program: r0 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000010, &(0x7f0000000280)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x81, 0x7a5, &(0x7f0000000f80)="$eJzs3c9rXNUeAPDvnfxq0r6XPHjwXl0FBA2UTkyNrYKLigsRLBR0bRsm01AzyZTMpDQh0BYR3AgqLgTddO2PunPrj63+Fy6kpWparLiQkTuZSSbNTJq0mZlgPh+4uefcc2/O+c65P87MvcwEcGCNpn8yEUcj4v0kYri2PImIvmqqN+L02nr3V1dy6ZREpfL6r0l1nXurK7lo2CZ1uJb5f0R8907EsczWektLy7NThUJ+oZYfL89dGi8tLR+/ODc1k5/Jz5+cmJw8ceq5Uyf3Ltbff1w+cvuDV57+8vSfb//v5nvfJ3E6jtTKGuPYK6MxWntN+tKXcJOX97qyLku63QAeSXpo9qwd5XE0hqOnmmphsJMtAwDa5WpEVACAAyZx/QeAA6b+OcC91ZVcferuJxKddeeliDi0Fn/9/uZaSW/tnt2h6n3QoXvJpjsjSUSM7EH9oxHx6ddvfp5O0ab7kADNXLseEedHRree/5Mtzyzs1jPbFVYGqrPRBxY7/0HnfJOOf55vNv7LrI9/osn4Z6DJsfsoHn78Z27tQTUtpeO/FxuebbvfEH/NSE8t96/qmK8vuXCxkE/Pbf+OiLHoG0jzE9VVmz8FNXb3r7ut6m8c//324VufpfWn8401Mrd6BzZvMz1VnnrcuOvuXI94ordZ/Ml6/yctxr9nd1jHqy+8+0mrsjT+NN76tDX+9qrciHiqaf9v9GWy7fOJ49XdYby+UzTx1U8fD7Wqf6P/B6rztP76e4FOSPt/aPv4R5LG5zVLu6/jhxvD37Yqa9z/m8fffP/vT96opvtry65MlcsLExH9yWtbl5/Y2Laer6+fxj/2ZPPjv9X+n6k9G3t+Pbe93tu/fFH7V03jr7rWKv72SuOf3lX/b5Oo1LZ5oOjm/dmeVvXvrP8nq6mx2pKdnP8e0tLH2JsBAAAAAAAAAAAAAAAAAAAAAAAAYPcyEXEkkkx2PZ3JZLNrv+H93xjKFIql8rELxcX56aj+VvZI9GXqX3U53PB9qBO178Ov5088kH82Iv4TER8NDFbz2VyxMN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5vDm3/+/ms6y2bWynwe63ToAoG0OdbsBAEDHuf4DwMGzu+v/YNvaAQB0zq7f/1eS9jQEAOiYHV//z7e3HQBA57j/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJudPXMmnSp/rK7k0vz05aXF2eLl49P50mx2bjGXzRUXLmVnisWZQj6bK861/EfX1maFYvHSZMwvXhkv50vl8dLS8rm54uJ8+dzFuamZ/Ll8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdKy0tz04VCvkFiW0Tg/ujGfsm0Rv7ohn/+ER/12pvPEsMdu8EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDP/R0AAP//aHclQg==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) syz_usb_connect(0x2, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000100)="fa", 0x1}, {&(0x7f0000000080)="ea", 0x1}], 0x2) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000300)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae000034aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a9eee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"}) creat(&(0x7f0000000380)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/profiling', 0x1, 0x1cc) getdents64(r0, &(0x7f0000000300)=""/17, 0x11) writev(r5, &(0x7f00000001c0)=[{&(0x7f0000000400)='9,', 0x2}], 0x1) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@delpolicy={0x5c, 0x14, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in6=@mcast2}, 0x0, 0x1}, [@sec_ctx={0xc, 0x8, {0x8}}]}, 0x5c}}, 0x0) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x7ff, 0x8005, 0x0, 0x0, 0x19, 0xd, "efb59f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5c7639c2b31935a760e677df7019fcb8aafab44dc2cc5f533c460900", "036c47c67808f7a06d61fdcf335263bd9bffbcc2542ded71038259ca11ef54ec32030014ef3dbe5fe9b48b000000000000000000000000000000000000000005", "f283400555216500ffffffde00000000000100", [0x8000000000000008]}) pwrite64(r1, &(0x7f0000000080)='3', 0x1, 0xfeca) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x1, 0x470bd27, 0x25dfd402, {0x0, 0x0, 0x0, r10, 0x65e9d, 0x16ac1}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_PROXYARP={0x5, 0xa, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x400c080}, 0x200088c2) sendmsg$NFT_BATCH(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x48, 0x1c, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_hsr\x00'}]}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x80090}, 0x0) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r1) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10080}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x58, r11, 0x200, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x12a, 0x1f}}}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xc, 0xcd, [0x4, 0x8, 0xe, 0x4]}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x12, 0xcd, [0x9, 0x7f, 0x8, 0xf5, 0x831, 0x3, 0x9]}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000801}, 0x24000085) [ 84.027988][ T5326] loop0: detected capacity change from 0 to 2048 [ 84.116616][ T5326] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.396186][ T4706] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 84.506398][ T44] Bluetooth: hci0: command tx timeout [ 84.550624][ T4706] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 84.554139][ T4706] usb 5-1: config 0 has no interface number 0 [ 84.557313][ T4706] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 84.561643][ T4706] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 84.567826][ T4706] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 84.573115][ T4706] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64 [ 84.578198][ T4706] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 84.584089][ T4706] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 84.588341][ T4706] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.603559][ T4706] usb 5-1: config 0 descriptor?? [ 84.609777][ T5326] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 84.631018][ T4706] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 84.873696][ C0] ldusb 5-1:0.55: usb_submit_urb failed (-19) [ 84.876825][ T5327] usb 5-1: USB disconnect, device number 2 [ 84.884830][ T5326] ldusb 5-1:0.55: Couldn't submit interrupt_out_urb -19 [ 84.893551][ T5327] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 84.931355][ T5326] kernel profiling enabled (shift: 9) [ 84.957413][ T5326] loop0: detected capacity change from 2048 to 64 [ 84.977098][ T5326] ================================================================== [ 84.980321][ T5326] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20 [ 84.983453][ T5326] Read of size 18446744073709551600 at addr ffff888050a50eb8 by task syz.0.0/5326 [ 84.987136][ T5326] [ 84.988127][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.988143][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.988151][ T5326] Call Trace: [ 84.988158][ T5326] [ 84.988164][ T5326] dump_stack_lvl+0xe8/0x150 [ 84.988180][ T5326] print_address_description+0x55/0x1e0 [ 84.988198][ T5326] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 84.988209][ T5326] print_report+0x58/0x70 [ 84.988219][ T5326] kasan_report+0x117/0x150 [ 84.988236][ T5326] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 84.988247][ T5326] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 84.988256][ T5326] kasan_check_range+0x264/0x2c0 [ 84.988269][ T5326] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 84.988279][ T5326] __asan_memmove+0x29/0x70 [ 84.988291][ T5326] ext4_xattr_set_entry+0x9c1/0x1e20 [ 84.988305][ T5326] ext4_xattr_ibody_set+0x254/0x6a0 [ 84.988324][ T5326] ext4_destroy_inline_data_nolock+0x23a/0x5e0 [ 84.988340][ T5326] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 84.988354][ T5326] ? down_write+0x16d/0x200 [ 84.988423][ T5326] ? ext4_journal_check_start+0x1cf/0x2b0 [ 84.988441][ T5326] ext4_destroy_inline_data+0x83/0xe0 [ 84.988455][ T5326] ext4_do_writepages+0x51e/0x4670 [ 84.988471][ T5326] ? kernel_text_address+0xa5/0xe0 [ 84.988486][ T5326] ? unwind_get_return_address+0x4d/0x90 [ 84.988499][ T5326] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 84.988516][ T5326] ? arch_stack_walk+0xfb/0x150 [ 84.988531][ T5326] ? stack_trace_save+0xa9/0x100 [ 84.988546][ T5326] ? __pfx_stack_trace_save+0x10/0x10 [ 84.988560][ T5326] ? __pfx_hlock_conflict+0x10/0x10 [ 84.988573][ T5326] ? check_path+0x21/0x40 [ 84.988587][ T5326] ? add_lock_to_list+0xc7/0x100 [ 84.988599][ T5326] ? __pfx_ext4_do_writepages+0x10/0x10 [ 84.988612][ T5326] ? lockdep_unlock+0x5d/0xd0 [ 84.988621][ T5326] ? __lock_acquire+0x146e/0x2cf0 [ 84.988637][ T5326] ? ext4_writepages+0x205/0x3b0 [ 84.988649][ T5326] ? ext4_writepages+0x205/0x3b0 [ 84.988664][ T5326] ext4_writepages+0x241/0x3b0 [ 84.988674][ T5326] ? __lock_acquire+0x6b5/0x2cf0 [ 84.988685][ T5326] ? __pfx_ext4_writepages+0x10/0x10 [ 84.988701][ T5326] ? __pfx_ext4_writepages+0x10/0x10 [ 84.988713][ T5326] do_writepages+0x32e/0x550 [ 84.988732][ T5326] ? do_raw_spin_unlock+0x4d/0x210 [ 84.988747][ T5326] file_write_and_wait_range+0x36e/0x440 [ 84.988761][ T5326] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 84.988781][ T5326] ? filemap_get_entry+0x378/0x3f0 [ 84.988795][ T5326] ? folio_mkclean+0x2c2/0x3d0 [ 84.988808][ T5326] mmb_fsync_noflush+0x76/0x1c0 [ 84.988823][ T5326] ext4_sync_file+0x437/0xd50 [ 84.988840][ T5326] ? __pfx_ext4_sync_file+0x10/0x10 [ 84.988862][ T5326] ? ext4_buffered_write_iter+0xd9/0x3a0 [ 84.988876][ T5326] ? sync_lazytime+0x5e/0x4c0 [ 84.988891][ T5326] ext4_buffered_write_iter+0x2ca/0x3a0 [ 84.988907][ T5326] ext4_file_write_iter+0x298/0x1bf0 [ 84.988924][ T5326] ? vfs_write+0x227/0xb90 [ 84.988938][ T5326] ? vfs_write+0x227/0xb90 [ 84.988950][ T5326] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 84.988968][ T5326] vfs_write+0x61d/0xb90 [ 84.988982][ T5326] ? __pfx_vfs_write+0x10/0x10 [ 84.988996][ T5326] ? __fget_files+0x2a/0x420 [ 84.989009][ T5326] __x64_sys_pwrite64+0x199/0x230 [ 84.989023][ T5326] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 84.989039][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.989050][ T5326] do_syscall_64+0x174/0x580 [ 84.989062][ T5326] ? trace_irq_disable+0x3b/0x140 [ 84.989078][ T5326] ? clear_bhb_loop+0x40/0x90 [ 84.989091][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.989102][ T5326] RIP: 0033:0x7fabf1b9ce59 [ 84.989115][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.989123][ T5326] RSP: 002b:00007fabf2a37fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 84.989136][ T5326] RAX: ffffffffffffffda RBX: 00007fabf1e15fa0 RCX: 00007fabf1b9ce59 [ 84.989143][ T5326] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000004 [ 84.989150][ T5326] RBP: 00007fabf1c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 84.989156][ T5326] R10: 000000000000feca R11: 0000000000000246 R12: 0000000000000000 [ 84.989163][ T5326] R13: 00007fabf1e16038 R14: 00007fabf1e15fa0 R15: 00007ffc66b11bc8 [ 84.989175][ T5326] [ 84.989179][ T5326] [ 85.162616][ T5326] The buggy address belongs to the physical page: [ 85.165159][ T5326] page: refcount:3 mapcount:0 mapping:ffff88801cc25940 index:0x2 pfn:0x50a50 [ 85.168685][ T5326] memcg:ffff88803b7fa280 [ 85.170657][ T5326] aops:def_blk_aops ino:700000 dentry name(?):"" [ 85.173058][ T5326] flags: 0x4fff18000004214(referenced|dirty|workingset|private|node=1|zone=1|lastcpupid=0x7ff) [ 85.177196][ T5326] raw: 04fff18000004214 0000000000000000 dead000000000122 ffff88801cc25940 [ 85.181416][ T5326] raw: 0000000000000002 ffff88801ccbdbc8 00000003ffffffff ffff88803b7fa280 [ 85.185679][ T5326] page dumped because: kasan: bad access detected [ 85.188419][ T5326] page_owner tracks the page as allocated [ 85.190734][ T5326] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5326, tgid 5325 (syz.0.0), ts 84967146109, free_ts 84939994717 [ 85.198523][ T5326] post_alloc_hook+0x22d/0x280 [ 85.200525][ T5326] get_page_from_freelist+0x2593/0x2610 [ 85.202737][ T5326] __alloc_frozen_pages_noprof+0x18d/0x380 [ 85.205047][ T5326] alloc_pages_mpol+0x235/0x490 [ 85.207079][ T5326] alloc_pages_noprof+0xac/0x2a0 [ 85.209116][ T5326] folio_alloc_noprof+0x1e/0x30 [ 85.211131][ T5326] filemap_alloc_folio_noprof+0x111/0x470 [ 85.213494][ T5326] __filemap_get_folio_mpol+0x3fc/0xb00 [ 85.215787][ T5326] bdev_getblk+0x1f6/0x6e0 [ 85.217588][ T5326] __ext4_get_inode_loc+0x528/0xfa0 [ 85.219705][ T5326] ext4_get_inode_loc+0x81/0xf0 [ 85.221717][ T5326] ext4_xattr_ibody_get+0x113/0x4c0 [ 85.223850][ T5326] ext4_xattr_get+0x123/0x6a0 [ 85.225823][ T5326] __vfs_getxattr+0x3f4/0x430 [ 85.227829][ T5326] cap_inode_need_killpriv+0x45/0x60 [ 85.230147][ T5326] security_inode_need_killpriv+0x85/0x240 [ 85.232578][ T5326] page last free pid 5326 tgid 5325 stack trace: [ 85.234989][ T5326] free_unref_folios+0xd9f/0x14c0 [ 85.237027][ T5326] folios_put_refs+0x9ff/0xb40 [ 85.239045][ T5326] mapping_try_invalidate+0x3c2/0x4c0 [ 85.241257][ T5326] loop_set_status+0x29b/0xe40 [ 85.243275][ T5326] lo_ioctl+0xc21/0x1fb0 [ 85.244986][ T5326] blkdev_ioctl+0x5e3/0x740 [ 85.246958][ T5326] __se_sys_ioctl+0xfc/0x170 [ 85.248840][ T5326] do_syscall_64+0x174/0x580 [ 85.250703][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.253064][ T5326] [ 85.254090][ T5326] Memory state around the buggy address: [ 85.256422][ T5326] ffff888050a50d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.259684][ T5326] ffff888050a50e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.262949][ T5326] >ffff888050a50e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.266171][ T5326] ^ [ 85.268598][ T5326] ffff888050a50f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.271714][ T5326] ffff888050a50f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.274962][ T5326] ================================================================== [ 85.317050][ T5326] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.320002][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.323679][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.327772][ T5326] Call Trace: [ 85.329154][ T5326] [ 85.330456][ T5326] vpanic+0x56c/0xa60 [ 85.332136][ T5326] ? __pfx_vpanic+0x10/0x10 [ 85.334022][ T5326] ? __pfx___schedule+0x10/0x10 [ 85.336038][ T5326] panic+0xc5/0xd0 [ 85.337581][ T5326] ? __pfx_panic+0x10/0x10 [ 85.339383][ T5326] ? preempt_schedule_thunk+0x16/0x30 [ 85.341714][ T5326] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.343989][ T5326] check_panic_on_warn+0x89/0xb0 [ 85.345978][ T5326] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.348378][ T5326] end_report+0x73/0x170 [ 85.350062][ T5326] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.352118][ T5326] kasan_report+0x128/0x150 [ 85.353853][ T5326] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.356120][ T5326] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.358830][ T5326] kasan_check_range+0x264/0x2c0 [ 85.361244][ T5326] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.363370][ T5326] __asan_memmove+0x29/0x70 [ 85.365161][ T5326] ext4_xattr_set_entry+0x9c1/0x1e20 [ 85.367308][ T5326] ext4_xattr_ibody_set+0x254/0x6a0 [ 85.369436][ T5326] ext4_destroy_inline_data_nolock+0x23a/0x5e0 [ 85.371894][ T5326] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 85.374594][ T5326] ? down_write+0x16d/0x200 [ 85.376345][ T5326] ? ext4_journal_check_start+0x1cf/0x2b0 [ 85.378620][ T5326] ext4_destroy_inline_data+0x83/0xe0 [ 85.380818][ T5326] ext4_do_writepages+0x51e/0x4670 [ 85.382940][ T5326] ? kernel_text_address+0xa5/0xe0 [ 85.384955][ T5326] ? unwind_get_return_address+0x4d/0x90 [ 85.387259][ T5326] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 85.389807][ T5326] ? arch_stack_walk+0xfb/0x150 [ 85.392008][ T5326] ? stack_trace_save+0xa9/0x100 [ 85.394026][ T5326] ? __pfx_stack_trace_save+0x10/0x10 [ 85.395920][ T5326] ? __pfx_hlock_conflict+0x10/0x10 [ 85.397860][ T5326] ? check_path+0x21/0x40 [ 85.399589][ T5326] ? add_lock_to_list+0xc7/0x100 [ 85.401567][ T5326] ? __pfx_ext4_do_writepages+0x10/0x10 [ 85.403732][ T5326] ? lockdep_unlock+0x5d/0xd0 [ 85.405674][ T5326] ? __lock_acquire+0x146e/0x2cf0 [ 85.407746][ T5326] ? ext4_writepages+0x205/0x3b0 [ 85.409776][ T5326] ? ext4_writepages+0x205/0x3b0 [ 85.411845][ T5326] ext4_writepages+0x241/0x3b0 [ 85.413819][ T5326] ? __lock_acquire+0x6b5/0x2cf0 [ 85.415793][ T5326] ? __pfx_ext4_writepages+0x10/0x10 [ 85.418051][ T5326] ? __pfx_ext4_writepages+0x10/0x10 [ 85.420226][ T5326] do_writepages+0x32e/0x550 [ 85.422139][ T5326] ? do_raw_spin_unlock+0x4d/0x210 [ 85.424278][ T5326] file_write_and_wait_range+0x36e/0x440 [ 85.426511][ T5326] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 85.429082][ T5326] ? filemap_get_entry+0x378/0x3f0 [ 85.431149][ T5326] ? folio_mkclean+0x2c2/0x3d0 [ 85.432878][ T5326] mmb_fsync_noflush+0x76/0x1c0 [ 85.434571][ T5326] ext4_sync_file+0x437/0xd50 [ 85.436178][ T5326] ? __pfx_ext4_sync_file+0x10/0x10 [ 85.438020][ T5326] ? ext4_buffered_write_iter+0xd9/0x3a0 [ 85.440347][ T5326] ? sync_lazytime+0x5e/0x4c0 [ 85.442218][ T5326] ext4_buffered_write_iter+0x2ca/0x3a0 [ 85.444542][ T5326] ext4_file_write_iter+0x298/0x1bf0 [ 85.446815][ T5326] ? vfs_write+0x227/0xb90 [ 85.448694][ T5326] ? vfs_write+0x227/0xb90 [ 85.450590][ T5326] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 85.453057][ T5326] vfs_write+0x61d/0xb90 [ 85.454850][ T5326] ? __pfx_vfs_write+0x10/0x10 [ 85.456896][ T5326] ? __fget_files+0x2a/0x420 [ 85.458849][ T5326] __x64_sys_pwrite64+0x199/0x230 [ 85.461412][ T5326] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 85.464168][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.467288][ T5326] do_syscall_64+0x174/0x580 [ 85.469253][ T5326] ? trace_irq_disable+0x3b/0x140 [ 85.471354][ T5326] ? clear_bhb_loop+0x40/0x90 [ 85.473293][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.475892][ T5326] RIP: 0033:0x7fabf1b9ce59 [ 85.477958][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.485665][ T5326] RSP: 002b:00007fabf2a37fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 85.489175][ T5326] RAX: ffffffffffffffda RBX: 00007fabf1e15fa0 RCX: 00007fabf1b9ce59 [ 85.492493][ T5326] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000004 [ 85.495837][ T5326] RBP: 00007fabf1c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 85.499106][ T5326] R10: 000000000000feca R11: 0000000000000246 R12: 0000000000000000 [ 85.502101][ T5326] R13: 00007fabf1e16038 R14: 00007fabf1e15fa0 R15: 00007ffc66b11bc8 [ 85.505218][ T5326] [ 85.506850][ T5326] Kernel Offset: disabled [ 85.508529][ T5326] Rebooting in 86400 seconds..