------------[ cut here ]------------
WARNING: CPU: 1 PID: 3705 at fs/ext4/inode.c:5223 ext4_write_inode+0x333/0x570 fs/ext4/inode.c:5223
Modules linked in:
CPU: 3 PID: 3705 Comm: syz-executor.1 Not tainted 6.0.0-rc3-syzkaller-00107-g42e66b1cc3a0 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
RIP: 0010:ext4_write_inode+0x333/0x570 fs/ext4/inode.c:5223
Code: b6 04 02 84 c0 74 08 3c 03 0f 8e 28 02 00 00 8b b5 b0 06 00 00 4c 89 f7 e8 da 83 12 00 41 89 c4 e9 ed fd ff ff e8 0d 9c 60 ff <0f> 0b 45 31 e4 e9 de fd ff ff e8 fe 9b 60 ff 48 89 ef 48 8d 74 24
RSP: 0018:ffffc90003d5e8f8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff920007abd1f RCX: 0000000000000000
RDX: ffff88801a198000 RSI: ffffffff821b6e23 RDI: 0000000000000005
RBP: ffff88801de8d2f0 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000800 R11: 0000000000000000 R12: 0000000000000800
R13: ffffc90003d5ea70 R14: dffffc0000000000 R15: ffff88801de8d318
FS:  0000000000000000(0000) GS:ffff88802cb00000(0063) knlGS:0000000057e4f380
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 000000003342a000 CR3: 0000000071416000 CR4: 0000000000150ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 write_inode fs/fs-writeback.c:1440 [inline]
 __writeback_single_inode+0xb5c/0x10b0 fs/fs-writeback.c:1652
 writeback_single_inode+0x2ad/0x4c0 fs/fs-writeback.c:1708
 write_inode_now+0x16a/0x1e0 fs/fs-writeback.c:2723
 iput_final fs/inode.c:1735 [inline]
 iput.part.0+0x45b/0x810 fs/inode.c:1774
 iput+0x58/0x70 fs/inode.c:1764
 dentry_unlink_inode+0x2b1/0x460 fs/dcache.c:401
 __dentry_kill+0x3c0/0x640 fs/dcache.c:607
 dentry_kill fs/dcache.c:745 [inline]
 dput+0x64d/0xdb0 fs/dcache.c:913
 ovl_destroy_inode+0x38/0x110 fs/overlayfs/super.c:208
 destroy_inode+0xc4/0x1b0 fs/inode.c:310
 iput_final fs/inode.c:1748 [inline]
 iput.part.0+0x55d/0x810 fs/inode.c:1774
 iput+0x58/0x70 fs/inode.c:1764
 dentry_unlink_inode+0x2b1/0x460 fs/dcache.c:401
 __dentry_kill+0x3c0/0x640 fs/dcache.c:607
 shrink_dentry_list+0x23c/0x800 fs/dcache.c:1201
 prune_dcache_sb+0xe7/0x140 fs/dcache.c:1282
 super_cache_scan+0x336/0x590 fs/super.c:104
 do_shrink_slab+0x428/0xbd0 mm/vmscan.c:831
 shrink_slab_memcg mm/vmscan.c:900 [inline]
 shrink_slab+0x3e9/0x6f0 mm/vmscan.c:979
 shrink_node_memcgs mm/vmscan.c:3182 [inline]
 shrink_node+0x8c9/0x1e80 mm/vmscan.c:3304
 shrink_zones mm/vmscan.c:3542 [inline]
 do_try_to_free_pages+0x3b4/0x17a0 mm/vmscan.c:3601
 try_to_free_mem_cgroup_pages+0x364/0x960 mm/vmscan.c:3916
 reclaim_high.constprop.0+0x182/0x230 mm/memcontrol.c:2335
 mem_cgroup_handle_over_high+0x18c/0x510 mm/memcontrol.c:2520
 try_charge_memcg+0xe7b/0x13f0 mm/memcontrol.c:2758
 obj_cgroup_charge_pages mm/memcontrol.c:3040 [inline]
 obj_cgroup_charge+0x2ab/0x5e0 mm/memcontrol.c:3330
 memcg_slab_pre_alloc_hook mm/slab.h:496 [inline]
 slab_pre_alloc_hook mm/slab.h:705 [inline]
 slab_alloc_node mm/slub.c:3157 [inline]
 slab_alloc mm/slub.c:3251 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3258 [inline]
 kmem_cache_alloc_lru+0x13e/0x720 mm/slub.c:3275
 alloc_inode_sb include/linux/fs.h:3103 [inline]
 ext4_alloc_inode+0x24/0x650 fs/ext4/super.c:1327
 alloc_inode+0x61/0x230 fs/inode.c:260
 iget_locked+0x1b7/0x6f0 fs/inode.c:1287
 __ext4_iget+0x3a1/0x4140 fs/ext4/inode.c:4768
 ext4_lookup fs/ext4/namei.c:1831 [inline]
 ext4_lookup+0x383/0x700 fs/ext4/namei.c:1806
 __lookup_slow+0x24c/0x460 fs/namei.c:1685
 lookup_slow fs/namei.c:1702 [inline]
 walk_component+0x33f/0x5a0 fs/namei.c:1993
 lookup_last fs/namei.c:2450 [inline]
 path_lookupat+0x1ba/0x840 fs/namei.c:2474
 filename_lookup+0x1ce/0x590 fs/namei.c:2503
 user_path_at_empty+0x42/0x60 fs/namei.c:2876
 user_path_at include/linux/namei.h:57 [inline]
 ksys_umount fs/namespace.c:1822 [inline]
 __do_sys_umount fs/namespace.c:1830 [inline]
 __se_sys_umount fs/namespace.c:1828 [inline]
 __ia32_sys_umount+0xf8/0x180 fs/namespace.c:1828
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
 entry_SYSENTER_compat_after_hwframe+0x70/0x82
RIP: 0023:0xf7f6c549
Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000fffbaa2c EFLAGS: 00000296 ORIG_RAX: 0000000000000034
RAX: ffffffffffffffda RBX: 00000000fffbaad0 RCX: 000000000000000a
RDX: 00000000f6f37000 RSI: 0000000000000000 RDI: 00000000f6eaf68e
RBP: 00000000fffbaad0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	03 74 c0 01          	add    0x1(%rax,%rax,8),%esi
   4:	10 05 03 74 b8 01    	adc    %al,0x1b87403(%rip)        # 0x1b8740d
   a:	10 06                	adc    %al,(%rsi)
   c:	03 74 b4 01          	add    0x1(%rsp,%rsi,4),%esi
  10:	10 07                	adc    %al,(%rdi)
  12:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
  16:	10 08                	adc    %cl,(%rax)
  18:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
  1c:	00 00                	add    %al,(%rax)
  1e:	00 00                	add    %al,(%rax)
  20:	00 51 52             	add    %dl,0x52(%rcx)
  23:	55                   	push   %rbp
  24:	89 e5                	mov    %esp,%ebp
  26:	0f 34                	sysenter
  28:	cd 80                	int    $0x80
* 2a:	5d                   	pop    %rbp <-- trapping instruction
  2b:	5a                   	pop    %rdx
  2c:	59                   	pop    %rcx
  2d:	c3                   	retq
  2e:	90                   	nop
  2f:	90                   	nop
  30:	90                   	nop
  31:	90                   	nop
  32:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  39:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi