program: syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x800700, &(0x7f0000000880)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@nogrpid}, {@nojournal_checksum}, {@minixdf}, {@resgid}, {@sysvgroups}, {@usrjquota}]}, 0x3, 0x467, &(0x7f0000002280)="$eJzs3M9rHFUcAPDvzCb93SbWKrRWjRYx+CNp0qo9eFEUPFQU9FCPcZOW0m0jTQRbio0i9SJIQc/iUfAv8OZF1JPgVe9SKBqEVk+R2Z1JN9vdZNNsdmv384Fp39t5M/O+O+/tvJm3mwD61kj2TxKxKyJ+i4ihWnZlgZHafzcXL5X/WbxUTmJp6a0/k2q5G4uXykXRYrudeWY0jUg/SfKDxNb63c5duHhmqlKZOZ/nx+fPvjc+d+His6fPTp2aOTVzbvLYsaNHJl54fvK5tuJI1lifxXXjwIezB/e/9s7V18snrr7707fZNrvy9fVxdMpIFvhfS1WN657o9MF6bHddOhnoYUVYl1JEZKdrsNr/h6IUt07eULz6cU8rB2yq7Nq0tfXqhSXgHpbE2mX+7kZFgC4rLvTZ/W+xdGnocVe4/lLtBiiL+2a+1NYMRJqXGWy4v+2kkYg4sfDvV9kSm/QcAgCg3mflL4/HM83Gf2k8WFduTz6HMhwR90XE3oi4PyL2RcQDEVnZxiFlW0Ya8rePf9JrdxhaW7Lx34v53NbK8V8x+ovhUp7bXY1/MDl5ujJzOH9PRmNwa5afWOUY37/y6+et1tWP/7IlO34xFszrcW2g4QHd9NT8VHVQ2gHXP4o4MNAs/mR5JiCJiP0RcWB9u95TJE4/9c3B7QebF1o7/lV0YJ5p6euIJ2vnfyEa4i8kq89Pjm+Lyszh8aJV3O7nX6682er4LeLfsvHI2pOd/x0r239jkeGkfr52bv3HuPL7py3vae60/W9J3q6el+KN+mBqfv78RMSW5Hg1v+L1yVvbFvmifBb/6KHm/X9vvk12nIciImvCD0fEIxHxaF73xyLi8Yg4tEr8P76cJ5q01w21/w7I4p9u+vm33P4bzv/6E6UzP3xX7GzbuuPPzv/Ramo0f6X6+beGdiu40fcPAAAA/g/S6nfgk3RsOZ2mY2O17/Dvix1pZXZu/umTs++fm659V344BtPiSddQ3fPQiWQh32MtP5k/Ky7WH8mfG39R2l7Nj5VnK9M9jh363c4W/T/zR6nXtQM2XbN5tMmuTUEBvdTY/9OV2ctvdLMyQFf5vTb0rzX6f9qtegDd5/oP/atZ/7/ckDcXAPcm13/oX/o/9C/9H/qX/g99aSO/65fo50Sklcr0tojVCxd/EOjuqLNE+4lefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xn8BAAD///xQ9VA=") chdir(&(0x7f0000000140)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0) mkdir(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x5) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) symlink(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x800700, &(0x7f0000000880)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@nogrpid}, {@nojournal_checksum}, {@minixdf}, {@resgid}, {@sysvgroups}, {@usrjquota}]}, 0x3, 0x467, &(0x7f0000002280)="$eJzs3M9rHFUcAPDvzCb93SbWKrRWjRYx+CNp0qo9eFEUPFQU9FCPcZOW0m0jTQRbio0i9SJIQc/iUfAv8OZF1JPgVe9SKBqEVk+R2Z1JN9vdZNNsdmv384Fp39t5M/O+O+/tvJm3mwD61kj2TxKxKyJ+i4ihWnZlgZHafzcXL5X/WbxUTmJp6a0/k2q5G4uXykXRYrudeWY0jUg/SfKDxNb63c5duHhmqlKZOZ/nx+fPvjc+d+His6fPTp2aOTVzbvLYsaNHJl54fvK5tuJI1lifxXXjwIezB/e/9s7V18snrr7707fZNrvy9fVxdMpIFvhfS1WN657o9MF6bHddOhnoYUVYl1JEZKdrsNr/h6IUt07eULz6cU8rB2yq7Nq0tfXqhSXgHpbE2mX+7kZFgC4rLvTZ/W+xdGnocVe4/lLtBiiL+2a+1NYMRJqXGWy4v+2kkYg4sfDvV9kSm/QcAgCg3mflL4/HM83Gf2k8WFduTz6HMhwR90XE3oi4PyL2RcQDEVnZxiFlW0Ya8rePf9JrdxhaW7Lx34v53NbK8V8x+ovhUp7bXY1/MDl5ujJzOH9PRmNwa5afWOUY37/y6+et1tWP/7IlO34xFszrcW2g4QHd9NT8VHVQ2gHXP4o4MNAs/mR5JiCJiP0RcWB9u95TJE4/9c3B7QebF1o7/lV0YJ5p6euIJ2vnfyEa4i8kq89Pjm+Lyszh8aJV3O7nX6682er4LeLfsvHI2pOd/x0r239jkeGkfr52bv3HuPL7py3vae60/W9J3q6el+KN+mBqfv78RMSW5Hg1v+L1yVvbFvmifBb/6KHm/X9vvk12nIciImvCD0fEIxHxaF73xyLi8Yg4tEr8P76cJ5q01w21/w7I4p9u+vm33P4bzv/6E6UzP3xX7GzbuuPPzv/Ramo0f6X6+beGdiu40fcPAAAA/g/S6nfgk3RsOZ2mY2O17/Dvix1pZXZu/umTs++fm659V344BtPiSddQ3fPQiWQh32MtP5k/Ky7WH8mfG39R2l7Nj5VnK9M9jh363c4W/T/zR6nXtQM2XbN5tMmuTUEBvdTY/9OV2ctvdLMyQFf5vTb0rzX6f9qtegDd5/oP/atZ/7/ckDcXAPcm13/oX/o/9C/9H/qX/g99aSO/65fo50Sklcr0tojVCxd/EOjuqLNE+4lefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xn8BAAD///xQ9VA=") (async) chdir(&(0x7f0000000140)='./file0\x00') (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0) (async) mkdir(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x5) (async) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) (async) symlink(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async) [ 60.631237][ T5090] Bluetooth: hci0: command tx timeout [ 60.708854][ T5103] loop0: detected capacity change from 0 to 512 [ 60.730805][ T5103] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.0: corrupted in-inode xattr: invalid ea_ino [ 60.745700][ T5103] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.0: couldn't read orphan inode 15 (err -117) [ 60.759554][ T5103] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 60.770413][ T5103] ================================================================== [ 60.773608][ T5103] BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 [ 60.776661][ T5103] Write of size 251 at addr ffff888049b2df14 by task syz.0.0/5103 [ 60.779593][ T5103] [ 60.780552][ T5103] CPU: 0 UID: 0 PID: 5103 Comm: syz.0.0 Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 [ 60.784551][ T5103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.788538][ T5103] Call Trace: [ 60.789769][ T5103] [ 60.790926][ T5103] dump_stack_lvl+0x241/0x360 [ 60.792764][ T5103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.794708][ T5103] ? __pfx__printk+0x10/0x10 [ 60.796393][ T5103] ? _printk+0xd5/0x120 [ 60.797891][ T5103] ? __virt_addr_valid+0x183/0x530 [ 60.799714][ T5103] ? __virt_addr_valid+0x183/0x530 [ 60.801538][ T5103] print_report+0x169/0x550 [ 60.803117][ T5103] ? __virt_addr_valid+0x183/0x530 [ 60.804866][ T5103] ? __virt_addr_valid+0x183/0x530 [ 60.806633][ T5103] ? __virt_addr_valid+0x45f/0x530 [ 60.808390][ T5103] ? __phys_addr+0xba/0x170 [ 60.809984][ T5103] ? ext4_insert_dentry+0x36a/0x6d0 [ 60.811937][ T5103] kasan_report+0x143/0x180 [ 60.813759][ T5103] ? ext4_insert_dentry+0x36a/0x6d0 [ 60.815793][ T5103] kasan_check_range+0x282/0x290 [ 60.817756][ T5103] ? ext4_insert_dentry+0x36a/0x6d0 [ 60.819771][ T5103] __asan_memcpy+0x40/0x70 [ 60.821566][ T5103] ext4_insert_dentry+0x36a/0x6d0 [ 60.823547][ T5103] add_dirent_to_buf+0x3d9/0x750 [ 60.825506][ T5103] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 60.827543][ T5103] ? __ext4_handle_dirty_metadata+0x30d/0x820 [ 60.829928][ T5103] make_indexed_dir+0xf98/0x1600 [ 60.831842][ T5103] ? __pfx_make_indexed_dir+0x10/0x10 [ 60.833884][ T5103] ? add_dirent_to_buf+0x398/0x750 [ 60.835747][ T5103] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 60.837636][ T5103] ? __ext4_read_dirblock+0x527/0x890 [ 60.839548][ T5103] ext4_add_entry+0x222a/0x25d0 [ 60.841466][ T5103] ? __pfx_ext4_initxattrs+0x10/0x10 [ 60.843551][ T5103] ? __pfx_security_inode_init_security+0x10/0x10 [ 60.846104][ T5103] ? rcu_is_watching+0x15/0xb0 [ 60.847969][ T5103] ? __brelse+0x59/0xa0 [ 60.849594][ T5103] ? __ext4_new_inode+0x380f/0x4380 [ 60.851627][ T5103] ? __pfx_ext4_add_entry+0x10/0x10 [ 60.853660][ T5103] ext4_add_nondir+0x8d/0x290 [ 60.855418][ T5103] ? ext4_symlink+0x6ce/0xb50 [ 60.857240][ T5103] ext4_symlink+0x920/0xb50 [ 60.859036][ T5103] ? __pfx_ext4_symlink+0x10/0x10 [ 60.860982][ T5103] ? generic_permission+0x1e0/0x550 [ 60.863006][ T5103] ? inode_permission+0xff/0x460 [ 60.864979][ T5103] ? bpf_lsm_inode_symlink+0x9/0x10 [ 60.867044][ T5103] ? security_inode_symlink+0xbe/0x330 [ 60.869194][ T5103] vfs_symlink+0x137/0x2e0 [ 60.870982][ T5103] do_symlinkat+0x222/0x3a0 [ 60.872720][ T5103] ? __pfx_do_symlinkat+0x10/0x10 [ 60.874756][ T5103] ? strncpy_from_user+0x131/0x250 [ 60.876856][ T5103] ? getname_flags+0x1e3/0x540 [ 60.878722][ T5103] __x64_sys_symlink+0x7a/0x90 [ 60.880625][ T5103] do_syscall_64+0xf3/0x230 [ 60.882403][ T5103] ? clear_bhb_loop+0x35/0x90 [ 60.884207][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.886516][ T5103] RIP: 0033:0x7fe80c17e719 [ 60.888281][ T5103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.895531][ T5103] RSP: 002b:00007fe80cfff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 60.898688][ T5103] RAX: ffffffffffffffda RBX: 00007fe80c335f80 RCX: 00007fe80c17e719 [ 60.901792][ T5103] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0 [ 60.904903][ T5103] RBP: 00007fe80c1f12be R08: 0000000000000000 R09: 0000000000000000 [ 60.907976][ T5103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.910843][ T5103] R13: 0000000000000000 R14: 00007fe80c335f80 R15: 00007ffd8ab05178 [ 60.913863][ T5103] [ 60.915113][ T5103] [ 60.916093][ T5103] The buggy address belongs to the physical page: [ 60.918597][ T5103] page: refcount:3 mapcount:0 mapping:ffff888031cd4d78 index:0x3f pfn:0x49b2d [ 60.922029][ T5103] memcg:ffff88801bea6000 [ 60.923697][ T5103] aops:def_blk_aops ino:700000 dentry name(?):"" [ 60.926194][ T5103] flags: 0x4fff08000004214(referenced|dirty|workingset|private|node=1|zone=1|lastcpupid=0x7ff) [ 60.930210][ T5103] raw: 04fff08000004214 0000000000000000 dead000000000122 ffff888031cd4d78 [ 60.933580][ T5103] raw: 000000000000003f ffff888040ae61d0 00000003ffffffff ffff88801bea6000 [ 60.936858][ T5103] page dumped because: kasan: bad access detected [ 60.939236][ T5103] page_owner tracks the page as allocated [ 60.941424][ T5103] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5103, tgid 5102 (syz.0.0), ts 60770223038, free_ts 60707334794 [ 60.948854][ T5103] post_alloc_hook+0x1f3/0x230 [ 60.950634][ T5103] get_page_from_freelist+0x3045/0x3190 [ 60.952652][ T5103] __alloc_pages_noprof+0x292/0x710 [ 60.954547][ T5103] alloc_pages_mpol_noprof+0x3e8/0x680 [ 60.956553][ T5103] folio_alloc_noprof+0x128/0x180 [ 60.958493][ T5103] filemap_alloc_folio_noprof+0xdf/0x500 [ 60.960665][ T5103] __filemap_get_folio+0x446/0xbd0 [ 60.962647][ T5103] bdev_getblk+0x1d8/0x550 [ 60.964352][ T5103] ext4_getblk+0x303/0x800 [ 60.966088][ T5103] ext4_bread+0x2e/0x180 [ 60.967738][ T5103] ext4_append+0x327/0x5c0 [ 60.969449][ T5103] make_indexed_dir+0x523/0x1600 [ 60.971301][ T5103] ext4_add_entry+0x222a/0x25d0 [ 60.973163][ T5103] ext4_add_nondir+0x8d/0x290 [ 60.974933][ T5103] ext4_symlink+0x920/0xb50 [ 60.976420][ T5103] vfs_symlink+0x137/0x2e0 [ 60.977954][ T5103] page last free pid 5103 tgid 5102 stack trace: [ 60.980381][ T5103] free_unref_folios+0xf12/0x18d0 [ 60.982349][ T5103] folios_put_refs+0x76c/0x860 [ 60.984202][ T5103] free_pages_and_swap_cache+0x5c8/0x690 [ 60.986481][ T5103] tlb_flush_mmu+0x3a3/0x680 [ 60.988321][ T5103] tlb_finish_mmu+0xd4/0x200 [ 60.990138][ T5103] vms_clear_ptes+0x437/0x530 [ 60.991934][ T5103] vms_complete_munmap_vmas+0x208/0x910 [ 60.994109][ T5103] do_vmi_align_munmap+0x613/0x730 [ 60.996125][ T5103] do_vmi_munmap+0x24e/0x2d0 [ 60.997917][ T5103] __vm_munmap+0x24c/0x480 [ 60.999680][ T5103] __x64_sys_munmap+0x68/0x80 [ 61.001509][ T5103] do_syscall_64+0xf3/0x230 [ 61.003297][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.005293][ T5103] [ 61.006175][ T5103] Memory state around the buggy address: [ 61.008129][ T5103] ffff888049b2df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.010908][ T5103] ffff888049b2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.013865][ T5103] >ffff888049b2e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 61.016914][ T5103] ^ [ 61.018512][ T5103] ffff888049b2e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 61.021515][ T5103] ffff888049b2e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 61.024556][ T5103] ================================================================== [ 61.041020][ T5103] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 61.043711][ T5103] CPU: 0 UID: 0 PID: 5103 Comm: syz.0.0 Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 [ 61.047566][ T5103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.051493][ T5103] Call Trace: [ 61.052848][ T5103] [ 61.053935][ T5103] dump_stack_lvl+0x241/0x360 [ 61.055705][ T5103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.057661][ T5103] ? __pfx__printk+0x10/0x10 [ 61.059431][ T5103] ? preempt_schedule+0xe1/0xf0 [ 61.061254][ T5103] ? vscnprintf+0x5d/0x90 [ 61.062897][ T5103] panic+0x349/0x880 [ 61.064385][ T5103] ? check_panic_on_warn+0x21/0xb0 [ 61.066302][ T5103] ? __pfx_panic+0x10/0x10 [ 61.067888][ T5103] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 61.070024][ T5103] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 61.072382][ T5103] ? print_report+0x502/0x550 [ 61.074190][ T5103] check_panic_on_warn+0x86/0xb0 [ 61.076061][ T5103] ? ext4_insert_dentry+0x36a/0x6d0 [ 61.077950][ T5103] end_report+0x77/0x160 [ 61.079830][ T5103] kasan_report+0x154/0x180 [ 61.081680][ T5103] ? ext4_insert_dentry+0x36a/0x6d0 [ 61.083614][ T5103] kasan_check_range+0x282/0x290 [ 61.085490][ T5103] ? ext4_insert_dentry+0x36a/0x6d0 [ 61.087484][ T5103] __asan_memcpy+0x40/0x70 [ 61.089325][ T5103] ext4_insert_dentry+0x36a/0x6d0 [ 61.091180][ T5103] add_dirent_to_buf+0x3d9/0x750 [ 61.092991][ T5103] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 61.095017][ T5103] ? __ext4_handle_dirty_metadata+0x30d/0x820 [ 61.097286][ T5103] make_indexed_dir+0xf98/0x1600 [ 61.099146][ T5103] ? __pfx_make_indexed_dir+0x10/0x10 [ 61.101172][ T5103] ? add_dirent_to_buf+0x398/0x750 [ 61.103072][ T5103] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 61.105201][ T5103] ? __ext4_read_dirblock+0x527/0x890 [ 61.107134][ T5103] ext4_add_entry+0x222a/0x25d0 [ 61.108877][ T5103] ? __pfx_ext4_initxattrs+0x10/0x10 [ 61.110905][ T5103] ? __pfx_security_inode_init_security+0x10/0x10 [ 61.113307][ T5103] ? rcu_is_watching+0x15/0xb0 [ 61.115229][ T5103] ? __brelse+0x59/0xa0 [ 61.116815][ T5103] ? __ext4_new_inode+0x380f/0x4380 [ 61.118845][ T5103] ? __pfx_ext4_add_entry+0x10/0x10 [ 61.120769][ T5103] ext4_add_nondir+0x8d/0x290 [ 61.122524][ T5103] ? ext4_symlink+0x6ce/0xb50 [ 61.124070][ T5103] ext4_symlink+0x920/0xb50 [ 61.125637][ T5103] ? __pfx_ext4_symlink+0x10/0x10 [ 61.127385][ T5103] ? generic_permission+0x1e0/0x550 [ 61.129363][ T5103] ? inode_permission+0xff/0x460 [ 61.131218][ T5103] ? bpf_lsm_inode_symlink+0x9/0x10 [ 61.133159][ T5103] ? security_inode_symlink+0xbe/0x330 [ 61.135233][ T5103] vfs_symlink+0x137/0x2e0 [ 61.136898][ T5103] do_symlinkat+0x222/0x3a0 [ 61.138595][ T5103] ? __pfx_do_symlinkat+0x10/0x10 [ 61.140486][ T5103] ? strncpy_from_user+0x131/0x250 [ 61.142674][ T5103] ? getname_flags+0x1e3/0x540 [ 61.144484][ T5103] __x64_sys_symlink+0x7a/0x90 [ 61.146264][ T5103] do_syscall_64+0xf3/0x230 [ 61.148036][ T5103] ? clear_bhb_loop+0x35/0x90 [ 61.149820][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.152024][ T5103] RIP: 0033:0x7fe80c17e719 [ 61.154003][ T5103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.161180][ T5103] RSP: 002b:00007fe80cfff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 61.164435][ T5103] RAX: ffffffffffffffda RBX: 00007fe80c335f80 RCX: 00007fe80c17e719 [ 61.167428][ T5103] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0 [ 61.170452][ T5103] RBP: 00007fe80c1f12be R08: 0000000000000000 R09: 0000000000000000 [ 61.173421][ T5103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 61.176766][ T5103] R13: 0000000000000000 R14: 00007fe80c335f80 R15: 00007ffd8ab05178 [ 61.179983][ T5103] [ 61.181436][ T5103] Kernel Offset: disabled [ 61.183081][ T5103] Rebooting in 86400 seconds..