program:
r0 = socket$qrtr(0x2a, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000007c0), 0x1, 0x46f, &(0x7f0000001040)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey72WYTYzadmP18YHafZ+bZnee7z7w8+zy7AXStoewhidgREb9GxEAju7jAUOPp+tXzkzeunp9MYmHhtT+SvNy1q+cny6Ll67YXmeE0Iv0wKXay2OzZcycn6vXamSI/OnfqrdHZs+eeeOfUxInaidrp8SNHDh8ae/qp8Sc7EmcW17V978/s3/viG5denjx26c0fv87qu6PY3hxHpwxlgf+5kGvd9mind1axnU3ppLfCirAqPRGRNVdffv4PRE/caryBeOGDSisHrKvs3rSl/eb5BWATS6LqGgDVKG/02fffcrlDXY8N4cqzjS9AWdzXi6WxpTfSokxfy/fbThqKiGPzf32eLbFO4xAAAM0+nvzsaH9EvHfjq5eyvsdARJTjQffkj7/lj7uKOZTBiPh/ROyOiLsiYk9E3F2UvTci7ltjfW7v/6SX1/iWy8r6f88Uc1uL+39l7y8Ge4rczjz+vuT4dL12sPhMhqNvS5YfW2Yf3z7/yyfttjX3/7Il23/ZFyzqcbm3ZYBuamJuIu+UdsCVixH7epeKP7k5E5BExN6I2Le6t95VJqYf+3J/u0Irx7+MDswzLXyRhTefxT8fLfGXkub5yenb5idHt0a9dnC0PCpu99PPH73abv9rir8DrtQaz03t31pkMGmer53t7P7/5fGf9iev5/PM/cW6dyfm5s6MRfQnR/P8ovXjt15b5svy2fE/fGDp83938Zos/vsjIjuIH4iIByPioaLuD0fEIxFxYJkYf3hu5fgjraj9L0ZMLXn9u3n8t7T/6hM9J7//pt3+/1n7H85Tw8Wa/Pq3gqWqk10uWiu4ls8OAAAA/ivS/DfwSTpyM52mIyON3/Dvif+l9ZnZucePz7x9eqrxW/nB6EvLka6BYjy0Pl2vjSXzxTs2xkfHi7Hicrz0UDFu/GnPtjw/MjlTn6o4duh229uc/5nfe6quHbDOti25drz/jlcEqEDrPHq6OHvhlXAxgM3K/7Whe61w/jf/DwbYZNz/oXstdf5faMmbC4DNyf0fupfzH7pU+l3VNQAq5P4PXWkt/+tfx8TWjVGNahIbtVHyRESZSDdEfSTWKVH1lQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAz/g4AAP//K2Lmiw==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r1, 0x0, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x3c8})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1900000004000000c621000003000000021000000daa7379c7ba8757fdbb593d5f8fed158195bd0d5230c71ac81ed42785267ad4a8349cba3a30ee635cd610b2bc2376e2174b243716f3b27d294ea5a05afb0216dafca4727f49dee2af8db30e56ffb69c77400924781681e7856e7f1a5f2600e76cc8a40d2d477ed90ff87615e6201d2fb6c08f85bcce557512cc20785822f4c8a11e90ab63", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="050000000200"/28], 0x48)
ioctl$UFFDIO_CONTINUE(r2, 0xc018aa06, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', 0x1})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04e38f600e08", @ANYRESHEX=r0, @ANYRES8=r0], 0xb)

[  108.236962][ T5301] Bluetooth: hci0: command tx timeout
[  108.367523][ T5322] loop0: detected capacity change from 0 to 512
[  108.432531][ T5322] ------------[ cut here ]------------
[  108.435620][ T5322] EA inode 11 i_nlink=0
[  108.435640][ T5322] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x4c9/0x5a0, CPU#0: syz.0.0/5322
[  108.442805][ T5322] Modules linked in:
[  108.445176][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  108.449298][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  108.453907][ T5322] RIP: 0010:ext4_xattr_inode_update_ref+0x511/0x5a0
[  108.457323][ T5322] Code: 74 08 4c 89 ef e8 9f 06 96 ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 59 fe ff ff e8 bb 71 14 09 44 89
[  108.467757][ T5322] RSP: 0018:ffffc9000f2ef240 EFLAGS: 00010246
[  108.470584][ T5322] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dffffc0000000000
[  108.474610][ T5322] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff901861e0
[  108.478568][ T5322] RBP: ffffc9000f2ef330 R08: ffff888047faee17 R09: 1ffff11008ff5dc2
[  108.483840][ T5322] R10: dffffc0000000000 R11: ffffed1008ff5dc3 R12: ffffffff901861e0
[  108.488707][ T5322] R13: 000000000000000b R14: 1ffff11008ff5d8d R15: ffff888047faec68
[  108.492386][ T5322] FS:  00007fd70ae866c0(0000) GS:ffff88808ca58000(0000) knlGS:0000000000000000
[  108.496604][ T5322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  108.501626][ T5322] CR2: 00007fd709f85dc0 CR3: 00000000361c0000 CR4: 0000000000352ef0
[  108.506203][ T5322] Call Trace:
[  108.507806][ T5322]  <TASK>
[  108.509192][ T5322]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[  108.512074][ T5322]  ? __kmalloc_cache_noprof+0x31c/0x660
[  108.515097][ T5322]  ? ext4_xattr_inode_dec_ref_all+0x4d2/0xe40
[  108.517921][ T5322]  ? __ext4_journal_ensure_credits+0x30/0x450
[  108.520551][ T5322]  ext4_xattr_inode_dec_ref_all+0x8cb/0xe40
[  108.523481][ T5322]  ? __mark_inode_dirty+0xb66/0x1470
[  108.526538][ T5322]  ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10
[  108.530782][ T5322]  ? __ext4_journal_get_write_access+0x27f/0x590
[  108.534323][ T5322]  ? __pfx___ext4_journal_get_write_access+0x10/0x10
[  108.537508][ T5322]  ext4_xattr_delete_inode+0xb45/0xd10
[  108.540066][ T5322]  ? __pfx_ext4_xattr_delete_inode+0x10/0x10
[  108.542785][ T5322]  ext4_evict_inode+0xa63/0xeb0
[  108.545309][ T5322]  ? __pfx_ext4_evict_inode+0x10/0x10
[  108.547943][ T5322]  ? do_raw_spin_unlock+0x4d/0x210
[  108.551752][ T5322]  ? __pfx_ext4_evict_inode+0x10/0x10
[  108.555609][ T5322]  evict+0x61e/0xb10
[  108.557508][ T5322]  ? __pfx_evict+0x10/0x10
[  108.559493][ T5322]  ? _raw_spin_unlock+0x28/0x50
[  108.561975][ T5322]  ? iput+0xb25/0xe80
[  108.563768][ T5322]  ext4_orphan_cleanup+0xc38/0x1470
[  108.566517][ T5322]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  108.569148][ T5322]  ? ext4_register_li_request+0x640/0x720
[  108.572377][ T5322]  ? errseq_check_and_advance+0x66/0x120
[  108.576511][ T5322]  ext4_fill_super+0x59ff/0x6320
[  108.579482][ T5322]  ? __pfx_ext4_fill_super+0x10/0x10
[  108.582592][ T5322]  ? snprintf+0xe8/0x140
[  108.585197][ T5322]  ? __pfx_snprintf+0x10/0x10
[  108.587489][ T5322]  ? set_blocksize+0x1c9/0x440
[  108.590676][ T5322]  ? sb_set_blocksize+0x155/0x240
[  108.594762][ T5322]  ? setup_bdev_super+0x4c1/0x5b0
[  108.597456][ T5322]  get_tree_bdev_flags+0x431/0x4f0
[  108.599887][ T5322]  ? __pfx_ext4_fill_super+0x10/0x10
[  108.602471][ T5322]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  108.605364][ T5322]  vfs_get_tree+0x92/0x2a0
[  108.607751][ T5322]  do_new_mount+0x341/0xd30
[  108.609848][ T5322]  ? apparmor_capable+0x126/0x170
[  108.612246][ T5322]  ? __pfx_do_new_mount+0x10/0x10
[  108.615071][ T5322]  ? ns_capable+0x89/0xe0
[  108.617693][ T5322]  ? user_path_at+0xd4/0x160
[  108.620978][ T5322]  __se_sys_mount+0x31d/0x420
[  108.623741][ T5322]  ? __pfx___se_sys_mount+0x10/0x10
[  108.626371][ T5322]  ? __x64_sys_mount+0x20/0xc0
[  108.628519][ T5322]  do_syscall_64+0x14d/0xf80
[  108.630619][ T5322]  ? trace_irq_disable+0x3b/0x150
[  108.632949][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.635638][ T5322]  ? clear_bhb_loop+0x40/0x90
[  108.638337][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.642018][ T5322] RIP: 0033:0x7fd709f9da0a
[  108.644310][ T5322] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  108.652841][ T5322] RSP: 002b:00007fd70ae85e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  108.657156][ T5322] RAX: ffffffffffffffda RBX: 00007fd70ae85ea0 RCX: 00007fd709f9da0a
[  108.661871][ T5322] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fd70ae85e60
[  108.666000][ T5322] RBP: 0000200000000180 R08: 00007fd70ae85ea0 R09: 0000000000800700
[  108.669540][ T5322] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
[  108.673291][ T5322] R13: 00007fd70ae85e60 R14: 000000000000046f R15: 00002000000007c0
[  108.677337][ T5322]  </TASK>
[  108.679052][ T5322] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  108.682763][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  108.686871][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  108.692218][ T5322] Call Trace:
[  108.694490][ T5322]  <TASK>
[  108.696546][ T5322]  vpanic+0x56c/0xa60
[  108.698673][ T5322]  ? __pfx__printk+0x10/0x10
[  108.700761][ T5322]  ? __pfx_vpanic+0x10/0x10
[  108.702935][ T5322]  ? is_bpf_text_address+0x292/0x2b0
[  108.705312][ T5322]  ? is_bpf_text_address+0x26/0x2b0
[  108.707846][ T5322]  panic+0xc5/0xd0
[  108.709680][ T5322]  ? __pfx_panic+0x10/0x10
[  108.712092][ T5322]  __warn+0x315/0x4f0
[  108.714319][ T5322]  ? ext4_xattr_inode_update_ref+0x4c9/0x5a0
[  108.717835][ T5322]  ? ext4_xattr_inode_update_ref+0x4c9/0x5a0
[  108.720656][ T5322]  __report_bug+0x29a/0x540
[  108.722843][ T5322]  ? ext4_get_group_desc+0x434/0x4e0
[  108.725379][ T5322]  ? ext4_xattr_inode_update_ref+0x4c9/0x5a0
[  108.728661][ T5322]  ? __pfx___report_bug+0x10/0x10
[  108.731821][ T5322]  ? set_normalized_timespec64+0xf0/0x1a0
[  108.734780][ T5322]  ? __ext4_journal_get_write_access+0x84/0x590
[  108.737776][ T5322]  report_bug_entry+0x19a/0x290
[  108.740078][ T5322]  ? ext4_xattr_inode_update_ref+0x511/0x5a0
[  108.742984][ T5322]  ? ext4_xattr_inode_update_ref+0x516/0x5a0
[  108.746629][ T5322]  handle_bug+0xce/0x200
[  108.749853][ T5322]  exc_invalid_op+0x1a/0x50
[  108.752068][ T5322]  asm_exc_invalid_op+0x1a/0x20
[  108.754379][ T5322] RIP: 0010:ext4_xattr_inode_update_ref+0x511/0x5a0
[  108.757423][ T5322] Code: 74 08 4c 89 ef e8 9f 06 96 ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 59 fe ff ff e8 bb 71 14 09 44 89
[  108.768960][ T5322] RSP: 0018:ffffc9000f2ef240 EFLAGS: 00010246
[  108.771940][ T5322] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dffffc0000000000
[  108.775699][ T5322] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff901861e0
[  108.779335][ T5322] RBP: ffffc9000f2ef330 R08: ffff888047faee17 R09: 1ffff11008ff5dc2
[  108.783065][ T5322] R10: dffffc0000000000 R11: ffffed1008ff5dc3 R12: ffffffff901861e0
[  108.787118][ T5322] R13: 000000000000000b R14: 1ffff11008ff5d8d R15: ffff888047faec68
[  108.792831][ T5322]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[  108.795770][ T5322]  ? __kmalloc_cache_noprof+0x31c/0x660
[  108.798313][ T5322]  ? ext4_xattr_inode_dec_ref_all+0x4d2/0xe40
[  108.801164][ T5322]  ? __ext4_journal_ensure_credits+0x30/0x450
[  108.804096][ T5322]  ext4_xattr_inode_dec_ref_all+0x8cb/0xe40
[  108.806901][ T5322]  ? __mark_inode_dirty+0xb66/0x1470
[  108.809829][ T5322]  ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10
[  108.813917][ T5322]  ? __ext4_journal_get_write_access+0x27f/0x590
[  108.817037][ T5322]  ? __pfx___ext4_journal_get_write_access+0x10/0x10
[  108.820263][ T5322]  ext4_xattr_delete_inode+0xb45/0xd10
[  108.822899][ T5322]  ? __pfx_ext4_xattr_delete_inode+0x10/0x10
[  108.825812][ T5322]  ext4_evict_inode+0xa63/0xeb0
[  108.828084][ T5322]  ? __pfx_ext4_evict_inode+0x10/0x10
[  108.831435][ T5322]  ? do_raw_spin_unlock+0x4d/0x210
[  108.834503][ T5322]  ? __pfx_ext4_evict_inode+0x10/0x10
[  108.836675][ T5322]  evict+0x61e/0xb10
[  108.838460][ T5322]  ? __pfx_evict+0x10/0x10
[  108.840525][ T5322]  ? _raw_spin_unlock+0x28/0x50
[  108.842665][ T5322]  ? iput+0xb25/0xe80
[  108.844269][ T5322]  ext4_orphan_cleanup+0xc38/0x1470
[  108.846535][ T5322]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  108.849022][ T5322]  ? ext4_register_li_request+0x640/0x720
[  108.851787][ T5322]  ? errseq_check_and_advance+0x66/0x120
[  108.856222][ T5322]  ext4_fill_super+0x59ff/0x6320
[  108.858608][ T5322]  ? __pfx_ext4_fill_super+0x10/0x10
[  108.861176][ T5322]  ? snprintf+0xe8/0x140
[  108.863144][ T5322]  ? __pfx_snprintf+0x10/0x10
[  108.865063][ T5322]  ? set_blocksize+0x1c9/0x440
[  108.867296][ T5322]  ? sb_set_blocksize+0x155/0x240
[  108.869509][ T5322]  ? setup_bdev_super+0x4c1/0x5b0
[  108.872068][ T5322]  get_tree_bdev_flags+0x431/0x4f0
[  108.874654][ T5322]  ? __pfx_ext4_fill_super+0x10/0x10
[  108.877314][ T5322]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  108.879977][ T5322]  vfs_get_tree+0x92/0x2a0
[  108.882004][ T5322]  do_new_mount+0x341/0xd30
[  108.884047][ T5322]  ? apparmor_capable+0x126/0x170
[  108.886484][ T5322]  ? __pfx_do_new_mount+0x10/0x10
[  108.889272][ T5322]  ? ns_capable+0x89/0xe0
[  108.891631][ T5322]  ? user_path_at+0xd4/0x160
[  108.894114][ T5322]  __se_sys_mount+0x31d/0x420
[  108.896353][ T5322]  ? __pfx___se_sys_mount+0x10/0x10
[  108.898758][ T5322]  ? __x64_sys_mount+0x20/0xc0
[  108.901000][ T5322]  do_syscall_64+0x14d/0xf80
[  108.903075][ T5322]  ? trace_irq_disable+0x3b/0x150
[  108.905376][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.908272][ T5322]  ? clear_bhb_loop+0x40/0x90
[  108.910642][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.913862][ T5322] RIP: 0033:0x7fd709f9da0a
[  108.916408][ T5322] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  108.925751][ T5322] RSP: 002b:00007fd70ae85e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  108.930505][ T5322] RAX: ffffffffffffffda RBX: 00007fd70ae85ea0 RCX: 00007fd709f9da0a
[  108.934265][ T5322] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fd70ae85e60
[  108.938075][ T5322] RBP: 0000200000000180 R08: 00007fd70ae85ea0 R09: 0000000000800700
[  108.941771][ T5322] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
[  108.945577][ T5322] R13: 00007fd70ae85e60 R14: 000000000000046f R15: 00002000000007c0
[  108.950357][ T5322]  </TASK>
[  108.952576][ T5322] Kernel Offset: disabled
[  108.954872][ T5322] Rebooting in 86400 seconds..