program: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) preadv(r0, &(0x7f0000002340)=[{&(0x7f0000000080)=""/185, 0xb9}], 0x1, 0x200002, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x111, 0x5}}, 0x20) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000007c0)={[{@nodioread_nolock}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x56}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey72WYTYzadmP18YHafZ+bZnee7z7w8+zy7AXStoewhidgREb9GxEAju7jAUOPp+tXzkzeunp9MYmHhtT+SvNy1q+cny6Ll67YXmeE0Iv0wKXay2OzZcycn6vXamSI/OnfqrdHZs+eeeOfUxInaidrp8SNHDh8ae/qp8Sc7EmcW17V978/s3/viG5denjx26c0fv87qu6PY3hxHpwxlgf+5kGvd9mind1axnU3ppLfCirAqPRGRNVdffv4PRE/caryBeOGDSisHrKvs3rSl/eb5BWATS6LqGgDVKG/02fffcrlDXY8N4cqzjS9AWdzXi6WxpTfSokxfy/fbThqKiGPzf32eLbFO4xAAAM0+nvzsaH9EvHfjq5eyvsdARJTjQffkj7/lj7uKOZTBiPh/ROyOiLsiYk9E3F2UvTci7ltjfW7v/6SX1/iWy8r6f88Uc1uL+39l7y8Ge4rczjz+vuT4dL12sPhMhqNvS5YfW2Yf3z7/yyfttjX3/7Il23/ZFyzqcbm3ZYBuamJuIu+UdsCVixH7epeKP7k5E5BExN6I2Le6t95VJqYf+3J/u0Irx7+MDswzLXyRhTefxT8fLfGXkub5yenb5idHt0a9dnC0PCpu99PPH73abv9rir8DrtQaz03t31pkMGmer53t7P7/5fGf9iev5/PM/cW6dyfm5s6MRfQnR/P8ovXjt15b5svy2fE/fGDp83938Zos/vsjIjuIH4iIByPioaLuD0fEIxFxYJkYf3hu5fgjraj9L0ZMLXn9u3n8t7T/6hM9J7//pt3+/1n7H85Tw8Wa/Pq3gqWqk10uWiu4ls8OAAAA/ivS/DfwSTpyM52mIyON3/Dvif+l9ZnZucePz7x9eqrxW/nB6EvLka6BYjy0Pl2vjSXzxTs2xkfHi7Hicrz0UDFu/GnPtjw/MjlTn6o4duh229uc/5nfe6quHbDOti25drz/jlcEqEDrPHq6OHvhlXAxgM3K/7Whe61w/jf/DwbYZNz/oXstdf5faMmbC4DNyf0fupfzH7pU+l3VNQAq5P4PXWkt/+tfx8TWjVGNahIbtVHyRESZSDdEfSTWKVH1lQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAz/g4AAP//K2Lmiw==") r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000000ec0), 0x20002, 0x0) io_setup(0x6a, &(0x7f0000000140)=0x0) io_submit(r6, 0x2, &(0x7f0000000ac0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x1, r5, &(0x7f0000000c00)="3e42749d42", 0x5, 0x9eb00000000, 0x0, 0x4}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x8, r4, 0x0, 0x0, 0x2, 0x0, 0x2}]) fchown(r3, 0x0, 0x0) sendmmsg$inet_sctp(r1, &(0x7f0000004a40)=[{&(0x7f0000000140)=@in6={0xa, 0x4e23, 0x2, @mcast2, 0x746}, 0x1c, &(0x7f0000000200), 0x0, &(0x7f0000000240)=[@init={0x18, 0x84, 0x0, {0x0, 0x76}}], 0x18}], 0x1, 0x800) [ 73.628479][ T5313] loop0: detected capacity change from 0 to 512 [ 73.750039][ T4661] Bluetooth: hci0: command tx timeout [ 73.867925][ T5313] ------------[ cut here ]------------ [ 73.870903][ T5313] EA inode 11 i_nlink=0 [ 73.870912][ T5313] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x4c9/0x5a0, CPU#0: syz.0.0/5313 [ 73.877494][ T5313] Modules linked in: [ 73.879871][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 73.883777][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 73.887987][ T5313] RIP: 0010:ext4_xattr_inode_update_ref+0x511/0x5a0 [ 73.891188][ T5313] Code: 74 08 4c 89 ef e8 af 47 97 ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 59 fe ff ff e8 0b f8 09 09 44 89 [ 73.899926][ T5313] RSP: 0018:ffffc9000eeaf240 EFLAGS: 00010246 [ 73.902499][ T5313] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dffffc0000000000 [ 73.906093][ T5313] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff9017c3c0 [ 73.909729][ T5313] RBP: ffffc9000eeaf330 R08: ffff888047a677af R09: 1ffff11008f4cef5 [ 73.913203][ T5313] R10: dffffc0000000000 R11: ffffed1008f4cef6 R12: ffffffff9017c3c0 [ 73.916641][ T5313] R13: 000000000000000b R14: 1ffff11008f4cec0 R15: ffff888047a67600 [ 73.920215][ T5313] FS: 00007f4d62d2c6c0(0000) GS:ffff88808ca94000(0000) knlGS:0000000000000000 [ 73.924168][ T5313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.927059][ T5313] CR2: 00007ffc5b8050d8 CR3: 000000003abe1000 CR4: 0000000000352ef0 [ 73.930705][ T5313] Call Trace: [ 73.932373][ T5313] [ 73.933715][ T5313] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 73.936558][ T5313] ? __kmalloc_cache_noprof+0x31c/0x660 [ 73.939136][ T5313] ? ext4_xattr_inode_dec_ref_all+0x4d2/0xe40 [ 73.941853][ T5313] ? __ext4_journal_ensure_credits+0x30/0x450 [ 73.944386][ T5313] ext4_xattr_inode_dec_ref_all+0x8cb/0xe40 [ 73.947120][ T5313] ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10 [ 73.949983][ T5313] ? __ext4_journal_get_write_access+0x27f/0x590 [ 73.952544][ T5313] ? __pfx___ext4_journal_get_write_access+0x10/0x10 [ 73.955116][ T5313] ext4_xattr_delete_inode+0xb45/0xd10 [ 73.957249][ T5313] ? up_write+0x1ab/0x410 [ 73.959026][ T5313] ? __pfx_ext4_xattr_delete_inode+0x10/0x10 [ 73.961809][ T5313] ext4_evict_inode+0xa63/0xe60 [ 73.964027][ T5313] ? __pfx_ext4_evict_inode+0x10/0x10 [ 73.966384][ T5313] ? do_raw_spin_unlock+0x4d/0x210 [ 73.968712][ T5313] ? __pfx_ext4_evict_inode+0x10/0x10 [ 73.971194][ T5313] evict+0x61e/0xb10 [ 73.973047][ T5313] ? __pfx_evict+0x10/0x10 [ 73.974984][ T5313] ? _raw_spin_unlock+0x28/0x50 [ 73.977142][ T5313] ? iput+0xb25/0xe80 [ 73.978875][ T5313] ext4_orphan_cleanup+0xc38/0x1470 [ 73.981168][ T5313] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 73.983688][ T5313] ? ext4_register_li_request+0x640/0x720 [ 73.986297][ T5313] ? errseq_check_and_advance+0x66/0x120 [ 73.988817][ T5313] ext4_fill_super+0x59ff/0x6320 [ 73.991048][ T5313] ? __pfx_ext4_fill_super+0x10/0x10 [ 73.993173][ T5313] ? snprintf+0xe8/0x140 [ 73.994934][ T5313] ? __pfx_snprintf+0x10/0x10 [ 73.996911][ T5313] ? set_blocksize+0x1c9/0x440 [ 73.998806][ T5313] ? sb_set_blocksize+0x155/0x240 [ 74.000922][ T5313] ? setup_bdev_super+0x4c1/0x5b0 [ 74.002901][ T5313] get_tree_bdev_flags+0x431/0x4f0 [ 74.004946][ T5313] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.007322][ T5313] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.009967][ T5313] vfs_get_tree+0x92/0x2a0 [ 74.012075][ T5313] do_new_mount+0x341/0xd30 [ 74.014077][ T5313] ? apparmor_capable+0x137/0x1a0 [ 74.016383][ T5313] ? __pfx_do_new_mount+0x10/0x10 [ 74.018583][ T5313] ? ns_capable+0x89/0xe0 [ 74.021257][ T5313] ? user_path_at+0xd4/0x160 [ 74.023301][ T5313] __se_sys_mount+0x31d/0x420 [ 74.025639][ T5313] ? __pfx___se_sys_mount+0x10/0x10 [ 74.028254][ T5313] ? __x64_sys_mount+0x20/0xc0 [ 74.030448][ T5313] do_syscall_64+0x14d/0xf80 [ 74.032517][ T5313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.035298][ T5313] ? trace_irq_disable+0x37/0x100 [ 74.037442][ T5313] ? clear_bhb_loop+0x40/0x90 [ 74.039727][ T5313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.042416][ T5313] RIP: 0033:0x7f4d61d9d20a [ 74.044403][ T5313] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.053211][ T5313] RSP: 002b:00007f4d62d2be58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.056823][ T5313] RAX: ffffffffffffffda RBX: 00007f4d62d2bee0 RCX: 00007f4d61d9d20a [ 74.060666][ T5313] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f4d62d2bea0 [ 74.064115][ T5313] RBP: 0000200000000180 R08: 00007f4d62d2bee0 R09: 0000000000800700 [ 74.067772][ T5313] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 74.071341][ T5313] R13: 00007f4d62d2bea0 R14: 000000000000046f R15: 000000000000002c [ 74.074756][ T5313] [ 74.076095][ T5313] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 74.079081][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.082831][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.087022][ T5313] Call Trace: [ 74.088457][ T5313] [ 74.089743][ T5313] vpanic+0x56c/0xa60 [ 74.091503][ T5313] ? __pfx__printk+0x10/0x10 [ 74.093458][ T5313] ? __pfx_vpanic+0x10/0x10 [ 74.095408][ T5313] ? is_bpf_text_address+0x292/0x2b0 [ 74.097658][ T5313] ? is_bpf_text_address+0x26/0x2b0 [ 74.099959][ T5313] panic+0xc5/0xd0 [ 74.101590][ T5313] ? __pfx_panic+0x10/0x10 [ 74.103545][ T5313] __warn+0x315/0x4a0 [ 74.105301][ T5313] ? ext4_xattr_inode_update_ref+0x4c9/0x5a0 [ 74.107870][ T5313] ? ext4_xattr_inode_update_ref+0x4c9/0x5a0 [ 74.110397][ T5313] __report_bug+0x29a/0x540 [ 74.112287][ T5313] ? ext4_get_group_desc+0x434/0x4e0 [ 74.114532][ T5313] ? ext4_xattr_inode_update_ref+0x4c9/0x5a0 [ 74.117215][ T5313] ? __pfx___report_bug+0x10/0x10 [ 74.119400][ T5313] ? set_normalized_timespec64+0xf0/0x1a0 [ 74.122184][ T5313] ? __ext4_journal_get_write_access+0x84/0x590 [ 74.125117][ T5313] report_bug_entry+0x19a/0x290 [ 74.127356][ T5313] ? ext4_xattr_inode_update_ref+0x511/0x5a0 [ 74.130146][ T5313] ? ext4_xattr_inode_update_ref+0x516/0x5a0 [ 74.132835][ T5313] handle_bug+0xca/0x200 [ 74.134757][ T5313] exc_invalid_op+0x1a/0x50 [ 74.136772][ T5313] asm_exc_invalid_op+0x1a/0x20 [ 74.138930][ T5313] RIP: 0010:ext4_xattr_inode_update_ref+0x511/0x5a0 [ 74.141772][ T5313] Code: 74 08 4c 89 ef e8 af 47 97 ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 59 fe ff ff e8 0b f8 09 09 44 89 [ 74.150225][ T5313] RSP: 0018:ffffc9000eeaf240 EFLAGS: 00010246 [ 74.153432][ T5313] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dffffc0000000000 [ 74.157206][ T5313] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff9017c3c0 [ 74.160486][ T5313] RBP: ffffc9000eeaf330 R08: ffff888047a677af R09: 1ffff11008f4cef5 [ 74.163915][ T5313] R10: dffffc0000000000 R11: ffffed1008f4cef6 R12: ffffffff9017c3c0 [ 74.167370][ T5313] R13: 000000000000000b R14: 1ffff11008f4cec0 R15: ffff888047a67600 [ 74.170824][ T5313] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 74.173510][ T5313] ? __kmalloc_cache_noprof+0x31c/0x660 [ 74.175878][ T5313] ? ext4_xattr_inode_dec_ref_all+0x4d2/0xe40 [ 74.178428][ T5313] ? __ext4_journal_ensure_credits+0x30/0x450 [ 74.181042][ T5313] ext4_xattr_inode_dec_ref_all+0x8cb/0xe40 [ 74.183576][ T5313] ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10 [ 74.186321][ T5313] ? __ext4_journal_get_write_access+0x27f/0x590 [ 74.188942][ T5313] ? __pfx___ext4_journal_get_write_access+0x10/0x10 [ 74.191663][ T5313] ext4_xattr_delete_inode+0xb45/0xd10 [ 74.193730][ T5313] ? up_write+0x1ab/0x410 [ 74.195462][ T5313] ? __pfx_ext4_xattr_delete_inode+0x10/0x10 [ 74.197682][ T5313] ext4_evict_inode+0xa63/0xe60 [ 74.199618][ T5313] ? __pfx_ext4_evict_inode+0x10/0x10 [ 74.201743][ T5313] ? do_raw_spin_unlock+0x4d/0x210 [ 74.204041][ T5313] ? __pfx_ext4_evict_inode+0x10/0x10 [ 74.206324][ T5313] evict+0x61e/0xb10 [ 74.208351][ T5313] ? __pfx_evict+0x10/0x10 [ 74.210497][ T5313] ? _raw_spin_unlock+0x28/0x50 [ 74.212682][ T5313] ? iput+0xb25/0xe80 [ 74.214308][ T5313] ext4_orphan_cleanup+0xc38/0x1470 [ 74.216541][ T5313] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 74.219193][ T5313] ? ext4_register_li_request+0x640/0x720 [ 74.221810][ T5313] ? errseq_check_and_advance+0x66/0x120 [ 74.224162][ T5313] ext4_fill_super+0x59ff/0x6320 [ 74.226254][ T5313] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.228542][ T5313] ? snprintf+0xe8/0x140 [ 74.230363][ T5313] ? __pfx_snprintf+0x10/0x10 [ 74.232402][ T5313] ? set_blocksize+0x1c9/0x440 [ 74.234496][ T5313] ? sb_set_blocksize+0x155/0x240 [ 74.236705][ T5313] ? setup_bdev_super+0x4c1/0x5b0 [ 74.238962][ T5313] get_tree_bdev_flags+0x431/0x4f0 [ 74.241361][ T5313] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.243687][ T5313] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.245900][ T5313] vfs_get_tree+0x92/0x2a0 [ 74.247900][ T5313] do_new_mount+0x341/0xd30 [ 74.249868][ T5313] ? apparmor_capable+0x137/0x1a0 [ 74.252149][ T5313] ? __pfx_do_new_mount+0x10/0x10 [ 74.254395][ T5313] ? ns_capable+0x89/0xe0 [ 74.256296][ T5313] ? user_path_at+0xd4/0x160 [ 74.258140][ T5313] __se_sys_mount+0x31d/0x420 [ 74.260054][ T5313] ? __pfx___se_sys_mount+0x10/0x10 [ 74.262110][ T5313] ? __x64_sys_mount+0x20/0xc0 [ 74.263936][ T5313] do_syscall_64+0x14d/0xf80 [ 74.265725][ T5313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.268516][ T5313] ? trace_irq_disable+0x37/0x100 [ 74.270895][ T5313] ? clear_bhb_loop+0x40/0x90 [ 74.272920][ T5313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.275722][ T5313] RIP: 0033:0x7f4d61d9d20a [ 74.277721][ T5313] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.285683][ T5313] RSP: 002b:00007f4d62d2be58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.289277][ T5313] RAX: ffffffffffffffda RBX: 00007f4d62d2bee0 RCX: 00007f4d61d9d20a [ 74.292757][ T5313] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f4d62d2bea0 [ 74.296156][ T5313] RBP: 0000200000000180 R08: 00007f4d62d2bee0 R09: 0000000000800700 [ 74.299739][ T5313] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 74.303855][ T5313] R13: 00007f4d62d2bea0 R14: 000000000000046f R15: 000000000000002c [ 74.307459][ T5313] [ 74.309239][ T5313] Kernel Offset: disabled [ 74.311191][ T5313] Rebooting in 86400 seconds..