program: socket(0xb, 0x5, 0x8bf1) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x43, 0x0) add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000300)='keyring\x00', &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) syz_emit_ethernet(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x800718, &(0x7f00000003c0)={[{@delalloc}, {@journal_dev={'journal_dev', 0x3d, 0x40000ff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x60}}, {@nobh}, {@resgid}, {@resuid}, {@nombcache}, {@noblock_validity}, {@usrquota}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}]}, 0x2, 0x4a3, &(0x7f00000004c0)="$eJzs281rXFUbAPDn3nz2M3n79v1orRotQlBMmrRqF24UBZGKgi7qMk6mJXTaSBPBfmCjiCtBCroWl6J/gbgRQdSV4Epw5UoKRbNp6ypyZ+5NMpNM2iSTTO38fjCZc+aemXueOffce+45kwA61lD2J4nYHRG/RsRALVtfYKj2dHP+cunW/OVSEgsLr/6RVMvdmL9cKooW79uVZ4bTiPT9JN9JvZkLF89MVCrl83l+dPZsX56cOF0+XT43fvz4saNjTz05/kRL4sziunHwnelDB154/epLpZNX3/jhy6y+u/Pty+NYp19Gm2wYygL/c6GqcdsjG9zZ3WrPsnTS3caKsC5dEZE1V0+1/w9EVyw13kA8/15bKwdsqeza1Nd889wCcA9Lot01ANqjuNDvnO8qZffAK++DB7Zy+NF215+p3QBlcd/MH7Ut3ZHmZXoa7m9baSgiTs799Wn2iM3NQwAA3JEPS5+c6I2IS7e+eDEbeyyN9tLu/1aff6v+3ZuPBAcj4l8RsS8i/h0R+yPiPxGRlf1fRPx/k/VZOf5Jr23yI9eUjf+ezte26sd/xegvBrvy3J5q/D3JqalK+Uj+nQxHT1+WH1tjH9889/NHzbYtH/9lj2z/xVgwr8e17oYJusmJ2YnqoLQFrr8bcbA7SVbGnyyuBCQRcSAiDq7vo/cWialHPz/UrNDt419DC9aZFj7LwpvL2n8uGuIvJLX1yTdHZy5cfHzqbOP65Gh/VMpHRoujYqUff/rglWb7r8Xfn+dWj3/H5sNs6nq59rys/ZdtXewDS+u1M63d/waP/7Q3ea26ztybv/b2xOzs+bGI3uRENV/3+vjSe4t8UT47/ocPr97/9+Xvydr/vojIDuL7I+KBiHgwr/tDEfFwRBxeI8bvn719/JFu4PhvgSz+yVXPf4vH/2BS1/7rT3Sd+e6rZvu/s/Y/Vk0N569Uz38Nkob8atXpjuhrrOBmvz8AAAD4J0irv4FP0pHFdJqOjNR+w78/dqaV6ZnZx05Nv3VusvZb+cHoSYuZroF8PrQyVSmPJXP5J9bmR8fzueJivvRoPm/8cdeOan6kNF2ZbHPs0Ol2Nen/md+72l07YIvVLy8VC8DjvW2pDLDNGtfR0/rslZfDyQDuVf5fGzrXbfp/ul31ALaf6z90rtX6/5WGvLUAuDe5/kPn0v+hQ6Xfrvry19teEaAdXP+hI23m//q3MNF/d1SjPYntbpRYV+EoEmnbv6hWJfrjrqjGxhOX8t7cyk9u84kJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgRf4OAAD//+Nr2uw=") chdir(&(0x7f0000000140)='./file0\x00') r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r4, &(0x7f00000001c0)=ANY=[], 0xff2e) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000dc0)={0x0, 0x800, 0x5, 0xc000, 0xe, "0062ba7d8200000016001b000200f705096604"}) r5 = syz_open_pts(r4, 0xa0200) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000040)={0x1, 0x6, 0x9, 0x9, 0x1, "1a63ab98bcb3c6649117b9cf972121496ea79d", 0x7ff, 0x7f}) r6 = dup3(r5, r4, 0x0) read$FUSE(r6, &(0x7f0000000e00)={0x2020}, 0x2020) [ 111.043451][ T5304] Bluetooth: hci0: command tx timeout [ 111.168700][ T5327] loop0: detected capacity change from 0 to 512 [ 111.174435][ T5327] EXT4-fs: Ignoring removed nobh option [ 111.331459][ T5327] ------------[ cut here ]------------ [ 111.334653][ T5327] EA inode 11 i_nlink=1026 [ 111.334674][ T5327] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x4c9/0x5a0, CPU#0: syz.0.0/5327 [ 111.342382][ T5327] Modules linked in: [ 111.344695][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 111.349473][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 111.354202][ T5327] RIP: 0010:ext4_xattr_inode_update_ref+0x511/0x5a0 [ 111.357339][ T5327] Code: 74 08 4c 89 ef e8 df 06 96 ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 59 fe ff ff e8 5b d7 14 09 44 89 [ 111.368098][ T5327] RSP: 0018:ffffc9000f487100 EFLAGS: 00010246 [ 111.371193][ T5327] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dffffc0000000000 [ 111.375395][ T5327] RDX: 0000000000000402 RSI: 000000000000000b RDI: ffffffff90187300 [ 111.380300][ T5327] RBP: ffffc9000f487200 R08: ffff88801a87dae7 R09: 1ffff1100350fb5c [ 111.384641][ T5327] R10: dffffc0000000000 R11: ffffed100350fb5d R12: ffffffff90187300 [ 111.389698][ T5327] R13: 000000000000000b R14: 1ffff1100350fb27 R15: ffff88801a87d938 [ 111.394605][ T5327] FS: 00007fc852bf56c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 [ 111.399189][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.402208][ T5327] CR2: 00007fec55461000 CR3: 000000001221b000 CR4: 0000000000352ef0 [ 111.406043][ T5327] Call Trace: [ 111.408370][ T5327] [ 111.410509][ T5327] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 111.413996][ T5327] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 111.417107][ T5327] ? ext4_xattr_inode_iget+0x3d2/0x5f0 [ 111.419978][ T5327] ext4_xattr_set_entry+0xabb/0x1e20 [ 111.423105][ T5327] ext4_xattr_ibody_set+0x254/0x6a0 [ 111.425690][ T5327] ext4_expand_extra_isize_ea+0x13a2/0x1ea0 [ 111.428314][ T5327] __ext4_expand_extra_isize+0x30d/0x400 [ 111.431081][ T5327] __ext4_mark_inode_dirty+0x45c/0x730 [ 111.433686][ T5327] ext4_evict_inode+0x7a1/0xeb0 [ 111.436472][ T5327] ? __pfx_ext4_evict_inode+0x10/0x10 [ 111.439470][ T5327] ? do_raw_spin_unlock+0x4d/0x210 [ 111.441861][ T5327] ? __pfx_ext4_evict_inode+0x10/0x10 [ 111.444341][ T5327] evict+0x61e/0xb10 [ 111.446443][ T5327] ? __pfx_evict+0x10/0x10 [ 111.448875][ T5327] ? _raw_spin_unlock+0x28/0x50 [ 111.451456][ T5327] ? iput+0xb25/0xe80 [ 111.453263][ T5327] ext4_orphan_cleanup+0xc38/0x1470 [ 111.455637][ T5327] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 111.458302][ T5327] ? ext4_register_li_request+0x640/0x720 [ 111.461641][ T5327] ? errseq_check_and_advance+0x66/0x120 [ 111.464423][ T5327] ext4_fill_super+0x59ff/0x6320 [ 111.466989][ T5327] ? __pfx_ext4_fill_super+0x10/0x10 [ 111.469943][ T5327] ? snprintf+0xe8/0x140 [ 111.472170][ T5327] ? __pfx_snprintf+0x10/0x10 [ 111.474999][ T5327] ? set_blocksize+0x1c9/0x440 [ 111.480741][ T5327] ? sb_set_blocksize+0x155/0x240 [ 111.483133][ T5327] ? setup_bdev_super+0x4c1/0x5b0 [ 111.486055][ T5327] get_tree_bdev_flags+0x431/0x4f0 [ 111.489401][ T5327] ? __pfx_ext4_fill_super+0x10/0x10 [ 111.491929][ T5327] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 111.494460][ T5327] vfs_get_tree+0x92/0x2a0 [ 111.496539][ T5327] do_new_mount+0x341/0xd30 [ 111.498840][ T5327] ? apparmor_capable+0x126/0x170 [ 111.502320][ T5327] ? __pfx_do_new_mount+0x10/0x10 [ 111.505232][ T5327] ? ns_capable+0x89/0xe0 [ 111.507101][ T5327] ? user_path_at+0xd4/0x160 [ 111.509196][ T5327] __se_sys_mount+0x31d/0x420 [ 111.511177][ T5327] ? __pfx___se_sys_mount+0x10/0x10 [ 111.513453][ T5327] ? __x64_sys_mount+0x20/0xc0 [ 111.515787][ T5327] do_syscall_64+0x14d/0xf80 [ 111.517939][ T5327] ? trace_irq_disable+0x3b/0x150 [ 111.520373][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.523122][ T5327] ? clear_bhb_loop+0x40/0x90 [ 111.525383][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.529248][ T5327] RIP: 0033:0x7fc851d9da0a [ 111.531571][ T5327] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.540497][ T5327] RSP: 002b:00007fc852bf4e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 111.545274][ T5327] RAX: ffffffffffffffda RBX: 00007fc852bf4ea0 RCX: 00007fc851d9da0a [ 111.548875][ T5327] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007fc852bf4e60 [ 111.552755][ T5327] RBP: 0000200000000180 R08: 00007fc852bf4ea0 R09: 0000000000800718 [ 111.556817][ T5327] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 111.560800][ T5327] R13: 00007fc852bf4e60 R14: 00000000000004a3 R15: 00002000000003c0 [ 111.564394][ T5327] [ 111.565954][ T5327] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 111.569644][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 111.573829][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 111.578541][ T5327] Call Trace: [ 111.580131][ T5327] [ 111.581513][ T5327] vpanic+0x56c/0xa60 [ 111.583319][ T5327] ? __pfx__printk+0x10/0x10 [ 111.585570][ T5327] ? __pfx_vpanic+0x10/0x10 [ 111.588175][ T5327] ? is_bpf_text_address+0x292/0x2b0 [ 111.591545][ T5327] ? is_bpf_text_address+0x26/0x2b0 [ 111.594149][ T5327] panic+0xc5/0xd0 [ 111.596317][ T5327] ? __pfx_panic+0x10/0x10 [ 111.598641][ T5327] __warn+0x315/0x4f0 [ 111.600921][ T5327] ? ext4_xattr_inode_update_ref+0x4c9/0x5a0 [ 111.603973][ T5327] ? ext4_xattr_inode_update_ref+0x4c9/0x5a0 [ 111.606623][ T5327] __report_bug+0x29a/0x540 [ 111.608688][ T5327] ? ext4_get_group_desc+0x434/0x4e0 [ 111.611675][ T5327] ? ext4_xattr_inode_update_ref+0x4c9/0x5a0 [ 111.615013][ T5327] ? __pfx___report_bug+0x10/0x10 [ 111.617390][ T5327] ? set_normalized_timespec64+0xf0/0x1a0 [ 111.620028][ T5327] ? __ext4_journal_get_write_access+0x84/0x590 [ 111.623090][ T5327] report_bug_entry+0x19a/0x290 [ 111.625780][ T5327] ? ext4_xattr_inode_update_ref+0x511/0x5a0 [ 111.629031][ T5327] ? ext4_xattr_inode_update_ref+0x516/0x5a0 [ 111.631836][ T5327] handle_bug+0xce/0x200 [ 111.633657][ T5327] exc_invalid_op+0x1a/0x50 [ 111.635557][ T5327] asm_exc_invalid_op+0x1a/0x20 [ 111.638031][ T5327] RIP: 0010:ext4_xattr_inode_update_ref+0x511/0x5a0 [ 111.641160][ T5327] Code: 74 08 4c 89 ef e8 df 06 96 ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 59 fe ff ff e8 5b d7 14 09 44 89 [ 111.649553][ T5327] RSP: 0018:ffffc9000f487100 EFLAGS: 00010246 [ 111.652783][ T5327] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dffffc0000000000 [ 111.657813][ T5327] RDX: 0000000000000402 RSI: 000000000000000b RDI: ffffffff90187300 [ 111.661669][ T5327] RBP: ffffc9000f487200 R08: ffff88801a87dae7 R09: 1ffff1100350fb5c [ 111.665165][ T5327] R10: dffffc0000000000 R11: ffffed100350fb5d R12: ffffffff90187300 [ 111.668812][ T5327] R13: 000000000000000b R14: 1ffff1100350fb27 R15: ffff88801a87d938 [ 111.672938][ T5327] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 111.675816][ T5327] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 111.678574][ T5327] ? ext4_xattr_inode_iget+0x3d2/0x5f0 [ 111.680946][ T5327] ext4_xattr_set_entry+0xabb/0x1e20 [ 111.683359][ T5327] ext4_xattr_ibody_set+0x254/0x6a0 [ 111.686198][ T5327] ext4_expand_extra_isize_ea+0x13a2/0x1ea0 [ 111.689300][ T5327] __ext4_expand_extra_isize+0x30d/0x400 [ 111.691845][ T5327] __ext4_mark_inode_dirty+0x45c/0x730 [ 111.694367][ T5327] ext4_evict_inode+0x7a1/0xeb0 [ 111.696659][ T5327] ? __pfx_ext4_evict_inode+0x10/0x10 [ 111.699164][ T5327] ? do_raw_spin_unlock+0x4d/0x210 [ 111.701869][ T5327] ? __pfx_ext4_evict_inode+0x10/0x10 [ 111.704750][ T5327] evict+0x61e/0xb10 [ 111.706546][ T5327] ? __pfx_evict+0x10/0x10 [ 111.708496][ T5327] ? _raw_spin_unlock+0x28/0x50 [ 111.710781][ T5327] ? iput+0xb25/0xe80 [ 111.712924][ T5327] ext4_orphan_cleanup+0xc38/0x1470 [ 111.715766][ T5327] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 111.718542][ T5327] ? ext4_register_li_request+0x640/0x720 [ 111.721164][ T5327] ? errseq_check_and_advance+0x66/0x120 [ 111.723547][ T5327] ext4_fill_super+0x59ff/0x6320 [ 111.725632][ T5327] ? __pfx_ext4_fill_super+0x10/0x10 [ 111.728271][ T5327] ? snprintf+0xe8/0x140 [ 111.730326][ T5327] ? __pfx_snprintf+0x10/0x10 [ 111.732703][ T5327] ? set_blocksize+0x1c9/0x440 [ 111.735302][ T5327] ? sb_set_blocksize+0x155/0x240 [ 111.737768][ T5327] ? setup_bdev_super+0x4c1/0x5b0 [ 111.740054][ T5327] get_tree_bdev_flags+0x431/0x4f0 [ 111.742384][ T5327] ? __pfx_ext4_fill_super+0x10/0x10 [ 111.744861][ T5327] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 111.748143][ T5327] vfs_get_tree+0x92/0x2a0 [ 111.750720][ T5327] do_new_mount+0x341/0xd30 [ 111.752975][ T5327] ? apparmor_capable+0x126/0x170 [ 111.755259][ T5327] ? __pfx_do_new_mount+0x10/0x10 [ 111.757649][ T5327] ? ns_capable+0x89/0xe0 [ 111.759847][ T5327] ? user_path_at+0xd4/0x160 [ 111.762453][ T5327] __se_sys_mount+0x31d/0x420 [ 111.765014][ T5327] ? __pfx___se_sys_mount+0x10/0x10 [ 111.767460][ T5327] ? __x64_sys_mount+0x20/0xc0 [ 111.769741][ T5327] do_syscall_64+0x14d/0xf80 [ 111.771977][ T5327] ? trace_irq_disable+0x3b/0x150 [ 111.774301][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.777707][ T5327] ? clear_bhb_loop+0x40/0x90 [ 111.780003][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.782578][ T5327] RIP: 0033:0x7fc851d9da0a [ 111.784577][ T5327] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.793831][ T5327] RSP: 002b:00007fc852bf4e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 111.797698][ T5327] RAX: ffffffffffffffda RBX: 00007fc852bf4ea0 RCX: 00007fc851d9da0a [ 111.801721][ T5327] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007fc852bf4e60 [ 111.806131][ T5327] RBP: 0000200000000180 R08: 00007fc852bf4ea0 R09: 0000000000800718 [ 111.809755][ T5327] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 111.813379][ T5327] R13: 00007fc852bf4e60 R14: 00000000000004a3 R15: 00002000000003c0 [ 111.817259][ T5327] [ 111.819293][ T5327] Kernel Offset: disabled [ 111.821384][ T5327] Rebooting in 86400 seconds..