program: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x40, &(0x7f00000000c0), 0xff, 0x4df, &(0x7f0000010a80)="$eJzs3c9rHFUcAPDv7Cb9GZuotdraarSKwR9Jk/6wBw8qCoIKgh7qMSZprd020kRoS9AoUs8F7+JR8OjJmxdRD+IfoOBRCkWD0FQUIrM7k2R/Jdsm6TbJ5wPbfW/2zcx7M+9l37y3Mw1g0+pN/0kiuiLi14jorkSrE/RW3mZnpkZuzEyNJDE39+afSTnd9ZmpkTxpvt7OLNJXiCh8msTzSf1+Jy5eOjNcKo2dz+IDk2ffH5i4eOmZ02eHT42dGjs3dPz4kcODzx4bOlq1XoNN1dneYFlaruv7Phzfv/eVt6+8PnLiyjs/fp1ua8+ByudZOba0sPmIG3W5eDViui5Zb3rU/porq/3s8ZZ2tH7ctSicdLQxI9yUYkSkp6uz3P67oxgLJ687Xv6krZkD1lT63bS1+cfTc8AGlkS7cwC0R/5Fn17/5q/47zZ1Pu4A115YuOifnZkamZ0fz+iIQra8cw333xsRJ6b/+SJ9Rc14CgDAWij3bZ6u6f+VFWJP+b0y17Erm0PpiYi7I+KeiLg3InZHxH0R5bT3R8QDlZXnulvcf29NvL7/U7jaMM+rJO3/Pbeo7zc7M1U9HFaInmL5rTLH0ROdycnTpbFD2THpi86taXxwiX1891LzaaXF/b/0leahJgNXOyoL5jcyOjw5vFoH4drHEfs6qsqfHf9kfiYgrQF7I2LfzW16Vx44/eRX+5slalT+vC+8rFWYZ5r7MuKJyvmfjpry55Im85NpHT82dHRgW5TGDg3ktaLeT79cfqPZ/ldU/lWQnv8d1fW/JkX330llvrYzSqWx8xM3v4/Lv33W9Jpm+fLP1/95af3fkrxVnrP++d3KsgvDk5PnByO2JK+V41lj2Rbp8qGFdS9k8Tx9Wv6+g43qf6H8Ny6y8/9gRKSV+EDEroci4uEs749ExKMRcXCJ8v/w4mPvLVH+JJJo6/kfjcbtP9OTLJ6vv4VA8cz33zabt2/t/B8pz673ZUvKf/+W0WoGV3j4AAAAYF0oRERXJIX+Sri3KwqF/v7Kb/h3x45CaXxi8qmT4x+cG63cI9ATnYV8pKt70XjoYJL//r0SH8rGivPPD2fjxp8Xt5fj/SPjpdE2lx02u53V7T/y9p/6o9ju3AFrrvk82hK3BgAbQm37L7QpH8Dt18rvaFwLwMbUoP0veobGv9W3CtU/5wJYxzoahIDNoVGr/6gmXtf/b/SULWDdqW//vzd4ZB2wEen1w+al/cPmpf3DprSS+/pvPZDfLLBk4jyLDdNsa/kO/80SyB8Ps5b72h4LS6JQDnRF07V2tOto5GPVSybubmWDEfHNivNTXIVypS2meklxuQKuMNDqf4YBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwZ/s/AAD//16M4Cg=") r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x139) write$P9_RMKDIR(r0, &(0x7f0000000100)={0x14, 0x49, 0x1, {0x8}}, 0x14) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae5c70f20ff8ee09e737ff0edf1139c2eb4b68c660e677df7019051caafa00afaaf755a314a10400", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a323ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000522100000001", [0x8, 0x100]}) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x2, 0x1, 0x0, r0, &(0x7f0000000000), 0x100000, 0x100fbff}]) [ 102.919256][ T5292] Bluetooth: hci0: command tx timeout [ 102.984645][ T5327] loop0: detected capacity change from 0 to 512 [ 103.012289][ T5327] ======================================================= [ 103.012289][ T5327] WARNING: The mand mount option has been deprecated and [ 103.012289][ T5327] and is ignored by this kernel. Remove the mand [ 103.012289][ T5327] option from the mount to silence this warning. [ 103.012289][ T5327] ======================================================= [ 103.141980][ T5327] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.0: inode has both inline data and extents flags [ 103.158561][ T5327] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 103.160915][ T5327] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.0: couldn't read orphan inode 15 (err -117) [ 103.165270][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 103.165330][ C0] EXT4-fs (loop0): initial error at time 1779595388: ext4_orphan_get:1397: inode 15 [ 103.165365][ C0] EXT4-fs (loop0): last error at time 1779595388: ext4_orphan_get:1397: inode 15 [ 103.189597][ T5327] loop0: lost filesystem error report for type 5 error -117 [ 103.191953][ T5327] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.316933][ T5327] loop0: detected capacity change from 512 to 0 [ 103.346414][ T5328] ================================================================== [ 103.350092][ T5328] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.353621][ T5328] Read of size 18446744073709551600 at addr ffff8880427455d0 by task syz.0.0/5328 [ 103.357686][ T5328] [ 103.358802][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 103.358820][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 103.358828][ T5328] Call Trace: [ 103.358836][ T5328] [ 103.358842][ T5328] dump_stack_lvl+0xe8/0x150 [ 103.358861][ T5328] print_address_description+0x55/0x1e0 [ 103.358874][ T5328] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.358892][ T5328] print_report+0x58/0x70 [ 103.358903][ T5328] kasan_report+0x117/0x150 [ 103.358917][ T5328] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.358934][ T5328] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.358951][ T5328] kasan_check_range+0x264/0x2c0 [ 103.358966][ T5328] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.358984][ T5328] __asan_memmove+0x29/0x70 [ 103.358996][ T5328] ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.359017][ T5328] ext4_xattr_ibody_set+0x254/0x6a0 [ 103.359036][ T5328] ext4_destroy_inline_data_nolock+0x23a/0x5e0 [ 103.359052][ T5328] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 103.359067][ T5328] ? down_write+0x16d/0x200 [ 103.359130][ T5328] ext4_convert_inline_data_to_extent+0x547/0xde0 [ 103.359149][ T5328] ? __pfx_ext4_convert_inline_data_to_extent+0x10/0x10 [ 103.359163][ T5328] ? ext4_inode_journal_mode+0x193/0x470 [ 103.359184][ T5328] ? ext4_try_to_write_inline_data+0x49/0xa0 [ 103.359197][ T5328] ext4_write_begin+0x357/0x1890 [ 103.359211][ T5328] ? do_raw_spin_unlock+0x4d/0x210 [ 103.359230][ T5328] ? folio_unlock+0x101/0x160 [ 103.359243][ T5328] ? ext4_load_tail_bh+0x452/0x7f0 [ 103.359257][ T5328] ? __pfx_ext4_write_begin+0x10/0x10 [ 103.359273][ T5328] generic_perform_write+0x2e2/0x8f0 [ 103.359290][ T5328] ? __pfx_generic_perform_write+0x10/0x10 [ 103.359307][ T5328] ext4_buffered_write_iter+0xce/0x3a0 [ 103.359325][ T5328] ext4_file_write_iter+0x298/0x1bf0 [ 103.359339][ T5328] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 103.359355][ T5328] ? lockdep_hardirqs_on+0x7a/0x110 [ 103.359382][ T5328] ? io_submit_one+0x7bb/0x14c0 [ 103.359399][ T5328] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 103.359417][ T5328] ? aio_write+0x547/0x870 [ 103.359434][ T5328] aio_write+0x5cd/0x870 [ 103.359452][ T5328] ? __pfx_aio_write+0x10/0x10 [ 103.359468][ T5328] ? __might_fault+0xaf/0x130 [ 103.359478][ T5328] io_submit_one+0x7bb/0x14c0 [ 103.359494][ T5328] ? irqentry_exit+0x218/0x760 [ 103.359510][ T5328] ? __pfx_io_submit_one+0x10/0x10 [ 103.359525][ T5328] ? __might_fault+0xaf/0x130 [ 103.359540][ T5328] ? __might_fault+0xaf/0x130 [ 103.359552][ T5328] __se_sys_io_submit+0x195/0x340 [ 103.359567][ T5328] ? __pfx___se_sys_io_submit+0x10/0x10 [ 103.359580][ T5328] ? exc_page_fault+0x6a/0xc0 [ 103.359597][ T5328] ? do_user_addr_fault+0xc6f/0x1340 [ 103.359611][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.359623][ T5328] do_syscall_64+0x15f/0xf80 [ 103.359641][ T5328] ? trace_irq_disable+0x3b/0x140 [ 103.359658][ T5328] ? clear_bhb_loop+0x40/0x90 [ 103.359671][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.359683][ T5328] RIP: 0033:0x7f566099ce59 [ 103.359696][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.359706][ T5328] RSP: 002b:00007f566187afe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 103.359721][ T5328] RAX: ffffffffffffffda RBX: 00007f5660c16090 RCX: 00007f566099ce59 [ 103.359730][ T5328] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007f5661852000 [ 103.359737][ T5328] RBP: 00007f5660a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 103.359744][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.359751][ T5328] R13: 00007f5660c16128 R14: 00007f5660c16090 R15: 00007ffcdea73ba8 [ 103.359763][ T5328] [ 103.359767][ T5328] [ 103.520562][ T5328] The buggy address belongs to the physical page: [ 103.523161][ T5328] page: refcount:2 mapcount:0 mapping:ffff88801cc25940 index:0x2 pfn:0x42745 [ 103.526912][ T5328] memcg:ffff88801c2c4700 [ 103.528816][ T5328] aops:def_blk_aops ino:700000 dentry name(?):"" [ 103.532244][ T5328] flags: 0x4fff58000004224(referenced|lru|workingset|private|node=1|zone=1|lastcpupid=0x7ff) [ 103.537167][ T5328] raw: 04fff58000004224 ffffea0001436a08 ffff888030448240 ffff88801cc25940 [ 103.540615][ T5328] raw: 0000000000000002 ffff888046fbb828 00000002ffffffff ffff88801c2c4700 [ 103.544228][ T5328] page dumped because: kasan: bad access detected [ 103.547129][ T5328] page_owner tracks the page as allocated [ 103.549662][ T5328] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 12, tgid 12 (kworker/u4:0), ts 103311462984, free_ts 103304312310 [ 103.556756][ T5328] post_alloc_hook+0x22d/0x280 [ 103.558865][ T5328] get_page_from_freelist+0x24ba/0x2540 [ 103.561213][ T5328] __alloc_frozen_pages_noprof+0x18d/0x380 [ 103.563817][ T5328] alloc_pages_mpol+0x235/0x490 [ 103.565990][ T5328] alloc_pages_noprof+0xac/0x2a0 [ 103.568183][ T5328] folio_alloc_noprof+0x1e/0x30 [ 103.570348][ T5328] filemap_alloc_folio_noprof+0x111/0x470 [ 103.572778][ T5328] __filemap_get_folio_mpol+0x3fc/0xb00 [ 103.575218][ T5328] bdev_getblk+0x1f6/0x6e0 [ 103.577143][ T5328] ext4_sb_breadahead_unmovable+0x6f/0xf0 [ 103.579510][ T5328] __ext4_get_inode_loc+0xae3/0xfa0 [ 103.581746][ T5328] ext4_write_inode+0x311/0x620 [ 103.584121][ T5328] __writeback_single_inode+0x75a/0x10e0 [ 103.586602][ T5328] writeback_sb_inodes+0x979/0x19d0 [ 103.588887][ T5328] __writeback_inodes_wb+0x111/0x240 [ 103.591238][ T5328] wb_writeback+0x459/0xb00 [ 103.593273][ T5328] page last free pid 15 tgid 15 stack trace: [ 103.595913][ T5328] __free_frozen_pages+0xbc7/0xd30 [ 103.598179][ T5328] rcu_core+0x7cd/0x1070 [ 103.600085][ T5328] handle_softirqs+0x22a/0x840 [ 103.602334][ T5328] run_ksoftirqd+0x36/0x60 [ 103.604327][ T5328] smpboot_thread_fn+0x541/0xa50 [ 103.606528][ T5328] kthread+0x389/0x470 [ 103.608338][ T5328] ret_from_fork+0x514/0xb70 [ 103.610285][ T5328] ret_from_fork_asm+0x1a/0x30 [ 103.612171][ T5328] [ 103.613156][ T5328] Memory state around the buggy address: [ 103.615318][ T5328] ffff888042745480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 103.618753][ T5328] ffff888042745500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 103.622378][ T5328] >ffff888042745580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 103.625862][ T5328] ^ [ 103.628819][ T5328] ffff888042745600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 103.632283][ T5328] ffff888042745680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 103.635551][ T5328] ================================================================== [ 103.711800][ T5328] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 103.715235][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 103.719161][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 103.723478][ T5328] Call Trace: [ 103.724952][ T5328] [ 103.726293][ T5328] vpanic+0x56c/0xa60 [ 103.728059][ T5328] ? __pfx_vpanic+0x10/0x10 [ 103.730107][ T5328] ? __pfx___schedule+0x10/0x10 [ 103.732364][ T5328] panic+0xc5/0xd0 [ 103.734031][ T5328] ? __pfx_panic+0x10/0x10 [ 103.735986][ T5328] ? preempt_schedule_thunk+0x16/0x30 [ 103.738256][ T5328] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.740911][ T5328] check_panic_on_warn+0x89/0xb0 [ 103.743235][ T5328] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.745557][ T5328] end_report+0x73/0x170 [ 103.747228][ T5328] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.749571][ T5328] kasan_report+0x128/0x150 [ 103.751502][ T5328] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.753866][ T5328] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.756078][ T5328] kasan_check_range+0x264/0x2c0 [ 103.758279][ T5328] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.760668][ T5328] __asan_memmove+0x29/0x70 [ 103.762747][ T5328] ext4_xattr_set_entry+0x9c1/0x1e20 [ 103.765076][ T5328] ext4_xattr_ibody_set+0x254/0x6a0 [ 103.767312][ T5328] ext4_destroy_inline_data_nolock+0x23a/0x5e0 [ 103.769987][ T5328] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 103.772839][ T5328] ? down_write+0x16d/0x200 [ 103.774818][ T5328] ext4_convert_inline_data_to_extent+0x547/0xde0 [ 103.777486][ T5328] ? __pfx_ext4_convert_inline_data_to_extent+0x10/0x10 [ 103.780504][ T5328] ? ext4_inode_journal_mode+0x193/0x470 [ 103.783028][ T5328] ? ext4_try_to_write_inline_data+0x49/0xa0 [ 103.785463][ T5328] ext4_write_begin+0x357/0x1890 [ 103.787393][ T5328] ? do_raw_spin_unlock+0x4d/0x210 [ 103.789384][ T5328] ? folio_unlock+0x101/0x160 [ 103.791351][ T5328] ? ext4_load_tail_bh+0x452/0x7f0 [ 103.793397][ T5328] ? __pfx_ext4_write_begin+0x10/0x10 [ 103.795718][ T5328] generic_perform_write+0x2e2/0x8f0 [ 103.798388][ T5328] ? __pfx_generic_perform_write+0x10/0x10 [ 103.801012][ T5328] ext4_buffered_write_iter+0xce/0x3a0 [ 103.803353][ T5328] ext4_file_write_iter+0x298/0x1bf0 [ 103.805638][ T5328] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 103.808300][ T5328] ? lockdep_hardirqs_on+0x7a/0x110 [ 103.810655][ T5328] ? io_submit_one+0x7bb/0x14c0 [ 103.812987][ T5328] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 103.815833][ T5328] ? aio_write+0x547/0x870 [ 103.818875][ T5328] aio_write+0x5cd/0x870 [ 103.821205][ T5328] ? __pfx_aio_write+0x10/0x10 [ 103.823931][ T5328] ? __might_fault+0xaf/0x130 [ 103.826591][ T5328] io_submit_one+0x7bb/0x14c0 [ 103.828985][ T5328] ? irqentry_exit+0x218/0x760 [ 103.831002][ T5328] ? __pfx_io_submit_one+0x10/0x10 [ 103.833144][ T5328] ? __might_fault+0xaf/0x130 [ 103.835127][ T5328] ? __might_fault+0xaf/0x130 [ 103.837056][ T5328] __se_sys_io_submit+0x195/0x340 [ 103.839075][ T5328] ? __pfx___se_sys_io_submit+0x10/0x10 [ 103.841250][ T5328] ? exc_page_fault+0x6a/0xc0 [ 103.843488][ T5328] ? do_user_addr_fault+0xc6f/0x1340 [ 103.845748][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.848410][ T5328] do_syscall_64+0x15f/0xf80 [ 103.850497][ T5328] ? trace_irq_disable+0x3b/0x140 [ 103.852716][ T5328] ? clear_bhb_loop+0x40/0x90 [ 103.854791][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.857334][ T5328] RIP: 0033:0x7f566099ce59 [ 103.859429][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.867573][ T5328] RSP: 002b:00007f566187afe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 103.871210][ T5328] RAX: ffffffffffffffda RBX: 00007f5660c16090 RCX: 00007f566099ce59 [ 103.874713][ T5328] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007f5661852000 [ 103.878054][ T5328] RBP: 00007f5660a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 103.881385][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.884906][ T5328] R13: 00007f5660c16128 R14: 00007f5660c16090 R15: 00007ffcdea73ba8 [ 103.888418][ T5328] [ 103.890285][ T5328] Kernel Offset: disabled [ 103.892183][ T5328] Rebooting in 86400 seconds..