Warning: Permanently added '10.128.1.152' (ED25519) to the list of known hosts.
executing program
[   25.076104][   T24] audit: type=1400 audit(1725551670.520:66): avc:  denied  { execmem } for  pid=284 comm="syz-executor926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   25.078870][   T24] audit: type=1400 audit(1725551670.530:67): avc:  denied  { mounton } for  pid=284 comm="syz-executor926" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   25.082196][   T24] audit: type=1400 audit(1725551670.530:68): avc:  denied  { mount } for  pid=284 comm="syz-executor926" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   25.085588][   T24] audit: type=1400 audit(1725551670.530:69): avc:  denied  { setattr } for  pid=284 comm="syz-executor926" name="raw-gadget" dev="devtmpfs" ino=161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   25.088999][   T24] audit: type=1400 audit(1725551670.530:70): avc:  denied  { mounton } for  pid=286 comm="syz-executor926" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   25.092512][   T24] audit: type=1400 audit(1725551670.530:71): avc:  denied  { mount } for  pid=286 comm="syz-executor926" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   25.095788][   T24] audit: type=1400 audit(1725551670.530:72): avc:  denied  { mounton } for  pid=286 comm="syz-executor926" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   25.106163][   T24] audit: type=1400 audit(1725551670.550:73): avc:  denied  { mounton } for  pid=286 comm="syz-executor926" path="/root/syzkaller.9TDx66/syz-tmp" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   25.130273][   T24] audit: type=1400 audit(1725551670.550:74): avc:  denied  { mount } for  pid=286 comm="syz-executor926" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   25.152180][   T24] audit: type=1400 audit(1725551670.550:75): avc:  denied  { mounton } for  pid=286 comm="syz-executor926" path="/root/syzkaller.9TDx66/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   25.182993][  T286] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz-executor926: casefold flag without casefold feature
[   25.196006][  T286] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #2: comm syz-executor926: missing EA_INODE flag
[   25.207889][  T286] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor926: error while reading EA inode 2 err=-117
[   25.220629][  T286] EXT4-fs (loop0): 1 orphan inode deleted
[   25.226166][  T286] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   25.236928][  T286] EXT4-fs warning (device loop0): __ext4fs_dirhash:270: inode #2: comm syz-executor926: Siphash requires key
[   25.248590][  T286] EXT4-fs error (device loop0): dx_make_map:1302: inode #2: block 255: comm syz-executor926: bad entry in directory: inode out of bounds - offset=0, inode=1633771873, rec_len=1024, size=1024 fake=0
[   25.267882][  T286] EXT4-fs error (device loop0) in do_split:2056: Corrupt filesystem
[   25.275827][  T286] EXT4-fs warning (device loop0): dx_probe:817: inode #2: comm syz-executor926: Hash code is SIPHASH, but hash not in dirent
[   25.288740][  T286] EXT4-fs warning (device loop0): dx_probe:945: inode #2: comm syz-executor926: Corrupt directory, running e2fsck is recommended
[   25.301843][  T286] ==================================================================
[   25.309712][  T286] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x700/0x880
[   25.317421][  T286] Read of size 2 at addr ffff88811ee9d003 by task syz-executor926/286
[   25.325397][  T286] 
[   25.327577][  T286] CPU: 0 PID: 286 Comm: syz-executor926 Not tainted 5.10.223-syzkaller-00011-g1c5354a314ea #0
[   25.337638][  T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   25.347711][  T286] Call Trace:
[   25.350837][  T286]  dump_stack_lvl+0x1e2/0x24b
[   25.355349][  T286]  ? printk+0xd1/0x111
[   25.359258][  T286]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   25.364551][  T286]  ? wake_up_klogd+0xb8/0xf0
[   25.368973][  T286]  ? panic+0x812/0x812
[   25.372880][  T286]  ? __getblk_gfp+0x3d/0x7e0
[   25.377309][  T286]  print_address_description+0x81/0x3b0
[   25.382688][  T286]  kasan_report+0x179/0x1c0
[   25.387030][  T286]  ? __ext4_check_dir_entry+0x700/0x880
[   25.392409][  T286]  ? __ext4_check_dir_entry+0x700/0x880
[   25.397791][  T286]  __asan_report_load2_noabort+0x14/0x20
[   25.403256][  T286]  __ext4_check_dir_entry+0x700/0x880
[   25.408468][  T286]  ext4_readdir+0x1402/0x37c0
[   25.412983][  T286]  ? ext4_dir_llseek+0x4c0/0x4c0
[   25.418275][  T286]  ? __kasan_check_write+0x14/0x20
[   25.423220][  T286]  ? down_read_interruptible+0x220/0x220
[   25.428689][  T286]  ? security_file_permission+0x86/0xb0
[   25.434069][  T286]  iterate_dir+0x265/0x580
[   25.438322][  T286]  ? ext4_dir_llseek+0x4c0/0x4c0
[   25.443094][  T286]  __se_sys_getdents64+0x1c1/0x460
[   25.448042][  T286]  ? __x64_sys_getdents64+0x90/0x90
[   25.453073][  T286]  ? filldir+0x680/0x680
[   25.457156][  T286]  ? debug_smp_processor_id+0x17/0x20
[   25.462360][  T286]  __x64_sys_getdents64+0x7b/0x90
[   25.467222][  T286]  do_syscall_64+0x34/0x70
[   25.471475][  T286]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.477204][  T286] RIP: 0033:0x7f8b926ae7b9
[   25.481466][  T286] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 1c 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   25.500896][  T286] RSP: 002b:00007ffd956fba68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   25.509142][  T286] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8b926ae7b9
[   25.516950][  T286] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000005
[   25.524763][  T286] RBP: 00007f8b926f225b R08: 00007f8b926f227d R09: 00007f8b926f227d
[   25.532749][  T286] R10: 00007f8b926f227d R11: 0000000000000246 R12: 00007f8b926f221b
[   25.540561][  T286] R13: 00007f8b926f2072 R14: 00007ffd956fbad0 R15: 00007ffd956fbaa8
[   25.548466][  T286] 
[   25.550713][  T286] The buggy address belongs to the page:
[   25.556203][  T286] page:ffffea00047ba740 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11ee9d
[   25.566255][  T286] flags: 0x4000000000000000()
[   25.570771][  T286] raw: 4000000000000000 ffffea00047b4108 ffff8881f715ab70 0000000000000000
[   25.579186][  T286] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   25.587598][  T286] page dumped because: kasan: bad access detected
[   25.593850][  T286] page_owner tracks the page as freed
[   25.599065][  T286] page last allocated via order 0, migratetype Movable, gfp_mask 0x8100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x8000000), pid 274, ts 19444317089, free_ts 19460513210
[   25.615301][  T286]  prep_new_page+0x166/0x180
[   25.619716][  T286]  get_page_from_freelist+0x2d8c/0x2f30
[   25.625094][  T286]  __alloc_pages_nodemask+0x435/0xaf0
[   25.630303][  T286]  handle_pte_fault+0x1782/0x3e30
[   25.635162][  T286]  handle_mm_fault+0x11d6/0x1a10
[   25.639938][  T286]  exc_page_fault+0x2a6/0x5b0
[   25.644451][  T286]  asm_exc_page_fault+0x1e/0x30
[   25.649131][  T286] page last free stack trace:
[   25.653650][  T286]  free_unref_page_prepare+0x2ae/0x2d0
[   25.658944][  T286]  free_unref_page_list+0x122/0xb20
[   25.664076][  T286]  release_pages+0xea0/0xef0
[   25.668500][  T286]  free_pages_and_swap_cache+0x8a/0xa0
[   25.673791][  T286]  tlb_finish_mmu+0x177/0x320
[   25.678306][  T286]  unmap_region+0x31c/0x370
[   25.682645][  T286]  __do_munmap+0x699/0x8c0
[   25.686899][  T286]  __se_sys_munmap+0x120/0x1a0
[   25.691498][  T286]  __x64_sys_munmap+0x5b/0x70
[   25.696010][  T286]  do_syscall_64+0x34/0x70
[   25.700266][  T286]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.705988][  T286] 
[   25.708158][  T286] Memory state around the buggy address:
[   25.713632][  T286]  ffff88811ee9cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.721527][  T286]  ffff88811ee9cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.729428][  T286] >ffff88811ee9d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.737319][  T286]                    ^
[   25.741244][  T286]  ffff88811ee9d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.749259][  T286]  ffff88811ee9d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.757144][  T286] ==================================================================
[   25.765040][  T286] Disabling lock debugging due to kernel taint
[   25.771131][  T286] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor926: path /file1: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0
[   25.791741][  T286] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 253: comm syz-executor926: path /file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0