program:
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000000)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x6)
creat(&(0x7f0000000380)='./bus\x00', 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x7fff, 0x8005, 0x0, 0x0, 0x18, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9f755a3f6a00400", "036c47c6780820d1c9f7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000})
[ 93.613006][ T5293] Bluetooth: hci0: command tx timeout
[ 93.729900][ T5329] loop0: detected capacity change from 0 to 2048
[ 93.752316][ T5329] EXT4-fs: Ignoring removed mblk_io_submit option
[ 93.755045][ T5329] EXT4-fs: Ignoring removed i_version option
[ 93.826336][ T5329] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 93.883445][ T5329] loop0: detected capacity change from 2048 to 64
[ 93.899283][ T5329] ==================================================================
[ 93.902858][ T5329] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20
[ 93.906130][ T5329] Read of size 18446744073709551600 at addr ffff88805536beb8 by task syz.0.0/5329
[ 93.909959][ T5329]
[ 93.911003][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 93.911019][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 93.911026][ T5329] Call Trace:
[ 93.911032][ T5329]
[ 93.911038][ T5329] dump_stack_lvl+0xe8/0x150
[ 93.911056][ T5329] print_address_description+0x55/0x1e0
[ 93.911070][ T5329] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 93.911089][ T5329] print_report+0x58/0x70
[ 93.911100][ T5329] kasan_report+0x117/0x150
[ 93.911115][ T5329] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 93.911131][ T5329] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 93.911147][ T5329] kasan_check_range+0x264/0x2c0
[ 93.911168][ T5329] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 93.911183][ T5329] __asan_memmove+0x29/0x70
[ 93.911196][ T5329] ext4_xattr_set_entry+0x9c1/0x1e20
[ 93.911217][ T5329] ext4_xattr_ibody_set+0x254/0x6a0
[ 93.911234][ T5329] ext4_destroy_inline_data_nolock+0x23a/0x5e0
[ 93.911250][ T5329] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10
[ 93.911265][ T5329] ? trace_kmalloc+0x2a/0xf0
[ 93.911279][ T5329] ? __asan_memcpy+0x40/0x70
[ 93.911290][ T5329] ? ext4_read_inline_data+0x103/0x2c0
[ 93.911304][ T5329] ext4_convert_inline_data_nolock+0x208/0x990
[ 93.911319][ T5329] ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10
[ 93.911330][ T5329] ? down_write+0x16d/0x200
[ 93.911397][ T5329] ext4_convert_inline_data+0x4ce/0x600
[ 93.911413][ T5329] ? __pfx_ext4_convert_inline_data+0x10/0x10
[ 93.911426][ T5329] ? down_write+0x16d/0x200
[ 93.911438][ T5329] ? vfs_fallocate+0x5f0/0x7e0
[ 93.911454][ T5329] ext4_fallocate+0x1e2/0x3d0
[ 93.911467][ T5329] vfs_fallocate+0x669/0x7e0
[ 93.911481][ T5329] ? __pfx_vfs_fallocate+0x10/0x10
[ 93.911497][ T5329] file_ioctl+0x6e6/0x860
[ 93.911512][ T5329] ? __pfx_file_ioctl+0x10/0x10
[ 93.911529][ T5329] ? kasan_quarantine_put+0xbb/0x1f0
[ 93.911543][ T5329] ? tomoyo_path_number_perm+0x219/0x630
[ 93.911596][ T5329] ? tomoyo_path_number_perm+0x219/0x630
[ 93.911609][ T5329] do_vfs_ioctl+0xc26/0x1530
[ 93.911625][ T5329] ? __pfx_do_vfs_ioctl+0x10/0x10
[ 93.911641][ T5329] ? do_futex+0x395/0x420
[ 93.911657][ T5329] ? __fget_files+0x2a/0x420
[ 93.911669][ T5329] ? __fget_files+0x2a/0x420
[ 93.911680][ T5329] ? __fget_files+0x3a0/0x420
[ 93.911692][ T5329] ? __fget_files+0x2a/0x420
[ 93.911704][ T5329] ? bpf_lsm_file_ioctl+0x9/0x20
[ 93.911720][ T5329] __se_sys_ioctl+0x82/0x170
[ 93.911735][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 93.911747][ T5329] do_syscall_64+0x174/0x580
[ 93.911757][ T5329] ? trace_irq_disable+0x3b/0x140
[ 93.911774][ T5329] ? clear_bhb_loop+0x40/0x90
[ 93.911785][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 93.911796][ T5329] RIP: 0033:0x7f81f479ce59
[ 93.911808][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 93.911818][ T5329] RSP: 002b:00007f81f56c9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 93.911831][ T5329] RAX: ffffffffffffffda RBX: 00007f81f4a15fa0 RCX: 00007f81f479ce59
[ 93.911839][ T5329] RDX: 0000200000000040 RSI: 0000000040305839 RDI: 0000000000000004
[ 93.911847][ T5329] RBP: 00007f81f4832d6f R08: 0000000000000000 R09: 0000000000000000
[ 93.911855][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 93.911862][ T5329] R13: 00007f81f4a16038 R14: 00007f81f4a15fa0 R15: 00007ffd3d010688
[ 93.911874][ T5329]
[ 93.911878][ T5329]
[ 94.057692][ T5329] The buggy address belongs to the physical page:
[ 94.060136][ T5329] page: refcount:3 mapcount:0 mapping:ffff88801cc25940 index:0x2 pfn:0x5536b
[ 94.063715][ T5329] memcg:ffff88803ceb4580
[ 94.065481][ T5329] aops:def_blk_aops ino:700000 dentry name(?):""
[ 94.070259][ T5329] flags: 0x4fff18000004204(referenced|workingset|private|node=1|zone=1|lastcpupid=0x7ff)
[ 94.074614][ T5329] raw: 04fff18000004204 0000000000000000 dead000000000122 ffff88801cc25940
[ 94.078199][ T5329] raw: 0000000000000002 ffff888046d270e8 00000003ffffffff ffff88803ceb4580
[ 94.081714][ T5329] page dumped because: kasan: bad access detected
[ 94.084359][ T5329] page_owner tracks the page as allocated
[ 94.086622][ T5329] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5329, tgid 5328 (syz.0.0), ts 93895386501, free_ts 0
[ 94.093933][ T5329] post_alloc_hook+0x22d/0x280
[ 94.095841][ T5329] get_page_from_freelist+0x2593/0x2610
[ 94.098183][ T5329] __alloc_frozen_pages_noprof+0x18d/0x380
[ 94.100570][ T5329] alloc_pages_mpol+0x235/0x490
[ 94.102656][ T5329] alloc_pages_noprof+0xac/0x2a0
[ 94.104667][ T5329] folio_alloc_noprof+0x1e/0x30
[ 94.106784][ T5329] filemap_alloc_folio_noprof+0x111/0x470
[ 94.109087][ T5329] __filemap_get_folio_mpol+0x3fc/0xb00
[ 94.111423][ T5329] bdev_getblk+0x1f6/0x6e0
[ 94.113345][ T5329] __ext4_get_inode_loc+0x528/0xfa0
[ 94.115626][ T5329] ext4_get_inode_loc+0x81/0xf0
[ 94.117735][ T5329] ext4_convert_inline_data+0x26e/0x600
[ 94.119766][ T5329] ext4_fallocate+0x1e2/0x3d0
[ 94.121563][ T5329] vfs_fallocate+0x669/0x7e0
[ 94.123357][ T5329] file_ioctl+0x6e6/0x860
[ 94.125091][ T5329] do_vfs_ioctl+0xc26/0x1530
[ 94.127020][ T5329] page_owner free stack trace missing
[ 94.129117][ T5329]
[ 94.130173][ T5329] Memory state around the buggy address:
[ 94.132573][ T5329] ffff88805536bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 94.135927][ T5329] ffff88805536be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 94.139260][ T5329] >ffff88805536be80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 94.142830][ T5329] ^
[ 94.145322][ T5329] ffff88805536bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 94.148970][ T5329] ffff88805536bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 94.152581][ T5329] ==================================================================
[ 94.388433][ T5329] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 94.391360][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 94.395290][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 94.399593][ T5329] Call Trace:
[ 94.400945][ T5329]
[ 94.402244][ T5329] vpanic+0x56c/0xa60
[ 94.403971][ T5329] ? __pfx_vpanic+0x10/0x10
[ 94.405801][ T5329] ? __pfx___schedule+0x10/0x10
[ 94.407872][ T5329] panic+0xc5/0xd0
[ 94.409597][ T5329] ? __pfx_panic+0x10/0x10
[ 94.411632][ T5329] ? preempt_schedule_thunk+0x16/0x30
[ 94.413935][ T5329] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 94.416243][ T5329] check_panic_on_warn+0x89/0xb0
[ 94.418427][ T5329] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 94.420773][ T5329] end_report+0x73/0x170
[ 94.422531][ T5329] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 94.424706][ T5329] kasan_report+0x128/0x150
[ 94.426623][ T5329] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 94.428897][ T5329] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 94.431273][ T5329] kasan_check_range+0x264/0x2c0
[ 94.433324][ T5329] ? ext4_xattr_set_entry+0x9c1/0x1e20
[ 94.435615][ T5329] __asan_memmove+0x29/0x70
[ 94.437535][ T5329] ext4_xattr_set_entry+0x9c1/0x1e20
[ 94.439799][ T5329] ext4_xattr_ibody_set+0x254/0x6a0
[ 94.441985][ T5329] ext4_destroy_inline_data_nolock+0x23a/0x5e0
[ 94.444451][ T5329] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10
[ 94.447248][ T5329] ? trace_kmalloc+0x2a/0xf0
[ 94.449163][ T5329] ? __asan_memcpy+0x40/0x70
[ 94.451171][ T5329] ? ext4_read_inline_data+0x103/0x2c0
[ 94.453355][ T5329] ext4_convert_inline_data_nolock+0x208/0x990
[ 94.455895][ T5329] ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10
[ 94.458583][ T5329] ? down_write+0x16d/0x200
[ 94.460485][ T5329] ext4_convert_inline_data+0x4ce/0x600
[ 94.462754][ T5329] ? __pfx_ext4_convert_inline_data+0x10/0x10
[ 94.465201][ T5329] ? down_write+0x16d/0x200
[ 94.467052][ T5329] ? vfs_fallocate+0x5f0/0x7e0
[ 94.468978][ T5329] ext4_fallocate+0x1e2/0x3d0
[ 94.470971][ T5329] vfs_fallocate+0x669/0x7e0
[ 94.472826][ T5329] ? __pfx_vfs_fallocate+0x10/0x10
[ 94.474916][ T5329] file_ioctl+0x6e6/0x860
[ 94.476696][ T5329] ? __pfx_file_ioctl+0x10/0x10
[ 94.478747][ T5329] ? kasan_quarantine_put+0xbb/0x1f0
[ 94.480851][ T5329] ? tomoyo_path_number_perm+0x219/0x630
[ 94.483169][ T5329] ? tomoyo_path_number_perm+0x219/0x630
[ 94.485436][ T5329] do_vfs_ioctl+0xc26/0x1530
[ 94.487334][ T5329] ? __pfx_do_vfs_ioctl+0x10/0x10
[ 94.489398][ T5329] ? do_futex+0x395/0x420
[ 94.491169][ T5329] ? __fget_files+0x2a/0x420
[ 94.492961][ T5329] ? __fget_files+0x2a/0x420
[ 94.494892][ T5329] ? __fget_files+0x3a0/0x420
[ 94.496799][ T5329] ? __fget_files+0x2a/0x420
[ 94.498613][ T5329] ? bpf_lsm_file_ioctl+0x9/0x20
[ 94.500632][ T5329] __se_sys_ioctl+0x82/0x170
[ 94.502500][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 94.504897][ T5329] do_syscall_64+0x174/0x580
[ 94.506759][ T5329] ? trace_irq_disable+0x3b/0x140
[ 94.508823][ T5329] ? clear_bhb_loop+0x40/0x90
[ 94.510721][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 94.513143][ T5329] RIP: 0033:0x7f81f479ce59
[ 94.515027][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 94.522864][ T5329] RSP: 002b:00007f81f56c9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 94.526195][ T5329] RAX: ffffffffffffffda RBX: 00007f81f4a15fa0 RCX: 00007f81f479ce59
[ 94.529343][ T5329] RDX: 0000200000000040 RSI: 0000000040305839 RDI: 0000000000000004
[ 94.532592][ T5329] RBP: 00007f81f4832d6f R08: 0000000000000000 R09: 0000000000000000
[ 94.535755][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 94.538889][ T5329] R13: 00007f81f4a16038 R14: 00007f81f4a15fa0 R15: 00007ffd3d010688
[ 94.542278][ T5329]
[ 94.543977][ T5329] Kernel Offset: disabled
[ 94.545698][ T5329] Rebooting in 86400 seconds..