program:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x22000011, &(0x7f0000000000)={[{@commit}, {@noblock_validity}, {@user_xattr}]}, 0x86, 0x48e, &(0x7f00000008c0)="$eJzs3EtvVFUcAPD/nXaKFUoLPnkoo0hsRFtaUFmYGI0mbExMdKHLWipBChioiRAiaAwujZ9AXZr4CVzpxqgrjVvdGxNi2IguzJj7KlM6rdPpTKcyv18y7Tn3dc7/nnt6H+dOA+hbtfRHErEtIn6JiNE8u3SBWv7rxvVLs39dvzSbRL3+yh9Jttyf1y/NlotuK35vLbY5XomofJjEniblnr9w8dTM/PzcuSI/uXD67cnzFy4+cfL0zIm5E3Nnpo8ePXJ46umnpp/sSJwjaV13v3d2765jr3/y0mw93vj+y7T+A8X8xjhyY+susxa1GI56vbJk6lD288C6t765jDSkk8EeVoQ1SY//tLmqWf8fjYG42Xij8eIHPa0c0FX1er2+Y9nU/KxYOZBk84HblT4O/ao846f3v+VnY69Aeuvac/kNUBr3jeKTzxmM9L49Gcvv2Ae6VP62iHjtyt+fpp9o+hwCAKCzvk6vfx5vdv1XiXsblttejA2NRcTBiNgZEXdFxN0RcU9Etux9EXH/Gsuv3ZLPy682TPlpuN3YWpFe/z1TjG0tvf5bHLUZGyhyI1n81eTNk/Nzh4p9Mh7VLWl+apUyvnnh54+zRJNIag3Xf+knLb+8Fizq8fvglqXrHJ9ZmFlv3KVr70fsHny2SfzJ4khAEhG7ImJ3G9tP99nJx77Ym6a3b10+/7/jX0UHxpnqn0c8mrf/lbgl/lKSl7TS+OTkHTE/d2iyPCqW++HHqy835huP7loWRpvxd0Da/nc2Pf6L+MtuUI7Xnl97GVd//WjFe5p2j/+h5NUsPVRMe3dmYeHcVMRQMWHJ9Omb65b5cvk0/vH9zfv/zoh/PivW2xMR6UH8QEQ8GBH7iro/FBEPR8T+VeL/7vlH3lp9D/W2/Y+v1v4RY0kRf+rc4sB964mBU99+tVL5rbX/kSw1Xkxp5e9fqxVsd78BAADA/0klG4NOKhOL6UplYiJ/h7987HKwFu+cOZ6PVY9FtVI+6RpteB46VTwbLvPTt+QPR8SO7E2j4Sw/MXt2fqTHsUO/27pC/0/91q2XXoDNY03jaEn36gFsPN/XhP7VvP939b0rYJNw/of+pf9D/2rW/y9H3OhBVYAN5vwP/av1/u+NALjdOP9D/9L/oS8t/0r8cPGvE9r5pv/NxM5j61p9rYnqBpbV4cRAl7Ycjf+0owuJqPR817WfqGyGauwrElsiotW1Lje0aXna7kYNq/M9/KMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQQf8GAAD//4F+194=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x80)
r1 = fanotify_init(0x202, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f00000000c0)={0x1000, 0x3a, 0x1ff, 0xe, 0x17, "ede3b7ed1c444e13947952a020eaad96d5d1a0"})
syz_usb_connect(0x5, 0x46, 0x0, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg(r2, &(0x7f0000000340)={&(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfd, 0x100000}, 0x80, &(0x7f0000000300)=[{&(0x7f00000001c0)="b8d9ec32648f91521c7d670d138eda4a564964fb46c7b8e47ab2523ebb353da1aace9db3e0108fed5553f977bf4b0de2a72160f4b83cfbf4c7bd271d02289a9648ca915a61c1a308561a50a90cec18e75a49b2a2d97a71daf6b192e20c127ed6abce89a6055a3514c5814bcc27323c6d8e6c915954e5bd40b2b930ffb281355850a1b4fcb8a170c2e623c9498e2f85bf5953cc5198719a1a0f2580dea86c0e2d3bf7292484711e69830669ee391a92cec2", 0xb1}, {&(0x7f0000000280)="64b0846da8eaa23a07c62cc0b7e8303b41c202a64a2250a2ed71c6d0441ebc4da653206cab42c64efa7ed234208fd4b96de556547e37088eb4a7ccfc01a6948349d4ab5e98cfb793946fbbf47189bcc76dfcbfba25849a4860679532d974ec9148a14bc1dd474551063935027d2648e635d5b7a94dd1", 0x76}], 0x2, &(0x7f0000000d80)=[{0x1010, 0x88, 0xec, "7b83e988ba72cb9dddff79a60e052acb1481cf050134f05f806a4b07b12d68f407b368065f84544932802cf5a15814e5c0641efc542c96e35ab72f7fbfa35d1fda5d78f92a762e7febb3b35edb987ce4d46bbb1f8227ed303a4a45ed2feddd9fc4ff65764dc9e433d721a2a2c0f5173ce9ea8b4f88afadee2c80c0f21ca48869f3bce999dc5edf9a1dfe45bf162e7bae2e7cf654b652958a031b6ba265f0cc2fdae62ed24d6e015d64c14e9c39823370141d4a588c6992d7a898ff66f3084fcd4078a48f903b8321d273395651c2b79214ef85d8838c76f719f508a9eef7707a52c357b6a46c6d0c94eabc4186bcd8ed8ebaff750283d2671c64ad33c796df2b2a933b02e447ff31739bf65287b945fbbc5fcaa62e7bb85134e96a276708fde847593287deed6754ee12bc6884183a7b82e2febe50c47f9b10ea65a7a8f497cf1afe06c8cbf1df76f3e9a484d2b91b1c6be7401f1b8b6be7bce7a87a1b03b57e0c6f0204ea13814ef1de529b077f97e98cdce7bfbfff6bbead49fc985453d8244f68c1361d1155b348619585736771af9c2f2978056eb8347fda3ff878462e2d2f63d546f66b4e4e2c73de51c62e3a5b5f60a6872619bf9aceffdc5dc1ba60dbdc234a854fb68e1648c602836d5df789e8d24667083fb1e8d156e1e240f3fdbe5941b03cc1b4c8b8ba1b9c52cc3e995deb19949bd560ba135fb45768844d0ad26c60ef2005d73c404c72b82b6bd02494d2f7903da978ca49061ff98f213f4cda6b77543b2feb43254df3a390ac01505e50dd8b0cfbcb7faff639d399b0ca6a40b5b8e47be498abb470c794b378d39a64b862f0599aeb7319ed879869c4c51d97a05470fa91e62849e6368eb67f46cfca00db740339da7302b93de504c96f739f9df4e3474414489d3fda3e9df1683899886d651563b4f5b06b77e15429d0874b0d142954ee34eea4e833391b90f42a0299eb83576ee49b899871600d3fa3cefe5bc4d6f3500a4c97bb70a29c53d9f74ac66872d335fda4ba9708b91e27f5c6ea45d16b23c5e8d9cfe71615f710bba12c3b5096678f573fcbd325bd0143986e734419ebe10ad6bd1ed5ae5091eab7be1ff0b6b97b8a97aee5d84cd8ac34ba9d640d778720782d999dbd3f754b52d9d260c9f050d8c8a5e35c1b569d91871c7ca321a7942f7869d8139ab37b5a5588b7f8fbb52de7feb700c7191efb5b4958fec5f8f465d4a09a1ce6b4e4da1f2209c1d9f76afa9e764a385d32515df5bf7c2f1623336353f1a02f611475a6691c03ebf6819bb2330bc3b05888a481e792883853978f363007422ae99910fcb30d44edf2324d3345df5a1baa8b90ad541e467337719bef6e6bf0338c68eb0d688dd78d5bdb428495f2bbc8fae1b709f6ef2bfd46b2889f90e58ab1ed1b2c8e2c8698a562196f4a71917e1d59aa270e8e3d3ee9d18f10978cd2dda56b3fb17784307ef4cdd3eaa012fbc9718c1eb10c114b4b939a423a3c093118adf6abdacf45092b43863754de90602a156af39e22b63e4f972ba2792d118c905d9d78b8a96ad0207a67bcb6436990327d38c7f21bffa7605b2459ead632be3af74d39d24a662b6eedd0bd88310e4d6ae32206ae73fc5e6ee32c514ca62a89ba708651d5e109f70fdb7ff4ae3f5f1f7050259ae80f56338644a0ae661697ccb67820201c57f9ba2cedf1b588e8d01c7a5c17713279c0792bdc8d47a248c52c08a301e01a472d9bed107312e69e2948def2ecca4defd6d701762a4fbe89c8aa3a5907d42055fb5f28c586b3179d0244da3b1d65fc80b7fd0ee3b37643c439a57f22058de3429f83684182bd136806706d673edda0bfb627ff7c4f92a9def11c48612cfdc04e5feb42955903b50e7107d6d345ff64f9f73bcf158958a377a4783af9fd8109953271e07bd37c38e1bc68cb5c31c236baed023e94be81a8984d3f4d5152e6178305b765804bda136660ca6d20cf99117e7e21c9d3fa4744a8aa3be707a0627bf9c5d530cfad1da1246ed06c178bddef67692573b3fd2788deb8c8f783ead9164265dfeb7f3f56dc4d154ecc7d913f1b78a151b9f1e5e51a5d886a386110fc4b519cca3b04d3f74241be106465d5533d0f06aaca0433a7763a8fc97840076170b70cdac3f8f7c602f2948c5a93e2ac5607e784987b5c15e948a5456fc3d52d62b08efcea001600aa88a393c02aae963a3860e6f69fb31dad81d4f6a3facf29ea084c8db55a5791173fd0ade54242e407b73d8be88847e1a246f3fcb8c4ef718d918090e1322ff9a21409229594a3249098d2715ab20be313c4b39a0e369ce339baea6bf70b68a921ba9317b1da7004f229ce504a00c386161c98797863cbaa695787a965500a4f25d508d45152fb3f843238156d5c71274ab3b0ff2d0a8f448659388a9fdb6fb36bf16eeb462f4addf416e9c63a0fd92a2d0f0c504519b6638981a40f3e8aae6d1729abf34d5b67be6f47b00aad68551f9e6ccb7880ebb6ab35470716854af8e2e6d55900199edaef71c6eb921e64a65ddd99be4b047bb3ff044fc114718931e5fdba641fa1873407a6222ab9d87748b94970b4ab36c20bc8dd68d34df66ab29abcd6cab2e98fc41d19c1e04e03dfa9161adfea0a06ec17623a021766506e3c5f7fa58bce37d529ecf1448e8e7494a872bddcb989459b2187662f1b3ab3dd6f1f4b193521014c133ca2f0e2e9e7469e128713d7db79ded73052511410e5a304799588236e4dbd6330a4619357beeea8aec6ca4d43ce4fd305d4b7a3199140d8aa08061b7c5b5fccc5fe735c761e5e5c184bb931bb3d99166260f9cd4f4786eaec908eda797015b3c8e207a26ee239d2f315c16592fbeebee3b8351de1da5b85f7430c3c38900cc8a5129e6c7ac9827180c09f9e51830477f131d7a5d7125eba83aaf2e88bc996bace78a5a17b06566f4c4286249d81b1837f5942ed66beab6f8afb078119110b1549d8e3129e522a1128d44ba042f2f0f134d5259ba346fba5ac08af6b449de9986d692186afe1ac8326a824eafa910c038b9d8041798f8a9553fb616f7ab3f4315bbfc71511da66fa1ca11f0fd91bd176fe45ef7d97443fd7b55157c0bc1ebbc2dee890ddfc992d85a6bf8884dc323c2ef0c224f17489ede84bc3d0ece3d77273639da729fecb9d23ec6fbba02ab3f8430680e8df538286077dd2dfd0e296ad9d088c2e4a174f0a0c0109280752dd3cbf1d206ab007beed88f8c81e96b7e4f72e4215f04a8a3e4c82d0aaf40b6a421f504ffe4a280c553936dd712e8be481cee16b071b9de0e6eb88e793b6422da580f943501cb4e005b4c38675ed7972f9e870f2c7094d9bce13ca0df7c6800105c7b64b90dff998e84a0df8fd2e4bb9e0cde063fbc0b8b907ed588245c7fa70bf51e89dbd2b36f739139181e00c448b81c513aaaec73919f1d744dec4b00da53cbebc0fc492150c7c8c01b6f36bd2f969dfee8fbf263d8176ee55f1943b62c7a9361efce0fff62d6bd68d054b4b56bbb25c28203551b365083260a5277d59327ff8f9da93b8e2dcdb3bbc6f05a4dca276c634e5f662d2c79920998f91aabb49c06ddef05aa03f30bb5384a1892c975510406d647eb3c16ef6669c4fc216616506b7fc03fab90adcca16f68ad7c67067ca0ee54ec35ac1476ab1518196a2eac87d97304265d46be466d1d819756d30b3435948db4af28a9719d7a8d948da7f7561b7cc2828e4eb28f6540b0d1a34fe100ecd6dc9e9fd5ac31a5acacd989c7fcfbe58bf123aa198ca18c27003752e52c3067a1f60425ea73c4ea85fd40704aac53d04456ded9c2ef8c461623fe645ca1eb1520795f2d73067378db4d50293aec5ea5a14c4b45ac9837c1c9a5ea0008000b042a4881e67afd8daeffc352a3645e8c7b5e8c5a176ca43f09d855c0796f70d26b154b8a2a9cabc43d6585d8f157df873edc57ad574f9170770d5eae75166da05824cc681379dd95e40fa442a0d08ca913f302f896f274b5cdeb15f20aefa39d77a1b9aaa23b7d579ee02654678f0235f0d146537a2ad43ce722f2461678481751ba0bd70b0ecbbef73d2e1427dbf0def03766945fbfa4985a2cf71f8df91646c8ffae119736f29747824b602269e40305f1d6c131209affc51373bfc2381019ea0c4c62ed8827eb6a1aa03bab85bf84300bd6f7df73eacf1122fd4c28177a4aeaef70d763b37fc0c8f6f59056747cfe6679d9874ec6f19b14486b2034e4d8f93cabe10856d14d171d59fe0259b71405199df61b4545ee8eb6c70dc426fc2c7addb5f978ddb8fbc1b357b4a0c143c33cbe3c0184bb7b64749448c4bc9620ee6d8627c84a013f570055c626a264a181010247f2cc6776509afeb46468f81c9bb27b96066803dd5307dbd84d9dc79e07931d054af538d009311365d0809231a67ea94f30bc70a6947636702c0ce1cb145ee530bfb5db0e0a70f73155c0ed9d2d04d5c67f51d076af1b021f291885a44981c6992f49a234f39406b03fb7c728e694f15aee0c6d55974614dd3cedee7ebfe98cfe2299b99bde9508fba2070ea6b9e518cdc0862088f588399eb78af42f6d85c7ad61ff262632d50179d898d0377559d53318695ceb08a737c121e4f831d0be752ddf9b21d382d93e1d8140e785e77ba71fa21c05b91ac904a4078e1ed3400cbf3484c33bbd3541d7d74618fd632ed85d378b2ef7c1fedd5fe198fde7727f941ec2631df6a97728d9fbb036ba74ac952b4ac9e9375503ff8ab20707dd46991700f7f01dc4b80c6cd03198b6fd386072a8589f6591d4a43696994ed1d871b8e55af0fc87fc12170b73852e91135f7b7c83a1a8c33fb893fe809b7406a17a4640f7e8bf0654452c7cf6280124082931b1238033d1852f9c82843d049746d95ee76637ae583741827e7917234356268611a398c53da8754ac5c2371fc9e30f85aa1c8f622045d5114fb530be45740a66368565bf092618bd8a674cd9faf2c44a8b4babf45989f7eacdbabb80f41d084bcacab190bd1349cefce3ee593cc6970a27878e17719fe0782bec01f03f95891e3aec300bf886ab7dfe38cd77ac8d6a61955226bed9f5e95d1325bb01ddd2b07bac400fdab9ff43c08482d7fe09edce79c62311660f3f25d3bab688862df3f9b176dd0a60cdc6c079bfb494d259fab0652eaea9ed4ae0f649387f6b55d4f2c6ef3f0d134b0db753227cd1aa278332a4507db4767e0049804382a2e5047c134d2cb1d70e50c2d3a74cf84533b5d8c21fcc4ec66e756ca18e60bff864bda6c8fd57f83696f42f0ecbb7b8ee9514051e6a757b52635e904bb2e6320727f7fd6710146b709bd13296e4e0135eee4933e9cd8c2ccfa4bf614e29bcc43a9704a113d9593bd629b861af113dffaae7996f72dce1d8b8fd5b5a58e1dec7e885e567e3808c12f54814480a8578b1caa38ce45f031ed5d85e3f321eb9808f68016657e402c436c86a901bc4fe9094d447affa1fb37ef0da1f9afc8d721d0e921428e58fd54a20d5c53d6bc849fee86ece06a4f143f670bb51ddac7afc0251970aadcfcd2998b25639d8d50cdfd3a91a18693d57725b0df1703131b72e8bfc6881d0d207ef397bc87e6fb5554d8fce44b9ecd1b2bc543da9d71c157ae0142d39ddfaa301228274a755d4174155b507493736962871d2a2f9232ee03125d73b3e0d26375489d7092cfb268e58dfa166dd8b2ea967ad511c543fa22587c351e64b6002515d2b7eafad03863480dabc30f13f3e5b7a72c0cf738481efb3219fa706ce3aff95f8ee95617e3af3cf93b7a0ff085"}], 0x1010}, 0x20000040)
ioctl$sock_bt_hci(r2, 0x400448dd, &(0x7f0000001400))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r3, 0x3ff, 0x0)
getdents64(r3, 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r3, 0x5382, &(0x7f0000000100))
dup2(r1, r0)

[   74.983669][   T46] Bluetooth: hci0: command tx timeout
[   75.066680][ T5341] loop0: detected capacity change from 0 to 512
[   75.114275][ T5341] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   75.117710][ T5341] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002]
[   75.146182][ T5341] EXT4-fs (loop0): orphan cleanup on readonly fs
[   75.148831][ T5341] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #13: comm syz.0.0: iget: bad i_size value: 12154761577498
[   75.179555][ T5341] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.0: couldn't read orphan inode 13 (err -117)
[   75.187851][ T5341] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   75.198961][ T5341] EXT4-fs warning (device loop0): dx_probe:861: inode #2: comm syz.0.0: dx entry: limit 65535 != root limit 120
[   75.207321][ T5341] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.0: Corrupt directory, running e2fsck is recommended
[   75.213872][ T5341] ==================================================================
[   75.217333][ T5341] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x755/0x8e0
[   75.220820][ T5341] Read of size 2 at addr ffff888000f3b003 by task syz.0.0/5341
[   75.223937][ T5341] 
[   75.224914][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.224930][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.224938][ T5341] Call Trace:
[   75.224945][ T5341]  <TASK>
[   75.224953][ T5341]  dump_stack_lvl+0xe8/0x150
[   75.224971][ T5341]  print_report+0xca/0x240
[   75.224983][ T5341]  ? __ext4_check_dir_entry+0x755/0x8e0
[   75.224998][ T5341]  kasan_report+0x118/0x150
[   75.225009][ T5341]  ? __ext4_check_dir_entry+0x755/0x8e0
[   75.225023][ T5341]  __ext4_check_dir_entry+0x755/0x8e0
[   75.225039][ T5341]  ext4_readdir+0x13ee/0x3e90
[   75.225051][ T5341]  ? aa_file_perm+0x139/0x1530
[   75.225068][ T5341]  ? __pfx_ext4_readdir+0x10/0x10
[   75.225085][ T5341]  ? iterate_dir+0x292/0x570
[   75.225097][ T5341]  ? iterate_dir+0x292/0x570
[   75.225106][ T5341]  ? down_read_killable+0x1bc/0x350
[   75.225159][ T5341]  iterate_dir+0x399/0x570
[   75.225174][ T5341]  __se_sys_getdents64+0xe4/0x260
[   75.225188][ T5341]  ? __pfx___se_sys_getdents64+0x10/0x10
[   75.225201][ T5341]  ? __pfx_filldir64+0x10/0x10
[   75.225239][ T5341]  ? rcu_is_watching+0x15/0xb0
[   75.225255][ T5341]  do_syscall_64+0xec/0xf80
[   75.225265][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.225275][ T5341]  ? trace_irq_disable+0x37/0x100
[   75.225289][ T5341]  ? clear_bhb_loop+0x60/0xb0
[   75.225300][ T5341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.225311][ T5341] RIP: 0033:0x7f94c458f7c9
[   75.225322][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.225329][ T5341] RSP: 002b:00007f94c09f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   75.225337][ T5341] RAX: ffffffffffffffda RBX: 00007f94c47e5fa0 RCX: 00007f94c458f7c9
[   75.225342][ T5341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   75.225346][ T5341] RBP: 00007f94c4613f91 R08: 0000000000000000 R09: 0000000000000000
[   75.225350][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.225354][ T5341] R13: 00007f94c47e6038 R14: 00007f94c47e5fa0 R15: 00007ffc7c1cec68
[   75.225361][ T5341]  </TASK>
[   75.225366][ T5341] 
[   75.318417][ T5341] Allocated by task 73:
[   75.320307][ T5341]  kasan_save_track+0x3e/0x80
[   75.322393][ T5341]  __kasan_slab_alloc+0x6c/0x80
[   75.324495][ T5341]  kmem_cache_alloc_noprof+0x37d/0x710
[   75.326856][ T5341]  skb_ext_add+0x148/0x8f0
[   75.328512][ T5341]  br_nf_pre_routing_ipv6+0x132/0x6b0
[   75.330774][ T5341]  br_handle_frame+0x96e/0x14f0
[   75.332764][ T5341]  __netif_receive_skb_core+0x95f/0x2f90
[   75.335154][ T5341]  __netif_receive_skb+0x72/0x380
[   75.337161][ T5341]  process_backlog+0x54f/0x1340
[   75.339138][ T5341]  __napi_poll+0xae/0x320
[   75.341061][ T5341]  net_rx_action+0x64a/0xe00
[   75.342946][ T5341]  handle_softirqs+0x22b/0x7c0
[   75.345093][ T5341]  do_softirq+0x76/0xd0
[   75.347013][ T5341]  __local_bh_enable_ip+0xf8/0x130
[   75.349319][ T5341]  __dev_queue_xmit+0x19cb/0x31c0
[   75.351525][ T5341]  ip6_finish_output+0x234/0x7d0
[   75.353411][ T5341]  ip6_output+0x340/0x550
[   75.355076][ T5341]  NF_HOOK+0x9e/0x380
[   75.356593][ T5341]  mld_sendpack+0x8d4/0xe60
[   75.358310][ T5341]  ipv6_mc_dad_complete+0x88/0x410
[   75.360234][ T5341]  addrconf_dad_completed+0x6d5/0xd60
[   75.362525][ T5341]  addrconf_dad_work+0xc36/0x14b0
[   75.364864][ T5341]  process_scheduled_works+0xad1/0x1770
[   75.367447][ T5341]  worker_thread+0x8a0/0xda0
[   75.369429][ T5341]  kthread+0x711/0x8a0
[   75.371208][ T5341]  ret_from_fork+0x510/0xa50
[   75.373231][ T5341]  ret_from_fork_asm+0x1a/0x30
[   75.375329][ T5341] 
[   75.376411][ T5341] Freed by task 73:
[   75.378095][ T5341]  kasan_save_track+0x3e/0x80
[   75.380111][ T5341]  kasan_save_free_info+0x46/0x50
[   75.382305][ T5341]  __kasan_slab_free+0x5c/0x80
[   75.384433][ T5341]  kmem_cache_free+0x197/0x620
[   75.386555][ T5341]  skb_release_head_state+0x270/0x360
[   75.388971][ T5341]  sk_skb_reason_drop+0xe9/0x170
[   75.391189][ T5341]  ip6_mc_input+0x8de/0xb70
[   75.393160][ T5341]  ip_sabotage_in+0x1e1/0x270
[   75.395307][ T5341]  nf_hook_slow+0xc5/0x220
[   75.397346][ T5341]  NF_HOOK+0x206/0x3a0
[   75.399242][ T5341]  __netif_receive_skb+0xd3/0x380
[   75.401480][ T5341]  netif_receive_skb+0x1bb/0x750
[   75.403622][ T5341]  NF_HOOK+0xa0/0x390
[   75.405342][ T5341]  br_handle_frame_finish+0x15c6/0x1c90
[   75.407615][ T5341]  br_nf_hook_thresh+0x3c6/0x4a0
[   75.409515][ T5341]  br_nf_pre_routing_finish_ipv6+0x999/0xd60
[   75.412046][ T5341]  br_nf_pre_routing_ipv6+0x37e/0x6b0
[   75.414390][ T5341]  br_handle_frame+0x96e/0x14f0
[   75.416574][ T5341]  __netif_receive_skb_core+0x95f/0x2f90
[   75.419058][ T5341]  __netif_receive_skb+0x72/0x380
[   75.421326][ T5341]  process_backlog+0x54f/0x1340
[   75.423534][ T5341]  __napi_poll+0xae/0x320
[   75.425540][ T5341]  net_rx_action+0x64a/0xe00
[   75.427607][ T5341]  handle_softirqs+0x22b/0x7c0
[   75.429834][ T5341]  do_softirq+0x76/0xd0
[   75.431611][ T5341]  __local_bh_enable_ip+0xf8/0x130
[   75.434001][ T5341]  __dev_queue_xmit+0x19cb/0x31c0
[   75.436273][ T5341]  ip6_finish_output+0x234/0x7d0
[   75.438540][ T5341]  ip6_output+0x340/0x550
[   75.440473][ T5341]  NF_HOOK+0x9e/0x380
[   75.442276][ T5341]  mld_sendpack+0x8d4/0xe60
[   75.444269][ T5341]  ipv6_mc_dad_complete+0x88/0x410
[   75.446556][ T5341]  addrconf_dad_completed+0x6d5/0xd60
[   75.448957][ T5341]  addrconf_dad_work+0xc36/0x14b0
[   75.451189][ T5341]  process_scheduled_works+0xad1/0x1770
[   75.453368][ T5341]  worker_thread+0x8a0/0xda0
[   75.455426][ T5341]  kthread+0x711/0x8a0
[   75.457287][ T5341]  ret_from_fork+0x510/0xa50
[   75.459356][ T5341]  ret_from_fork_asm+0x1a/0x30
[   75.461601][ T5341] 
[   75.462693][ T5341] The buggy address belongs to the object at ffff888000f3b000
[   75.462693][ T5341]  which belongs to the cache skbuff_ext_cache of size 192
[   75.468375][ T5341] The buggy address is located 3 bytes inside of
[   75.468375][ T5341]  freed 192-byte region [ffff888000f3b000, ffff888000f3b0c0)
[   75.473486][ T5341] 
[   75.474452][ T5341] The buggy address belongs to the physical page:
[   75.476818][ T5341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf3b
[   75.480476][ T5341] flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
[   75.483616][ T5341] page_type: f5(slab)
[   75.485560][ T5341] raw: 007ff00000000000 ffff888030465140 dead000000000122 0000000000000000
[   75.489204][ T5341] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   75.492722][ T5341] page dumped because: kasan: bad access detected
[   75.495453][ T5341] page_owner tracks the page as allocated
[   75.497838][ T5341] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 73, tgid 73 (kworker/u4:5), ts 75075531408, free_ts 12313965196
[   75.506053][ T5341]  post_alloc_hook+0x234/0x290
[   75.508108][ T5341]  get_page_from_freelist+0x24e0/0x2580
[   75.510730][ T5341]  __alloc_frozen_pages_noprof+0x181/0x370
[   75.513328][ T5341]  alloc_pages_mpol+0x232/0x4a0
[   75.515487][ T5341]  allocate_slab+0x86/0x3b0
[   75.517431][ T5341]  ___slab_alloc+0xe53/0x1820
[   75.519474][ T5341]  __slab_alloc+0x65/0x100
[   75.521396][ T5341]  kmem_cache_alloc_noprof+0x40f/0x710
[   75.523861][ T5341]  skb_ext_add+0x148/0x8f0
[   75.525890][ T5341]  br_nf_pre_routing_ipv6+0x132/0x6b0
[   75.528237][ T5341]  br_handle_frame+0x96e/0x14f0
[   75.530427][ T5341]  __netif_receive_skb_core+0x95f/0x2f90
[   75.532862][ T5341]  __netif_receive_skb+0x72/0x380
[   75.535202][ T5341]  process_backlog+0x54f/0x1340
[   75.537574][ T5341]  __napi_poll+0xae/0x320
[   75.539466][ T5341]  net_rx_action+0x64a/0xe00
[   75.541471][ T5341] page last free pid 9 tgid 9 stack trace:
[   75.544086][ T5341]  __free_frozen_pages+0xbc8/0xd30
[   75.546701][ T5341]  __put_partials+0x146/0x170
[   75.548852][ T5341]  __slab_free+0x294/0x320
[   75.550634][ T5341]  qlist_free_all+0x97/0x100
[   75.552673][ T5341]  kasan_quarantine_reduce+0x148/0x160
[   75.555077][ T5341]  __kasan_slab_alloc+0x22/0x80
[   75.557253][ T5341]  __kmalloc_cache_noprof+0x37c/0x700
[   75.559241][ T5341]  virtio_gpu_plane_duplicate_state+0x72/0xb0
[   75.561481][ T5341]  drm_atomic_get_plane_state+0x25a/0x670
[   75.563776][ T5341]  drm_atomic_helper_dirtyfb+0xce5/0xee0
[   75.566080][ T5341]  drm_fbdev_shmem_helper_fb_dirty+0x160/0x2d0
[   75.568618][ T5341]  drm_fb_helper_damage_work+0x245/0x710
[   75.570955][ T5341]  process_scheduled_works+0xad1/0x1770
[   75.573456][ T5341]  worker_thread+0x8a0/0xda0
[   75.575675][ T5341]  kthread+0x711/0x8a0
[   75.577490][ T5341]  ret_from_fork+0x510/0xa50
[   75.579660][ T5341] 
[   75.580926][ T5341] Memory state around the buggy address:
[   75.584061][ T5341]  ffff888000f3af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   75.588294][ T5341]  ffff888000f3af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   75.592545][ T5341] >ffff888000f3b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.596403][ T5341]                    ^
[   75.597970][ T5341]  ffff888000f3b080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   75.601171][ T5341]  ffff888000f3b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.604550][ T5341] ==================================================================
[   75.618721][ T5341] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   75.621724][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.625403][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.629973][ T5341] Call Trace:
[   75.631341][ T5341]  <TASK>
[   75.632422][ T5341]  vpanic+0x1e0/0x670
[   75.634120][ T5341]  panic+0xb9/0xc0
[   75.635735][ T5341]  ? __pfx_panic+0x10/0x10
[   75.637985][ T5341]  ? preempt_schedule_thunk+0x16/0x30
[   75.640727][ T5341]  ? preempt_schedule_thunk+0x16/0x30
[   75.642973][ T5341]  ? __ext4_check_dir_entry+0x755/0x8e0
[   75.645498][ T5341]  check_panic_on_warn+0x89/0xb0
[   75.647607][ T5341]  ? __ext4_check_dir_entry+0x755/0x8e0
[   75.650051][ T5341]  end_report+0x6f/0x140
[   75.651814][ T5341]  kasan_report+0x129/0x150
[   75.653857][ T5341]  ? __ext4_check_dir_entry+0x755/0x8e0
[   75.656406][ T5341]  __ext4_check_dir_entry+0x755/0x8e0
[   75.658820][ T5341]  ext4_readdir+0x13ee/0x3e90
[   75.660900][ T5341]  ? aa_file_perm+0x139/0x1530
[   75.663155][ T5341]  ? __pfx_ext4_readdir+0x10/0x10
[   75.665574][ T5341]  ? iterate_dir+0x292/0x570
[   75.667704][ T5341]  ? iterate_dir+0x292/0x570
[   75.669853][ T5341]  ? down_read_killable+0x1bc/0x350
[   75.672106][ T5341]  iterate_dir+0x399/0x570
[   75.674116][ T5341]  __se_sys_getdents64+0xe4/0x260
[   75.676228][ T5341]  ? __pfx___se_sys_getdents64+0x10/0x10
[   75.678371][ T5341]  ? __pfx_filldir64+0x10/0x10
[   75.680375][ T5341]  ? rcu_is_watching+0x15/0xb0
[   75.682415][ T5341]  do_syscall_64+0xec/0xf80
[   75.684391][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.687037][ T5341]  ? trace_irq_disable+0x37/0x100
[   75.689157][ T5341]  ? clear_bhb_loop+0x60/0xb0
[   75.691222][ T5341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.693740][ T5341] RIP: 0033:0x7f94c458f7c9
[   75.695792][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.704006][ T5341] RSP: 002b:00007f94c09f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   75.707607][ T5341] RAX: ffffffffffffffda RBX: 00007f94c47e5fa0 RCX: 00007f94c458f7c9
[   75.711149][ T5341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   75.714578][ T5341] RBP: 00007f94c4613f91 R08: 0000000000000000 R09: 0000000000000000
[   75.717898][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.721193][ T5341] R13: 00007f94c47e6038 R14: 00007f94c47e5fa0 R15: 00007ffc7c1cec68
[   75.724429][ T5341]  </TASK>
[   75.726266][ T5341] Kernel Offset: disabled
[   75.728515][ T5341] Rebooting in 86400 seconds..