program: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000380)={[{@init_itable_val}, {@test_dummy_encryption_v1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@noload}, {@quota}]}, 0x83, 0x440, &(0x7f0000000d80)="$eJzs28tvG8UfAPDvrpP219cvpiqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqFug1qgkSrCAJC5YgqcUcckfgLOMEFASckrnBHlSqUSwsno7W9ie3YSRzsuODPR9pkZnesma93xzuzYwcwsEazP0nE/oj4NSJGqtnGAqPVf3dWlqb/XFmaTqJcfuOPpFLu9srSdF40f92+PDMUkX6SxNEW9S5cvXZxqlSavVLLjy9eend84eq1Z+YuTV2YvTB7efLs2dOnJp47M/lsV+LM4rp95IP5Y4dfeevGa9Pnbrz949dJHn9THF0yutHBx8vlLlfXXwfq0slQHxtCRwrVbhrDlf4/EoVYO3kj8fLHfW0c0FPlcrl8X/vDy2XgPyyJfrcA6I/8Rp/Nf/Nth4Yed4VbL1QnQFncd2pb9chQpLUyw03z224ajYhzy399kW3R8BzCJBoA6I1vs/HP063Gf2nUPxf6f20NpRgR90TEwYg4ExGHIuLeiErZ+yPigQ7rb14kWT/+TG9uK7AtysZ/z9fWthrHf/noL4qFWu5AJf7h5PxcafZk7T05EcO7s/zEBnV899Ivn7U7Vj/+y7as/nwsGJXn8+nNod2Nr5mZWpz6Z1GvufVRxJGhVvEnqyPQJCIOR8SRbdYx9+RXx9od2yz+DXVhiFz+MuKJ6vlfjqb4c8nG65Pj/4vS7Mnx/KpY76efr7/erv6O4u/BlCA7/3tbXv+r8ReT+vXahc7ruP7bp23nlJvH3/r635W82bDv/anFxSsTEbuSV6uNrt8/2VRucq18Fv+J4637/8FYeyeORkR2ET8YEQ9FxMO1tj8SEY9GxPEN4v/hxcfeadhR6CT+3srin+no/K8ldkXzntaJwsXvv2motNhJ/Nn5P11Jnajt2crn31batb2rGQAAAP590ojYH0k6tppO07Gx6nf4D8XetDS/sPjU+fn3Ls9UfyNQjOE0f9I1Uvc8dKI2rc/zk035U7Xnxp8X9lTyY9PzpZl+Bw8Dbl+b/p/5vdDv1gE956tmMLj0fxhc2+v/xa63A9h57v8wuFr0/z39aAew81rd/z/sQzuAndfU/y37wQAx/4fBpf/D4NL/YSAt7InNfyQvIbEuEeld0QyJHiX6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHX8HAAD//2zb5vM=") openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) (async) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) socket(0x10, 0x80002, 0x0) (async) r1 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}}, 0x0) sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000006880)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000006880)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f5c64000000000c000280060019"], 0x3c}}, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f5c64000000000c000280060019"], 0x3c}}, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") open(&(0x7f0000000200)='./file1\x00', 0x4401, 0xb5) (async) r5 = open(&(0x7f0000000200)='./file1\x00', 0x4401, 0xb5) fallocate(r5, 0x11, 0xfff, 0x8800000) truncate(&(0x7f0000000900)='./file1\x00', 0xbf39) r6 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x44) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x84a42, 0x99) r7 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000200), 0x200000079, 0x0) ioctl$MON_IOCX_MFETCH(r7, 0xc0109207, &(0x7f00000002c0)={0x0, 0x0, 0x2}) (async) ioctl$MON_IOCX_MFETCH(r7, 0xc0109207, &(0x7f00000002c0)={0x0, 0x0, 0x2}) sendfile(r6, r6, 0x0, 0x800000009) (async) sendfile(r6, r6, 0x0, 0x800000009) close(r4) (async) close(r4) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f770005000000000000000000", @ANYRES32=0x0, @ANYBLOB="fd00000000000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc) splice(r2, 0x0, r4, 0x0, 0x4ffe2, 0x0) (async) splice(r2, 0x0, r4, 0x0, 0x4ffe2, 0x0) [ 75.615693][ T5339] Bluetooth: hci0: command tx timeout [ 75.657904][ T5358] loop0: detected capacity change from 0 to 512 [ 75.695962][ T5358] EXT4-fs (loop0): Test dummy encryption mode enabled [ 75.698726][ T5358] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 75.724007][ T5358] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 75.756910][ T5358] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 75.773222][ T5358] EXT4-fs (loop0): 1 truncate cleaned up [ 75.777467][ T5358] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.802295][ T5358] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 75.840002][ T5359] loop0: detected capacity change from 512 to 64 [ 75.875418][ T5358] Zero length message leads to an empty skb [ 75.878286][ T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.883126][ T13] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.887391][ T13] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.899181][ T13] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.908260][ T5362] ================================================================== [ 75.911781][ T5362] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20 [ 75.915845][ T5362] Read of size 18446744073709551600 at addr ffff88804c8f5302 by task syz.0.0/5362 [ 75.919856][ T5362] [ 75.920923][ T5362] CPU: 0 UID: 0 PID: 5362 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.920940][ T5362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.920948][ T5362] Call Trace: [ 75.920957][ T5362] [ 75.920962][ T5362] dump_stack_lvl+0x189/0x250 [ 75.920979][ T5362] ? __virt_addr_valid+0x1c8/0x5c0 [ 75.920995][ T5362] ? rcu_is_watching+0x15/0xb0 [ 75.921007][ T5362] ? __kasan_check_byte+0x12/0x40 [ 75.921020][ T5362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.921032][ T5362] ? rcu_is_watching+0x15/0xb0 [ 75.921042][ T5362] ? lock_release+0x4b/0x3e0 [ 75.921059][ T5362] ? __virt_addr_valid+0x1c8/0x5c0 [ 75.921073][ T5362] ? __virt_addr_valid+0x4a5/0x5c0 [ 75.921087][ T5362] print_report+0xca/0x240 [ 75.921098][ T5362] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 75.921112][ T5362] kasan_report+0x118/0x150 [ 75.921124][ T5362] ? bdev_getblk+0x80/0x660 [ 75.921138][ T5362] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 75.921154][ T5362] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 75.921174][ T5362] kasan_check_range+0x2b0/0x2c0 [ 75.921188][ T5362] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 75.921202][ T5362] __asan_memmove+0x29/0x70 [ 75.921213][ T5362] ext4_xattr_set_entry+0x9c1/0x1e20 [ 75.921232][ T5362] ext4_xattr_ibody_set+0x254/0x6a0 [ 75.921247][ T5362] ext4_destroy_inline_data_nolock+0x214/0x5b0 [ 75.921261][ T5362] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 75.921308][ T5362] ? ext4_convert_inline_data_nolock+0xf3/0x970 [ 75.921320][ T5362] ? __asan_memcpy+0x40/0x70 [ 75.921329][ T5362] ? ext4_read_inline_data+0x103/0x2c0 [ 75.921339][ T5362] ext4_convert_inline_data_nolock+0x1f1/0x970 [ 75.921351][ T5362] ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10 [ 75.921362][ T5362] ? down_write+0x162/0x1f0 [ 75.921416][ T5362] ext4_convert_inline_data+0x4b3/0x5e0 [ 75.921429][ T5362] ? __pfx_ext4_convert_inline_data+0x10/0x10 [ 75.921439][ T5362] ? down_write+0x162/0x1f0 [ 75.921450][ T5362] ? rcu_read_lock_any_held+0xb3/0x120 [ 75.921463][ T5362] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 75.921475][ T5362] ext4_fallocate+0x1e2/0x3d0 [ 75.921494][ T5362] vfs_fallocate+0x666/0x7e0 [ 75.921508][ T5362] ? __fget_files+0x2a/0x420 [ 75.921524][ T5362] ? __pfx_vfs_fallocate+0x10/0x10 [ 75.921536][ T5362] ? __fget_files+0x2a/0x420 [ 75.921551][ T5362] __x64_sys_fallocate+0xc0/0x110 [ 75.921566][ T5362] do_syscall_64+0xfa/0x3b0 [ 75.921577][ T5362] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.921588][ T5362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.921599][ T5362] ? clear_bhb_loop+0x60/0xb0 [ 75.921612][ T5362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.921624][ T5362] RIP: 0033:0x7f3befb8eec9 [ 75.921635][ T5362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.921645][ T5362] RSP: 002b:00007f3bebff5038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 75.921658][ T5362] RAX: ffffffffffffffda RBX: 00007f3befde6180 RCX: 00007f3befb8eec9 [ 75.921667][ T5362] RDX: 0000000000000fff RSI: 0000000000000011 RDI: 000000000000000d [ 75.921675][ T5362] RBP: 00007f3befc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.921682][ T5362] R10: 0000000008800000 R11: 0000000000000246 R12: 0000000000000000 [ 75.921689][ T5362] R13: 00007f3befde6218 R14: 00007f3befde6180 R15: 00007ffd5e77fc58 [ 75.921702][ T5362] [ 75.921706][ T5362] [ 76.063164][ T5362] The buggy address belongs to the physical page: [ 76.065999][ T5362] page: refcount:2 mapcount:0 mapping:ffff88800046cd80 index:0x2 pfn:0x4c8f5 [ 76.069749][ T5362] memcg:ffff88801c6a8d00 [ 76.071598][ T5362] aops:def_blk_aops ino:700000 dentry name(?):"" [ 76.074358][ T5362] flags: 0x4fff58000004234(referenced|dirty|lru|workingset|private|node=1|zone=1|lastcpupid=0x7ff) [ 76.078896][ T5362] raw: 04fff58000004234 ffffea00014b21c8 ffff888030ad0a80 ffff88800046cd80 [ 76.082690][ T5362] raw: 0000000000000002 ffff888043a92658 00000002ffffffff ffff88801c6a8d00 [ 76.086503][ T5362] page dumped because: kasan: bad access detected [ 76.089248][ T5362] page_owner tracks the page as allocated [ 76.091850][ T5362] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5358, tgid 5357 (syz.0.0), ts 75857209789, free_ts 75794475573 [ 76.099962][ T5362] post_alloc_hook+0x240/0x2a0 [ 76.102100][ T5362] get_page_from_freelist+0x21e4/0x22c0 [ 76.104497][ T5362] __alloc_frozen_pages_noprof+0x181/0x370 [ 76.107027][ T5362] alloc_pages_mpol+0x232/0x4a0 [ 76.109188][ T5362] alloc_pages_noprof+0xa9/0x190 [ 76.111403][ T5362] folio_alloc_noprof+0x1e/0x30 [ 76.113524][ T5362] filemap_alloc_folio_noprof+0xdf/0x470 [ 76.115994][ T5362] __filemap_get_folio+0x3f2/0xaf0 [ 76.118225][ T5362] bdev_getblk+0x1ad/0x660 [ 76.120163][ T5362] __ext4_get_inode_loc+0x561/0x1040 [ 76.122414][ T5362] ext4_get_inode_loc+0x81/0xf0 [ 76.124341][ T5362] ext4_xattr_ibody_get+0x111/0x510 [ 76.126408][ T5362] ext4_xattr_get+0x123/0x6a0 [ 76.128316][ T5362] __vfs_getxattr+0x3f1/0x430 [ 76.130282][ T5362] cap_inode_need_killpriv+0x45/0x60 [ 76.132435][ T5362] security_inode_need_killpriv+0x89/0x270 [ 76.134802][ T5362] page last free pid 5334 tgid 5334 stack trace: [ 76.137479][ T5362] free_unref_folios+0xdbd/0x1520 [ 76.139688][ T5362] folios_put_refs+0x559/0x640 [ 76.141944][ T5362] folio_batch_move_lru+0x3b8/0x460 [ 76.144313][ T5362] lru_add_drain_cpu+0x119/0x880 [ 76.146567][ T5362] lru_add_drain+0x122/0x3e0 [ 76.148645][ T5362] __folio_batch_release+0x48/0x90 [ 76.150956][ T5362] shmem_undo_range+0x49e/0x14b0 [ 76.153210][ T5362] shmem_evict_inode+0x272/0xa70 [ 76.155444][ T5362] evict+0x501/0x9c0 [ 76.157213][ T5362] __dentry_kill+0x209/0x660 [ 76.159302][ T5362] dput+0x19f/0x2b0 [ 76.161033][ T5362] do_renameat2+0x6de/0xa80 [ 76.163199][ T5362] __x64_sys_rename+0x82/0x90 [ 76.165364][ T5362] do_syscall_64+0xfa/0x3b0 [ 76.167429][ T5362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.170040][ T5362] [ 76.171106][ T5362] Memory state around the buggy address: [ 76.173711][ T5362] ffff88804c8f5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.177128][ T5362] ffff88804c8f5280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.180509][ T5362] >ffff88804c8f5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.183990][ T5362] ^ [ 76.185789][ T5362] ffff88804c8f5380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.189328][ T5362] ffff88804c8f5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.193076][ T5362] ================================================================== [ 76.209701][ T5362] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 76.212951][ T5362] CPU: 0 UID: 0 PID: 5362 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.216891][ T5362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.221591][ T5362] Call Trace: [ 76.223121][ T5362] [ 76.224384][ T5362] dump_stack_lvl+0x99/0x250 [ 76.226492][ T5362] ? __asan_memcpy+0x40/0x70 [ 76.228523][ T5362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.230897][ T5362] ? __pfx__printk+0x10/0x10 [ 76.232930][ T5362] vpanic+0x281/0x750 [ 76.234641][ T5362] ? __pfx_print_hex_dump+0x10/0x10 [ 76.236920][ T5362] ? __pfx_vpanic+0x10/0x10 [ 76.238920][ T5362] ? preempt_schedule_common+0x83/0xd0 [ 76.241369][ T5362] ? preempt_schedule+0xae/0xc0 [ 76.243575][ T5362] panic+0xb9/0xc0 [ 76.245332][ T5362] ? __pfx_panic+0x10/0x10 [ 76.247002][ T5362] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.249697][ T5362] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 76.252167][ T5362] check_panic_on_warn+0x89/0xb0 [ 76.254430][ T5362] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 76.256863][ T5362] end_report+0x78/0x160 [ 76.258825][ T5362] kasan_report+0x129/0x150 [ 76.260846][ T5362] ? bdev_getblk+0x80/0x660 [ 76.262861][ T5362] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 76.265313][ T5362] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 76.267678][ T5362] kasan_check_range+0x2b0/0x2c0 [ 76.269899][ T5362] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 76.272354][ T5362] __asan_memmove+0x29/0x70 [ 76.274378][ T5362] ext4_xattr_set_entry+0x9c1/0x1e20 [ 76.276718][ T5362] ext4_xattr_ibody_set+0x254/0x6a0 [ 76.279064][ T5362] ext4_destroy_inline_data_nolock+0x214/0x5b0 [ 76.281847][ T5362] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 76.284623][ T5362] ? ext4_convert_inline_data_nolock+0xf3/0x970 [ 76.287137][ T5362] ? __asan_memcpy+0x40/0x70 [ 76.288995][ T5362] ? ext4_read_inline_data+0x103/0x2c0 [ 76.291174][ T5362] ext4_convert_inline_data_nolock+0x1f1/0x970 [ 76.293672][ T5362] ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10 [ 76.296331][ T5362] ? down_write+0x162/0x1f0 [ 76.298192][ T5362] ext4_convert_inline_data+0x4b3/0x5e0 [ 76.300518][ T5362] ? __pfx_ext4_convert_inline_data+0x10/0x10 [ 76.303179][ T5362] ? down_write+0x162/0x1f0 [ 76.305177][ T5362] ? rcu_read_lock_any_held+0xb3/0x120 [ 76.307557][ T5362] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 76.310115][ T5362] ext4_fallocate+0x1e2/0x3d0 [ 76.312289][ T5362] vfs_fallocate+0x666/0x7e0 [ 76.314357][ T5362] ? __fget_files+0x2a/0x420 [ 76.316432][ T5362] ? __pfx_vfs_fallocate+0x10/0x10 [ 76.318601][ T5362] ? __fget_files+0x2a/0x420 [ 76.320598][ T5362] __x64_sys_fallocate+0xc0/0x110 [ 76.322781][ T5362] do_syscall_64+0xfa/0x3b0 [ 76.324756][ T5362] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.327079][ T5362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.329787][ T5362] ? clear_bhb_loop+0x60/0xb0 [ 76.331918][ T5362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.334459][ T5362] RIP: 0033:0x7f3befb8eec9 [ 76.336382][ T5362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.344623][ T5362] RSP: 002b:00007f3bebff5038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 76.348110][ T5362] RAX: ffffffffffffffda RBX: 00007f3befde6180 RCX: 00007f3befb8eec9 [ 76.351409][ T5362] RDX: 0000000000000fff RSI: 0000000000000011 RDI: 000000000000000d [ 76.354787][ T5362] RBP: 00007f3befc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.358106][ T5362] R10: 0000000008800000 R11: 0000000000000246 R12: 0000000000000000 [ 76.361359][ T5362] R13: 00007f3befde6218 R14: 00007f3befde6180 R15: 00007ffd5e77fc58 [ 76.364670][ T5362] [ 76.366355][ T5362] Kernel Offset: disabled [ 76.368214][ T5362] Rebooting in 86400 seconds..