[v6.1] WARNING in ext4_xattr_inode_update_ref
0 views
Skip to first unread message
syzbot
Sep 6, 2025, 9:50:27 PM (6 days ago) Sep 6
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 28c695c365e1 Linux 6.1.150
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12b93312580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=23ef1ff7166a7f106a9d
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/16e807247bf6/disk-28c695c3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a2c735eaf8f9/vmlinux-28c695c3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/080f0096d6c9/Image-28c695c3.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+23ef1f...@syzkaller.appspotmail.com
loop4: detected capacity change from 0 to 512
------------[ cut here ]------------
EA inode 11 ref_count=-1
WARNING: CPU: 0 PID: 5564 at fs/ext4/xattr.c:1016 ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
Modules linked in:
CPU: 0 PID: 5564 Comm: syz.4.324 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
lr : ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
sp : ffff800021726fe0
x29: ffff800021727060 x28: 00000000ffffffff x27: dfff800000000000
x26: 1fffe0001c327317 x25: ffff7000042e4dfc x24: 00000000ffffffff
x23: ffff800017a8b000 x22: ffff0000e1939700 x21: ffffffffffffffff
x20: 0000000000000001 x19: ffff0000e19396c0 x18: ffff800011abbcc0
x17: 1fffe00033ed797e x16: ffff8000082d22d4 x15: 0000000040000000
x14: 0000000000000002 x13: 1ffff00002a180b1 x12: 0000000000ff0100
x11: ff0080000a8935f4 x10: 0000000000000003 x9 : 6bdf13c0ffd0bf00
x8 : 6bdf13c0ffd0bf00 x7 : ffff800008251e10 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff800011abd7c0 x0 : ffff80018a6a7000
Call trace:
ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1044 [inline]
ext4_xattr_inode_dec_ref_all+0x8b4/0xd48 fs/ext4/xattr.c:1186
ext4_xattr_delete_inode+0x870/0xa00 fs/ext4/xattr.c:2914
ext4_evict_inode+0xcd0/0x1270 fs/ext4/inode.c:296
evict+0x3c8/0x810 fs/inode.c:705
iput_final fs/inode.c:1834 [inline]
iput+0x764/0x7f4 fs/inode.c:1860
ext4_process_orphan+0x240/0x2b4 fs/ext4/orphan.c:360
ext4_orphan_cleanup+0x908/0x104c fs/ext4/orphan.c:474
__ext4_fill_super fs/ext4/super.c:5537 [inline]
ext4_fill_super+0x6920/0x6e34 fs/ext4/super.c:5668
get_tree_bdev+0x358/0x544 fs/super.c:1366
ext4_get_tree+0x28/0x38 fs/ext4/super.c:5698
vfs_get_tree+0x90/0x274 fs/super.c:1573
do_new_mount+0x228/0x810 fs/namespace.c:3069
path_mount+0x5b4/0xe78 fs/namespace.c:3399
do_mount fs/namespace.c:3412 [inline]
__do_sys_mount fs/namespace.c:3620 [inline]
__se_sys_mount fs/namespace.c:3597 [inline]
__arm64_sys_mount+0x49c/0x584 fs/namespace.c:3597
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2482
hardirqs last enabled at (2481): [<ffff800008251ea4>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last enabled at (2481): [<ffff800008251ea4>] finish_lock_switch+0xb0/0x1c4 kernel/sched/core.c:5003
hardirqs last disabled at (2482): [<ffff800011956c70>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (920): [<ffff8000081a967c>] softirq_handle_end kernel/softirq.c:439 [inline]
softirqs last enabled at (920): [<ffff8000081a967c>] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624
softirqs last disabled at (899): [<ffff800008020164>] __do_softirq+0x14/0x20 kernel/softirq.c:630
---[ end trace 0000000000000000 ]---
EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #15: comm syz.4.324: corrupted inode contents
EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #15: comm syz.4.324: corrupted inode contents
EXT4-fs error (device loop4): ext4_evict_inode:327: inode #15: comm syz.4.324: mark_inode_dirty error
EXT4-fs (loop4): 1 orphan inode deleted
EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 28c695c365e1 Linux 6.1.150
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12b93312580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=23ef1ff7166a7f106a9d
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/16e807247bf6/disk-28c695c3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a2c735eaf8f9/vmlinux-28c695c3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/080f0096d6c9/Image-28c695c3.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+23ef1f...@syzkaller.appspotmail.com
loop4: detected capacity change from 0 to 512
------------[ cut here ]------------
EA inode 11 ref_count=-1
WARNING: CPU: 0 PID: 5564 at fs/ext4/xattr.c:1016 ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
Modules linked in:
CPU: 0 PID: 5564 Comm: syz.4.324 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
lr : ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
sp : ffff800021726fe0
x29: ffff800021727060 x28: 00000000ffffffff x27: dfff800000000000
x26: 1fffe0001c327317 x25: ffff7000042e4dfc x24: 00000000ffffffff
x23: ffff800017a8b000 x22: ffff0000e1939700 x21: ffffffffffffffff
x20: 0000000000000001 x19: ffff0000e19396c0 x18: ffff800011abbcc0
x17: 1fffe00033ed797e x16: ffff8000082d22d4 x15: 0000000040000000
x14: 0000000000000002 x13: 1ffff00002a180b1 x12: 0000000000ff0100
x11: ff0080000a8935f4 x10: 0000000000000003 x9 : 6bdf13c0ffd0bf00
x8 : 6bdf13c0ffd0bf00 x7 : ffff800008251e10 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff800011abd7c0 x0 : ffff80018a6a7000
Call trace:
ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1044 [inline]
ext4_xattr_inode_dec_ref_all+0x8b4/0xd48 fs/ext4/xattr.c:1186
ext4_xattr_delete_inode+0x870/0xa00 fs/ext4/xattr.c:2914
ext4_evict_inode+0xcd0/0x1270 fs/ext4/inode.c:296
evict+0x3c8/0x810 fs/inode.c:705
iput_final fs/inode.c:1834 [inline]
iput+0x764/0x7f4 fs/inode.c:1860
ext4_process_orphan+0x240/0x2b4 fs/ext4/orphan.c:360
ext4_orphan_cleanup+0x908/0x104c fs/ext4/orphan.c:474
__ext4_fill_super fs/ext4/super.c:5537 [inline]
ext4_fill_super+0x6920/0x6e34 fs/ext4/super.c:5668
get_tree_bdev+0x358/0x544 fs/super.c:1366
ext4_get_tree+0x28/0x38 fs/ext4/super.c:5698
vfs_get_tree+0x90/0x274 fs/super.c:1573
do_new_mount+0x228/0x810 fs/namespace.c:3069
path_mount+0x5b4/0xe78 fs/namespace.c:3399
do_mount fs/namespace.c:3412 [inline]
__do_sys_mount fs/namespace.c:3620 [inline]
__se_sys_mount fs/namespace.c:3597 [inline]
__arm64_sys_mount+0x49c/0x584 fs/namespace.c:3597
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2482
hardirqs last enabled at (2481): [<ffff800008251ea4>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last enabled at (2481): [<ffff800008251ea4>] finish_lock_switch+0xb0/0x1c4 kernel/sched/core.c:5003
hardirqs last disabled at (2482): [<ffff800011956c70>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (920): [<ffff8000081a967c>] softirq_handle_end kernel/softirq.c:439 [inline]
softirqs last enabled at (920): [<ffff8000081a967c>] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624
softirqs last disabled at (899): [<ffff800008020164>] __do_softirq+0x14/0x20 kernel/softirq.c:630
---[ end trace 0000000000000000 ]---
EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #15: comm syz.4.324: corrupted inode contents
EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #15: comm syz.4.324: corrupted inode contents
EXT4-fs error (device loop4): ext4_evict_inode:327: inode #15: comm syz.4.324: mark_inode_dirty error
EXT4-fs (loop4): 1 orphan inode deleted
EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Sep 6, 2025, 10:02:26 PM (6 days ago) Sep 6
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 28c695c365e1 Linux 6.1.150
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15afd962580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13605134580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/16e807247bf6/disk-28c695c3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a2c735eaf8f9/vmlinux-28c695c3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/080f0096d6c9/Image-28c695c3.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/11b0c7cb95fa/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=11a9a562580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+23ef1f...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 512
Modules linked in:
CPU: 1 PID: 4507 Comm: syz.0.17 Not tainted syzkaller #0
x29: ffff8000213b7060 x28: 00000000ffffffff x27: dfff800000000000
x26: 1fffe0001cac581b x25: ffff700004276dfc x24: 00000000ffffffff
x23: ffff800017a8b000 x22: ffff0000e562bf20 x21: ffffffffffffffff
x20: 0000000000000001 x19: ffff0000e562bee0 x18: ffff800011abbcc0
x17: 0000000000000000 x16: ffff8000082d22d4 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100
x11: ff00800008191ca8 x10: 0000000000000000 x9 : 5d2bfc233d26d100
x8 : 5d2bfc233d26d100 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000213b6a78 x4 : ffff8000151a4820 x3 : ffff80000852e3f8
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
irq event stamp: 4326
hardirqs last enabled at (4325): [<ffff800008308418>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (4326): [<ffff800011956c70>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (4182): [<ffff8000081a967c>] softirq_handle_end kernel/softirq.c:439 [inline]
softirqs last enabled at (4182): [<ffff8000081a967c>] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624
softirqs last disabled at (4127): [<ffff800008020164>] __do_softirq+0x14/0x20 kernel/softirq.c:630
EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
EXT4-fs error (device loop0): ext4_do_update_inode:5254: inode #15: comm syz.0.17: corrupted inode contents
EXT4-fs error (device loop0): ext4_evict_inode:327: inode #15: comm syz.0.17: mark_inode_dirty error
EXT4-fs (loop0): 1 orphan inode deleted
EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 28c695c365e1 Linux 6.1.150
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=23ef1ff7166a7f106a9d
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12ed7a42580000
dashboard link: https://syzkaller.appspot.com/bug?extid=23ef1ff7166a7f106a9d
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13605134580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/16e807247bf6/disk-28c695c3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a2c735eaf8f9/vmlinux-28c695c3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/080f0096d6c9/Image-28c695c3.gz.xz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=11a9a562580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+23ef1f...@syzkaller.appspotmail.com
------------[ cut here ]------------
EA inode 11 ref_count=-1
WARNING: CPU: 1 PID: 4507 at fs/ext4/xattr.c:1016 ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
EA inode 11 ref_count=-1
Modules linked in:
CPU: 1 PID: 4507 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
lr : ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
sp : ffff8000213b6fe0
pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
lr : ext4_xattr_inode_update_ref+0x3dc/0x4ac fs/ext4/xattr.c:1015
x29: ffff8000213b7060 x28: 00000000ffffffff x27: dfff800000000000
x26: 1fffe0001cac581b x25: ffff700004276dfc x24: 00000000ffffffff
x23: ffff800017a8b000 x22: ffff0000e562bf20 x21: ffffffffffffffff
x20: 0000000000000001 x19: ffff0000e562bee0 x18: ffff800011abbcc0
x17: 0000000000000000 x16: ffff8000082d22d4 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100
x11: ff00800008191ca8 x10: 0000000000000000 x9 : 5d2bfc233d26d100
x8 : 5d2bfc233d26d100 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000213b6a78 x4 : ffff8000151a4820 x3 : ffff80000852e3f8
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
hardirqs last enabled at (4325): [<ffff800008308418>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (4326): [<ffff800011956c70>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (4182): [<ffff8000081a967c>] softirq_handle_end kernel/softirq.c:439 [inline]
softirqs last enabled at (4182): [<ffff8000081a967c>] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624
softirqs last disabled at (4127): [<ffff800008020164>] __do_softirq+0x14/0x20 kernel/softirq.c:630
---[ end trace 0000000000000000 ]---
EXT4-fs error (device loop0): ext4_do_update_inode:5254: inode #15: comm syz.0.17: corrupted inode contents
EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
EXT4-fs error (device loop0): ext4_do_update_inode:5254: inode #15: comm syz.0.17: corrupted inode contents
EXT4-fs error (device loop0): ext4_evict_inode:327: inode #15: comm syz.0.17: mark_inode_dirty error
EXT4-fs (loop0): 1 orphan inode deleted
EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Sep 10, 2025, 5:46:27 AM (2 days ago) Sep 10
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: fe9731e10004 Linux 6.6.105
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16be7562580000
kernel config: https://syzkaller.appspot.com/x/.config?x=dac93b93d3de2741
dashboard link: https://syzkaller.appspot.com/bug?extid=48f1b5af9d99f72922d5
disk image: https://storage.googleapis.com/syzbot-assets/0909010aa8be/disk-fe9731e1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c6e9748af850/vmlinux-fe9731e1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ddc345b8caaf/bzImage-fe9731e1.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48f1b5...@syzkaller.appspotmail.com
------------[ cut here ]------------
EA inode 11 ref_count=-1
WARNING: CPU: 0 PID: 13998 at fs/ext4/xattr.c:1065 ext4_xattr_inode_update_ref+0x483/0x580 fs/ext4/xattr.c:1064
Modules linked in:
CPU: 0 PID: 13998 Comm: syz.2.2095 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ext4_xattr_inode_update_ref+0x483/0x580 fs/ext4/xattr.c:1064
Code: 24 50 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 cf 43 9a ff 49 8b 36 48 c7 c7 c0 ce be 8a 48 89 da e8 ad 74 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 d0 fe ff ff
RSP: 0018:ffffc900044cf340 EFLAGS: 00010246
RAX: 4127452664e84d00 RBX: ffffffffffffffff RCX: 0000000000080000
RDX: ffffc9000cf9b000 RSI: 0000000000031323 RDI: 0000000000031324
RBP: ffffc900044cf430 R08: ffffc900044cef47 R09: 1ffff92000899de8
R10: dffffc0000000000 R11: fffff52000899de9 R12: ffff8880751db4b0
R13: dffffc0000000000 R14: ffff8880751db500 R15: ffffc900044cf3a0
FS: 00007f6bc8d616c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffbf7a0de9c CR3: 0000000022597000 CR4: 00000000003506f0
Call Trace:
<TASK>
ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1093 [inline]
ext4_xattr_inode_dec_ref_all+0xa2b/0xf90 fs/ext4/xattr.c:1235
ext4_xattr_delete_inode+0xa45/0xc00 fs/ext4/xattr.c:2963
ext4_evict_inode+0xaa3/0xea0 fs/ext4/inode.c:269
evict+0x486/0x870 fs/inode.c:705
ext4_orphan_cleanup+0xbd4/0x1400 fs/ext4/orphan.c:474
__ext4_fill_super fs/ext4/super.c:5608 [inline]
ext4_fill_super+0x5de7/0x66c0 fs/ext4/super.c:5731
get_tree_bdev+0x3e4/0x510 fs/super.c:1591
vfs_get_tree+0x8c/0x280 fs/super.c:1764
do_new_mount+0x24b/0xa40 fs/namespace.c:3377
do_mount fs/namespace.c:3717 [inline]
__do_sys_mount fs/namespace.c:3926 [inline]
__se_sys_mount+0x2da/0x3c0 fs/namespace.c:3903
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f6bc7f9034a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6bc8d60e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f6bc8d60ef0 RCX: 00007f6bc7f9034a
RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f6bc8d60eb0
RBP: 0000200000000180 R08: 00007f6bc8d60ef0 R09: 000000000080078b
R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0
R13: 00007f6bc8d60eb0 R14: 0000000000000473 R15: 0000200000000680
</TASK>
syzbot found the following issue on:
HEAD commit: fe9731e10004 Linux 6.6.105
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16be7562580000
kernel config: https://syzkaller.appspot.com/x/.config?x=dac93b93d3de2741
dashboard link: https://syzkaller.appspot.com/bug?extid=48f1b5af9d99f72922d5
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0909010aa8be/disk-fe9731e1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c6e9748af850/vmlinux-fe9731e1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ddc345b8caaf/bzImage-fe9731e1.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
EA inode 11 ref_count=-1
Modules linked in:
CPU: 0 PID: 13998 Comm: syz.2.2095 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ext4_xattr_inode_update_ref+0x483/0x580 fs/ext4/xattr.c:1064
Code: 24 50 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 cf 43 9a ff 49 8b 36 48 c7 c7 c0 ce be 8a 48 89 da e8 ad 74 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 d0 fe ff ff
RSP: 0018:ffffc900044cf340 EFLAGS: 00010246
RAX: 4127452664e84d00 RBX: ffffffffffffffff RCX: 0000000000080000
RDX: ffffc9000cf9b000 RSI: 0000000000031323 RDI: 0000000000031324
RBP: ffffc900044cf430 R08: ffffc900044cef47 R09: 1ffff92000899de8
R10: dffffc0000000000 R11: fffff52000899de9 R12: ffff8880751db4b0
R13: dffffc0000000000 R14: ffff8880751db500 R15: ffffc900044cf3a0
FS: 00007f6bc8d616c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffbf7a0de9c CR3: 0000000022597000 CR4: 00000000003506f0
Call Trace:
<TASK>
ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1093 [inline]
ext4_xattr_inode_dec_ref_all+0xa2b/0xf90 fs/ext4/xattr.c:1235
ext4_xattr_delete_inode+0xa45/0xc00 fs/ext4/xattr.c:2963
ext4_evict_inode+0xaa3/0xea0 fs/ext4/inode.c:269
evict+0x486/0x870 fs/inode.c:705
ext4_orphan_cleanup+0xbd4/0x1400 fs/ext4/orphan.c:474
__ext4_fill_super fs/ext4/super.c:5608 [inline]
ext4_fill_super+0x5de7/0x66c0 fs/ext4/super.c:5731
get_tree_bdev+0x3e4/0x510 fs/super.c:1591
vfs_get_tree+0x8c/0x280 fs/super.c:1764
do_new_mount+0x24b/0xa40 fs/namespace.c:3377
do_mount fs/namespace.c:3717 [inline]
__do_sys_mount fs/namespace.c:3926 [inline]
__se_sys_mount+0x2da/0x3c0 fs/namespace.c:3903
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f6bc7f9034a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6bc8d60e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f6bc8d60ef0 RCX: 00007f6bc7f9034a
RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f6bc8d60eb0
RBP: 0000200000000180 R08: 00007f6bc8d60ef0 R09: 000000000080078b
R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0
R13: 00007f6bc8d60eb0 R14: 0000000000000473 R15: 0000200000000680
</TASK>
syzbot
Sep 10, 2025, 5:56:29 AM (2 days ago) Sep 10
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: de9476bb4f1b Linux 5.15.192
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13b0f87c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4aee9f779ad20a6a
dashboard link: https://syzkaller.appspot.com/bug?extid=b56a869e22ff21696a84
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f98a0d0b1f65/disk-de9476bb.raw.xz
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/690c073325bd/vmlinux-de9476bb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/771a90764b1a/bzImage-de9476bb.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
loop0: detected capacity change from 0 to 512
EA inode 11 i_nlink=2
WARNING: CPU: 0 PID: 4320 at fs/ext4/xattr.c:1021 ext4_xattr_inode_update_ref+0x517/0x570 fs/ext4/xattr.c:1019
Modules linked in:
CPU: 1 PID: 4320 Comm: syz.0.1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ext4_xattr_inode_update_ref+0x517/0x570 fs/ext4/xattr.c:1019
Code: 7b 40 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 7b e6 a2 ff 49 8b 37 48 c7 c7 e0 6f 1d 8a 44 89 f2 e8 69 db 84 07 <0f> 0b 48 8b 5c 24 10 4c 8b 7c 24 18 4c 8d 6c 24 60 e9 00 fe ff ff
RSP: 0018:ffffc90005627140 EFLAGS: 00010246
RAX: fe9815033b664f00 RBX: ffff888070bf5260 RCX: 0000000000080000
RDX: ffffc90003ed3000 RSI: 000000000001e776 RDI: 000000000001e777
RBP: ffffc90005627230 R08: dffffc0000000000 R09: ffffed1017204f24
R10: ffffed1017204f24 R11: 1ffff11017204f23 R12: dffffc0000000000
R13: ffffc900056271a0 R14: 0000000000000002 R15: ffff888070bf52a0
FS: 00007f226ef3c6c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f393833ff98 CR3: 0000000026952000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1044 [inline]
ext4_xattr_set_entry+0xed0/0x3d30 fs/ext4/xattr.c:1696
ext4_xattr_ibody_set+0x112/0x330 fs/ext4/xattr.c:2252
ext4_xattr_move_to_block fs/ext4/xattr.c:2639 [inline]
ext4_xattr_make_inode_space fs/ext4/xattr.c:2707 [inline]
ext4_expand_extra_isize_ea+0xf9a/0x19a0 fs/ext4/xattr.c:2799
__ext4_expand_extra_isize+0x301/0x3e0 fs/ext4/inode.c:5887
ext4_try_to_expand_extra_isize fs/ext4/inode.c:5930 [inline]
__ext4_mark_inode_dirty+0x469/0x700 fs/ext4/inode.c:6008
ext4_evict_inode+0xa81/0x1080 fs/ext4/inode.c:282
evict+0x485/0x870 fs/inode.c:647
ext4_orphan_cleanup+0xaa9/0x12e0 fs/ext4/orphan.c:474
ext4_fill_super+0x92f0/0x9a60 fs/ext4/super.c:4975
mount_bdev+0x287/0x3c0 fs/super.c:1400
legacy_get_tree+0xe6/0x180 fs/fs_context.c:611
vfs_get_tree+0x88/0x270 fs/super.c:1530
do_new_mount+0x24a/0xa40 fs/namespace.c:3025
do_mount fs/namespace.c:3368 [inline]
__do_sys_mount fs/namespace.c:3576 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3553
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f2270cd634a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f226ef3be68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f226ef3bef0 RCX: 00007f2270cd634a
RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f226ef3beb0
RBP: 0000200000000180 R08: 00007f226ef3bef0 R09: 0000000000800700
R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
R13: 00007f226ef3beb0 R14: 0000000000000473 R15: 0000200000000680
syzbot
Sep 10, 2025, 5:02:31 PM (2 days ago) Sep 10
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: de9476bb4f1b Linux 5.15.192
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=125a2b12580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124e5d62580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f98a0d0b1f65/disk-de9476bb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/690c073325bd/vmlinux-de9476bb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/771a90764b1a/bzImage-de9476bb.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/69eb2aaded98/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=11b47d62580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b56a86...@syzkaller.appspotmail.com
EXT4-fs warning (device loop0): ext4_xattr_inode_get:509: inode #11: comm syz.0.17: EA inode hash validation failed
EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck.
------------[ cut here ]------------
EA inode 11 ref_count=-1
WARNING: CPU: 1 PID: 4322 at fs/ext4/xattr.c:1016 ext4_xattr_inode_update_ref+0x47b/0x570 fs/ext4/xattr.c:1015
Modules linked in:
CPU: 1 PID: 4322 Comm: syz.0.17 Not tainted syzkaller #0
Code: 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 f7 e8 17 e7 a2 ff 49 8b 36 48 c7 c7 a0 6f 1d 8a 4c 89 e2 e8 05 dc 84 07 <0f> 0b 48 8b 5c 24 10 4c 8b 7c 24 18 4c 8d 6c 24 60 e9 af fe ff ff
RSP: 0018:ffffc90002fdf3a0 EFLAGS: 00010246
RAX: a96745ec3e4e1900 RBX: 00000000ffffffff RCX: ffff88802146d940
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90002fdf490 R08: dffffc0000000000 R09: ffffed1017224f24
R10: ffffed1017224f24 R11: 1ffff11017224f23 R12: ffffffffffffffff
R13: ffffc90002fdf400 R14: ffff88806710f088 R15: 0000000000000001
FS: 0000555585ad3500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
ext4_xattr_delete_inode+0x9f1/0xbb0 fs/ext4/xattr.c:2921
ext4_evict_inode+0xc47/0x1080 fs/ext4/inode.c:299
RAX: ffffffffffffffda RBX: 00007ffff99fb130 RCX: 00007f0f559d834a
RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007ffff99fb0f0
RBP: 0000200000000180 R08: 00007ffff99fb130 R09: 000000000080078b
R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0
R13: 00007ffff99fb0f0 R14: 0000000000000473 R15: 0000200000000680
</TASK>
---
HEAD commit: de9476bb4f1b Linux 5.15.192
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=4aee9f779ad20a6a
dashboard link: https://syzkaller.appspot.com/bug?extid=b56a869e22ff21696a84
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12b74362580000
dashboard link: https://syzkaller.appspot.com/bug?extid=b56a869e22ff21696a84
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124e5d62580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f98a0d0b1f65/disk-de9476bb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/690c073325bd/vmlinux-de9476bb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/771a90764b1a/bzImage-de9476bb.xz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=11b47d62580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b56a86...@syzkaller.appspotmail.com
EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck.
------------[ cut here ]------------
EA inode 11 ref_count=-1
WARNING: CPU: 1 PID: 4322 at fs/ext4/xattr.c:1016 ext4_xattr_inode_update_ref+0x47b/0x570 fs/ext4/xattr.c:1015
Modules linked in:
CPU: 1 PID: 4322 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ext4_xattr_inode_update_ref+0x47b/0x570 fs/ext4/xattr.c:1015
Code: 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 f7 e8 17 e7 a2 ff 49 8b 36 48 c7 c7 a0 6f 1d 8a 4c 89 e2 e8 05 dc 84 07 <0f> 0b 48 8b 5c 24 10 4c 8b 7c 24 18 4c 8d 6c 24 60 e9 af fe ff ff
RSP: 0018:ffffc90002fdf3a0 EFLAGS: 00010246
RAX: a96745ec3e4e1900 RBX: 00000000ffffffff RCX: ffff88802146d940
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90002fdf490 R08: dffffc0000000000 R09: ffffed1017224f24
R10: ffffed1017224f24 R11: 1ffff11017224f23 R12: ffffffffffffffff
R13: ffffc90002fdf400 R14: ffff88806710f088 R15: 0000000000000001
FS: 0000555585ad3500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556caa79e000 CR3: 000000007a6db000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1044 [inline]
ext4_xattr_inode_dec_ref_all+0x982/0xf30 fs/ext4/xattr.c:1186
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1044 [inline]
ext4_xattr_delete_inode+0x9f1/0xbb0 fs/ext4/xattr.c:2921
ext4_evict_inode+0xc47/0x1080 fs/ext4/inode.c:299
evict+0x485/0x870 fs/inode.c:647
ext4_orphan_cleanup+0xaa9/0x12e0 fs/ext4/orphan.c:474
ext4_fill_super+0x92f0/0x9a60 fs/ext4/super.c:4975
mount_bdev+0x287/0x3c0 fs/super.c:1400
legacy_get_tree+0xe6/0x180 fs/fs_context.c:611
vfs_get_tree+0x88/0x270 fs/super.c:1530
do_new_mount+0x24a/0xa40 fs/namespace.c:3025
do_mount fs/namespace.c:3368 [inline]
__do_sys_mount fs/namespace.c:3576 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3553
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f0f559d834a
ext4_orphan_cleanup+0xaa9/0x12e0 fs/ext4/orphan.c:474
ext4_fill_super+0x92f0/0x9a60 fs/ext4/super.c:4975
mount_bdev+0x287/0x3c0 fs/super.c:1400
legacy_get_tree+0xe6/0x180 fs/fs_context.c:611
vfs_get_tree+0x88/0x270 fs/super.c:1530
do_new_mount+0x24a/0xa40 fs/namespace.c:3025
do_mount fs/namespace.c:3368 [inline]
__do_sys_mount fs/namespace.c:3576 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3553
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffff99fb0a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffff99fb130 RCX: 00007f0f559d834a
RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007ffff99fb0f0
RBP: 0000200000000180 R08: 00007ffff99fb130 R09: 000000000080078b
R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0
R13: 00007ffff99fb0f0 R14: 0000000000000473 R15: 0000200000000680
</TASK>
---
syzbot
Sep 10, 2025, 6:49:36 PM (2 days ago) Sep 10
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: fe9731e10004 Linux 6.6.105
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=161a7d62580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13de2b12580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0909010aa8be/disk-fe9731e1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c6e9748af850/vmlinux-fe9731e1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ddc345b8caaf/bzImage-fe9731e1.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/fcfa42ca6db1/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=1488a934580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48f1b5...@syzkaller.appspotmail.com
EXT4-fs warning (device loop0): ext4_xattr_inode_get:559: inode #11: comm syz.0.17: EA inode hash validation failed
EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck.
Modules linked in:
CPU: 1 PID: 5947 Comm: syz.0.17 Not tainted syzkaller #0
RAX: 4ab653cd1c2bb300 RBX: ffffffffffffffff RCX: ffff88801f70bc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: ffffc90003337430 R08: ffffc90003336f47 R09: 1ffff92000666de8
R10: dffffc0000000000 R11: fffff52000666de9 R12: ffff88805fc43eb0
R13: dffffc0000000000 R14: ffff88805fc43f00 R15: ffffc900033373a0
FS: 00005555799c7500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
RAX: ffffffffffffffda RBX: 00007fff6788f640 RCX: 00007fac3079034a
RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fff6788f600
RBP: 0000200000000180 R08: 00007fff6788f640 R09: 000000000080078b
</TASK>
---
HEAD commit: fe9731e10004 Linux 6.6.105
git tree: linux-6.6.y
kernel config: https://syzkaller.appspot.com/x/.config?x=dac93b93d3de2741
dashboard link: https://syzkaller.appspot.com/bug?extid=48f1b5af9d99f72922d5
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1288a934580000
dashboard link: https://syzkaller.appspot.com/bug?extid=48f1b5af9d99f72922d5
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13de2b12580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0909010aa8be/disk-fe9731e1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c6e9748af850/vmlinux-fe9731e1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ddc345b8caaf/bzImage-fe9731e1.xz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=1488a934580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48f1b5...@syzkaller.appspotmail.com
EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck.
------------[ cut here ]------------
EA inode 11 ref_count=-1
WARNING: CPU: 1 PID: 5947 at fs/ext4/xattr.c:1065 ext4_xattr_inode_update_ref+0x483/0x580 fs/ext4/xattr.c:1064
EA inode 11 ref_count=-1
Modules linked in:
CPU: 1 PID: 5947 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ext4_xattr_inode_update_ref+0x483/0x580 fs/ext4/xattr.c:1064
Code: 24 50 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 cf 43 9a ff 49 8b 36 48 c7 c7 c0 ce be 8a 48 89 da e8 ad 74 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 d0 fe ff ff
RSP: 0018:ffffc90003337340 EFLAGS: 00010246
RIP: 0010:ext4_xattr_inode_update_ref+0x483/0x580 fs/ext4/xattr.c:1064
Code: 24 50 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 cf 43 9a ff 49 8b 36 48 c7 c7 c0 ce be 8a 48 89 da e8 ad 74 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 d0 fe ff ff
RAX: 4ab653cd1c2bb300 RBX: ffffffffffffffff RCX: ffff88801f70bc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: ffffc90003337430 R08: ffffc90003336f47 R09: 1ffff92000666de8
R10: dffffc0000000000 R11: fffff52000666de9 R12: ffff88805fc43eb0
R13: dffffc0000000000 R14: ffff88805fc43f00 R15: ffffc900033373a0
FS: 00005555799c7500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f699773f000 CR3: 0000000078d0a000 CR4: 00000000003506e0
Call Trace:
<TASK>
ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1093 [inline]
ext4_xattr_inode_dec_ref_all+0xa2b/0xf90 fs/ext4/xattr.c:1235
ext4_xattr_delete_inode+0xa45/0xc00 fs/ext4/xattr.c:2963
ext4_evict_inode+0xaa3/0xea0 fs/ext4/inode.c:269
evict+0x486/0x870 fs/inode.c:705
ext4_orphan_cleanup+0xbd4/0x1400 fs/ext4/orphan.c:474
__ext4_fill_super fs/ext4/super.c:5608 [inline]
ext4_fill_super+0x5de7/0x66c0 fs/ext4/super.c:5731
get_tree_bdev+0x3e4/0x510 fs/super.c:1591
vfs_get_tree+0x8c/0x280 fs/super.c:1764
do_new_mount+0x24b/0xa40 fs/namespace.c:3377
do_mount fs/namespace.c:3717 [inline]
__do_sys_mount fs/namespace.c:3926 [inline]
__se_sys_mount+0x2da/0x3c0 fs/namespace.c:3903
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fac3079034a
<TASK>
ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1093 [inline]
ext4_xattr_inode_dec_ref_all+0xa2b/0xf90 fs/ext4/xattr.c:1235
ext4_xattr_delete_inode+0xa45/0xc00 fs/ext4/xattr.c:2963
ext4_evict_inode+0xaa3/0xea0 fs/ext4/inode.c:269
evict+0x486/0x870 fs/inode.c:705
ext4_orphan_cleanup+0xbd4/0x1400 fs/ext4/orphan.c:474
__ext4_fill_super fs/ext4/super.c:5608 [inline]
ext4_fill_super+0x5de7/0x66c0 fs/ext4/super.c:5731
get_tree_bdev+0x3e4/0x510 fs/super.c:1591
vfs_get_tree+0x8c/0x280 fs/super.c:1764
do_new_mount+0x24b/0xa40 fs/namespace.c:3377
do_mount fs/namespace.c:3717 [inline]
__do_sys_mount fs/namespace.c:3926 [inline]
__se_sys_mount+0x2da/0x3c0 fs/namespace.c:3903
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff6788f5b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fff6788f640 RCX: 00007fac3079034a
RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fff6788f600
RBP: 0000200000000180 R08: 00007fff6788f640 R09: 000000000080078b
R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0
R13: 00007fff6788f600 R14: 0000000000000473 R15: 0000200000000680
</TASK>
---
Reply all
Reply to author
Forward
0 new messages