program:
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000080), 0x81, 0x7a5, &(0x7f0000000f80)="$eJzs3c9rXNUeAPDvnfxq0r6XPHjwXl0FBA2UTkyNrYKLigsRLBR0bRsm01AzyZTMpDQh0BYR3AgqLgTddO2PunPrj63+Fy6kpWparLiQkTuZSSbNTJq0mZlgPh+4uefcc2/O+c65P87MvcwEcGCNpn8yEUcj4v0kYri2PImIvmqqN+L02nr3V1dy6ZREpfL6r0l1nXurK7lo2CZ1uJb5f0R8907EsczWektLy7NThUJ+oZYfL89dGi8tLR+/ODc1k5/Jz5+cmJw8ceq5Uyf3Ltbff1w+cvuDV57+8vSfb//v5nvfJ3E6jtTKGuPYK6MxWntN+tKXcJOX97qyLku63QAeSXpo9qwd5XE0hqOnmmphsJMtAwDa5WpEVACAAyZx/QeAA6b+OcC91ZVcferuJxKddeeliDi0Fn/9/uZaSW/tnt2h6n3QoXvJpjsjSUSM7EH9oxHx6ddvfp5O0ab7kADNXLseEedHRree/5Mtzyzs1jPbFVYGqrPRBxY7/0HnfJOOf55vNv7LrI9/osn4Z6DJsfsoHn78Z27tQTUtpeO/FxuebbvfEH/NSE8t96/qmK8vuXCxkE/Pbf+OiLHoG0jzE9VVmz8FNXb3r7ut6m8c//324VufpfWn8401Mrd6BzZvMz1VnnrcuOvuXI94ordZ/Ml6/yctxr9nd1jHqy+8+0mrsjT+NN76tDX+9qrciHiqaf9v9GWy7fOJ49XdYby+UzTx1U8fD7Wqf6P/B6rztP76e4FOSPt/aPv4R5LG5zVLu6/jhxvD37Yqa9z/m8fffP/vT96opvtry65MlcsLExH9yWtbl5/Y2Laer6+fxj/2ZPPjv9X+n6k9G3t+Pbe93tu/fFH7V03jr7rWKv72SuOf3lX/b5Oo1LZ5oOjm/dmeVvXvrP8nq6mx2pKdnP8e0tLH2JsBAAAAAAAAAAAAAAAAAAAAAAAAYPcyEXEkkkx2PZ3JZLNrv+H93xjKFIql8rELxcX56aj+VvZI9GXqX3U53PB9qBO178Ov5088kH82Iv4TER8NDFbz2VyxMN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5vDm3/+/ms6y2bWynwe63ToAoG0OdbsBAEDHuf4DwMGzu+v/YNvaAQB0zq7f/1eS9jQEAOiYHV//z7e3HQBA57j/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJudPXMmnSp/rK7k0vz05aXF2eLl49P50mx2bjGXzRUXLmVnisWZQj6bK861/EfX1maFYvHSZMwvXhkv50vl8dLS8rm54uJ8+dzFuamZ/Ll8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdKy0tz04VCvkFiW0Tg/ujGfsm0Rv7ohn/+ER/12pvPEsMdu8EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDP/R0AAP//aHclQg==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, &(0x7f0000006380))
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
ioctl$USBDEVFS_RESETEP(r2, 0x80045503, &(0x7f0000000040)={0x1, 0x1})
mount$cgroup2(0x0, &(0x7f0000000100)='./file2\x00', &(0x7f0000000140), 0x3844e1, &(0x7f0000000280)={[{@memory_localevents}, {@memory_hugetlb_accounting}, {@pids_localevents}, {@pids_localevents}, {@subsystem='freezer'}, {@memory_localevents}, {@favordynmods}, {@favordynmods}], [{@dont_hash}, {@smackfsdef={'smackfsdef', 0x3d, 'cpuacct.usage_percpu_user\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}]})
r3 = socket$xdp(0x2c, 0x3, 0x0)
r4 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x2000000, &(0x7f0000000b00)={[{@user_xattr}, {@nodioread_nolock}, {@nodelalloc}]}, 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=")
r5 = syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0xc0041)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000002e40), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r6, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000b40)=ANY=[@ANYBLOB="5c268573abf7b97e5dbf2e04fb6b4c54b69be53a462d83062a692b54b8536d11e1bee3d271d05fd4e5c8a1facc755e681d0d1cbf0431d56b47fcb0c48c417808edcc445bcb6af26d61c8e2c98ef859ad10152c7085de7556990d20e78694391cf9fe4a910dca5073eabb5d46672083f1dca70366796ae3721a3d6555e4391848f5f54341e04d981963e118f11baaa190a2d36f7a2a1fbbeb1ab27c74b640772909529153f36d3474c0227f475b2f0caf9bb2757099ecd1fc56a4d213a25ef0ae624c596f0a8996116d48a370d0d6d1e1f8c0c88d6ffa8b9c792d38f2d6b08301d272bf456480d5cd2768a371a83f3b8439dcd731a7c4c0ef9d086ce00b3526dd06e9169067d2d2d0be2b564d2823755e3e59f20bdee0e63bd2b1a7b48880258b5f5a", @ANYRES16=r7, @ANYBLOB="3f0404000000ffdbdf25100000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0006000000060011000800000008001300020000000500140000000000"], 0x54}}, 0x8000)
poll(&(0x7f0000000180)=[{r5, 0x2140}], 0x1, 0x9)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x127040, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r8, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
llistxattr(&(0x7f0000000500)='./file1\x00', 0x0, 0x0)
r9 = syz_open_procfs(r4, &(0x7f0000000000)='map_files\x00')
fchdir(r9)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000000200)=0x50c2e4, 0x4)
ioctl$SNDCTL_SEQ_THRESHOLD(r0, 0x4004510d, &(0x7f0000000040)=0x1ff)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x6, 0x8012, r3, 0x0)

[   75.392803][ T5301] Bluetooth: hci0: command tx timeout
[   75.453401][ T5322] loop0: detected capacity change from 0 to 2048
[   75.564119][ T5322] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.655594][ T5322] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   75.681731][ T5323] EXT4-fs error (device loop0): ext4_lookup:1787: inode #16: comm syz.0.0: iget: bad i_size value: 8796093031208
[   75.688024][ T5322] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 752 with error 28
[   75.731464][ T5322] EXT4-fs (loop0): This should not happen!! Data will be lost
[   75.731464][ T5322] 
[   75.757854][ T5322] EXT4-fs (loop0): Total free blocks count 0
[   75.768035][ T5322] EXT4-fs (loop0): Free/Dirty block details
[   75.770452][ T5322] EXT4-fs (loop0): free_blocks=2415919104
[   75.783114][ T5322] EXT4-fs (loop0): dirty_blocks=768
[   75.785293][ T5322] EXT4-fs (loop0): Block reservation details
[   75.787775][ T5322] EXT4-fs (loop0): i_reserved_data_blocks=48
[   75.815964][   T25] audit: type=1800 audit(1759833713.905:2): pid=5323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0
[   75.861970][ T5323] loop0: detected capacity change from 2048 to 64
[   75.881554][ T5322] ==================================================================
[   75.884879][ T5322] BUG: KASAN: use-after-free in ext4_xattr_list_entries+0x302/0x3d0
[   75.888326][ T5322] Read of size 4 at addr ffff88800093c014 by task syz.0.0/5322
[   75.891572][ T5322] 
[   75.892561][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.892572][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.892577][ T5322] Call Trace:
[   75.892584][ T5322]  <TASK>
[   75.892590][ T5322]  dump_stack_lvl+0x189/0x250
[   75.892606][ T5322]  ? __kasan_check_byte+0x12/0x40
[   75.892622][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.892633][ T5322]  ? lock_release+0x4b/0x3e0
[   75.892641][ T5322]  ? __virt_addr_valid+0x4a5/0x5c0
[   75.892651][ T5322]  print_report+0xca/0x240
[   75.892661][ T5322]  ? ext4_xattr_list_entries+0x302/0x3d0
[   75.892671][ T5322]  kasan_report+0x118/0x150
[   75.892681][ T5322]  ? ext4_xattr_list_entries+0x302/0x3d0
[   75.892691][ T5322]  ext4_xattr_list_entries+0x302/0x3d0
[   75.892700][ T5322]  ? ext4_get_inode_loc+0xc5/0xf0
[   75.892709][ T5322]  ext4_listxattr+0x1f9/0x630
[   75.892719][ T5322]  ? __pfx_ext4_listxattr+0x10/0x10
[   75.892728][ T5322]  ? strncpy_from_user+0x150/0x290
[   75.892739][ T5322]  ? __pfx_ext4_listxattr+0x10/0x10
[   75.892746][ T5322]  listxattr+0x10f/0x2a0
[   75.892753][ T5322]  path_listxattrat+0x179/0x3a0
[   75.892762][ T5322]  ? __pfx_path_listxattrat+0x10/0x10
[   75.892772][ T5322]  ? do_syscall_64+0xbe/0xfa0
[   75.892823][ T5322]  do_syscall_64+0xfa/0xfa0
[   75.892830][ T5322]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.892840][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.892850][ T5322]  ? clear_bhb_loop+0x60/0xb0
[   75.892861][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.892872][ T5322] RIP: 0033:0x7f7f8f58eec9
[   75.892882][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.892891][ T5322] RSP: 002b:00007f7f90343038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[   75.892904][ T5322] RAX: ffffffffffffffda RBX: 00007f7f8f7e5fa0 RCX: 00007f7f8f58eec9
[   75.892911][ T5322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000500
[   75.892918][ T5322] RBP: 00007f7f8f611f91 R08: 0000000000000000 R09: 0000000000000000
[   75.892923][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.892928][ T5322] R13: 00007f7f8f7e6038 R14: 00007f7f8f7e5fa0 R15: 00007ffcdd84be88
[   75.892938][ T5322]  </TASK>
[   75.892943][ T5322] 
[   75.990222][ T5322] The buggy address belongs to the physical page:
[   75.992790][ T5322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xa0 pfn:0x93c
[   75.996487][ T5322] flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
[   75.999259][ T5322] page_type: f0(buddy)
[   76.001070][ T5322] raw: 007ff00000000000 ffffea0000025508 ffffea0000024308 0000000000000000
[   76.004815][ T5322] raw: 00000000000000a0 0000000000000002 00000000f0000000 0000000000000000
[   76.008591][ T5322] page dumped because: kasan: bad access detected
[   76.011515][ T5322] page_owner tracks the page as freed
[   76.014025][ T5322] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_MOVABLE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 4721, tgid 4721 (udevadm), ts 26354988631, free_ts 73610747374
[   76.023736][ T5322]  post_alloc_hook+0x240/0x2a0
[   76.025870][ T5322]  get_page_from_freelist+0x2365/0x2440
[   76.028378][ T5322]  __alloc_frozen_pages_noprof+0x181/0x370
[   76.031023][ T5322]  alloc_pages_mpol+0x232/0x4a0
[   76.033192][ T5322]  alloc_pages_noprof+0xa9/0x190
[   76.035378][ T5322]  folio_alloc_noprof+0x1e/0x30
[   76.037502][ T5322]  filemap_alloc_folio_noprof+0xdf/0x470
[   76.039815][ T5322]  page_cache_ra_unbounded+0x35d/0x9a0
[   76.042257][ T5322]  filemap_fault+0x62d/0x12b0
[   76.044414][ T5322]  __do_fault+0x138/0x390
[   76.046325][ T5322]  __handle_mm_fault+0x35e3/0x5400
[   76.048484][ T5322]  handle_mm_fault+0x40a/0x8e0
[   76.050599][ T5322]  do_user_addr_fault+0xa7c/0x1380
[   76.052956][ T5322]  exc_page_fault+0x82/0x100
[   76.055165][ T5322]  asm_exc_page_fault+0x26/0x30
[   76.057378][ T5322] page last free pid 78 tgid 78 stack trace:
[   76.060011][ T5322]  free_unref_folios+0xdb3/0x14f0
[   76.062184][ T5322]  shrink_folio_list+0x295e/0x4c70
[   76.064356][ T5322]  evict_folios+0x471e/0x57c0
[   76.066379][ T5322]  try_to_shrink_lruvec+0x8a3/0xb50
[   76.068641][ T5322]  shrink_one+0x21b/0x7c0
[   76.070506][ T5322]  shrink_node+0x315d/0x3780
[   76.072211][ T5322]  kswapd+0x147c/0x2800
[   76.074043][ T5322]  kthread+0x70e/0x8a0
[   76.075932][ T5322]  ret_from_fork+0x4bc/0x870
[   76.077941][ T5322]  ret_from_fork_asm+0x1a/0x30
[   76.080145][ T5322] 
[   76.081150][ T5322] Memory state around the buggy address:
[   76.083389][ T5322]  ffff88800093bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.086877][ T5322]  ffff88800093bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.090347][ T5322] >ffff88800093c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.093902][ T5322]                          ^
[   76.095989][ T5322]  ffff88800093c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.098985][ T5322]  ffff88800093c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.101983][ T5322] ==================================================================
[   76.132676][ T5322] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   76.135929][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.139732][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.144421][ T5322] Call Trace:
[   76.145939][ T5322]  <TASK>
[   76.147301][ T5322]  dump_stack_lvl+0x99/0x250
[   76.149432][ T5322]  ? __asan_memcpy+0x40/0x70
[   76.151454][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.153551][ T5322]  ? __pfx__printk+0x10/0x10
[   76.155269][ T5322]  vpanic+0x237/0x6d0
[   76.156907][ T5322]  ? __pfx_vpanic+0x10/0x10
[   76.158908][ T5322]  ? preempt_schedule+0xae/0xc0
[   76.161062][ T5322]  ? __pfx_preempt_schedule+0x10/0x10
[   76.163417][ T5322]  panic+0xb9/0xc0
[   76.164967][ T5322]  ? __pfx_panic+0x10/0x10
[   76.166942][ T5322]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   76.169321][ T5322]  ? ext4_xattr_list_entries+0x302/0x3d0
[   76.171501][ T5322]  check_panic_on_warn+0x89/0xb0
[   76.173655][ T5322]  ? ext4_xattr_list_entries+0x302/0x3d0
[   76.175943][ T5322]  end_report+0x78/0x160
[   76.177849][ T5322]  kasan_report+0x129/0x150
[   76.179971][ T5322]  ? ext4_xattr_list_entries+0x302/0x3d0
[   76.182440][ T5322]  ext4_xattr_list_entries+0x302/0x3d0
[   76.184900][ T5322]  ? ext4_get_inode_loc+0xc5/0xf0
[   76.187190][ T5322]  ext4_listxattr+0x1f9/0x630
[   76.189028][ T5322]  ? __pfx_ext4_listxattr+0x10/0x10
[   76.191185][ T5322]  ? strncpy_from_user+0x150/0x290
[   76.193159][ T5322]  ? __pfx_ext4_listxattr+0x10/0x10
[   76.195224][ T5322]  listxattr+0x10f/0x2a0
[   76.196941][ T5322]  path_listxattrat+0x179/0x3a0
[   76.198959][ T5322]  ? __pfx_path_listxattrat+0x10/0x10
[   76.200946][ T5322]  ? do_syscall_64+0xbe/0xfa0
[   76.202849][ T5322]  do_syscall_64+0xfa/0xfa0
[   76.204704][ T5322]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.206891][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.209666][ T5322]  ? clear_bhb_loop+0x60/0xb0
[   76.212178][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.214764][ T5322] RIP: 0033:0x7f7f8f58eec9
[   76.216771][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.226344][ T5322] RSP: 002b:00007f7f90343038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[   76.229937][ T5322] RAX: ffffffffffffffda RBX: 00007f7f8f7e5fa0 RCX: 00007f7f8f58eec9
[   76.233387][ T5322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000500
[   76.237062][ T5322] RBP: 00007f7f8f611f91 R08: 0000000000000000 R09: 0000000000000000
[   76.240459][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.243975][ T5322] R13: 00007f7f8f7e6038 R14: 00007f7f8f7e5fa0 R15: 00007ffcdd84be88
[   76.247361][ T5322]  </TASK>
[   76.249012][ T5322] Kernel Offset: disabled
[   76.250953][ T5322] Rebooting in 86400 seconds..