Warning: Permanently added '10.128.1.38' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   38.480487][ T4994] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4994 'syz-executor145'
[   38.494737][ T4994] loop0: detected capacity change from 0 to 512
[   38.502174][ T4994] EXT4-fs: Ignoring removed bh option
[   38.509053][ T4994] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   38.522517][ T4994] EXT4-fs (loop0): 1 truncate cleaned up
[   38.528209][ T4994] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.575413][ T4994] EXT4-fs error (device loop0): ext4_find_dest_de:2107: inode #12: block 7: comm syz-executor145: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
executing program
[   38.617173][ T4993] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.639266][ T4998] loop0: detected capacity change from 0 to 512
[   38.646829][ T4998] EXT4-fs: Ignoring removed bh option
[   38.655185][ T4998] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   38.665794][ T4998] EXT4-fs (loop0): 1 truncate cleaned up
[   38.671664][ T4998] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.714364][ T4998] ==================================================================
[   38.722436][ T4998] BUG: KASAN: slab-out-of-bounds in ext4_search_dir+0x1e4/0x210
[   38.730059][ T4998] Read of size 1 at addr ffff888027d3d3ed by task syz-executor145/4998
[   38.738272][ T4998] 
[   38.740575][ T4998] CPU: 0 PID: 4998 Comm: syz-executor145 Not tainted 6.4.0-rc7-syzkaller-00194-g8a28a0b6f1a1 #0
[   38.750963][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   38.761001][ T4998] Call Trace:
[   38.764260][ T4998]  <TASK>
[   38.767176][ T4998]  dump_stack_lvl+0xd9/0x150
[   38.771758][ T4998]  print_address_description.constprop.0+0x2c/0x3c0
[   38.778339][ T4998]  ? ext4_search_dir+0x1e4/0x210
[   38.783266][ T4998]  kasan_report+0x11c/0x130
[   38.787758][ T4998]  ? ext4_search_dir+0x1e4/0x210
[   38.792679][ T4998]  ext4_search_dir+0x1e4/0x210
[   38.797425][ T4998]  ext4_find_inline_entry+0x419/0x4e0
[   38.802779][ T4998]  ? tomoyo_path_number_perm+0x166/0x570
[   38.808394][ T4998]  ? ext4_try_create_inline_dir+0x2d0/0x2d0
[   38.814267][ T4998]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   38.820407][ T4998]  __ext4_find_entry+0x746/0x1050
[   38.825427][ T4998]  ? ext4_dx_find_entry+0x580/0x580
[   38.830626][ T4998]  ? ext4_fname_prepare_lookup+0x163/0x200
[   38.836425][ T4998]  ext4_lookup+0x500/0x700
[   38.840825][ T4998]  ? make_vfsuid+0x113/0x170
[   38.845401][ T4998]  ? ext4_resetent+0x2e0/0x2e0
[   38.850165][ T4998]  ? apparmor_path_mknod+0x16f/0x730
[   38.855451][ T4998]  ? tomoyo_path_mknod+0x138/0x190
[   38.860558][ T4998]  ? make_vfsgid+0x113/0x170
[   38.865142][ T4998]  ? security_inode_permission+0xc9/0xf0
[   38.870778][ T4998]  ? bpf_lsm_inode_create+0x9/0x10
[   38.875883][ T4998]  lookup_open.isra.0+0x944/0x1400
[   38.881007][ T4998]  ? link_path_walk.part.0+0xd60/0xd60
[   38.886452][ T4998]  ? rwsem_down_write_slowpath+0x1220/0x1220
[   38.892504][ T4998]  ? __mnt_want_write+0x1fe/0x2e0
[   38.897512][ T4998]  path_openat+0x975/0x2750
[   38.902004][ T4998]  ? path_lookupat+0x840/0x840
[   38.906757][ T4998]  do_filp_open+0x1ba/0x410
[   38.911250][ T4998]  ? may_open_dev+0xf0/0xf0
[   38.915736][ T4998]  ? find_held_lock+0x2d/0x110
[   38.920487][ T4998]  ? do_raw_spin_lock+0x124/0x2b0
[   38.925498][ T4998]  ? spin_bug+0x1c0/0x1c0
[   38.929812][ T4998]  ? _raw_spin_unlock+0x28/0x40
[   38.934645][ T4998]  ? alloc_fd+0x2e4/0x750
[   38.938959][ T4998]  do_sys_openat2+0x16d/0x4c0
[   38.943620][ T4998]  ? build_open_flags+0x720/0x720
[   38.948644][ T4998]  ? blkcg_maybe_throttle_current+0x342/0xd60
[   38.954699][ T4998]  __x64_sys_open+0x11d/0x1c0
[   38.959366][ T4998]  ? do_sys_open+0x150/0x150
[   38.963947][ T4998]  ? syscall_enter_from_user_mode+0x26/0x80
[   38.969827][ T4998]  ? lockdep_hardirqs_on+0x7d/0x100
[   38.975013][ T4998]  do_syscall_64+0x39/0xb0
[   38.979413][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   38.985307][ T4998] RIP: 0033:0x7f79ed8bccf9
[   38.989701][ T4998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   39.009302][ T4998] RSP: 002b:00007ffc4b0b2bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   39.017699][ T4998] RAX: ffffffffffffffda RBX: 000000000000963f RCX: 00007f79ed8bccf9
[   39.025651][ T4998] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[   39.033601][ T4998] RBP: 0000000000000000 R08: 000000000001f210 R09: 00000000200012c0
[   39.041554][ T4998] R10: 00007f79dd0af000 R11: 0000000000000246 R12: 00007ffc4b0b2bec
[   39.049516][ T4998] R13: 00007ffc4b0b2c20 R14: 00007ffc4b0b2c00 R15: 0000000000000001
[   39.057470][ T4998]  </TASK>
[   39.060468][ T4998] 
[   39.062770][ T4998] Allocated by task 4733:
[   39.067071][ T4998]  kasan_save_stack+0x22/0x40
[   39.071730][ T4998]  kasan_set_track+0x25/0x30
[   39.076302][ T4998]  __kasan_slab_alloc+0x7f/0x90
[   39.081156][ T4998]  kmem_cache_alloc+0x17c/0x3b0
[   39.086002][ T4998]  vm_area_alloc+0x20/0x230
[   39.090498][ T4998]  mmap_region+0x407/0x28d0
[   39.094997][ T4998]  do_mmap+0x831/0xf60
[   39.099045][ T4998]  vm_mmap_pgoff+0x1a2/0x3b0
[   39.103618][ T4998]  vm_mmap+0x96/0xc0
[   39.107499][ T4998]  elf_map+0x118/0x320
[   39.111550][ T4998]  load_elf_binary+0xd79/0x4f40
[   39.116386][ T4998]  bprm_execve+0x7fd/0x1980
[   39.120889][ T4998]  do_execveat_common+0x72c/0x8e0
[   39.125897][ T4998]  __x64_sys_execve+0x93/0xc0
[   39.130559][ T4998]  do_syscall_64+0x39/0xb0
[   39.134968][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.140847][ T4998] 
[   39.143149][ T4998] Freed by task 4733:
[   39.147103][ T4998]  kasan_save_stack+0x22/0x40
[   39.151776][ T4998]  kasan_set_track+0x25/0x30
[   39.156348][ T4998]  kasan_save_free_info+0x2e/0x40
[   39.161347][ T4998]  ____kasan_slab_free+0x160/0x1c0
[   39.166436][ T4998]  slab_free_freelist_hook+0x8b/0x1c0
[   39.171786][ T4998]  kmem_cache_free+0xe9/0x480
[   39.176444][ T4998]  remove_vma+0x121/0x170
[   39.180753][ T4998]  exit_mmap+0x33e/0x930
[   39.184974][ T4998]  __mmput+0x128/0x4c0
[   39.189036][ T4998]  mmput+0x60/0x70
[   39.192737][ T4998]  do_exit+0x9b0/0x29b0
[   39.196872][ T4998]  do_group_exit+0xd4/0x2a0
[   39.201353][ T4998]  __x64_sys_exit_group+0x3e/0x50
[   39.206358][ T4998]  do_syscall_64+0x39/0xb0
[   39.210750][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.216630][ T4998] 
[   39.218935][ T4998] The buggy address belongs to the object at ffff888027d3d300
[   39.218935][ T4998]  which belongs to the cache vm_area_struct of size 192
[   39.233223][ T4998] The buggy address is located 45 bytes to the right of
[   39.233223][ T4998]  allocated 192-byte region [ffff888027d3d300, ffff888027d3d3c0)
[   39.247877][ T4998] 
[   39.250177][ T4998] The buggy address belongs to the physical page:
[   39.256563][ T4998] page:ffffea00009f4f40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27d3d
[   39.266687][ T4998] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   39.274208][ T4998] page_type: 0xffffffff()
[   39.278516][ T4998] raw: 00fff00000000200 ffff888140007b40 dead000000000122 0000000000000000
[   39.287096][ T4998] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   39.295668][ T4998] page dumped because: kasan: bad access detected
[   39.302052][ T4998] page_owner tracks the page as allocated
[   39.307745][ T4998] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 4732, tgid 4732 (rm), ts 20764010397, free_ts 20750708211
[   39.325168][ T4998]  post_alloc_hook+0x2db/0x350
[   39.329918][ T4998]  get_page_from_freelist+0xf41/0x2c00
[   39.335366][ T4998]  __alloc_pages+0x1cb/0x4a0
[   39.339945][ T4998]  alloc_pages+0x1aa/0x270
[   39.344341][ T4998]  allocate_slab+0x25f/0x390
[   39.348916][ T4998]  ___slab_alloc+0xa91/0x1400
[   39.353575][ T4998]  __slab_alloc.constprop.0+0x56/0xa0
[   39.358930][ T4998]  kmem_cache_alloc+0x38e/0x3b0
[   39.363765][ T4998]  vm_area_dup+0x23/0x300
[   39.368077][ T4998]  __split_vma+0x199/0x830
[   39.372476][ T4998]  split_vma+0xc6/0x110
[   39.376633][ T4998]  mprotect_fixup+0x90e/0xbd0
[   39.381303][ T4998]  do_mprotect_pkey+0x87f/0xd40
[   39.386139][ T4998]  __x64_sys_mprotect+0x78/0xb0
[   39.390989][ T4998]  do_syscall_64+0x39/0xb0
[   39.395385][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.401282][ T4998] page last free stack trace:
[   39.405952][ T4998]  free_unref_page_prepare+0x62e/0xcb0
[   39.411423][ T4998]  free_unref_page_list+0xe3/0xa70
[   39.416536][ T4998]  release_pages+0xcd8/0x1380
[   39.421197][ T4998]  tlb_batch_pages_flush+0xa8/0x1a0
[   39.426379][ T4998]  tlb_finish_mmu+0x14b/0x7e0
[   39.431041][ T4998]  exit_mmap+0x2b2/0x930
[   39.435277][ T4998]  __mmput+0x128/0x4c0
[   39.439342][ T4998]  mmput+0x60/0x70
[   39.443045][ T4998]  do_exit+0x9b0/0x29b0
[   39.447183][ T4998]  do_group_exit+0xd4/0x2a0
[   39.451667][ T4998]  __x64_sys_exit_group+0x3e/0x50
[   39.456678][ T4998]  do_syscall_64+0x39/0xb0
[   39.461090][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.466968][ T4998] 
[   39.469277][ T4998] Memory state around the buggy address:
[   39.474898][ T4998]  ffff888027d3d280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   39.482937][ T4998]  ffff888027d3d300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.490977][ T4998] >ffff888027d3d380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   39.499018][ T4998]                                                           ^
[   39.506447][ T4998]  ffff888027d3d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.514494][ T4998]  ffff888027d3d480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   39.522532][ T4998] ==================================================================
[   39.530904][ T4998] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   39.538094][ T4998] CPU: 0 PID: 4998 Comm: syz-executor145 Not tainted 6.4.0-rc7-syzkaller-00194-g8a28a0b6f1a1 #0
[   39.548489][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   39.558542][ T4998] Call Trace:
[   39.561802][ T4998]  <TASK>
[   39.564716][ T4998]  dump_stack_lvl+0xd9/0x150
[   39.569297][ T4998]  panic+0x686/0x730
[   39.573182][ T4998]  ? panic_smp_self_stop+0xa0/0xa0
[   39.578283][ T4998]  ? preempt_schedule_thunk+0x1a/0x20
[   39.583647][ T4998]  ? preempt_schedule_common+0x45/0xb0
[   39.589100][ T4998]  check_panic_on_warn+0xb1/0xc0
[   39.594030][ T4998]  end_report+0xe9/0x120
[   39.598263][ T4998]  ? ext4_search_dir+0x1e4/0x210
[   39.603188][ T4998]  kasan_report+0xf9/0x130
[   39.607611][ T4998]  ? ext4_search_dir+0x1e4/0x210
[   39.612537][ T4998]  ext4_search_dir+0x1e4/0x210
[   39.617284][ T4998]  ext4_find_inline_entry+0x419/0x4e0
[   39.622644][ T4998]  ? tomoyo_path_number_perm+0x166/0x570
[   39.628268][ T4998]  ? ext4_try_create_inline_dir+0x2d0/0x2d0
[   39.634146][ T4998]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   39.640123][ T4998]  __ext4_find_entry+0x746/0x1050
[   39.645137][ T4998]  ? ext4_dx_find_entry+0x580/0x580
[   39.650320][ T4998]  ? ext4_fname_prepare_lookup+0x163/0x200
[   39.656120][ T4998]  ext4_lookup+0x500/0x700
[   39.660522][ T4998]  ? make_vfsuid+0x113/0x170
[   39.665101][ T4998]  ? ext4_resetent+0x2e0/0x2e0
[   39.669854][ T4998]  ? apparmor_path_mknod+0x16f/0x730
[   39.675131][ T4998]  ? tomoyo_path_mknod+0x138/0x190
[   39.680230][ T4998]  ? make_vfsgid+0x113/0x170
[   39.684809][ T4998]  ? security_inode_permission+0xc9/0xf0
[   39.690428][ T4998]  ? bpf_lsm_inode_create+0x9/0x10
[   39.695545][ T4998]  lookup_open.isra.0+0x944/0x1400
[   39.700646][ T4998]  ? link_path_walk.part.0+0xd60/0xd60
[   39.706109][ T4998]  ? rwsem_down_write_slowpath+0x1220/0x1220
[   39.712080][ T4998]  ? __mnt_want_write+0x1fe/0x2e0
[   39.717094][ T4998]  path_openat+0x975/0x2750
[   39.721585][ T4998]  ? path_lookupat+0x840/0x840
[   39.726338][ T4998]  do_filp_open+0x1ba/0x410
[   39.730829][ T4998]  ? may_open_dev+0xf0/0xf0
[   39.735317][ T4998]  ? find_held_lock+0x2d/0x110
[   39.740070][ T4998]  ? do_raw_spin_lock+0x124/0x2b0
[   39.745173][ T4998]  ? spin_bug+0x1c0/0x1c0
[   39.749491][ T4998]  ? _raw_spin_unlock+0x28/0x40
[   39.754332][ T4998]  ? alloc_fd+0x2e4/0x750
[   39.758655][ T4998]  do_sys_openat2+0x16d/0x4c0
[   39.763325][ T4998]  ? build_open_flags+0x720/0x720
[   39.768340][ T4998]  ? blkcg_maybe_throttle_current+0x342/0xd60
[   39.774402][ T4998]  __x64_sys_open+0x11d/0x1c0
[   39.779070][ T4998]  ? do_sys_open+0x150/0x150
[   39.783647][ T4998]  ? syscall_enter_from_user_mode+0x26/0x80
[   39.789533][ T4998]  ? lockdep_hardirqs_on+0x7d/0x100
[   39.794719][ T4998]  do_syscall_64+0x39/0xb0
[   39.799121][ T4998]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.805009][ T4998] RIP: 0033:0x7f79ed8bccf9
[   39.809405][ T4998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   39.828996][ T4998] RSP: 002b:00007ffc4b0b2bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   39.837389][ T4998] RAX: ffffffffffffffda RBX: 000000000000963f RCX: 00007f79ed8bccf9
[   39.845343][ T4998] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[   39.853314][ T4998] RBP: 0000000000000000 R08: 000000000001f210 R09: 00000000200012c0
[   39.861266][ T4998] R10: 00007f79dd0af000 R11: 0000000000000246 R12: 00007ffc4b0b2bec
[   39.869224][ T4998] R13: 00007ffc4b0b2c20 R14: 00007ffc4b0b2c00 R15: 0000000000000001
[   39.877184][ T4998]  </TASK>
[   39.881043][ T4998] Kernel Offset: disabled
[   39.885354][ T4998] Rebooting in 86400 seconds..