loop0: detected capacity change from 0 to 1024
EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
==================================================================
BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20 fs/ext4/xattr.c:1756
Read of size 18446744073709551600 at addr ffff88804c0242b8 by task syz.0.0/5323

CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xca/0x240 mm/kasan/report.c:482
 kasan_report+0x118/0x150 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:200
 __asan_memmove+0x29/0x70 mm/kasan/shadow.c:94
 ext4_xattr_set_entry+0x9c1/0x1e20 fs/ext4/xattr.c:1756
 ext4_xattr_ibody_set+0x254/0x6a0 fs/ext4/xattr.c:2268
 ext4_destroy_inline_data_nolock+0x214/0x5b0 fs/ext4/inline.c:463
 ext4_convert_inline_data_nolock+0x1f1/0x970 fs/ext4/inline.c:1105
 ext4_convert_inline_data+0x4b3/0x5e0 fs/ext4/inline.c:1976
 ext4_page_mkwrite+0x22c/0x1190 fs/ext4/inode.c:6687
 do_page_mkwrite+0x14d/0x310 mm/memory.c:3489
 do_shared_fault mm/memory.c:5792 [inline]
 do_fault mm/memory.c:5854 [inline]
 do_pte_missing mm/memory.c:4362 [inline]
 handle_pte_fault mm/memory.c:6195 [inline]
 __handle_mm_fault+0x1916/0x5400 mm/memory.c:6336
 handle_mm_fault+0x40a/0x8e0 mm/memory.c:6505
 do_user_addr_fault+0x764/0x1380 arch/x86/mm/fault.c:1387
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x82/0x100 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0010:rep_movs_alternative+0x4a/0x90 arch/x86/lib/copy_user_64.S:74
Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 7f 31 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
RSP: 0018:ffffc9000d3d7ae8 EFLAGS: 00050246
RAX: ffffffff848b2d01 RBX: 0000000000000040 RCX: 0000000000000040
RDX: 0000000000000000 RSI: ffffc9000d3d7b80 RDI: 0000200000042140
RBP: ffffc9000d3d7c30 R08: ffffc9000d3d7bbf R09: 1ffff92001a7af77
R10: dffffc0000000000 R11: fffff52001a7af78 R12: 0000200000042180
R13: 00007ffffffff000 R14: ffffc9000d3d7b80 R15: 0000200000042140
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]
 _inline_copy_to_user include/linux/uaccess.h:197 [inline]
 _copy_to_user+0x8a/0xb0 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 rng_dev_read+0x3f2/0x770 drivers/char/hw_random/core.c:258
 do_loop_readv_writev fs/read_write.c:847 [inline]
 vfs_readv+0x5aa/0x850 fs/read_write.c:1020
 do_preadv fs/read_write.c:1132 [inline]
 __do_sys_preadv fs/read_write.c:1179 [inline]
 __se_sys_preadv fs/read_write.c:1174 [inline]
 __x64_sys_preadv+0x197/0x2a0 fs/read_write.c:1174
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f302dd8f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f302ec92038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
RAX: ffffffffffffffda RBX: 00007f302dfe5fa0 RCX: 00007f302dd8f749
RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000005
RBP: 00007f302de13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f302dfe6038 R14: 00007f302dfe5fa0 R15: 00007ffe99f0e048
 </TASK>

The buggy address belongs to the physical page:
page: refcount:2 mapcount:0 mapping:ffff888032034d80 index:0x2 pfn:0x4c024
memcg:ffff888030ad8d00
aops:def_blk_aops ino:700000 dentry name(?):""
flags: 0x4fff58000004234(referenced|dirty|lru|workingset|private|node=1|zone=1|lastcpupid=0x7ff)
raw: 04fff58000004234 ffff888030ae8a80 ffff888030ae8a80 ffff888032034d80
raw: 0000000000000002 ffff888032104e80 00000002ffffffff ffff888030ad8d00
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5324, tgid 5322 (syz.0.0), ts 69093348550, free_ts 0
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x234/0x290 mm/page_alloc.c:1845
 prep_new_page mm/page_alloc.c:1853 [inline]
 get_page_from_freelist+0x2365/0x2440 mm/page_alloc.c:3879
 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5178
 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416
 alloc_frozen_pages_noprof mm/mempolicy.c:2487 [inline]
 alloc_pages_noprof+0xa9/0x190 mm/mempolicy.c:2507
 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2517
 filemap_alloc_folio_noprof+0xdf/0x470 mm/filemap.c:1020
 __filemap_get_folio+0x3f2/0xaf0 mm/filemap.c:2012
 grow_dev_folio fs/buffer.c:1050 [inline]
 grow_buffers fs/buffer.c:1116 [inline]
 __getblk_slow fs/buffer.c:1134 [inline]
 bdev_getblk+0x1ad/0x660 fs/buffer.c:1461
 __getblk include/linux/buffer_head.h:380 [inline]
 sb_getblk include/linux/buffer_head.h:386 [inline]
 __ext4_get_inode_loc+0x561/0x1040 fs/ext4/inode.c:4837
 ext4_get_inode_loc+0x81/0xf0 fs/ext4/inode.c:4965
 ext4_xattr_ibody_get+0x111/0x510 fs/ext4/xattr.c:648
 ext4_xattr_get+0x123/0x6a0 fs/ext4/xattr.c:709
 __vfs_getxattr+0x3f4/0x430 fs/xattr.c:423
 cap_inode_need_killpriv+0x45/0x60 security/commoncap.c:331
 security_inode_need_killpriv+0x89/0x270 security/security.c:2707
page_owner free stack trace missing

Memory state around the buggy address:
 ffff88804c024180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88804c024200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88804c024280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                        ^
 ffff88804c024300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88804c024380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
----------------
Code disassembly (best guess):
   0:	cc                   	int3
   1:	cc                   	int3
   2:	cc                   	int3
   3:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
   a:	00 00 00
   d:	0f 1f 00             	nopl   (%rax)
  10:	48 8b 06             	mov    (%rsi),%rax
  13:	48 89 07             	mov    %rax,(%rdi)
  16:	48 83 c6 08          	add    $0x8,%rsi
  1a:	48 83 c7 08          	add    $0x8,%rdi
  1e:	83 e9 08             	sub    $0x8,%ecx
  21:	74 db                	je     0xfffffffe
  23:	83 f9 08             	cmp    $0x8,%ecx
  26:	73 e8                	jae    0x10
  28:	eb c5                	jmp    0xffffffef
* 2a:	f3 a4                	rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction
  2c:	e9 7f 31 04 00       	jmp    0x431b0
  31:	48 8b 06             	mov    (%rsi),%rax
  34:	48 89 07             	mov    %rax,(%rdi)
  37:	48 8d 47 08          	lea    0x8(%rdi),%rax
  3b:	48 83 e0 f8          	and    $0xfffffffffffffff8,%rax
  3f:	48                   	rex.W