EXT4-fs error (device loop4): ext4_get_journal_inode:5788: inode #32: comm syz-executor.4: iget: special inode unallocated
EXT4-fs (loop4): no journal found
EXT4-fs (loop4): can't get journal size
==================================================================
BUG: KASAN: slab-out-of-bounds in __ext4_iget+0x26c/0x3390 fs/ext4/inode.c:4716
Read of size 8 at addr ffff00012e8f7f30 by task syz-executor.4/19290

CPU: 1 PID: 19290 Comm: syz-executor.4 Not tainted 6.7.0-rc3-syzkaller-g2cc14f52aeb7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
 show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0x174/0x514 mm/kasan/report.c:475
 kasan_report+0xd8/0x138 mm/kasan/report.c:588
 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381
 __ext4_iget+0x26c/0x3390 fs/ext4/inode.c:4716
 __ext4_fill_super fs/ext4/super.c:5482 [inline]
 ext4_fill_super+0x44a8/0x5818 fs/ext4/super.c:5712
 get_tree_bdev+0x33c/0x4a8 fs/super.c:1598
 ext4_get_tree+0x28/0x38 fs/ext4/super.c:5744
 vfs_get_tree+0x90/0x288 fs/super.c:1771
 do_new_mount+0x25c/0x8c8 fs/namespace.c:3337
 path_mount+0x590/0xe04 fs/namespace.c:3664
 do_mount fs/namespace.c:3677 [inline]
 __do_sys_mount fs/namespace.c:3886 [inline]
 __se_sys_mount fs/namespace.c:3863 [inline]
 __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3863
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595

Allocated by task 6137:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4c/0x7c mm/kasan/common.c:52
 kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:511
 __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x90/0x498 mm/slab.h:763
 slab_alloc_node mm/slub.c:3478 [inline]
 slab_alloc mm/slub.c:3486 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3493 [inline]
 kmem_cache_alloc_lru+0x194/0x394 mm/slub.c:3509
 __d_alloc+0x40/0x6ac fs/dcache.c:1768
 d_alloc+0x54/0x18c fs/dcache.c:1848
 lookup_one_qstr_excl+0xbc/0x230 fs/namei.c:1605
 filename_create+0x230/0x468 fs/namei.c:3876
 do_mkdirat+0xac/0x574 fs/namei.c:4121
 __do_sys_mkdirat fs/namei.c:4144 [inline]
 __se_sys_mkdirat fs/namei.c:4142 [inline]
 __arm64_sys_mkdirat+0x90/0xa8 fs/namei.c:4142
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595

Last potentially related work creation:
 kasan_save_stack+0x40/0x6c mm/kasan/common.c:45
 __kasan_record_aux_stack+0xcc/0xe8 mm/kasan/generic.c:492
 kasan_record_aux_stack_noalloc+0x14/0x20 mm/kasan/generic.c:502
 __call_rcu_common kernel/rcu/tree.c:2681 [inline]
 call_rcu+0x104/0xaf4 kernel/rcu/tree.c:2795
 dentry_free+0xa8/0x174
 __dentry_kill+0x470/0x5e4 fs/dcache.c:621
 dentry_kill+0xc8/0x250
 dput+0x218/0x454 fs/dcache.c:913
 lookup_fast+0x374/0x43c fs/namei.c:1660
 walk_component fs/namei.c:1998 [inline]
 link_path_walk+0x520/0xc5c fs/namei.c:2329
 path_openat+0x1cc/0x2888 fs/namei.c:3775
 do_filp_open+0x1bc/0x3cc fs/namei.c:3809
 do_sys_openat2+0x124/0x1b8 fs/open.c:1440
 do_sys_open fs/open.c:1455 [inline]
 __do_sys_openat fs/open.c:1471 [inline]
 __se_sys_openat fs/open.c:1466 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1466
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595

Second to last potentially related work creation:
 kasan_save_stack+0x40/0x6c mm/kasan/common.c:45
 __kasan_record_aux_stack+0xcc/0xe8 mm/kasan/generic.c:492
 kasan_record_aux_stack_noalloc+0x14/0x20 mm/kasan/generic.c:502
 __call_rcu_common kernel/rcu/tree.c:2681 [inline]
 call_rcu+0x104/0xaf4 kernel/rcu/tree.c:2795
 dentry_free+0xa8/0x174
 __dentry_kill+0x470/0x5e4 fs/dcache.c:621
 dentry_kill+0xc8/0x250
 dput+0x218/0x454 fs/dcache.c:913
 do_renameat2+0x9d0/0xe34 fs/namei.c:4998
 __do_sys_renameat fs/namei.c:5036 [inline]
 __se_sys_renameat fs/namei.c:5033 [inline]
 __arm64_sys_renameat+0xc8/0xe4 fs/namei.c:5033
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595

The buggy address belongs to the object at ffff00012e8f7d60
 which belongs to the cache dentry of size 312
The buggy address is located 152 bytes to the right of
 allocated 312-byte region [ffff00012e8f7d60, ffff00012e8f7e98)

The buggy address belongs to the physical page:
page:00000000406c3e01 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16e8f6
head:00000000406c3e01 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:ffff0000d0f3f601
anon flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 05ffc00000000840 ffff0000c1864a00 0000000000000000 dead000000000001
raw: 0000000000000000 0000000000150015 00000001ffffffff ffff0000d0f3f601
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff00012e8f7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff00012e8f7e80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff00012e8f7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                     ^
 ffff00012e8f7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff00012e8f8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
EXT4-fs (loop4): corrupt root inode, run e2fsck
EXT4-fs (loop4): mount failed