program:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x800700, &(0x7f0000000440)={[{@quota}, {@minixdf}, {@resgid}, {@sysvgroups}, {@grpquota}, {@acl}, {@debug}]}, 0x1, 0x47d, &(0x7f0000000e00)="$eJzs3M1vVFUbAPDn3n7w+dK+iCYgapUYGz9aWlBZuNFo4gKjiS5wWdtCCAM1tCZCiFRjcGNiSHRtXJr4F7hzY9SViVvdGxKixAR0VXNm7oXp0GE6MJ1B5vdLBs7pOXPvee6ZM/fce2YmgL41lv7JIrZHxK8RMVLLrq4wVvvv2pVzs39fOTebxcrKm39k1XpXr5ybLauWz9tWZMbziPzjrNhJbKrf7OKZsydmKpX500V+cunku5OLZ84+c/zkzLH5Y/Onpg8dOnhg6vnnpp9dVxxZi/IU19U9Hyzs3f3q2xdfmz1y8Z0fv0nP2V6U18fRKWMp8D9XqhrLHu/0znrsf3XpbLCHDaEtAxGRumuoOv5HYiBudN5IvPJRTxsHbKh0btrUvHh5BbiHZdG6zl/daAjQZeWJPl3/lo8uTT3uCpdfrF0ApbivFY9ayWDkRZ2hhuvbThqLiCPL/3yZHrFB9yEAAOp9OvvF4Xh6rflfHg/U1dtRrKEMRsT/I2JnRNwXEbsi4v6IVLdxSrkuYw35m+c/+aXbDG1d0vzvhWJta/X8r5z9xehAkUtzwNEYyo4er8zvL47JeAxtSvmpW+zju5d/+axZWf38Lz3S/su5YNGOS4MNN+jmZpZmqpPSDrj8YW3t7Ob4s+srAal8d0TsaW/TO8rE8Se/3rtl79qVWsd/Cx1YZ1r5KuKJWvzL0RB/Kbv1+uTk5qjM758sXxU3++nnC28023+T+IfvPLL1Sf2/dXX/N1YZzerXaxfb38eF3z5pek3Tov9TD6/5+h/O3qr2S3mg3p9ZWjo9FTGcHa7mV/19+sZzy3xZP8U/vm/t8b+zeE7az4MRkV7CD0XEwxHxSNH2RyPisYjYF83vov/wUl007cW/4VL8c03Gf6Gh/9tPDJz4/ttyY5vbjj+9/x2spsaLv1Tf/1pYbwPv9PgBAADAf0Fe/Qx8lk9cT+f5xETtM/y7YmteWVhceurownun5mqflR+Noby80zVSdz90KlsutljLT1fLbpQfKO4bfz6wpZqfmF2ozPU4duh325qM/+T3gV63Dthwa62jTXdtCQropcGIs9vq8vnq4vOvd7tBQNf4vjb0rxbjP+9WO4Duc/6H/rXW+D/fkLcWAPcm53/oX8Y/9C/jH/qX8Q99qe4r8cNxu1/wv7cSecs65Y8jdKE92V3bKZFXKnObWx2E8geB7o42S6w/0et3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74NwAA///wO/Ai")
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0)
mkdir(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x5)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
readlink(&(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000100)=""/34, 0x22)
symlink(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r0, &(0x7f0000000040)=0x1f00, 0x12)
[ 72.197786][ T5316] Bluetooth: hci0: command tx timeout
[ 72.230897][ T5329] loop0: detected capacity change from 0 to 512
[ 72.312286][ T5329] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a85ec098, mo2=0002]
[ 72.315396][ T5329] System zones: 1-12
[ 72.321588][ T5329] EXT4-fs error (device loop0): __ext4_iget:4984: inode #15: block 1803188595: comm syz.0.0: invalid block
[ 72.326511][ T5329] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.0: couldn't read orphan inode 15 (err -117)
[ 72.332857][ T5329] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 72.345406][ T5329] ==================================================================
[ 72.348462][ T5329] BUG: KASAN: slab-use-after-free in ext4_insert_dentry+0x36a/0x6d0
[ 72.351455][ T5329] Write of size 251 at addr ffff888043431f14 by task syz.0.0/5329
[ 72.354405][ T5329]
[ 72.355301][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[ 72.358917][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 72.362793][ T5329] Call Trace:
[ 72.363977][ T5329]
[ 72.365082][ T5329] dump_stack_lvl+0x241/0x360
[ 72.366839][ T5329] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.368725][ T5329] ? __pfx__printk+0x10/0x10
[ 72.370487][ T5329] ? _printk+0xd5/0x120
[ 72.371994][ T5329] ? __virt_addr_valid+0x183/0x530
[ 72.374026][ T5329] ? __virt_addr_valid+0x183/0x530
[ 72.376053][ T5329] print_report+0x169/0x550
[ 72.377802][ T5329] ? __virt_addr_valid+0x183/0x530
[ 72.379655][ T5329] ? __virt_addr_valid+0x183/0x530
[ 72.381556][ T5329] ? __virt_addr_valid+0x45f/0x530
[ 72.383494][ T5329] ? __phys_addr+0xba/0x170
[ 72.385280][ T5329] ? ext4_insert_dentry+0x36a/0x6d0
[ 72.387244][ T5329] kasan_report+0x143/0x180
[ 72.388995][ T5329] ? ext4_insert_dentry+0x36a/0x6d0
[ 72.390920][ T5329] kasan_check_range+0x282/0x290
[ 72.392828][ T5329] ? ext4_insert_dentry+0x36a/0x6d0
[ 72.394790][ T5329] __asan_memcpy+0x40/0x70
[ 72.396487][ T5329] ext4_insert_dentry+0x36a/0x6d0
[ 72.398399][ T5329] add_dirent_to_buf+0x3d9/0x750
[ 72.400290][ T5329] ? __pfx_add_dirent_to_buf+0x10/0x10
[ 72.402434][ T5329] ? __ext4_handle_dirty_metadata+0x30d/0x820
[ 72.404787][ T5329] make_indexed_dir+0xf98/0x1600
[ 72.406818][ T5329] ? __pfx_make_indexed_dir+0x10/0x10
[ 72.408933][ T5329] ? add_dirent_to_buf+0x398/0x750
[ 72.410894][ T5329] ? __pfx_add_dirent_to_buf+0x10/0x10
[ 72.413121][ T5329] ? __ext4_read_dirblock+0x527/0x890
[ 72.415237][ T5329] ext4_add_entry+0xcf7/0xfa0
[ 72.416976][ T5329] ? __pfx_ext4_add_entry+0x10/0x10
[ 72.418956][ T5329] ext4_add_nondir+0x8d/0x290
[ 72.420778][ T5329] ? ext4_symlink+0x6ce/0xb50
[ 72.422515][ T5329] ext4_symlink+0x920/0xb50
[ 72.424310][ T5329] ? __pfx_ext4_symlink+0x10/0x10
[ 72.426261][ T5329] ? inode_permission+0xff/0x460
[ 72.428119][ T5329] ? bpf_lsm_inode_symlink+0x9/0x10
[ 72.429950][ T5329] ? security_inode_symlink+0xbe/0x330
[ 72.431866][ T5329] vfs_symlink+0x137/0x2e0
[ 72.433395][ T5329] do_symlinkat+0x222/0x3a0
[ 72.435129][ T5329] ? __pfx_do_symlinkat+0x10/0x10
[ 72.436968][ T5329] ? strncpy_from_user+0x13a/0x260
[ 72.438935][ T5329] ? getname_flags+0x1e3/0x540
[ 72.440799][ T5329] __x64_sys_symlink+0x7a/0x90
[ 72.442593][ T5329] do_syscall_64+0xf3/0x230
[ 72.444383][ T5329] ? clear_bhb_loop+0x35/0x90
[ 72.446219][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.448583][ T5329] RIP: 0033:0x7fd9a877e819
[ 72.450334][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 72.457525][ T5329] RSP: 002b:00007fd9a95a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 72.460662][ T5329] RAX: ffffffffffffffda RBX: 00007fd9a8935fa0 RCX: 00007fd9a877e819
[ 72.463676][ T5329] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0
[ 72.466648][ T5329] RBP: 00007fd9a87f175e R08: 0000000000000000 R09: 0000000000000000
[ 72.469630][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 72.472580][ T5329] R13: 0000000000000000 R14: 00007fd9a8935fa0 R15: 00007ffdf99defb8
[ 72.475546][ T5329]
[ 72.476714][ T5329]
[ 72.477674][ T5329] The buggy address belongs to the physical page:
[ 72.480116][ T5329] page: refcount:3 mapcount:0 mapping:ffff8880004a4d78 index:0x3f pfn:0x43431
[ 72.483510][ T5329] memcg:ffff8880312be000
[ 72.485130][ T5329] aops:def_blk_aops ino:700000 dentry name(?):""
[ 72.487604][ T5329] flags: 0x4fff08000004214(referenced|dirty|workingset|private|node=1|zone=1|lastcpupid=0x7ff)
[ 72.491375][ T5329] raw: 04fff08000004214 0000000000000000 dead000000000122 ffff8880004a4d78
[ 72.494520][ T5329] raw: 000000000000003f ffff888042fa1570 00000003ffffffff ffff8880312be000
[ 72.497673][ T5329] page dumped because: kasan: bad access detected
[ 72.499975][ T5329] page_owner tracks the page as allocated
[ 72.502122][ T5329] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x148c40(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5329, tgid 5328 (syz.0.0), ts 72345174420, free_ts 72337848567
[ 72.508730][ T5329] post_alloc_hook+0x1f3/0x230
[ 72.510497][ T5329] get_page_from_freelist+0x3649/0x3790
[ 72.512512][ T5329] __alloc_pages_noprof+0x292/0x710
[ 72.514401][ T5329] alloc_pages_mpol_noprof+0x3e8/0x680
[ 72.516317][ T5329] folio_alloc_noprof+0x128/0x180
[ 72.518161][ T5329] filemap_alloc_folio_noprof+0xdf/0x500
[ 72.520219][ T5329] __filemap_get_folio+0x446/0xbd0
[ 72.522122][ T5329] bdev_getblk+0x1d8/0x550
[ 72.523702][ T5329] ext4_getblk+0x31b/0x880
[ 72.525383][ T5329] ext4_bread+0x2e/0x180
[ 72.527003][ T5329] ext4_append+0x327/0x5c0
[ 72.528694][ T5329] make_indexed_dir+0x523/0x1600
[ 72.530568][ T5329] ext4_add_entry+0xcf7/0xfa0
[ 72.532331][ T5329] ext4_add_nondir+0x8d/0x290
[ 72.534147][ T5329] ext4_symlink+0x920/0xb50
[ 72.535862][ T5329] vfs_symlink+0x137/0x2e0
[ 72.537524][ T5329] page last free pid 16 tgid 16 stack trace:
[ 72.539767][ T5329] free_unref_page+0xdf9/0x1140
[ 72.541635][ T5329] rcu_core+0xaaa/0x17a0
[ 72.543228][ T5329] handle_softirqs+0x2c5/0x980
[ 72.545019][ T5329] run_ksoftirqd+0xca/0x130
[ 72.546719][ T5329] smpboot_thread_fn+0x544/0xa30
[ 72.548570][ T5329] kthread+0x2f0/0x390
[ 72.550044][ T5329] ret_from_fork+0x4b/0x80
[ 72.551654][ T5329] ret_from_fork_asm+0x1a/0x30
[ 72.553428][ T5329]
[ 72.554342][ T5329] Memory state around the buggy address:
[ 72.556377][ T5329] ffff888043431f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 72.559129][ T5329] ffff888043431f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 72.561845][ T5329] >ffff888043432000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.564628][ T5329] ^
[ 72.566065][ T5329] ffff888043432080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 72.568953][ T5329] ffff888043432100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 72.571888][ T5329] ==================================================================
[ 72.612707][ T5329] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 72.615421][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[ 72.619369][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 72.623284][ T5329] Call Trace:
[ 72.624521][ T5329]
[ 72.625644][ T5329] dump_stack_lvl+0x241/0x360
[ 72.627405][ T5329] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.629353][ T5329] ? __pfx__printk+0x10/0x10
[ 72.631119][ T5329] ? preempt_schedule+0xe1/0xf0
[ 72.632881][ T5329] ? vscnprintf+0x5d/0x90
[ 72.634365][ T5329] panic+0x349/0x880
[ 72.635722][ T5329] ? check_panic_on_warn+0x21/0xb0
[ 72.637638][ T5329] ? __pfx_panic+0x10/0x10
[ 72.639304][ T5329] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 72.641354][ T5329] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 72.643645][ T5329] ? print_report+0x502/0x550
[ 72.645372][ T5329] check_panic_on_warn+0x86/0xb0
[ 72.647146][ T5329] ? ext4_insert_dentry+0x36a/0x6d0
[ 72.648935][ T5329] end_report+0x77/0x160
[ 72.650435][ T5329] kasan_report+0x154/0x180
[ 72.651983][ T5329] ? ext4_insert_dentry+0x36a/0x6d0
[ 72.653898][ T5329] kasan_check_range+0x282/0x290
[ 72.655629][ T5329] ? ext4_insert_dentry+0x36a/0x6d0
[ 72.657404][ T5329] __asan_memcpy+0x40/0x70
[ 72.659014][ T5329] ext4_insert_dentry+0x36a/0x6d0
[ 72.660802][ T5329] add_dirent_to_buf+0x3d9/0x750
[ 72.662722][ T5329] ? __pfx_add_dirent_to_buf+0x10/0x10
[ 72.664875][ T5329] ? __ext4_handle_dirty_metadata+0x30d/0x820
[ 72.667248][ T5329] make_indexed_dir+0xf98/0x1600
[ 72.669197][ T5329] ? __pfx_make_indexed_dir+0x10/0x10
[ 72.671224][ T5329] ? add_dirent_to_buf+0x398/0x750
[ 72.673205][ T5329] ? __pfx_add_dirent_to_buf+0x10/0x10
[ 72.675266][ T5329] ? __ext4_read_dirblock+0x527/0x890
[ 72.677307][ T5329] ext4_add_entry+0xcf7/0xfa0
[ 72.679046][ T5329] ? __pfx_ext4_add_entry+0x10/0x10
[ 72.681083][ T5329] ext4_add_nondir+0x8d/0x290
[ 72.682720][ T5329] ? ext4_symlink+0x6ce/0xb50
[ 72.684486][ T5329] ext4_symlink+0x920/0xb50
[ 72.686160][ T5329] ? __pfx_ext4_symlink+0x10/0x10
[ 72.687923][ T5329] ? inode_permission+0xff/0x460
[ 72.689791][ T5329] ? bpf_lsm_inode_symlink+0x9/0x10
[ 72.691775][ T5329] ? security_inode_symlink+0xbe/0x330
[ 72.693841][ T5329] vfs_symlink+0x137/0x2e0
[ 72.695535][ T5329] do_symlinkat+0x222/0x3a0
[ 72.697335][ T5329] ? __pfx_do_symlinkat+0x10/0x10
[ 72.699267][ T5329] ? strncpy_from_user+0x13a/0x260
[ 72.701191][ T5329] ? getname_flags+0x1e3/0x540
[ 72.703100][ T5329] __x64_sys_symlink+0x7a/0x90
[ 72.704977][ T5329] do_syscall_64+0xf3/0x230
[ 72.706584][ T5329] ? clear_bhb_loop+0x35/0x90
[ 72.708430][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.710637][ T5329] RIP: 0033:0x7fd9a877e819
[ 72.712361][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 72.719197][ T5329] RSP: 002b:00007fd9a95a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 72.722257][ T5329] RAX: ffffffffffffffda RBX: 00007fd9a8935fa0 RCX: 00007fd9a877e819
[ 72.725079][ T5329] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0
[ 72.728102][ T5329] RBP: 00007fd9a87f175e R08: 0000000000000000 R09: 0000000000000000
[ 72.731083][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 72.733996][ T5329] R13: 0000000000000000 R14: 00007fd9a8935fa0 R15: 00007ffdf99defb8
[ 72.737141][ T5329]
[ 72.738855][ T5329] Kernel Offset: disabled
[ 72.740511][ T5329] Rebooting in 86400 seconds..