program: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80002, 0x0, 0x0, 0x0, 0x0, 0x9}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x29, 0x23, &(0x7f0000000040), 0xcf) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000d000000028000001294", 0x2e}], 0x1, 0x0, 0x0, 0x2400}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f09086d4b28433b1a5f09afb5768013a9cc7c02719fa0c9c55738a26b1ead4fb20499b9359ca387a860e3a3054e619ca1a73e1649bde7d03f00752ce27f6bd48f4cad3f1c8e0a81aadd9b000ab3e85bbcffbc7dabebb4f1dc14bdf966174ed3b77b40b5aeddc9157c1bf5e0f3c0cab106f9fac4e7b9552d814dbe", 0xa8}], 0x1}, 0x60) r7 = syz_open_procfs(0x0, &(0x7f0000000440)='net/tcp\x00') pread64(r7, &(0x7f0000000000)=""/65, 0x41, 0x7bdb) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(r7, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000428bd70cf08000000000000000800030000000000140006800600010002000000080006008a6b1c1fef714f4305000000"], 0x38}, 0x1, 0x0, 0x0, 0x20040010}, 0x408c0) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00'}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2000000011000101d3bd0000f2ff00e1bec9495c", @ANYRES32=r1, @ANYRESDEC=r8], 0x20}}, 0x41) dup3(r1, r5, 0x80000) syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x0, &(0x7f0000000280)={[{@acl}]}, 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") open(&(0x7f0000000080)='./file1\x00', 0x80242, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r9, &(0x7f0000000140)='2', 0x1, 0x8080c61) syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000000)='./file1\x00', 0x2000494, &(0x7f0000000440)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c00484516000000000037c015c57600912233eefc80e89be5a1ef2c27ebf5171169dcfa4805d89c7e1f70d73d649ba4afab8b2194a9e8b537ad2ed68f8319883b84237da3bf9213365872b3f3"], 0x1, 0x2ca, &(0x7f0000000500)="$eJzs3E9rE2sUx/HTpk3TlDa5cLlwBfWgG92ENr4ADdKCGFBqU9SFMLUTDRmTMhMqEbHZiFtfR3HpTlBfgN2IG3HrrgiCmy7Ekc6fmrRpzZ+2SdvvB8o8mWd+PKfTaTlTmFm//fJRMe+k8kZFBmMqgyI12RBJbo4CA8F20BtHpV5NLo79+Hz61p271zPZ7PSs6kxm7lJaVSfOvn389NW595Wx+dcTb0ZkLXlv/Xv669p/a/+v/5p7WHCGxdFSuaKGLpTLFWPBMnWx4BRTqjct03BMLZQc026Yz1vlpaWqGqXF8fiSbTqOGqWqFs2qVspasatqPDAKJU2lUjoel5Mi0XTvUAvJ3OrsrJHZddqNdFEVemC02U7bztSaT+ZWD6EmAADQZ/bu//1ef/f+Pzvvbzvq/7WwW/8v0nX//yF6+OfyKKg1fPpL/x9qfoMR27eicKBsO2PEg9/fRvT/AAAAAAAAAAAAAAAAAAAAAAAcBRuum3BdNxFuw6+R4AGP8HOv68TBaPPnH74Q4HIPS8Y+qntwLyZivVjOLef8rT+fyUtBLDFlUhLy07seAv545lp2elI9SXlnrQT5leVcRDavoUxUCluLJcP8gPcYmp8/88+Un9fG/LDE69dPS0L+bb5+umk+KhfO1+VTkpCP96UsliyKfAkuaC//bEr16o3stvzo5nEAAAAAABwLKd2y4/7dm/cOiMnOeT/fxv8Htt1fD8mpVl5RCQAAAAAAuuZUnxQNyzLtDgYjItJF/LgOItIXZWwbXBGRTuLxfii+/UFMRPw92kn821a8pZTbwjFDItLz09LGoNd/mQAAAADstz9NfxuhT88PsCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6eVt8HFh6/Yyqc2CNet1zk0L9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoI/8DgAA///REBf+") mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file7\x00', 0x1c0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file7/file0\x00', 0x800020, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x158) r10 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r10, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x7f, 0x0, 0x200040, 0x8, "22536af39b7c7cb7435b0a43852dbc3a9ada34cc97affd4fcca15739328c53096c2f359e9ba743d30b59c491a7b3e74d938981061383374a1d79471a2d2dfe00", "04106d0c31ef6c1f02a4aa6d0c5aa9263626c0240010f9db74161ccff2c5cf5e", [0x10000004e, 0x2]}) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file7/file0\x00', 0x2) [ 108.965615][ T4653] Bluetooth: hci0: command tx timeout [ 109.061698][ T5332] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 109.112155][ T5333] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 109.183317][ T5335] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 109.192148][ T5332] bridge0: port 3(netdevsim1) entered blocking state [ 109.196455][ T5332] bridge0: port 3(netdevsim1) entered disabled state [ 109.202397][ T5332] netdevsim netdevsim0 netdevsim1: entered allmulticast mode [ 109.216592][ T5332] netdevsim netdevsim0 netdevsim1: entered promiscuous mode [ 109.246377][ T5333] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 109.282671][ T5332] loop0: detected capacity change from 0 to 2048 [ 109.446509][ T5332] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.598297][ T5332] loop0: detected capacity change from 2048 to 2047 [ 109.656290][ T5331] ================================================================== [ 109.660890][ T5331] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x92b/0x1ed0 [ 109.665272][ T5331] Read of size 18446744073709551600 at addr ffff88804d352ec8 by task syz.0.0/5331 [ 109.670604][ T5331] [ 109.672055][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 109.672070][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.672078][ T5331] Call Trace: [ 109.672084][ T5331] [ 109.672088][ T5331] dump_stack_lvl+0xe8/0x150 [ 109.672108][ T5331] print_address_description+0x55/0x1e0 [ 109.672121][ T5331] ? ext4_xattr_set_entry+0x92b/0x1ed0 [ 109.672136][ T5331] print_report+0x58/0x70 [ 109.672146][ T5331] kasan_report+0x117/0x150 [ 109.672157][ T5331] ? ext4_xattr_set_entry+0x92b/0x1ed0 [ 109.672170][ T5331] ? ext4_xattr_set_entry+0x92b/0x1ed0 [ 109.672182][ T5331] kasan_check_range+0x264/0x2c0 [ 109.672193][ T5331] ? ext4_xattr_set_entry+0x92b/0x1ed0 [ 109.672211][ T5331] __asan_memmove+0x29/0x70 [ 109.672226][ T5331] ext4_xattr_set_entry+0x92b/0x1ed0 [ 109.672246][ T5331] ext4_xattr_ibody_set+0x262/0x710 [ 109.672261][ T5331] ext4_destroy_inline_data_nolock+0x23a/0x5f0 [ 109.672281][ T5331] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 109.672298][ T5331] ? lock_acquire+0x221/0x350 [ 109.672312][ T5331] ? down_write+0x16d/0x200 [ 109.672375][ T5331] ? ext4_journal_check_start+0x1cf/0x2b0 [ 109.672391][ T5331] ext4_destroy_inline_data+0x83/0xe0 [ 109.672408][ T5331] ext4_do_writepages+0x573/0x47a0 [ 109.672421][ T5331] ? __lock_acquire+0x683/0x2cf0 [ 109.672433][ T5331] ? __lock_acquire+0x683/0x2cf0 [ 109.672448][ T5331] ? do_raw_spin_lock+0x12b/0x2f0 [ 109.672463][ T5331] ? look_up_lock_class+0x57/0x110 [ 109.672476][ T5331] ? register_lock_class+0x31/0x2e0 [ 109.672486][ T5331] ? __pfx_ext4_do_writepages+0x10/0x10 [ 109.672497][ T5331] ? __lock_acquire+0x683/0x2cf0 [ 109.672508][ T5331] ? __lock_acquire+0x683/0x2cf0 [ 109.672522][ T5331] ? ext4_writepages+0x205/0x3b0 [ 109.672536][ T5331] ? ext4_writepages+0x205/0x3b0 [ 109.672552][ T5331] ext4_writepages+0x241/0x3b0 [ 109.672565][ T5331] ? __lock_acquire+0x683/0x2cf0 [ 109.672575][ T5331] ? __pfx_ext4_writepages+0x10/0x10 [ 109.672589][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 109.672611][ T5331] ? __mutex_trylock_common+0x15f/0x270 [ 109.672627][ T5331] ? __pfx_ext4_writepages+0x10/0x10 [ 109.672641][ T5331] do_writepages+0x338/0x560 [ 109.672661][ T5331] ? do_raw_spin_unlock+0x4d/0x210 [ 109.672676][ T5331] filemap_flush+0x1e1/0x2e0 [ 109.672694][ T5331] ? __pfx_filemap_flush+0x10/0x10 [ 109.672709][ T5331] ? locks_remove_file+0x11a/0xf40 [ 109.672730][ T5331] ? rcu_is_watching+0x15/0xb0 [ 109.672746][ T5331] ext4_release_file+0x82/0x310 [ 109.672758][ T5331] ? __pfx_ext4_release_file+0x10/0x10 [ 109.672768][ T5331] __fput+0x418/0xa50 [ 109.672787][ T5331] task_work_run+0x1d9/0x270 [ 109.672802][ T5331] ? __pfx_task_work_run+0x10/0x10 [ 109.672816][ T5331] exit_to_user_mode_loop+0x1fa/0x730 [ 109.672827][ T5331] ? rcu_is_watching+0x15/0xb0 [ 109.672840][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.672851][ T5331] do_syscall_64+0x353/0x580 [ 109.672866][ T5331] ? clear_bhb_loop+0x40/0x90 [ 109.672880][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.672891][ T5331] RIP: 0033:0x7f2f4119ce59 [ 109.672903][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.672913][ T5331] RSP: 002b:00007fff5c42cfd8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 109.672927][ T5331] RAX: 0000000000000000 RBX: 00007fff5c42d0c0 RCX: 00007f2f4119ce59 [ 109.672935][ T5331] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 109.672942][ T5331] RBP: 000000000001a935 R08: 0000000000000001 R09: 0000000000000000 [ 109.672948][ T5331] R10: 00007f2f40fff02c R11: 0000000000000246 R12: 00007fff5c42d100 [ 109.672955][ T5331] R13: 00007f2f4141609c R14: 000000000001abbb R15: 00007f2f41416090 [ 109.672966][ T5331] [ 109.672969][ T5331] [ 109.912457][ T5331] The buggy address belongs to the physical page: [ 109.916988][ T5331] page: refcount:2 mapcount:0 mapping:ffff88801cc25940 index:0x2 pfn:0x4d352 [ 109.920286][ T5331] memcg:ffff888038211980 [ 109.922047][ T5331] aops:def_blk_aops ino:700000 dentry name(?):"" [ 109.925582][ T5331] flags: 0x4fff58000004024(referenced|lru|private|node=1|zone=1|lastcpupid=0x7ff) [ 109.930533][ T5331] raw: 04fff58000004024 ffff888030448a80 ffff888030448a80 ffff88801cc25940 [ 109.935819][ T5331] raw: 0000000000000002 ffff888043e43e00 00000002ffffffff ffff888038211980 [ 109.940607][ T5331] page dumped because: kasan: bad access detected [ 109.943904][ T5331] page_owner tracks the page as allocated [ 109.947524][ T5331] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5331, tgid 5331 (syz.0.0), ts 109648748144, free_ts 109579606098 [ 109.958553][ T5331] post_alloc_hook+0x1f9/0x250 [ 109.960811][ T5331] get_page_from_freelist+0x21fa/0x2270 [ 109.963093][ T5331] __alloc_frozen_pages_noprof+0x18d/0x380 [ 109.966230][ T5331] alloc_pages_mpol+0x212/0x380 [ 109.968968][ T5331] alloc_pages_noprof+0xac/0x2a0 [ 109.971550][ T5331] folio_alloc_noprof+0x1e/0x30 [ 109.974065][ T5331] filemap_alloc_folio_noprof+0x111/0x470 [ 109.976759][ T5331] __filemap_get_folio_mpol+0x402/0x1000 [ 109.979446][ T5331] bdev_getblk+0x1f4/0x6e0 [ 109.981126][ T5331] __ext4_get_inode_loc+0x56c/0xf40 [ 109.982872][ T5331] ext4_get_inode_loc+0x81/0xf0 [ 109.984459][ T5331] ext4_destroy_inline_data_nolock+0x140/0x5f0 [ 109.986474][ T5331] ext4_destroy_inline_data+0x83/0xe0 [ 109.988667][ T5331] ext4_do_writepages+0x573/0x47a0 [ 109.991071][ T5331] ext4_writepages+0x241/0x3b0 [ 109.993782][ T5331] do_writepages+0x338/0x560 [ 109.996329][ T5331] page last free pid 5332 tgid 5331 stack trace: [ 109.999597][ T5331] free_unref_folios+0xd84/0x14a0 [ 110.001946][ T5331] folios_put_refs+0x9e9/0xb30 [ 110.004085][ T5331] mapping_try_invalidate+0x3b7/0x4b0 [ 110.006523][ T5331] loop_set_status+0x25d/0xd50 [ 110.008855][ T5331] lo_ioctl+0xcd9/0x1fc0 [ 110.010797][ T5331] blkdev_ioctl+0x5e3/0x740 [ 110.013291][ T5331] __se_sys_ioctl+0xfc/0x170 [ 110.015534][ T5331] do_syscall_64+0x174/0x580 [ 110.017967][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.020917][ T5331] [ 110.021924][ T5331] Memory state around the buggy address: [ 110.024602][ T5331] ffff88804d352d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 110.028962][ T5331] ffff88804d352e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 110.033737][ T5331] >ffff88804d352e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 110.052926][ T5331] ^ [ 110.055495][ T5331] ffff88804d352f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 110.058317][ T5331] ffff88804d352f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 110.061020][ T5331] ================================================================== [ 110.085415][ T5331] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 110.088641][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 110.094031][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 110.099589][ T5331] Call Trace: [ 110.101365][ T5331] [ 110.103194][ T5331] vpanic+0x56c/0xa60 [ 110.105642][ T5331] ? __pfx_vpanic+0x10/0x10 [ 110.108319][ T5331] panic+0xc5/0xd0 [ 110.110367][ T5331] ? __pfx_panic+0x10/0x10 [ 110.112282][ T5331] ? preempt_schedule_thunk+0x16/0x40 [ 110.115006][ T5331] ? preempt_schedule_thunk+0x16/0x40 [ 110.117906][ T5331] ? ext4_xattr_set_entry+0x92b/0x1ed0 [ 110.120340][ T5331] check_panic_on_warn+0x89/0xb0 [ 110.122502][ T5331] ? ext4_xattr_set_entry+0x92b/0x1ed0 [ 110.125203][ T5331] end_report+0x73/0x170 [ 110.127303][ T5331] ? ext4_xattr_set_entry+0x92b/0x1ed0 [ 110.130362][ T5331] kasan_report+0x128/0x150 [ 110.132466][ T5331] ? ext4_xattr_set_entry+0x92b/0x1ed0 [ 110.135025][ T5331] ? ext4_xattr_set_entry+0x92b/0x1ed0 [ 110.137803][ T5331] kasan_check_range+0x264/0x2c0 [ 110.140524][ T5331] ? ext4_xattr_set_entry+0x92b/0x1ed0 [ 110.143658][ T5331] __asan_memmove+0x29/0x70 [ 110.145804][ T5331] ext4_xattr_set_entry+0x92b/0x1ed0 [ 110.148154][ T5331] ext4_xattr_ibody_set+0x262/0x710 [ 110.150340][ T5331] ext4_destroy_inline_data_nolock+0x23a/0x5f0 [ 110.153237][ T5331] ? __pfx_ext4_destroy_inline_data_nolock+0x10/0x10 [ 110.156424][ T5331] ? lock_acquire+0x221/0x350 [ 110.158580][ T5331] ? down_write+0x16d/0x200 [ 110.160544][ T5331] ? ext4_journal_check_start+0x1cf/0x2b0 [ 110.163000][ T5331] ext4_destroy_inline_data+0x83/0xe0 [ 110.165651][ T5331] ext4_do_writepages+0x573/0x47a0 [ 110.168383][ T5331] ? __lock_acquire+0x683/0x2cf0 [ 110.170550][ T5331] ? __lock_acquire+0x683/0x2cf0 [ 110.172783][ T5331] ? do_raw_spin_lock+0x12b/0x2f0 [ 110.175256][ T5331] ? look_up_lock_class+0x57/0x110 [ 110.177715][ T5331] ? register_lock_class+0x31/0x2e0 [ 110.180112][ T5331] ? __pfx_ext4_do_writepages+0x10/0x10 [ 110.182376][ T5331] ? __lock_acquire+0x683/0x2cf0 [ 110.186029][ T5331] ? __lock_acquire+0x683/0x2cf0 [ 110.188126][ T5331] ? ext4_writepages+0x205/0x3b0 [ 110.190319][ T5331] ? ext4_writepages+0x205/0x3b0 [ 110.192768][ T5331] ext4_writepages+0x241/0x3b0 [ 110.195077][ T5331] ? __lock_acquire+0x683/0x2cf0 [ 110.197803][ T5331] ? __pfx_ext4_writepages+0x10/0x10 [ 110.200444][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 110.202523][ T5331] ? __mutex_trylock_common+0x15f/0x270 [ 110.205034][ T5331] ? __pfx_ext4_writepages+0x10/0x10 [ 110.207288][ T5331] do_writepages+0x338/0x560 [ 110.209366][ T5331] ? do_raw_spin_unlock+0x4d/0x210 [ 110.211850][ T5331] filemap_flush+0x1e1/0x2e0 [ 110.213858][ T5331] ? __pfx_filemap_flush+0x10/0x10 [ 110.216367][ T5331] ? locks_remove_file+0x11a/0xf40 [ 110.218549][ T5331] ? rcu_is_watching+0x15/0xb0 [ 110.220562][ T5331] ext4_release_file+0x82/0x310 [ 110.222570][ T5331] ? __pfx_ext4_release_file+0x10/0x10 [ 110.224950][ T5331] __fput+0x418/0xa50 [ 110.228921][ T5331] task_work_run+0x1d9/0x270 [ 110.230952][ T5331] ? __pfx_task_work_run+0x10/0x10 [ 110.233977][ T5331] exit_to_user_mode_loop+0x1fa/0x730 [ 110.236918][ T5331] ? rcu_is_watching+0x15/0xb0 [ 110.239123][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.241937][ T5331] do_syscall_64+0x353/0x580 [ 110.243995][ T5331] ? clear_bhb_loop+0x40/0x90 [ 110.246083][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.248910][ T5331] RIP: 0033:0x7f2f4119ce59 [ 110.251092][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 110.259302][ T5331] RSP: 002b:00007fff5c42cfd8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 110.264532][ T5331] RAX: 0000000000000000 RBX: 00007fff5c42d0c0 RCX: 00007f2f4119ce59 [ 110.267891][ T5331] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 110.272234][ T5331] RBP: 000000000001a935 R08: 0000000000000001 R09: 0000000000000000 [ 110.277295][ T5331] R10: 00007f2f40fff02c R11: 0000000000000246 R12: 00007fff5c42d100 [ 110.281906][ T5331] R13: 00007f2f4141609c R14: 000000000001abbb R15: 00007f2f41416090 [ 110.286639][ T5331] [ 110.288563][ T5331] Kernel Offset: disabled [ 110.290333][ T5331] Rebooting in 86400 seconds..