Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   55.971777][ T3498] loop0: detected capacity change from 0 to 512
[   55.982530][ T3498] EXT4-fs (loop0): Ignoring removed bh option
[   55.989712][ T3498] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   56.005691][ T3498] EXT4-fs (loop0): 1 truncate cleaned up
[   56.011349][ T3498] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[   56.081574][ T3498] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor168: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
executing program
[   56.253721][ T3503] loop0: detected capacity change from 0 to 512
[   56.262393][ T3503] EXT4-fs (loop0): Ignoring removed bh option
[   56.268889][ T3503] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   56.280615][ T3503] EXT4-fs (loop0): 1 truncate cleaned up
[   56.286553][ T3503] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[   56.357610][ T3503] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor168: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
executing program
[   56.490187][ T3505] loop0: detected capacity change from 0 to 512
[   56.500293][ T3505] EXT4-fs (loop0): Ignoring removed bh option
[   56.506648][ T3505] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   56.518093][ T3505] EXT4-fs (loop0): 1 truncate cleaned up
[   56.524153][ T3505] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[   56.591709][ T3505] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor168: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
executing program
[   56.708395][ T3507] loop0: detected capacity change from 0 to 512
[   56.717777][ T3507] EXT4-fs (loop0): Ignoring removed bh option
[   56.724269][ T3507] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   56.735511][ T3507] EXT4-fs (loop0): 1 truncate cleaned up
[   56.741218][ T3507] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[   56.807124][ T3507] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor168: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
executing program
[   56.918355][ T3509] loop0: detected capacity change from 0 to 512
[   56.927240][ T3509] EXT4-fs (loop0): Ignoring removed bh option
[   56.933603][ T3509] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   56.946109][ T3509] EXT4-fs (loop0): 1 truncate cleaned up
[   56.951779][ T3509] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[   57.018611][ T3509] ==================================================================
[   57.027002][ T3509] BUG: KASAN: use-after-free in ext4_search_dir+0xee/0x1b0
[   57.034257][ T3509] Read of size 1 at addr ffff888070d8f3ed by task syz-executor168/3509
[   57.042500][ T3509] 
[   57.044828][ T3509] CPU: 0 PID: 3509 Comm: syz-executor168 Not tainted 5.15.117-syzkaller #0
[   57.053681][ T3509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   57.063958][ T3509] Call Trace:
[   57.067249][ T3509]  <TASK>
[   57.070181][ T3509]  dump_stack_lvl+0x1e3/0x2cb
[   57.074881][ T3509]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   57.080609][ T3509]  ? _printk+0xd1/0x111
[   57.084791][ T3509]  ? __wake_up_klogd+0xcc/0x100
[   57.089750][ T3509]  ? panic+0x84d/0x84d
[   57.093903][ T3509]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   57.099397][ T3509]  print_address_description+0x63/0x3b0
[   57.104960][ T3509]  ? ext4_search_dir+0xee/0x1b0
[   57.109944][ T3509]  kasan_report+0x16b/0x1c0
[   57.114491][ T3509]  ? ext4_search_dir+0xee/0x1b0
[   57.119360][ T3509]  ext4_search_dir+0xee/0x1b0
[   57.124042][ T3509]  ext4_find_inline_entry+0x4b6/0x5e0
[   57.129429][ T3509]  ? ext4_try_create_inline_dir+0x320/0x320
[   57.135417][ T3509]  __ext4_find_entry+0x2b0/0x1b20
[   57.140545][ T3509]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   57.146004][ T3509]  ? ext4_ci_compare+0x660/0x660
[   57.150951][ T3509]  ? ext4_lookup+0x365/0xaa0
[   57.155550][ T3509]  ext4_lookup+0x3c6/0xaa0
[   57.159966][ T3509]  ? ext4_add_entry+0x12b0/0x12b0
[   57.164989][ T3509]  ? apparmor_path_mknod+0x223/0x2d0
[   57.170269][ T3509]  ? from_kgid+0x1a3/0x730
[   57.174688][ T3509]  ? generic_permission+0x21c/0x4f0
[   57.179983][ T3509]  ? inode_permission+0xf7/0x450
[   57.184933][ T3509]  ? bpf_lsm_inode_create+0x5/0x10
[   57.190042][ T3509]  ? security_inode_create+0xb4/0x100
[   57.195423][ T3509]  ? ext4_add_entry+0x12b0/0x12b0
[   57.200752][ T3509]  path_openat+0x110e/0x2f20
[   57.205371][ T3509]  ? do_filp_open+0x460/0x460
[   57.210166][ T3509]  do_filp_open+0x21c/0x460
[   57.214713][ T3509]  ? vfs_tmpfile+0x2e0/0x2e0
[   57.219335][ T3509]  ? _raw_spin_unlock+0x24/0x40
[   57.224180][ T3509]  ? alloc_fd+0x594/0x630
[   57.228519][ T3509]  do_sys_openat2+0x13b/0x500
[   57.233201][ T3509]  ? rcu_lock_acquire+0x30/0x30
[   57.238051][ T3509]  ? do_sys_open+0x220/0x220
[   57.242645][ T3509]  __x64_sys_open+0x221/0x270
[   57.247320][ T3509]  ? do_sys_openat2+0x500/0x500
[   57.252168][ T3509]  ? syscall_enter_from_user_mode+0x2e/0x230
[   57.258231][ T3509]  ? lockdep_hardirqs_on+0x94/0x130
[   57.263429][ T3509]  ? syscall_enter_from_user_mode+0x2e/0x230
[   57.269417][ T3509]  do_syscall_64+0x3d/0xb0
[   57.273834][ T3509]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   57.279813][ T3509] RIP: 0033:0x7f5fc9455cf9
[   57.284225][ T3509] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.303830][ T3509] RSP: 002b:00007fff59a4b7e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   57.312264][ T3509] RAX: ffffffffffffffda RBX: 000000000000dd5c RCX: 00007f5fc9455cf9
[   57.320235][ T3509] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[   57.328211][ T3509] RBP: 0000000000000000 R08: 000000000001f210 R09: 00000000200012c0
[   57.336179][ T3509] R10: 00007f5fb8c48000 R11: 0000000000000246 R12: 00007fff59a4b81c
[   57.344171][ T3509] R13: 00007fff59a4b850 R14: 00007fff59a4b830 R15: 0000000000000004
[   57.352153][ T3509]  </TASK>
[   57.355167][ T3509] 
[   57.357481][ T3509] The buggy address belongs to the page:
[   57.363103][ T3509] page:ffffea0001c363c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x70d8f
[   57.373262][ T3509] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   57.380374][ T3509] raw: 00fff00000000000 ffffea0001c36408 ffffea0001c36388 0000000000000000
[   57.388950][ T3509] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   57.397522][ T3509] page dumped because: kasan: bad access detected
[   57.403922][ T3509] page_owner tracks the page as freed
[   57.409277][ T3509] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 3507, ts 56768897628, free_ts 56796369712
[   57.424810][ T3509]  get_page_from_freelist+0x322a/0x33c0
[   57.430358][ T3509]  __alloc_pages+0x272/0x700
[   57.434944][ T3509]  alloc_pages_vma+0x39a/0x800
[   57.439702][ T3509]  handle_mm_fault+0x2f49/0x5950
[   57.444639][ T3509]  exc_page_fault+0x271/0x740
[   57.449319][ T3509]  asm_exc_page_fault+0x22/0x30
[   57.454177][ T3509] page last free stack trace:
[   57.458839][ T3509]  free_unref_page_prepare+0xc34/0xcf0
[   57.464297][ T3509]  free_unref_page_list+0x1f7/0x8e0
[   57.469492][ T3509]  release_pages+0x1bb9/0x1f40
[   57.474247][ T3509]  tlb_finish_mmu+0x177/0x320
[   57.478921][ T3509]  unmap_region+0x304/0x350
[   57.483416][ T3509]  __do_munmap+0x12db/0x1740
[   57.488002][ T3509]  __vm_munmap+0x134/0x230
[   57.492411][ T3509]  __x64_sys_munmap+0x67/0x70
[   57.497084][ T3509]  do_syscall_64+0x3d/0xb0
[   57.501491][ T3509]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   57.507398][ T3509] 
[   57.509713][ T3509] Memory state around the buggy address:
[   57.515334][ T3509]  ffff888070d8f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.523386][ T3509]  ffff888070d8f300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.531436][ T3509] >ffff888070d8f380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.539484][ T3509]                                                           ^
[   57.546933][ T3509]  ffff888070d8f400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.555007][ T3509]  ffff888070d8f480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.563064][ T3509] ==================================================================
[   57.571130][ T3509] Disabling lock debugging due to kernel taint
[   57.579064][ T3509] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   57.586280][ T3509] CPU: 0 PID: 3509 Comm: syz-executor168 Tainted: G    B             5.15.117-syzkaller #0
[   57.596263][ T3509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   57.606325][ T3509] Call Trace:
[   57.609596][ T3509]  <TASK>
[   57.612517][ T3509]  dump_stack_lvl+0x1e3/0x2cb
[   57.617197][ T3509]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   57.622940][ T3509]  ? panic+0x84d/0x84d
[   57.627115][ T3509]  ? preempt_schedule_common+0xa6/0xd0
[   57.632582][ T3509]  ? preempt_schedule+0xd9/0xe0
[   57.637436][ T3509]  panic+0x318/0x84d
[   57.641328][ T3509]  ? check_panic_on_warn+0x1d/0xa0
[   57.646440][ T3509]  ? fb_is_primary_device+0xcc/0xcc
[   57.651651][ T3509]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   57.657633][ T3509]  ? _raw_spin_unlock+0x40/0x40
[   57.662478][ T3509]  ? print_memory_metadata+0xe2/0x140
[   57.667850][ T3509]  check_panic_on_warn+0x7e/0xa0
[   57.672793][ T3509]  ? ext4_search_dir+0xee/0x1b0
[   57.677652][ T3509]  end_report+0x6d/0xf0
[   57.681802][ T3509]  kasan_report+0x18e/0x1c0
[   57.686297][ T3509]  ? ext4_search_dir+0xee/0x1b0
[   57.691143][ T3509]  ext4_search_dir+0xee/0x1b0
[   57.695817][ T3509]  ext4_find_inline_entry+0x4b6/0x5e0
[   57.701196][ T3509]  ? ext4_try_create_inline_dir+0x320/0x320
[   57.707084][ T3509]  __ext4_find_entry+0x2b0/0x1b20
[   57.712110][ T3509]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   57.717570][ T3509]  ? ext4_ci_compare+0x660/0x660
[   57.722504][ T3509]  ? ext4_lookup+0x365/0xaa0
[   57.727087][ T3509]  ext4_lookup+0x3c6/0xaa0
[   57.731498][ T3509]  ? ext4_add_entry+0x12b0/0x12b0
[   57.736520][ T3509]  ? apparmor_path_mknod+0x223/0x2d0
[   57.741802][ T3509]  ? from_kgid+0x1a3/0x730
[   57.746213][ T3509]  ? generic_permission+0x21c/0x4f0
[   57.751411][ T3509]  ? inode_permission+0xf7/0x450
[   57.756351][ T3509]  ? bpf_lsm_inode_create+0x5/0x10
[   57.761462][ T3509]  ? security_inode_create+0xb4/0x100
[   57.766887][ T3509]  ? ext4_add_entry+0x12b0/0x12b0
[   57.771934][ T3509]  path_openat+0x110e/0x2f20
[   57.776551][ T3509]  ? do_filp_open+0x460/0x460
[   57.781244][ T3509]  do_filp_open+0x21c/0x460
[   57.785763][ T3509]  ? vfs_tmpfile+0x2e0/0x2e0
[   57.790357][ T3509]  ? _raw_spin_unlock+0x24/0x40
[   57.795203][ T3509]  ? alloc_fd+0x594/0x630
[   57.799542][ T3509]  do_sys_openat2+0x13b/0x500
[   57.804213][ T3509]  ? rcu_lock_acquire+0x30/0x30
[   57.809082][ T3509]  ? do_sys_open+0x220/0x220
[   57.813671][ T3509]  __x64_sys_open+0x221/0x270
[   57.818435][ T3509]  ? do_sys_openat2+0x500/0x500
[   57.823279][ T3509]  ? syscall_enter_from_user_mode+0x2e/0x230
[   57.829255][ T3509]  ? lockdep_hardirqs_on+0x94/0x130
[   57.834456][ T3509]  ? syscall_enter_from_user_mode+0x2e/0x230
[   57.840434][ T3509]  do_syscall_64+0x3d/0xb0
[   57.844843][ T3509]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   57.850731][ T3509] RIP: 0033:0x7f5fc9455cf9
[   57.855139][ T3509] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.874735][ T3509] RSP: 002b:00007fff59a4b7e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   57.883144][ T3509] RAX: ffffffffffffffda RBX: 000000000000dd5c RCX: 00007f5fc9455cf9
[   57.891110][ T3509] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[   57.899072][ T3509] RBP: 0000000000000000 R08: 000000000001f210 R09: 00000000200012c0
[   57.907032][ T3509] R10: 00007f5fb8c48000 R11: 0000000000000246 R12: 00007fff59a4b81c
[   57.914997][ T3509] R13: 00007fff59a4b850 R14: 00007fff59a4b830 R15: 0000000000000004
[   57.922976][ T3509]  </TASK>
[   57.926262][ T3509] Kernel Offset: disabled
[   57.930698][ T3509] Rebooting in 86400 seconds..