program:
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xed, 0x474, &(0x7f0000000b80)="$eJzs3EtsG0UfAPD/rvNo+viSr5RHSwuBgqh4JE36oAcuIJA4gIQEhyJOIUmrUrdBTZBoVUHhUI6oEnfEEYk7Eie4IOCAkLjCHVWqql5aOBmtvZs6jp06tRu3+PeT1p7ZXWfm79mxxzN2Auhb49lNErE1Iv6IiNFaduUJ47W7G9fOz/597fxsEpXKm1eT6nnXr52fLU4tHrellqlUIoaz5HCTci++EzFTLs+fyfOTS6fen1w8e+65E6dmjs8fnz89feTIwQN7hg5PH+oovjS/z+K6vuujhd07X3370uuzRy+9+/M3WX235sfr47gtWbQNxmvPbqNHs5snOyrsrvJrdrOtbkcy0PrkiQ2oEO0rRUTWXIPV/j8apRhZPjYar3za08oBd1SlUqk0e3/OXagA/2FJ9LoGQG8Ub/TZ599i26Chx13hyou1D0BZ3DfyrXZkYHnuYLDh8203jUfE0Qv/fJlt0Y15CACAW/g+G/8822z8l8YDdef9L19DGYuI/0fE9oi4LyJ2RMT9EdVzH4yIh9ZZfuMKyerxT3r5tgJrUzb+eyFf21o5/itGfzFWynPbqvEPJsdOlOf358/JvhgczvJTa5Txw8u/f16kNzUcqx//ZVtWfjEWzOtxeaBhgm5uZmmm07gLVz6J2DXQLP4kimWcJCJ2RsSu2yzjxNNf72517Nbxr2GNdaZ2Vb6KeKrW/hdiRfw3myppuT459fzh6UOTm6I8v3+yuCpW++W3i2+0Kr+j+Lsga//NTa//5VXgsWRTxOLZcyer67WL6y/j4p+f1fXpFavLWfzptxHrvv6Hkreq6aF834czS0tnpiKGktdW75+++dgiX5yfxb9vb/P+v72uxg9HRHYR74mIR/JF3KztHouIxyNi7xrx//TSE++1Oraq/UeK+NeYle+iLP65W7V/1Lf/+hOlkz9+13b8Tdv/YDW1L9/TzutfuxXs5LkDAACAe0Va/Q58kk4sp9N0YqL2Hf4dsTktLywuPXNs4YPTc7Xvyo/FYFrMdI3WzYdO5XPDRX66IX8gnzf+ojRSzU/MLpTneh089LktLfp/5q9Sr2sH3HFdWEcD7lH6P/Qv/R/6l/4P/Uv/h/7VrP9/3IN6ABvP+z/0L/0f+pf+D/1L/4e+1PK38WlHP/nvcaL43wkd/J2rvY+i48TInSwi0t4H2BeJgU4u43YSw00P9fiFCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+DQAA//9L2OJW")
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f00000003c0)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x11)
pwritev2(r1, &(0x7f0000000cc0)=[{&(0x7f0000000240)=';', 0xffffffbc}], 0x1, 0xfff, 0xc, 0x4)
[ 84.680391][ T5295] Bluetooth: hci0: command tx timeout
[ 84.834609][ T5330] loop0: detected capacity change from 0 to 512
[ 84.922699][ T5330] EXT4-fs (loop0): invalid journal inode
[ 84.944469][ T5330] EXT4-fs (loop0): can't get journal size
[ 84.994673][ T5330] EXT4-fs (loop0): 1 truncate cleaned up
[ 85.012821][ T5330] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 85.108933][ T5330] loop0: detected capacity change from 512 to 64
[ 85.193765][ T24] ==================================================================
[ 85.197272][ T24] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.200757][ T24] Read of size 18446744073709551600 at addr ffff88801fcb12b8 by task kworker/u4:2/24
[ 85.204689][ T24]
[ 85.205737][ T24] CPU: 0 UID: 0 PID: 24 Comm: kworker/u4:2 Not tainted syzkaller #0 PREEMPT(full)
[ 85.205751][ T24] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.205759][ T24] Workqueue: writeback wb_workfn (flush-7:0)
[ 85.205781][ T24] Call Trace:
[ 85.205788][ T24]
[ 85.205794][ T24] dump_stack_lvl+0xe8/0x150
[ 85.205808][ T24] print_address_description+0x55/0x1e0
[ 85.205819][ T24] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.205836][ T24] print_report+0x58/0x70
[ 85.205845][ T24] kasan_report+0x117/0x150
[ 85.205859][ T24] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.205875][ T24] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.205890][ T24] kasan_check_range+0x264/0x2c0
[ 85.205903][ T24] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.205918][ T24] __asan_memmove+0x29/0x70
[ 85.205930][ T24] ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.205949][ T24] ext4_xattr_ibody_set+0x254/0x6a0
[ 85.205967][ T24] ext4_destroy_inline_data_nolock+0x23a/0x5e0
[ 85.205980][ T24] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10
[ 85.205993][ T24] ? down_write+0x16d/0x200
[ 85.206065][ T24] ? ext4_journal_check_start+0x1cf/0x2b0
[ 85.206082][ T24] ext4_destroy_inline_data+0x83/0xe0
[ 85.206095][ T24] ext4_do_writepages+0x51e/0x4670
[ 85.206110][ T24] ? blk_mq_submit_bio+0x1b9f/0x29a0
[ 85.206167][ T24] ? __lock_acquire+0x6b5/0x2cf0
[ 85.206181][ T24] ? __lock_acquire+0x6b5/0x2cf0
[ 85.206193][ T24] ? look_up_lock_class+0x57/0x110
[ 85.206203][ T24] ? register_lock_class+0x31/0x2e0
[ 85.206214][ T24] ? __pfx_ext4_do_writepages+0x10/0x10
[ 85.206226][ T24] ? __lock_acquire+0x6b5/0x2cf0
[ 85.206238][ T24] ? filemap_get_folios_tag+0x118/0x720
[ 85.206251][ T24] ? filemap_get_folios_tag+0x61c/0x720
[ 85.206264][ T24] ? filemap_get_folios_tag+0x118/0x720
[ 85.206275][ T24] ? ext4_writepages+0x205/0x3b0
[ 85.206285][ T24] ? ext4_writepages+0x205/0x3b0
[ 85.206298][ T24] ext4_writepages+0x241/0x3b0
[ 85.206309][ T24] ? __pfx_ext4_writepages+0x10/0x10
[ 85.206321][ T24] ? kasan_save_stack+0x4d/0x60
[ 85.206334][ T24] ? kasan_record_aux_stack+0xbd/0xd0
[ 85.206342][ T24] ? call_rcu+0xee/0x890
[ 85.206354][ T24] ? kmem_cache_free+0x462/0x650
[ 85.206367][ T24] ? __pfx_ext4_writepages+0x10/0x10
[ 85.206377][ T24] do_writepages+0x32e/0x550
[ 85.206395][ T24] ? reacquire_held_locks+0x104/0x190
[ 85.206407][ T24] ? writeback_sb_inodes+0x463/0x19d0
[ 85.206418][ T24] __writeback_single_inode+0x133/0x10e0
[ 85.206429][ T24] ? do_raw_spin_unlock+0x4d/0x210
[ 85.206444][ T24] writeback_sb_inodes+0x979/0x19d0
[ 85.206460][ T24] ? __pfx_writeback_sb_inodes+0x10/0x10
[ 85.206476][ T24] ? __pfx_down_read_trylock+0x10/0x10
[ 85.206491][ T24] ? __pfx___up_read+0x10/0x10
[ 85.206506][ T24] __writeback_inodes_wb+0x111/0x240
[ 85.206518][ T24] wb_writeback+0x459/0xb00
[ 85.206537][ T24] ? queue_io+0x2a1/0x470
[ 85.206547][ T24] ? __pfx_wb_writeback+0x10/0x10
[ 85.206555][ T24] ? do_raw_spin_lock+0x12b/0x2f0
[ 85.206571][ T24] wb_workfn+0x921/0xf10
[ 85.206584][ T24] ? __lock_acquire+0x6b5/0x2cf0
[ 85.206594][ T24] ? look_up_lock_class+0x57/0x110
[ 85.206606][ T24] ? __pfx_wb_workfn+0x10/0x10
[ 85.206621][ T24] ? do_raw_spin_lock+0x12b/0x2f0
[ 85.206634][ T24] ? lock_acquire+0x106/0x350
[ 85.206644][ T24] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 85.206658][ T24] ? process_scheduled_works+0xa70/0x1860
[ 85.206671][ T24] ? process_scheduled_works+0xa70/0x1860
[ 85.206681][ T24] ? process_scheduled_works+0xa70/0x1860
[ 85.206691][ T24] process_scheduled_works+0xb5d/0x1860
[ 85.206707][ T24] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.206719][ T24] ? assign_work+0x3d5/0x5e0
[ 85.206730][ T24] worker_thread+0xa53/0xfc0
[ 85.206744][ T24] kthread+0x389/0x470
[ 85.206758][ T24] ? __pfx_worker_thread+0x10/0x10
[ 85.206767][ T24] ? __pfx_kthread+0x10/0x10
[ 85.206778][ T24] ret_from_fork+0x514/0xb70
[ 85.206790][ T24] ? __pfx_ret_from_fork+0x10/0x10
[ 85.206800][ T24] ? __switch_to+0xc79/0x1410
[ 85.206815][ T24] ? __pfx_kthread+0x10/0x10
[ 85.206827][ T24] ret_from_fork_asm+0x1a/0x30
[ 85.206843][ T24]
[ 85.206847][ T24]
[ 85.379144][ T24] The buggy address belongs to the physical page:
[ 85.381782][ T24] page: refcount:2 mapcount:0 mapping:ffff88801cc25940 index:0x2 pfn:0x1fcb1
[ 85.385449][ T24] memcg:ffff888036e9da00
[ 85.387181][ T24] aops:def_blk_aops ino:700000 dentry name(?):""
[ 85.389884][ T24] flags: 0xfff80000004226(referenced|lru|workingset|private|writeback|node=0|zone=1|lastcpupid=0x7ff)
[ 85.394295][ T24] raw: 00fff80000004226 ffffea00007f6c88 ffffea00004c89c8 ffff88801cc25940
[ 85.397810][ T24] raw: 0000000000000002 ffff888047a29d98 00000002ffffffff ffff888036e9da00
[ 85.401283][ T24] page dumped because: kasan: bad access detected
[ 85.403733][ T24] page_owner tracks the page as allocated
[ 85.405900][ T24] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5331, tgid 5329 (syz.0.0), ts 85144618340, free_ts 85063809594
[ 85.413359][ T24] post_alloc_hook+0x22d/0x280
[ 85.415201][ T24] get_page_from_freelist+0x2593/0x2610
[ 85.417531][ T24] __alloc_frozen_pages_noprof+0x18d/0x380
[ 85.419977][ T24] alloc_pages_mpol+0x235/0x490
[ 85.421989][ T24] alloc_pages_noprof+0xac/0x2a0
[ 85.424045][ T24] folio_alloc_noprof+0x1e/0x30
[ 85.426101][ T24] filemap_alloc_folio_noprof+0x111/0x470
[ 85.428498][ T24] __filemap_get_folio_mpol+0x3fc/0xb00
[ 85.430795][ T24] bdev_getblk+0x1f6/0x6e0
[ 85.432662][ T24] __ext4_get_inode_loc+0x528/0xfa0
[ 85.434814][ T24] ext4_get_inode_loc+0x81/0xf0
[ 85.436837][ T24] ext4_read_inline_folio+0x21e/0x870
[ 85.439097][ T24] ext4_readpage_inline+0x23f/0x6a0
[ 85.441246][ T24] ext4_read_folio+0x15e/0x520
[ 85.443228][ T24] filemap_read_folio+0x137/0x3b0
[ 85.445293][ T24] filemap_get_pages+0xcbb/0x1ef0
[ 85.447406][ T24] page last free pid 76 tgid 76 stack trace:
[ 85.449906][ T24] free_unref_folios+0xd9f/0x14c0
[ 85.452016][ T24] shrink_folio_list+0x4a88/0x52a0
[ 85.454149][ T24] evict_folios+0x4998/0x5ac0
[ 85.456200][ T24] try_to_shrink_lruvec+0xbca/0x1050
[ 85.458395][ T24] shrink_one+0x25c/0x710
[ 85.460205][ T24] shrink_node+0x31bf/0x3ae0
[ 85.462147][ T24] kswapd+0x1736/0x2de0
[ 85.463907][ T24] kthread+0x389/0x470
[ 85.465605][ T24] ret_from_fork+0x514/0xb70
[ 85.467547][ T24] ret_from_fork_asm+0x1a/0x30
[ 85.469572][ T24]
[ 85.470572][ T24] Memory state around the buggy address:
[ 85.472885][ T24] ffff88801fcb1180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.476115][ T24] ffff88801fcb1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.479426][ T24] >ffff88801fcb1280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.482692][ T24] ^
[ 85.485182][ T24] ffff88801fcb1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.488505][ T24] ffff88801fcb1380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.491820][ T24] ==================================================================
[ 85.516383][ T24] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 85.519483][ T24] CPU: 0 UID: 0 PID: 24 Comm: kworker/u4:2 Not tainted syzkaller #0 PREEMPT(full)
[ 85.523339][ T24] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 85.527437][ T24] Workqueue: writeback wb_workfn (flush-7:0)
[ 85.530024][ T24] Call Trace:
[ 85.531470][ T24]
[ 85.532750][ T24] vpanic+0x56c/0xa60
[ 85.534433][ T24] ? __pfx_vpanic+0x10/0x10
[ 85.536293][ T24] ? __pfx___schedule+0x10/0x10
[ 85.538367][ T24] panic+0xc5/0xd0
[ 85.540023][ T24] ? __pfx_panic+0x10/0x10
[ 85.541829][ T24] ? preempt_schedule_thunk+0x16/0x30
[ 85.544021][ T24] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.546207][ T24] check_panic_on_warn+0x89/0xb0
[ 85.548282][ T24] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.550504][ T24] end_report+0x73/0x170
[ 85.552294][ T24] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.554509][ T24] kasan_report+0x128/0x150
[ 85.556400][ T24] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.558715][ T24] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.560951][ T24] kasan_check_range+0x264/0x2c0
[ 85.563060][ T24] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.565310][ T24] __asan_memmove+0x29/0x70
[ 85.567206][ T24] ext4_xattr_set_entry+0x9c1/0x1e20
[ 85.569429][ T24] ext4_xattr_ibody_set+0x254/0x6a0
[ 85.571547][ T24] ext4_destroy_inline_data_nolock+0x23a/0x5e0
[ 85.574025][ T24] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10
[ 85.576776][ T24] ? down_write+0x16d/0x200
[ 85.578787][ T24] ? ext4_journal_check_start+0x1cf/0x2b0
[ 85.581100][ T24] ext4_destroy_inline_data+0x83/0xe0
[ 85.583245][ T24] ext4_do_writepages+0x51e/0x4670
[ 85.585467][ T24] ? blk_mq_submit_bio+0x1b9f/0x29a0
[ 85.587693][ T24] ? __lock_acquire+0x6b5/0x2cf0
[ 85.589806][ T24] ? __lock_acquire+0x6b5/0x2cf0
[ 85.591894][ T24] ? look_up_lock_class+0x57/0x110
[ 85.594008][ T24] ? register_lock_class+0x31/0x2e0
[ 85.596215][ T24] ? __pfx_ext4_do_writepages+0x10/0x10
[ 85.598542][ T24] ? __lock_acquire+0x6b5/0x2cf0
[ 85.600624][ T24] ? filemap_get_folios_tag+0x118/0x720
[ 85.602847][ T24] ? filemap_get_folios_tag+0x61c/0x720
[ 85.605206][ T24] ? filemap_get_folios_tag+0x118/0x720
[ 85.607561][ T24] ? ext4_writepages+0x205/0x3b0
[ 85.609677][ T24] ? ext4_writepages+0x205/0x3b0
[ 85.611830][ T24] ext4_writepages+0x241/0x3b0
[ 85.613833][ T24] ? __pfx_ext4_writepages+0x10/0x10
[ 85.616097][ T24] ? kasan_save_stack+0x4d/0x60
[ 85.618371][ T24] ? kasan_record_aux_stack+0xbd/0xd0
[ 85.620764][ T24] ? call_rcu+0xee/0x890
[ 85.622639][ T24] ? kmem_cache_free+0x462/0x650
[ 85.624794][ T24] ? __pfx_ext4_writepages+0x10/0x10
[ 85.627081][ T24] do_writepages+0x32e/0x550
[ 85.629125][ T24] ? reacquire_held_locks+0x104/0x190
[ 85.631768][ T24] ? writeback_sb_inodes+0x463/0x19d0
[ 85.634600][ T24] __writeback_single_inode+0x133/0x10e0
[ 85.637667][ T24] ? do_raw_spin_unlock+0x4d/0x210
[ 85.640072][ T24] writeback_sb_inodes+0x979/0x19d0
[ 85.642163][ T24] ? __pfx_writeback_sb_inodes+0x10/0x10
[ 85.644501][ T24] ? __pfx_down_read_trylock+0x10/0x10
[ 85.646832][ T24] ? __pfx___up_read+0x10/0x10
[ 85.649003][ T24] __writeback_inodes_wb+0x111/0x240
[ 85.651309][ T24] wb_writeback+0x459/0xb00
[ 85.653286][ T24] ? queue_io+0x2a1/0x470
[ 85.655130][ T24] ? __pfx_wb_writeback+0x10/0x10
[ 85.657340][ T24] ? do_raw_spin_lock+0x12b/0x2f0
[ 85.659571][ T24] wb_workfn+0x921/0xf10
[ 85.661458][ T24] ? __lock_acquire+0x6b5/0x2cf0
[ 85.663679][ T24] ? look_up_lock_class+0x57/0x110
[ 85.665928][ T24] ? __pfx_wb_workfn+0x10/0x10
[ 85.668066][ T24] ? do_raw_spin_lock+0x12b/0x2f0
[ 85.670198][ T24] ? lock_acquire+0x106/0x350
[ 85.672184][ T24] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 85.674364][ T24] ? process_scheduled_works+0xa70/0x1860
[ 85.676700][ T24] ? process_scheduled_works+0xa70/0x1860
[ 85.679016][ T24] ? process_scheduled_works+0xa70/0x1860
[ 85.681359][ T24] process_scheduled_works+0xb5d/0x1860
[ 85.683692][ T24] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.686212][ T24] ? assign_work+0x3d5/0x5e0
[ 85.688083][ T24] worker_thread+0xa53/0xfc0
[ 85.689973][ T24] kthread+0x389/0x470
[ 85.691731][ T24] ? __pfx_worker_thread+0x10/0x10
[ 85.693863][ T24] ? __pfx_kthread+0x10/0x10
[ 85.695854][ T24] ret_from_fork+0x514/0xb70
[ 85.697748][ T24] ? __pfx_ret_from_fork+0x10/0x10
[ 85.699868][ T24] ? __switch_to+0xc79/0x1410
[ 85.701800][ T24] ? __pfx_kthread+0x10/0x10
[ 85.703763][ T24] ret_from_fork_asm+0x1a/0x30
[ 85.705800][ T24]
[ 85.707460][ T24] Kernel Offset: disabled
[ 85.709276][ T24] Rebooting in 86400 seconds..