program: r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@nogrpid}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000c40)=@mangle={'mangle\x00', 0x8, 0x6, 0x4f0, 0x780, 0xf8, 0x0, 0xf8, 0x780, 0x8a0, 0x8a0, 0x8a0, 0x8a0, 0x8a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@ipv6={@dev, @loopback, [], [], 'pimreg0\x00', 'veth1_macvtap\x00'}, 0x0, 0xa8, 0xe0, 0x0, {0x5002}}, @common=@inet=@SET3={0x38}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x550) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000380)=ANY=[@ANYRES8=r0, @ANYRESDEC=r0], 0xfe37, 0x0) r1 = creat(&(0x7f0000000140)='./file2\x00', 0x1ad) unlink(&(0x7f0000000180)='./file1\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r3, 0x2, 0xf2}, [@NDA_LLADDR={0xa, 0x2, @dev}]}, 0x28}}, 0x0) getsockname$packet(r1, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000580)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000005c0)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000680)={'ip6gre0\x00', &(0x7f0000000600)={'syztnl0\x00', 0x0, 0x4, 0x4, 0x7, 0x9, 0x20, @private2, @mcast2, 0x20, 0x40, 0x3ff, 0x1000}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000740)={'ip6gre0\x00', &(0x7f00000006c0)={'syztnl2\x00', 0x0, 0x2f, 0x2, 0xe, 0xad, 0x4a, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @broadcast}, 0x40, 0x10, 0x5, 0x1}}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r1, 0x58, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000008c0)={'ip6tnl0\x00', &(0x7f0000000840)={'ip6tnl0\x00', 0x0, 0x2f, 0x8, 0x7f, 0x2, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2={0xfc, 0x2, '\x00', 0x1}, 0x700, 0x8000, 0x1c}}) r10 = socket(0x10, 0x3, 0x0) r11 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x50, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x1c, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x3}, @TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x4}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0xa}]}}]}, 0x50}}, 0x0) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000900)={0x0, @loopback, @broadcast}, &(0x7f00000011c0)=0xc) r14 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f00000011c0)={'hsr0\x00', 0x0}) sendto$packet(r14, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x11, 0x8100, r15, 0x1, 0x0, 0x6, @dev}, 0x14) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000001240)={'syztnl1\x00', &(0x7f0000001200)={'gre0\x00', 0x0, 0x10, 0x7, 0x0, 0x5, {{0x6, 0x4, 0x0, 0x16, 0x18, 0x68, 0x0, 0xfa, 0x29, 0x0, @loopback, @empty, {[@end]}}}}}) r17 = socket$nl_route(0x10, 0x3, 0x0) r18 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r18, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r17, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8007}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r19}]}, 0x3c}}, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000001280)={@multicast1, @rand_addr, 0x0}, &(0x7f00000012c0)=0xc) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000001300)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_GET(r1, &(0x7f00000015c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x410c8c9}, 0xc, &(0x7f0000001580)={&(0x7f0000001340)={0x20c, 0x0, 0x714, 0xfffffffc, 0x25dfdbfe, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r19}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r20}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r21}]}]}, 0x20c}, 0x1, 0x0, 0x0, 0x20000040}, 0x80) [ 59.643038][ T5321] loop0: detected capacity change from 0 to 512 [ 59.696624][ T5305] Bluetooth: hci0: command tx timeout [ 59.714653][ T5321] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 59.738150][ T5321] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 59.778669][ T5321] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 59.801822][ T5321] System zones: 1-12 [ 59.824934][ T5321] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 59.831430][ T5321] EXT4-fs (loop0): 1 truncate cleaned up [ 59.839120][ T5321] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.887196][ T5321] ================================================================== [ 59.890187][ T5321] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x8ce/0x1f60 [ 59.893862][ T5321] Read of size 18446744073709551572 at addr ffff888040da7850 by task syz.0.0/5321 [ 59.901620][ T5321] [ 59.902803][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 [ 59.908237][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.913877][ T5321] Call Trace: [ 59.915153][ T5321] [ 59.916319][ T5321] dump_stack_lvl+0x241/0x360 [ 59.918265][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.920183][ T5321] ? __pfx__printk+0x10/0x10 [ 59.921847][ T5321] ? _printk+0xd5/0x120 [ 59.923335][ T5321] ? __virt_addr_valid+0x183/0x530 [ 59.925100][ T5321] ? __virt_addr_valid+0x183/0x530 [ 59.926943][ T5321] print_report+0x169/0x550 [ 59.929524][ T5321] ? __virt_addr_valid+0x183/0x530 [ 59.932372][ T5321] ? __virt_addr_valid+0x183/0x530 [ 59.936256][ T5321] ? __virt_addr_valid+0x45f/0x530 [ 59.938542][ T5321] ? __phys_addr+0xba/0x170 [ 59.940784][ T5321] ? ext4_xattr_set_entry+0x8ce/0x1f60 [ 59.943701][ T5321] kasan_report+0x143/0x180 [ 59.946217][ T5321] ? __x64_sys_unlink+0x47/0x50 [ 59.948379][ T5321] ? ext4_xattr_set_entry+0x8ce/0x1f60 [ 59.950645][ T5321] ? ext4_xattr_set_entry+0x8ce/0x1f60 [ 59.953246][ T5321] kasan_check_range+0x282/0x290 [ 59.956849][ T5321] ? ext4_xattr_set_entry+0x8ce/0x1f60 [ 59.961315][ T5321] __asan_memmove+0x29/0x70 [ 59.964883][ T5321] ext4_xattr_set_entry+0x8ce/0x1f60 [ 59.967815][ T5321] ? __pfx_ext4_xattr_set_entry+0x10/0x10 [ 59.969842][ T5321] ? trace_kmalloc+0x1f/0xd0 [ 59.971547][ T5321] ? kmemdup_noprof+0x45/0x60 [ 59.973211][ T5321] ? __asan_memcpy+0x40/0x70 [ 59.974849][ T5321] ext4_xattr_block_set+0xa39/0x3980 [ 59.976694][ T5321] ? __pfx_ext4_xattr_block_set+0x10/0x10 [ 59.978699][ T5321] ? ext4_xattr_block_find+0x479/0x520 [ 59.980949][ T5321] ext4_expand_extra_isize_ea+0x12d7/0x1cf0 [ 59.983403][ T5321] ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10 [ 59.986001][ T5321] ? down_write_trylock+0x209/0x3b0 [ 59.988094][ T5321] ? __ext4_mark_inode_dirty+0x491/0x880 [ 59.990348][ T5321] ? dquot_initialize_needed+0x130/0x320 [ 59.992839][ T5321] __ext4_expand_extra_isize+0x2fb/0x3e0 [ 59.995754][ T5321] __ext4_mark_inode_dirty+0x524/0x880 [ 60.000283][ T5321] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 60.003271][ T5321] ? ext4_journal_check_start+0x175/0x250 [ 60.005926][ T5321] __ext4_unlink+0x6c2/0xb50 [ 60.007769][ T5321] ? __pfx___ext4_unlink+0x10/0x10 [ 60.011289][ T5321] ? down_write+0x18c/0x220 [ 60.014119][ T5321] ? __pfx_down_write+0x10/0x10 [ 60.018570][ T5321] ext4_unlink+0x1bf/0x5a0 [ 60.021237][ T5321] vfs_unlink+0x365/0x650 [ 60.023315][ T5321] do_unlinkat+0x4ae/0x830 [ 60.025489][ T5321] ? __pfx_do_unlinkat+0x10/0x10 [ 60.027979][ T5321] ? __might_fault+0xaa/0x120 [ 60.029903][ T5321] ? __might_fault+0xc6/0x120 [ 60.031668][ T5321] ? strncpy_from_user+0x13a/0x260 [ 60.033727][ T5321] ? getname_flags+0x1e3/0x540 [ 60.035635][ T5321] __x64_sys_unlink+0x47/0x50 [ 60.037538][ T5321] do_syscall_64+0xf3/0x230 [ 60.039279][ T5321] ? clear_bhb_loop+0x35/0x90 [ 60.041102][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.043434][ T5321] RIP: 0033:0x7f11c837e719 [ 60.045474][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.052214][ T5321] RSP: 002b:00007f11c90a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 60.055261][ T5321] RAX: ffffffffffffffda RBX: 00007f11c8535f80 RCX: 00007f11c837e719 [ 60.058321][ T5321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 60.061449][ T5321] RBP: 00007f11c83f175e R08: 0000000000000000 R09: 0000000000000000 [ 60.065266][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.068472][ T5321] R13: 0000000000000000 R14: 00007f11c8535f80 R15: 00007ffc05a2de98 [ 60.071932][ T5321] [ 60.073484][ T5321] [ 60.074626][ T5321] Allocated by task 5321: [ 60.076657][ T5321] kasan_save_track+0x3f/0x80 [ 60.094838][ T5321] __kasan_kmalloc+0x98/0xb0 [ 60.098297][ T5321] __kmalloc_node_track_caller_noprof+0x225/0x440 [ 60.110219][ T5321] kmemdup_noprof+0x2a/0x60 [ 60.112083][ T5321] ext4_xattr_block_set+0x88b/0x3980 [ 60.114281][ T5321] ext4_expand_extra_isize_ea+0x12d7/0x1cf0 [ 60.116812][ T5321] __ext4_expand_extra_isize+0x2fb/0x3e0 [ 60.132978][ T5321] __ext4_mark_inode_dirty+0x524/0x880 [ 60.134956][ T5321] __ext4_unlink+0x6c2/0xb50 [ 60.136626][ T5321] ext4_unlink+0x1bf/0x5a0 [ 60.138205][ T5321] vfs_unlink+0x365/0x650 [ 60.139737][ T5321] do_unlinkat+0x4ae/0x830 [ 60.163779][ T5321] __x64_sys_unlink+0x47/0x50 [ 60.165643][ T5321] do_syscall_64+0xf3/0x230 [ 60.167616][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.184810][ T5321] [ 60.185667][ T5321] The buggy address belongs to the object at ffff888040da7800 [ 60.185667][ T5321] which belongs to the cache kmalloc-1k of size 1024 [ 60.191496][ T5321] The buggy address is located 80 bytes inside of [ 60.191496][ T5321] 1024-byte region [ffff888040da7800, ffff888040da7c00) [ 60.209804][ T5321] [ 60.210786][ T5321] The buggy address belongs to the physical page: [ 60.213341][ T5321] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40da4 [ 60.217074][ T5321] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 60.222349][ T5321] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 60.241533][ T5321] page_type: f5(slab) [ 60.243160][ T5321] raw: 04fff00000000040 ffff88801ac41dc0 dead000000000122 0000000000000000 [ 60.247067][ T5321] raw: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 60.250054][ T5321] head: 04fff00000000040 ffff88801ac41dc0 dead000000000122 0000000000000000 [ 60.253122][ T5321] head: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 60.268372][ T5321] head: 04fff00000000002 ffffea0001036901 ffffffffffffffff 0000000000000000 [ 60.271677][ T5321] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 60.275226][ T5321] page dumped because: kasan: bad access detected [ 60.277810][ T5321] page_owner tracks the page as allocated [ 60.279949][ T5321] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5321, tgid 5320 (syz.0.0), ts 59824433807, free_ts 59801791739 [ 60.302950][ T5321] post_alloc_hook+0x1f3/0x230 [ 60.325349][ T5321] get_page_from_freelist+0x3649/0x3790 [ 60.327494][ T5321] __alloc_pages_noprof+0x292/0x710 [ 60.329356][ T5321] alloc_pages_mpol_noprof+0x3e8/0x680 [ 60.331330][ T5321] alloc_slab_page+0x6a/0x140 [ 60.333181][ T5321] allocate_slab+0x5a/0x2f0 [ 60.334981][ T5321] ___slab_alloc+0xcd1/0x14b0 [ 60.336830][ T5321] __slab_alloc+0x58/0xa0 [ 60.338506][ T5321] __kmalloc_noprof+0x25a/0x400 [ 60.361055][ T5321] ext4_xattr_block_set+0x453/0x3980 [ 60.363057][ T5321] ext4_expand_extra_isize_ea+0x12d7/0x1cf0 [ 60.365165][ T5321] __ext4_expand_extra_isize+0x2fb/0x3e0 [ 60.367079][ T5321] __ext4_mark_inode_dirty+0x524/0x880 [ 60.369505][ T5321] ext4_inline_data_truncate+0x83f/0xcf0 [ 60.372650][ T5321] ext4_truncate+0x3ca/0x11c0 [ 60.374759][ T5321] ext4_process_orphan+0x1aa/0x2d0 [ 60.377065][ T5321] page last free pid 5321 tgid 5320 stack trace: [ 60.379650][ T5321] free_unref_page+0xdf9/0x1140 [ 60.384038][ T5321] stack_depot_save_flags+0x6f6/0x830 [ 60.391016][ T5321] kasan_save_track+0x51/0x80 [ 60.394052][ T5321] __kasan_slab_alloc+0x66/0x80 [ 60.396414][ T5321] kmem_cache_alloc_noprof+0x135/0x2a0 [ 60.400411][ T5321] add_system_zone+0x12b/0x650 [ 60.417156][ T5321] ext4_setup_system_zone+0x2c4/0xdb0 [ 60.419242][ T5321] ext4_fill_super+0x5e06/0x6e60 [ 60.423488][ T5321] get_tree_bdev_flags+0x48c/0x5c0 [ 60.425613][ T5321] vfs_get_tree+0x90/0x2b0 [ 60.427451][ T5321] do_new_mount+0x2be/0xb40 [ 60.429305][ T5321] __se_sys_mount+0x2d6/0x3c0 [ 60.431163][ T5321] do_syscall_64+0xf3/0x230 [ 60.454163][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.456318][ T5321] [ 60.457198][ T5321] Memory state around the buggy address: [ 60.459143][ T5321] ffff888040da7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.461937][ T5321] ffff888040da7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.464791][ T5321] >ffff888040da7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.467570][ T5321] ^ [ 60.470409][ T5321] ffff888040da7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.474644][ T5321] ffff888040da7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.477947][ T5321] ================================================================== [ 60.543482][ T5322] hsr0: VLAN not yet supported [ 60.544093][ T5322] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 60.574042][ T5321] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.577023][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 [ 60.582067][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.590019][ T5321] Call Trace: [ 60.591986][ T5321] [ 60.593496][ T5321] dump_stack_lvl+0x241/0x360 [ 60.595827][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.598384][ T5321] ? __pfx__printk+0x10/0x10 [ 60.600761][ T5321] ? preempt_schedule+0xe1/0xf0 [ 60.603267][ T5321] ? vscnprintf+0x5d/0x90 [ 60.605458][ T5321] panic+0x349/0x880 [ 60.607416][ T5321] ? check_panic_on_warn+0x21/0xb0 [ 60.609979][ T5321] ? __pfx_panic+0x10/0x10 [ 60.612252][ T5321] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 60.615073][ T5321] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 60.633682][ T5321] ? print_report+0x502/0x550 [ 60.635574][ T5321] check_panic_on_warn+0x86/0xb0 [ 60.637505][ T5321] ? ext4_xattr_set_entry+0x8ce/0x1f60 [ 60.639928][ T5321] end_report+0x77/0x160 [ 60.641672][ T5321] kasan_report+0x154/0x180 [ 60.643787][ T5321] ? __x64_sys_unlink+0x47/0x50 [ 60.646464][ T5321] ? ext4_xattr_set_entry+0x8ce/0x1f60 [ 60.649430][ T5321] ? ext4_xattr_set_entry+0x8ce/0x1f60 [ 60.664436][ T5321] kasan_check_range+0x282/0x290 [ 60.667082][ T5321] ? ext4_xattr_set_entry+0x8ce/0x1f60 [ 60.672278][ T5321] __asan_memmove+0x29/0x70 [ 60.678219][ T5321] ext4_xattr_set_entry+0x8ce/0x1f60 [ 60.680376][ T5321] ? __pfx_ext4_xattr_set_entry+0x10/0x10 [ 60.682912][ T5321] ? trace_kmalloc+0x1f/0xd0 [ 60.685848][ T5321] ? kmemdup_noprof+0x45/0x60 [ 60.687630][ T5321] ? __asan_memcpy+0x40/0x70 [ 60.690051][ T5321] ext4_xattr_block_set+0xa39/0x3980 [ 60.692099][ T5321] ? __pfx_ext4_xattr_block_set+0x10/0x10 [ 60.694776][ T5321] ? ext4_xattr_block_find+0x479/0x520 [ 60.698234][ T5321] ext4_expand_extra_isize_ea+0x12d7/0x1cf0 [ 60.700845][ T5321] ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10 [ 60.703257][ T5321] ? down_write_trylock+0x209/0x3b0 [ 60.705272][ T5321] ? __ext4_mark_inode_dirty+0x491/0x880 [ 60.707525][ T5321] ? dquot_initialize_needed+0x130/0x320 [ 60.709721][ T5321] __ext4_expand_extra_isize+0x2fb/0x3e0 [ 60.711914][ T5321] __ext4_mark_inode_dirty+0x524/0x880 [ 60.714122][ T5321] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 60.732542][ T5321] ? ext4_journal_check_start+0x175/0x250 [ 60.734849][ T5321] __ext4_unlink+0x6c2/0xb50 [ 60.737278][ T5321] ? __pfx___ext4_unlink+0x10/0x10 [ 60.754743][ T5321] ? down_write+0x18c/0x220 [ 60.756474][ T5321] ? __pfx_down_write+0x10/0x10 [ 60.758197][ T5321] ext4_unlink+0x1bf/0x5a0 [ 60.759744][ T5321] vfs_unlink+0x365/0x650 [ 60.761314][ T5321] do_unlinkat+0x4ae/0x830 [ 60.762879][ T5321] ? __pfx_do_unlinkat+0x10/0x10 [ 60.764629][ T5321] ? __might_fault+0xaa/0x120 [ 60.766266][ T5321] ? __might_fault+0xc6/0x120 [ 60.767927][ T5321] ? strncpy_from_user+0x13a/0x260 [ 60.769741][ T5321] ? getname_flags+0x1e3/0x540 [ 60.771437][ T5321] __x64_sys_unlink+0x47/0x50 [ 60.773123][ T5321] do_syscall_64+0xf3/0x230 [ 60.774948][ T5321] ? clear_bhb_loop+0x35/0x90 [ 60.776936][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.779314][ T5321] RIP: 0033:0x7f11c837e719 [ 60.781407][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.791252][ T5321] RSP: 002b:00007f11c90a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 60.794349][ T5321] RAX: ffffffffffffffda RBX: 00007f11c8535f80 RCX: 00007f11c837e719 [ 60.797212][ T5321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 60.800010][ T5321] RBP: 00007f11c83f175e R08: 0000000000000000 R09: 0000000000000000 [ 60.802836][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.805797][ T5321] R13: 0000000000000000 R14: 00007f11c8535f80 R15: 00007ffc05a2de98 [ 60.808688][ T5321] [ 60.810078][ T5321] Kernel Offset: disabled [ 60.811637][ T5321] Rebooting in 86400 seconds..