./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3800300470

<...>
Warning: Permanently added '10.128.0.73' (ED25519) to the list of known hosts.
execve("./syz-executor3800300470", ["./syz-executor3800300470"], 0x7ffdb1d2d880 /* 10 vars */) = 0
brk(NULL)                               = 0x5555678b8000
brk(0x5555678b8d00)                     = 0x5555678b8d00
arch_prctl(ARCH_SET_FS, 0x5555678b8380) = 0
set_tid_address(0x5555678b8650)         = 5829
set_robust_list(0x5555678b8660, 24)     = 0
rseq(0x5555678b8ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3800300470", 4096) = 28
getrandom("\xf9\x46\x99\x33\x35\x0e\x11\x41", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555678b8d00
brk(0x5555678d9d00)                     = 0x5555678d9d00
brk(0x5555678da000)                     = 0x5555678da000
mprotect(0x7f9ba93bb000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=864, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5829}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x30\x00\x00\x00\xe8\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 864
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5829}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5829}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5829}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5829}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5829}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5829}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3)                                = 0
close(4)                                = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached
 <unfinished ...>
[pid  5832] set_robust_list(0x5555678b8660, 24) = 0
[pid  5832] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5829] <... clone resumed>, child_tidptr=0x5555678b8650) = 5832
[pid  5832] <... prctl resumed>)        = 0
[pid  5832] setpgid(0, 0)               = 0
[pid  5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5832] write(3, "1000", 4)         = 4
[pid  5832] close(3)                    = 0
[pid  5832] write(1, "executing program\n", 18executing program
) = 18
[pid  5832] memfd_create("syzkaller", 0) = 3
[pid  5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9ba0e00000
[pid  5832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5832] munmap(0x7f9ba0e00000, 138412032) = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5832] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5832] close(3)                    = 0
[pid  5832] close(4)                    = 0
[pid  5832] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[   88.555067][ T5832] loop0: detected capacity change from 0 to 512
[   88.599368][ T5832] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   88.611581][ T5832] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[   88.622521][ T5832] EXT4-fs error (device loop0): ext4_iget_extra_inode:4692: inode #15: comm syz-executor380: corrupted in-inode xattr: e_value size too large
[pid  5832] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "ext3", MS_MGC_VAL|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS, "jqfmt=vfsold,max_batch_time=0x0000000000000001,debug,noload,nodiscard,noblock_validity,init_itable=0"...) = 0
[pid  5832] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid  5832] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5832] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4
[pid  5832] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0224) = 0
[pid  5832] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[   88.638594][ T5832] EXT4-fs error (device loop0): ext4_orphan_get:1395: comm syz-executor380: couldn't read orphan inode 15 (err -117)
[   88.652657][ T5832] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.713321][ T5832] ==================================================================
[   88.721424][ T5832] BUG: KASAN: slab-use-after-free in ext4_insert_dentry+0x3cd/0x780
[   88.729434][ T5832] Write of size 247 at addr ffff8880308dff24 by task syz-executor380/5832
[   88.737929][ T5832] 
[   88.740262][ T5832] CPU: 0 UID: 0 PID: 5832 Comm: syz-executor380 Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) 
[   88.740285][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   88.740299][ T5832] Call Trace:
[   88.740305][ T5832]  <TASK>
[   88.740311][ T5832]  dump_stack_lvl+0x241/0x360
[   88.740337][ T5832]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.740355][ T5832]  ? rcu_is_watching+0x15/0xb0
[   88.740371][ T5832]  ? __virt_addr_valid+0x183/0x530
[   88.740389][ T5832]  ? lock_release+0x4e/0x3e0
[   88.740403][ T5832]  ? __virt_addr_valid+0x183/0x530
[   88.740420][ T5832]  ? __virt_addr_valid+0x183/0x530
[   88.740438][ T5832]  print_report+0x16e/0x5b0
[   88.740464][ T5832]  ? __virt_addr_valid+0x183/0x530
[   88.740481][ T5832]  ? __virt_addr_valid+0x183/0x530
[   88.740498][ T5832]  ? __virt_addr_valid+0x45f/0x530
[   88.740514][ T5832]  ? __phys_addr+0xba/0x170
[   88.740531][ T5832]  ? ext4_insert_dentry+0x3cd/0x780
[   88.740548][ T5832]  kasan_report+0x143/0x180
[   88.740561][ T5832]  ? ext4_insert_dentry+0x3cd/0x780
[   88.740580][ T5832]  kasan_check_range+0x28f/0x2a0
[   88.740592][ T5832]  ? ext4_insert_dentry+0x3cd/0x780
[   88.740609][ T5832]  __asan_memcpy+0x40/0x70
[   88.740627][ T5832]  ext4_insert_dentry+0x3cd/0x780
[   88.740645][ T5832]  add_dirent_to_buf+0x311/0x660
[   88.740665][ T5832]  ? __pfx_add_dirent_to_buf+0x10/0x10
[   88.740683][ T5832]  ? __ext4_handle_dirty_metadata+0x34b/0x820
[   88.740699][ T5832]  ? ext4_handle_dirty_dirblock+0xc0/0x350
[   88.740717][ T5832]  make_indexed_dir+0xcdb/0x1300
[   88.740741][ T5832]  ? __pfx_make_indexed_dir+0x10/0x10
[   88.740759][ T5832]  ? add_dirent_to_buf+0x2c1/0x660
[   88.740779][ T5832]  ? __pfx_add_dirent_to_buf+0x10/0x10
[   88.740797][ T5832]  ? __ext4_read_dirblock+0x486/0x790
[   88.740817][ T5832]  ext4_add_entry+0xb3a/0xd30
[   88.740837][ T5832]  ? __pfx_ext4_add_entry+0x10/0x10
[   88.740861][ T5832]  ext4_add_nondir+0x8d/0x290
[   88.740882][ T5832]  ext4_create+0x376/0x550
[   88.740900][ T5832]  ? __pfx_ext4_create+0x10/0x10
[   88.740919][ T5832]  ? bpf_lsm_inode_create+0x9/0x10
[   88.740939][ T5832]  ? security_inode_create+0xbe/0x340
[   88.740958][ T5832]  vfs_create+0x23c/0x3d0
[   88.740979][ T5832]  do_mknodat+0x407/0x600
[   88.740998][ T5832]  ? __pfx_do_mknodat+0x10/0x10
[   88.741015][ T5832]  ? getname_flags+0x1e2/0x530
[   88.741032][ T5832]  __x64_sys_mknod+0x8c/0xa0
[   88.741051][ T5832]  do_syscall_64+0xf3/0x230
[   88.741072][ T5832]  ? clear_bhb_loop+0x45/0xa0
[   88.741087][ T5832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.741101][ T5832] RIP: 0033:0x7f9ba934ce09
[   88.741119][ T5832] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 1c 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   88.741130][ T5832] RSP: 002b:00007fffc9b04dd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[   88.741156][ T5832] RAX: ffffffffffffffda RBX: 00007f9ba9390220 RCX: 00007f9ba934ce09
[   88.741166][ T5832] RDX: 0000000000000700 RSI: 0000000000000000 RDI: 0000200000000000
[   88.741175][ T5832] RBP: 00007f9ba939009e R08: 0000000000000000 R09: 0000000000000000
[   88.741183][ T5832] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba93c16a0
[   88.741191][ T5832] R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007f9ba939003b
[   88.741206][ T5832]  </TASK>
[   88.741210][ T5832] 
[   89.064051][ T5832] The buggy address belongs to the physical page:
[   89.070475][ T5832] page: refcount:3 mapcount:0 mapping:ffff888023a34d78 index:0x3f pfn:0x308df
[   89.079321][ T5832] memcg:ffff8881412c4000
[   89.083566][ T5832] aops:def_blk_aops ino:700000 dentry name(?):""
[   89.089909][ T5832] flags: 0xfff00000004114(referenced|dirty|active|private|node=0|zone=1|lastcpupid=0x7ff)
[   89.099809][ T5832] raw: 00fff00000004114 0000000000000000 dead000000000122 ffff888023a34d78
[   89.108394][ T5832] raw: 000000000000003f ffff88807b2efcb0 00000003ffffffff ffff8881412c4000
[   89.116973][ T5832] page dumped because: kasan: bad access detected
[   89.123387][ T5832] page_owner tracks the page as allocated
[   89.129122][ T5832] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x148c40(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5832, tgid 5832 (syz-executor380), ts 88711255438, free_ts 88107893045
[   89.148664][ T5832]  post_alloc_hook+0x1f4/0x240
[   89.153432][ T5832]  get_page_from_freelist+0x351d/0x36b0
[   89.158984][ T5832]  __alloc_frozen_pages_noprof+0x211/0x5b0
[   89.164797][ T5832]  alloc_pages_mpol+0x339/0x690
[   89.169661][ T5832]  alloc_pages_noprof+0x121/0x190
[   89.174697][ T5832]  folio_alloc_noprof+0x1e/0x30
[   89.179554][ T5832]  filemap_alloc_folio_noprof+0xe4/0x550
[   89.185234][ T5832]  __filemap_get_folio+0x423/0xb40
[   89.190380][ T5832]  bdev_getblk+0x1d4/0x670
[   89.194814][ T5832]  ext4_getblk+0x31d/0x890
[   89.199240][ T5832]  ext4_bread+0x2e/0x180
[   89.203496][ T5832]  ext4_append+0x32c/0x5d0
[   89.207921][ T5832]  make_indexed_dir+0x426/0x1300
[   89.212866][ T5832]  ext4_add_entry+0xb3a/0xd30
[   89.217548][ T5832]  ext4_add_nondir+0x8d/0x290
[   89.222231][ T5832]  ext4_create+0x376/0x550
[   89.226654][ T5832] page last free pid 15 tgid 15 stack trace:
[   89.232641][ T5832]  __free_frozen_pages+0xddf/0x10a0
[   89.237844][ T5832]  __tlb_remove_table+0x36b/0x460
[   89.242874][ T5832]  tlb_remove_table_rcu+0x79/0xf0
[   89.247902][ T5832]  rcu_core+0xaac/0x17a0
[   89.252145][ T5832]  handle_softirqs+0x2d6/0x9b0
[   89.256910][ T5832]  run_ksoftirqd+0xcf/0x130
[   89.261415][ T5832]  smpboot_thread_fn+0x576/0xaa0
[   89.266355][ T5832]  kthread+0x7b7/0x940
[   89.270425][ T5832]  ret_from_fork+0x4b/0x80
[   89.274842][ T5832]  ret_from_fork_asm+0x1a/0x30
[   89.279629][ T5832] 
[   89.281948][ T5832] Memory state around the buggy address:
[   89.287573][ T5832]  ffff8880308dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.295814][ T5832]  ffff8880308dff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.303893][ T5832] >ffff8880308e0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   89.311978][ T5832]                    ^
[   89.316051][ T5832]  ffff8880308e0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   89.324122][ T5832]  ffff8880308e0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.332184][ T5832] ==================================================================
[   89.341611][ T5832] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   89.348843][ T5832] CPU: 1 UID: 0 PID: 5832 Comm: syz-executor380 Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) 
[   89.360928][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   89.370989][ T5832] Call Trace:
[   89.374280][ T5832]  <TASK>
[   89.377218][ T5832]  dump_stack_lvl+0x241/0x360
[   89.381903][ T5832]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.387107][ T5832]  ? __pfx__printk+0x10/0x10
[   89.391719][ T5832]  ? vscnprintf+0x5d/0x90
[   89.396390][ T5832]  panic+0x349/0x880
[   89.400293][ T5832]  ? check_panic_on_warn+0x21/0xb0
[   89.405408][ T5832]  ? __pfx_panic+0x10/0x10
[   89.409827][ T5832]  ? _raw_spin_unlock_irqrestore+0x134/0x140
[   89.415806][ T5832]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.422139][ T5832]  ? print_report+0x519/0x5b0
[   89.426851][ T5832]  check_panic_on_warn+0x86/0xb0
[   89.431792][ T5832]  ? ext4_insert_dentry+0x3cd/0x780
[   89.436989][ T5832]  end_report+0x77/0x160
[   89.441232][ T5832]  kasan_report+0x154/0x180
[   89.445732][ T5832]  ? ext4_insert_dentry+0x3cd/0x780
[   89.450933][ T5832]  kasan_check_range+0x28f/0x2a0
[   89.455863][ T5832]  ? ext4_insert_dentry+0x3cd/0x780
[   89.461158][ T5832]  __asan_memcpy+0x40/0x70
[   89.465594][ T5832]  ext4_insert_dentry+0x3cd/0x780
[   89.470660][ T5832]  add_dirent_to_buf+0x311/0x660
[   89.475608][ T5832]  ? __pfx_add_dirent_to_buf+0x10/0x10
[   89.481071][ T5832]  ? __ext4_handle_dirty_metadata+0x34b/0x820
[   89.487164][ T5832]  ? ext4_handle_dirty_dirblock+0xc0/0x350
[   89.492991][ T5832]  make_indexed_dir+0xcdb/0x1300
[   89.497930][ T5832]  ? __pfx_make_indexed_dir+0x10/0x10
[   89.503322][ T5832]  ? add_dirent_to_buf+0x2c1/0x660
[   89.508460][ T5832]  ? __pfx_add_dirent_to_buf+0x10/0x10
[   89.513934][ T5832]  ? __ext4_read_dirblock+0x486/0x790
[   89.519307][ T5832]  ext4_add_entry+0xb3a/0xd30
[   89.523990][ T5832]  ? __pfx_ext4_add_entry+0x10/0x10
[   89.529197][ T5832]  ext4_add_nondir+0x8d/0x290
[   89.533879][ T5832]  ext4_create+0x376/0x550
[   89.538317][ T5832]  ? __pfx_ext4_create+0x10/0x10
[   89.543260][ T5832]  ? bpf_lsm_inode_create+0x9/0x10
[   89.548384][ T5832]  ? security_inode_create+0xbe/0x340
[   89.553761][ T5832]  vfs_create+0x23c/0x3d0
[   89.558097][ T5832]  do_mknodat+0x407/0x600
[   89.562433][ T5832]  ? __pfx_do_mknodat+0x10/0x10
[   89.567285][ T5832]  ? getname_flags+0x1e2/0x530
[   89.572050][ T5832]  __x64_sys_mknod+0x8c/0xa0
[   89.576642][ T5832]  do_syscall_64+0xf3/0x230
[   89.581155][ T5832]  ? clear_bhb_loop+0x45/0xa0
[   89.585936][ T5832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.591830][ T5832] RIP: 0033:0x7f9ba934ce09
[   89.596241][ T5832] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 1c 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   89.616592][ T5832] RSP: 002b:00007fffc9b04dd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[   89.625010][ T5832] RAX: ffffffffffffffda RBX: 00007f9ba9390220 RCX: 00007f9ba934ce09
[   89.632985][ T5832] RDX: 0000000000000700 RSI: 0000000000000000 RDI: 0000200000000000
[   89.640955][ T5832] RBP: 00007f9ba939009e R08: 0000000000000000 R09: 0000000000000000
[   89.648928][ T5832] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba93c16a0
[   89.656963][ T5832] R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007f9ba939003b
[   89.665031][ T5832]  </TASK>
[   89.668409][ T5832] Kernel Offset: disabled
[   89.673615][ T5832] Rebooting in 86400 seconds..