Warning: Permanently added '10.128.1.80' (ED25519) to the list of known hosts.
executing program
[   51.558980][ T5027] syz-executor734[5027]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   51.581228][ T5027] loop0: detected capacity change from 0 to 2048
[   51.606973][ T5027] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.630408][ T5027] ==================================================================
[   51.638761][ T5027] BUG: KASAN: slab-use-after-free in ext4_convert_inline_data_nolock+0x31a/0xd80
[   51.648046][ T5027] Read of size 20 at addr ffff8880254ad1a3 by task syz-executor734/5027
[   51.656453][ T5027] 
[   51.658760][ T5027] CPU: 1 PID: 5027 Comm: syz-executor734 Not tainted 6.5.0-syzkaller-11704-g3f86ed6ec0b3 #0
[   51.668990][ T5027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[   51.679128][ T5027] Call Trace:
[   51.682395][ T5027]  <TASK>
[   51.685313][ T5027]  dump_stack_lvl+0x1e7/0x2d0
[   51.689976][ T5027]  ? irq_work_queue+0xca/0x150
[   51.694725][ T5027]  ? nf_tcp_handle_invalid+0x650/0x650
[   51.700169][ T5027]  ? panic+0x770/0x770
[   51.704230][ T5027]  ? _printk+0xd5/0x120
[   51.708385][ T5027]  print_report+0x163/0x540
[   51.712872][ T5027]  ? __virt_addr_valid+0x22f/0x2e0
[   51.717966][ T5027]  ? __phys_addr+0xba/0x170
[   51.722457][ T5027]  ? ext4_convert_inline_data_nolock+0x31a/0xd80
[   51.728803][ T5027]  kasan_report+0x175/0x1b0
[   51.733312][ T5027]  ? ext4_convert_inline_data_nolock+0x31a/0xd80
[   51.739640][ T5027]  kasan_check_range+0x27e/0x290
[   51.744757][ T5027]  ? ext4_convert_inline_data_nolock+0x31a/0xd80
[   51.751161][ T5027]  __asan_memcpy+0x29/0x70
[   51.755599][ T5027]  ext4_convert_inline_data_nolock+0x31a/0xd80
[   51.761847][ T5027]  ? read_lock_is_recursive+0x20/0x20
[   51.767218][ T5027]  ? __down_write_common+0x161/0x200
[   51.772505][ T5027]  ? ext4_add_dirent_to_inline+0x4c0/0x4c0
[   51.778305][ T5027]  ? ext4_journal_check_start+0x175/0x240
[   51.784022][ T5027]  ? __ext4_journal_start_sb+0x26b/0x5a0
[   51.789674][ T5027]  ext4_convert_inline_data+0x4da/0x620
[   51.795330][ T5027]  ? ext4_inline_data_truncate+0xcc0/0xcc0
[   51.801228][ T5027]  ? lock_acquire+0xe3/0x520
[   51.805820][ T5027]  ext4_fallocate+0x14f/0x1f50
[   51.810580][ T5027]  ? restore_fpregs_from_fpstate+0x100/0x250
[   51.816557][ T5027]  ? memalloc_retry_wait+0xb0/0xb0
[   51.821662][ T5027]  ? preempt_count_add+0x93/0x180
[   51.826691][ T5027]  vfs_fallocate+0x551/0x6b0
[   51.831274][ T5027]  __x64_sys_fallocate+0xbd/0x100
[   51.836289][ T5027]  do_syscall_64+0x41/0xc0
[   51.840705][ T5027]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.846594][ T5027] RIP: 0033:0x7fd7f56f7ed9
[   51.850999][ T5027] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   51.870954][ T5027] RSP: 002b:00007ffc2daf53c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[   51.879470][ T5027] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd7f56f7ed9
[   51.887527][ T5027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   51.895751][ T5027] RBP: 00007fd7f576c5f0 R08: 00005555565c34c0 R09: 00005555565c34c0
[   51.903716][ T5027] R10: 0000000000008000 R11: 0000000000000246 R12: 00007ffc2daf53f0
[   51.911676][ T5027] R13: 00007ffc2daf5618 R14: 431bde82d7b634db R15: 00007fd7f574103b
[   51.919648][ T5027]  </TASK>
[   51.922655][ T5027] 
[   51.925051][ T5027] Allocated by task 4921:
[   51.929365][ T5027]  kasan_set_track+0x4f/0x70
[   51.933948][ T5027]  __kasan_slab_alloc+0x66/0x70
[   51.938786][ T5027]  slab_post_alloc_hook+0x6c/0x3b0
[   51.943888][ T5027]  kmem_cache_alloc+0x123/0x300
[   51.948732][ T5027]  vm_area_dup+0x27/0x280
[   51.953047][ T5027]  copy_mm+0xcea/0x1f10
[   51.957195][ T5027]  copy_process+0x1a0f/0x4290
[   51.962032][ T5027]  kernel_clone+0x22d/0x7b0
[   51.966696][ T5027]  __x64_sys_clone+0x258/0x2a0
[   51.971455][ T5027]  do_syscall_64+0x41/0xc0
[   51.975863][ T5027]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.981744][ T5027] 
[   51.984053][ T5027] Freed by task 4922:
[   51.988017][ T5027]  kasan_set_track+0x4f/0x70
[   51.992593][ T5027]  kasan_save_free_info+0x28/0x40
[   51.997609][ T5027]  ____kasan_slab_free+0xd6/0x120
[   52.002617][ T5027]  kmem_cache_free+0x292/0x500
[   52.007370][ T5027]  exit_mmap+0x6bf/0xc50
[   52.011686][ T5027]  __mmput+0x115/0x3c0
[   52.015739][ T5027]  exec_mmap+0x669/0x700
[   52.019973][ T5027]  begin_new_exec+0x66e/0xf20
[   52.024639][ T5027]  load_elf_binary+0x95d/0x2760
[   52.029481][ T5027]  bprm_execve+0x90e/0x1740
[   52.033979][ T5027]  do_execveat_common+0x580/0x720
[   52.038992][ T5027]  __x64_sys_execve+0x92/0xa0
[   52.043660][ T5027]  do_syscall_64+0x41/0xc0
[   52.048064][ T5027]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.053946][ T5027] 
[   52.056259][ T5027] The buggy address belongs to the object at ffff8880254ad100
[   52.056259][ T5027]  which belongs to the cache vm_area_struct of size 192
[   52.070560][ T5027] The buggy address is located 163 bytes inside of
[   52.070560][ T5027]  freed 192-byte region [ffff8880254ad100, ffff8880254ad1c0)
[   52.084433][ T5027] 
[   52.086748][ T5027] The buggy address belongs to the physical page:
[   52.093142][ T5027] page:ffffea0000952b40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x254ad
[   52.103279][ T5027] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[   52.110804][ T5027] page_type: 0xffffffff()
[   52.115121][ T5027] raw: 00fff00000000800 ffff888014a49b40 dead000000000122 0000000000000000
[   52.123690][ T5027] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   52.132252][ T5027] page dumped because: kasan: bad access detected
[   52.138730][ T5027] page_owner tracks the page as allocated
[   52.144429][ T5027] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 4921, tgid 4921 (dhcpcd-run-hook), ts 40881524433, free_ts 40360263174
[   52.163004][ T5027]  post_alloc_hook+0x1e6/0x210
[   52.167766][ T5027]  get_page_from_freelist+0x31ec/0x3370
[   52.173302][ T5027]  __alloc_pages+0x255/0x670
[   52.177902][ T5027]  alloc_slab_page+0x6a/0x160
[   52.182571][ T5027]  new_slab+0x84/0x2f0
[   52.186634][ T5027]  ___slab_alloc+0xade/0x1100
[   52.191298][ T5027]  kmem_cache_alloc+0x1bf/0x300
[   52.196154][ T5027]  vm_area_dup+0x27/0x280
[   52.200490][ T5027]  copy_mm+0xcea/0x1f10
[   52.204642][ T5027]  copy_process+0x1a0f/0x4290
[   52.209312][ T5027]  kernel_clone+0x22d/0x7b0
[   52.213804][ T5027]  __x64_sys_clone+0x258/0x2a0
[   52.218555][ T5027]  do_syscall_64+0x41/0xc0
[   52.222958][ T5027]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.228842][ T5027] page last free stack trace:
[   52.233496][ T5027]  free_unref_page_prepare+0x8c3/0x9f0
[   52.238949][ T5027]  free_unref_page_list+0x596/0x830
[   52.244229][ T5027]  release_pages+0x2113/0x23f0
[   52.249013][ T5027]  tlb_flush_mmu+0x34c/0x4e0
[   52.254133][ T5027]  tlb_finish_mmu+0xd4/0x1f0
[   52.258813][ T5027]  exit_mmap+0x4d3/0xc50
[   52.263144][ T5027]  __mmput+0x115/0x3c0
[   52.267221][ T5027]  exit_mm+0x21f/0x300
[   52.271325][ T5027]  do_exit+0x612/0x2290
[   52.275475][ T5027]  do_group_exit+0x206/0x2c0
[   52.280053][ T5027]  __x64_sys_exit_group+0x3f/0x40
[   52.285159][ T5027]  do_syscall_64+0x41/0xc0
[   52.289659][ T5027]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.295542][ T5027] 
[   52.297851][ T5027] Memory state around the buggy address:
[   52.303463][ T5027]  ffff8880254ad080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   52.311511][ T5027]  ffff8880254ad100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.319557][ T5027] >ffff8880254ad180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   52.327603][ T5027]                                ^
[   52.332696][ T5027]  ffff8880254ad200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.340743][ T5027]  ffff8880254ad280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   52.348789][ T5027] ==================================================================
[   52.357270][ T5027] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   52.364652][ T5027] CPU: 0 PID: 5027 Comm: syz-executor734 Not tainted 6.5.0-syzkaller-11704-g3f86ed6ec0b3 #0
[   52.374890][ T5027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[   52.385638][ T5027] Call Trace:
[   52.388919][ T5027]  <TASK>
[   52.391840][ T5027]  dump_stack_lvl+0x1e7/0x2d0
[   52.396514][ T5027]  ? nf_tcp_handle_invalid+0x650/0x650
[   52.401967][ T5027]  ? panic+0x770/0x770
[   52.406030][ T5027]  ? preempt_schedule_common+0x83/0xc0
[   52.411484][ T5027]  ? vscnprintf+0x5d/0x80
[   52.415802][ T5027]  panic+0x30f/0x770
[   52.419692][ T5027]  ? check_panic_on_warn+0x21/0xa0
[   52.424795][ T5027]  ? __memcpy_flushcache+0x2b0/0x2b0
[   52.430076][ T5027]  ? _raw_spin_unlock_irqrestore+0x12c/0x140
[   52.436058][ T5027]  ? _raw_spin_unlock+0x40/0x40
[   52.440903][ T5027]  ? print_report+0x4fb/0x540
[   52.445574][ T5027]  check_panic_on_warn+0x82/0xa0
[   52.450524][ T5027]  ? ext4_convert_inline_data_nolock+0x31a/0xd80
[   52.456937][ T5027]  end_report+0x6e/0x130
[   52.461210][ T5027]  kasan_report+0x186/0x1b0
[   52.465707][ T5027]  ? ext4_convert_inline_data_nolock+0x31a/0xd80
[   52.472030][ T5027]  kasan_check_range+0x27e/0x290
[   52.476954][ T5027]  ? ext4_convert_inline_data_nolock+0x31a/0xd80
[   52.483274][ T5027]  __asan_memcpy+0x29/0x70
[   52.487706][ T5027]  ext4_convert_inline_data_nolock+0x31a/0xd80
[   52.493951][ T5027]  ? read_lock_is_recursive+0x20/0x20
[   52.499345][ T5027]  ? __down_write_common+0x161/0x200
[   52.504631][ T5027]  ? ext4_add_dirent_to_inline+0x4c0/0x4c0
[   52.510432][ T5027]  ? ext4_journal_check_start+0x175/0x240
[   52.516201][ T5027]  ? __ext4_journal_start_sb+0x26b/0x5a0
[   52.521833][ T5027]  ext4_convert_inline_data+0x4da/0x620
[   52.527479][ T5027]  ? ext4_inline_data_truncate+0xcc0/0xcc0
[   52.533365][ T5027]  ? lock_acquire+0xe3/0x520
[   52.537950][ T5027]  ext4_fallocate+0x14f/0x1f50
[   52.542707][ T5027]  ? restore_fpregs_from_fpstate+0x100/0x250
[   52.548705][ T5027]  ? memalloc_retry_wait+0xb0/0xb0
[   52.553805][ T5027]  ? preempt_count_add+0x93/0x180
[   52.558839][ T5027]  vfs_fallocate+0x551/0x6b0
[   52.563441][ T5027]  __x64_sys_fallocate+0xbd/0x100
[   52.568474][ T5027]  do_syscall_64+0x41/0xc0
[   52.572886][ T5027]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.578782][ T5027] RIP: 0033:0x7fd7f56f7ed9
[   52.583190][ T5027] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   52.602803][ T5027] RSP: 002b:00007ffc2daf53c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[   52.611212][ T5027] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd7f56f7ed9
[   52.621347][ T5027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   52.629346][ T5027] RBP: 00007fd7f576c5f0 R08: 00005555565c34c0 R09: 00005555565c34c0
[   52.637311][ T5027] R10: 0000000000008000 R11: 0000000000000246 R12: 00007ffc2daf53f0
[   52.645269][ T5027] R13: 00007ffc2daf5618 R14: 431bde82d7b634db R15: 00007fd7f574103b
[   52.653601][ T5027]  </TASK>
[   52.656724][ T5027] Kernel Offset: disabled
[   52.661048][ T5027] Rebooting in 86400 seconds..