program:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x800700, &(0x7f0000000880)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@nogrpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@sysvgroups}, {@usrjquota}]}, 0x3, 0x467, &(0x7f0000002280)="$eJzs3M9rHFUcAPDvzCb93SbWKrRWjRYx+CNp0qo9eFEUPFQU9FCPcZOW0m0jTQRbio0i9SJIQc/iUfAv8OZF1JPgVe9SKBqEVk+R2Z1JN9vdZNNsdmv384Fp39t5M/O+O+/tvJm3mwD61kj2TxKxKyJ+i4ihWnZlgZHafzcXL5X/WbxUTmJp6a0/k2q5G4uXykXRYrudeWY0jUg/SfKDxNb63c5duHhmqlKZOZ/nx+fPvjc+d+His6fPTp2aOTVzbvLYsaNHJl54fvK5tuJI1lifxXXjwIezB/e/9s7V18snrr7707fZNrvy9fVxdMpIFvhfS1WN657o9MF6bHddOhnoYUVYl1JEZKdrsNr/h6IUt07eULz6cU8rB2yq7Nq0tfXqhSXgHpbE2mX+7kZFgC4rLvTZ/W+xdGnocVe4/lLtBiiL+2a+1NYMRJqXGWy4v+2kkYg4sfDvV9kSm/QcAgCg3mflL4/HM83Gf2k8WFduTz6HMhwR90XE3oi4PyL2RcQDEVnZxiFlW0Ya8rePf9JrdxhaW7Lx34v53NbK8V8x+ovhUp7bXY1/MDl5ujJzOH9PRmNwa5afWOUY37/y6+et1tWP/7IlO34xFszrcW2g4QHd9NT8VHVQ2gHXP4o4MNAs/mR5JiCJiP0RcWB9u95TJE4/9c3B7QebF1o7/lV0YJ5p6euIJ2vnfyEa4i8kq89Pjm+Lyszh8aJV3O7nX6682er4LeLfsvHI2pOd/x0r239jkeGkfr52bv3HuPL7py3vae60/W9J3q6el+KN+mBqfv78RMSW5Hg1v+L1yVvbFvmifBb/6KHm/X9vvk12nIciImvCD0fEIxHxaF73xyLi8Yg4tEr8P76cJ5q01w21/w7I4p9u+vm33P4bzv/6E6UzP3xX7GzbuuPPzv/Ramo0f6X6+beGdiu40fcPAAAA/g/S6nfgk3RsOZ2mY2O17/Dvix1pZXZu/umTs++fm659V344BtPiSddQ3fPQiWQh32MtP5k/Ky7WH8mfG39R2l7Nj5VnK9M9jh363c4W/T/zR6nXtQM2XbN5tMmuTUEBvdTY/9OV2ctvdLMyQFf5vTb0rzX6f9qtegDd5/oP/atZ/7/ckDcXAPcm13/oX/o/9C/9H/qX/g99aSO/65fo50Sklcr0tojVCxd/EOjuqLNE+4lefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xn8BAAD///xQ9VA=")
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0) (async)
mkdir(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x5)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
symlink(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/vmcoreinfo', 0x149a82, 0x0)
write$cgroup_int(r0, &(0x7f0000000040)=0x1f00, 0x12)

[   68.193414][ T4664] Bluetooth: hci0: command tx timeout
[   68.237966][ T5317] loop0: detected capacity change from 0 to 512
[   68.338254][ T5317] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.0: corrupted in-inode xattr: invalid ea_ino
[   68.344668][ T5317] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.0: couldn't read orphan inode 15 (err -117)
[   68.380601][ T5317] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.427585][ T5317] ==================================================================
[   68.430368][ T5317] BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0
[   68.433393][ T5317] Write of size 251 at addr ffff88804366af14 by task syz.0.0/5317
[   68.452028][ T5317] 
[   68.453055][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller #0
[   68.453088][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.453097][ T5317] Call Trace:
[   68.453103][ T5317]  <TASK>
[   68.453109][ T5317]  dump_stack_lvl+0x241/0x360
[   68.453126][ T5317]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.453137][ T5317]  ? __pfx__printk+0x10/0x10
[   68.453154][ T5317]  ? _printk+0xd5/0x120
[   68.453168][ T5317]  ? __virt_addr_valid+0x183/0x530
[   68.453185][ T5317]  ? __virt_addr_valid+0x183/0x530
[   68.453200][ T5317]  print_report+0x169/0x550
[   68.453217][ T5317]  ? __virt_addr_valid+0x183/0x530
[   68.453232][ T5317]  ? __virt_addr_valid+0x183/0x530
[   68.453246][ T5317]  ? __virt_addr_valid+0x45f/0x530
[   68.453261][ T5317]  ? __phys_addr+0xba/0x170
[   68.453277][ T5317]  ? ext4_insert_dentry+0x36a/0x6d0
[   68.453293][ T5317]  kasan_report+0x143/0x180
[   68.453309][ T5317]  ? ext4_insert_dentry+0x36a/0x6d0
[   68.453325][ T5317]  kasan_check_range+0x282/0x290
[   68.453335][ T5317]  ? ext4_insert_dentry+0x36a/0x6d0
[   68.453349][ T5317]  __asan_memcpy+0x40/0x70
[   68.453364][ T5317]  ext4_insert_dentry+0x36a/0x6d0
[   68.453384][ T5317]  add_dirent_to_buf+0x315/0x660
[   68.453400][ T5317]  ? __pfx_add_dirent_to_buf+0x10/0x10
[   68.453416][ T5317]  ? __ext4_handle_dirty_metadata+0x30d/0x820
[   68.453429][ T5317]  ? ext4_handle_dirty_dirblock+0xc0/0x350
[   68.453444][ T5317]  make_indexed_dir+0xd0e/0x1350
[   68.453463][ T5317]  ? __pfx_make_indexed_dir+0x10/0x10
[   68.453478][ T5317]  ? add_dirent_to_buf+0x2a7/0x660
[   68.453492][ T5317]  ? add_dirent_to_buf+0x2c5/0x660
[   68.453508][ T5317]  ? __pfx_add_dirent_to_buf+0x10/0x10
[   68.453523][ T5317]  ? __ext4_read_dirblock+0x486/0x790
[   68.453539][ T5317]  ext4_add_entry+0xbcd/0xe00
[   68.453555][ T5317]  ? __pfx_ext4_add_entry+0x10/0x10
[   68.453573][ T5317]  ext4_add_nondir+0x8d/0x290
[   68.453588][ T5317]  ? ext4_symlink+0x70e/0xc90
[   68.453602][ T5317]  ext4_symlink+0x9b1/0xc90
[   68.453620][ T5317]  ? __pfx_ext4_symlink+0x10/0x10
[   68.453636][ T5317]  ? inode_permission+0xff/0x460
[   68.453648][ T5317]  ? bpf_lsm_inode_symlink+0x9/0x10
[   68.453665][ T5317]  ? security_inode_symlink+0xbe/0x330
[   68.453732][ T5317]  vfs_symlink+0x137/0x2e0
[   68.453749][ T5317]  do_symlinkat+0x222/0x3a0
[   68.453766][ T5317]  ? __pfx_do_symlinkat+0x10/0x10
[   68.453780][ T5317]  ? strncpy_from_user+0x146/0x270
[   68.453793][ T5317]  ? getname_flags+0x1e3/0x540
[   68.453804][ T5317]  __x64_sys_symlink+0x7a/0x90
[   68.453827][ T5317]  do_syscall_64+0xf3/0x230
[   68.453873][ T5317]  ? clear_bhb_loop+0x35/0x90
[   68.453890][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.453905][ T5317] RIP: 0033:0x7fb94438cda9
[   68.453917][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.453926][ T5317] RSP: 002b:00007fb94521d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   68.453940][ T5317] RAX: ffffffffffffffda RBX: 00007fb9445a5fa0 RCX: 00007fb94438cda9
[   68.453948][ T5317] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0
[   68.453955][ T5317] RBP: 00007fb94440e2a0 R08: 0000000000000000 R09: 0000000000000000
[   68.453962][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.453968][ T5317] R13: 0000000000000000 R14: 00007fb9445a5fa0 R15: 00007ffe33dbdad8
[   68.453979][ T5317]  </TASK>
[   68.453984][ T5317] 
[   68.767779][ T5317] The buggy address belongs to the physical page:
[   68.770133][ T5317] page: refcount:3 mapcount:0 mapping:ffff8880004b4d78 index:0x3f pfn:0x4366a
[   68.785584][ T5317] memcg:ffff88801cd08000
[   68.787438][ T5317] aops:def_blk_aops ino:700000 dentry name(?):""
[   68.790083][ T5317] flags: 0x4fff10000004014(referenced|dirty|private|node=1|zone=1|lastcpupid=0x7ff)
[   68.793533][ T5317] raw: 04fff10000004014 0000000000000000 dead000000000122 ffff8880004b4d78
[   68.806812][ T5317] raw: 000000000000003f ffff8880433fe910 00000003ffffffff ffff88801cd08000
[   68.810423][ T5317] page dumped because: kasan: bad access detected
[   68.813029][ T5317] page_owner tracks the page as allocated
[   68.815299][ T5317] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x148c40(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5317, tgid 5316 (syz.0.0), ts 68427376515, free_ts 68247844754
[   68.833087][ T5317]  post_alloc_hook+0x1f4/0x240
[   68.835718][ T5317]  get_page_from_freelist+0x365c/0x37a0
[   68.837833][ T5317]  __alloc_frozen_pages_noprof+0x292/0x710
[   68.839962][ T5317]  alloc_pages_mpol+0x311/0x660
[   68.841791][ T5317]  alloc_pages_noprof+0x121/0x190
[   68.843722][ T5317]  folio_alloc_noprof+0x1e/0x30
[   68.862686][ T5317]  filemap_alloc_folio_noprof+0xe1/0x540
[   68.864762][ T5317]  __filemap_get_folio+0x438/0xae0
[   68.866812][ T5317]  bdev_getblk+0x1d4/0x670
[   68.868429][ T5317]  ext4_getblk+0x31b/0x880
[   68.870130][ T5317]  ext4_bread+0x2e/0x180
[   68.871717][ T5317]  ext4_append+0x327/0x5c0
[   68.878101][ T5317]  make_indexed_dir+0x430/0x1350
[   68.886689][ T5317]  ext4_add_entry+0xbcd/0xe00
[   68.888614][ T5317]  ext4_add_nondir+0x8d/0x290
[   68.890765][ T5317]  ext4_symlink+0x9b1/0xc90
[   68.896879][ T5317] page last free pid 4714 tgid 4714 stack trace:
[   68.899171][ T5317]  free_frozen_pages+0xe0d/0x10e0
[   68.901011][ T5317]  __put_partials+0x160/0x1c0
[   68.902791][ T5317]  put_cpu_partial+0x17c/0x250
[   68.904543][ T5317]  __slab_free+0x290/0x380
[   68.916397][ T5317]  qlist_free_all+0x9a/0x140
[   68.918536][ T5317]  kasan_quarantine_reduce+0x14f/0x170
[   68.920965][ T5317]  __kasan_slab_alloc+0x23/0x80
[   68.927839][ T5317]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   68.930486][ T5317]  __alloc_skb+0x1c3/0x440
[   68.932251][ T5317]  alloc_skb_with_frags+0xc3/0x820
[   68.950171][ T5317]  sock_alloc_send_pskb+0x91a/0xa60
[   68.952090][ T5317]  unix_dgram_sendmsg+0x5f1/0x1df0
[   68.954003][ T5317]  __sock_sendmsg+0x221/0x270
[   68.955736][ T5317]  __sys_sendto+0x363/0x4c0
[   68.957631][ T5317]  __x64_sys_sendto+0xde/0x100
[   68.960475][ T5317]  do_syscall_64+0xf3/0x230
[   68.962247][ T5317] 
[   68.963185][ T5317] Memory state around the buggy address:
[   68.968517][ T5317]  ffff88804366af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   68.977172][ T5317]  ffff88804366af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   68.980051][ T5317] >ffff88804366b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.982951][ T5317]                    ^
[   68.984500][ T5317]  ffff88804366b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.004777][ T5317]  ffff88804366b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.009337][ T5317] ==================================================================
[   69.058831][ T5317] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.061509][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller #0
[   69.064690][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.084838][ T5317] Call Trace:
[   69.096462][ T5317]  <TASK>
[   69.097555][ T5317]  dump_stack_lvl+0x241/0x360
[   69.099286][ T5317]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.101180][ T5317]  ? __pfx__printk+0x10/0x10
[   69.103092][ T5317]  ? preempt_schedule+0xe1/0xf0
[   69.105086][ T5317]  ? vscnprintf+0x5d/0x90
[   69.117028][ T5317]  panic+0x349/0x880
[   69.118619][ T5317]  ? check_panic_on_warn+0x21/0xb0
[   69.120909][ T5317]  ? __pfx_panic+0x10/0x10
[   69.123129][ T5317]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   69.125568][ T5317]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.138246][ T5317]  ? print_report+0x502/0x550
[   69.140380][ T5317]  check_panic_on_warn+0x86/0xb0
[   69.142366][ T5317]  ? ext4_insert_dentry+0x36a/0x6d0
[   69.144273][ T5317]  end_report+0x77/0x160
[   69.153291][ T5317]  kasan_report+0x154/0x180
[   69.156605][ T5317]  ? ext4_insert_dentry+0x36a/0x6d0
[   69.164851][ T5317]  kasan_check_range+0x282/0x290
[   69.167822][ T5317]  ? ext4_insert_dentry+0x36a/0x6d0
[   69.175691][ T5317]  __asan_memcpy+0x40/0x70
[   69.181304][ T5317]  ext4_insert_dentry+0x36a/0x6d0
[   69.186956][ T5317]  add_dirent_to_buf+0x315/0x660
[   69.189090][ T5317]  ? __pfx_add_dirent_to_buf+0x10/0x10
[   69.197174][ T5317]  ? __ext4_handle_dirty_metadata+0x30d/0x820
[   69.206450][ T5317]  ? ext4_handle_dirty_dirblock+0xc0/0x350
[   69.211882][ T5317]  make_indexed_dir+0xd0e/0x1350
[   69.218264][ T5317]  ? __pfx_make_indexed_dir+0x10/0x10
[   69.220494][ T5317]  ? add_dirent_to_buf+0x2a7/0x660
[   69.222536][ T5317]  ? add_dirent_to_buf+0x2c5/0x660
[   69.238202][ T5317]  ? __pfx_add_dirent_to_buf+0x10/0x10
[   69.240654][ T5317]  ? __ext4_read_dirblock+0x486/0x790
[   69.243170][ T5317]  ext4_add_entry+0xbcd/0xe00
[   69.245439][ T5317]  ? __pfx_ext4_add_entry+0x10/0x10
[   69.257719][ T5317]  ext4_add_nondir+0x8d/0x290
[   69.259825][ T5317]  ? ext4_symlink+0x70e/0xc90
[   69.261756][ T5317]  ext4_symlink+0x9b1/0xc90
[   69.263577][ T5317]  ? __pfx_ext4_symlink+0x10/0x10
[   69.265653][ T5317]  ? inode_permission+0xff/0x460
[   69.289493][ T5317]  ? bpf_lsm_inode_symlink+0x9/0x10
[   69.291715][ T5317]  ? security_inode_symlink+0xbe/0x330
[   69.293884][ T5317]  vfs_symlink+0x137/0x2e0
[   69.295650][ T5317]  do_symlinkat+0x222/0x3a0
[   69.325828][ T5317]  ? __pfx_do_symlinkat+0x10/0x10
[   69.328415][ T5317]  ? strncpy_from_user+0x146/0x270
[   69.330704][ T5317]  ? getname_flags+0x1e3/0x540
[   69.332788][ T5317]  __x64_sys_symlink+0x7a/0x90
[   69.334669][ T5317]  do_syscall_64+0xf3/0x230
[   69.356533][ T5317]  ? clear_bhb_loop+0x35/0x90
[   69.358863][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.361691][ T5317] RIP: 0033:0x7fb94438cda9
[   69.363924][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.379603][ T5317] RSP: 002b:00007fb94521d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   69.383915][ T5317] RAX: ffffffffffffffda RBX: 00007fb9445a5fa0 RCX: 00007fb94438cda9
[   69.397150][ T5317] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0
[   69.401505][ T5317] RBP: 00007fb94440e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.408615][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.426790][ T5317] R13: 0000000000000000 R14: 00007fb9445a5fa0 R15: 00007ffe33dbdad8
[   69.431402][ T5317]  </TASK>
[   69.437003][ T5317] Kernel Offset: disabled
[   69.439133][ T5317] Rebooting in 86400 seconds..