program:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_TSC_KHZ_vm(r1, 0xaea2, 0x2)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x1, 0x7, 0x7, 0x8001, 0x7}]})
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000500), 0xfd, 0x574, &(0x7f0000000cc0)="$eJzs3U1rG0cfAPD/ylLenOexAyG0PZRADk0JkWO7LykUkh5LGxpo76mwFRMsR8GSQ+wGmhyaSy8lFEppoPQD9N5j6Bfopwi0gVCCaQ+l4LLyylFsyW+RIyX6/WDtGe1KM6PZ/2pmV2IDGFjH0z+5iFcj4pskYqRlXT6ylcdXt1t+fHMqXZJYWfn0zyTOrXutJPs/nGVeiYhfv4o4ldtYbm1xabZUqZTns/xYfe7aWG1x6fSVudJMeaZ8dWJy8uzbkxPvvftO19r65sW/v//k/odnvz6x/N3PD4/cTeJ8HM7Wpe3qQhG3WjPHS/9mqUKcX7fheBcK6ydJryvArgxlcV6I9BgwEkNZ1AMvvy8jYgUYUIn4hwHVHAc05/Zdmge/MB59sDoB2tj+/Oq5kTjQmBsdWk6emhml893RLpSflvHLH/fupktsfh7i4BZ5gB25dTsizuTzG49/SXb8270zjZPHm1tfxqB9/kAv3U/HP8mtiA3xn1sb/0Sb8c9wm9jdja3jP/ewC8V0lI7/3m87/l07dI0OZbn/NcZ8heTylUr5TET8PyJORmF/mt/ses7Z5Qcrnda1jv/SJS2/ORbM6vEwv//p50yX6qVnaXOrR7cjXms7/k3W+j9p0//p+3Fxm2UcK997vdO6rdu/t1Z+inijbf8/uaKVbH59cqyxP4w194qN/rpz7LdO5fe6/Wn/H9q8/aNJ6/Xa2s7L+PHAP+VO63a7/+9LPmuk92WP3SjV6/PjEfuSj/PD6x+fePLcZr65fdr+kyfax/9m+386+fp8m+2/c/ROx037of+nd9T/O088+OiLHzqVv73+f6uROpk9sp3j33Yr+CzvHQAAAAAAAPSbXEQcjiRXXEvncsXi6vc7jsahXKVaq5+6XF24Oh2N38qORiHXvNI90vJ9iPHs+7DN/MS6/GREHImIb4cONvLFqWpluteNBwAAAAAAAAAAAAAAAAAAgD4x3OH3/6nfh3pdO2DPNW5ssL/XtQB6Yctb/nfjTk9AX9oy/oGX1s7j35kBeFn4/IfBJf5hcIl/GFzbjf/CyB5XBHjufP7D4BL/AAAAAAAAAAAAAAAAAAAAAAAAAAAA0FUXL1xIl5Xlxzen0vz09cWF2er109Pl2mxxbmGqOFWdv1acqVZnKuXiVHVuq9erVKvXxidi4cZYvVyrj9UWly7NVReu1i9dmSvNlC+VC8+lVQAAAAAAAAAAAAAAAAAAAPBiqS0uzZYqlfK8RMfEueiLauxlA1ft6un5fmmFRFcTPT4wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECL/wIAAP//AzIzTA==")
r4 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
r5 = open(&(0x7f0000000300)='./file1\x00', 0x14927e, 0x0)
ioctl$LOOP_SET_STATUS(r4, 0x4c02, &(0x7f0000009a40)={0x0, {}, 0x0, {}, 0x7, 0x0, 0x200000a, 0x0, "22536af39b7c7cb7435b0a43852dbc3a9ada34cc97af10fd4fc8a15748328c53096c2f359e9ba743d30b59c491a7b3e74d938981061383374a1d58471a2d2dfe", "0410b1617b6228918d46cc632e9e13be3626f4e25310f5db74161ccef2c5cf5e", [0x100000000]})
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000380)='./file2\x00', 0x404, &(0x7f0000000740)={[{@bh}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@minixdf}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
pwritev2(r7, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r6, 0x40305829, &(0x7f00000003c0)={0x17c04, 0xffffffffffffffff, 0x4ea, 0x10001, 0x0, 0x8})
ioctl$sock_bt_hci(r3, 0x400448e6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000007"], 0x50)
write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='1\x00', 0x2)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$KVM_TDX_INIT_VM(r5, 0xc008aeba, &(0x7f0000000700)={0x1, 0x0, &(0x7f0000000540)={0x0, 0x100e1, [0x1, 0x3, 0x3ff, 0x5, 0xd, 0xfffffffffffffff7], [0x81, 0xea, 0x2, 0x0, 0x7fffffffffffffff, 0x9fa6], [0xfffffffffffffffd, 0x1, 0xa706, 0x4, 0xfffffffffffffff9, 0x3], '\x00', {0x4, 0x0, [{0xb, 0x4, 0x4, 0xed, 0x0, 0x4, 0x9}, {0x80000007, 0xfffffffa, 0x4, 0x4e, 0x9, 0x8}, {0x0, 0x9, 0x1, 0x7fff, 0x10, 0x2, 0x9}, {0x80000007, 0xa636, 0x5, 0x7ff, 0xfef4, 0x1, 0x401}]}}})
bind$bt_hci(r8, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
r9 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r9, &(0x7f0000000880)={0x2c2, 0x7d, 0x0, {{0x500, 0xfa, 0x0, 0x6a, {0x40}, 0x0, 0x2000000, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00'/31, 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xfb\xe1a\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x5e, '\xf8\xf6~\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x9d,;\x9e\x1dR\xc3\xd6\xda\x9b\xf1\x99V\x88\xda\xcel\xde{\xa4\xa4\x00\xb4\xb0\xb4\xdb\xe6Od\xb1\xd6?&ym\xcb\xecI\x86#\xd6\xa88\xc6\x9ai\xdf\xcc\x9c\xddY\x06\xf1t\xa6f\xa8R\x9aEw4\a\xdb\xda\xb2\x88[\xaf\x05\x00\x00\x00\x00\x00'}, 0x1b3, 'odev-n\xb1{#\x00\xf9\xda\xa1\xee#&n\xcf\x85\xfe\xa6^\xb2\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\xbd\x7f=\x7f)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x01\x00\x00\x00\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\xcf>\xe3\x88@\x02\xa9\x1cTR\x8b\x80z\x89\xca\x18M\x16d_\x06\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f)\x9f\x06\x1fu\xb7y|\xe1\xe4\x11\xea\x91\x8e\xbd\x88\x8c\x1e\x15k\x84V\x93\x1d.\xa7&\xba\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9G\x8f}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00\x00\x00\x00\x00\x00\x00ta\xb0\xcc\xaa\xa1\x93:\x0e\x8a\x82k\x14\xd4\xfc\xb2\x98\x9f\xfa\xaa\x1a\xcf\xfa\x80T\xe9U\x9d\xfa\xe4iz\xa0\v\x03\xb3\xd8\x0eU$\xf8I_\xee~\x8d\x88\xcbZ\x04\x03\x02\xac\xb0\xd1&\x0f%\x84\xdbH\xe8\xd9\x06N\x8c\xe1x\xce9n\x85\xb9~H\x86D@I\x81\x0f%\xf1\xce\xca\x97]\xebI\x1a\x12[\xf0\xd7/\x87\xcc\x10\xb0\x15N\b\x93m\xaa\xdd\x8b\x1e\x97'}}, 0x2c2)
write$binfmt_misc(r8, &(0x7f0000000000), 0xd)

[  102.153193][ T5298] Bluetooth: hci0: command tx timeout
[  102.279457][ T5339] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  102.284217][ T5339] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  102.311877][ T5339] loop0: detected capacity change from 0 to 1024
[  102.413744][ T5339] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.480996][ T5339] loop0: detected capacity change from 1024 to 1023
[  102.533035][ T5339] EXT4-fs error (device loop0): ext4_update_inline_data:362: inode #15: comm syz.0.0: missing inline data xattr
[  102.548850][ T5339] ==================================================================
[  102.552163][ T5339] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20
[  102.555346][ T5339] Read of size 18446744073709551600 at addr ffff8880559872b8 by task syz.0.0/5339
[  102.559092][ T5339] 
[  102.560123][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.560138][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.560145][ T5339] Call Trace:
[  102.560151][ T5339]  <TASK>
[  102.560157][ T5339]  dump_stack_lvl+0xe8/0x150
[  102.560176][ T5339]  print_address_description+0x55/0x1e0
[  102.560189][ T5339]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[  102.560199][ T5339]  print_report+0x58/0x70
[  102.560215][ T5339]  kasan_report+0x117/0x150
[  102.560237][ T5339]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[  102.560248][ T5339]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[  102.560258][ T5339]  kasan_check_range+0x264/0x2c0
[  102.560273][ T5339]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[  102.560283][ T5339]  __asan_memmove+0x29/0x70
[  102.560295][ T5339]  ext4_xattr_set_entry+0x9c1/0x1e20
[  102.560310][ T5339]  ext4_xattr_ibody_set+0x254/0x6a0
[  102.560328][ T5339]  ext4_destroy_inline_data_nolock+0x23a/0x5e0
[  102.560343][ T5339]  ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10
[  102.560355][ T5339]  ? trace_kmalloc+0x2a/0xf0
[  102.560367][ T5339]  ? __asan_memcpy+0x40/0x70
[  102.560377][ T5339]  ? ext4_read_inline_data+0x103/0x2c0
[  102.560388][ T5339]  ext4_convert_inline_data_nolock+0x208/0x990
[  102.560401][ T5339]  ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10
[  102.560413][ T5339]  ? down_write+0x16d/0x200
[  102.560475][ T5339]  ext4_convert_inline_data+0x4ce/0x600
[  102.560490][ T5339]  ? __pfx_ext4_convert_inline_data+0x10/0x10
[  102.560501][ T5339]  ? down_write+0x16d/0x200
[  102.560512][ T5339]  ? vfs_fallocate+0x5f0/0x7e0
[  102.560527][ T5339]  ext4_fallocate+0x1e2/0x3d0
[  102.560540][ T5339]  vfs_fallocate+0x669/0x7e0
[  102.560554][ T5339]  ? __pfx_vfs_fallocate+0x10/0x10
[  102.560569][ T5339]  file_ioctl+0x63f/0x860
[  102.560584][ T5339]  ? __pfx_file_ioctl+0x10/0x10
[  102.560605][ T5339]  ? kasan_quarantine_put+0xbb/0x1f0
[  102.560621][ T5339]  ? tomoyo_path_number_perm+0x219/0x630
[  102.560670][ T5339]  ? tomoyo_path_number_perm+0x219/0x630
[  102.560684][ T5339]  do_vfs_ioctl+0xc26/0x1530
[  102.560699][ T5339]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  102.560714][ T5339]  ? __pfx_vfs_writev+0x10/0x10
[  102.560730][ T5339]  ? do_futex+0x395/0x420
[  102.560746][ T5339]  ? __fget_files+0x2a/0x420
[  102.560760][ T5339]  ? __fget_files+0x2a/0x420
[  102.560770][ T5339]  ? __fget_files+0x3a0/0x420
[  102.560782][ T5339]  ? __fget_files+0x2a/0x420
[  102.560793][ T5339]  ? bpf_lsm_file_ioctl+0x9/0x20
[  102.560808][ T5339]  __se_sys_ioctl+0x82/0x170
[  102.560821][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.560832][ T5339]  do_syscall_64+0x174/0x580
[  102.560841][ T5339]  ? trace_irq_disable+0x3b/0x140
[  102.560855][ T5339]  ? clear_bhb_loop+0x40/0x90
[  102.560868][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.560880][ T5339] RIP: 0033:0x7fe306d9ce59
[  102.560891][ T5339] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.560900][ T5339] RSP: 002b:00007fe307be4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  102.560914][ T5339] RAX: ffffffffffffffda RBX: 00007fe307015fa0 RCX: 00007fe306d9ce59
[  102.560922][ T5339] RDX: 00002000000003c0 RSI: 0000000040305829 RDI: 000000000000000a
[  102.560929][ T5339] RBP: 00007fe306e32d6f R08: 0000000000000000 R09: 0000000000000000
[  102.560936][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.560943][ T5339] R13: 00007fe307016038 R14: 00007fe307015fa0 R15: 00007fffee1b5f98
[  102.560956][ T5339]  </TASK>
[  102.560959][ T5339] 
[  102.703607][ T5339] The buggy address belongs to the physical page:
[  102.706329][ T5339] page: refcount:2 mapcount:0 mapping:ffff88801cc25940 index:0x2 pfn:0x55987
[  102.709921][ T5339] memcg:ffff8880425d3880
[  102.711696][ T5339] aops:def_blk_aops ino:700000 dentry name(?):""
[  102.714424][ T5339] flags: 0x4fff58000004234(referenced|dirty|lru|workingset|private|node=1|zone=1|lastcpupid=0x7ff)
[  102.718826][ T5339] raw: 04fff58000004234 ffff888030448a80 ffff888030448a80 ffff88801cc25940
[  102.722452][ T5339] raw: 0000000000000002 ffff888046f4eae0 00000002ffffffff ffff8880425d3880
[  102.725965][ T5339] page dumped because: kasan: bad access detected
[  102.728617][ T5339] page_owner tracks the page as allocated
[  102.731084][ T5339] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5339, tgid 5338 (syz.0.0), ts 102525351623, free_ts 102523342774
[  102.739763][ T5339]  post_alloc_hook+0x22d/0x280
[  102.741864][ T5339]  get_page_from_freelist+0x2593/0x2610
[  102.744288][ T5339]  __alloc_frozen_pages_noprof+0x18d/0x380
[  102.746890][ T5339]  alloc_pages_mpol+0x235/0x490
[  102.749159][ T5339]  alloc_pages_noprof+0xac/0x2a0
[  102.751394][ T5339]  folio_alloc_noprof+0x1e/0x30
[  102.753590][ T5339]  filemap_alloc_folio_noprof+0x111/0x470
[  102.756168][ T5339]  __filemap_get_folio_mpol+0x3fc/0xb00
[  102.758686][ T5339]  bdev_getblk+0x1f6/0x6e0
[  102.760706][ T5339]  __ext4_get_inode_loc+0x528/0xfa0
[  102.763100][ T5339]  ext4_get_inode_loc+0x81/0xf0
[  102.765329][ T5339]  ext4_xattr_ibody_get+0x113/0x4c0
[  102.767979][ T5339]  ext4_xattr_get+0x123/0x6a0
[  102.770250][ T5339]  __vfs_getxattr+0x3f4/0x430
[  102.772760][ T5339]  cap_inode_need_killpriv+0x45/0x60
[  102.775502][ T5339]  security_inode_need_killpriv+0x85/0x240
[  102.778084][ T5339] page last free pid 5293 tgid 5293 stack trace:
[  102.780835][ T5339]  free_unref_folios+0xd9f/0x14c0
[  102.783082][ T5339]  folios_put_refs+0x9ff/0xb40
[  102.785121][ T5339]  free_pages_and_swap_cache+0x41d/0x490
[  102.787394][ T5339]  tlb_flush_mmu+0x6d3/0xa30
[  102.789315][ T5339]  tlb_finish_mmu+0xf9/0x230
[  102.791350][ T5339]  unmap_region+0x2a5/0x330
[  102.793327][ T5339]  vms_complete_munmap_vmas+0x493/0xc60
[  102.795642][ T5339]  do_vmi_align_munmap+0x3b7/0x4b0
[  102.797964][ T5339]  do_vmi_munmap+0x252/0x2d0
[  102.799914][ T5339]  __vm_munmap+0x22c/0x3d0
[  102.801771][ T5339]  __x64_sys_munmap+0x60/0x70
[  102.803597][ T5339]  do_syscall_64+0x174/0x580
[  102.805561][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.807961][ T5339] 
[  102.809088][ T5339] Memory state around the buggy address:
[  102.811651][ T5339]  ffff888055987180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.814969][ T5339]  ffff888055987200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.818146][ T5339] >ffff888055987280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.821352][ T5339]                                         ^
[  102.823727][ T5339]  ffff888055987300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.827308][ T5339]  ffff888055987380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.831506][ T5339] ==================================================================
[  102.869312][ T5339] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  102.872324][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.875966][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.879890][ T5339] Call Trace:
[  102.881345][ T5339]  <TASK>
[  102.882657][ T5339]  vpanic+0x56c/0xa60
[  102.884448][ T5339]  ? __pfx_vpanic+0x10/0x10
[  102.886353][ T5339]  ? __pfx___schedule+0x10/0x10
[  102.888507][ T5339]  panic+0xc5/0xd0
[  102.890169][ T5339]  ? __pfx_panic+0x10/0x10
[  102.892166][ T5339]  ? preempt_schedule_thunk+0x16/0x30
[  102.894412][ T5339]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[  102.896402][ T5339]  check_panic_on_warn+0x89/0xb0
[  102.898193][ T5339]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[  102.900743][ T5339]  end_report+0x73/0x170
[  102.902379][ T5339]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[  102.904595][ T5339]  kasan_report+0x128/0x150
[  102.906463][ T5339]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[  102.908900][ T5339]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[  102.911190][ T5339]  kasan_check_range+0x264/0x2c0
[  102.913350][ T5339]  ? ext4_xattr_set_entry+0x9c1/0x1e20
[  102.915577][ T5339]  __asan_memmove+0x29/0x70
[  102.917521][ T5339]  ext4_xattr_set_entry+0x9c1/0x1e20
[  102.919847][ T5339]  ext4_xattr_ibody_set+0x254/0x6a0
[  102.922174][ T5339]  ext4_destroy_inline_data_nolock+0x23a/0x5e0
[  102.924905][ T5339]  ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10
[  102.927895][ T5339]  ? trace_kmalloc+0x2a/0xf0
[  102.929956][ T5339]  ? __asan_memcpy+0x40/0x70
[  102.931982][ T5339]  ? ext4_read_inline_data+0x103/0x2c0
[  102.934397][ T5339]  ext4_convert_inline_data_nolock+0x208/0x990
[  102.937154][ T5339]  ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10
[  102.940104][ T5339]  ? down_write+0x16d/0x200
[  102.942112][ T5339]  ext4_convert_inline_data+0x4ce/0x600
[  102.944593][ T5339]  ? __pfx_ext4_convert_inline_data+0x10/0x10
[  102.947239][ T5339]  ? down_write+0x16d/0x200
[  102.949331][ T5339]  ? vfs_fallocate+0x5f0/0x7e0
[  102.951430][ T5339]  ext4_fallocate+0x1e2/0x3d0
[  102.953523][ T5339]  vfs_fallocate+0x669/0x7e0
[  102.955559][ T5339]  ? __pfx_vfs_fallocate+0x10/0x10
[  102.957714][ T5339]  file_ioctl+0x63f/0x860
[  102.959596][ T5339]  ? __pfx_file_ioctl+0x10/0x10
[  102.961711][ T5339]  ? kasan_quarantine_put+0xbb/0x1f0
[  102.963931][ T5339]  ? tomoyo_path_number_perm+0x219/0x630
[  102.966217][ T5339]  ? tomoyo_path_number_perm+0x219/0x630
[  102.968595][ T5339]  do_vfs_ioctl+0xc26/0x1530
[  102.970561][ T5339]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  102.972693][ T5339]  ? __pfx_vfs_writev+0x10/0x10
[  102.974764][ T5339]  ? do_futex+0x395/0x420
[  102.976568][ T5339]  ? __fget_files+0x2a/0x420
[  102.978509][ T5339]  ? __fget_files+0x2a/0x420
[  102.980472][ T5339]  ? __fget_files+0x3a0/0x420
[  102.982478][ T5339]  ? __fget_files+0x2a/0x420
[  102.984458][ T5339]  ? bpf_lsm_file_ioctl+0x9/0x20
[  102.986606][ T5339]  __se_sys_ioctl+0x82/0x170
[  102.988629][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.991317][ T5339]  do_syscall_64+0x174/0x580
[  102.993426][ T5339]  ? trace_irq_disable+0x3b/0x140
[  102.995635][ T5339]  ? clear_bhb_loop+0x40/0x90
[  102.997694][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.000175][ T5339] RIP: 0033:0x7fe306d9ce59
[  103.002049][ T5339] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.010044][ T5339] RSP: 002b:00007fe307be4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  103.013956][ T5339] RAX: ffffffffffffffda RBX: 00007fe307015fa0 RCX: 00007fe306d9ce59
[  103.017209][ T5339] RDX: 00002000000003c0 RSI: 0000000040305829 RDI: 000000000000000a
[  103.020528][ T5339] RBP: 00007fe306e32d6f R08: 0000000000000000 R09: 0000000000000000
[  103.023936][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.027151][ T5339] R13: 00007fe307016038 R14: 00007fe307015fa0 R15: 00007fffee1b5f98
[  103.030527][ T5339]  </TASK>
[  103.032276][ T5339] Kernel Offset: disabled
[  103.034111][ T5339] Rebooting in 86400 seconds..