program:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000640)={[{@nogrpid}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@errors_continue}, {@data_journal}, {@quota}, {@nombcache}, {@abort}, {@errors_remount}]}, 0x3, 0x435, &(0x7f0000000200)="$eJzs28tvG0UYAPBv7aSlLxKq8mhaIFAQEY+kSUvpgQsIJA4gIcGhHEOSVqFug5og0SqCgFA5okrcEUck/gJOcEHACYkr3FGlCuXSwslo7d3Eduw0Tu244N9P2nZmd6z5Pu+OPbsTB9C3RtN/koj9EfF7RAxVq/UNRqv/3Vpdnvl7dXkmiXL5rb+SSrubq8szedP8dfvyykBE4bMkjjTpd/HylfPTpdLcpaw+sXTh/YnFy1eem78wfW7u3NzFqdOnT56YfOHU1PMdyTPN6+bIRwtHD7/2zrU3Zs5ce/fnb5M8/4Y8OmR0s4NPlssd7q63DtSUk4EeBkJbitVhGoOV8T8UxVg/eUPx6qc9DQ7oqnK5XH6g9eGVMvA/lkSvIwB6I/+iT+9/822Hph53hRsvVW+A0rxvZVv1yEAUsjaDDfe3nTQaEWdW/vkq3aI7zyEAAOp8n85/nm02/ytE7XOhe7M1lOGIuC8iDkbEqYg4FBH3R1TaPhgRD7XZf+Miycb5T+H6thLbonT+92K2tlU//8tnfzFczGoHKvkPJmfnS3PHs/dkLAZ3p/XJTfr44ZXfvmh1rHb+l25p//lcMIvj+sDu+tfMTi9N30nOtW58EjEy0Cz/ZG0lIImIwxExss0+5p/+5mirY7fPfxMdWGcqfx3xVPX8r0RD/rlk8/XJiXuiNHd8Ir8qNvrl16tvtur/jvLvgPT87216/a/lP5zUrtcutt/H1T8+b3lPs93rf1fydt2+D6eXli5NRuxKXq8GXbt/qqHd1Hr7NP+xY83H/8FYfyeORER6ET8cEY9ExKNZ7I9FxOMRcWyT/H96+Yn3tp9/d6X5z7Z1/tcLu6JxT/NC8fyP39V1OtxO/un5P1kpjWV7tvL5t5W4tnc1AwAAwH9PISL2R1IYXysXCuPj1b/hPxR7C6WFxaVnzi58cHG2+huB4Rgs5E+6hmqeh05mt/V5faqhfiJ7bvxlcU+lPj6zUJrtdfLQ5/a1GP+pP4u9jg7oujbX0Ya6FQew8/xeE/qX8Q/9y/iH/tVk/O/pRRzAzmv2/f9xD+IAdl7D+LfsB33E/T/0L+Mf+pfxD31pcU/c/kfyCgobClG4K8JQ6FKh159MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnfFvAAAA///MdObk")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
creat(&(0x7f0000000140)='./file2\x00', 0x1ad)
utime(&(0x7f0000006a80)='./file1\x00', 0x0)

[   85.465637][ T5323] Bluetooth: hci0: command tx timeout
[   85.544101][ T5347] loop0: detected capacity change from 0 to 512
[   85.580626][ T5347] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   85.610239][ T5347] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   85.627558][ T5347] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   85.634503][ T5347] EXT4-fs (loop0): 1 truncate cleaned up
[   85.639185][ T5347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.661613][ T5347] ==================================================================
[   85.664985][ T5347] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x8e9/0x1e20
[   85.668191][ T5347] Read of size 18446744073709551572 at addr ffff8880115f8850 by task syz.0.0/5347
[   85.671694][ T5347] 
[   85.672751][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[   85.672767][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.672775][ T5347] Call Trace:
[   85.672782][ T5347]  <TASK>
[   85.672790][ T5347]  dump_stack_lvl+0x189/0x250
[   85.672809][ T5347]  ? __kasan_check_byte+0x12/0x40
[   85.672825][ T5347]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.672839][ T5347]  ? lock_release+0x4b/0x3e0
[   85.672860][ T5347]  ? __virt_addr_valid+0x4a5/0x5c0
[   85.672878][ T5347]  print_report+0xca/0x240
[   85.672889][ T5347]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   85.672901][ T5347]  kasan_report+0x118/0x150
[   85.672915][ T5347]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   85.672928][ T5347]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   85.672938][ T5347]  kasan_check_range+0x2b0/0x2c0
[   85.672952][ T5347]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   85.672963][ T5347]  __asan_memmove+0x29/0x70
[   85.672974][ T5347]  ext4_xattr_set_entry+0x8e9/0x1e20
[   85.672989][ T5347]  ext4_xattr_block_set+0x872/0x2ac0
[   85.673006][ T5347]  ? __pfx_check_xattrs+0x10/0x10
[   85.673018][ T5347]  ? __pfx_ext4_xattr_block_set+0x10/0x10
[   85.673030][ T5347]  ? ext4_xattr_block_find+0x2d4/0x350
[   85.673042][ T5347]  ext4_expand_extra_isize_ea+0x12d5/0x1ea0
[   85.673064][ T5347]  __ext4_expand_extra_isize+0x30d/0x400
[   85.673079][ T5347]  __ext4_mark_inode_dirty+0x46c/0x700
[   85.673096][ T5347]  ext4_dirty_inode+0xd0/0x110
[   85.673108][ T5347]  ? __pfx_ext4_dirty_inode+0x10/0x10
[   85.673120][ T5347]  __mark_inode_dirty+0x2d1/0xdf0
[   85.673136][ T5347]  ? i_gid_needs_update+0x51/0x160
[   85.673146][ T5347]  ext4_setattr+0xabc/0x1bc0
[   85.673154][ T5347]  ? __pfx_current_time+0x10/0x10
[   85.673166][ T5347]  ? try_break_deleg+0x79/0x130
[   85.673175][ T5347]  ? __pfx_ext4_setattr+0x10/0x10
[   85.673185][ T5347]  notify_change+0xb36/0xe40
[   85.673198][ T5347]  vfs_utimes+0x3fb/0x570
[   85.673214][ T5347]  ? __pfx_vfs_utimes+0x10/0x10
[   85.673239][ T5347]  ? user_path_at+0x44/0x60
[   85.673248][ T5347]  ? kmem_cache_free+0x18f/0x400
[   85.673262][ T5347]  do_utimes+0x1bd/0x2a0
[   85.673272][ T5347]  ? __pfx_do_utimes+0x10/0x10
[   85.673281][ T5347]  ? rcu_is_watching+0x15/0xb0
[   85.673290][ T5347]  ? __rseq_handle_notify_resume+0x37e/0x11f0
[   85.673303][ T5347]  __x64_sys_utime+0x13e/0x200
[   85.673314][ T5347]  ? __pfx___x64_sys_utime+0x10/0x10
[   85.673330][ T5347]  ? do_syscall_64+0xbe/0x3b0
[   85.673394][ T5347]  do_syscall_64+0xfa/0x3b0
[   85.673407][ T5347]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.673417][ T5347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.673428][ T5347]  ? clear_bhb_loop+0x60/0xb0
[   85.673441][ T5347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.673453][ T5347] RIP: 0033:0x7f8238d8e9a9
[   85.673464][ T5347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.673475][ T5347] RSP: 002b:00007f8239c9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000084
[   85.673488][ T5347] RAX: ffffffffffffffda RBX: 00007f8238fb5fa0 RCX: 00007f8238d8e9a9
[   85.673497][ T5347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000006a80
[   85.673502][ T5347] RBP: 00007f8238e10d69 R08: 0000000000000000 R09: 0000000000000000
[   85.673506][ T5347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.673511][ T5347] R13: 0000000000000000 R14: 00007f8238fb5fa0 R15: 00007ffc392b05c8
[   85.673518][ T5347]  </TASK>
[   85.673522][ T5347] 
[   85.822047][ T5347] Allocated by task 5347:
[   85.823982][ T5347]  kasan_save_track+0x3e/0x80
[   85.826140][ T5347]  __kasan_kmalloc+0x93/0xb0
[   85.828158][ T5347]  __kmalloc_node_track_caller_noprof+0x271/0x4e0
[   85.830925][ T5347]  kmemdup_noprof+0x2b/0x70
[   85.832932][ T5347]  ext4_xattr_block_set+0x781/0x2ac0
[   85.835026][ T5347]  ext4_expand_extra_isize_ea+0x12d5/0x1ea0
[   85.837466][ T5347]  __ext4_expand_extra_isize+0x30d/0x400
[   85.839989][ T5347]  __ext4_mark_inode_dirty+0x46c/0x700
[   85.842467][ T5347]  ext4_dirty_inode+0xd0/0x110
[   85.844654][ T5347]  __mark_inode_dirty+0x2d1/0xdf0
[   85.847005][ T5347]  ext4_setattr+0xabc/0x1bc0
[   85.849099][ T5347]  notify_change+0xb36/0xe40
[   85.851216][ T5347]  vfs_utimes+0x3fb/0x570
[   85.853203][ T5347]  do_utimes+0x1bd/0x2a0
[   85.854918][ T5347]  __x64_sys_utime+0x13e/0x200
[   85.856875][ T5347]  do_syscall_64+0xfa/0x3b0
[   85.858753][ T5347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.861235][ T5347] 
[   85.862338][ T5347] The buggy address belongs to the object at ffff8880115f8800
[   85.862338][ T5347]  which belongs to the cache kmalloc-1k of size 1024
[   85.868620][ T5347] The buggy address is located 80 bytes inside of
[   85.868620][ T5347]  1024-byte region [ffff8880115f8800, ffff8880115f8c00)
[   85.874845][ T5347] 
[   85.875872][ T5347] The buggy address belongs to the physical page:
[   85.878586][ T5347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115f8
[   85.882078][ T5347] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   85.886098][ T5347] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   85.889344][ T5347] page_type: f5(slab)
[   85.891107][ T5347] raw: 00fff00000000040 ffff88801a441dc0 dead000000000122 0000000000000000
[   85.895203][ T5347] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   85.899889][ T5347] head: 00fff00000000040 ffff88801a441dc0 dead000000000122 0000000000000000
[   85.903920][ T5347] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   85.907873][ T5347] head: 00fff00000000002 ffffea0000457e01 00000000ffffffff 00000000ffffffff
[   85.911575][ T5347] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   85.915905][ T5347] page dumped because: kasan: bad access detected
[   85.918917][ T5347] page_owner tracks the page as allocated
[   85.921230][ T5347] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5347, tgid 5346 (syz.0.0), ts 85644751289, free_ts 28102627090
[   85.929241][ T5347]  post_alloc_hook+0x240/0x2a0
[   85.931417][ T5347]  get_page_from_freelist+0x21e4/0x22c0
[   85.934096][ T5347]  __alloc_pages_slowpath+0x2fe/0xce0
[   85.936774][ T5347]  __alloc_frozen_pages_noprof+0x319/0x370
[   85.939406][ T5347]  allocate_slab+0x65/0x3b0
[   85.941662][ T5347]  ___slab_alloc+0xbfc/0x1480
[   85.943750][ T5347]  __kmalloc_node_noprof+0x2fd/0x4e0
[   85.945860][ T5347]  alloc_slab_obj_exts+0x39/0xa0
[   85.948151][ T5347]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[   85.950864][ T5347]  __kmalloc_node_track_caller_noprof+0x335/0x4e0
[   85.953822][ T5347]  kstrdup+0x42/0x100
[   85.955617][ T5347]  alloc_vfsmnt+0xeb/0x4e0
[   85.957368][ T5347]  vfs_create_mount+0x6c/0x3d0
[   85.959383][ T5347]  do_new_mount+0x35a/0xa40
[   85.961296][ T5347]  __se_sys_mount+0x317/0x410
[   85.963126][ T5347]  do_syscall_64+0xfa/0x3b0
[   85.965024][ T5347] page last free pid 4739 tgid 4739 stack trace:
[   85.967433][ T5347]  __free_frozen_pages+0xc71/0xe70
[   85.969464][ T5347]  __put_partials+0x161/0x1c0
[   85.971334][ T5347]  put_cpu_partial+0x17c/0x250
[   85.973263][ T5347]  __slab_free+0x2f7/0x400
[   85.975023][ T5347]  qlist_free_all+0x97/0x140
[   85.976772][ T5347]  kasan_quarantine_reduce+0x148/0x160
[   85.978560][ T5347]  __kasan_slab_alloc+0x22/0x80
[   85.980400][ T5347]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[   85.982750][ T5347]  getname_flags+0xb8/0x540
[   85.984745][ T5347]  do_readlinkat+0xbc/0x500
[   85.986895][ T5347]  __x64_sys_readlink+0x7f/0x90
[   85.989367][ T5347]  do_syscall_64+0xfa/0x3b0
[   85.991342][ T5347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.994349][ T5347] 
[   85.995476][ T5347] Memory state around the buggy address:
[   85.997995][ T5347]  ffff8880115f8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.002005][ T5347]  ffff8880115f8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.005981][ T5347] >ffff8880115f8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.009504][ T5347]                                                  ^
[   86.012726][ T5347]  ffff8880115f8880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.016259][ T5347]  ffff8880115f8900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.019968][ T5347] ==================================================================
[   86.038653][ T5347] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.041881][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[   86.046149][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.050607][ T5347] Call Trace:
[   86.052268][ T5347]  <TASK>
[   86.053581][ T5347]  dump_stack_lvl+0x99/0x250
[   86.055579][ T5347]  ? __asan_memcpy+0x40/0x70
[   86.057632][ T5347]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.060199][ T5347]  ? __pfx__printk+0x10/0x10
[   86.062648][ T5347]  panic+0x2db/0x790
[   86.064931][ T5347]  ? __pfx_panic+0x10/0x10
[   86.067094][ T5347]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   86.069886][ T5347]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.072874][ T5347]  ? print_memory_metadata+0x314/0x400
[   86.075284][ T5347]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.078141][ T5347]  check_panic_on_warn+0x89/0xb0
[   86.080677][ T5347]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.083393][ T5347]  end_report+0x78/0x160
[   86.085390][ T5347]  kasan_report+0x129/0x150
[   86.087274][ T5347]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.089837][ T5347]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.092123][ T5347]  kasan_check_range+0x2b0/0x2c0
[   86.094186][ T5347]  ? ext4_xattr_set_entry+0x8e9/0x1e20
[   86.096524][ T5347]  __asan_memmove+0x29/0x70
[   86.098547][ T5347]  ext4_xattr_set_entry+0x8e9/0x1e20
[   86.100861][ T5347]  ext4_xattr_block_set+0x872/0x2ac0
[   86.103552][ T5347]  ? __pfx_check_xattrs+0x10/0x10
[   86.106034][ T5347]  ? __pfx_ext4_xattr_block_set+0x10/0x10
[   86.108556][ T5347]  ? ext4_xattr_block_find+0x2d4/0x350
[   86.110947][ T5347]  ext4_expand_extra_isize_ea+0x12d5/0x1ea0
[   86.113745][ T5347]  __ext4_expand_extra_isize+0x30d/0x400
[   86.116152][ T5347]  __ext4_mark_inode_dirty+0x46c/0x700
[   86.118556][ T5347]  ext4_dirty_inode+0xd0/0x110
[   86.120885][ T5347]  ? __pfx_ext4_dirty_inode+0x10/0x10
[   86.123449][ T5347]  __mark_inode_dirty+0x2d1/0xdf0
[   86.125856][ T5347]  ? i_gid_needs_update+0x51/0x160
[   86.128084][ T5347]  ext4_setattr+0xabc/0x1bc0
[   86.130010][ T5347]  ? __pfx_current_time+0x10/0x10
[   86.132306][ T5347]  ? try_break_deleg+0x79/0x130
[   86.134383][ T5347]  ? __pfx_ext4_setattr+0x10/0x10
[   86.136540][ T5347]  notify_change+0xb36/0xe40
[   86.138581][ T5347]  vfs_utimes+0x3fb/0x570
[   86.140609][ T5347]  ? __pfx_vfs_utimes+0x10/0x10
[   86.142866][ T5347]  ? user_path_at+0x44/0x60
[   86.145351][ T5347]  ? kmem_cache_free+0x18f/0x400
[   86.148128][ T5347]  do_utimes+0x1bd/0x2a0
[   86.150045][ T5347]  ? __pfx_do_utimes+0x10/0x10
[   86.152229][ T5347]  ? rcu_is_watching+0x15/0xb0
[   86.154272][ T5347]  ? __rseq_handle_notify_resume+0x37e/0x11f0
[   86.157038][ T5347]  __x64_sys_utime+0x13e/0x200
[   86.159219][ T5347]  ? __pfx___x64_sys_utime+0x10/0x10
[   86.161547][ T5347]  ? do_syscall_64+0xbe/0x3b0
[   86.163706][ T5347]  do_syscall_64+0xfa/0x3b0
[   86.165786][ T5347]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.168188][ T5347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.171161][ T5347]  ? clear_bhb_loop+0x60/0xb0
[   86.173440][ T5347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.176186][ T5347] RIP: 0033:0x7f8238d8e9a9
[   86.178123][ T5347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.186558][ T5347] RSP: 002b:00007f8239c9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000084
[   86.190310][ T5347] RAX: ffffffffffffffda RBX: 00007f8238fb5fa0 RCX: 00007f8238d8e9a9
[   86.193958][ T5347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000006a80
[   86.197964][ T5347] RBP: 00007f8238e10d69 R08: 0000000000000000 R09: 0000000000000000
[   86.201445][ T5347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.204927][ T5347] R13: 0000000000000000 R14: 00007f8238fb5fa0 R15: 00007ffc392b05c8
[   86.208450][ T5347]  </TASK>
[   86.210271][ T5347] Kernel Offset: disabled
[   86.212323][ T5347] Rebooting in 86400 seconds..