program:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000001c0)=0x1c, 0x4)
connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
syz_emit_vhci(&(0x7f000000a540)=ANY=[@ANYBLOB="02c8"], 0xf)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa408000000000007040000f0ffffffb70200000800000018230000d7bb9ee2ce11b9e2afc76fd8b4efc609adceae6da7f9024984456249", @ANYRES32=r1, @ANYBLOB="00000000000000005704000008000000850000001c0000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_open_dev$rtc(&(0x7f0000000000), 0x4, 0x20000)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000040)={[{@nodioread_nolock}, {@errors_remount}, {@noauto_da_alloc}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey72WYTYzadmP18YHafZ+bZnee7z7w8+zy7AXStoewhidgREb9GxEAju7jAUOPp+tXzkzeunp9MYmHhtT+SvNy1q+cny6Ll67YXmeE0Iv0wKXay2OzZcycn6vXamSI/OnfqrdHZs+eeeOfUxInaidrp8SNHDh8ae/qp8Sc7EmcW17V978/s3/viG5denjx26c0fv87qu6PY3hxHpwxlgf+5kGvd9mind1axnU3ppLfCirAqPRGRNVdffv4PRE/caryBeOGDSisHrKvs3rSl/eb5BWATS6LqGgDVKG/02fffcrlDXY8N4cqzjS9AWdzXi6WxpTfSokxfy/fbThqKiGPzf32eLbFO4xAAAM0+nvzsaH9EvHfjq5eyvsdARJTjQffkj7/lj7uKOZTBiPh/ROyOiLsiYk9E3F2UvTci7ltjfW7v/6SX1/iWy8r6f88Uc1uL+39l7y8Ge4rczjz+vuT4dL12sPhMhqNvS5YfW2Yf3z7/yyfttjX3/7Il23/ZFyzqcbm3ZYBuamJuIu+UdsCVixH7epeKP7k5E5BExN6I2Le6t95VJqYf+3J/u0Irx7+MDswzLXyRhTefxT8fLfGXkub5yenb5idHt0a9dnC0PCpu99PPH73abv9rir8DrtQaz03t31pkMGmer53t7P7/5fGf9iev5/PM/cW6dyfm5s6MRfQnR/P8ovXjt15b5svy2fE/fGDp83938Zos/vsjIjuIH4iIByPioaLuD0fEIxFxYJkYf3hu5fgjraj9L0ZMLXn9u3n8t7T/6hM9J7//pt3+/1n7H85Tw8Wa/Pq3gqWqk10uWiu4ls8OAAAA/ivS/DfwSTpyM52mIyON3/Dvif+l9ZnZucePz7x9eqrxW/nB6EvLka6BYjy0Pl2vjSXzxTs2xkfHi7Hicrz0UDFu/GnPtjw/MjlTn6o4duh229uc/5nfe6quHbDOti25drz/jlcEqEDrPHq6OHvhlXAxgM3K/7Whe61w/jf/DwbYZNz/oXstdf5faMmbC4DNyf0fupfzH7pU+l3VNQAq5P4PXWkt/+tfx8TWjVGNahIbtVHyRESZSDdEfSTWKVH1lQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAz/g4AAP//K2Lmiw==")

[  128.669826][   T46] Bluetooth: hci0: command tx timeout
[  128.887018][   T46] Bluetooth: Frame is too long (len 10, expected len 4)
[  128.918132][ T5347] loop0: detected capacity change from 0 to 512
[  129.020557][ T5347] ------------[ cut here ]------------
[  129.023964][ T5347] EA inode 11 i_nlink=0
[  129.023979][ T5347] WARNING: fs/ext4/xattr.c:1058 at ext4_xattr_inode_update_ref+0x494/0x570, CPU#0: syz.0.0/5347
[  129.029554][ T5347] Modules linked in:
[  129.031589][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  129.035259][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.039289][ T5347] RIP: 0010:ext4_xattr_inode_update_ref+0x4dc/0x570
[  129.041952][ T5347] Code: 74 08 4c 89 ef e8 84 9d 9a ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 bd fe ff ff e8 20 7d cd 08 44 89
[  129.050122][ T5347] RSP: 0018:ffffc9000b2c7240 EFLAGS: 00010246
[  129.052612][ T5347] RAX: 0000000000000000 RBX: 1ffff11008d7142d RCX: dffffc0000000000
[  129.055762][ T5347] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff8f88c270
[  129.058893][ T5347] RBP: ffffc9000b2c7330 R08: ffff888046b8a16f R09: 1ffff11008d7142d
[  129.062179][ T5347] R10: dffffc0000000000 R11: ffffed1008d7142e R12: ffffffff8f88c270
[  129.065624][ T5347] R13: 000000000000000b R14: 1ffff11008d713f8 R15: ffff888046b89fc0
[  129.068629][ T5347] FS:  00007f9adc5ef6c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000
[  129.071903][ T5347] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  129.074431][ T5347] CR2: 0000558e24a6d168 CR3: 000000001242f000 CR4: 0000000000352ef0
[  129.077593][ T5347] Call Trace:
[  129.079414][ T5347]  <TASK>
[  129.080670][ T5347]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[  129.083859][ T5347]  ? __kmalloc_cache_noprof+0x3e2/0x700
[  129.086310][ T5347]  ? ext4_xattr_inode_dec_ref_all+0x4ca/0xe00
[  129.089032][ T5347]  ? __ext4_journal_ensure_credits+0x30/0x450
[  129.091736][ T5347]  ext4_xattr_inode_dec_ref_all+0x8c3/0xe00
[  129.094618][ T5347]  ? __mark_inode_dirty+0xb3c/0x1330
[  129.096747][ T5347]  ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10
[  129.099275][ T5347]  ? __ext4_journal_get_write_access+0x272/0x570
[  129.101790][ T5347]  ? __pfx___ext4_journal_get_write_access+0x10/0x10
[  129.104878][ T5347]  ext4_xattr_delete_inode+0xa4c/0xc10
[  129.107204][ T5347]  ? __pfx_ext4_xattr_delete_inode+0x10/0x10
[  129.109805][ T5347]  ext4_evict_inode+0xa58/0xe60
[  129.112133][ T5347]  ? __pfx_ext4_evict_inode+0x10/0x10
[  129.114749][ T5347]  ? do_raw_spin_unlock+0x4d/0x240
[  129.117061][ T5347]  ? __pfx_ext4_evict_inode+0x10/0x10
[  129.119461][ T5347]  evict+0x5f4/0xae0
[  129.121221][ T5347]  ? __pfx_evict+0x10/0x10
[  129.123334][ T5347]  ? _raw_spin_unlock+0x28/0x50
[  129.125467][ T5347]  ? iput+0xcc6/0x1030
[  129.127225][ T5347]  ext4_orphan_cleanup+0xc20/0x1460
[  129.129524][ T5347]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  129.131946][ T5347]  ? ext4_register_li_request+0x640/0x720
[  129.135221][ T5347]  ? errseq_check_and_advance+0x66/0x120
[  129.139143][ T5347]  ext4_fill_super+0x58a1/0x6160
[  129.141243][ T5347]  ? __pfx_ext4_fill_super+0x10/0x10
[  129.143549][ T5347]  ? snprintf+0xda/0x120
[  129.145452][ T5347]  ? __pfx_snprintf+0x10/0x10
[  129.147504][ T5347]  ? set_blocksize+0x21e/0x500
[  129.149547][ T5347]  ? sb_set_blocksize+0x155/0x240
[  129.151852][ T5347]  ? setup_bdev_super+0x4c1/0x5b0
[  129.154129][ T5347]  get_tree_bdev_flags+0x40e/0x4d0
[  129.156044][ T5347]  ? __pfx_ext4_fill_super+0x10/0x10
[  129.157950][ T5347]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  129.160126][ T5347]  vfs_get_tree+0x92/0x2a0
[  129.162133][ T5347]  do_new_mount+0x302/0xa10
[  129.164353][ T5347]  ? apparmor_capable+0x137/0x1a0
[  129.166437][ T5347]  ? __pfx_do_new_mount+0x10/0x10
[  129.168460][ T5347]  ? ns_capable+0x8a/0xf0
[  129.170160][ T5347]  ? kmem_cache_free+0x197/0x620
[  129.172054][ T5347]  __se_sys_mount+0x313/0x410
[  129.174053][ T5347]  ? __pfx___se_sys_mount+0x10/0x10
[  129.176066][ T5347]  ? __x64_sys_mount+0x20/0xc0
[  129.177976][ T5347]  do_syscall_64+0xec/0xf80
[  129.179840][ T5347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.182919][ T5347]  ? trace_irq_disable+0x37/0x100
[  129.185479][ T5347]  ? clear_bhb_loop+0x60/0xb0
[  129.188081][ T5347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.191633][ T5347] RIP: 0033:0x7f9adb790f6a
[  129.194251][ T5347] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.203466][ T5347] RSP: 002b:00007f9adc5eee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  129.208372][ T5347] RAX: ffffffffffffffda RBX: 00007f9adc5eeef0 RCX: 00007f9adb790f6a
[  129.212186][ T5347] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f9adc5eeeb0
[  129.216286][ T5347] RBP: 0000200000000180 R08: 00007f9adc5eeef0 R09: 0000000000800700
[  129.220157][ T5347] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
[  129.225468][ T5347] R13: 00007f9adc5eeeb0 R14: 000000000000046f R15: 000000000000002c
[  129.229524][ T5347]  </TASK>
[  129.231309][ T5347] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  129.235202][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  129.239700][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.245416][ T5347] Call Trace:
[  129.247280][ T5347]  <TASK>
[  129.248953][ T5347]  vpanic+0x1e0/0x670
[  129.251304][ T5347]  panic+0xb9/0xc0
[  129.253371][ T5347]  ? __pfx_panic+0x10/0x10
[  129.255410][ T5347]  __warn+0x317/0x4b0
[  129.257178][ T5347]  ? ext4_xattr_inode_update_ref+0x494/0x570
[  129.259603][ T5347]  ? ext4_xattr_inode_update_ref+0x494/0x570
[  129.261901][ T5347]  __report_bug+0x288/0x500
[  129.263496][ T5347]  ? ext4_xattr_inode_update_ref+0x494/0x570
[  129.265699][ T5347]  ? __pfx___report_bug+0x10/0x10
[  129.267744][ T5347]  ? __ext4_get_inode_loc+0x69a/0x1040
[  129.269873][ T5347]  ? ext4_fc_track_inode+0x133/0xb20
[  129.272091][ T5347]  ? set_normalized_timespec64+0xf0/0x1a0
[  129.274616][ T5347]  ? __ext4_journal_get_write_access+0x84/0x570
[  129.277149][ T5347]  report_bug_entry+0x19a/0x290
[  129.279232][ T5347]  ? ext4_xattr_inode_update_ref+0x4dc/0x570
[  129.281643][ T5347]  ? ext4_xattr_inode_update_ref+0x4e1/0x570
[  129.283990][ T5347]  handle_bug+0xca/0x200
[  129.285772][ T5347]  exc_invalid_op+0x1a/0x50
[  129.287711][ T5347]  asm_exc_invalid_op+0x1a/0x20
[  129.289649][ T5347] RIP: 0010:ext4_xattr_inode_update_ref+0x4dc/0x570
[  129.292533][ T5347] Code: 74 08 4c 89 ef e8 84 9d 9a ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 bd fe ff ff e8 20 7d cd 08 44 89
[  129.300815][ T5347] RSP: 0018:ffffc9000b2c7240 EFLAGS: 00010246
[  129.303650][ T5347] RAX: 0000000000000000 RBX: 1ffff11008d7142d RCX: dffffc0000000000
[  129.307294][ T5347] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff8f88c270
[  129.311134][ T5347] RBP: ffffc9000b2c7330 R08: ffff888046b8a16f R09: 1ffff11008d7142d
[  129.314703][ T5347] R10: dffffc0000000000 R11: ffffed1008d7142e R12: ffffffff8f88c270
[  129.317858][ T5347] R13: 000000000000000b R14: 1ffff11008d713f8 R15: ffff888046b89fc0
[  129.321227][ T5347]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[  129.323942][ T5347]  ? __kmalloc_cache_noprof+0x3e2/0x700
[  129.326239][ T5347]  ? ext4_xattr_inode_dec_ref_all+0x4ca/0xe00
[  129.328935][ T5347]  ? __ext4_journal_ensure_credits+0x30/0x450
[  129.332429][ T5347]  ext4_xattr_inode_dec_ref_all+0x8c3/0xe00
[  129.335535][ T5347]  ? __mark_inode_dirty+0xb3c/0x1330
[  129.337990][ T5347]  ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10
[  129.340789][ T5347]  ? __ext4_journal_get_write_access+0x272/0x570
[  129.343702][ T5347]  ? __pfx___ext4_journal_get_write_access+0x10/0x10
[  129.346617][ T5347]  ext4_xattr_delete_inode+0xa4c/0xc10
[  129.348880][ T5347]  ? __pfx_ext4_xattr_delete_inode+0x10/0x10
[  129.351336][ T5347]  ext4_evict_inode+0xa58/0xe60
[  129.353362][ T5347]  ? __pfx_ext4_evict_inode+0x10/0x10
[  129.355549][ T5347]  ? do_raw_spin_unlock+0x4d/0x240
[  129.357635][ T5347]  ? __pfx_ext4_evict_inode+0x10/0x10
[  129.359825][ T5347]  evict+0x5f4/0xae0
[  129.361576][ T5347]  ? __pfx_evict+0x10/0x10
[  129.363700][ T5347]  ? _raw_spin_unlock+0x28/0x50
[  129.365671][ T5347]  ? iput+0xcc6/0x1030
[  129.367373][ T5347]  ext4_orphan_cleanup+0xc20/0x1460
[  129.369630][ T5347]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  129.372290][ T5347]  ? ext4_register_li_request+0x640/0x720
[  129.374879][ T5347]  ? errseq_check_and_advance+0x66/0x120
[  129.377407][ T5347]  ext4_fill_super+0x58a1/0x6160
[  129.379723][ T5347]  ? __pfx_ext4_fill_super+0x10/0x10
[  129.382238][ T5347]  ? snprintf+0xda/0x120
[  129.384310][ T5347]  ? __pfx_snprintf+0x10/0x10
[  129.386675][ T5347]  ? set_blocksize+0x21e/0x500
[  129.389180][ T5347]  ? sb_set_blocksize+0x155/0x240
[  129.391489][ T5347]  ? setup_bdev_super+0x4c1/0x5b0
[  129.393818][ T5347]  get_tree_bdev_flags+0x40e/0x4d0
[  129.396093][ T5347]  ? __pfx_ext4_fill_super+0x10/0x10
[  129.398344][ T5347]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  129.400782][ T5347]  vfs_get_tree+0x92/0x2a0
[  129.402773][ T5347]  do_new_mount+0x302/0xa10
[  129.404737][ T5347]  ? apparmor_capable+0x137/0x1a0
[  129.406881][ T5347]  ? __pfx_do_new_mount+0x10/0x10
[  129.408737][ T5347]  ? ns_capable+0x8a/0xf0
[  129.410347][ T5347]  ? kmem_cache_free+0x197/0x620
[  129.412353][ T5347]  __se_sys_mount+0x313/0x410
[  129.414345][ T5347]  ? __pfx___se_sys_mount+0x10/0x10
[  129.416320][ T5347]  ? __x64_sys_mount+0x20/0xc0
[  129.418543][ T5347]  do_syscall_64+0xec/0xf80
[  129.420689][ T5347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.423374][ T5347]  ? trace_irq_disable+0x37/0x100
[  129.425479][ T5347]  ? clear_bhb_loop+0x60/0xb0
[  129.427387][ T5347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.429467][ T5347] RIP: 0033:0x7f9adb790f6a
[  129.431305][ T5347] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.438666][ T5347] RSP: 002b:00007f9adc5eee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  129.441765][ T5347] RAX: ffffffffffffffda RBX: 00007f9adc5eeef0 RCX: 00007f9adb790f6a
[  129.445264][ T5347] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f9adc5eeeb0
[  129.448596][ T5347] RBP: 0000200000000180 R08: 00007f9adc5eeef0 R09: 0000000000800700
[  129.451966][ T5347] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
[  129.455153][ T5347] R13: 00007f9adc5eeeb0 R14: 000000000000046f R15: 000000000000002c
[  129.458480][ T5347]  </TASK>
[  129.460137][ T5347] Kernel Offset: disabled
[  129.461979][ T5347] Rebooting in 86400 seconds..