program:
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x842b01)
syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x48)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00')
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0\x00', &(0x7f0000000680), &(0x7f00000006c0)=ANY=[], 0x835, 0x1)
lsetxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0xa5)
renameat2(r2, &(0x7f00000000c0)='./file0\x00', r2, &(0x7f0000000100)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x10, &(0x7f0000000000)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [@call={0x85, 0x0, 0x0, 0x6e}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0xa4}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
[ 84.873598][ T4677] Bluetooth: hci0: command tx timeout
[ 84.965189][ T5331] loop0: detected capacity change from 0 to 1024
[ 84.984883][ T5331] =======================================================
[ 84.984883][ T5331] WARNING: The mand mount option has been deprecated and
[ 84.984883][ T5331] and is ignored by this kernel. Remove the mand
[ 84.984883][ T5331] option from the mount to silence this warning.
[ 84.984883][ T5331] =======================================================
[ 85.052530][ T5331] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 85.087480][ T5331] ==================================================================
[ 85.091109][ T5331] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.094676][ T5331] Read of size 18446744073709551556 at addr ffff888011cd5860 by task syz.0.0/5331
[ 85.099133][ T5331]
[ 85.100377][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-04055-g14bed9bc81ba #0 PREEMPT(full)
[ 85.100396][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.100404][ T5331] Call Trace:
[ 85.100412][ T5331]
[ 85.100420][ T5331] dump_stack_lvl+0x189/0x250
[ 85.100439][ T5331] ? __kasan_check_byte+0x12/0x40
[ 85.100463][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.100477][ T5331] ? lock_release+0x4b/0x3e0
[ 85.100499][ T5331] ? __virt_addr_valid+0x4a5/0x5c0
[ 85.100514][ T5331] print_report+0xca/0x240
[ 85.100526][ T5331] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.100539][ T5331] kasan_report+0x118/0x150
[ 85.100553][ T5331] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.100567][ T5331] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.100579][ T5331] kasan_check_range+0x2b0/0x2c0
[ 85.100592][ T5331] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.100605][ T5331] __asan_memmove+0x29/0x70
[ 85.100622][ T5331] ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.100641][ T5331] ext4_xattr_block_set+0x872/0x2ac0
[ 85.100654][ T5331] ? __pfx_ext4_free_in_core_inode+0x10/0x10
[ 85.100675][ T5331] ? __pfx_evict+0x10/0x10
[ 85.100684][ T5331] ? do_raw_spin_unlock+0x4d/0x240
[ 85.100699][ T5331] ? _raw_spin_unlock+0x28/0x50
[ 85.100774][ T5331] ? __pfx_ext4_xattr_block_set+0x10/0x10
[ 85.100789][ T5331] ? ext4_xattr_ibody_set+0x510/0x6a0
[ 85.100805][ T5331] ext4_xattr_set_handle+0xdfb/0x1590
[ 85.100825][ T5331] ? __pfx_ext4_xattr_set_handle+0x10/0x10
[ 85.100840][ T5331] ? __ext4_journal_start_sb+0x27e/0x5c0
[ 85.100857][ T5331] ext4_xattr_set+0x230/0x320
[ 85.100873][ T5331] ? __pfx_ext4_xattr_set+0x10/0x10
[ 85.100885][ T5331] ? rcu_is_watching+0x15/0xb0
[ 85.100897][ T5331] ? __pfx_evm_protect_xattr+0x10/0x10
[ 85.100912][ T5331] ? __pfx_ext4_xattr_trusted_set+0x10/0x10
[ 85.100927][ T5331] __vfs_setxattr+0x43c/0x480
[ 85.100946][ T5331] __vfs_setxattr_noperm+0x12d/0x660
[ 85.100963][ T5331] vfs_setxattr+0x16b/0x2f0
[ 85.100978][ T5331] ? __pfx_vfs_setxattr+0x10/0x10
[ 85.100989][ T5331] ? mnt_get_write_access+0x223/0x2a0
[ 85.101006][ T5331] ovl_xattr_set+0x3ab/0x4d0
[ 85.101020][ T5331] ? __pfx_ovl_xattr_set+0x10/0x10
[ 85.101031][ T5331] ? __asan_memcpy+0x40/0x70
[ 85.101048][ T5331] ? ovl_xattr_escape_name+0x109/0x180
[ 85.101061][ T5331] ovl_own_xattr_set+0x8b/0xb0
[ 85.101072][ T5331] ? __pfx_ovl_own_xattr_set+0x10/0x10
[ 85.101082][ T5331] __vfs_setxattr+0x43c/0x480
[ 85.101093][ T5331] __vfs_setxattr_noperm+0x12d/0x660
[ 85.101102][ T5331] vfs_setxattr+0x16b/0x2f0
[ 85.101111][ T5331] ? __pfx_vfs_setxattr+0x10/0x10
[ 85.101119][ T5331] ? mnt_get_write_access+0x223/0x2a0
[ 85.101130][ T5331] filename_setxattr+0x274/0x600
[ 85.101140][ T5331] ? __pfx_filename_setxattr+0x10/0x10
[ 85.101149][ T5331] ? getname_flags+0x1e5/0x540
[ 85.101159][ T5331] path_setxattrat+0x364/0x3a0
[ 85.101170][ T5331] ? __pfx_path_setxattrat+0x10/0x10
[ 85.101185][ T5331] ? rcu_is_watching+0x15/0xb0
[ 85.101193][ T5331] __x64_sys_setxattr+0xbc/0xe0
[ 85.101202][ T5331] do_syscall_64+0xfa/0x3b0
[ 85.101212][ T5331] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.101220][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.101227][ T5331] ? clear_bhb_loop+0x60/0xb0
[ 85.101235][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.101242][ T5331] RIP: 0033:0x7f362ab8e9a9
[ 85.101254][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.101263][ T5331] RSP: 002b:00007f362ba4c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[ 85.101277][ T5331] RAX: ffffffffffffffda RBX: 00007f362adb5fa0 RCX: 00007f362ab8e9a9
[ 85.101286][ T5331] RDX: 00002000000006c0 RSI: 0000200000000680 RDI: 0000200000000380
[ 85.101296][ T5331] RBP: 00007f362ac10d69 R08: 0000000000000001 R09: 0000000000000000
[ 85.101302][ T5331] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000
[ 85.101308][ T5331] R13: 0000000000000000 R14: 00007f362adb5fa0 R15: 00007ffc409b7e48
[ 85.101321][ T5331]
[ 85.101326][ T5331]
[ 85.286773][ T5331] Allocated by task 5331:
[ 85.288731][ T5331] kasan_save_track+0x3e/0x80
[ 85.290824][ T5331] __kasan_kmalloc+0x93/0xb0
[ 85.292942][ T5331] __kmalloc_node_track_caller_noprof+0x271/0x4e0
[ 85.296404][ T5331] kmemdup_noprof+0x2b/0x70
[ 85.298466][ T5331] ext4_xattr_block_set+0x781/0x2ac0
[ 85.300700][ T5331] ext4_xattr_set_handle+0xdfb/0x1590
[ 85.302919][ T5331] ext4_xattr_set+0x230/0x320
[ 85.304953][ T5331] __vfs_setxattr+0x43c/0x480
[ 85.307047][ T5331] __vfs_setxattr_noperm+0x12d/0x660
[ 85.309460][ T5331] vfs_setxattr+0x16b/0x2f0
[ 85.311556][ T5331] ovl_xattr_set+0x3ab/0x4d0
[ 85.313527][ T5331] ovl_own_xattr_set+0x8b/0xb0
[ 85.315850][ T5331] __vfs_setxattr+0x43c/0x480
[ 85.317982][ T5331] __vfs_setxattr_noperm+0x12d/0x660
[ 85.320290][ T5331] vfs_setxattr+0x16b/0x2f0
[ 85.322291][ T5331] filename_setxattr+0x274/0x600
[ 85.324425][ T5331] path_setxattrat+0x364/0x3a0
[ 85.326742][ T5331] __x64_sys_setxattr+0xbc/0xe0
[ 85.329083][ T5331] do_syscall_64+0xfa/0x3b0
[ 85.331246][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.333709][ T5331]
[ 85.334763][ T5331] The buggy address belongs to the object at ffff888011cd5800
[ 85.334763][ T5331] which belongs to the cache kmalloc-1k of size 1024
[ 85.340714][ T5331] The buggy address is located 96 bytes inside of
[ 85.340714][ T5331] 1024-byte region [ffff888011cd5800, ffff888011cd5c00)
[ 85.346539][ T5331]
[ 85.347734][ T5331] The buggy address belongs to the physical page:
[ 85.350996][ T5331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11cd4
[ 85.355377][ T5331] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 85.358819][ T5331] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 85.361991][ T5331] page_type: f5(slab)
[ 85.363726][ T5331] raw: 00fff00000000040 ffff88801a441dc0 dead000000000122 0000000000000000
[ 85.367442][ T5331] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 85.371246][ T5331] head: 00fff00000000040 ffff88801a441dc0 dead000000000122 0000000000000000
[ 85.375578][ T5331] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 85.379456][ T5331] head: 00fff00000000002 ffffea0000473501 00000000ffffffff 00000000ffffffff
[ 85.383413][ T5331] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 85.387141][ T5331] page dumped because: kasan: bad access detected
[ 85.390262][ T5331] page_owner tracks the page as allocated
[ 85.393598][ T5331] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5331, tgid 5330 (syz.0.0), ts 85058842423, free_ts 50715286809
[ 85.402114][ T5331] post_alloc_hook+0x240/0x2a0
[ 85.404232][ T5331] get_page_from_freelist+0x21e4/0x22c0
[ 85.406813][ T5331] __alloc_pages_slowpath+0x2fe/0xce0
[ 85.409308][ T5331] __alloc_frozen_pages_noprof+0x319/0x370
[ 85.412174][ T5331] allocate_slab+0x65/0x3b0
[ 85.414456][ T5331] ___slab_alloc+0xbfc/0x1480
[ 85.417211][ T5331] __kmalloc_node_noprof+0x2fd/0x4e0
[ 85.419812][ T5331] alloc_slab_obj_exts+0x39/0xa0
[ 85.421990][ T5331] __memcg_slab_post_alloc_hook+0x31e/0x7f0
[ 85.424727][ T5331] __kmalloc_node_track_caller_noprof+0x335/0x4e0
[ 85.427550][ T5331] kstrdup+0x42/0x100
[ 85.429827][ T5331] alloc_vfsmnt+0xeb/0x430
[ 85.432597][ T5331] vfs_create_mount+0x6c/0x3d0
[ 85.435109][ T5331] do_new_mount+0x3ec/0x9e0
[ 85.437444][ T5331] __se_sys_mount+0x317/0x410
[ 85.439454][ T5331] do_syscall_64+0xfa/0x3b0
[ 85.441404][ T5331] page last free pid 4737 tgid 4737 stack trace:
[ 85.444056][ T5331] __free_frozen_pages+0xc71/0xe70
[ 85.446514][ T5331] __put_partials+0x161/0x1c0
[ 85.448664][ T5331] put_cpu_partial+0x17c/0x250
[ 85.450850][ T5331] __slab_free+0x2f7/0x400
[ 85.452772][ T5331] qlist_free_all+0x97/0x140
[ 85.455259][ T5331] kasan_quarantine_reduce+0x148/0x160
[ 85.458320][ T5331] __kasan_slab_alloc+0x22/0x80
[ 85.460551][ T5331] __kmalloc_noprof+0x224/0x4f0
[ 85.462810][ T5331] tomoyo_realpath_from_path+0xe3/0x5d0
[ 85.465080][ T5331] tomoyo_path2_perm+0x288/0x680
[ 85.467718][ T5331] tomoyo_path_rename+0x141/0x190
[ 85.470696][ T5331] security_path_rename+0x250/0x490
[ 85.473651][ T5331] do_renameat2+0x52b/0xa80
[ 85.475753][ T5331] __x64_sys_rename+0x82/0x90
[ 85.478047][ T5331] do_syscall_64+0xfa/0x3b0
[ 85.480013][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.482899][ T5331]
[ 85.484054][ T5331] Memory state around the buggy address:
[ 85.487208][ T5331] ffff888011cd5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 85.490949][ T5331] ffff888011cd5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 85.494508][ T5331] >ffff888011cd5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.498508][ T5331] ^
[ 85.501953][ T5331] ffff888011cd5880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.505608][ T5331] ffff888011cd5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.509097][ T5331] ==================================================================
[ 85.549540][ T5331] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 85.552886][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-04055-g14bed9bc81ba #0 PREEMPT(full)
[ 85.558521][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.563762][ T5331] Call Trace:
[ 85.565377][ T5331]
[ 85.567147][ T5331] dump_stack_lvl+0x99/0x250
[ 85.569531][ T5331] ? __asan_memcpy+0x40/0x70
[ 85.571628][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.573997][ T5331] ? __pfx__printk+0x10/0x10
[ 85.576094][ T5331] panic+0x2db/0x790
[ 85.578216][ T5331] ? __pfx_panic+0x10/0x10
[ 85.580232][ T5331] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 85.582742][ T5331] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 85.585346][ T5331] ? print_memory_metadata+0x314/0x400
[ 85.587685][ T5331] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.589862][ T5331] check_panic_on_warn+0x89/0xb0
[ 85.591961][ T5331] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.594451][ T5331] end_report+0x78/0x160
[ 85.597190][ T5331] kasan_report+0x129/0x150
[ 85.599486][ T5331] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.601963][ T5331] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.604301][ T5331] kasan_check_range+0x2b0/0x2c0
[ 85.606416][ T5331] ? ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.608731][ T5331] __asan_memmove+0x29/0x70
[ 85.610753][ T5331] ext4_xattr_set_entry+0x8e9/0x1e20
[ 85.613132][ T5331] ext4_xattr_block_set+0x872/0x2ac0
[ 85.615529][ T5331] ? __pfx_ext4_free_in_core_inode+0x10/0x10
[ 85.618745][ T5331] ? __pfx_evict+0x10/0x10
[ 85.620695][ T5331] ? do_raw_spin_unlock+0x4d/0x240
[ 85.623218][ T5331] ? _raw_spin_unlock+0x28/0x50
[ 85.625423][ T5331] ? __pfx_ext4_xattr_block_set+0x10/0x10
[ 85.627907][ T5331] ? ext4_xattr_ibody_set+0x510/0x6a0
[ 85.630277][ T5331] ext4_xattr_set_handle+0xdfb/0x1590
[ 85.632873][ T5331] ? __pfx_ext4_xattr_set_handle+0x10/0x10
[ 85.635748][ T5331] ? __ext4_journal_start_sb+0x27e/0x5c0
[ 85.638142][ T5331] ext4_xattr_set+0x230/0x320
[ 85.640110][ T5331] ? __pfx_ext4_xattr_set+0x10/0x10
[ 85.642301][ T5331] ? rcu_is_watching+0x15/0xb0
[ 85.644254][ T5331] ? __pfx_evm_protect_xattr+0x10/0x10
[ 85.646779][ T5331] ? __pfx_ext4_xattr_trusted_set+0x10/0x10
[ 85.649624][ T5331] __vfs_setxattr+0x43c/0x480
[ 85.651879][ T5331] __vfs_setxattr_noperm+0x12d/0x660
[ 85.654224][ T5331] vfs_setxattr+0x16b/0x2f0
[ 85.656522][ T5331] ? __pfx_vfs_setxattr+0x10/0x10
[ 85.658865][ T5331] ? mnt_get_write_access+0x223/0x2a0
[ 85.661181][ T5331] ovl_xattr_set+0x3ab/0x4d0
[ 85.663449][ T5331] ? __pfx_ovl_xattr_set+0x10/0x10
[ 85.665994][ T5331] ? __asan_memcpy+0x40/0x70
[ 85.668347][ T5331] ? ovl_xattr_escape_name+0x109/0x180
[ 85.670897][ T5331] ovl_own_xattr_set+0x8b/0xb0
[ 85.673100][ T5331] ? __pfx_ovl_own_xattr_set+0x10/0x10
[ 85.675554][ T5331] __vfs_setxattr+0x43c/0x480
[ 85.677861][ T5331] __vfs_setxattr_noperm+0x12d/0x660
[ 85.680855][ T5331] vfs_setxattr+0x16b/0x2f0
[ 85.683205][ T5331] ? __pfx_vfs_setxattr+0x10/0x10
[ 85.685607][ T5331] ? mnt_get_write_access+0x223/0x2a0
[ 85.688176][ T5331] filename_setxattr+0x274/0x600
[ 85.690767][ T5331] ? __pfx_filename_setxattr+0x10/0x10
[ 85.693849][ T5331] ? getname_flags+0x1e5/0x540
[ 85.696649][ T5331] path_setxattrat+0x364/0x3a0
[ 85.699078][ T5331] ? __pfx_path_setxattrat+0x10/0x10
[ 85.701579][ T5331] ? rcu_is_watching+0x15/0xb0
[ 85.703633][ T5331] __x64_sys_setxattr+0xbc/0xe0
[ 85.706204][ T5331] do_syscall_64+0xfa/0x3b0
[ 85.708180][ T5331] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.710549][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.713408][ T5331] ? clear_bhb_loop+0x60/0xb0
[ 85.716143][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.719716][ T5331] RIP: 0033:0x7f362ab8e9a9
[ 85.721710][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.729882][ T5331] RSP: 002b:00007f362ba4c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[ 85.733352][ T5331] RAX: ffffffffffffffda RBX: 00007f362adb5fa0 RCX: 00007f362ab8e9a9
[ 85.736932][ T5331] RDX: 00002000000006c0 RSI: 0000200000000680 RDI: 0000200000000380
[ 85.740773][ T5331] RBP: 00007f362ac10d69 R08: 0000000000000001 R09: 0000000000000000
[ 85.744727][ T5331] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000000
[ 85.748258][ T5331] R13: 0000000000000000 R14: 00007f362adb5fa0 R15: 00007ffc409b7e48
[ 85.751861][ T5331]
[ 85.754248][ T5331] Kernel Offset: disabled
[ 85.756895][ T5331] Rebooting in 86400 seconds..