Warning: Permanently added '10.128.1.162' (ED25519) to the list of known hosts.
Setting up swapspace version 1, size = 127995904 bytes
[   54.818316][ T3563] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   54.907224][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.922797][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.932780][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   54.943581][  T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
executing program
[   54.951727][  T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.960393][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   54.990503][ T3569] loop0: detected capacity change from 0 to 512
[   55.080802][ T3569] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[   55.090286][ T3569] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor550: invalid indirect mapped block 8 (level 2)
[   55.105466][ T3569] EXT4-fs (loop0): Remounting filesystem read-only
[   55.112635][ T3569] EXT4-fs (loop0): 1 truncate cleaned up
[   55.118288][ T3569] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_batch_time=0x0000000000008001,errors=continue,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.smackfsfloor=ext4. Quota mode: writeback.
[   55.149657][ T3569] ==================================================================
[   55.157921][ T3569] BUG: KASAN: use-after-free in ext4_search_dir+0xee/0x1b0
[   55.165428][ T3569] Read of size 1 at addr ffff888069487595 by task syz-executor550/3569
[   55.173663][ T3569] 
[   55.175985][ T3569] CPU: 1 PID: 3569 Comm: syz-executor550 Not tainted 5.15.167-syzkaller #0
[   55.184559][ T3569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   55.194615][ T3569] Call Trace:
[   55.197974][ T3569]  <TASK>
[   55.201069][ T3569]  dump_stack_lvl+0x1e3/0x2d0
[   55.205741][ T3569]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   55.211362][ T3569]  ? _printk+0xd1/0x120
[   55.215514][ T3569]  ? __wake_up_klogd+0xcc/0x100
[   55.220455][ T3569]  ? panic+0x860/0x860
[   55.224516][ T3569]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   55.229979][ T3569]  print_address_description+0x63/0x3b0
[   55.235535][ T3569]  ? ext4_search_dir+0xee/0x1b0
[   55.240380][ T3569]  kasan_report+0x16b/0x1c0
[   55.244871][ T3569]  ? ext4_search_dir+0xee/0x1b0
[   55.249731][ T3569]  ext4_search_dir+0xee/0x1b0
[   55.254421][ T3569]  ext4_find_inline_entry+0x4b6/0x5e0
[   55.259810][ T3569]  ? ext4_try_create_inline_dir+0x320/0x320
[   55.265739][ T3569]  ? reacquire_held_locks+0x660/0x660
[   55.271135][ T3569]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   55.277022][ T3569]  ? _raw_spin_unlock+0x40/0x40
[   55.281867][ T3569]  __ext4_find_entry+0x2b0/0x1b20
[   55.286909][ T3569]  ? ____kasan_kmalloc+0xba/0xf0
[   55.291838][ T3569]  ? ext4_ci_compare+0x660/0x660
[   55.296858][ T3569]  ? mark_lock+0x98/0x340
[   55.301204][ T3569]  ? __lock_acquire+0x1295/0x1ff0
[   55.306223][ T3569]  ? ext4_lookup+0x365/0xaa0
[   55.310806][ T3569]  ext4_lookup+0x3c6/0xaa0
[   55.315239][ T3569]  ? ext4_add_entry+0x12b0/0x12b0
[   55.320257][ T3569]  ? do_raw_spin_lock+0x14a/0x370
[   55.325283][ T3569]  ? _raw_spin_unlock+0x24/0x40
[   55.330125][ T3569]  ? d_alloc+0x194/0x1d0
[   55.334361][ T3569]  lookup_one_qstr_excl+0x117/0x240
[   55.339552][ T3569]  filename_create+0x293/0x530
[   55.344321][ T3569]  ? kern_path_create+0x180/0x180
[   55.349338][ T3569]  ? __virt_addr_valid+0x3bb/0x460
[   55.354444][ T3569]  do_mkdirat+0xb3/0x520
[   55.358673][ T3569]  ? vfs_mkdir+0x590/0x590
[   55.363076][ T3569]  ? getname_flags+0x1ec/0x4e0
[   55.367833][ T3569]  __x64_sys_mkdirat+0x85/0x90
[   55.372587][ T3569]  do_syscall_64+0x3b/0xb0
[   55.376994][ T3569]  ? clear_bhb_loop+0x15/0x70
[   55.381660][ T3569]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   55.387548][ T3569] RIP: 0033:0x7fe49710d649
[   55.391984][ T3569] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   55.411669][ T3569] RSP: 002b:00007fffa692cab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   55.420076][ T3569] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe49710d649
[   55.428151][ T3569] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000007
[   55.436198][ T3569] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000003
[   55.444157][ T3569] R10: 00000000000001be R11: 0000000000000246 R12: 00007fe497151218
[   55.452147][ T3569] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007fffa692cb30
[   55.460145][ T3569]  </TASK>
[   55.463152][ T3569] 
[   55.465458][ T3569] The buggy address belongs to the page:
[   55.471082][ T3569] page:ffffea0001a521c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x69487
[   55.481218][ T3569] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   55.488325][ T3569] raw: 00fff00000000000 ffffea0001a52208 ffffea0001a52188 0000000000000000
[   55.496899][ T3569] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   55.505490][ T3569] page dumped because: kasan: bad access detected
[   55.511893][ T3569] page_owner tracks the page as freed
[   55.517261][ T3569] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, ts 14737508478, free_ts 15896594613
[   55.530551][ T3569]  split_map_pages+0x246/0x510
[   55.535329][ T3569]  isolate_freepages_range+0x47c/0x4e0
[   55.540804][ T3569]  alloc_contig_range+0xc2b/0xf90
[   55.545817][ T3569]  alloc_contig_pages+0x3ea/0x4e0
[   55.550828][ T3569]  debug_vm_pgtable_alloc_huge_page+0xb9/0x110
[   55.556979][ T3569]  init_args+0xc62/0xf50
[   55.561208][ T3569]  debug_vm_pgtable+0xaa/0x470
[   55.565958][ T3569]  do_one_initcall+0x22b/0x7a0
[   55.570712][ T3569]  do_initcall_level+0x157/0x210
[   55.575635][ T3569]  do_initcalls+0x49/0x90
[   55.579960][ T3569]  kernel_init_freeable+0x425/0x5c0
[   55.585154][ T3569]  kernel_init+0x19/0x290
[   55.589477][ T3569]  ret_from_fork+0x1f/0x30
[   55.593896][ T3569] page last free stack trace:
[   55.598662][ T3569]  free_unref_page_prepare+0xc34/0xcf0
[   55.604129][ T3569]  free_unref_page+0x95/0x2d0
[   55.608806][ T3569]  free_contig_range+0x95/0xf0
[   55.613678][ T3569]  destroy_args+0xfe/0x980
[   55.618091][ T3569]  debug_vm_pgtable+0x40d/0x470
[   55.622930][ T3569]  do_one_initcall+0x22b/0x7a0
[   55.627687][ T3569]  do_initcall_level+0x157/0x210
[   55.632617][ T3569]  do_initcalls+0x49/0x90
[   55.636937][ T3569]  kernel_init_freeable+0x425/0x5c0
[   55.642126][ T3569]  kernel_init+0x19/0x290
[   55.646473][ T3569]  ret_from_fork+0x1f/0x30
[   55.650887][ T3569] 
[   55.653198][ T3569] Memory state around the buggy address:
[   55.658828][ T3569]  ffff888069487480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.666910][ T3569]  ffff888069487500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.674965][ T3569] >ffff888069487580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.683034][ T3569]                          ^
[   55.687609][ T3569]  ffff888069487600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.695661][ T3569]  ffff888069487680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.703712][ T3569] ==================================================================
[   55.711758][ T3569] Disabling lock debugging due to kernel taint
[   55.718280][ T3571] EXT4-fs error (device loop0): ext4_validate_block_bitmap:420: comm ext4lazyinit: bg 0: bad block bitmap checksum
[   55.718564][ T3569] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   55.737541][ T3569] CPU: 0 PID: 3569 Comm: syz-executor550 Tainted: G    B             5.15.167-syzkaller #0
[   55.738493][ T3571] EXT4-fs (loop0): Remounting filesystem read-only
[   55.747526][ T3569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   55.747539][ T3569] Call Trace:
[   55.747545][ T3569]  <TASK>
[   55.747553][ T3569]  dump_stack_lvl+0x1e3/0x2d0
[   55.747580][ T3569]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   55.747602][ T3569]  ? panic+0x860/0x860
[   55.747625][ T3569]  ? preempt_schedule_common+0xa6/0xd0
[   55.747647][ T3569]  ? preempt_schedule+0xd9/0xe0
[   55.747669][ T3569]  panic+0x318/0x860
[   55.747691][ T3569]  ? check_panic_on_warn+0x1d/0xa0
[   55.747715][ T3569]  ? fb_is_primary_device+0xd0/0xd0
[   55.809099][ T3569]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   55.815090][ T3569]  ? _raw_spin_unlock+0x40/0x40
[   55.819925][ T3569]  ? print_memory_metadata+0xe2/0x140
[   55.825287][ T3569]  check_panic_on_warn+0x7e/0xa0
[   55.830210][ T3569]  ? ext4_search_dir+0xee/0x1b0
[   55.835045][ T3569]  end_report+0x6d/0xf0
[   55.839183][ T3569]  kasan_report+0x18e/0x1c0
[   55.843672][ T3569]  ? ext4_search_dir+0xee/0x1b0
[   55.848510][ T3569]  ext4_search_dir+0xee/0x1b0
[   55.853174][ T3569]  ext4_find_inline_entry+0x4b6/0x5e0
[   55.858535][ T3569]  ? ext4_try_create_inline_dir+0x320/0x320
[   55.864414][ T3569]  ? reacquire_held_locks+0x660/0x660
[   55.869771][ T3569]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   55.875677][ T3569]  ? _raw_spin_unlock+0x40/0x40
[   55.880534][ T3569]  __ext4_find_entry+0x2b0/0x1b20
[   55.885553][ T3569]  ? ____kasan_kmalloc+0xba/0xf0
[   55.890474][ T3569]  ? ext4_ci_compare+0x660/0x660
[   55.895398][ T3569]  ? mark_lock+0x98/0x340
[   55.899711][ T3569]  ? __lock_acquire+0x1295/0x1ff0
[   55.904726][ T3569]  ? ext4_lookup+0x365/0xaa0
[   55.909305][ T3569]  ext4_lookup+0x3c6/0xaa0
[   55.913714][ T3569]  ? ext4_add_entry+0x12b0/0x12b0
[   55.918724][ T3569]  ? do_raw_spin_lock+0x14a/0x370
[   55.923754][ T3569]  ? _raw_spin_unlock+0x24/0x40
[   55.928604][ T3569]  ? d_alloc+0x194/0x1d0
[   55.932876][ T3569]  lookup_one_qstr_excl+0x117/0x240
[   55.938076][ T3569]  filename_create+0x293/0x530
[   55.942833][ T3569]  ? kern_path_create+0x180/0x180
[   55.948075][ T3569]  ? __virt_addr_valid+0x3bb/0x460
[   55.953196][ T3569]  do_mkdirat+0xb3/0x520
[   55.957430][ T3569]  ? vfs_mkdir+0x590/0x590
[   55.961831][ T3569]  ? getname_flags+0x1ec/0x4e0
[   55.966586][ T3569]  __x64_sys_mkdirat+0x85/0x90
[   55.971364][ T3569]  do_syscall_64+0x3b/0xb0
[   55.975781][ T3569]  ? clear_bhb_loop+0x15/0x70
[   55.980446][ T3569]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   55.986328][ T3569] RIP: 0033:0x7fe49710d649
[   55.990748][ T3569] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   56.010450][ T3569] RSP: 002b:00007fffa692cab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   56.018863][ T3569] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe49710d649
[   56.026852][ T3569] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000007
[   56.034847][ T3569] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000003
[   56.042810][ T3569] R10: 00000000000001be R11: 0000000000000246 R12: 00007fe497151218
[   56.050775][ T3569] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007fffa692cb30
[   56.058741][ T3569]  </TASK>
[   56.061857][ T3569] Kernel Offset: disabled
[   56.066211][ T3569] Rebooting in 86400 seconds..