loop4: detected capacity change from 0 to 1024
==================================================================
BUG: KASAN: slab-out-of-bounds in __ext4_iget+0x254/0x31c4 fs/ext4/inode.c:4641
Read of size 8 at addr ffff0000dc3e7f40 by task syz.4.475/5990

CPU: 1 PID: 5990 Comm: syz.4.475 Not tainted 5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0x174/0x1e4 mm/kasan/report.c:451
 __asan_report_load8_noabort+0x44/0x50 mm/kasan/report_generic.c:309
 __ext4_iget+0x254/0x31c4 fs/ext4/inode.c:4641
 ext4_fill_super+0x690c/0x8768 fs/ext4/super.c:4840
 mount_bdev+0x274/0x370 fs/super.c:1387
 ext4_mount+0x44/0x58 fs/ext4/super.c:6602
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:611
 vfs_get_tree+0x90/0x274 fs/super.c:1517
 do_new_mount+0x278/0x8fc fs/namespace.c:3005
 path_mount+0x594/0x101c fs/namespace.c:3335
 do_mount fs/namespace.c:3348 [inline]
 __do_sys_mount fs/namespace.c:3556 [inline]
 __se_sys_mount fs/namespace.c:3533 [inline]
 __arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3533
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Allocated by task 5990:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 __kasan_slab_alloc+0x8c/0xcc mm/kasan/common.c:467
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519
 slab_alloc_node mm/slub.c:3220 [inline]
 slab_alloc mm/slub.c:3228 [inline]
 kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233
 kmem_cache_zalloc include/linux/slab.h:711 [inline]
 alloc_buffer_head+0x2c/0x150 fs/buffer.c:3311
 alloc_page_buffers+0x40c/0xa28 fs/buffer.c:832
 grow_dev_page fs/buffer.c:968 [inline]
 grow_buffers fs/buffer.c:1014 [inline]
 __getblk_slow fs/buffer.c:1041 [inline]
 __getblk_gfp+0x3f4/0x700 fs/buffer.c:1336
 sb_getblk_gfp include/linux/buffer_head.h:368 [inline]
 ext4_sb_breadahead_unmovable+0x6c/0x13c fs/ext4/super.c:239
 ext4_fill_super+0x484c/0x8768 fs/ext4/super.c:4572
 mount_bdev+0x274/0x370 fs/super.c:1387
 ext4_mount+0x44/0x58 fs/ext4/super.c:6602
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:611
 vfs_get_tree+0x90/0x274 fs/super.c:1517
 do_new_mount+0x278/0x8fc fs/namespace.c:3005
 path_mount+0x594/0x101c fs/namespace.c:3335
 do_mount fs/namespace.c:3348 [inline]
 __do_sys_mount fs/namespace.c:3556 [inline]
 __se_sys_mount fs/namespace.c:3533 [inline]
 __arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3533
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Freed by task 5990:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4c/0x84 mm/kasan/common.c:46
 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360
 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366
 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1705 [inline]
 slab_free_freelist_hook+0x128/0x1ec mm/slub.c:1731
 slab_free mm/slub.c:3499 [inline]
 kmem_cache_free+0xdc/0x3c4 mm/slub.c:3515
 free_buffer_head+0x58/0x118 fs/buffer.c:3327
 try_to_free_buffers+0x388/0x4c0 fs/buffer.c:3268
 try_to_release_page+0x228/0x2d0 mm/filemap.c:3980
 invalidate_complete_page mm/truncate.c:203 [inline]
 invalidate_inode_page+0x250/0x308 mm/truncate.c:255
 __invalidate_mapping_pages+0x280/0x664 mm/truncate.c:494
 invalidate_mapping_pages+0x38/0x4c mm/truncate.c:533
 invalidate_bdev+0xa4/0xc0 block/bdev.c:88
 ext4_fill_super+0x15dc/0x8768 fs/ext4/super.c:5113
 mount_bdev+0x274/0x370 fs/super.c:1387
 ext4_mount+0x44/0x58 fs/ext4/super.c:6602
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:611
 vfs_get_tree+0x90/0x274 fs/super.c:1517
 do_new_mount+0x278/0x8fc fs/namespace.c:3005
 path_mount+0x594/0x101c fs/namespace.c:3335
 do_mount fs/namespace.c:3348 [inline]
 __do_sys_mount fs/namespace.c:3556 [inline]
 __se_sys_mount fs/namespace.c:3533 [inline]
 __arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3533
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

The buggy address belongs to the object at ffff0000dc3e7e80
 which belongs to the cache buffer_head of size 168
The buggy address is located 24 bytes to the right of
 168-byte region [ffff0000dc3e7e80, ffff0000dc3e7f28)
The buggy address belongs to the page:
page:0000000059b24c15 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c3e7
memcg:ffff0000da47a801
flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000200 fffffc00037086c0 0000000700000007 ffff0000c0843800
raw: 0000000000000000 0000000080110011 00000001ffffffff ffff0000da47a801
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000dc3e7e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff0000dc3e7e80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff0000dc3e7f00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
                                           ^
 ffff0000dc3e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000dc3e8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
EXT4-fs (loop4): corrupt root inode, run e2fsck
EXT4-fs (loop4): mount failed