program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000014000000020a01040000000000000000004f5e7b55000000020a01030000000000000000070000000900010073797a30000000001400000010003505e768f8ffffff0000000000000084000a894c3e270f6f5ea3c87e9882560b0fe92a40d06405af092be4261d81148b9d0f82031db57c18ebfa1f4f154b55a5ec3b6ab823cf25640eb5402aa964c4a24bc5778bb87a912ea04b40d9b914f4772d3d9428d51cf5b01abf7550e3ed7b0498c1549c597211079eb1ec298215220a7c388ab6c114bdf9"], 0x7c}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='4 \x00^', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000000000000000800050064000000"], 0x34}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@delneigh={0x30, 0x1d, 0x2cb9fc920827cc0b, 0x0, 0x0, {0x7, 0x0, 0x0, r6}, [@NDA_VLAN={0x6}, @NDA_LLADDR={0xa}]}, 0x30}}, 0x0) ioctl$sock_SIOCBRDELBR(r3, 0x89a2, &(0x7f0000000000)='bridge0\x00') r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$bt_rfcomm_RFCOMM_LM(r7, 0x12, 0x3, &(0x7f0000000000)=0xa, 0x4) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000001ac0), 0x1, 0x476, &(0x7f00000006c0)="$eJzs289vFFUcAPDvTH8AIhQRf4CoVWLSaGxpQeXgRaOJMRhN9IDH2i6kYaGGViNIpBjjycSQ6Jl4NPoXeDMmRj2ZcPXkyZAQ5QJ4qpnZGViGXaB2y5bu55NM+97Mm5337Zsfb97rBtCzhiNiISLujYg/ImIoIpJqgeHGr8sXT05duXhyKonFxbf/TvJyly6enCqLlvttLDIjaUT6WdLYuWLu+InDk/V67ViRH5s/8v7Y3PETz354ZPJQ7VDt6MS+fXv3jL/w/MRzHYkzi+vSjk9md25/7d0zb0wdOPPer98nRdxRiaNThrPA/1nMVbc91emDddmmpnTS38WKsCR9EZE110B+/Q9FX1xrvKF49dOuVg5YUdmzaV37zQuLwBqWRLdrAHRH+aDP3n/L5Q51PVaFCy81XoCyuC8XS2NLf6RFmYHK+20nDUfEgYV/z2ZLrNA4BABAsy+mvt4/GBEfX/nu9azvMRQR5XjQg/nPP/Ofm4s5lC0RcV9EbI2I+yNiW0Q8UJR9KCIeXmZ9buz/pOeX+ZE3lfX/Xizmtq7v/5W9v9jSV+Q25fEPJAdn6rXdsS7/m4zEwLosP36TY/z4yrkv221r7v9lS3b8si9Y1ON8f2WAbnpyfjLvlHbAhdMRO/pbxZ9cnQlIImJ7ROxY2kdvLhMzT3+7s12h1vFfOntbR+jAPNPiN1l4C1n8C1GJv5Q0z0/O3DA/ObY+6rXdY42zopXffv/8rXbHv3X7r6wLtcbvpvavFtmSNM/XznX2+P/z/E8Hk3fyeebBYt1Hk/Pzx8YjBpP9ef669RPX9i3zZfns/B/Z1fr631rsk8X/SERkJ/GjEfFYRDxe1P2JiHgyInbdJMZfXr51/JF2qf1PR0y3vP9dPf8r7b/0RN/hn39od/zba/+9eWqkWJPf/26hVXWy20W1gsv52wEAAMDdIs3/Bz5JR6+m03R0tPE//NvinrQ+Ozf/zMHZD45Ox7nNjfHPtBzpGirGQ+sz9dp4slB8YmN8dKIYKy7HS/cU48Zf9W3I86NTs/XpLscOvW5jm+s/81dft2sHrLANLddODN7xigBdUJ1HT6/Pnnoz3AxgrfJ9behd5fXf5n2/+XswwBrj+Q+9q9X1f6qSNxcAa5PnP/Qu1z/0qPSnZezsrQDudp7/0JOW873+FUysXx3V6E5itTZKnogoE+mqqI/ECiW6fWcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADojP8CAAD//68e5+k=") [ 104.732382][ T5287] Bluetooth: hci0: command tx timeout [ 104.887695][ T5325] bridge0: port 3(syz_tun) entered blocking state [ 104.894441][ T5325] bridge0: port 3(syz_tun) entered disabled state [ 104.904024][ T5325] syz_tun: entered allmulticast mode [ 104.911247][ T5325] syz_tun: entered promiscuous mode [ 104.915817][ T5325] bridge0: port 3(syz_tun) entered blocking state [ 104.920058][ T5325] bridge0: port 3(syz_tun) entered forwarding state [ 104.970830][ T5325] loop0: detected capacity change from 0 to 512 [ 105.031988][ T5325] ------------[ cut here ]------------ [ 105.035086][ T5325] EA inode 11 i_nlink=0 [ 105.035102][ T5325] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x4c9/0x5a0, CPU#0: syz.0.0/5325 [ 105.042742][ T5325] Modules linked in: [ 105.044902][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 105.049373][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 105.053945][ T5325] RIP: 0010:ext4_xattr_inode_update_ref+0x511/0x5a0 [ 105.056781][ T5325] Code: 74 08 4c 89 ef e8 1f 51 96 ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 59 fe ff ff e8 ab d4 0e 09 44 89 [ 105.066521][ T5325] RSP: 0018:ffffc90003b0f240 EFLAGS: 00010246 [ 105.069535][ T5325] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dffffc0000000000 [ 105.073305][ T5325] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff9037b780 [ 105.076670][ T5325] RBP: ffffc90003b0f330 R08: ffff88804626a047 R09: 1ffff11008c4d408 [ 105.080122][ T5325] R10: dffffc0000000000 R11: ffffed1008c4d409 R12: ffffffff9037b780 [ 105.083605][ T5325] R13: 000000000000000b R14: 1ffff11008c4d3d4 R15: ffff888046269ea0 [ 105.086859][ T5325] FS: 00007fbc5d4176c0(0000) GS:ffff88808c87e000(0000) knlGS:0000000000000000 [ 105.090606][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.093379][ T5325] CR2: 00007fafb0caf9c0 CR3: 0000000012df1000 CR4: 0000000000352ef0 [ 105.096923][ T5325] Call Trace: [ 105.098408][ T5325] [ 105.099780][ T5325] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 105.102578][ T5325] ? __kmalloc_cache_noprof+0x31c/0x660 [ 105.105103][ T5325] ? ext4_xattr_inode_dec_ref_all+0x4d0/0xe40 [ 105.107806][ T5325] ? __ext4_journal_ensure_credits+0x30/0x450 [ 105.110636][ T5325] ext4_xattr_inode_dec_ref_all+0x8c9/0xe40 [ 105.113184][ T5325] ? __mark_inode_dirty+0xb66/0x13b0 [ 105.115515][ T5325] ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10 [ 105.118611][ T5325] ? __ext4_journal_get_write_access+0x27f/0x590 [ 105.121655][ T5325] ? __pfx___ext4_journal_get_write_access+0x10/0x10 [ 105.124596][ T5325] ext4_xattr_delete_inode+0xb45/0xd10 [ 105.127392][ T5325] ? __pfx_ext4_xattr_delete_inode+0x10/0x10 [ 105.131091][ T5325] ext4_evict_inode+0xc4e/0x10e0 [ 105.133378][ T5325] ? __pfx_ext4_evict_inode+0x10/0x10 [ 105.135600][ T5325] ? do_raw_spin_unlock+0x4d/0x210 [ 105.137913][ T5325] ? __pfx_ext4_evict_inode+0x10/0x10 [ 105.140964][ T5325] evict+0x61e/0xb10 [ 105.142856][ T5325] ? __pfx_evict+0x10/0x10 [ 105.144876][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 105.147079][ T5325] ? iput+0xb25/0xe80 [ 105.148910][ T5325] ext4_orphan_cleanup+0xc38/0x1470 [ 105.151446][ T5325] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 105.154450][ T5325] ? ext4_register_li_request+0x640/0x720 [ 105.157299][ T5325] ? errseq_check_and_advance+0x66/0x120 [ 105.160075][ T5325] ext4_fill_super+0x5a19/0x6330 [ 105.162338][ T5325] ? __pfx_ext4_fill_super+0x10/0x10 [ 105.164910][ T5325] ? snprintf+0xe8/0x140 [ 105.166870][ T5325] ? __pfx_snprintf+0x10/0x10 [ 105.169122][ T5325] ? set_blocksize+0x1c9/0x440 [ 105.171507][ T5325] ? sb_set_blocksize+0x155/0x240 [ 105.173923][ T5325] ? setup_bdev_super+0x4c1/0x5b0 [ 105.176305][ T5325] get_tree_bdev_flags+0x431/0x4f0 [ 105.178608][ T5325] ? __pfx_ext4_fill_super+0x10/0x10 [ 105.181175][ T5325] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 105.183639][ T5325] vfs_get_tree+0x92/0x2a0 [ 105.185600][ T5325] do_new_mount+0x341/0xd30 [ 105.187608][ T5325] ? apparmor_capable+0x126/0x170 [ 105.190100][ T5325] ? __pfx_do_new_mount+0x10/0x10 [ 105.192289][ T5325] ? ns_capable+0x89/0xe0 [ 105.194382][ T5325] ? user_path_at+0xd4/0x160 [ 105.196383][ T5325] __se_sys_mount+0x31d/0x420 [ 105.198323][ T5325] ? __pfx___se_sys_mount+0x10/0x10 [ 105.200546][ T5325] ? __x64_sys_mount+0x20/0xc0 [ 105.202572][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.205106][ T5325] do_syscall_64+0x15f/0xf80 [ 105.207061][ T5325] ? trace_irq_disable+0x3b/0x140 [ 105.209406][ T5325] ? clear_bhb_loop+0x40/0x90 [ 105.211505][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.214096][ T5325] RIP: 0033:0x7fbc5c59e0ca [ 105.216052][ T5325] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.225235][ T5325] RSP: 002b:00007fbc5d416e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 105.228911][ T5325] RAX: ffffffffffffffda RBX: 00007fbc5d416ea0 RCX: 00007fbc5c59e0ca [ 105.232653][ T5325] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 00007fbc5d416e60 [ 105.236231][ T5325] RBP: 0000200000000180 R08: 00007fbc5d416ea0 R09: 0000000000000000 [ 105.239883][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000000 [ 105.243421][ T5325] R13: 00007fbc5d416e60 R14: 0000000000000476 R15: 0000200000001ac0 [ 105.246985][ T5325] [ 105.248502][ T5325] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 105.251699][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 105.255896][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 105.260448][ T5325] Call Trace: [ 105.261983][ T5325] [ 105.263380][ T5325] vpanic+0x56c/0xa60 [ 105.265242][ T5325] ? __pfx__printk+0x10/0x10 [ 105.267401][ T5325] ? __pfx_vpanic+0x10/0x10 [ 105.269524][ T5325] ? is_bpf_text_address+0x292/0x2b0 [ 105.271829][ T5325] ? is_bpf_text_address+0x26/0x2b0 [ 105.274000][ T5325] panic+0xc5/0xd0 [ 105.275642][ T5325] ? __pfx_panic+0x10/0x10 [ 105.277660][ T5325] __warn+0x315/0x4c0 [ 105.279464][ T5325] ? ext4_xattr_inode_update_ref+0x4c9/0x5a0 [ 105.282255][ T5325] ? ext4_xattr_inode_update_ref+0x4c9/0x5a0 [ 105.284846][ T5325] __report_bug+0x29a/0x540 [ 105.286839][ T5325] ? ext4_xattr_inode_update_ref+0x4c9/0x5a0 [ 105.289575][ T5325] ? __pfx___report_bug+0x10/0x10 [ 105.291943][ T5325] ? ext4_xattr_inode_update_ref+0x516/0x5a0 [ 105.294624][ T5325] ? ext4_xattr_inode_update_ref+0x511/0x5a0 [ 105.297299][ T5325] report_bug_entry+0x19a/0x290 [ 105.299405][ T5325] ? ext4_xattr_inode_update_ref+0x511/0x5a0 [ 105.302070][ T5325] ? ext4_xattr_inode_update_ref+0x516/0x5a0 [ 105.304748][ T5325] handle_bug+0xce/0x200 [ 105.306580][ T5325] exc_invalid_op+0x1a/0x50 [ 105.308572][ T5325] asm_exc_invalid_op+0x1a/0x20 [ 105.310534][ T5325] RIP: 0010:ext4_xattr_inode_update_ref+0x511/0x5a0 [ 105.313418][ T5325] Code: 74 08 4c 89 ef e8 1f 51 96 ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 59 fe ff ff e8 ab d4 0e 09 44 89 [ 105.321715][ T5325] RSP: 0018:ffffc90003b0f240 EFLAGS: 00010246 [ 105.324356][ T5325] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dffffc0000000000 [ 105.327416][ T5325] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff9037b780 [ 105.330471][ T5325] RBP: ffffc90003b0f330 R08: ffff88804626a047 R09: 1ffff11008c4d408 [ 105.333752][ T5325] R10: dffffc0000000000 R11: ffffed1008c4d409 R12: ffffffff9037b780 [ 105.336868][ T5325] R13: 000000000000000b R14: 1ffff11008c4d3d4 R15: ffff888046269ea0 [ 105.339697][ T5325] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 105.342093][ T5325] ? __kmalloc_cache_noprof+0x31c/0x660 [ 105.344135][ T5325] ? ext4_xattr_inode_dec_ref_all+0x4d0/0xe40 [ 105.346523][ T5325] ? __ext4_journal_ensure_credits+0x30/0x450 [ 105.349363][ T5325] ext4_xattr_inode_dec_ref_all+0x8c9/0xe40 [ 105.352187][ T5325] ? __mark_inode_dirty+0xb66/0x13b0 [ 105.354802][ T5325] ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10 [ 105.357506][ T5325] ? __ext4_journal_get_write_access+0x27f/0x590 [ 105.360190][ T5325] ? __pfx___ext4_journal_get_write_access+0x10/0x10 [ 105.363137][ T5325] ext4_xattr_delete_inode+0xb45/0xd10 [ 105.365459][ T5325] ? __pfx_ext4_xattr_delete_inode+0x10/0x10 [ 105.367986][ T5325] ext4_evict_inode+0xc4e/0x10e0 [ 105.370206][ T5325] ? __pfx_ext4_evict_inode+0x10/0x10 [ 105.372346][ T5325] ? do_raw_spin_unlock+0x4d/0x210 [ 105.374485][ T5325] ? __pfx_ext4_evict_inode+0x10/0x10 [ 105.376701][ T5325] evict+0x61e/0xb10 [ 105.378461][ T5325] ? __pfx_evict+0x10/0x10 [ 105.380430][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 105.382540][ T5325] ? iput+0xb25/0xe80 [ 105.384096][ T5325] ext4_orphan_cleanup+0xc38/0x1470 [ 105.386230][ T5325] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 105.388608][ T5325] ? ext4_register_li_request+0x640/0x720 [ 105.391152][ T5325] ? errseq_check_and_advance+0x66/0x120 [ 105.394182][ T5325] ext4_fill_super+0x5a19/0x6330 [ 105.396653][ T5325] ? __pfx_ext4_fill_super+0x10/0x10 [ 105.399007][ T5325] ? snprintf+0xe8/0x140 [ 105.400837][ T5325] ? __pfx_snprintf+0x10/0x10 [ 105.402862][ T5325] ? set_blocksize+0x1c9/0x440 [ 105.405089][ T5325] ? sb_set_blocksize+0x155/0x240 [ 105.407269][ T5325] ? setup_bdev_super+0x4c1/0x5b0 [ 105.409754][ T5325] get_tree_bdev_flags+0x431/0x4f0 [ 105.412062][ T5325] ? __pfx_ext4_fill_super+0x10/0x10 [ 105.414551][ T5325] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 105.416987][ T5325] vfs_get_tree+0x92/0x2a0 [ 105.418953][ T5325] do_new_mount+0x341/0xd30 [ 105.420927][ T5325] ? apparmor_capable+0x126/0x170 [ 105.423071][ T5325] ? __pfx_do_new_mount+0x10/0x10 [ 105.425247][ T5325] ? ns_capable+0x89/0xe0 [ 105.427103][ T5325] ? user_path_at+0xd4/0x160 [ 105.429078][ T5325] __se_sys_mount+0x31d/0x420 [ 105.431072][ T5325] ? __pfx___se_sys_mount+0x10/0x10 [ 105.433452][ T5325] ? __x64_sys_mount+0x20/0xc0 [ 105.435456][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.438004][ T5325] do_syscall_64+0x15f/0xf80 [ 105.439941][ T5325] ? trace_irq_disable+0x3b/0x140 [ 105.442105][ T5325] ? clear_bhb_loop+0x40/0x90 [ 105.444117][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.446552][ T5325] RIP: 0033:0x7fbc5c59e0ca [ 105.448278][ T5325] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.456283][ T5325] RSP: 002b:00007fbc5d416e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 105.459838][ T5325] RAX: ffffffffffffffda RBX: 00007fbc5d416ea0 RCX: 00007fbc5c59e0ca [ 105.463103][ T5325] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 00007fbc5d416e60 [ 105.466421][ T5325] RBP: 0000200000000180 R08: 00007fbc5d416ea0 R09: 0000000000000000 [ 105.469726][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000000 [ 105.472979][ T5325] R13: 00007fbc5d416e60 R14: 0000000000000476 R15: 0000200000001ac0 [ 105.476439][ T5325] [ 105.478188][ T5325] Kernel Offset: disabled [ 105.480181][ T5325] Rebooting in 86400 seconds..