Warning: Permanently added '10.128.10.21' (ED25519) to the list of known hosts.
executing program
[   27.957712][   T24] audit: type=1400 audit(1743603053.410:66): avc:  denied  { execmem } for  pid=287 comm="syz-executor262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   27.978243][   T24] audit: type=1400 audit(1743603053.430:67): avc:  denied  { read write } for  pid=287 comm="syz-executor262" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   28.002433][   T24] audit: type=1400 audit(1743603053.430:68): avc:  denied  { open } for  pid=287 comm="syz-executor262" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   28.026607][   T24] audit: type=1400 audit(1743603053.430:69): avc:  denied  { ioctl } for  pid=287 comm="syz-executor262" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   28.033677][  T287] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[   28.052683][   T24] audit: type=1400 audit(1743603053.490:70): avc:  denied  { mounton } for  pid=287 comm="syz-executor262" path="/root/syzkaller.Fqja5r/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   28.059413][  T287] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   28.113339][  T287] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002]
[   28.121225][  T287] System zones: 1-12
[   28.126266][  T287] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor262: corrupted in-inode xattr
[   28.139078][  T287] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor262: couldn't read orphan inode 15 (err -117)
[   28.151393][  T287] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000005,,errors=continue
[   28.173210][   T24] audit: type=1400 audit(1743603053.630:71): avc:  denied  { mount } for  pid=287 comm="syz-executor262" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   28.175431][  T287] EXT4-fs warning (device loop0): dx_probe:806: inode #2: comm syz-executor262: Unrecognised inode hash code 4
[   28.201661][   T24] audit: type=1400 audit(1743603053.630:72): avc:  denied  { write } for  pid=287 comm="syz-executor262" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   28.206538][  T287] EXT4-fs warning (device loop0): dx_probe:946: inode #2: comm syz-executor262: Corrupt directory, running e2fsck is recommended
[   28.228130][   T24] audit: type=1400 audit(1743603053.630:73): avc:  denied  { add_name } for  pid=287 comm="syz-executor262" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   28.241558][  T287] EXT4-fs warning (device loop0): dx_probe:806: inode #2: comm syz-executor262: Unrecognised inode hash code 4
[   28.262147][   T24] audit: type=1400 audit(1743603053.630:74): avc:  denied  { create } for  pid=287 comm="syz-executor262" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   28.273460][  T287] EXT4-fs warning (device loop0): dx_probe:946: inode #2: comm syz-executor262: Corrupt directory, running e2fsck is recommended
[   28.293625][   T24] audit: type=1400 audit(1743603053.630:75): avc:  denied  { write open } for  pid=287 comm="syz-executor262" path="/root/syzkaller.Fqja5r/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   28.306866][  T287] ==================================================================
[   28.360290][  T287] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x700/0x880
[   28.368425][  T287] Read of size 2 at addr ffff88811362f003 by task syz-executor262/287
[   28.376402][  T287] 
[   28.378594][  T287] CPU: 0 PID: 287 Comm: syz-executor262 Not tainted 5.10.234-syzkaller-00033-g094fc3778d6b #0
[   28.388642][  T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   28.398543][  T287] Call Trace:
[   28.401670][  T287]  dump_stack_lvl+0x1e2/0x24b
[   28.406176][  T287]  ? printk+0xd1/0x111
[   28.410098][  T287]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   28.415554][  T287]  ? wake_up_klogd+0xb8/0xf0
[   28.420196][  T287]  ? panic+0x812/0x812
[   28.424083][  T287]  ? __getblk_gfp+0x3d/0x7e0
[   28.428770][  T287]  print_address_description+0x81/0x3b0
[   28.434126][  T287]  kasan_report+0x179/0x1c0
[   28.438472][  T287]  ? __ext4_check_dir_entry+0x700/0x880
[   28.443965][  T287]  ? __ext4_check_dir_entry+0x700/0x880
[   28.449370][  T287]  __asan_report_load2_noabort+0x14/0x20
[   28.454807][  T287]  __ext4_check_dir_entry+0x700/0x880
[   28.460019][  T287]  ext4_readdir+0x1402/0x37c0
[   28.464524][  T287]  ? ext4_dir_llseek+0x4c0/0x4c0
[   28.469307][  T287]  ? __kasan_check_write+0x14/0x20
[   28.474330][  T287]  ? down_read_interruptible+0x220/0x220
[   28.479803][  T287]  ? security_file_permission+0x86/0xb0
[   28.485180][  T287]  iterate_dir+0x265/0x580
[   28.489429][  T287]  ? ext4_dir_llseek+0x4c0/0x4c0
[   28.494209][  T287]  __se_sys_getdents64+0x1c1/0x460
[   28.499152][  T287]  ? _raw_spin_trylock_bh+0x190/0x190
[   28.504359][  T287]  ? __x64_sys_getdents64+0x90/0x90
[   28.509395][  T287]  ? filldir+0x680/0x680
[   28.513666][  T287]  ? debug_smp_processor_id+0x17/0x20
[   28.518947][  T287]  __x64_sys_getdents64+0x7b/0x90
[   28.523986][  T287]  do_syscall_64+0x34/0x70
[   28.528335][  T287]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.534065][  T287] RIP: 0033:0x7f7d62370899
[   28.538326][  T287] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   28.557754][  T287] RSP: 002b:00007ffe345955d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   28.566178][  T287] RAX: ffffffffffffffda RBX: 626b5f657a69735f RCX: 00007f7d62370899
[   28.573985][  T287] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000006
[   28.581798][  T287] RBP: 00007ffe345955e8 R08: 6c616b7a79732f2e R09: 6c616b7a79732f2e
[   28.589690][  T287] R10: 6c616b7a79732f2e R11: 0000000000000246 R12: 0000000000000000
[   28.597512][  T287] R13: 00007ffe34595848 R14: 0000000000000001 R15: 0000000000000001
[   28.605331][  T287] 
[   28.607489][  T287] The buggy address belongs to the page:
[   28.612973][  T287] page:ffffea00044d8bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11362f
[   28.623024][  T287] flags: 0x4000000000000000()
[   28.627550][  T287] raw: 4000000000000000 ffffea00047f8308 ffff8881f705ab70 0000000000000000
[   28.635958][  T287] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   28.644575][  T287] page dumped because: kasan: bad access detected
[   28.650836][  T287] page_owner tracks the page as freed
[   28.656049][  T287] page last allocated via order 0, migratetype Movable, gfp_mask 0x8100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x8000000), pid 272, ts 21621670164, free_ts 21655213079
[   28.672271][  T287]  prep_new_page+0x166/0x180
[   28.676720][  T287]  get_page_from_freelist+0x2d8c/0x2f30
[   28.682076][  T287]  __alloc_pages_nodemask+0x435/0xaf0
[   28.687293][  T287]  handle_pte_fault+0x175a/0x3e10
[   28.692145][  T287]  handle_mm_fault+0x11d6/0x1a10
[   28.696916][  T287]  exc_page_fault+0x2a6/0x5b0
[   28.701434][  T287]  asm_exc_page_fault+0x1e/0x30
[   28.706115][  T287] page last free stack trace:
[   28.710635][  T287]  free_unref_page_prepare+0x2ae/0x2d0
[   28.715920][  T287]  free_unref_page_list+0x122/0xb20
[   28.720960][  T287]  release_pages+0xea0/0xef0
[   28.725383][  T287]  free_pages_and_swap_cache+0x8a/0xa0
[   28.730677][  T287]  tlb_finish_mmu+0x177/0x320
[   28.735198][  T287]  unmap_region+0x31c/0x370
[   28.739528][  T287]  __do_munmap+0x699/0x8c0
[   28.743785][  T287]  __se_sys_munmap+0x120/0x1a0
[   28.748588][  T287]  __x64_sys_munmap+0x5b/0x70
[   28.753076][  T287]  do_syscall_64+0x34/0x70
[   28.757326][  T287]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.763048][  T287] 
[   28.765217][  T287] Memory state around the buggy address:
[   28.770863][  T287]  ffff88811362ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.779026][  T287]  ffff88811362ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.786927][  T287] >ffff88811362f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.794812][  T287]                    ^
[   28.798754][  T287]  ffff88811362f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.806884][  T287]  ffff88811362f100: ff ff ff ff ff