L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
==================================================================
BUG: KASAN: use-after-free in ext4_search_dir+0xee/0x1b0 fs/ext4/namei.c:1504
Read of size 1 at addr ffff8881ef69c00a by task syz-executor.2/402

CPU: 0 PID: 402 Comm: syz-executor.2 Not tainted 5.4.268-syzkaller-00001-g8322246edffa #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 ext4_search_dir+0xee/0x1b0 fs/ext4/namei.c:1504
 ext4_find_inline_entry+0x4b6/0x5e0 fs/ext4/inline.c:1698
 __ext4_find_entry+0x2a9/0x1b50 fs/ext4/namei.c:1577
 ext4_lookup_entry fs/ext4/namei.c:1730 [inline]
 ext4_lookup+0x3c6/0xaa0 fs/ext4/namei.c:1798
 __lookup_hash+0x117/0x240 fs/namei.c:1623
 filename_create+0x202/0x750 fs/namei.c:3736
 user_path_create fs/namei.c:3793 [inline]
 do_mkdirat+0xc5/0x2c0 fs/namei.c:3931
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1

Allocated by task 1:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 __kasan_kmalloc+0x171/0x210 mm/kasan/common.c:529
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 __kmalloc_track_caller+0x100/0x2b0 mm/slub.c:4449
 kvasprintf+0xd6/0x180 lib/kasprintf.c:25
 kobject_set_name_vargs+0x5d/0x110 lib/kobject.c:297
 dev_set_name+0xd1/0x120 drivers/base/core.c:2694
 scsi_sysfs_device_initialize+0x187/0x780 drivers/scsi/scsi_sysfs.c:1606
 scsi_alloc_sdev+0x720/0x960 drivers/scsi/scsi_scan.c:283
 scsi_probe_and_add_lun+0x1aa/0x4010 drivers/scsi/scsi_scan.c:1079
 __scsi_scan_target+0x1fb/0xe80 drivers/scsi/scsi_scan.c:1562
 scsi_scan_channel drivers/scsi/scsi_scan.c:1650 [inline]
 scsi_scan_host_selected+0x349/0x620 drivers/scsi/scsi_scan.c:1679
 do_scsi_scan_host drivers/scsi/scsi_scan.c:1818 [inline]
 scsi_scan_host+0x38e/0x660 drivers/scsi/scsi_scan.c:1848
 virtscsi_probe+0x84d/0xb20 drivers/scsi/virtio_scsi.c:905
 virtio_dev_probe+0x899/0xaf0 drivers/virtio/virtio.c:258
 really_probe+0x496/0xb80 drivers/base/dd.c:567
 driver_probe_device+0xe5/0x240 drivers/base/dd.c:752
 device_driver_attach+0x17b/0x280 drivers/base/dd.c:1036
 __driver_attach+0x14a/0x380 drivers/base/dd.c:1125
 bus_for_each_dev+0x17b/0x1f0 drivers/base/bus.c:304
 bus_add_driver+0x2fc/0x530 drivers/base/bus.c:621
 driver_register+0x2bf/0x3a0 drivers/base/driver.c:239
 init+0x61/0x104 drivers/scsi/virtio_scsi.c:999
 do_one_initcall+0x186/0x6d0 init/main.c:1192
 do_initcall_level+0x213/0x41e init/main.c:1259
 do_initcalls+0x49/0x86 init/main.c:1275
 kernel_init_freeable+0x2b9/0x466 init/main.c:1458
 kernel_init+0xd/0x380 init/main.c:1375
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354

Freed by task 1:
 save_stack mm/kasan/common.c:70 [inline]
 set_track mm/kasan/common.c:78 [inline]
 kasan_set_free_info mm/kasan/common.c:345 [inline]
 __kasan_slab_free+0x1b5/0x270 mm/kasan/common.c:487
 slab_free_hook mm/slub.c:1455 [inline]
 slab_free_freelist_hook mm/slub.c:1494 [inline]
 slab_free mm/slub.c:3080 [inline]
 kfree+0x123/0x370 mm/slub.c:4071
 kobject_cleanup lib/kobject.c:722 [inline]
 kobject_release lib/kobject.c:747 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x21a/0x2f0 lib/kobject.c:764
 scsi_probe_and_add_lun+0x330d/0x4010 drivers/scsi/scsi_scan.c:1166
 __scsi_scan_target+0x1fb/0xe80 drivers/scsi/scsi_scan.c:1562
 scsi_scan_channel drivers/scsi/scsi_scan.c:1650 [inline]
 scsi_scan_host_selected+0x349/0x620 drivers/scsi/scsi_scan.c:1679
 do_scsi_scan_host drivers/scsi/scsi_scan.c:1818 [inline]
 scsi_scan_host+0x38e/0x660 drivers/scsi/scsi_scan.c:1848
 virtscsi_probe+0x84d/0xb20 drivers/scsi/virtio_scsi.c:905
 virtio_dev_probe+0x899/0xaf0 drivers/virtio/virtio.c:258
 really_probe+0x496/0xb80 drivers/base/dd.c:567
 driver_probe_device+0xe5/0x240 drivers/base/dd.c:752
 device_driver_attach+0x17b/0x280 drivers/base/dd.c:1036
 __driver_attach+0x14a/0x380 drivers/base/dd.c:1125
 bus_for_each_dev+0x17b/0x1f0 drivers/base/bus.c:304
 bus_add_driver+0x2fc/0x530 drivers/base/bus.c:621
 driver_register+0x2bf/0x3a0 drivers/base/driver.c:239
 init+0x61/0x104 drivers/scsi/virtio_scsi.c:999
 do_one_initcall+0x186/0x6d0 init/main.c:1192
 do_initcall_level+0x213/0x41e init/main.c:1259
 do_initcalls+0x49/0x86 init/main.c:1275
 kernel_init_freeable+0x2b9/0x466 init/main.c:1458
 kernel_init+0xd/0x380 init/main.c:1375
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354

The buggy address belongs to the object at ffff8881ef69c000
 which belongs to the cache kmalloc-16 of size 16
The buggy address is located 10 bytes inside of
 16-byte region [ffff8881ef69c000, ffff8881ef69c010)
The buggy address belongs to the page:
page:ffffea0007bda700 refcount:1 mapcount:0 mapping:ffff8881f5c03680 index:0xffff8881ef69c620
flags: 0x8000000000000200(slab)
raw: 8000000000000200 ffffea0007beb780 0000000200000002 ffff8881f5c03680
raw: ffff8881ef69c620 0000000080800000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4891
 alloc_slab_page+0x39/0x3c0 mm/slub.c:343
 allocate_slab mm/slub.c:1683 [inline]
 new_slab+0x97/0x440 mm/slub.c:1749
 new_slab_objects mm/slub.c:2505 [inline]
 ___slab_alloc+0x2fe/0x490 mm/slub.c:2667
 __slab_alloc+0x62/0xa0 mm/slub.c:2707
 slab_alloc_node mm/slub.c:2792 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 __kmalloc+0x19b/0x2e0 mm/slub.c:3909
 __kmalloc_node include/linux/slab.h:422 [inline]
 kmalloc_array_node include/linux/slab.h:653 [inline]
 blk_mq_alloc_hctx block/blk-mq.c:2500 [inline]
 blk_mq_alloc_and_init_hctx block/blk-mq.c:2896 [inline]
 blk_mq_realloc_hw_ctxs+0x5aa/0x13b0 block/blk-mq.c:2932
 blk_mq_init_allocated_queue+0x52d/0x1990 block/blk-mq.c:3013
 blk_mq_init_queue+0x49/0xa0 block/blk-mq.c:2835
 scsi_mq_alloc_queue+0x40/0x110 drivers/scsi/scsi_lib.c:1881
 scsi_alloc_sdev+0x654/0x960 drivers/scsi/scsi_scan.c:269
 scsi_probe_and_add_lun+0x1aa/0x4010 drivers/scsi/scsi_scan.c:1079
 __scsi_scan_target+0x1fb/0xe80 drivers/scsi/scsi_scan.c:1562
 scsi_scan_channel drivers/scsi/scsi_scan.c:1650 [inline]
 scsi_scan_host_selected+0x349/0x620 drivers/scsi/scsi_scan.c:1679
page_owner free stack trace missing

Memory state around the buggy address:
 ffff8881ef69bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881ef69bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8881ef69c000: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
                      ^
 ffff8881ef69c080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
 ffff8881ef69c100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
==================================================================
EXT4-fs error (device loop2): ext4_find_dest_de:2063: inode #12: block 7: comm syz-executor.2: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=1660078826, rec_len=60141, size=56 fake=0