program:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800700, &(0x7f00000006c0), 0x3, 0x467, &(0x7f0000002280)="$eJzs3M9rHFUcAPDvzCb93SbWKrRWjRYx+CNp0qo9eFEUPFQU9FCPcZOW0m0jTQRbio0i9SJIQc/iUfAv8OZF1JPgVe9SKBqEVk+R2Z1JN9vdZNNsdmv384Fp39t5M/O+O+/tvJm3mwD61kj2TxKxKyJ+i4ihWnZlgZHafzcXL5X/WbxUTmJp6a0/k2q5G4uXykXRYrudeWY0jUg/SfKDxNb63c5duHhmqlKZOZ/nx+fPvjc+d+His6fPTp2aOTVzbvLYsaNHJl54fvK5tuJI1lifxXXjwIezB/e/9s7V18snrr7707fZNrvy9fVxdMpIFvhfS1WN657o9MF6bHddOhnoYUVYl1JEZKdrsNr/h6IUt07eULz6cU8rB2yq7Nq0tfXqhSXgHpbE2mX+7kZFgC4rLvTZ/W+xdGnocVe4/lLtBiiL+2a+1NYMRJqXGWy4v+2kkYg4sfDvV9kSm/QcAgCg3mflL4/HM83Gf2k8WFduTz6HMhwR90XE3oi4PyL2RcQDEVnZxiFlW0Ya8rePf9JrdxhaW7Lx34v53NbK8V8x+ovhUp7bXY1/MDl5ujJzOH9PRmNwa5afWOUY37/y6+et1tWP/7IlO34xFszrcW2g4QHd9NT8VHVQ2gHXP4o4MNAs/mR5JiCJiP0RcWB9u95TJE4/9c3B7QebF1o7/lV0YJ5p6euIJ2vnfyEa4i8kq89Pjm+Lyszh8aJV3O7nX6682er4LeLfsvHI2pOd/x0r239jkeGkfr52bv3HuPL7py3vae60/W9J3q6el+KN+mBqfv78RMSW5Hg1v+L1yVvbFvmifBb/6KHm/X9vvk12nIciImvCD0fEIxHxaF73xyLi8Yg4tEr8P76cJ5q01w21/w7I4p9u+vm33P4bzv/6E6UzP3xX7GzbuuPPzv/Ramo0f6X6+beGdiu40fcPAAAA/g/S6nfgk3RsOZ2mY2O17/Dvix1pZXZu/umTs++fm659V344BtPiSddQ3fPQiWQh32MtP5k/Ky7WH8mfG39R2l7Nj5VnK9M9jh363c4W/T/zR6nXtQM2XbN5tMmuTUEBvdTY/9OV2ctvdLMyQFf5vTb0rzX6f9qtegDd5/oP/atZ/7/ckDcXAPcm13/oX/o/9C/9H/qX/g99aSO/65fo50Sklcr0tojVCxd/EOjuqLNE+4lefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xn8BAAD///xQ9VA=")
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0)
mkdir(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x5)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
symlink(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r0, &(0x7f0000000040)=0x1f00, 0x12)

[  116.423944][ T5310] Bluetooth: hci0: command tx timeout
[  116.466480][ T5324] loop0: detected capacity change from 0 to 512
[  116.521641][ T5324] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.0: corrupted in-inode xattr: invalid ea_ino
[  116.527339][ T5324] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.0: couldn't read orphan inode 15 (err -117)
[  116.532468][ T5324] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  116.547035][ T5324] ==================================================================
[  116.549869][ T5324] BUG: KASAN: use-after-free in ext4_insert_dentry+0x3cd/0x780
[  116.552762][ T5324] Write of size 251 at addr ffff888052b84f14 by task syz.0.0/5324
[  116.555551][ T5324] 
[  116.556501][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00074-ga7f2e10ecd8f #0
[  116.556515][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  116.556523][ T5324] Call Trace:
[  116.556529][ T5324]  <TASK>
[  116.556535][ T5324]  dump_stack_lvl+0x241/0x360
[  116.556552][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.556564][ T5324]  ? __pfx__printk+0x10/0x10
[  116.556574][ T5324]  ? _printk+0xd5/0x120
[  116.556584][ T5324]  ? __virt_addr_valid+0x183/0x530
[  116.556596][ T5324]  ? __virt_addr_valid+0x183/0x530
[  116.556607][ T5324]  print_report+0x16e/0x5b0
[  116.556620][ T5324]  ? __virt_addr_valid+0x183/0x530
[  116.556630][ T5324]  ? __virt_addr_valid+0x183/0x530
[  116.556639][ T5324]  ? __virt_addr_valid+0x45f/0x530
[  116.556648][ T5324]  ? __phys_addr+0xba/0x170
[  116.556656][ T5324]  ? ext4_insert_dentry+0x3cd/0x780
[  116.556670][ T5324]  kasan_report+0x143/0x180
[  116.556683][ T5324]  ? ext4_insert_dentry+0x3cd/0x780
[  116.556698][ T5324]  kasan_check_range+0x282/0x290
[  116.556710][ T5324]  ? ext4_insert_dentry+0x3cd/0x780
[  116.556722][ T5324]  __asan_memcpy+0x40/0x70
[  116.556733][ T5324]  ext4_insert_dentry+0x3cd/0x780
[  116.556745][ T5324]  add_dirent_to_buf+0x315/0x660
[  116.556760][ T5324]  ? __pfx_add_dirent_to_buf+0x10/0x10
[  116.556773][ T5324]  ? __ext4_handle_dirty_metadata+0x30d/0x820
[  116.556784][ T5324]  ? ext4_handle_dirty_dirblock+0xc0/0x350
[  116.556796][ T5324]  make_indexed_dir+0xcaf/0x1280
[  116.556812][ T5324]  ? __pfx_make_indexed_dir+0x10/0x10
[  116.556826][ T5324]  ? add_dirent_to_buf+0x2a7/0x660
[  116.556838][ T5324]  ? add_dirent_to_buf+0x2c5/0x660
[  116.556852][ T5324]  ? __pfx_add_dirent_to_buf+0x10/0x10
[  116.556865][ T5324]  ? __ext4_read_dirblock+0x486/0x790
[  116.556878][ T5324]  ext4_add_entry+0xb36/0xd30
[  116.556892][ T5324]  ? __pfx_ext4_add_entry+0x10/0x10
[  116.556908][ T5324]  ext4_add_nondir+0x8d/0x290
[  116.556920][ T5324]  ? ext4_symlink+0x70c/0xda0
[  116.556941][ T5324]  ext4_symlink+0xa10/0xda0
[  116.556957][ T5324]  ? __pfx_ext4_symlink+0x10/0x10
[  116.556972][ T5324]  ? inode_permission+0xff/0x460
[  116.556994][ T5324]  ? bpf_lsm_inode_symlink+0x9/0x10
[  116.557006][ T5324]  ? security_inode_symlink+0xbe/0x330
[  116.557019][ T5324]  vfs_symlink+0x137/0x2e0
[  116.557031][ T5324]  do_symlinkat+0x222/0x3a0
[  116.557046][ T5324]  ? __pfx_do_symlinkat+0x10/0x10
[  116.557057][ T5324]  ? strncpy_from_user+0x146/0x270
[  116.557072][ T5324]  ? getname_flags+0x1e3/0x540
[  116.557086][ T5324]  __x64_sys_symlink+0x7a/0x90
[  116.557099][ T5324]  do_syscall_64+0xf3/0x230
[  116.557158][ T5324]  ? clear_bhb_loop+0x35/0x90
[  116.557175][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.557189][ T5324] RIP: 0033:0x7fc0e338d169
[  116.557200][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.557208][ T5324] RSP: 002b:00007fc0e4222038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  116.557221][ T5324] RAX: ffffffffffffffda RBX: 00007fc0e35a5fa0 RCX: 00007fc0e338d169
[  116.557230][ T5324] RDX: 0000000000000000 RSI: 0000200000000cc0 RDI: 0000200000000dc0
[  116.557237][ T5324] RBP: 00007fc0e340e2a0 R08: 0000000000000000 R09: 0000000000000000
[  116.557244][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  116.557251][ T5324] R13: 0000000000000000 R14: 00007fc0e35a5fa0 R15: 00007ffd6fac1e18
[  116.557260][ T5324]  </TASK>
[  116.557264][ T5324] 
[  116.684306][ T5324] The buggy address belongs to the physical page:
[  116.686635][ T5324] page: refcount:3 mapcount:0 mapping:ffff8880320ecd78 index:0x3f pfn:0x52b84
[  116.689897][ T5324] memcg:ffff888034f3c000
[  116.691534][ T5324] aops:def_blk_aops ino:700000 dentry name(?):""
[  116.693673][ T5324] flags: 0x4fff10000004014(referenced|dirty|private|node=1|zone=1|lastcpupid=0x7ff)
[  116.697144][ T5324] raw: 04fff10000004014 0000000000000000 dead000000000122 ffff8880320ecd78
[  116.700820][ T5324] raw: 000000000000003f ffff888044c27cb0 00000003ffffffff ffff888034f3c000
[  116.704749][ T5324] page dumped because: kasan: bad access detected
[  116.707370][ T5324] page_owner tracks the page as allocated
[  116.709528][ T5324] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x148c40(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5324, tgid 5323 (syz.0.0), ts 116546845441, free_ts 116505250965
[  116.716690][ T5324]  post_alloc_hook+0x1f4/0x240
[  116.718480][ T5324]  get_page_from_freelist+0x365c/0x37a0
[  116.720570][ T5324]  __alloc_frozen_pages_noprof+0x292/0x710
[  116.722834][ T5324]  alloc_pages_mpol+0x311/0x660
[  116.724624][ T5324]  alloc_pages_noprof+0x121/0x190
[  116.726592][ T5324]  folio_alloc_noprof+0x1e/0x30
[  116.728538][ T5324]  filemap_alloc_folio_noprof+0xe1/0x540
[  116.730652][ T5324]  __filemap_get_folio+0x423/0xb40
[  116.732620][ T5324]  bdev_getblk+0x1d4/0x670
[  116.734309][ T5324]  ext4_getblk+0x31b/0x880
[  116.736052][ T5324]  ext4_bread+0x2e/0x180
[  116.737766][ T5324]  ext4_append+0x327/0x5c0
[  116.739572][ T5324]  make_indexed_dir+0x3ff/0x1280
[  116.741351][ T5324]  ext4_add_entry+0xb36/0xd30
[  116.743108][ T5324]  ext4_add_nondir+0x8d/0x290
[  116.744853][ T5324]  ext4_symlink+0xa10/0xda0
[  116.746730][ T5324] page last free pid 5307 tgid 5307 stack trace:
[  116.749173][ T5324]  free_frozen_pages+0xe0d/0x10e0
[  116.751219][ T5324]  __put_partials+0x160/0x1c0
[  116.753028][ T5324]  put_cpu_partial+0x17c/0x250
[  116.754842][ T5324]  __slab_free+0x290/0x380
[  116.756595][ T5324]  qlist_free_all+0x9a/0x140
[  116.758323][ T5324]  kasan_quarantine_reduce+0x14f/0x170
[  116.760327][ T5324]  __kasan_slab_alloc+0x23/0x80
[  116.762155][ T5324]  kmem_cache_alloc_noprof+0x1d9/0x380
[  116.764242][ T5324]  getname_flags+0xb7/0x540
[  116.766100][ T5324]  do_sys_openat2+0xd2/0x1d0
[  116.767916][ T5324]  __x64_sys_openat+0x247/0x2a0
[  116.769826][ T5324]  do_syscall_64+0xf3/0x230
[  116.771634][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.773912][ T5324] 
[  116.774834][ T5324] Memory state around the buggy address:
[  116.777029][ T5324]  ffff888052b84f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  116.780117][ T5324]  ffff888052b84f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  116.783444][ T5324] >ffff888052b85000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  116.786678][ T5324]                    ^
[  116.788342][ T5324]  ffff888052b85080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  116.791520][ T5324]  ffff888052b85100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  116.794542][ T5324] ==================================================================
[  116.811410][ T5324] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  116.814228][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00074-ga7f2e10ecd8f #0
[  116.818051][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  116.822087][ T5324] Call Trace:
[  116.823446][ T5324]  <TASK>
[  116.824600][ T5324]  dump_stack_lvl+0x241/0x360
[  116.826528][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.828494][ T5324]  ? __pfx__printk+0x10/0x10
[  116.830275][ T5324]  ? preempt_schedule+0xe1/0xf0
[  116.832178][ T5324]  ? vscnprintf+0x5d/0x90
[  116.833846][ T5324]  panic+0x349/0x880
[  116.835405][ T5324]  ? check_panic_on_warn+0x21/0xb0
[  116.837375][ T5324]  ? __pfx_panic+0x10/0x10
[  116.839123][ T5324]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  116.841446][ T5324]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  116.843828][ T5324]  ? print_report+0x519/0x5b0
[  116.845667][ T5324]  check_panic_on_warn+0x86/0xb0
[  116.847604][ T5324]  ? ext4_insert_dentry+0x3cd/0x780
[  116.849590][ T5324]  end_report+0x77/0x160
[  116.851255][ T5324]  kasan_report+0x154/0x180
[  116.852999][ T5324]  ? ext4_insert_dentry+0x3cd/0x780
[  116.855069][ T5324]  kasan_check_range+0x282/0x290
[  116.857061][ T5324]  ? ext4_insert_dentry+0x3cd/0x780
[  116.859056][ T5324]  __asan_memcpy+0x40/0x70
[  116.860747][ T5324]  ext4_insert_dentry+0x3cd/0x780
[  116.862631][ T5324]  add_dirent_to_buf+0x315/0x660
[  116.864591][ T5324]  ? __pfx_add_dirent_to_buf+0x10/0x10
[  116.866801][ T5324]  ? __ext4_handle_dirty_metadata+0x30d/0x820
[  116.869230][ T5324]  ? ext4_handle_dirty_dirblock+0xc0/0x350
[  116.871189][ T5324]  make_indexed_dir+0xcaf/0x1280
[  116.873038][ T5324]  ? __pfx_make_indexed_dir+0x10/0x10
[  116.875095][ T5324]  ? add_dirent_to_buf+0x2a7/0x660
[  116.877077][ T5324]  ? add_dirent_to_buf+0x2c5/0x660
[  116.879110][ T5324]  ? __pfx_add_dirent_to_buf+0x10/0x10
[  116.881231][ T5324]  ? __ext4_read_dirblock+0x486/0x790
[  116.883320][ T5324]  ext4_add_entry+0xb36/0xd30
[  116.885115][ T5324]  ? __pfx_ext4_add_entry+0x10/0x10
[  116.887140][ T5324]  ext4_add_nondir+0x8d/0x290
[  116.889037][ T5324]  ? ext4_symlink+0x70c/0xda0
[  116.890892][ T5324]  ext4_symlink+0xa10/0xda0
[  116.892691][ T5324]  ? __pfx_ext4_symlink+0x10/0x10
[  116.894647][ T5324]  ? inode_permission+0xff/0x460
[  116.896602][ T5324]  ? bpf_lsm_inode_symlink+0x9/0x10
[  116.898724][ T5324]  ? security_inode_symlink+0xbe/0x330
[  116.900827][ T5324]  vfs_symlink+0x137/0x2e0
[  116.902575][ T5324]  do_symlinkat+0x222/0x3a0
[  116.904413][ T5324]  ? __pfx_do_symlinkat+0x10/0x10
[  116.906409][ T5324]  ? strncpy_from_user+0x146/0x270
[  116.908417][ T5324]  ? getname_flags+0x1e3/0x540
[  116.910315][ T5324]  __x64_sys_symlink+0x7a/0x90
[  116.912271][ T5324]  do_syscall_64+0xf3/0x230
[  116.914085][ T5324]  ? clear_bhb_loop+0x35/0x90
[  116.915933][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.918306][ T5324] RIP: 0033:0x7fc0e338d169
[  116.920069][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.927452][ T5324] RSP: 002b:00007fc0e4222038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  116.930744][ T5324] RAX: ffffffffffffffda RBX: 00007fc0e35a5fa0 RCX: 00007fc0e338d169
[  116.933878][ T5324] RDX: 0000000000000000 RSI: 0000200000000cc0 RDI: 0000200000000dc0
[  116.936912][ T5324] RBP: 00007fc0e340e2a0 R08: 0000000000000000 R09: 0000000000000000
[  116.940039][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  116.943187][ T5324] R13: 0000000000000000 R14: 00007fc0e35a5fa0 R15: 00007ffd6fac1e18
[  116.946251][ T5324]  </TASK>
[  116.947754][ T5324] Kernel Offset: disabled
[  116.949453][ T5324] Rebooting in 86400 seconds..