program: syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x10, &(0x7f0000000100)={[{@dioread_lock}]}, 0x5, 0x7e5, &(0x7f00000018c0)="$eJzs3ctrW9kZAPDvyvKjTlK7UGjSlaHQGoLlOnWTFrpI6aIUGgi06yZCVkxq2QqWHGJjSEMpdFNoQxeFdpN12qa7btuZ7cy/MLMZhiEhM+OESZjF4OHqEcu25MgZWZqJfz+49jn3oXO++zj3yPdwHcCxNZX+yESciYg/JxETjflJRAzXUtmIi/X1nm1tFtIpie3tX32U1NZ5urVZiJZtYnw8TjQypyPijT9EnM3sL7eyvrGUL5WKq438bHX5xmxlfWPm+nJ+sbhYXDk/Nz9/7sIPL4z2LtZP3t44+egvP//evy9++vtvPfjTm0lcjJONZa1x9MpUTNX3SQynu3CXn/W6sAFLBl0BXkl6aQ7Vr/I4ExPZGOl+2+xRVgwAODK3I2IbADhmEvd/ADhmmn8HeLq1WUin7duD/XtEvz3+aUSM1eNvPt+sL8k2ntmN1Z6Djj9Ndj3vSCJisgflT0XEP/77m3+mUxzRc0iAdn53JyKuTk412/+d9ifZN2ahrvsBGd9vJg4YHDC1J6/9g/75X9r/+dFO/2/n+su86P9Em/7PaJtr91VMxe4RJ/uv/8zDHhTTUdr/+8nwzti2Zy3xN0wONXKnan2+4eTa9VIxbdu+HhHTMTya5ufaf3xteNn0k8+e7JrbEnFr/+/ju7+9n5af/t5ZI/Mwu6fJXchX872IPfX4TsS3s+3iT14c/6RD//dyl2X84sd//HunZWn8abzNaXf8Rz+qbPtexHejffxNyUHjE8/P1k6H2eZJ0cZ/3vvbeKfyW49/OqXl178LnOp9sG2kx3/84Pgnk9bxmpXDl/HWvYn/d1rWOf6m9uf/SPLrWrp5Kd3KV6urcxEjyS/3zz+3s20z31w/jX/6O+2v/4PO//Q74dUu488++vBfL42/OWNf/A1jXRZ2SGn8C4c6/m0T6VfhDovypQfPloY6ld/d8Z9PE0PTjTndtH8da5ovlUZa1nnlHQcAAAAAAAAAAAAAAAAAAAAAAAAAh5CpvaQ0yeRepDOZXC5q/8P7mzGeKZUr1bPXymsrC/WXmU7G8GhE1F51OdHyPtS5xvvwm/lze/I/iIhvRMRfR79Wy+cK5dLCoIMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIYTHf7/f+qD0frv5wOtIQBwJMZeusaTYl8qAgD0zcvv/xExevT1AAD6p6v7PwDwWnH/B4DjZywz6BoAAP02FpEddB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4rV2+dCmdtp9vbRbS/MLN9bWl8s2ZhWJlKbe8VsgVyqs3covl8mKpmCuUl1s2fafd55XK5RvzsbJ2a7ZarFRnK+sbV5bLayvVK9eX84vFK8XhvkUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN2rrG8s5Uul4mojcX88YvecPiWGGhXq5SfPnOx3FP1IbE/U99SXpT49T4ztnfP+zLunD9rq7r7TWOILJwbZKgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8dXweAAD//9GqGUs=") r0 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0x20) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {}, {@nojournal_checksum}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@grpjquota}, {@nodelalloc}, {@acl}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}]}, 0xfd, 0x574, &(0x7f0000000cc0)="$eJzs3U1rG0cfAPD/ylLenOexAyG0PZRADk0JkWO7LykUkh5LGxpo76mwFRMsR8GSQ+wGmhyaSy8lFEppoPQD9N5j6Bfopwi0gVCCaQ+l4LLyylFsyW+RIyX6/WDtGe1KM6PZ/2pmV2IDGFjH0z+5iFcj4pskYqRlXT6ylcdXt1t+fHMqXZJYWfn0zyTOrXutJPs/nGVeiYhfv4o4ldtYbm1xabZUqZTns/xYfe7aWG1x6fSVudJMeaZ8dWJy8uzbkxPvvftO19r65sW/v//k/odnvz6x/N3PD4/cTeJ8HM7Wpe3qQhG3WjPHS/9mqUKcX7fheBcK6ydJryvArgxlcV6I9BgwEkNZ1AMvvy8jYgUYUIn4hwHVHAc05/Zdmge/MB59sDoB2tj+/Oq5kTjQmBsdWk6emhml893RLpSflvHLH/fupktsfh7i4BZ5gB25dTsizuTzG49/SXb8270zjZPHm1tfxqB9/kAv3U/HP8mtiA3xn1sb/0Sb8c9wm9jdja3jP/ewC8V0lI7/3m87/l07dI0OZbn/NcZ8heTylUr5TET8PyJORmF/mt/ses7Z5Qcrnda1jv/SJS2/ORbM6vEwv//p50yX6qVnaXOrR7cjXms7/k3W+j9p0//p+3Fxm2UcK997vdO6rdu/t1Z+inijbf8/uaKVbH59cqyxP4w194qN/rpz7LdO5fe6/Wn/H9q8/aNJ6/Xa2s7L+PHAP+VO63a7/+9LPmuk92WP3SjV6/PjEfuSj/PD6x+fePLcZr65fdr+kyfax/9m+386+fp8m+2/c/ROx037of+nd9T/O088+OiLHzqVv73+f6uROpk9sp3j33Yr+CzvHQAAAAAAAPSbXEQcjiRXXEvncsXi6vc7jsahXKVaq5+6XF24Oh2N38qORiHXvNI90vJ9iPHs+7DN/MS6/GREHImIb4cONvLFqWpluteNBwAAAAAAAAAAAAAAAAAAgD4x3OH3/6nfh3pdO2DPNW5ssL/XtQB6Yctb/nfjTk9AX9oy/oGX1s7j35kBeFn4/IfBJf5hcIl/GFzbjf/CyB5XBHjufP7D4BL/AAAAAAAAAAAAAAAAAAAAAAAAAAAA0FUXL1xIl5Xlxzen0vz09cWF2er109Pl2mxxbmGqOFWdv1acqVZnKuXiVHVuq9erVKvXxidi4cZYvVyrj9UWly7NVReu1i9dmSvNlC+VC8+lVQAAAAAAAAAAAAAAAAAAAPBiqS0uzZYqlfK8RMfEueiLauxlA1ft6un5fmmFRFcTPT4wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECL/wIAAP//AzIzTA==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r2 = socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") syz_usb_connect(0x2, 0x2d, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb015c291d000905"], 0x0) syz_open_dev$audion(&(0x7f0000000140), 0x3, 0x24041) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000300)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae000034aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a9eee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x73b}]}}}]}, 0x3c}}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r7 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r7, 0x4c02, &(0x7f0000000640)={0x0, {}, 0x0, {}, 0x7, 0x0, 0x0, 0x0, "22536af39b7c7cb7435b0a43852dbc3a9ada34cc97af10fd4fcca15748328c53096c2f359e9ba743d30b59c491a7b3e74d938981061383374a1d79471a2d2dfe", "0410b1617b6228917d76322c2e9e13be3626f4e25310f5db74161ccef2c5cf5e", [0x3, 0x80000800]}) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x20, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x10001}, [@ldst={0x1, 0x0, 0x4, 0x2, 0x1}]}, &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb269}, 0x94) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendfile(r1, r8, 0x0, 0xfffe82) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x9000) fallocate(r0, 0x0, 0x0, 0x8800000) r9 = open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21) r10 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r10, 0x84, 0xb, &(0x7f0000000040)={0x5, 0x1, 0x9, 0x7, 0xf, 0xda, 0xae, 0x4c, 0x9, 0x2, 0x2, 0x5, 0x9, 0x48}, 0xe) shutdown(r10, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r10, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r10, 0x84, 0x23, &(0x7f0000000080)={r11, 0x4}, 0x8) pwritev2(r9, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x5a00, 0x0, 0x3) [ 85.642325][ T5320] loop0: detected capacity change from 0 to 2048 [ 85.736229][ T5320] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.008026][ T5283] Bluetooth: hci0: command tx timeout [ 86.088063][ T9] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 86.243003][ T9] usb 5-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 86.248396][ T9] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x8F has invalid maxpacket 52943, setting to 64 [ 86.253498][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 86.258859][ T9] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 86.262751][ T9] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 86.266340][ T9] usb 5-1: Product: syz [ 86.268655][ T9] usb 5-1: Manufacturer: syz [ 86.270848][ T9] usb 5-1: SerialNumber: syz [ 86.281368][ T9] usb 5-1: config 0 descriptor?? [ 86.286740][ T5320] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 86.301091][ T9] usb 5-1: selecting invalid altsetting 0 [ 86.505352][ T5320] usb 5-1: USB disconnect, device number 2 [ 86.562446][ T5321] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 86.624269][ T5321] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 86.650311][ T5321] bond0: (slave netdevsim1): Enslaving as an active interface with a down link [ 86.700761][ T5331] bridge_slave_0: left allmulticast mode [ 86.705692][ T5331] bridge_slave_0: left promiscuous mode [ 86.711472][ T5331] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.724526][ T5331] bridge_slave_1: left allmulticast mode [ 86.727053][ T5331] bridge_slave_1: left promiscuous mode [ 86.736668][ T5320] loop0: detected capacity change from 2048 to 2047 [ 86.740054][ T5331] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.779294][ T5331] bond0: (slave bond_slave_0): Releasing backup interface [ 86.791067][ T5320] EXT4-fs error (device loop0): ext4_update_inline_data:362: inode #15: comm syz.0.0: missing inline data xattr [ 86.809981][ T5331] bond0: (slave bond_slave_1): Releasing backup interface [ 86.815660][ T5320] ================================================================== [ 86.819403][ T5320] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20 [ 86.823685][ T5320] Read of size 18446744073709551600 at addr ffff888055a36eb8 by task syz.0.0/5320 [ 86.827931][ T5320] [ 86.829072][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.829089][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 86.829097][ T5320] Call Trace: [ 86.829106][ T5320] [ 86.829112][ T5320] dump_stack_lvl+0xe8/0x150 [ 86.829132][ T5320] print_address_description+0x55/0x1e0 [ 86.829146][ T5320] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 86.829166][ T5320] print_report+0x58/0x70 [ 86.829179][ T5320] kasan_report+0x117/0x150 [ 86.829203][ T5320] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 86.829224][ T5320] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 86.829242][ T5320] kasan_check_range+0x264/0x2c0 [ 86.829259][ T5320] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 86.829276][ T5320] __asan_memmove+0x29/0x70 [ 86.829291][ T5320] ext4_xattr_set_entry+0x9c1/0x1e20 [ 86.829313][ T5320] ext4_xattr_ibody_set+0x254/0x6a0 [ 86.829332][ T5320] ext4_destroy_inline_data_nolock+0x23a/0x5e0 [ 86.829350][ T5320] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 86.829366][ T5320] ? trace_kmalloc+0x2a/0xf0 [ 86.829380][ T5320] ? __asan_memcpy+0x40/0x70 [ 86.829394][ T5320] ? ext4_read_inline_data+0x103/0x2c0 [ 86.829406][ T5320] ext4_convert_inline_data_nolock+0x208/0x990 [ 86.829422][ T5320] ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10 [ 86.829434][ T5320] ? down_write+0x16d/0x200 [ 86.829499][ T5320] ext4_convert_inline_data+0x4ce/0x600 [ 86.829515][ T5320] ? __pfx_ext4_convert_inline_data+0x10/0x10 [ 86.829529][ T5320] ? down_write+0x16d/0x200 [ 86.829543][ T5320] ? vfs_fallocate+0x5f0/0x7e0 [ 86.829562][ T5320] ext4_fallocate+0x1e2/0x3d0 [ 86.829575][ T5320] vfs_fallocate+0x669/0x7e0 [ 86.829590][ T5320] ? __fget_files+0x2a/0x420 [ 86.829603][ T5320] ? __pfx_vfs_fallocate+0x10/0x10 [ 86.829619][ T5320] ? __fget_files+0x2a/0x420 [ 86.829631][ T5320] __x64_sys_fallocate+0xc0/0x110 [ 86.829647][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.829660][ T5320] do_syscall_64+0x15f/0xf80 [ 86.829673][ T5320] ? trace_irq_disable+0x3b/0x140 [ 86.829690][ T5320] ? clear_bhb_loop+0x40/0x90 [ 86.829703][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.829715][ T5320] RIP: 0033:0x7febae99cdd9 [ 86.829728][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.829738][ T5320] RSP: 002b:00007febaadf4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 86.829753][ T5320] RAX: ffffffffffffffda RBX: 00007febaec15fa0 RCX: 00007febae99cdd9 [ 86.829762][ T5320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 86.829769][ T5320] RBP: 00007febaea32d69 R08: 0000000000000000 R09: 0000000000000000 [ 86.829778][ T5320] R10: 0000000008800000 R11: 0000000000000246 R12: 0000000000000000 [ 86.829786][ T5320] R13: 00007febaec16038 R14: 00007febaec15fa0 R15: 00007ffe3826b468 [ 86.829799][ T5320] [ 86.829804][ T5320] [ 86.959142][ T5320] The buggy address belongs to the physical page: [ 86.962038][ T5320] page: refcount:2 mapcount:0 mapping:ffff88801cc2d940 index:0x2 pfn:0x55a36 [ 86.966024][ T5320] memcg:ffff88804484f600 [ 86.968051][ T5320] aops:def_blk_aops ino:700000 dentry name(?):"" [ 86.970797][ T5320] flags: 0x4fff58000004234(referenced|dirty|lru|workingset|private|node=1|zone=1|lastcpupid=0x7ff) [ 86.975191][ T5320] raw: 04fff58000004234 ffff888030450a80 ffff888030450a80 ffff88801cc2d940 [ 86.978778][ T5320] raw: 0000000000000002 ffff888046ed5bc8 00000002ffffffff ffff88804484f600 [ 86.982266][ T5320] page dumped because: kasan: bad access detected [ 86.985081][ T5320] page_owner tracks the page as allocated [ 86.987454][ T5320] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5320, tgid 5319 (syz.0.0), ts 86774634063, free_ts 86774447104 [ 86.995516][ T5320] post_alloc_hook+0x231/0x280 [ 86.997555][ T5320] get_page_from_freelist+0x24ba/0x2540 [ 86.999963][ T5320] __alloc_frozen_pages_noprof+0x18d/0x380 [ 87.002725][ T5320] alloc_pages_mpol+0x235/0x490 [ 87.005074][ T5320] alloc_pages_noprof+0xac/0x2a0 [ 87.007282][ T5320] folio_alloc_noprof+0x1e/0x30 [ 87.009465][ T5320] filemap_alloc_folio_noprof+0x111/0x470 [ 87.011955][ T5320] __filemap_get_folio_mpol+0x3fc/0xb00 [ 87.014390][ T5320] bdev_getblk+0x1f6/0x6e0 [ 87.016448][ T5320] __ext4_get_inode_loc+0x528/0xfa0 [ 87.018788][ T5320] ext4_get_inode_loc+0x81/0xf0 [ 87.020979][ T5320] ext4_xattr_ibody_get+0x113/0x4c0 [ 87.023347][ T5320] ext4_xattr_get+0x123/0x6a0 [ 87.025550][ T5320] __vfs_getxattr+0x3f4/0x430 [ 87.027738][ T5320] cap_inode_need_killpriv+0x45/0x60 [ 87.030228][ T5320] security_inode_need_killpriv+0x85/0x240 [ 87.032908][ T5320] page last free pid 5320 tgid 5319 stack trace: [ 87.035816][ T5320] free_unref_folios+0xcec/0x1480 [ 87.037933][ T5320] folios_put_refs+0x9ff/0xb40 [ 87.040188][ T5320] folio_batch_move_lru+0x4c2/0x550 [ 87.042544][ T5320] lru_add_drain_cpu+0xb8/0x7b0 [ 87.044888][ T5320] lru_add_drain+0x121/0x3e0 [ 87.047043][ T5320] __folio_batch_release+0x48/0x90 [ 87.049358][ T5320] filemap_splice_read+0xab4/0xd10 [ 87.051634][ T5320] splice_direct_to_actor+0x478/0xc70 [ 87.054194][ T5320] do_splice_direct+0x195/0x290 [ 87.056477][ T5320] do_sendfile+0x535/0x7d0 [ 87.058537][ T5320] __se_sys_sendfile64+0x144/0x1a0 [ 87.060834][ T5320] do_syscall_64+0x15f/0xf80 [ 87.062970][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.065702][ T5320] [ 87.066795][ T5320] Memory state around the buggy address: [ 87.069273][ T5320] ffff888055a36d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.072758][ T5320] ffff888055a36e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.076493][ T5320] >ffff888055a36e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.080172][ T5320] ^ [ 87.082780][ T5320] ffff888055a36f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.086321][ T5320] ffff888055a36f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 87.089894][ T5320] ================================================================== [ 87.121215][ T5331] team0: Port device team_slave_0 removed [ 87.127278][ T5331] team0: Port device team_slave_1 removed [ 87.131548][ T5331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 87.134916][ T5331] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 87.141949][ T5331] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 87.145278][ T5331] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 87.151916][ T5331] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 87.176475][ T5320] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 87.179545][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 87.183287][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 87.187776][ T5320] Call Trace: [ 87.189337][ T5320] [ 87.190730][ T5320] vpanic+0x56c/0xa60 [ 87.192611][ T5320] ? __pfx_vpanic+0x10/0x10 [ 87.194773][ T5320] ? __pfx___schedule+0x10/0x10 [ 87.197048][ T5320] panic+0xc5/0xd0 [ 87.198818][ T5320] ? __pfx_panic+0x10/0x10 [ 87.200882][ T5320] ? preempt_schedule_thunk+0x16/0x30 [ 87.203363][ T5320] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 87.205720][ T5320] check_panic_on_warn+0x89/0xb0 [ 87.207690][ T5320] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 87.209899][ T5320] end_report+0x73/0x170 [ 87.211586][ T5320] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 87.213828][ T5320] kasan_report+0x128/0x150 [ 87.215741][ T5320] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 87.218016][ T5320] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 87.220412][ T5320] kasan_check_range+0x264/0x2c0 [ 87.222643][ T5320] ? ext4_xattr_set_entry+0x9c1/0x1e20 [ 87.225159][ T5320] __asan_memmove+0x29/0x70 [ 87.227189][ T5320] ext4_xattr_set_entry+0x9c1/0x1e20 [ 87.229447][ T5320] ext4_xattr_ibody_set+0x254/0x6a0 [ 87.231771][ T5320] ext4_destroy_inline_data_nolock+0x23a/0x5e0 [ 87.234484][ T5320] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 87.237481][ T5320] ? trace_kmalloc+0x2a/0xf0 [ 87.239551][ T5320] ? __asan_memcpy+0x40/0x70 [ 87.241602][ T5320] ? ext4_read_inline_data+0x103/0x2c0 [ 87.244081][ T5320] ext4_convert_inline_data_nolock+0x208/0x990 [ 87.246991][ T5320] ? __pfx_ext4_convert_inline_data_nolock+0x10/0x10 [ 87.249924][ T5320] ? down_write+0x16d/0x200 [ 87.251940][ T5320] ext4_convert_inline_data+0x4ce/0x600 [ 87.254474][ T5320] ? __pfx_ext4_convert_inline_data+0x10/0x10 [ 87.257191][ T5320] ? down_write+0x16d/0x200 [ 87.259267][ T5320] ? vfs_fallocate+0x5f0/0x7e0 [ 87.261462][ T5320] ext4_fallocate+0x1e2/0x3d0 [ 87.263575][ T5320] vfs_fallocate+0x669/0x7e0 [ 87.265622][ T5320] ? __fget_files+0x2a/0x420 [ 87.267618][ T5320] ? __pfx_vfs_fallocate+0x10/0x10 [ 87.269830][ T5320] ? __fget_files+0x2a/0x420 [ 87.271871][ T5320] __x64_sys_fallocate+0xc0/0x110 [ 87.274219][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.276959][ T5320] do_syscall_64+0x15f/0xf80 [ 87.279022][ T5320] ? trace_irq_disable+0x3b/0x140 [ 87.281266][ T5320] ? clear_bhb_loop+0x40/0x90 [ 87.283386][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.286103][ T5320] RIP: 0033:0x7febae99cdd9 [ 87.288188][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 87.296936][ T5320] RSP: 002b:00007febaadf4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 87.300546][ T5320] RAX: ffffffffffffffda RBX: 00007febaec15fa0 RCX: 00007febae99cdd9 [ 87.304132][ T5320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 87.307666][ T5320] RBP: 00007febaea32d69 R08: 0000000000000000 R09: 0000000000000000 [ 87.311049][ T5320] R10: 0000000008800000 R11: 0000000000000246 R12: 0000000000000000 [ 87.314513][ T5320] R13: 00007febaec16038 R14: 00007febaec15fa0 R15: 00007ffe3826b468 [ 87.318080][ T5320] [ 87.319923][ T5320] Kernel Offset: disabled [ 87.321914][ T5320] Rebooting in 86400 seconds..