program:
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000000)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x6)
creat(&(0x7f0000000380)='./bus\x00', 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x5, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec29d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8, 0x20000]})
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000})

[   85.653611][ T5325] loop0: detected capacity change from 0 to 2048
[   85.666729][ T5325] EXT4-fs: Ignoring removed mblk_io_submit option
[   85.679204][ T5325] EXT4-fs: Ignoring removed i_version option
[   85.744257][ T5325] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.797128][ T5325] loop0: detected capacity change from 2048 to 64
[   85.810556][ T5325] ==================================================================
[   85.813766][ T5325] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20
[   85.817174][ T5325] Read of size 18446744073709551600 at addr ffff8880550b4eb8 by task syz.0.0/5325
[   85.821247][ T5325] 
[   85.822360][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.822376][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.822385][ T5325] Call Trace:
[   85.822393][ T5325]  <TASK>
[   85.822398][ T5325]  dump_stack_lvl+0xe8/0x150
[   85.822418][ T5325]  print_address_description+0x55/0x1e0
[   85.822432][ T5325]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[   85.822452][ T5325]  print_report+0x58/0x70
[   85.822463][ T5325]  kasan_report+0x117/0x150
[   85.822480][ T5325]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[   85.822499][ T5325]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[   85.822515][ T5325]  kasan_check_range+0x264/0x2c0
[   85.822530][ T5325]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[   85.822547][ T5325]  __asan_memmove+0x29/0x70
[   85.822559][ T5325]  ext4_xattr_set_entry+0x9c1/0x1e20
[   85.822580][ T5325]  ext4_xattr_ibody_set+0x254/0x6a0
[   85.822599][ T5325]  ext4_destroy_inline_data_nolock+0x23a/0x5e0
[   85.822616][ T5325]  ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10
[   85.822631][ T5325]  ? trace_kmalloc+0x2a/0xf0
[   85.822645][ T5325]  ? __asan_memcpy+0x40/0x70
[   85.822656][ T5325]  ? ext4_read_inline_data+0x103/0x2c0
[   85.822668][ T5325]  ext4_convert_inline_data_nolock+0x208/0x990
[   85.822691][ T5325]  ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10
[   85.822705][ T5325]  ? down_write+0x16d/0x200
[   85.822765][ T5325]  ext4_convert_inline_data+0x4ce/0x600
[   85.822780][ T5325]  ? __pfx_ext4_convert_inline_data+0x10/0x10
[   85.822794][ T5325]  ? down_write+0x16d/0x200
[   85.822805][ T5325]  ? vfs_fallocate+0x5f0/0x7e0
[   85.822822][ T5325]  ext4_fallocate+0x1e2/0x3d0
[   85.822837][ T5325]  vfs_fallocate+0x669/0x7e0
[   85.822852][ T5325]  ? __pfx_vfs_fallocate+0x10/0x10
[   85.822869][ T5325]  file_ioctl+0x6e6/0x860
[   85.822885][ T5325]  ? __pfx_file_ioctl+0x10/0x10
[   85.822902][ T5325]  ? kasan_quarantine_put+0xbb/0x1f0
[   85.822918][ T5325]  ? tomoyo_path_number_perm+0x219/0x630
[   85.822965][ T5325]  ? tomoyo_path_number_perm+0x219/0x630
[   85.822977][ T5325]  do_vfs_ioctl+0xc26/0x1530
[   85.822994][ T5325]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   85.823012][ T5325]  ? do_futex+0x395/0x420
[   85.823030][ T5325]  ? __fget_files+0x2a/0x420
[   85.823043][ T5325]  ? __fget_files+0x2a/0x420
[   85.823055][ T5325]  ? __fget_files+0x3a0/0x420
[   85.823067][ T5325]  ? __fget_files+0x2a/0x420
[   85.823080][ T5325]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.823095][ T5325]  __se_sys_ioctl+0x82/0x170
[   85.823109][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.823121][ T5325]  do_syscall_64+0x15f/0x560
[   85.823132][ T5325]  ? clear_bhb_loop+0x40/0x90
[   85.823144][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.823156][ T5325] RIP: 0033:0x7f2db179ce59
[   85.823168][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.823175][ T5325] RSP: 002b:00007f2db26e6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.823184][ T5325] RAX: ffffffffffffffda RBX: 00007f2db1a15fa0 RCX: 00007f2db179ce59
[   85.823190][ T5325] RDX: 0000200000000040 RSI: 0000000040305839 RDI: 0000000000000004
[   85.823195][ T5325] RBP: 00007f2db1832d6f R08: 0000000000000000 R09: 0000000000000000
[   85.823205][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.823210][ T5325] R13: 00007f2db1a16038 R14: 00007f2db1a15fa0 R15: 00007ffc69abf9e8
[   85.823218][ T5325]  </TASK>
[   85.823221][ T5325] 
[   85.973069][ T5325] The buggy address belongs to the physical page:
[   85.975789][ T5325] page: refcount:3 mapcount:0 mapping:ffff88801cc25940 index:0x2 pfn:0x550b4
[   85.979587][ T5325] memcg:ffff888034070080
[   85.981428][ T5325] aops:def_blk_aops ino:700000 dentry name(?):""
[   85.984255][ T5325] flags: 0x4fff18000004204(referenced|workingset|private|node=1|zone=1|lastcpupid=0x7ff)
[   85.988481][ T5325] raw: 04fff18000004204 0000000000000000 dead000000000122 ffff88801cc25940
[   85.992290][ T5325] raw: 0000000000000002 ffff888046d682b8 00000003ffffffff ffff888034070080
[   85.996092][ T5325] page dumped because: kasan: bad access detected
[   85.998976][ T5325] page_owner tracks the page as allocated
[   86.001621][ T5325] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5325, tgid 5324 (syz.0.0), ts 85805144202, free_ts 85782830702
[   86.010586][ T5325]  post_alloc_hook+0x22d/0x280
[   86.012712][ T5325]  get_page_from_freelist+0x24ba/0x2540
[   86.015275][ T5325]  __alloc_frozen_pages_noprof+0x18d/0x380
[   86.017875][ T5325]  alloc_pages_mpol+0x235/0x490
[   86.020173][ T5325]  alloc_pages_noprof+0xac/0x2a0
[   86.022414][ T5325]  folio_alloc_noprof+0x1e/0x30
[   86.024431][ T5325]  filemap_alloc_folio_noprof+0x111/0x470
[   86.027277][ T5325]  __filemap_get_folio_mpol+0x3fc/0xb00
[   86.030429][ T5325]  bdev_getblk+0x1f6/0x6e0
[   86.032833][ T5325]  __ext4_get_inode_loc+0x528/0xfa0
[   86.035158][ T5325]  ext4_get_inode_loc+0x81/0xf0
[   86.037215][ T5325]  ext4_convert_inline_data+0x26e/0x600
[   86.039692][ T5325]  ext4_fallocate+0x1e2/0x3d0
[   86.041665][ T5325]  vfs_fallocate+0x669/0x7e0
[   86.043706][ T5325]  file_ioctl+0x6e6/0x860
[   86.045648][ T5325]  do_vfs_ioctl+0xc26/0x1530
[   86.047831][ T5325] page last free pid 5286 tgid 5286 stack trace:
[   86.050791][ T5325]  free_unref_folios+0xcec/0x1480
[   86.053279][ T5325]  folios_put_refs+0x9ff/0xb40
[   86.055445][ T5325]  free_pages_and_swap_cache+0x41d/0x490
[   86.058038][ T5325]  tlb_flush_mmu+0x6d3/0xa30
[   86.060144][ T5325]  tlb_finish_mmu+0xf9/0x230
[   86.062157][ T5325]  unmap_region+0x2a5/0x330
[   86.064281][ T5325]  vms_complete_munmap_vmas+0x493/0xc60
[   86.066635][ T5325]  do_vmi_align_munmap+0x3b7/0x4b0
[   86.068902][ T5325]  do_vmi_munmap+0x252/0x2d0
[   86.071026][ T5325]  __vm_munmap+0x22c/0x3d0
[   86.073027][ T5325]  __x64_sys_munmap+0x60/0x70
[   86.075083][ T5325]  do_syscall_64+0x15f/0x560
[   86.077198][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.079817][ T5325] 
[   86.080825][ T5325] Memory state around the buggy address:
[   86.083124][ T5325]  ffff8880550b4d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.086638][ T5325]  ffff8880550b4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.089967][ T5325] >ffff8880550b4e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.093483][ T5325]                                         ^
[   86.096090][ T5325]  ffff8880550b4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.099713][ T5325]  ffff8880550b4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.103265][ T5325] ==================================================================
[   86.113265][   T44] Bluetooth: hci0: command tx timeout
[   86.142534][ T5325] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.145867][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.149900][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.153988][ T5325] Call Trace:
[   86.155628][ T5325]  <TASK>
[   86.156906][ T5325]  vpanic+0x56c/0xa60
[   86.158528][ T5325]  ? __pfx_vpanic+0x10/0x10
[   86.160464][ T5325]  ? __pfx___schedule+0x10/0x10
[   86.162505][ T5325]  panic+0xc5/0xd0
[   86.164148][ T5325]  ? __pfx_panic+0x10/0x10
[   86.166138][ T5325]  ? preempt_schedule_thunk+0x16/0x30
[   86.168529][ T5325]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[   86.172533][ T5325]  check_panic_on_warn+0x89/0xb0
[   86.175031][ T5325]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[   86.177436][ T5325]  end_report+0x73/0x170
[   86.179178][ T5325]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[   86.181278][ T5325]  kasan_report+0x128/0x150
[   86.182961][ T5325]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[   86.185007][ T5325]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[   86.187225][ T5325]  kasan_check_range+0x264/0x2c0
[   86.189246][ T5325]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[   86.191562][ T5325]  __asan_memmove+0x29/0x70
[   86.193403][ T5325]  ext4_xattr_set_entry+0x9c1/0x1e20
[   86.195556][ T5325]  ext4_xattr_ibody_set+0x254/0x6a0
[   86.197804][ T5325]  ext4_destroy_inline_data_nolock+0x23a/0x5e0
[   86.200466][ T5325]  ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10
[   86.203604][ T5325]  ? trace_kmalloc+0x2a/0xf0
[   86.205804][ T5325]  ? __asan_memcpy+0x40/0x70
[   86.208096][ T5325]  ? ext4_read_inline_data+0x103/0x2c0
[   86.210781][ T5325]  ext4_convert_inline_data_nolock+0x208/0x990
[   86.213476][ T5325]  ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10
[   86.216556][ T5325]  ? down_write+0x16d/0x200
[   86.218655][ T5325]  ext4_convert_inline_data+0x4ce/0x600
[   86.221254][ T5325]  ? __pfx_ext4_convert_inline_data+0x10/0x10
[   86.223998][ T5325]  ? down_write+0x16d/0x200
[   86.225896][ T5325]  ? vfs_fallocate+0x5f0/0x7e0
[   86.228036][ T5325]  ext4_fallocate+0x1e2/0x3d0
[   86.230396][ T5325]  vfs_fallocate+0x669/0x7e0
[   86.232609][ T5325]  ? __pfx_vfs_fallocate+0x10/0x10
[   86.235008][ T5325]  file_ioctl+0x6e6/0x860
[   86.236946][ T5325]  ? __pfx_file_ioctl+0x10/0x10
[   86.239177][ T5325]  ? kasan_quarantine_put+0xbb/0x1f0
[   86.241603][ T5325]  ? tomoyo_path_number_perm+0x219/0x630
[   86.244319][ T5325]  ? tomoyo_path_number_perm+0x219/0x630
[   86.246888][ T5325]  do_vfs_ioctl+0xc26/0x1530
[   86.249115][ T5325]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   86.251643][ T5325]  ? do_futex+0x395/0x420
[   86.253603][ T5325]  ? __fget_files+0x2a/0x420
[   86.255856][ T5325]  ? __fget_files+0x2a/0x420
[   86.257982][ T5325]  ? __fget_files+0x3a0/0x420
[   86.260119][ T5325]  ? __fget_files+0x2a/0x420
[   86.262105][ T5325]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.264506][ T5325]  __se_sys_ioctl+0x82/0x170
[   86.266697][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.269783][ T5325]  do_syscall_64+0x15f/0x560
[   86.272405][ T5325]  ? clear_bhb_loop+0x40/0x90
[   86.274932][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.277579][ T5325] RIP: 0033:0x7f2db179ce59
[   86.279597][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.287486][ T5325] RSP: 002b:00007f2db26e6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.291084][ T5325] RAX: ffffffffffffffda RBX: 00007f2db1a15fa0 RCX: 00007f2db179ce59
[   86.294267][ T5325] RDX: 0000200000000040 RSI: 0000000040305839 RDI: 0000000000000004
[   86.297631][ T5325] RBP: 00007f2db1832d6f R08: 0000000000000000 R09: 0000000000000000
[   86.301078][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.304567][ T5325] R13: 00007f2db1a16038 R14: 00007f2db1a15fa0 R15: 00007ffc69abf9e8
[   86.308009][ T5325]  </TASK>
[   86.309910][ T5325] Kernel Offset: disabled
[   86.312071][ T5325] Rebooting in 86400 seconds..