program:
r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x561, &(0x7f0000000f80)="$eJzs3U1rG0cfAPD/ylbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KuyNCZajYMkhdgNNDs25hF5KA6X30nOPoV+gh36GQBsIJZj20IvLyivFL5ItJ7KtVL8frJnZXWl2NPsfz2gkFMDAGs3+FCJejoivk4jjEZHkx4YjPzi6et7yk1tT2ZbEysqnfyaN87J887majzuaZ16KiF++ijhT2FxubXFptlyppPN5fqw+d32strh09upceSadSa9NTE6ef2dy4v333u1ZXd+89Pe3nzwYynMn7iVxIY7lubX1eA6312ZGYzR/TYpxYcOJ4z0orJ8kbff+tOfXwc4M5XFejKwPOB5DedQD/31fRsQKMKCSHcf/b8XduRJgbzXHAc25fY/mwS+Mxx+uToA213949b2RONSYGx1ZTtbNjLL57kgPys/K+PmP+/eyLXr3PgTAtm7fiYhzw8Ob+78k7/+e3bkuztlYhv4P9s6DbPzzVrvxT6E1/ok245+jbWL3WWwf/4VHPSimo2z890Hb8W9r0WpkKM/9rzHmKyZXrlbSrG/7f0ScjuLBLL/Ves755YcrnY6tHf9lW1Z+cyyYX8ej4YPrHzNdrpefp85rPb4T8Urb8W/Sav+kTftnr8elLss4ld5/rdOx7eu/u1Z+iHijbfs/XdFKtl6fHGvcD2PNu2Kzv+6e+rVT+ftd/6z9j2xd/5Fk7XptbedlfH/onzRa68nrrat/dH//H0g+a6QP5Ptuluv1+fGIA8nHrf2F5v6Jp49t5pvnZ/U//frW/V+7+/9wRHzeZf3vnvzx1U7H+qH9p9u2f2t2u6H9d554+NEX33Uqv7v+7+1G6nS+p5v+r9sLfJ7XDgAAAAAAAPpNISKORVIotdKFQqm0+vmOk3GkUKnW6meuVBeuTUfju7IjUSw0V7qPr/k8xHi+YtjMT2zIT0bEiYj4ZuhwI1+aqlam97vyAAAAAAAAAAAAAAAAAAAA0CeOdvj+f+b3of2+OmDX+clvGFzbxn8vfukJ6Ev+/8PgEv8wuMQ/DC7xD4NL/MPgEv8wuMQ/DC7xDwAAAAAAAAAAAAAAAAAAAAAAAAAAAD116eLFbFtZfnJrKstP31hcmK3eODud1mZLcwtTpanq/PXSTLU6U0lLU9W57Z6vUq1eH5+IhZtj9bRWH6stLl2eqy5cq1++OleeSS+nxT2pFQAAAAAAAAAAAAAAAAAAALxYaotLs+VKJZ2XkHimxHB/XIZEjxP73TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFP/BgAA//9q6zMB")
lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
mount$9p_unix(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x840041, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r1, &(0x7f0000002f40)=""/4092, 0xffc)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000020c0), 0x20002, 0x0)
preadv(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)=""/112, 0x70}, {&(0x7f0000000140)=""/151, 0x97}], 0x2, 0x4, 0x7)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x59}, [@jmp={0x5, 0x0, 0xa, 0x0, 0xa, 0x0, 0xfffffffffffffff0}]}, &(0x7f0000000140)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x25, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYRESHEX=r0, @ANYRESHEX], 0xfe37, 0x0)

[   75.580679][ T5301] Bluetooth: hci0: command tx timeout
[   75.677631][ T5321] loop0: detected capacity change from 0 to 1024
[   75.705038][ T5321] =======================================================
[   75.705038][ T5321] WARNING: The mand mount option has been deprecated and
[   75.705038][ T5321]          and is ignored by this kernel. Remove the mand
[   75.705038][ T5321]          option from the mount to silence this warning.
[   75.705038][ T5321] =======================================================
[   75.799528][ T5321] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.979857][ T5321] ==================================================================
[   75.999435][ T5321] BUG: KASAN: slab-out-of-bounds in ext4_xattr_set_entry+0x179e/0x1e20
[   76.015674][ T5321] Read of size 25190 at addr ffff888030a86c00 by task syz.0.0/5321
[   76.019148][ T5321] 
[   76.020400][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.020421][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   76.020430][ T5321] Call Trace:
[   76.020438][ T5321]  <TASK>
[   76.020445][ T5321]  dump_stack_lvl+0xe8/0x150
[   76.020469][ T5321]  print_report+0xba/0x230
[   76.020484][ T5321]  ? ext4_xattr_set_entry+0x179e/0x1e20
[   76.020496][ T5321]  kasan_report+0x117/0x150
[   76.020509][ T5321]  ? ext4_xattr_set_entry+0x179e/0x1e20
[   76.020521][ T5321]  kasan_check_range+0x264/0x2c0
[   76.020532][ T5321]  ? ext4_xattr_set_entry+0x179e/0x1e20
[   76.020544][ T5321]  __asan_memmove+0x29/0x70
[   76.020560][ T5321]  ext4_xattr_set_entry+0x179e/0x1e20
[   76.020576][ T5321]  ext4_xattr_block_set+0x878/0x2ad0
[   76.020586][ T5321]  ? __pfx_ext4_free_in_core_inode+0x10/0x10
[   76.020602][ T5321]  ? __pfx_evict+0x10/0x10
[   76.020613][ T5321]  ? do_raw_spin_unlock+0x4d/0x210
[   76.020625][ T5321]  ? _raw_spin_unlock+0x28/0x50
[   76.020811][ T5321]  ? iput+0xcc2/0x1020
[   76.020822][ T5321]  ? __pfx_ext4_xattr_block_set+0x10/0x10
[   76.020833][ T5321]  ? ext4_xattr_ibody_set+0x510/0x6a0
[   76.020846][ T5321]  ext4_xattr_set_handle+0xe34/0x14c0
[   76.020861][ T5321]  ? __pfx_ext4_xattr_set_handle+0x10/0x10
[   76.020871][ T5321]  ? ext4_journal_check_start+0x1c/0x2b0
[   76.020883][ T5321]  ? __ext4_journal_start_sb+0x259/0x570
[   76.020894][ T5321]  ext4_xattr_set+0x255/0x340
[   76.020905][ T5321]  ? __pfx_ext4_xattr_set+0x10/0x10
[   76.020916][ T5321]  ? __pfx_evm_protect_xattr+0x10/0x10
[   76.021032][ T5321]  ? __pfx_ext4_xattr_trusted_set+0x10/0x10
[   76.021044][ T5321]  __vfs_setxattr+0x43c/0x480
[   76.021061][ T5321]  __vfs_setxattr_noperm+0x12d/0x660
[   76.021076][ T5321]  vfs_setxattr+0x16a/0x2e0
[   76.021091][ T5321]  ? __pfx_vfs_setxattr+0x10/0x10
[   76.021107][ T5321]  filename_setxattr+0x281/0x630
[   76.021117][ T5321]  ? __pfx_filename_setxattr+0x10/0x10
[   76.021126][ T5321]  ? getname_flags+0x1e4/0x540
[   76.021141][ T5321]  path_setxattrat+0x3f3/0x430
[   76.021154][ T5321]  ? __pfx_path_setxattrat+0x10/0x10
[   76.021164][ T5321]  ? do_futex+0x333/0x420
[   76.021184][ T5321]  ? rcu_is_watching+0x15/0xb0
[   76.021196][ T5321]  __x64_sys_lsetxattr+0xbf/0xe0
[   76.021206][ T5321]  do_syscall_64+0xe2/0xf80
[   76.021217][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.021229][ T5321]  ? trace_irq_disable+0x37/0x100
[   76.021240][ T5321]  ? clear_bhb_loop+0x60/0xb0
[   76.021251][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.021261][ T5321] RIP: 0033:0x7fdad9b9acb9
[   76.021272][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   76.021281][ T5321] RSP: 002b:00007fdada9b9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[   76.021293][ T5321] RAX: ffffffffffffffda RBX: 00007fdad9e15fa0 RCX: 00007fdad9b9acb9
[   76.021302][ T5321] RDX: 0000200000000100 RSI: 00002000000000c0 RDI: 0000200000000280
[   76.021310][ T5321] RBP: 00007fdad9c08bf7 R08: 0000000000000000 R09: 0000000000000000
[   76.021317][ T5321] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000
[   76.021324][ T5321] R13: 00007fdad9e16038 R14: 00007fdad9e15fa0 R15: 00007ffe09fb4bc8
[   76.021335][ T5321]  </TASK>
[   76.021339][ T5321] 
[   76.351706][ T5321] Allocated by task 5321:
[   76.353796][ T5321]  kasan_save_track+0x3e/0x80
[   76.356060][ T5321]  __kasan_kmalloc+0x93/0xb0
[   76.358259][ T5321]  __kmalloc_node_track_caller_noprof+0x558/0x7f0
[   76.361204][ T5321]  kmemdup_noprof+0x2b/0x70
[   76.371250][ T5321]  ext4_xattr_block_set+0x787/0x2ad0
[   76.387357][ T5321]  ext4_xattr_set_handle+0xe34/0x14c0
[   76.389926][ T5321]  ext4_xattr_set+0x255/0x340
[   76.392300][ T5321]  __vfs_setxattr+0x43c/0x480
[   76.394274][ T5321]  __vfs_setxattr_noperm+0x12d/0x660
[   76.396516][ T5321]  vfs_setxattr+0x16a/0x2e0
[   76.398622][ T5321]  filename_setxattr+0x281/0x630
[   76.401894][ T5321]  path_setxattrat+0x3f3/0x430
[   76.408164][ T5321]  __x64_sys_lsetxattr+0xbf/0xe0
[   76.410540][ T5321]  do_syscall_64+0xe2/0xf80
[   76.412756][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.451632][ T5321] 
[   76.454910][ T5321] The buggy address belongs to the object at ffff888030a86800
[   76.454910][ T5321]  which belongs to the cache kmalloc-1k of size 1024
[   76.461729][ T5321] The buggy address is located 0 bytes to the right of
[   76.461729][ T5321]  allocated 1024-byte region [ffff888030a86800, ffff888030a86c00)
[   76.468874][ T5321] 
[   76.470947][ T5321] The buggy address belongs to the physical page:
[   76.481449][ T5321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30a84
[   76.485428][ T5321] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   76.488890][ T5321] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   76.492195][ T5321] page_type: f5(slab)
[   76.503099][ T5321] raw: 04fff00000000040 ffff88801a841dc0 0000000000000000 dead000000000001
[   76.506655][ T5321] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   76.510552][ T5321] head: 04fff00000000040 ffff88801a841dc0 0000000000000000 dead000000000001
[   76.527617][ T5321] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   76.531421][ T5321] head: 04fff00000000002 ffffea0000c2a101 00000000ffffffff 00000000ffffffff
[   76.552156][ T5321] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   76.556187][ T5321] page dumped because: kasan: bad access detected
[   76.559169][ T5321] page_owner tracks the page as allocated
[   76.561784][ T5321] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2795744722, free_ts 0
[   76.586017][ T5321]  post_alloc_hook+0x228/0x280
[   76.588222][ T5321]  get_page_from_freelist+0x24dc/0x2580
[   76.607027][ T5321]  __alloc_frozen_pages_noprof+0x18d/0x380
[   76.609458][ T5321]  alloc_pages_mpol+0x232/0x4a0
[   76.611478][ T5321]  allocate_slab+0x86/0x3a0
[   76.613447][ T5321]  ___slab_alloc+0xd82/0x1760
[   76.615440][ T5321]  __slab_alloc+0x65/0x100
[   76.617301][ T5321]  __kmalloc_cache_noprof+0x40d/0x6e0
[   76.620567][ T5321]  bus_register+0x58/0x480
[   76.631720][ T5321]  gpiolib_dev_init+0x1a/0x1c0
[   76.636079][ T5321]  do_one_initcall+0x250/0x840
[   76.647185][ T5321]  do_initcall_level+0x104/0x190
[   76.649475][ T5321]  do_initcalls+0x59/0xa0
[   76.651371][ T5321]  kernel_init_freeable+0x2a6/0x3d0
[   76.666879][ T5321]  kernel_init+0x1d/0x1d0
[   76.668801][ T5321]  ret_from_fork+0x51b/0xa40
[   76.670920][ T5321] page_owner free stack trace missing
[   76.682487][ T5321] 
[   76.683518][ T5321] Memory state around the buggy address:
[   76.685795][ T5321]  ffff888030a86b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.688984][ T5321]  ffff888030a86b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.692210][ T5321] >ffff888030a86c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.708963][ T5321]                    ^
[   76.710864][ T5321]  ffff888030a86c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.714542][ T5321]  ffff888030a86d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   76.718093][ T5321] ==================================================================
[   76.756085][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   76.760768][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   76.895813][ T5321] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   76.899225][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.921256][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   76.926017][ T5321] Call Trace:
[   76.927899][ T5321]  <TASK>
[   76.929673][ T5321]  vpanic+0x1e0/0x670
[   76.931775][ T5321]  panic+0xc5/0xd0
[   76.943471][ T5321]  ? __pfx_panic+0x10/0x10
[   76.945413][ T5321]  ? preempt_schedule_thunk+0x16/0x30
[   76.947962][ T5321]  ? ext4_xattr_set_entry+0x179e/0x1e20
[   76.950523][ T5321]  check_panic_on_warn+0x89/0xb0
[   76.953635][ T5321]  ? ext4_xattr_set_entry+0x179e/0x1e20
[   76.956314][ T5321]  end_report+0x6f/0x140
[   76.958447][ T5321]  kasan_report+0x128/0x150
[   76.979272][ T5321]  ? ext4_xattr_set_entry+0x179e/0x1e20
[   76.982377][ T5321]  kasan_check_range+0x264/0x2c0
[   76.985285][ T5321]  ? ext4_xattr_set_entry+0x179e/0x1e20
[   76.988534][ T5321]  __asan_memmove+0x29/0x70
[   76.991121][ T5321]  ext4_xattr_set_entry+0x179e/0x1e20
[   76.999518][ T5321]  ext4_xattr_block_set+0x878/0x2ad0
[   77.001970][ T5321]  ? __pfx_ext4_free_in_core_inode+0x10/0x10
[   77.004773][ T5321]  ? __pfx_evict+0x10/0x10
[   77.007359][ T5321]  ? do_raw_spin_unlock+0x4d/0x210
[   77.010316][ T5321]  ? _raw_spin_unlock+0x28/0x50
[   77.012897][ T5321]  ? iput+0xcc2/0x1020
[   77.014633][ T5321]  ? __pfx_ext4_xattr_block_set+0x10/0x10
[   77.016984][ T5321]  ? ext4_xattr_ibody_set+0x510/0x6a0
[   77.019152][ T5321]  ext4_xattr_set_handle+0xe34/0x14c0
[   77.021485][ T5321]  ? __pfx_ext4_xattr_set_handle+0x10/0x10
[   77.024920][ T5321]  ? ext4_journal_check_start+0x1c/0x2b0
[   77.029194][ T5321]  ? __ext4_journal_start_sb+0x259/0x570
[   77.056090][ T5321]  ext4_xattr_set+0x255/0x340
[   77.058361][ T5321]  ? __pfx_ext4_xattr_set+0x10/0x10
[   77.060868][ T5321]  ? __pfx_evm_protect_xattr+0x10/0x10
[   77.074608][ T5321]  ? __pfx_ext4_xattr_trusted_set+0x10/0x10
[   77.077330][ T5321]  __vfs_setxattr+0x43c/0x480
[   77.079559][ T5321]  __vfs_setxattr_noperm+0x12d/0x660
[   77.082117][ T5321]  vfs_setxattr+0x16a/0x2e0
[   77.084343][ T5321]  ? __pfx_vfs_setxattr+0x10/0x10
[   77.086696][ T5321]  filename_setxattr+0x281/0x630
[   77.088953][ T5321]  ? __pfx_filename_setxattr+0x10/0x10
[   77.091488][ T5321]  ? getname_flags+0x1e4/0x540
[   77.105330][ T5321]  path_setxattrat+0x3f3/0x430
[   77.107669][ T5321]  ? __pfx_path_setxattrat+0x10/0x10
[   77.110032][ T5321]  ? do_futex+0x333/0x420
[   77.139922][ T5321]  ? rcu_is_watching+0x15/0xb0
[   77.142189][ T5321]  __x64_sys_lsetxattr+0xbf/0xe0
[   77.144191][ T5321]  do_syscall_64+0xe2/0xf80
[   77.146068][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.148551][ T5321]  ? trace_irq_disable+0x37/0x100
[   77.167215][ T5321]  ? clear_bhb_loop+0x60/0xb0
[   77.170606][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.176787][ T5321] RIP: 0033:0x7fdad9b9acb9
[   77.180624][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   77.188813][ T5321] RSP: 002b:00007fdada9b9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[   77.194678][ T5321] RAX: ffffffffffffffda RBX: 00007fdad9e15fa0 RCX: 00007fdad9b9acb9
[   77.198618][ T5321] RDX: 0000200000000100 RSI: 00002000000000c0 RDI: 0000200000000280
[   77.228391][ T5321] RBP: 00007fdad9c08bf7 R08: 0000000000000000 R09: 0000000000000000
[   77.242956][ T5321] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000
[   77.247487][ T5321] R13: 00007fdad9e16038 R14: 00007fdad9e15fa0 R15: 00007ffe09fb4bc8
[   77.251385][ T5321]  </TASK>
[   77.278417][ T5321] Kernel Offset: disabled
[   77.280437][ T5321] Rebooting in 86400 seconds..