program:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000b80)='./file0\x00', 0x800744, &(0x7f0000000300)={[{@data_err_ignore}, {@oldalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nobh}, {@errors_remount}, {@nodiscard}, {@grpid}]}, 0x1, 0x47a, &(0x7f00000006c0)="$eJzs28uPFMUfAPBv9z6AH4/lh/gAUVeJyUbjLrugcvCi0cQYjCZ6wOM6O5ANA2vY1QgSWYzxZGJI9Ew8Gv0LvBkTo55MuHryZEiIcgE8remebpgdZni4M8yy8/kkPVPVXT1VNdWP6qqZAPrWaPaSRGyKiN8jYqQeXZ5gtP525dKpytVLpypJLC299VeSp7t86VSlTFrut7GIjKUR6adJkcly8ydOHpmu1arHi/jEwtH3JuZPnHzmg6PTh6uHq8em9u/ft3fy+eemnu1IPbN6Xd758dyuHa++c/b1ysGz7/7yXVbeTcX2xnp0ymhW8b+Xcs3bnux0Zj22uSGcDPawINyRgYjImmsoP/9HYiCuN95IvPJJTwsHdFV2b1rXfvPiErCGJdHrEgC9Ud7os+ffcrlLXY9V4eKL9QegrN5XiqW+ZTDSIs1Q0/NtJ41GxMHFf85lS3RpHAIAoNHnla8ODEfER1e/fS3re4xERDke9ED++kf+uqWYQ9kaEf+PiG0RcV9EbI+I+4u0D0bEQyssz439n/TCCj/yprL+3wvF3Nby/l/Z+4utA0Vsc17/oeTQbK26J9bl38lYDK3L4pM3yeOHl89/0W5bY/8vW7L8y75gUY4Lg00DdDPTC9N5p7QDLp6J2DnYqv7JtZmAJCJ2RMTOO/voLWVg9qlvdrVL1Lr+l8/dVg4dmGda+jqr3mJW/8Voqn8paZyfnL1hfnJifdSqeybqR0Urv/722Zvt8r91+3fXxWr9vaH9m5NsTRrna+c7m/9/PP7T4eTtfJ55uFj34fTCwvHJiOHkQB5ftn7q+r5lvEyfHf9ju1uf/9uKfbL6PxwR2UH8SEQ8GhGPFWV/PCKeiIjdN6njzy/duv6R9qj9z0TMtLz+XTv+m9r/zgMDR376vl3+t9f++/LQWLEmv/7dQqviZJeL5gKu5LsDAACAe0Wa/wY+ScevhdN0fLz+G/7t8b+0Nje/8PShufePzcT5LfXxz7Qc6RopxkNrs7XqZLJYfGJ9fHSqGCsux0v3FuPGXw5syOPjlbnaTI/rDv1uY5vzP/PnQK9LB3TZhpZrp4bvekGAHmieR0+XR0+/ES4GsFb5vzb0r/L8b/O83/g/GGCNcf+H/tXq/D/dFDcXAGuT+z/0L+c/9Kn0xxXs7KkA7nXu/9CXVvK//i4G1q+OYvQmsFobJQ9ElIF0VZRHoEuBXl+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOuPfAAAA//+Pc+dq") (async, rerun: 64)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x8aba, 0x4, 0x4, 0x804, 0x7, 0xf, 0x120000, 0x6, 0x0, 0x1, 0x200000000002, 0x2, 0xfffffffffffffffe, 0x101, 0x3, 0x1], 0x8000000, 0x141200}) (rerun: 64)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000100)=@x86={0x9, 0x2, 0x3, 0x0, 0x9, 0x4, 0x3, 0x8, 0x7, 0x7b, 0x4, 0x0, 0x0, 0x40, 0x6, 0x0, 0x3, 0x6b, 0x3, '\x00', 0xff, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  111.283175][ T5290] Bluetooth: hci0: command tx timeout
[  111.707718][ T5335] loop0: detected capacity change from 0 to 512
[  111.723245][ T5335] =======================================================
[  111.723245][ T5335] WARNING: The mand mount option has been deprecated and
[  111.723245][ T5335]          and is ignored by this kernel. Remove the mand
[  111.723245][ T5335]          option from the mount to silence this warning.
[  111.723245][ T5335] =======================================================
[  111.856264][ T5335] ------------[ cut here ]------------
[  111.859285][ T5335] EA inode 11 i_nlink=0
[  111.859328][ T5335] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x4c9/0x5a0, CPU#0: syz.0.0/5335
[  111.865791][ T5335] Modules linked in:
[  111.868054][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  111.871714][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  111.875724][ T5335] RIP: 0010:ext4_xattr_inode_update_ref+0x511/0x5a0
[  111.878388][ T5335] Code: 74 08 4c 89 ef e8 af 5c 96 ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 59 fe ff ff e8 5b fc 0d 09 44 89
[  111.886169][ T5335] RSP: 0018:ffffc900048ef240 EFLAGS: 00010246
[  111.888778][ T5335] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dffffc0000000000
[  111.892021][ T5335] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff90378b30
[  111.895285][ T5335] RBP: ffffc900048ef330 R08: ffff888046eb8d87 R09: 1ffff11008dd71b0
[  111.898494][ T5335] R10: dffffc0000000000 R11: ffffed1008dd71b1 R12: ffffffff90378b30
[  111.901385][ T5335] R13: 000000000000000b R14: 1ffff11008dd717c R15: ffff888046eb8be0
[  111.904554][ T5335] FS:  00007ff18e5b36c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000
[  111.908256][ T5335] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  111.910978][ T5335] CR2: 00007f5c21207000 CR3: 0000000012a7f000 CR4: 0000000000352ef0
[  111.914337][ T5335] Call Trace:
[  111.915768][ T5335]  <TASK>
[  111.917045][ T5335]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[  111.919202][ T5335]  ? __kmalloc_cache_noprof+0x31c/0x660
[  111.921169][ T5335]  ? ext4_xattr_inode_dec_ref_all+0x4d0/0xe40
[  111.923674][ T5335]  ? __ext4_journal_ensure_credits+0x30/0x450
[  111.926886][ T5335]  ext4_xattr_inode_dec_ref_all+0x8c9/0xe40
[  111.929357][ T5335]  ? __mark_inode_dirty+0xb66/0x13b0
[  111.931559][ T5335]  ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10
[  111.934155][ T5335]  ? __ext4_journal_get_write_access+0x27f/0x590
[  111.938455][ T5335]  ? __pfx___ext4_journal_get_write_access+0x10/0x10
[  111.941111][ T5335]  ext4_xattr_delete_inode+0xb45/0xd10
[  111.943351][ T5335]  ? __pfx_ext4_xattr_delete_inode+0x10/0x10
[  111.945792][ T5335]  ext4_evict_inode+0xc4e/0x10e0
[  111.948195][ T5335]  ? __pfx_ext4_evict_inode+0x10/0x10
[  111.950332][ T5335]  ? do_raw_spin_unlock+0x4d/0x210
[  111.952264][ T5335]  ? __pfx_ext4_evict_inode+0x10/0x10
[  111.954313][ T5335]  evict+0x61e/0xb10
[  111.955913][ T5335]  ? __pfx_evict+0x10/0x10
[  111.957811][ T5335]  ? _raw_spin_unlock+0x28/0x50
[  111.959912][ T5335]  ? iput+0xb25/0xe80
[  111.961499][ T5335]  ext4_orphan_cleanup+0xc38/0x1470
[  111.963397][ T5335]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  111.965732][ T5335]  ? ext4_register_li_request+0x640/0x720
[  111.967930][ T5335]  ? errseq_check_and_advance+0x66/0x120
[  111.969942][ T5335]  ext4_fill_super+0x5a19/0x6330
[  111.971856][ T5335]  ? __pfx_ext4_fill_super+0x10/0x10
[  111.973922][ T5335]  ? snprintf+0xe8/0x140
[  111.975632][ T5335]  ? __pfx_snprintf+0x10/0x10
[  111.977344][ T5335]  ? set_blocksize+0x1c9/0x440
[  111.979028][ T5335]  ? sb_set_blocksize+0x155/0x240
[  111.980823][ T5335]  ? setup_bdev_super+0x4c1/0x5b0
[  111.982478][ T5335]  get_tree_bdev_flags+0x431/0x4f0
[  111.984481][ T5335]  ? __pfx_ext4_fill_super+0x10/0x10
[  111.986339][ T5335]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  111.988615][ T5335]  vfs_get_tree+0x92/0x2a0
[  111.990274][ T5335]  do_new_mount+0x341/0xd30
[  111.992151][ T5335]  ? __pfx_do_new_mount+0x10/0x10
[  111.994131][ T5335]  ? user_path_at+0xd4/0x160
[  111.996103][ T5335]  __se_sys_mount+0x31d/0x420
[  111.998308][ T5335]  ? __pfx___se_sys_mount+0x10/0x10
[  112.000660][ T5335]  ? __x64_sys_mount+0x20/0xc0
[  112.002673][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.005336][ T5335]  do_syscall_64+0x15f/0xf80
[  112.007287][ T5335]  ? trace_irq_disable+0x3b/0x140
[  112.009138][ T5335]  ? clear_bhb_loop+0x40/0x90
[  112.010636][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.012848][ T5335] RIP: 0033:0x7ff19219e04a
[  112.014529][ T5335] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  112.022607][ T5335] RSP: 002b:00007ff18e5b2e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  112.025527][ T5335] RAX: ffffffffffffffda RBX: 00007ff18e5b2ea0 RCX: 00007ff19219e04a
[  112.028948][ T5335] RDX: 00002000000001c0 RSI: 0000200000000b80 RDI: 00007ff18e5b2e60
[  112.032383][ T5335] RBP: 00002000000001c0 R08: 00007ff18e5b2ea0 R09: 0000000000800744
[  112.035508][ T5335] R10: 0000000000800744 R11: 0000000000000246 R12: 0000200000000b80
[  112.038670][ T5335] R13: 00007ff18e5b2e60 R14: 000000000000047a R15: 0000200000000300
[  112.041648][ T5335]  </TASK>
[  112.042949][ T5335] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  112.045887][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  112.049384][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  112.053301][ T5335] Call Trace:
[  112.054671][ T5335]  <TASK>
[  112.055880][ T5335]  vpanic+0x56c/0xa60
[  112.057670][ T5335]  ? __pfx__printk+0x10/0x10
[  112.059599][ T5335]  ? __pfx_vpanic+0x10/0x10
[  112.061428][ T5335]  ? is_bpf_text_address+0x292/0x2b0
[  112.063420][ T5335]  ? is_bpf_text_address+0x26/0x2b0
[  112.065333][ T5335]  panic+0xc5/0xd0
[  112.066968][ T5335]  ? __pfx_panic+0x10/0x10
[  112.068768][ T5335]  __warn+0x315/0x4c0
[  112.070349][ T5335]  ? ext4_xattr_inode_update_ref+0x4c9/0x5a0
[  112.072598][ T5335]  ? ext4_xattr_inode_update_ref+0x4c9/0x5a0
[  112.074694][ T5335]  __report_bug+0x29a/0x540
[  112.076386][ T5335]  ? ext4_get_group_desc+0x434/0x4e0
[  112.078326][ T5335]  ? ext4_xattr_inode_update_ref+0x4c9/0x5a0
[  112.080562][ T5335]  ? __pfx___report_bug+0x10/0x10
[  112.082457][ T5335]  ? set_normalized_timespec64+0xf0/0x1a0
[  112.084578][ T5335]  report_bug_entry+0x19a/0x290
[  112.086471][ T5335]  ? ext4_xattr_inode_update_ref+0x511/0x5a0
[  112.088851][ T5335]  ? ext4_xattr_inode_update_ref+0x516/0x5a0
[  112.091295][ T5335]  handle_bug+0xce/0x200
[  112.092937][ T5335]  exc_invalid_op+0x1a/0x50
[  112.094764][ T5335]  asm_exc_invalid_op+0x1a/0x20
[  112.096886][ T5335] RIP: 0010:ext4_xattr_inode_update_ref+0x511/0x5a0
[  112.099662][ T5335] Code: 74 08 4c 89 ef e8 af 5c 96 ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 59 fe ff ff e8 5b fc 0d 09 44 89
[  112.106888][ T5335] RSP: 0018:ffffc900048ef240 EFLAGS: 00010246
[  112.109297][ T5335] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dffffc0000000000
[  112.112298][ T5335] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff90378b30
[  112.115358][ T5335] RBP: ffffc900048ef330 R08: ffff888046eb8d87 R09: 1ffff11008dd71b0
[  112.118432][ T5335] R10: dffffc0000000000 R11: ffffed1008dd71b1 R12: ffffffff90378b30
[  112.121436][ T5335] R13: 000000000000000b R14: 1ffff11008dd717c R15: ffff888046eb8be0
[  112.124373][ T5335]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[  112.126654][ T5335]  ? __kmalloc_cache_noprof+0x31c/0x660
[  112.128663][ T5335]  ? ext4_xattr_inode_dec_ref_all+0x4d0/0xe40
[  112.130813][ T5335]  ? __ext4_journal_ensure_credits+0x30/0x450
[  112.133070][ T5335]  ext4_xattr_inode_dec_ref_all+0x8c9/0xe40
[  112.134766][ T5335]  ? __mark_inode_dirty+0xb66/0x13b0
[  112.136300][ T5335]  ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10
[  112.138876][ T5335]  ? __ext4_journal_get_write_access+0x27f/0x590
[  112.141391][ T5335]  ? __pfx___ext4_journal_get_write_access+0x10/0x10
[  112.144152][ T5335]  ext4_xattr_delete_inode+0xb45/0xd10
[  112.146073][ T5335]  ? __pfx_ext4_xattr_delete_inode+0x10/0x10
[  112.148256][ T5335]  ext4_evict_inode+0xc4e/0x10e0
[  112.150034][ T5335]  ? __pfx_ext4_evict_inode+0x10/0x10
[  112.151876][ T5335]  ? do_raw_spin_unlock+0x4d/0x210
[  112.153842][ T5335]  ? __pfx_ext4_evict_inode+0x10/0x10
[  112.155915][ T5335]  evict+0x61e/0xb10
[  112.157429][ T5335]  ? __pfx_evict+0x10/0x10
[  112.159094][ T5335]  ? _raw_spin_unlock+0x28/0x50
[  112.160924][ T5335]  ? iput+0xb25/0xe80
[  112.162447][ T5335]  ext4_orphan_cleanup+0xc38/0x1470
[  112.164456][ T5335]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  112.166523][ T5335]  ? ext4_register_li_request+0x640/0x720
[  112.168678][ T5335]  ? errseq_check_and_advance+0x66/0x120
[  112.170760][ T5335]  ext4_fill_super+0x5a19/0x6330
[  112.172578][ T5335]  ? __pfx_ext4_fill_super+0x10/0x10
[  112.174311][ T5335]  ? snprintf+0xe8/0x140
[  112.176006][ T5335]  ? __pfx_snprintf+0x10/0x10
[  112.177688][ T5335]  ? set_blocksize+0x1c9/0x440
[  112.179394][ T5335]  ? sb_set_blocksize+0x155/0x240
[  112.181285][ T5335]  ? setup_bdev_super+0x4c1/0x5b0
[  112.183323][ T5335]  get_tree_bdev_flags+0x431/0x4f0
[  112.185285][ T5335]  ? __pfx_ext4_fill_super+0x10/0x10
[  112.187327][ T5335]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  112.189515][ T5335]  vfs_get_tree+0x92/0x2a0
[  112.191385][ T5335]  do_new_mount+0x341/0xd30
[  112.193274][ T5335]  ? __pfx_do_new_mount+0x10/0x10
[  112.195038][ T5335]  ? user_path_at+0xd4/0x160
[  112.196723][ T5335]  __se_sys_mount+0x31d/0x420
[  112.198378][ T5335]  ? __pfx___se_sys_mount+0x10/0x10
[  112.200108][ T5335]  ? __x64_sys_mount+0x20/0xc0
[  112.201809][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.204170][ T5335]  do_syscall_64+0x15f/0xf80
[  112.205798][ T5335]  ? trace_irq_disable+0x3b/0x140
[  112.207703][ T5335]  ? clear_bhb_loop+0x40/0x90
[  112.209394][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.211605][ T5335] RIP: 0033:0x7ff19219e04a
[  112.213300][ T5335] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  112.220471][ T5335] RSP: 002b:00007ff18e5b2e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  112.223680][ T5335] RAX: ffffffffffffffda RBX: 00007ff18e5b2ea0 RCX: 00007ff19219e04a
[  112.226486][ T5335] RDX: 00002000000001c0 RSI: 0000200000000b80 RDI: 00007ff18e5b2e60
[  112.229528][ T5335] RBP: 00002000000001c0 R08: 00007ff18e5b2ea0 R09: 0000000000800744
[  112.232665][ T5335] R10: 0000000000800744 R11: 0000000000000246 R12: 0000200000000b80
[  112.235884][ T5335] R13: 00007ff18e5b2e60 R14: 000000000000047a R15: 0000200000000300
[  112.239029][ T5335]  </TASK>
[  112.240888][ T5335] Kernel Offset: disabled
[  112.242602][ T5335] Rebooting in 86400 seconds..