program:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000280)={[{@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nombcache}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0)
truncate(&(0x7f0000000080)='./file2\x00', 0x9)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x40)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)

[   85.863768][ T5292] Bluetooth: hci0: command tx timeout
[   86.032233][ T5329] loop0: detected capacity change from 0 to 512
[   86.077868][ T5329] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   86.107928][ T5329] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   86.169695][ T5329] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   86.188163][ T5329] EXT4-fs (loop0): 1 truncate cleaned up
[   86.222339][ T5329] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.352730][ T5329] ==================================================================
[   86.356152][ T5329] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x8e9/0x1e20
[   86.359470][ T5329] Read of size 18446744073709551572 at addr ffff888041f37850 by task syz.0.0/5329
[   86.363318][ T5329] 
[   86.364384][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.364400][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.364408][ T5329] Call Trace:
[   86.364415][ T5329]  <TASK>
[   86.364423][ T5329]  dump_stack_lvl+0xe8/0x150
[   86.364439][ T5329]  print_address_description+0x55/0x1e0
[   86.364453][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.364472][ T5329]  print_report+0x58/0x70
[   86.364482][ T5329]  kasan_report+0x117/0x150
[   86.364499][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.364516][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.364531][ T5329]  kasan_check_range+0x264/0x2c0
[   86.364544][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.364560][ T5329]  __asan_memmove+0x29/0x70
[   86.364572][ T5329]  ext4_xattr_set_entry+0x8e9/0x1e20
[   86.364592][ T5329]  ext4_xattr_block_set+0x878/0x2ad0
[   86.364603][ T5329]  ? fs_reclaim_acquire+0x7c/0x100
[   86.364621][ T5329]  ? __pfx_check_xattrs+0x10/0x10
[   86.364639][ T5329]  ? __pfx_ext4_xattr_block_set+0x10/0x10
[   86.364649][ T5329]  ? ext4_xattr_block_find+0x2d4/0x350
[   86.364659][ T5329]  ext4_expand_extra_isize_ea+0x12cf/0x1ea0
[   86.364679][ T5329]  __ext4_expand_extra_isize+0x30d/0x400
[   86.364692][ T5329]  __ext4_mark_inode_dirty+0x45c/0x710
[   86.364706][ T5329]  ext4_dirty_inode+0xd0/0x110
[   86.364715][ T5329]  ? __pfx_ext4_dirty_inode+0x10/0x10
[   86.364724][ T5329]  __mark_inode_dirty+0x3a4/0x13b0
[   86.364741][ T5329]  file_update_time_flags+0x3ee/0x4a0
[   86.364754][ T5329]  ext4_write_checks+0x2a9/0x480
[   86.364769][ T5329]  ext4_buffered_write_iter+0xaa/0x3a0
[   86.364782][ T5329]  ext4_file_write_iter+0x298/0x1bf0
[   86.364797][ T5329]  ? vfs_write+0x227/0xb90
[   86.364809][ T5329]  ? vfs_write+0x227/0xb90
[   86.364821][ T5329]  ? __pfx_ext4_file_write_iter+0x10/0x10
[   86.364837][ T5329]  vfs_write+0x61d/0xb90
[   86.364852][ T5329]  ? __pfx_vfs_write+0x10/0x10
[   86.364865][ T5329]  ? __fget_files+0x2a/0x420
[   86.364876][ T5329]  __x64_sys_pwrite64+0x199/0x230
[   86.364902][ T5329]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[   86.364919][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.364939][ T5329]  do_syscall_64+0x174/0x580
[   86.365010][ T5329]  ? clear_bhb_loop+0x40/0x90
[   86.365025][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.365038][ T5329] RIP: 0033:0x7f0c91f9ce59
[   86.365051][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.365068][ T5329] RSP: 002b:00007f0c8e3ecfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[   86.365083][ T5329] RAX: ffffffffffffffda RBX: 00007f0c92215fa0 RCX: 00007f0c91f9ce59
[   86.365091][ T5329] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000004
[   86.365108][ T5329] RBP: 00007f0c92032d6f R08: 0000000000000000 R09: 0000000000000000
[   86.365116][ T5329] R10: 000000000000fecc R11: 0000000000000246 R12: 0000000000000000
[   86.365123][ T5329] R13: 00007f0c92216038 R14: 00007f0c92215fa0 R15: 00007ffc6ae07088
[   86.365135][ T5329]  </TASK>
[   86.365139][ T5329] 
[   86.487030][ T5329] Allocated by task 5329:
[   86.488864][ T5329]  kasan_save_track+0x3e/0x80
[   86.490916][ T5329]  __kasan_kmalloc+0x93/0xb0
[   86.492902][ T5329]  __kmalloc_node_track_caller_noprof+0x4db/0x7b0
[   86.495610][ T5329]  kmemdup_noprof+0x2b/0x70
[   86.497582][ T5329]  ext4_xattr_block_set+0x787/0x2ad0
[   86.499925][ T5329]  ext4_expand_extra_isize_ea+0x12cf/0x1ea0
[   86.502645][ T5329]  __ext4_expand_extra_isize+0x30d/0x400
[   86.505292][ T5329]  __ext4_mark_inode_dirty+0x45c/0x710
[   86.507709][ T5329]  ext4_dirty_inode+0xd0/0x110
[   86.509818][ T5329]  __mark_inode_dirty+0x3a4/0x13b0
[   86.511996][ T5329]  file_update_time_flags+0x3ee/0x4a0
[   86.514239][ T5329]  ext4_write_checks+0x2a9/0x480
[   86.516411][ T5329]  ext4_buffered_write_iter+0xaa/0x3a0
[   86.518694][ T5329]  ext4_file_write_iter+0x298/0x1bf0
[   86.520981][ T5329]  vfs_write+0x61d/0xb90
[   86.522841][ T5329]  __x64_sys_pwrite64+0x199/0x230
[   86.524969][ T5329]  do_syscall_64+0x174/0x580
[   86.526978][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.529581][ T5329] 
[   86.530642][ T5329] The buggy address belongs to the object at ffff888041f37800
[   86.530642][ T5329]  which belongs to the cache kmalloc-1k of size 1024
[   86.536540][ T5329] The buggy address is located 80 bytes inside of
[   86.536540][ T5329]  1024-byte region [ffff888041f37800, ffff888041f37c00)
[   86.542340][ T5329] 
[   86.543330][ T5329] The buggy address belongs to the physical page:
[   86.545857][ T5329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41f34
[   86.549574][ T5329] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   86.553561][ T5329] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   86.557591][ T5329] page_type: f5(slab)
[   86.559550][ T5329] raw: 04fff00000000040 ffff88801ac41dc0 dead000000000100 dead000000000122
[   86.563275][ T5329] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[   86.566783][ T5329] head: 04fff00000000040 ffff88801ac41dc0 dead000000000100 dead000000000122
[   86.570489][ T5329] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[   86.574259][ T5329] head: 04fff00000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff
[   86.577971][ T5329] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   86.581640][ T5329] page dumped because: kasan: bad access detected
[   86.584372][ T5329] page_owner tracks the page as allocated
[   86.586786][ T5329] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13, tgid 13 (kworker/u4:1), ts 83845521611, free_ts 28941435239
[   86.595116][ T5329]  post_alloc_hook+0x22d/0x280
[   86.597216][ T5329]  get_page_from_freelist+0x2593/0x2610
[   86.599691][ T5329]  __alloc_frozen_pages_noprof+0x18d/0x380
[   86.602344][ T5329]  allocate_slab+0x77/0x660
[   86.604437][ T5329]  refill_objects+0x339/0x3d0
[   86.606442][ T5329]  __pcs_replace_empty_main+0x321/0x720
[   86.608817][ T5329]  __kmalloc_noprof+0x474/0x760
[   86.610979][ T5329]  ieee802_11_parse_elems_full+0x14a/0x29f0
[   86.613481][ T5329]  ieee80211_ibss_rx_queued_mgmt+0x4ca/0x2cb0
[   86.616089][ T5329]  ieee80211_iface_work+0x845/0x1380
[   86.618288][ T5329]  cfg80211_wiphy_work+0x2cf/0x460
[   86.620499][ T5329]  process_scheduled_works+0xb5d/0x1860
[   86.622870][ T5329]  worker_thread+0xa53/0xfc0
[   86.624913][ T5329]  kthread+0x389/0x470
[   86.626682][ T5329]  ret_from_fork+0x514/0xb70
[   86.628681][ T5329]  ret_from_fork_asm+0x1a/0x30
[   86.630835][ T5329] page last free pid 9 tgid 9 stack trace:
[   86.633406][ T5329]  __free_frozen_pages+0xc1c/0xd30
[   86.635527][ T5329]  vfree+0x1d1/0x2f0
[   86.637214][ T5329]  delayed_vfree_work+0x55/0x80
[   86.639289][ T5329]  process_scheduled_works+0xb5d/0x1860
[   86.641460][ T5329]  worker_thread+0xa53/0xfc0
[   86.643402][ T5329]  kthread+0x389/0x470
[   86.645127][ T5329]  ret_from_fork+0x514/0xb70
[   86.647273][ T5329]  ret_from_fork_asm+0x1a/0x30
[   86.649889][ T5329] 
[   86.651114][ T5329] Memory state around the buggy address:
[   86.653573][ T5329]  ffff888041f37700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.657015][ T5329]  ffff888041f37780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.660346][ T5329] >ffff888041f37800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.663588][ T5329]                                                  ^
[   86.666274][ T5329]  ffff888041f37880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.669533][ T5329]  ffff888041f37900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.672792][ T5329] ==================================================================
[   86.717797][ T5329] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.720886][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.724450][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.728641][ T5329] Call Trace:
[   86.730139][ T5329]  <TASK>
[   86.731441][ T5329]  vpanic+0x56c/0xa60
[   86.733228][ T5329]  ? __pfx_vpanic+0x10/0x10
[   86.735130][ T5329]  panic+0xc5/0xd0
[   86.736743][ T5329]  ? __pfx_panic+0x10/0x10
[   86.738719][ T5329]  ? preempt_schedule_thunk+0x16/0x30
[   86.740969][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.743319][ T5329]  ? preempt_schedule_thunk+0x16/0x30
[   86.745624][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.747939][ T5329]  check_panic_on_warn+0x89/0xb0
[   86.749916][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.752193][ T5329]  end_report+0x73/0x170
[   86.754010][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.756365][ T5329]  kasan_report+0x128/0x150
[   86.758232][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.760651][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.763107][ T5329]  kasan_check_range+0x264/0x2c0
[   86.765290][ T5329]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.767688][ T5329]  __asan_memmove+0x29/0x70
[   86.769651][ T5329]  ext4_xattr_set_entry+0x8e9/0x1e20
[   86.771951][ T5329]  ext4_xattr_block_set+0x878/0x2ad0
[   86.774609][ T5329]  ? fs_reclaim_acquire+0x7c/0x100
[   86.777243][ T5329]  ? __pfx_check_xattrs+0x10/0x10
[   86.779406][ T5329]  ? __pfx_ext4_xattr_block_set+0x10/0x10
[   86.781984][ T5329]  ? ext4_xattr_block_find+0x2d4/0x350
[   86.784301][ T5329]  ext4_expand_extra_isize_ea+0x12cf/0x1ea0
[   86.786592][ T5329]  __ext4_expand_extra_isize+0x30d/0x400
[   86.788870][ T5329]  __ext4_mark_inode_dirty+0x45c/0x710
[   86.791208][ T5329]  ext4_dirty_inode+0xd0/0x110
[   86.793180][ T5329]  ? __pfx_ext4_dirty_inode+0x10/0x10
[   86.795384][ T5329]  __mark_inode_dirty+0x3a4/0x13b0
[   86.797596][ T5329]  file_update_time_flags+0x3ee/0x4a0
[   86.799816][ T5329]  ext4_write_checks+0x2a9/0x480
[   86.801820][ T5329]  ext4_buffered_write_iter+0xaa/0x3a0
[   86.804175][ T5329]  ext4_file_write_iter+0x298/0x1bf0
[   86.806449][ T5329]  ? vfs_write+0x227/0xb90
[   86.808243][ T5329]  ? vfs_write+0x227/0xb90
[   86.810138][ T5329]  ? __pfx_ext4_file_write_iter+0x10/0x10
[   86.812484][ T5329]  vfs_write+0x61d/0xb90
[   86.814222][ T5329]  ? __pfx_vfs_write+0x10/0x10
[   86.816130][ T5329]  ? __fget_files+0x2a/0x420
[   86.818011][ T5329]  __x64_sys_pwrite64+0x199/0x230
[   86.820268][ T5329]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[   86.822701][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.825384][ T5329]  do_syscall_64+0x174/0x580
[   86.827344][ T5329]  ? clear_bhb_loop+0x40/0x90
[   86.829311][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.831845][ T5329] RIP: 0033:0x7f0c91f9ce59
[   86.833756][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.841704][ T5329] RSP: 002b:00007f0c8e3ecfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[   86.845724][ T5329] RAX: ffffffffffffffda RBX: 00007f0c92215fa0 RCX: 00007f0c91f9ce59
[   86.849304][ T5329] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000004
[   86.852533][ T5329] RBP: 00007f0c92032d6f R08: 0000000000000000 R09: 0000000000000000
[   86.855895][ T5329] R10: 000000000000fecc R11: 0000000000000246 R12: 0000000000000000
[   86.859335][ T5329] R13: 00007f0c92216038 R14: 00007f0c92215fa0 R15: 00007ffc6ae07088
[   86.862667][ T5329]  </TASK>
[   86.864396][ T5329] Kernel Offset: disabled
[   86.866116][ T5329] Rebooting in 86400 seconds..