EXT4-fs error (device loop0): ext4_do_update_inode:5097: inode #2: comm syz-executor.0: corrupted inode contents
EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz-executor.0: mark_inode_dirty error
BUG: kernel NULL pointer dereference, address: 0000000000000018
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 113079067 P4D 113079067 PUD 1130f5067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 2636 Comm: syz-executor.0 Not tainted 6.5.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
RIP: 0010:utf8nlookup+0xb/0x1e0 fs/unicode/utf8-norm.c:306
Code: 3b 44 24 10 75 12 4c 89 f0 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f2 12 f6 00 66 90 55 53 4d 85 c0 0f 84 d9 00 00 00 <48> 8b 5f 18 89 f0 48 8b 44 c7 08 8b 40 04 48 03 43 30 eb 0f 4c 63
RSP: 0018:ffffc90002a83cc8 EFLAGS: 00010206
RAX: 0000000000000040 RBX: ffffc90002a83d10 RCX: ffff88810bc7e2e0
RDX: ffffc90002a83d4c RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: ffff88810f50d400 R11: 0000000000000000 R12: ffffc90002a83d10
R13: 0000000000000002 R14: ffffc90002a83d4c R15: ffffc90002a83d30
FS:  00007fa68c5656c0(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 00000001130cb000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 utf8byte+0xa9/0x2d0
 utf8_casefold+0xab/0xf0 fs/unicode/utf8-core.c:109
 ext4_fname_setup_ci_filename+0x60/0xe0 fs/ext4/namei.c:1458
 ext4_fname_setup_filename fs/ext4/ext4.h:2755 [inline]
 ext4_fname_prepare_lookup fs/ext4/ext4.h:2765 [inline]
 ext4_lookup_entry fs/ext4/namei.c:1760 [inline]
 ext4_lookup+0x96/0x260 fs/ext4/namei.c:1835
 lookup_one_qstr_excl+0x91/0xd0 fs/namei.c:1605
 filename_create+0xd9/0x1a0 fs/namei.c:3887
 do_mkdirat+0xd0/0x1a0 fs/namei.c:4132
 __do_sys_mkdirat fs/namei.c:4155 [inline]
 __se_sys_mkdirat fs/namei.c:4153 [inline]
 __x64_sys_mkdirat+0x29/0x30 fs/namei.c:4153
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa68b87b5e7
Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa68c564ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 0000000020000300 RCX: 00007fa68b87b5e7
RDX: 00000000000001ff RSI: 0000000020000540 RDI: 00000000ffffff9c
RBP: 00000000200000c0 R08: 00000000000000fd R09: 0000000000000000
R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000020000540
R13: 00007fa68c564f40 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
CR2: 0000000000000018
---[ end trace 0000000000000000 ]---
RIP: 0010:utf8nlookup+0xb/0x1e0 fs/unicode/utf8-norm.c:306
Code: 3b 44 24 10 75 12 4c 89 f0 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f2 12 f6 00 66 90 55 53 4d 85 c0 0f 84 d9 00 00 00 <48> 8b 5f 18 89 f0 48 8b 44 c7 08 8b 40 04 48 03 43 30 eb 0f 4c 63
RSP: 0018:ffffc90002a83cc8 EFLAGS: 00010206
RAX: 0000000000000040 RBX: ffffc90002a83d10 RCX: ffff88810bc7e2e0
RDX: ffffc90002a83d4c RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: ffff88810f50d400 R11: 0000000000000000 R12: ffffc90002a83d10
R13: 0000000000000002 R14: ffffc90002a83d4c R15: ffffc90002a83d30
FS:  00007fa68c5656c0(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 00000001130cb000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	3b 44 24 10          	cmp    0x10(%rsp),%eax
   4:	75 12                	jne    0x18
   6:	4c 89 f0             	mov    %r14,%rax
   9:	48 83 c4 18          	add    $0x18,%rsp
   d:	5b                   	pop    %rbx
   e:	41 5c                	pop    %r12
  10:	41 5d                	pop    %r13
  12:	41 5e                	pop    %r14
  14:	41 5f                	pop    %r15
  16:	5d                   	pop    %rbp
  17:	c3                   	ret
  18:	e8 f2 12 f6 00       	call   0xf6130f
  1d:	66 90                	xchg   %ax,%ax
  1f:	55                   	push   %rbp
  20:	53                   	push   %rbx
  21:	4d 85 c0             	test   %r8,%r8
  24:	0f 84 d9 00 00 00    	je     0x103
* 2a:	48 8b 5f 18          	mov    0x18(%rdi),%rbx <-- trapping instruction
  2e:	89 f0                	mov    %esi,%eax
  30:	48 8b 44 c7 08       	mov    0x8(%rdi,%rax,8),%rax
  35:	8b 40 04             	mov    0x4(%rax),%eax
  38:	48 03 43 30          	add    0x30(%rbx),%rax
  3c:	eb 0f                	jmp    0x4d
  3e:	4c                   	rex.WR
  3f:	63                   	.byte 0x63