program: r0 = syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nobarrier}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x10}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x44, r1, 0x1, 0x71bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "0000000500008000"}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x8010) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)={0x24c, r5, 0x300, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x11c, 0x3, 0x0, 0x1, [{0x78, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0xd3, 0x2, "49647ea6a08cf73bd00599082d7c1c0af5bd263d0e9631b031960813ee3d5bde7664ec3fa74fb076836c5993215d949725d59e637504e5471e1fbedb5cb09df761a18349f07c1d50ebada688526e899b0dfa1e8606d8fe77cacca4890b20a9028a00c30335d67dfa24645e6beb"}}, {0xa0, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x9a, 0x2, "a6611faa44c2d73fea2368d6ea944a5fefd7e25b4680175a20f6c14bb13b0faf7a57d2f9892936c4b4588631ee640dfc05206ba27aa7b142360a821a949711b3c58bb184fd928bcf89453fcf313cea37cde6d3b286912a04ae38faac1d790645d21f4be2bfc5abbdf21e3cd71cb747fb1d32355d15d8a152bbe9c570b5541ad364485685fde6b55bdac0de3f3b2ba9713b343d3e3f37"}}]}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0xf8, 0x3, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x29, 0x2, "39580871c9e8637d95f4308ddd323c9c2cb04ace1abb218d83ebaf50f7dae9c4297813a841"}}, {0xb8, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0xb4, 0x2, "0f975d81810db4c8cdc18c40c12e49d6bae607327efb3ce0a492fcb7233768c812e641fee197fe4ea752ff168daa3d914f71059e1ede7e7cc190b526e181d3058bcce60812e2c9a8a87e7a3b4fc127c9ddfe1e2a6fecfd7df061e134ef3fcb2d4c1320fd3b525b8a5470d8d206243fc2729001fa81e475c4fd1ffabe06cd2c9197a1e8ccc193a5831d3417e20a77afc94d144fbdf5286da51833ca6a64c89c53bf0696a05105a9ada233cd5346f32ee9"}}, {0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0xe}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x996}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x8}}]}]}, 0x24c}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) pipe(&(0x7f0000000080)={0xffffffffffffffff}) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000540)={[{@noblock_validity}, {}, {@sysvgroups}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nolazytime}, {@quota}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") creat(&(0x7f0000000040)='./bus\x00', 0x0) open(&(0x7f00000000c0)='./file1\x00', 0x14927e, 0x6) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x139) ioctl$LOOP_SET_STATUS64(r7, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) write$binfmt_misc(r8, &(0x7f0000000180)="3dce18bbfb18fc", 0x7) close(0x4) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r6, r9, 0x8f5, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x183042, 0x15) pwrite64(r10, &(0x7f0000000140)='2', 0xfdef, 0xe7c) mount_setattr(r10, &(0x7f0000000000)='./file1/../file0\x00', 0x8000, &(0x7f0000000040)={0x4, 0x0, 0x0, {r10}}, 0x20) [ 84.740495][ T4660] Bluetooth: hci0: command tx timeout [ 84.843929][ T5330] loop0: detected capacity change from 0 to 1024 [ 84.862869][ T5330] EXT4-fs: Ignoring removed bh option [ 84.957260][ T5330] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.055382][ T5330] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 85.090881][ T5330] loop0: detected capacity change from 1024 to 64 [ 85.189167][ T5331] ================================================================== [ 85.192780][ T5331] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.196037][ T5331] Read of size 18446744073709551600 at addr ffff8880558632d0 by task syz.0.0/5331 [ 85.199968][ T5331] [ 85.201087][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.201103][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.201111][ T5331] Call Trace: [ 85.201118][ T5331] [ 85.201124][ T5331] dump_stack_lvl+0xe8/0x150 [ 85.201141][ T5331] print_address_description+0x55/0x1e0 [ 85.201155][ T5331] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.201167][ T5331] print_report+0x58/0x70 [ 85.201178][ T5331] kasan_report+0x117/0x150 [ 85.201195][ T5331] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.201207][ T5331] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.201217][ T5331] kasan_check_range+0x264/0x2c0 [ 85.201232][ T5331] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.201243][ T5331] __asan_memmove+0x29/0x70 [ 85.201255][ T5331] ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.201270][ T5331] ext4_xattr_ibody_set+0x254/0x6a0 [ 85.201287][ T5331] ext4_destroy_inline_data_nolock+0x23a/0x5e0 [ 85.201302][ T5331] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 85.201324][ T5331] ? down_write+0x16d/0x200 [ 85.201383][ T5331] ext4_convert_inline_data_to_extent+0x547/0xde0 [ 85.201401][ T5331] ? __pfx_ext4_convert_inline_data_to_extent+0x10/0x10 [ 85.201415][ T5331] ? ext4_inode_journal_mode+0x193/0x470 [ 85.201432][ T5331] ? register_lock_class+0x31/0x2e0 [ 85.201442][ T5331] ? __lock_acquire+0x6b5/0x2cf0 [ 85.201453][ T5331] ? ext4_try_to_write_inline_data+0x49/0xa0 [ 85.201465][ T5331] ext4_write_begin+0x357/0x1890 [ 85.201480][ T5331] ? folio_alloc_buffers+0x336/0x640 [ 85.201497][ T5331] ? __pfx_ext4_write_begin+0x10/0x10 [ 85.201508][ T5331] ? _ext4_get_block+0x110/0x470 [ 85.201521][ T5331] ? __pfx__ext4_get_block+0x10/0x10 [ 85.201533][ T5331] ext4_da_write_begin+0x355/0xd60 [ 85.201540][ T5331] ? folio_unlock+0x101/0x160 [ 85.201548][ T5331] ? ext4_load_tail_bh+0x452/0x7f0 [ 85.201556][ T5331] ? __pfx_ext4_da_write_begin+0x10/0x10 [ 85.201565][ T5331] generic_perform_write+0x2e2/0x8f0 [ 85.201581][ T5331] ? __pfx_generic_perform_write+0x10/0x10 [ 85.201596][ T5331] ext4_buffered_write_iter+0xce/0x3a0 [ 85.201612][ T5331] ext4_file_write_iter+0x298/0x1bf0 [ 85.201629][ T5331] ? vfs_write+0x227/0xb90 [ 85.201640][ T5331] ? vfs_write+0x227/0xb90 [ 85.201654][ T5331] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 85.201670][ T5331] vfs_write+0x61d/0xb90 [ 85.201684][ T5331] ? __pfx_vfs_write+0x10/0x10 [ 85.201701][ T5331] ? __fget_files+0x2a/0x420 [ 85.201714][ T5331] __x64_sys_pwrite64+0x199/0x230 [ 85.201729][ T5331] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 85.201746][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.201757][ T5331] do_syscall_64+0x174/0x580 [ 85.201769][ T5331] ? trace_irq_disable+0x3b/0x140 [ 85.201786][ T5331] ? clear_bhb_loop+0x40/0x90 [ 85.201798][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.201811][ T5331] RIP: 0033:0x7f86cb39ce59 [ 85.201823][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.201832][ T5331] RSP: 002b:00007f86cc179fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 85.201845][ T5331] RAX: ffffffffffffffda RBX: 00007f86cb616090 RCX: 00007f86cb39ce59 [ 85.201854][ T5331] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 000000000000000d [ 85.201861][ T5331] RBP: 00007f86cb432d6f R08: 0000000000000000 R09: 0000000000000000 [ 85.201868][ T5331] R10: 0000000000000e7c R11: 0000000000000246 R12: 0000000000000000 [ 85.201875][ T5331] R13: 00007f86cb616128 R14: 00007f86cb616090 R15: 00007ffcfd095708 [ 85.201887][ T5331] [ 85.201891][ T5331] [ 85.352278][ T5331] The buggy address belongs to the physical page: [ 85.354808][ T5331] page: refcount:2 mapcount:0 mapping:ffff88801cc2d940 index:0x2 pfn:0x55863 [ 85.358538][ T5331] memcg:ffff8880447d0000 [ 85.360403][ T5331] aops:def_blk_aops ino:700000 dentry name(?):"" [ 85.363260][ T5331] flags: 0x4fff58000004224(referenced|lru|workingset|private|node=1|zone=1|lastcpupid=0x7ff) [ 85.367234][ T5331] raw: 04fff58000004224 ffffea0000df9848 ffff888030450a80 ffff88801cc2d940 [ 85.370955][ T5331] raw: 0000000000000002 ffff88801ccb8910 00000002ffffffff ffff8880447d0000 [ 85.374607][ T5331] page dumped because: kasan: bad access detected [ 85.377393][ T5331] page_owner tracks the page as allocated [ 85.379713][ T5331] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5330, tgid 5329 (syz.0.0), ts 85104484019, free_ts 85070725442 [ 85.388267][ T5331] post_alloc_hook+0x22d/0x280 [ 85.390306][ T5331] get_page_from_freelist+0x2593/0x2610 [ 85.392384][ T5331] __alloc_frozen_pages_noprof+0x18d/0x380 [ 85.394829][ T5331] alloc_pages_mpol+0x235/0x490 [ 85.396930][ T5331] alloc_pages_noprof+0xac/0x2a0 [ 85.399045][ T5331] folio_alloc_noprof+0x1e/0x30 [ 85.401204][ T5331] filemap_alloc_folio_noprof+0x111/0x470 [ 85.403730][ T5331] __filemap_get_folio_mpol+0x3fc/0xb00 [ 85.406172][ T5331] bdev_getblk+0x1f6/0x6e0 [ 85.408155][ T5331] __ext4_get_inode_loc+0x528/0xfa0 [ 85.410439][ T5331] ext4_get_inode_loc+0x81/0xf0 [ 85.412611][ T5331] ext4_xattr_ibody_get+0x113/0x4c0 [ 85.414906][ T5331] ext4_xattr_get+0x123/0x6a0 [ 85.416975][ T5331] __vfs_getxattr+0x3f4/0x430 [ 85.419031][ T5331] cap_inode_need_killpriv+0x45/0x60 [ 85.421092][ T5331] security_inode_need_killpriv+0x85/0x240 [ 85.423425][ T5331] page last free pid 5330 tgid 5329 stack trace: [ 85.426044][ T5331] free_unref_folios+0xd9f/0x14c0 [ 85.428205][ T5331] folios_put_refs+0x9ff/0xb40 [ 85.430258][ T5331] mapping_try_invalidate+0x3c2/0x4c0 [ 85.432621][ T5331] loop_set_status+0x29b/0xe40 [ 85.434726][ T5331] lo_ioctl+0xc21/0x1fb0 [ 85.436584][ T5331] blkdev_ioctl+0x5e3/0x740 [ 85.438656][ T5331] __se_sys_ioctl+0xfc/0x170 [ 85.440612][ T5331] do_syscall_64+0x174/0x580 [ 85.442670][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.445197][ T5331] [ 85.446108][ T5331] Memory state around the buggy address: [ 85.448526][ T5331] ffff888055863180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.451837][ T5331] ffff888055863200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.455110][ T5331] >ffff888055863280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.458622][ T5331] ^ [ 85.461599][ T5331] ffff888055863300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.465092][ T5331] ffff888055863380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.468617][ T5331] ================================================================== [ 85.491977][ T5331] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.495290][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.499027][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.503157][ T5331] Call Trace: [ 85.504655][ T5331] [ 85.505990][ T5331] vpanic+0x56c/0xa60 [ 85.507705][ T5331] ? __pfx_vpanic+0x10/0x10 [ 85.509651][ T5331] ? __pfx___schedule+0x10/0x10 [ 85.511775][ T5331] panic+0xc5/0xd0 [ 85.513211][ T5331] ? __pfx_panic+0x10/0x10 [ 85.514857][ T5331] ? preempt_schedule_thunk+0x16/0x30 [ 85.516869][ T5331] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.518853][ T5331] check_panic_on_warn+0x89/0xb0 [ 85.520938][ T5331] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.523249][ T5331] end_report+0x73/0x170 [ 85.525187][ T5331] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.527687][ T5331] kasan_report+0x128/0x150 [ 85.529908][ T5331] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.532470][ T5331] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.534901][ T5331] kasan_check_range+0x264/0x2c0 [ 85.537022][ T5331] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.539412][ T5331] __asan_memmove+0x29/0x70 [ 85.541469][ T5331] ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.543865][ T5331] ext4_xattr_ibody_set+0x254/0x6a0 [ 85.546281][ T5331] ext4_destroy_inline_data_nolock+0x23a/0x5e0 [ 85.549005][ T5331] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 85.551753][ T5331] ? down_write+0x16d/0x200 [ 85.553769][ T5331] ext4_convert_inline_data_to_extent+0x547/0xde0 [ 85.556473][ T5331] ? __pfx_ext4_convert_inline_data_to_extent+0x10/0x10 [ 85.559649][ T5331] ? ext4_inode_journal_mode+0x193/0x470 [ 85.562209][ T5331] ? register_lock_class+0x31/0x2e0 [ 85.564610][ T5331] ? __lock_acquire+0x6b5/0x2cf0 [ 85.566925][ T5331] ? ext4_try_to_write_inline_data+0x49/0xa0 [ 85.570382][ T5331] ext4_write_begin+0x357/0x1890 [ 85.572833][ T5331] ? folio_alloc_buffers+0x336/0x640 [ 85.575219][ T5331] ? __pfx_ext4_write_begin+0x10/0x10 [ 85.577679][ T5331] ? _ext4_get_block+0x110/0x470 [ 85.579934][ T5331] ? __pfx__ext4_get_block+0x10/0x10 [ 85.582323][ T5331] ext4_da_write_begin+0x355/0xd60 [ 85.584608][ T5331] ? folio_unlock+0x101/0x160 [ 85.586764][ T5331] ? ext4_load_tail_bh+0x452/0x7f0 [ 85.589077][ T5331] ? __pfx_ext4_da_write_begin+0x10/0x10 [ 85.591696][ T5331] generic_perform_write+0x2e2/0x8f0 [ 85.594160][ T5331] ? __pfx_generic_perform_write+0x10/0x10 [ 85.596868][ T5331] ext4_buffered_write_iter+0xce/0x3a0 [ 85.599261][ T5331] ext4_file_write_iter+0x298/0x1bf0 [ 85.601692][ T5331] ? vfs_write+0x227/0xb90 [ 85.603710][ T5331] ? vfs_write+0x227/0xb90 [ 85.605734][ T5331] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 85.608326][ T5331] vfs_write+0x61d/0xb90 [ 85.610259][ T5331] ? __pfx_vfs_write+0x10/0x10 [ 85.612240][ T5331] ? __fget_files+0x2a/0x420 [ 85.614253][ T5331] __x64_sys_pwrite64+0x199/0x230 [ 85.616446][ T5331] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 85.618851][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.621464][ T5331] do_syscall_64+0x174/0x580 [ 85.623529][ T5331] ? trace_irq_disable+0x3b/0x140 [ 85.625737][ T5331] ? clear_bhb_loop+0x40/0x90 [ 85.627849][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.630337][ T5331] RIP: 0033:0x7f86cb39ce59 [ 85.632204][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.640165][ T5331] RSP: 002b:00007f86cc179fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 85.643655][ T5331] RAX: ffffffffffffffda RBX: 00007f86cb616090 RCX: 00007f86cb39ce59 [ 85.646844][ T5331] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 000000000000000d [ 85.650053][ T5331] RBP: 00007f86cb432d6f R08: 0000000000000000 R09: 0000000000000000 [ 85.653453][ T5331] R10: 0000000000000e7c R11: 0000000000000246 R12: 0000000000000000 [ 85.656906][ T5331] R13: 00007f86cb616128 R14: 00007f86cb616090 R15: 00007ffcfd095708 [ 85.660349][ T5331] [ 85.662156][ T5331] Kernel Offset: disabled [ 85.664142][ T5331] Rebooting in 86400 seconds..