Warning: Permanently added '10.128.1.62' (ED25519) to the list of known hosts.
[   22.855605][   T28] audit: type=1400 audit(1747606610.412:64): avc:  denied  { execmem } for  pid=284 comm="syz-executor138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   22.875011][   T28] audit: type=1400 audit(1747606610.412:65): avc:  denied  { mounton } for  pid=284 comm="syz-executor138" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
executing program
[   22.900265][   T28] audit: type=1400 audit(1747606610.412:66): avc:  denied  { mount } for  pid=284 comm="syz-executor138" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   22.923766][   T28] audit: type=1400 audit(1747606610.462:67): avc:  denied  { mounton } for  pid=285 comm="syz-executor138" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   22.924576][  T285] request_module fs-gadgetfs succeeded, but still no fs?
[   22.945307][   T28] audit: type=1400 audit(1747606610.462:68): avc:  denied  { mounton } for  pid=285 comm="syz-executor138" path="/root/syzkaller.Q8X2IF/syz-tmp" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   22.957297][  T285] loop0: detected capacity change from 0 to 512
[   22.976579][   T28] audit: type=1400 audit(1747606610.462:69): avc:  denied  { mount } for  pid=285 comm="syz-executor138" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   22.976602][   T28] audit: type=1400 audit(1747606610.462:70): avc:  denied  { mounton } for  pid=285 comm="syz-executor138" path="/root/syzkaller.Q8X2IF/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   22.983461][  T285] EXT4-fs: Ignoring removed orlov option
[   23.013497][   T28] audit: type=1400 audit(1747606610.462:71): avc:  denied  { mount } for  pid=285 comm="syz-executor138" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   23.057662][   T28] audit: type=1400 audit(1747606610.462:72): avc:  denied  { mounton } for  pid=285 comm="syz-executor138" path="/root/syzkaller.Q8X2IF/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   23.060938][  T285] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor138: inode #1: comm syz-executor138: iget: illegal inode #
[   23.084358][   T28] audit: type=1400 audit(1747606610.462:73): avc:  denied  { mounton } for  pid=285 comm="syz-executor138" path="/root/syzkaller.Q8X2IF/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=14623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   23.125768][  T285] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor138: error while reading EA inode 1 err=-117
[   23.138662][  T285] EXT4-fs (loop0): 1 orphan inode deleted
[   23.144703][  T285] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   23.155129][  T285] ==================================================================
[   23.163191][  T285] BUG: KASAN: use-after-free in ext4_insert_dentry+0x388/0x710
[   23.170729][  T285] Write of size 251 at addr ffff8881115dcf14 by task syz-executor138/285
[   23.179114][  T285] 
[   23.181420][  T285] CPU: 0 PID: 285 Comm: syz-executor138 Not tainted 6.1.134-syzkaller-00016-ga0fa2316cce1 #0
[   23.191559][  T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   23.201595][  T285] Call Trace:
[   23.204851][  T285]  <TASK>
[   23.207761][  T285]  __dump_stack+0x21/0x24
[   23.212154][  T285]  dump_stack_lvl+0xee/0x150
[   23.216750][  T285]  ? __cfi_dump_stack_lvl+0x8/0x8
[   23.221752][  T285]  ? __cfi__printk+0x8/0x8
[   23.226146][  T285]  ? ext4_insert_dentry+0x388/0x710
[   23.231321][  T285]  print_address_description+0x71/0x210
[   23.236848][  T285]  print_report+0x4a/0x60
[   23.241156][  T285]  kasan_report+0x122/0x150
[   23.245645][  T285]  ? ext4_insert_dentry+0x388/0x710
[   23.250823][  T285]  ? ext4_insert_dentry+0x388/0x710
[   23.256005][  T285]  kasan_check_range+0x280/0x290
[   23.260919][  T285]  memcpy+0x44/0x70
[   23.264708][  T285]  ext4_insert_dentry+0x388/0x710
[   23.269716][  T285]  add_dirent_to_buf+0x2ac/0x670
[   23.274643][  T285]  make_indexed_dir+0xe55/0x14a0
[   23.279562][  T285]  ? add_dirent_to_buf+0x670/0x670
[   23.284658][  T285]  ? add_dirent_to_buf+0x45b/0x670
[   23.289751][  T285]  ext4_add_entry+0xb45/0xd70
[   23.294411][  T285]  ? ext4_inc_count+0x1b0/0x1b0
[   23.299241][  T285]  ? __cfi___ext4_new_inode+0x10/0x10
[   23.304593][  T285]  ? dquot_initialize+0x20/0x20
[   23.309426][  T285]  ext4_add_nondir+0x97/0x270
[   23.314103][  T285]  ext4_symlink+0x842/0x9b0
[   23.318585][  T285]  ? __cfi_ext4_symlink+0x10/0x10
[   23.323593][  T285]  ? security_inode_symlink+0xcf/0x120
[   23.329036][  T285]  vfs_symlink+0x261/0x3f0
[   23.333449][  T285]  do_symlinkat+0x124/0x5a0
[   23.337932][  T285]  __x64_sys_symlink+0x7e/0x90
[   23.342673][  T285]  x64_sys_call+0x369/0x9a0
[   23.347164][  T285]  do_syscall_64+0x4c/0xa0
[   23.351567][  T285]  ? clear_bhb_loop+0x15/0x70
[   23.356220][  T285]  ? clear_bhb_loop+0x15/0x70
[   23.360871][  T285]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   23.366748][  T285] RIP: 0033:0x7f0bfb1a43b9
[   23.371147][  T285] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   23.390726][  T285] RSP: 002b:00007fffe5f9c138 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   23.399117][  T285] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0bfb1a43b9
[   23.407067][  T285] RDX: 0000000000000000 RSI: 0000200000000cc0 RDI: 0000200000000dc0
[   23.415014][  T285] RBP: 00007f0bfb1e61ad R08: 00007f0bfb1e61dd R09: 00007f0bfb1e61dd
[   23.422962][  T285] R10: 00007f0bfb1e61dd R11: 0000000000000246 R12: 00007f0bfb1e6068
[   23.430909][  T285] R13: 00007f0bfb1ec87c R14: 00007f0bfb1e612e R15: 0000000000000001
[   23.438863][  T285]  </TASK>
[   23.441859][  T285] 
[   23.444159][  T285] The buggy address belongs to the physical page:
[   23.450544][  T285] page:ffffea0004457700 refcount:3 mapcount:0 mapping:ffff88810ba641d0 index:0x3f pfn:0x1115dc
[   23.460889][  T285] memcg:ffff888100336000
[   23.465133][  T285] aops:def_blk_aops ino:700000
[   23.469887][  T285] flags: 0x420000000000204a(referenced|dirty|workingset|private|zone=1)
[   23.478209][  T285] raw: 420000000000204a 0000000000000000 dead000000000122 ffff88810ba641d0
[   23.486956][  T285] raw: 000000000000003f ffff888124cc9bd0 00000003ffffffff ffff888100336000
[   23.495522][  T285] page dumped because: kasan: bad access detected
[   23.501918][  T285] page_owner tracks the page as allocated
[   23.507610][  T285] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 285, tgid 285 (syz-executor138), ts 23155004337, free_ts 17138580189
[   23.527996][  T285]  post_alloc_hook+0x1f5/0x210
[   23.532744][  T285]  prep_new_page+0x1c/0x110
[   23.537231][  T285]  get_page_from_freelist+0x2c6e/0x2ce0
[   23.542757][  T285]  __alloc_pages+0x19e/0x3a0
[   23.547327][  T285]  __folio_alloc+0x12/0x40
[   23.551740][  T285]  __filemap_get_folio+0x6ec/0x980
[   23.556833][  T285]  pagecache_get_page+0x2b/0x110
[   23.561749][  T285]  __getblk_gfp+0x217/0x7d0
[   23.566230][  T285]  ext4_getblk+0x26c/0x6d0
[   23.570629][  T285]  ext4_bread+0x2b/0x170
[   23.574866][  T285]  ext4_append+0x2c3/0x560
[   23.579258][  T285]  make_indexed_dir+0x55d/0x14a0
[   23.584173][  T285]  ext4_add_entry+0xb45/0xd70
[   23.588839][  T285]  ext4_add_nondir+0x97/0x270
[   23.593499][  T285]  ext4_symlink+0x842/0x9b0
[   23.597983][  T285]  vfs_symlink+0x261/0x3f0
[   23.602388][  T285] page last free stack trace:
[   23.607035][  T285]  free_unref_page_prepare+0x742/0x750
[   23.612472][  T285]  free_unref_page_list+0xba/0x7c0
[   23.617580][  T285]  release_pages+0xad1/0xb20
[   23.622150][  T285]  free_pages_and_swap_cache+0x86/0xa0
[   23.627586][  T285]  tlb_finish_mmu+0x1aa/0x370
[   23.632242][  T285]  exit_mmap+0x3c7/0xa40
[   23.636463][  T285]  __mmput+0x93/0x320
[   23.640428][  T285]  mmput+0x4b/0x150
[   23.644221][  T285]  do_exit+0x979/0x2650
[   23.648362][  T285]  do_group_exit+0x210/0x2d0
[   23.652935][  T285]  __x64_sys_exit_group+0x3f/0x40
[   23.657945][  T285]  x64_sys_call+0x7b4/0x9a0
[   23.662430][  T285]  do_syscall_64+0x4c/0xa0
[   23.666839][  T285]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   23.672722][  T285] 
[   23.675029][  T285] Memory state around the buggy address:
[   23.680641][  T285]  ffff8881115dcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.688692][  T285]  ffff8881115dcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.696731][  T285] >ffff8881115dd000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   23.704769][  T285]                    ^
[   2