Warning: Permanently added '10.128.1.26' (ECDSA) to the list of known hosts.
executing program
[   71.248200][ T4987] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4987 'syz-executor901'
[   71.266120][ T4987] loop0: detected capacity change from 0 to 512
[   71.276021][ T4987] EXT4-fs: Ignoring removed bh option
[   71.283006][ T4987] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   71.298991][ T4987] EXT4-fs (loop0): 1 truncate cleaned up
[   71.304848][ T4987] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.372603][ T4987] ==================================================================
[   71.380728][ T4987] BUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1b0
[   71.387983][ T4987] Read of size 1 at addr ffff8880738a73ed by task syz-executor901/4987
[   71.396231][ T4987] 
[   71.398577][ T4987] CPU: 1 PID: 4987 Comm: syz-executor901 Not tainted 6.4.0-rc2-syzkaller #0
[   71.407259][ T4987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   71.417336][ T4987] Call Trace:
[   71.420629][ T4987]  <TASK>
[   71.423567][ T4987]  dump_stack_lvl+0x1e7/0x2d0
[   71.428291][ T4987]  ? nf_tcp_handle_invalid+0x650/0x650
[   71.433861][ T4987]  ? panic+0x770/0x770
[   71.437952][ T4987]  ? _printk+0xd5/0x120
[   71.442115][ T4987]  print_report+0x163/0x540
[   71.446645][ T4987]  ? __virt_addr_valid+0x22f/0x2e0
[   71.451760][ T4987]  ? __phys_addr+0xba/0x170
[   71.456279][ T4987]  ? ext4_search_dir+0xf2/0x1b0
[   71.461140][ T4987]  kasan_report+0x176/0x1b0
[   71.465661][ T4987]  ? ext4_search_dir+0xf2/0x1b0
[   71.470521][ T4987]  ext4_search_dir+0xf2/0x1b0
[   71.475209][ T4987]  ext4_find_inline_entry+0x4ba/0x5e0
[   71.480596][ T4987]  ? ext4_try_create_inline_dir+0x320/0x320
[   71.486514][ T4987]  ? tomoyo_path_number_perm+0x6e4/0x840
[   71.492158][ T4987]  __ext4_find_entry+0x2b4/0x1b30
[   71.497201][ T4987]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   71.502687][ T4987]  ? ext4_fname_setup_ci_filename+0x6b/0x490
[   71.508763][ T4987]  ? ext4_ci_compare+0x660/0x660
[   71.513712][ T4987]  ? ext4_fname_prepare_lookup+0x2ee/0x400
[   71.519542][ T4987]  ? smk_tskacc+0x2ff/0x360
[   71.524059][ T4987]  ext4_lookup+0x17a/0x750
[   71.528493][ T4987]  ? smack_inode_rename+0x310/0x310
[   71.533695][ T4987]  ? ext4_add_entry+0x1010/0x1010
[   71.538728][ T4987]  ? generic_permission+0x1df/0x550
[   71.543931][ T4987]  ? bpf_lsm_inode_create+0x9/0x10
[   71.549042][ T4987]  ? security_inode_create+0xb8/0x100
[   71.554426][ T4987]  ? ext4_add_entry+0x1010/0x1010
[   71.559460][ T4987]  path_openat+0x11e9/0x3170
[   71.564090][ T4987]  ? do_filp_open+0x490/0x490
[   71.568798][ T4987]  do_filp_open+0x234/0x490
[   71.573316][ T4987]  ? vfs_tmpfile+0x4a0/0x4a0
[   71.577925][ T4987]  ? _raw_spin_unlock+0x28/0x40
[   71.582779][ T4987]  ? alloc_fd+0x59c/0x640
[   71.587129][ T4987]  do_sys_openat2+0x13f/0x500
[   71.591824][ T4987]  ? do_sys_open+0x230/0x230
[   71.596431][ T4987]  ? task_work_run+0x2c0/0x300
[   71.601200][ T4987]  __x64_sys_open+0x225/0x270
[   71.605887][ T4987]  ? do_sys_openat2+0x500/0x500
[   71.610759][ T4987]  ? syscall_enter_from_user_mode+0x32/0x230
[   71.616849][ T4987]  ? lockdep_hardirqs_on+0x98/0x140
[   71.622067][ T4987]  ? syscall_enter_from_user_mode+0x32/0x230
[   71.628057][ T4987]  do_syscall_64+0x41/0xc0
[   71.632578][ T4987]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   71.638479][ T4987] RIP: 0033:0x7fb2e8a7b2d9
[   71.642918][ T4987] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   71.662714][ T4987] RSP: 002b:00007fffef7d78a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   71.671138][ T4987] RAX: ffffffffffffffda RBX: 00007fffef7d78e8 RCX: 00007fb2e8a7b2d9
[   71.679145][ T4987] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[   71.687133][ T4987] RBP: 0000000000000000 R08: 000000000001f210 R09: 0000000000000000
[   71.695105][ T4987] R10: 00007fb2d826d000 R11: 0000000000000246 R12: 00007fffef7d78e0
[   71.703088][ T4987] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000
[   71.711072][ T4987]  </TASK>
[   71.714091][ T4987] 
[   71.716414][ T4987] The buggy address belongs to the physical page:
[   71.722862][ T4987] page:ffffea0001ce29c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x738a7
[   71.733100][ T4987] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   71.740207][ T4987] page_type: 0xffffffff()
[   71.744545][ T4987] raw: 00fff00000000000 ffffea0001ce2a08 ffffea0001ce2988 0000000000000000
[   71.753219][ T4987] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   71.761807][ T4987] page dumped because: kasan: bad access detected
[   71.768222][ T4987] page_owner tracks the page as freed
[   71.773597][ T4987] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4987, tgid 4987 (syz-executor901), ts 71330456893, free_ts 71360711112
[   71.792527][ T4987]  post_alloc_hook+0x1e6/0x210
[   71.797303][ T4987]  get_page_from_freelist+0x321c/0x33a0
[   71.802856][ T4987]  __alloc_pages+0x255/0x670
[   71.807448][ T4987]  __folio_alloc+0x13/0x30
[   71.811872][ T4987]  vma_alloc_folio+0x48a/0x9a0
[   71.816642][ T4987]  handle_mm_fault+0x2942/0x5860
[   71.821586][ T4987]  exc_page_fault+0x274/0x910
[   71.826264][ T4987]  asm_exc_page_fault+0x26/0x30
[   71.831380][ T4987] page last free stack trace:
[   71.836050][ T4987]  free_unref_page_prepare+0x903/0xa30
[   71.841513][ T4987]  free_unref_page_list+0x596/0x830
[   71.846717][ T4987]  release_pages+0x2193/0x2470
[   71.851486][ T4987]  tlb_flush_mmu+0x100/0x210
[   71.856079][ T4987]  tlb_finish_mmu+0xd4/0x1f0
[   71.860847][ T4987]  unmap_region+0x258/0x2a0
[   71.865351][ T4987]  do_vmi_align_munmap+0x1123/0x1820
[   71.870637][ T4987]  do_vmi_munmap+0x24a/0x2b0
[   71.875238][ T4987]  __vm_munmap+0x226/0x470
[   71.879657][ T4987]  __x64_sys_munmap+0x69/0x80
[   71.884334][ T4987]  do_syscall_64+0x41/0xc0
[   71.888761][ T4987]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   71.894659][ T4987] 
[   71.896982][ T4987] Memory state around the buggy address:
[   71.902606][ T4987]  ffff8880738a7280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.910665][ T4987]  ffff8880738a7300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.918743][ T4987] >ffff8880738a7380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.926806][ T4987]                                                           ^
[   71.934261][ T4987]  ffff8880738a7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.942325][ T4987]  ffff8880738a7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.950382][ T4987] ==================================================================
[   71.963943][ T4987] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.971281][ T4987] CPU: 1 PID: 4987 Comm: syz-executor901 Not tainted 6.4.0-rc2-syzkaller #0
[   71.979975][ T4987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   71.990047][ T4987] Call Trace:
[   71.993336][ T4987]  <TASK>
[   71.996274][ T4987]  dump_stack_lvl+0x1e7/0x2d0
[   72.000973][ T4987]  ? nf_tcp_handle_invalid+0x650/0x650
[   72.006445][ T4987]  ? panic+0x770/0x770
[   72.010522][ T4987]  ? vscnprintf+0x5d/0x80
[   72.014881][ T4987]  panic+0x30f/0x770
[   72.018802][ T4987]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   72.024970][ T4987]  ? check_panic_on_warn+0x21/0xa0
[   72.030098][ T4987]  ? __memcpy_flushcache+0x2b0/0x2b0
[   72.035399][ T4987]  ? _raw_spin_unlock_irqrestore+0x12c/0x140
[   72.041387][ T4987]  ? _raw_spin_unlock+0x40/0x40
[   72.046252][ T4987]  check_panic_on_warn+0x82/0xa0
[   72.051199][ T4987]  ? ext4_search_dir+0xf2/0x1b0
[   72.056061][ T4987]  end_report+0x63/0x110
[   72.060315][ T4987]  kasan_report+0x183/0x1b0
[   72.064834][ T4987]  ? ext4_search_dir+0xf2/0x1b0
[   72.069698][ T4987]  ext4_search_dir+0xf2/0x1b0
[   72.074391][ T4987]  ext4_find_inline_entry+0x4ba/0x5e0
[   72.079781][ T4987]  ? ext4_try_create_inline_dir+0x320/0x320
[   72.085689][ T4987]  ? tomoyo_path_number_perm+0x6e4/0x840
[   72.091335][ T4987]  __ext4_find_entry+0x2b4/0x1b30
[   72.096371][ T4987]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   72.101845][ T4987]  ? ext4_fname_setup_ci_filename+0x6b/0x490
[   72.107835][ T4987]  ? ext4_ci_compare+0x660/0x660
[   72.112783][ T4987]  ? ext4_fname_prepare_lookup+0x2ee/0x400
[   72.118610][ T4987]  ? smk_tskacc+0x2ff/0x360
[   72.123127][ T4987]  ext4_lookup+0x17a/0x750
[   72.127553][ T4987]  ? smack_inode_rename+0x310/0x310
[   72.132760][ T4987]  ? ext4_add_entry+0x1010/0x1010
[   72.137806][ T4987]  ? generic_permission+0x1df/0x550
[   72.143041][ T4987]  ? bpf_lsm_inode_create+0x9/0x10
[   72.148186][ T4987]  ? security_inode_create+0xb8/0x100
[   72.153579][ T4987]  ? ext4_add_entry+0x1010/0x1010
[   72.158621][ T4987]  path_openat+0x11e9/0x3170
[   72.163249][ T4987]  ? do_filp_open+0x490/0x490
[   72.167951][ T4987]  do_filp_open+0x234/0x490
[   72.172481][ T4987]  ? vfs_tmpfile+0x4a0/0x4a0
[   72.177102][ T4987]  ? _raw_spin_unlock+0x28/0x40
[   72.181972][ T4987]  ? alloc_fd+0x59c/0x640
[   72.186323][ T4987]  do_sys_openat2+0x13f/0x500
[   72.191022][ T4987]  ? do_sys_open+0x230/0x230
[   72.195627][ T4987]  ? task_work_run+0x2c0/0x300
[   72.200394][ T4987]  __x64_sys_open+0x225/0x270
[   72.205084][ T4987]  ? do_sys_openat2+0x500/0x500
[   72.209948][ T4987]  ? syscall_enter_from_user_mode+0x32/0x230
[   72.215934][ T4987]  ? lockdep_hardirqs_on+0x98/0x140
[   72.221143][ T4987]  ? syscall_enter_from_user_mode+0x32/0x230
[   72.227133][ T4987]  do_syscall_64+0x41/0xc0
[   72.231560][ T4987]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   72.237458][ T4987] RIP: 0033:0x7fb2e8a7b2d9
[   72.241877][ T4987] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   72.261511][ T4987] RSP: 002b:00007fffef7d78a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   72.269939][ T4987] RAX: ffffffffffffffda RBX: 00007fffef7d78e8 RCX: 00007fb2e8a7b2d9
[   72.277918][ T4987] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[   72.285907][ T4987] RBP: 0000000000000000 R08: 000000000001f210 R09: 0000000000000000
[   72.293880][ T4987] R10: 00007fb2d826d000 R11: 0000000000000246 R12: 00007fffef7d78e0
[   72.301854][ T4987] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000
[   72.309835][ T4987]  </TASK>
[   72.313111][ T4987] Kernel Offset: disabled
[   72.317443][ T4987] Rebooting in 86400 seconds..