[syzbot] [ext4?] WARNING in ext4_xattr_inode_update_ref

[syzbot] [ext4?] WARNING in ext4_xattr_inode_update_ref

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    9dd1835ecda5 Merge tag 'dma-mapping-6.17-2025-09-09' of gi..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17e0f87c580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=429771c55b615e85
dashboard link: https://syzkaller.appspot.com/bug?extid=0be4f339a8218d2a5bb1
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1617c934580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10eba642580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/63dc392685dc/disk-9dd1835e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3dfcfb97806e/vmlinux-9dd1835e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ddb10128aeb8/bzImage-9dd1835e.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/39ec3165daa7/mount_0.gz
  fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=16fecb12580000)

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0be4f339a8218d2a5bb1@syzkaller.appspotmail.com

EXT4-fs warning (device loop0): ext4_xattr_inode_get:556: inode #11: comm syz.0.17: EA inode hash validation failed
EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
------------[ cut here ]------------
EA inode 11 ref_count=-1
WARNING: CPU: 1 PID: 6111 at fs/ext4/xattr.c:1048 ext4_xattr_inode_update_ref+0x44b/0x5d0 fs/ext4/xattr.c:1047
Modules linked in:
CPU: 1 UID: 0 PID: 6111 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:ext4_xattr_inode_update_ref+0x44b/0x5d0 fs/ext4/xattr.c:1047
Code: 78 40 4c 89 f8 48 c1 e8 03 80 3c 18 00 74 08 4c 89 ff e8 e8 05 a2 ff 49 8b 37 48 c7 c7 20 6d 1f 8b 4c 89 ea e8 06 9b 07 ff 90 <0f> 0b 90 90 48 bb 00 00 00 00 00 fc ff df 4c 8b 74 24 20 4c 8b 6c
RSP: 0018:ffffc90003fef2e0 EFLAGS: 00010246
RAX: c3a43c61d4524a00 RBX: dffffc0000000000 RCX: ffff888056a79dc0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003fef3d0 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed1017124863 R12: ffffc90003fef340
R13: ffffffffffffffff R14: 00000000ffffffff R15: ffff888042eaee10
FS:  0000555558b13500(0000) GS:ffff8881269bf000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f92c9cf3000 CR3: 0000000056d94000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1076 [inline]
 ext4_xattr_inode_dec_ref_all+0x867/0xda0 fs/ext4/xattr.c:1218
 ext4_xattr_delete_inode+0xa4c/0xc10 fs/ext4/xattr.c:2942
 ext4_evict_inode+0xac9/0xee0 fs/ext4/inode.c:271
 evict+0x504/0x9c0 fs/inode.c:810
 ext4_orphan_cleanup+0xc20/0x1460 fs/ext4/orphan.c:474
 __ext4_fill_super fs/ext4/super.c:5609 [inline]
 ext4_fill_super+0x57fa/0x60b0 fs/ext4/super.c:5728
 get_tree_bdev_flags+0x40e/0x4d0 fs/super.c:1692
 vfs_get_tree+0x8f/0x2b0 fs/super.c:1815
 do_new_mount+0x2a2/0x9e0 fs/namespace.c:3808
 do_mount fs/namespace.c:4136 [inline]
 __do_sys_mount fs/namespace.c:4347 [inline]
 __se_sys_mount+0x317/0x410 fs/namespace.c:4324
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f07d069034a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffeedf2c668 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffeedf2c6f0 RCX: 00007f07d069034a
RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007ffeedf2c6b0
RBP: 0000200000000180 R08: 00007ffeedf2c6f0 R09: 000000000080078b
R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0
R13: 00007ffeedf2c6b0 R14: 0000000000000473 R15: 0000200000000680
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [ext4?] WARNING in ext4_xattr_inode_update_ref

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+0be4f339a8218d2a5bb1@syzkaller.appspotmail.com
Tested-by: syzbot+0be4f339a8218d2a5bb1@syzkaller.appspotmail.com

Tested on:

commit:         992d4e48 Merge tag 'probes-fixes-v6.17-rc6' of git://g..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=102e8712580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=0be4f339a8218d2a5bb1
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=12b0ae42580000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ext4?] WARNING in ext4_xattr_inode_update_ref

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING: lock held when returning to user space in ext4_xattr_inode_update_ref

EXT4-fs (loop0): 1 orphan inode deleted
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
================================================
WARNING: lock held when returning to user space!
syzkaller #0 Not tainted
------------------------------------------------
syz.0.17/6582 is leaving the kernel with locks still held!
1 lock held by syz.0.17/6582:
 #0: ffff88805849d798 (&sb->s_type->i_mutex_key#8/3){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:915 [inline]
 #0: ffff88805849d798 (&sb->s_type->i_mutex_key#8/3){+.+.}-{4:4}, at: ext4_xattr_inode_update_ref+0xad/0x650 fs/ext4/xattr.c:1025


Tested on:

commit:         592a93fe Merge tag '6.17-rc6-ksmbd-fixes' of git://git..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13caef62580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=0be4f339a8218d2a5bb1
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14c58712580000

Re: [syzbot] [ext4?] WARNING in ext4_xattr_inode_update_ref

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+0be4f339a8218d2a5bb1@syzkaller.appspotmail.com
Tested-by: syzbot+0be4f339a8218d2a5bb1@syzkaller.appspotmail.com

Tested on:

commit:         592a93fe Merge tag '6.17-rc6-ksmbd-fixes' of git://git..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16e6ae42580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=0be4f339a8218d2a5bb1
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=15a95f62580000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ext4?] WARNING in ext4_xattr_inode_update_ref

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+0be4f339a8218d2a5bb1@syzkaller.appspotmail.com
Tested-by: syzbot+0be4f339a8218d2a5bb1@syzkaller.appspotmail.com

Tested on:

commit:         cd89d487 Merge tag '6.17-rc6-smb3-client-fixes' of git..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=167ca0e2580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=0be4f339a8218d2a5bb1
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14551858580000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ext4?] WARNING in ext4_xattr_inode_update_ref

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+0be4f339a8218d2a5bb1@syzkaller.appspotmail.com
Tested-by: syzbot+0be4f339a8218d2a5bb1@syzkaller.appspotmail.com

Tested on:

commit:         4ea5af08 Merge tag 'pm-6.17-rc8' of git://git.kernel.o..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=149bad34580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=0be4f339a8218d2a5bb1
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14251ce2580000

Note: testing is done by a robot and is best-effort only.