Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts.
executing program
[   51.600306][ T3498] loop0: detected capacity change from 0 to 2048
[   51.621038][ T3498] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   51.651849][ T3498] ==================================================================
[   51.660017][ T3498] BUG: KASAN: use-after-free in ext4_convert_inline_data_nolock+0x319/0xda0
[   51.669478][ T3498] Read of size 20 at addr ffff88801df5a1a3 by task syz-executor322/3498
[   51.677892][ T3498] 
[   51.680305][ T3498] CPU: 1 PID: 3498 Comm: syz-executor322 Not tainted 5.15.112-syzkaller #0
[   51.689005][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   51.699267][ T3498] Call Trace:
[   51.702540][ T3498]  <TASK>
[   51.705456][ T3498]  dump_stack_lvl+0x1e3/0x2cb
[   51.710717][ T3498]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   51.716353][ T3498]  ? _printk+0xd1/0x111
[   51.720526][ T3498]  ? __wake_up_klogd+0xcc/0x100
[   51.725386][ T3498]  ? panic+0x84d/0x84d
[   51.729453][ T3498]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   51.734944][ T3498]  print_address_description+0x63/0x3b0
[   51.740486][ T3498]  ? ext4_convert_inline_data_nolock+0x319/0xda0
[   51.746904][ T3498]  kasan_report+0x16b/0x1c0
[   51.751427][ T3498]  ? ext4_convert_inline_data_nolock+0x319/0xda0
[   51.757752][ T3498]  kasan_check_range+0x27e/0x290
[   51.762674][ T3498]  ? ext4_convert_inline_data_nolock+0x319/0xda0
[   51.768987][ T3498]  memcpy+0x25/0x60
[   51.772776][ T3498]  ext4_convert_inline_data_nolock+0x319/0xda0
[   51.778915][ T3498]  ? ext4_add_dirent_to_inline+0x540/0x540
[   51.784814][ T3498]  ? down_write+0x10e/0x170
[   51.789473][ T3498]  ? __ext4_journal_start_sb+0x1cb/0x370
[   51.795092][ T3498]  ext4_convert_inline_data+0x4cf/0x610
[   51.800621][ T3498]  ? ext4_inline_data_truncate+0xd20/0xd20
[   51.806407][ T3498]  ? down_write+0x10e/0x170
[   51.810894][ T3498]  ext4_fallocate+0x148/0x20c0
[   51.815662][ T3498]  ? rcu_read_lock_any_held+0xb3/0x160
[   51.821119][ T3498]  ? ext4_ext_truncate+0x250/0x250
[   51.826211][ T3498]  ? common_file_perm+0x17d/0x1d0
[   51.831219][ T3498]  vfs_fallocate+0x54a/0x6b0
[   51.835815][ T3498]  __x64_sys_fallocate+0xb9/0x100
[   51.840822][ T3498]  do_syscall_64+0x3d/0xb0
[   51.845245][ T3498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   51.851124][ T3498] RIP: 0033:0x7fe994521299
[   51.855521][ T3498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   51.875106][ T3498] RSP: 002b:00007fff77e698e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[   51.883595][ T3498] RAX: ffffffffffffffda RBX: 00007fe994596740 RCX: 00007fe994521299
[   51.891564][ T3498] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   51.899629][ T3498] RBP: 0000000000000001 R08: 001c00000000000c R09: 001c00000000000c
[   51.907686][ T3498] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000004
[   51.915657][ T3498] R13: 0000000000000003 R14: 00007fff77e69907 R15: 00007fff77e6990a
[   51.924150][ T3498]  </TASK>
[   51.927158][ T3498] 
[   51.929458][ T3498] Allocated by task 2967:
[   51.933754][ T3498]  ____kasan_kmalloc+0xba/0xf0
[   51.938498][ T3498]  __kmalloc+0x168/0x300
[   51.942717][ T3498]  tomoyo_realpath_from_path+0xd8/0x5e0
[   51.948241][ T3498]  tomoyo_check_open_permission+0x22c/0x490
[   51.954116][ T3498]  security_file_open+0x5f/0xa0
[   51.958944][ T3498]  do_dentry_open+0x315/0xfb0
[   51.963611][ T3498]  path_openat+0x2702/0x2f20
[   51.968956][ T3498]  do_filp_open+0x21c/0x460
[   51.973432][ T3498]  do_sys_openat2+0x13b/0x500
[   51.978099][ T3498]  __x64_sys_openat+0x243/0x290
[   51.982937][ T3498]  do_syscall_64+0x3d/0xb0
[   51.987380][ T3498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   51.993288][ T3498] 
[   51.995605][ T3498] Freed by task 2967:
[   51.999602][ T3498]  kasan_set_track+0x4b/0x80
[   52.004183][ T3498]  kasan_set_free_info+0x1f/0x40
[   52.009111][ T3498]  ____kasan_slab_free+0xd8/0x120
[   52.014154][ T3498]  slab_free_freelist_hook+0xdd/0x160
[   52.019520][ T3498]  kfree+0xf1/0x270
[   52.023307][ T3498]  tomoyo_realpath_from_path+0x5ad/0x5e0
[   52.029709][ T3498]  tomoyo_check_open_permission+0x22c/0x490
[   52.035579][ T3498]  security_file_open+0x5f/0xa0
[   52.040424][ T3498]  do_dentry_open+0x315/0xfb0
[   52.045486][ T3498]  path_openat+0x2702/0x2f20
[   52.050157][ T3498]  do_filp_open+0x21c/0x460
[   52.054647][ T3498]  do_sys_openat2+0x13b/0x500
[   52.059319][ T3498]  __x64_sys_openat+0x243/0x290
[   52.064164][ T3498]  do_syscall_64+0x3d/0xb0
[   52.069318][ T3498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.075212][ T3498] 
[   52.077718][ T3498] The buggy address belongs to the object at ffff88801df5a000
[   52.077718][ T3498]  which belongs to the cache kmalloc-4k of size 4096
[   52.092038][ T3498] The buggy address is located 419 bytes inside of
[   52.092038][ T3498]  4096-byte region [ffff88801df5a000, ffff88801df5b000)
[   52.105397][ T3498] The buggy address belongs to the page:
[   52.111007][ T3498] page:ffffea000077d600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1df58
[   52.121262][ T3498] head:ffffea000077d600 order:3 compound_mapcount:0 compound_pincount:0
[   52.129604][ T3498] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   52.137606][ T3498] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011c42140
[   52.146184][ T3498] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   52.154738][ T3498] page dumped because: kasan: bad access detected
[   52.161269][ T3498] page_owner tracks the page as allocated
[   52.166970][ T3498] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2967, ts 22174041375, free_ts 22118743760
[   52.185264][ T3498]  get_page_from_freelist+0x322a/0x33c0
[   52.190797][ T3498]  __alloc_pages+0x272/0x700
[   52.195365][ T3498]  new_slab+0xbb/0x4b0
[   52.199411][ T3498]  ___slab_alloc+0x6f6/0xe10
[   52.204759][ T3498]  __kmalloc+0x1c9/0x300
[   52.208995][ T3498]  tomoyo_realpath_from_path+0xd8/0x5e0
[   52.214517][ T3498]  tomoyo_path_number_perm+0x225/0x810
[   52.219951][ T3498]  tomoyo_path_mknod+0x172/0x1b0
[   52.224865][ T3498]  security_path_mknod+0xf1/0x150
[   52.229870][ T3498]  path_openat+0xc73/0x2f20
[   52.234350][ T3498]  do_filp_open+0x21c/0x460
[   52.238848][ T3498]  do_sys_openat2+0x13b/0x500
[   52.243518][ T3498]  __x64_sys_openat+0x243/0x290
[   52.248387][ T3498]  do_syscall_64+0x3d/0xb0
[   52.252890][ T3498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.258782][ T3498] page last free stack trace:
[   52.263449][ T3498]  free_unref_page_prepare+0xc34/0xcf0
[   52.268929][ T3498]  free_unref_page+0x95/0x2d0
[   52.273617][ T3498]  ___cache_free+0xe3/0x100
[   52.278112][ T3498]  qlist_free_all+0x36/0x90
[   52.282596][ T3498]  kasan_quarantine_reduce+0x162/0x180
[   52.288031][ T3498]  __kasan_slab_alloc+0x2f/0xc0
[   52.292862][ T3498]  slab_post_alloc_hook+0x53/0x380
[   52.297948][ T3498]  kmem_cache_alloc+0xf3/0x280
[   52.302689][ T3498]  getname_flags+0xb8/0x4e0
[   52.307172][ T3498]  do_sys_openat2+0xd2/0x500
[   52.311741][ T3498]  __x64_sys_openat+0x243/0x290
[   52.316569][ T3498]  do_syscall_64+0x3d/0xb0
[   52.320966][ T3498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.326954][ T3498] 
[   52.329270][ T3498] Memory state around the buggy address:
[   52.334891][ T3498]  ffff88801df5a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.342937][ T3498]  ffff88801df5a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.350975][ T3498] >ffff88801df5a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.359013][ T3498]                                ^
[   52.364271][ T3498]  ffff88801df5a200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.372306][ T3498]  ffff88801df5a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.380341][ T3498] ==================================================================
[   52.388375][ T3498] Disabling lock debugging due to kernel taint
[   52.395100][ T3498] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   52.402307][ T3498] CPU: 0 PID: 3498 Comm: syz-executor322 Tainted: G    B             5.15.112-syzkaller #0
[   52.412278][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   52.422337][ T3498] Call Trace:
[   52.425616][ T3498]  <TASK>
[   52.428524][ T3498]  dump_stack_lvl+0x1e3/0x2cb
[   52.433183][ T3498]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   52.438798][ T3498]  ? panic+0x84d/0x84d
[   52.442845][ T3498]  ? preempt_schedule_common+0xa6/0xd0
[   52.448280][ T3498]  ? preempt_schedule+0xd9/0xe0
[   52.453108][ T3498]  panic+0x318/0x84d
[   52.456998][ T3498]  ? check_panic_on_warn+0x1d/0xa0
[   52.462083][ T3498]  ? fb_is_primary_device+0xcc/0xcc
[   52.467690][ T3498]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   52.473649][ T3498]  ? _raw_spin_unlock+0x40/0x40
[   52.478474][ T3498]  ? print_memory_metadata+0xe2/0x140
[   52.483825][ T3498]  check_panic_on_warn+0x7e/0xa0
[   52.488737][ T3498]  ? ext4_convert_inline_data_nolock+0x319/0xda0
[   52.495041][ T3498]  end_report+0x6d/0xf0
[   52.499175][ T3498]  kasan_report+0x18e/0x1c0
[   52.503659][ T3498]  ? ext4_convert_inline_data_nolock+0x319/0xda0
[   52.509965][ T3498]  kasan_check_range+0x27e/0x290
[   52.514880][ T3498]  ? ext4_convert_inline_data_nolock+0x319/0xda0
[   52.521215][ T3498]  memcpy+0x25/0x60
[   52.524999][ T3498]  ext4_convert_inline_data_nolock+0x319/0xda0
[   52.531130][ T3498]  ? ext4_add_dirent_to_inline+0x540/0x540
[   52.536914][ T3498]  ? down_write+0x10e/0x170
[   52.541468][ T3498]  ? __ext4_journal_start_sb+0x1cb/0x370
[   52.547218][ T3498]  ext4_convert_inline_data+0x4cf/0x610
[   52.552761][ T3498]  ? ext4_inline_data_truncate+0xd20/0xd20
[   52.558660][ T3498]  ? down_write+0x10e/0x170
[   52.563158][ T3498]  ext4_fallocate+0x148/0x20c0
[   52.567906][ T3498]  ? rcu_read_lock_any_held+0xb3/0x160
[   52.573346][ T3498]  ? ext4_ext_truncate+0x250/0x250
[   52.578445][ T3498]  ? common_file_perm+0x17d/0x1d0
[   52.583448][ T3498]  vfs_fallocate+0x54a/0x6b0
[   52.588019][ T3498]  __x64_sys_fallocate+0xb9/0x100
[   52.593028][ T3498]  do_syscall_64+0x3d/0xb0
[   52.597562][ T3498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.603468][ T3498] RIP: 0033:0x7fe994521299
[   52.608772][ T3498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   52.629943][ T3498] RSP: 002b:00007fff77e698e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[   52.638542][ T3498] RAX: ffffffffffffffda RBX: 00007fe994596740 RCX: 00007fe994521299
[   52.646506][ T3498] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   52.654575][ T3498] RBP: 0000000000000001 R08: 001c00000000000c R09: 001c00000000000c
[   52.662633][ T3498] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000004
[   52.670597][ T3498] R13: 0000000000000003 R14: 00007fff77e69907 R15: 00007fff77e6990a
[   52.678557][ T3498]  </TASK>
[   52.682090][ T3498] Kernel Offset: disabled
[   52.686397][ T3498] Rebooting in 86400 seconds..