+0x1395/0x3860
[  105.293777][ T5323]  ? __pfx_path_openat+0x10/0x10
[  105.296097][ T5323]  do_file_open+0x23e/0x4a0
[  105.297787][ T5323]  ? __pfx_do_file_open+0x10/0x10
[  105.300019][ T5323]  ? _raw_spin_unlock+0x28/0x50
[  105.302202][ T5323]  ? alloc_fd+0x64b/0x6c0
[  105.304105][ T5323]  do_sys_openat2+0x113/0x200
[  105.306246][ T5323]  ? __se_sys_futex+0x3a8/0x450
[  105.308437][ T5323]  ? __pfx_do_sys_openat2+0x10/0x10
[  105.310921][ T5323]  ? rcu_is_watching+0x15/0xb0
[  105.313578][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.316564][ T5323]  __x64_sys_creat+0x8f/0xc0
[  105.318869][ T5323]  do_syscall_64+0x15f/0xf80
[  105.321111][ T5323]  ? clear_bhb_loop+0x40/0x90
[  105.323489][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.326213][ T5323] RIP: 0033:0x7f247379cdd9
[  105.328598][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  105.338885][ T5323] RSP: 002b:00007f247469afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  105.342719][ T5323] RAX: ffffffffffffffda RBX: 00007f2473a16090 RCX: 00007f247379cdd9
[  105.346338][ T5323] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000200000000e00
[  105.349654][ T5323] RBP: 00007f2473832d69 R08: 0000000000000000 R09: 0000000000000000
[  105.353150][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.356602][ T5323] R13: 00007f2473a16128 R14: 00007f2473a16090 R15: 00007ffd5e53e4e8
[  105.360050][ T5323]  </TASK>
[  105.361455][ T5323] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  105.364653][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  105.368746][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  105.373424][ T5323] Call Trace:
[  105.375046][ T5323]  <TASK>
[  105.376384][ T5323]  vpanic+0x56c/0xa60
[  105.378129][ T5323]  ? __pfx__printk+0x10/0x10
[  105.380063][ T5323]  ? __pfx_vpanic+0x10/0x10
[  105.382094][ T5323]  ? is_bpf_text_address+0x292/0x2b0
[  105.384564][ T5323]  ? is_bpf_text_address+0x26/0x2b0
[  105.387134][ T5323]  panic+0xc5/0xd0
[  105.388806][ T5323]  ? __pfx_panic+0x10/0x10
[  105.390872][ T5323]  __warn+0x315/0x4c0
[  105.392662][ T5323]  ? mark_buffer_dirty+0x299/0x410
[  105.394878][ T5323]  ? mark_buffer_dirty+0x299/0x410
[  105.397179][ T5323]  __report_bug+0x29a/0x540
[  105.399213][ T5323]  ? mark_buffer_dirty+0x299/0x410
[  105.401435][ T5323]  ? __pfx___report_bug+0x10/0x10
[  105.403538][ T5323]  ? __pfx___schedule+0x10/0x10
[  105.405794][ T5323]  ? __bread_gfp+0xc3/0x3b0
[  105.407928][ T5323]  ? mark_buffer_dirty+0x299/0x410
[  105.410381][ T5323]  report_bug+0x16a/0x220
[  105.412450][ T5323]  ? mark_buffer_dirty+0x299/0x410
[  105.414862][ T5323]  ? mark_buffer_dirty+0x29b/0x410
[  105.417062][ T5323]  handle_bug+0x9c/0x200
[  105.419011][ T5323]  exc_invalid_op+0x1a/0x50
[  105.421011][ T5323]  asm_exc_invalid_op+0x1a/0x20
[  105.423240][ T5323] RIP: 0010:mark_buffer_dirty+0x299/0x410
[  105.425642][ T5323] Code: 4c 89 f7 e8 89 5d da ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 b4 63 fb ff e8 ef 93 6d ff eb 8c e8 e8 93 6d ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 da 93 6d ff 90 0f 0b 90 e9 cf fd ff ff
[  105.433523][ T5323] RSP: 0018:ffffc900057df208 EFLAGS: 00010287
[  105.436432][ T5323] RAX: ffffffff82583af8 RBX: ffff888046d92000 RCX: 0000000000100000
[  105.440170][ T5323] RDX: ffffc90020802000 RSI: 00000000000029e1 RDI: 00000000000029e2
[  105.444005][ T5323] RBP: ffffc900057df401 R08: ffff888046d92007 R09: 1ffff11008db2400
[  105.447418][ T5323] R10: dffffc0000000000 R11: ffffed1008db2401 R12: dffffc0000000000
[  105.450944][ T5323] R13: 00000000000002a0 R14: dffffc0000000000 R15: ffff888046e3ba50
[  105.454877][ T5323]  ? mark_buffer_dirty+0x298/0x410
[  105.457596][ T5323]  ? mark_buffer_dirty+0x298/0x410
[  105.459976][ T5323]  mmb_mark_buffer_dirty+0x2f/0x200
[  105.462495][ T5323]  fat_add_entries+0x799/0x2320
[  105.464688][ T5323]  ? __pfx_fat_add_entries+0x10/0x10
[  105.467114][ T5323]  ? kasan_quarantine_put+0xbb/0x1f0
[  105.469426][ T5323]  ? lockdep_hardirqs_on+0x7a/0x110
[  105.471664][ T5323]  ? kfree+0x1c5/0x640
[  105.473469][ T5323]  ? vfat_add_entry+0x2dbf/0x3580
[  105.475896][ T5323]  vfat_add_entry+0x2def/0x3580
[  105.478130][ T5323]  ? __pfx_vfat_add_entry+0x10/0x10
[  105.480649][ T5323]  ? __mutex_trylock_common+0x158/0x260
[  105.483469][ T5323]  ? __pfx___mutex_trylock_common+0x10/0x10
[  105.486458][ T5323]  ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0
[  105.489202][ T5323]  ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0
[  105.491899][ T5323]  ? seqcount_lockdep_reader_access+0xa9/0x100
[  105.494686][ T5323]  ? lockdep_hardirqs_on+0x7a/0x110
[  105.497022][ T5323]  ? ktime_get_coarse_real_ts64_mg+0x10/0x1e0
[  105.499633][ T5323]  ? seqcount_lockdep_reader_access+0xea/0x100
[  105.502404][ T5323]  ? current_time+0x22a/0x370
[  105.504587][ T5323]  ? iput+0xdc7/0xe80
[  105.506439][ T5323]  vfat_create+0x148/0x270
[  105.508455][ T5323]  ? __pfx_vfat_create+0x10/0x10
[  105.510756][ T5323]  ? security_inode_permission+0xb7/0x2e0
[  105.513413][ T5323]  ? may_o_create+0x2d2/0x370
[  105.515535][ T5323]  ? bpf_lsm_inode_create+0x9/0x20
[  105.517770][ T5323]  ? __pfx_vfat_create+0x10/0x10
[  105.519871][ T5323]  path_openat+0x1395/0x3860
[  105.521931][ T5323]  ? __pfx_path_openat+0x10/0x10
[  105.524171][ T5323]  do_file_open+0x23e/0x4a0
[  105.526164][ T5323]  ? __pfx_do_file_open+0x10/0x10
[  105.528583][ T5323]  ? _raw_spin_unlock+0x28/0x50
[  105.530927][ T5323]  ? alloc_fd+0x64b/0x6c0
[  105.532891][ T5323]  do_sys_openat2+0x113/0x200
[  105.535101][ T5323]  ? __se_sys_futex+0x3a8/0x450
[  105.537305][ T5323]  ? __pfx_do_sys_openat2+0x10/0x10
[  105.539695][ T5323]  ? rcu_is_watching+0x15/0xb0
[  105.541897][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.544536][ T5323]  __x64_sys_creat+0x8f/0xc0
[  105.546656][ T5323]  do_syscall_64+0x15f/0xf80
[  105.548747][ T5323]  ? clear_bhb_loop+0x40/0x90
[  105.551040][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.554038][ T5323] RIP: 0033:0x7f247379cdd9
[  105.556214][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  105.564598][ T5323] RSP: 002b:00007f247469afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  105.568205][ T5323] RAX: ffffffffffffffda RBX: 00007f2473a16090 RCX: 00007f247379cdd9
[  105.571845][ T5323] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000200000000e00
[  105.575347][ T5323] RBP: 00007f2473832d69 R08: 0000000000000000 R09: 0000000000000000
[  105.579062][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.583372][ T5323] R13: 00007f2473a16128 R14: 00007f2473a16090 R15: 00007ffd5e53e4e8
[  105.586806][ T5323]  </TASK>
[  105.588525][ T5323] Kernel Offset: disabled
[  105.590476][ T5323] Rebooting in 86400 seconds..