program:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x800700, &(0x7f0000000880)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@nogrpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@sysvgroups}, {@usrjquota}]}, 0x3, 0x467, &(0x7f0000002280)="$eJzs3M9rHFUcAPDvzCb93SbWKrRWjRYx+CNp0qo9eFEUPFQU9FCPcZOW0m0jTQRbio0i9SJIQc/iUfAv8OZF1JPgVe9SKBqEVk+R2Z1JN9vdZNNsdmv384Fp39t5M/O+O+/tvJm3mwD61kj2TxKxKyJ+i4ihWnZlgZHafzcXL5X/WbxUTmJp6a0/k2q5G4uXykXRYrudeWY0jUg/SfKDxNb63c5duHhmqlKZOZ/nx+fPvjc+d+His6fPTp2aOTVzbvLYsaNHJl54fvK5tuJI1lifxXXjwIezB/e/9s7V18snrr7707fZNrvy9fVxdMpIFvhfS1WN657o9MF6bHddOhnoYUVYl1JEZKdrsNr/h6IUt07eULz6cU8rB2yq7Nq0tfXqhSXgHpbE2mX+7kZFgC4rLvTZ/W+xdGnocVe4/lLtBiiL+2a+1NYMRJqXGWy4v+2kkYg4sfDvV9kSm/QcAgCg3mflL4/HM83Gf2k8WFduTz6HMhwR90XE3oi4PyL2RcQDEVnZxiFlW0Ya8rePf9JrdxhaW7Lx34v53NbK8V8x+ovhUp7bXY1/MDl5ujJzOH9PRmNwa5afWOUY37/y6+et1tWP/7IlO34xFszrcW2g4QHd9NT8VHVQ2gHXP4o4MNAs/mR5JiCJiP0RcWB9u95TJE4/9c3B7QebF1o7/lV0YJ5p6euIJ2vnfyEa4i8kq89Pjm+Lyszh8aJV3O7nX6682er4LeLfsvHI2pOd/x0r239jkeGkfr52bv3HuPL7py3vae60/W9J3q6el+KN+mBqfv78RMSW5Hg1v+L1yVvbFvmifBb/6KHm/X9vvk12nIciImvCD0fEIxHxaF73xyLi8Yg4tEr8P76cJ5q01w21/w7I4p9u+vm33P4bzv/6E6UzP3xX7GzbuuPPzv/Ramo0f6X6+beGdiu40fcPAAAA/g/S6nfgk3RsOZ2mY2O17/Dvix1pZXZu/umTs++fm659V344BtPiSddQ3fPQiWQh32MtP5k/Ky7WH8mfG39R2l7Nj5VnK9M9jh363c4W/T/zR6nXtQM2XbN5tMmuTUEBvdTY/9OV2ctvdLMyQFf5vTb0rzX6f9qtegDd5/oP/atZ/7/ckDcXAPcm13/oX/o/9C/9H/qX/g99aSO/65fo50Sklcr0tojVCxd/EOjuqLNE+4lefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xn8BAAD///xQ9VA=")
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0) (async)
mkdir(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x5)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xda0}]})
symlink(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
[ 59.560615][ T5310] Bluetooth: hci0: command tx timeout
[ 59.576235][ T5323] loop0: detected capacity change from 0 to 512
[ 59.622994][ T5323] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.0: corrupted in-inode xattr: invalid ea_ino
[ 59.662452][ T5323] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.0: couldn't read orphan inode 15 (err -117)
[ 59.668706][ T5323] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 59.766501][ T5323] ==================================================================
[ 59.769651][ T5323] BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0
[ 59.774066][ T5323] Write of size 251 at addr ffff888050009f14 by task syz.0.0/5323
[ 59.776825][ T5323]
[ 59.777849][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0
[ 59.792090][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 59.799618][ T5323] Call Trace:
[ 59.801227][ T5323]
[ 59.802362][ T5323] dump_stack_lvl+0x241/0x360
[ 59.818076][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10
[ 59.820132][ T5323] ? __pfx__printk+0x10/0x10
[ 59.822083][ T5323] ? _printk+0xd5/0x120
[ 59.823728][ T5323] ? __virt_addr_valid+0x183/0x530
[ 59.825783][ T5323] ? __virt_addr_valid+0x183/0x530
[ 59.827822][ T5323] print_report+0x169/0x550
[ 59.829699][ T5323] ? __virt_addr_valid+0x183/0x530
[ 59.845040][ T5323] ? __virt_addr_valid+0x183/0x530
[ 59.846883][ T5323] ? __virt_addr_valid+0x45f/0x530
[ 59.848938][ T5323] ? __phys_addr+0xba/0x170
[ 59.850948][ T5323] ? ext4_insert_dentry+0x36a/0x6d0
[ 59.853643][ T5323] kasan_report+0x143/0x180
[ 59.865280][ T5323] ? ext4_insert_dentry+0x36a/0x6d0
[ 59.869039][ T5323] kasan_check_range+0x282/0x290
[ 59.872787][ T5323] ? ext4_insert_dentry+0x36a/0x6d0
[ 59.874865][ T5323] __asan_memcpy+0x40/0x70
[ 59.876647][ T5323] ext4_insert_dentry+0x36a/0x6d0
[ 59.896672][ T5323] add_dirent_to_buf+0x3d9/0x750
[ 59.899395][ T5323] ? __pfx_add_dirent_to_buf+0x10/0x10
[ 59.904869][ T5323] ? __ext4_handle_dirty_metadata+0x30d/0x820
[ 59.912707][ T5323] make_indexed_dir+0xf98/0x1600
[ 59.918396][ T5323] ? __pfx_make_indexed_dir+0x10/0x10
[ 59.924082][ T5323] ? add_dirent_to_buf+0x398/0x750
[ 59.930009][ T5323] ? __pfx_add_dirent_to_buf+0x10/0x10
[ 59.935051][ T5323] ? __ext4_read_dirblock+0x527/0x890
[ 59.937889][ T5323] ext4_add_entry+0x222a/0x25d0
[ 59.942309][ T5323] ? __pfx_ext4_initxattrs+0x10/0x10
[ 59.946337][ T5323] ? __pfx_security_inode_init_security+0x10/0x10
[ 59.951312][ T5323] ? rcu_is_watching+0x15/0xb0
[ 59.953824][ T5323] ? __brelse+0x59/0xa0
[ 59.956991][ T5323] ? __ext4_new_inode+0x380f/0x4380
[ 59.960862][ T5323] ? __pfx_ext4_add_entry+0x10/0x10
[ 59.969966][ T5323] ext4_add_nondir+0x8d/0x290
[ 59.973991][ T5323] ? ext4_symlink+0x6ce/0xb50
[ 59.976019][ T5323] ext4_symlink+0x920/0xb50
[ 59.977974][ T5323] ? __pfx_ext4_symlink+0x10/0x10
[ 59.979989][ T5323] ? generic_permission+0x1e0/0x550
[ 59.982097][ T5323] ? inode_permission+0xff/0x460
[ 59.996843][ T5323] ? bpf_lsm_inode_symlink+0x9/0x10
[ 60.010896][ T5323] ? security_inode_symlink+0xbe/0x330
[ 60.013150][ T5323] vfs_symlink+0x137/0x2e0
[ 60.015003][ T5323] do_symlinkat+0x222/0x3a0
[ 60.016914][ T5323] ? __pfx_do_symlinkat+0x10/0x10
[ 60.019035][ T5323] ? strncpy_from_user+0x13a/0x260
[ 60.036994][ T5323] ? getname_flags+0x1e3/0x540
[ 60.039036][ T5323] __x64_sys_symlink+0x7a/0x90
[ 60.041096][ T5323] do_syscall_64+0xf3/0x230
[ 60.042981][ T5323] ? clear_bhb_loop+0x35/0x90
[ 60.044983][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.047467][ T5323] RIP: 0033:0x7f140c17e719
[ 60.049383][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.057432][ T5323] RSP: 002b:00007f140cf9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 60.073019][ T5323] RAX: ffffffffffffffda RBX: 00007f140c335f80 RCX: 00007f140c17e719
[ 60.075913][ T5323] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0
[ 60.080014][ T5323] RBP: 00007f140c1f132e R08: 0000000000000000 R09: 0000000000000000
[ 60.083370][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 60.086685][ T5323] R13: 0000000000000000 R14: 00007f140c335f80 R15: 00007ffd1002d418
[ 60.111865][ T5323]
[ 60.113175][ T5323]
[ 60.114202][ T5323] The buggy address belongs to the physical page:
[ 60.116795][ T5323] page: refcount:3 mapcount:0 mapping:ffff888031d04d78 index:0x3f pfn:0x50009
[ 60.135488][ T5323] memcg:ffff888030476000
[ 60.137032][ T5323] aops:def_blk_aops ino:700000 dentry name(?):""
[ 60.146492][ T5323] flags: 0x4fff08000004214(referenced|dirty|workingset|private|node=1|zone=1|lastcpupid=0x7ff)
[ 60.152962][ T5323] raw: 04fff08000004214 0000000000000000 dead000000000122 ffff888031d04d78
[ 60.156129][ T5323] raw: 000000000000003f ffff888043399828 00000003ffffffff ffff888030476000
[ 60.159303][ T5323] page dumped because: kasan: bad access detected
[ 60.178295][ T5323] page_owner tracks the page as allocated
[ 60.180618][ T5323] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5323, tgid 5322 (syz.0.0), ts 59766295556, free_ts 0
[ 60.188126][ T5323] post_alloc_hook+0x1f3/0x230
[ 60.208672][ T5323] get_page_from_freelist+0x303f/0x3190
[ 60.213387][ T5323] __alloc_pages_noprof+0x292/0x710
[ 60.226186][ T5323] alloc_pages_mpol_noprof+0x3e8/0x680
[ 60.249868][ T5323] folio_alloc_noprof+0x128/0x180
[ 60.252877][ T5323] filemap_alloc_folio_noprof+0xdf/0x500
[ 60.256260][ T5323] __filemap_get_folio+0x446/0xbd0
[ 60.259436][ T5323] bdev_getblk+0x1d8/0x550
[ 60.263335][ T5323] ext4_getblk+0x303/0x800
[ 60.268505][ T5323] ext4_bread+0x2e/0x180
[ 60.271018][ T5323] ext4_append+0x327/0x5c0
[ 60.273490][ T5323] make_indexed_dir+0x523/0x1600
[ 60.276047][ T5323] ext4_add_entry+0x222a/0x25d0
[ 60.278726][ T5323] ext4_add_nondir+0x8d/0x290
[ 60.281763][ T5323] ext4_symlink+0x920/0xb50
[ 60.285149][ T5323] vfs_symlink+0x137/0x2e0
[ 60.289400][ T5323] page_owner free stack trace missing
[ 60.292040][ T5323]
[ 60.293241][ T5323] Memory state around the buggy address:
[ 60.295839][ T5323] ffff888050009f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.302413][ T5323] ffff888050009f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.307780][ T5323] >ffff88805000a000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.311694][ T5323] ^
[ 60.313374][ T5323] ffff88805000a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.316579][ T5323] ffff88805000a100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.319837][ T5323] ==================================================================
[ 60.344696][ T5323] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 60.349813][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0
[ 60.357648][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 60.366617][ T5323] Call Trace:
[ 60.369330][ T5323]
[ 60.371981][ T5323] dump_stack_lvl+0x241/0x360
[ 60.374770][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.377708][ T5323] ? __pfx__printk+0x10/0x10
[ 60.380282][ T5323] ? preempt_schedule+0xe1/0xf0
[ 60.383158][ T5323] ? vscnprintf+0x5d/0x90
[ 60.385936][ T5323] panic+0x349/0x880
[ 60.388128][ T5323] ? check_panic_on_warn+0x21/0xb0
[ 60.391134][ T5323] ? __pfx_panic+0x10/0x10
[ 60.392982][ T5323] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 60.396050][ T5323] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 60.399544][ T5323] ? print_report+0x502/0x550
[ 60.402108][ T5323] check_panic_on_warn+0x86/0xb0
[ 60.404625][ T5323] ? ext4_insert_dentry+0x36a/0x6d0
[ 60.407308][ T5323] end_report+0x77/0x160
[ 60.411294][ T5323] kasan_report+0x154/0x180
[ 60.413888][ T5323] ? ext4_insert_dentry+0x36a/0x6d0
[ 60.416594][ T5323] kasan_check_range+0x282/0x290
[ 60.419039][ T5323] ? ext4_insert_dentry+0x36a/0x6d0
[ 60.421296][ T5323] __asan_memcpy+0x40/0x70
[ 60.423306][ T5323] ext4_insert_dentry+0x36a/0x6d0
[ 60.425472][ T5323] add_dirent_to_buf+0x3d9/0x750
[ 60.427468][ T5323] ? __pfx_add_dirent_to_buf+0x10/0x10
[ 60.429670][ T5323] ? __ext4_handle_dirty_metadata+0x30d/0x820
[ 60.432275][ T5323] make_indexed_dir+0xf98/0x1600
[ 60.438660][ T5323] ? __pfx_make_indexed_dir+0x10/0x10
[ 60.441121][ T5323] ? add_dirent_to_buf+0x398/0x750
[ 60.443500][ T5323] ? __pfx_add_dirent_to_buf+0x10/0x10
[ 60.470493][ T5323] ? __ext4_read_dirblock+0x527/0x890
[ 60.472822][ T5323] ext4_add_entry+0x222a/0x25d0
[ 60.474845][ T5323] ? __pfx_ext4_initxattrs+0x10/0x10
[ 60.476992][ T5323] ? __pfx_security_inode_init_security+0x10/0x10
[ 60.479579][ T5323] ? rcu_is_watching+0x15/0xb0
[ 60.503954][ T5323] ? __brelse+0x59/0xa0
[ 60.509562][ T5323] ? __ext4_new_inode+0x380f/0x4380
[ 60.520359][ T5323] ? __pfx_ext4_add_entry+0x10/0x10
[ 60.525507][ T5323] ext4_add_nondir+0x8d/0x290
[ 60.527766][ T5323] ? ext4_symlink+0x6ce/0xb50
[ 60.533910][ T5323] ext4_symlink+0x920/0xb50
[ 60.536084][ T5323] ? __pfx_ext4_symlink+0x10/0x10
[ 60.538557][ T5323] ? generic_permission+0x1e0/0x550
[ 60.541079][ T5323] ? inode_permission+0xff/0x460
[ 60.543469][ T5323] ? bpf_lsm_inode_symlink+0x9/0x10
[ 60.559386][ T5323] ? security_inode_symlink+0xbe/0x330
[ 60.568430][ T5323] vfs_symlink+0x137/0x2e0
[ 60.588068][ T5323] do_symlinkat+0x222/0x3a0
[ 60.590293][ T5323] ? __pfx_do_symlinkat+0x10/0x10
[ 60.592632][ T5323] ? strncpy_from_user+0x13a/0x260
[ 60.594725][ T5323] ? getname_flags+0x1e3/0x540
[ 60.596693][ T5323] __x64_sys_symlink+0x7a/0x90
[ 60.598769][ T5323] do_syscall_64+0xf3/0x230
[ 60.600660][ T5323] ? clear_bhb_loop+0x35/0x90
[ 60.631272][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.634121][ T5323] RIP: 0033:0x7f140c17e719
[ 60.636225][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.667099][ T5323] RSP: 002b:00007f140cf9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 60.671118][ T5323] RAX: ffffffffffffffda RBX: 00007f140c335f80 RCX: 00007f140c17e719
[ 60.675542][ T5323] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0
[ 60.678851][ T5323] RBP: 00007f140c1f132e R08: 0000000000000000 R09: 0000000000000000
[ 60.681760][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 60.684650][ T5323] R13: 0000000000000000 R14: 00007f140c335f80 R15: 00007ffd1002d418
[ 60.687930][ T5323]
[ 60.689632][ T5323] Kernel Offset: disabled
[ 60.691611][ T5323] Rebooting in 86400 seconds..