loop0: detected capacity change from 0 to 512 ------------[ cut here ]------------ EA inode 11 i_nlink=65535 WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x478/0x480 fs/ext4/xattr.c:1057, CPU#1: syz.0.17/4943 Modules linked in: CPU: 1 UID: 0 PID: 4943 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : ext4_xattr_inode_update_ref+0x478/0x480 fs/ext4/xattr.c:1057 lr : ext4_xattr_inode_update_ref+0x478/0x480 fs/ext4/xattr.c:1057 sp : ffff800097376d00 x29: ffff800097376db0 x28: 0000000000000000 x27: 1fffe0001e4b31af x26: dfff800000000000 x25: ffff800097376d20 x24: ffff700012e6eda4 x23: ffff800089fbe000 x22: ffff0000f2598bd0 x21: 000000000000ffff x20: 0000000000000001 x19: ffff0000f2598b90 x18: 00000000ffffffff x17: ffff80008a188c80 x16: ffff80008a49e4f8 x15: ffff0000d43d6250 x14: ffff0000d43d6230 x13: 0000000000000001 x12: 0000000000000000 x11: 0000000000000719 x10: 0000000000ff0100 x9 : 692f2b69de8ed800 x8 : 692f2b69de8ed800 x7 : ffff80008047d308 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802f1b8c x2 : 0000000100000000 x1 : ffff0000d43d5700 x0 : 0000000000000000 Call trace: ext4_xattr_inode_update_ref+0x478/0x480 fs/ext4/xattr.c:1057 (P) ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1082 [inline] ext4_xattr_set_entry+0x918/0x15a0 fs/ext4/xattr.c:1726 ext4_xattr_ibody_set+0x214/0x4bc fs/ext4/xattr.c:2275 ext4_xattr_move_to_block fs/ext4/xattr.c:2678 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2746 [inline] ext4_expand_extra_isize_ea+0xb60/0x13a0 fs/ext4/xattr.c:2834 __ext4_expand_extra_isize+0x29c/0x370 fs/ext4/inode.c:6434 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6477 [inline] __ext4_mark_inode_dirty+0x3a4/0x810 fs/ext4/inode.c:6555 ext4_evict_inode+0x7a0/0xfc4 fs/ext4/inode.c:267 evict+0x4b8/0x740 fs/inode.c:841 iput_final fs/inode.c:1960 [inline] iput+0x858/0xb90 fs/inode.c:2009 ext4_process_orphan+0x240/0x2b4 fs/ext4/orphan.c:358 ext4_orphan_cleanup+0x7b8/0xd30 fs/ext4/orphan.c:472 __ext4_fill_super fs/ext4/super.c:5701 [inline] ext4_fill_super+0x45a4/0x4d60 fs/ext4/super.c:5824 get_tree_bdev_flags+0x380/0x434 fs/super.c:1694 get_tree_bdev+0x2c/0x3c fs/super.c:1717 ext4_get_tree+0x28/0x38 fs/ext4/super.c:5856 vfs_get_tree+0x90/0x28c fs/super.c:1754 fc_mount+0x24/0xac fs/namespace.c:1193 do_new_mount_fc fs/namespace.c:3758 [inline] do_new_mount+0x2a4/0x540 fs/namespace.c:3834 path_mount+0x5d0/0xa68 fs/namespace.c:4154 do_mount+0xe8/0x148 fs/namespace.c:4167 __do_sys_mount fs/namespace.c:4383 [inline] __se_sys_mount fs/namespace.c:4360 [inline] __arm64_sys_mount+0x334/0x380 fs/namespace.c:4360 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 irq event stamp: 2678 hardirqs last enabled at (2677): [] irqentry_exit_to_kernel_mode_after_preempt include/linux/irq-entry-common.h:507 [inline] hardirqs last enabled at (2677): [] arm64_exit_to_kernel_mode+0x80/0x94 arch/arm64/kernel/entry-common.c:62 hardirqs last disabled at (2678): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:425 softirqs last enabled at (1932): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (1932): [] handle_softirqs+0xbc4/0xd34 kernel/softirq.c:650 softirqs last disabled at (1915): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) loop0: lost file I/O error report for ino 18 type 5 pos 0x0 len 0x0 error -117 EXT4-fs (loop0): Remounting filesystem read-only EXT4-fs warning (device loop0): ext4_evict_inode:287: xattr delete (err -30) EXT4-fs (loop0): 1 orphan inode deleted EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.