------------[ cut here ]------------ EA inode 11 i_nlink=0 WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x478/0x480 fs/ext4/xattr.c:1057, CPU#1: syz.0.551/8123 Modules linked in: CPU: 1 UID: 0 PID: 8123 Comm: syz.0.551 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : ext4_xattr_inode_update_ref+0x478/0x480 fs/ext4/xattr.c:1057 lr : ext4_xattr_inode_update_ref+0x478/0x480 fs/ext4/xattr.c:1057 sp : ffff8000957c6ec0 x29: ffff8000957c6f60 x28: 0000000000000000 x27: 1fffe00020482c3c x26: dfff800000000000 x25: ffff8000957c6ee0 x24: ffff700012af8ddc x23: ffff800089f18000 x22: ffff000102416038 x21: 0000000000000000 x20: 0000000000000001 x19: ffff000102415ff8 x18: 00000000ffffffff x17: ffff80008a0e0c80 x16: ffff80008a4fd818 x15: ffff0000d10e2850 x14: ffff0000d10e2830 x13: 0000000000000001 x12: 0000000000000000 x11: 00000000000018fa x10: 0000000000080000 x9 : 155986c835390f00 x8 : 155986c835390f00 x7 : ffff80008047caa0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802f1374 x2 : 0000000100000000 x1 : ffff0000d10e1d00 x0 : 0000000000000001 Call trace: ext4_xattr_inode_update_ref+0x478/0x480 fs/ext4/xattr.c:1057 (P) ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1082 [inline] ext4_xattr_inode_dec_ref_all+0x7b4/0xb18 fs/ext4/xattr.c:1228 ext4_xattr_delete_inode+0x788/0x918 fs/ext4/xattr.c:2952 ext4_evict_inode+0xa10/0xfc4 fs/ext4/inode.c:284 evict+0x4b8/0x740 fs/inode.c:841 iput_final fs/inode.c:1960 [inline] iput+0x858/0xb90 fs/inode.c:2009 ext4_process_orphan+0x240/0x2b4 fs/ext4/orphan.c:358 ext4_orphan_cleanup+0x7b8/0xd30 fs/ext4/orphan.c:472 __ext4_fill_super fs/ext4/super.c:5701 [inline] ext4_fill_super+0x45a4/0x4d60 fs/ext4/super.c:5824 get_tree_bdev_flags+0x380/0x434 fs/super.c:1694 get_tree_bdev+0x2c/0x3c fs/super.c:1717 ext4_get_tree+0x28/0x38 fs/ext4/super.c:5856 vfs_get_tree+0x90/0x28c fs/super.c:1754 fc_mount+0x24/0xac fs/namespace.c:1193 do_new_mount_fc fs/namespace.c:3758 [inline] do_new_mount+0x2a4/0x540 fs/namespace.c:3834 path_mount+0x5d0/0xa68 fs/namespace.c:4154 do_mount+0xe8/0x148 fs/namespace.c:4167 __do_sys_mount fs/namespace.c:4383 [inline] __se_sys_mount fs/namespace.c:4360 [inline] __arm64_sys_mount+0x334/0x380 fs/namespace.c:4360 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:740 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 irq event stamp: 1676 hardirqs last enabled at (1675): [] irqentry_exit_to_kernel_mode_after_preempt include/linux/irq-entry-common.h:507 [inline] hardirqs last enabled at (1675): [] arm64_exit_to_kernel_mode+0x80/0x94 arch/arm64/kernel/entry-common.c:62 hardirqs last disabled at (1676): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:429 softirqs last enabled at (1264): [] local_bh_enable include/linux/bottom_half.h:33 [inline] softirqs last enabled at (1264): [] put_cpu_fpsimd_context arch/arm64/kernel/fpsimd.c:251 [inline] softirqs last enabled at (1264): [] do_sve_acc+0x22c/0x3b8 arch/arm64/kernel/fpsimd.c:1360 softirqs last disabled at (1262): [] local_bh_disable include/linux/bottom_half.h:20 [inline] softirqs last disabled at (1262): [] get_cpu_fpsimd_context arch/arm64/kernel/fpsimd.c:234 [inline] softirqs last disabled at (1262): [] do_sve_acc+0x10c/0x3b8 arch/arm64/kernel/fpsimd.c:1346 ---[ end trace 0000000000000000 ]--- EXT4-fs (loop0): 1 orphan inode deleted EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. EXT4-fs error (device loop0): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.0.551: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 EXT4-fs (loop0): Remounting filesystem read-only