Warning: Permanently added '10.128.1.243' (ED25519) to the list of known hosts.
executing program
[   24.032406][   T24] audit: type=1400 audit(1721889450.110:66): avc:  denied  { execmem } for  pid=283 comm="syz-executor953" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   24.051679][   T24] audit: type=1400 audit(1721889450.110:67): avc:  denied  { read write } for  pid=283 comm="syz-executor953" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   24.075656][   T24] audit: type=1400 audit(1721889450.120:68): avc:  denied  { open } for  pid=283 comm="syz-executor953" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   24.099587][   T24] audit: type=1400 audit(1721889450.120:69): avc:  denied  { ioctl } for  pid=283 comm="syz-executor953" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   24.106340][  T285] EXT4-fs (loop0): Ignoring removed orlov option
[   24.125545][   T24] audit: type=1400 audit(1721889450.180:70): avc:  denied  { mounton } for  pid=285 comm="syz-executor953" path="/root/syzkaller.cfUjke/0/file2" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   24.141116][  T285] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,acl,,errors=continue
[   24.174822][   T24] audit: type=1400 audit(1721889450.250:71): avc:  denied  { mount } for  pid=285 comm="syz-executor953" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   24.199499][   T24] audit: type=1400 audit(1721889450.250:72): avc:  denied  { write } for  pid=285 comm="syz-executor953" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   24.203472][  T285] ==================================================================
[   24.227908][   T24] audit: type=1400 audit(1721889450.250:73): avc:  denied  { add_name } for  pid=285 comm="syz-executor953" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   24.229470][  T285] BUG: KASAN: use-after-free in ext4_search_dir+0xf7/0x1b0
[   24.250279][   T24] audit: type=1400 audit(1721889450.250:74): avc:  denied  { create } for  pid=285 comm="syz-executor953" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   24.256955][  T285] Read of size 1 at addr ffff888117db8900 by task syz-executor953/285
[   24.277146][   T24] audit: type=1400 audit(1721889450.260:75): avc:  denied  { write open } for  pid=285 comm="syz-executor953" path="/root/syzkaller.cfUjke/0/file2/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   24.284981][  T285] 
[   24.312406][  T285] CPU: 1 PID: 285 Comm: syz-executor953 Not tainted 5.10.222-syzkaller-01494-gfd58936f3c1f #0
[   24.322464][  T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   24.332366][  T285] Call Trace:
[   24.335489][  T285]  dump_stack_lvl+0x1e2/0x24b
[   24.340000][  T285]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   24.345292][  T285]  ? panic+0x812/0x812
[   24.349205][  T285]  print_address_description+0x81/0x3b0
[   24.354578][  T285]  kasan_report+0x179/0x1c0
[   24.358923][  T285]  ? ext4_search_dir+0xf7/0x1b0
[   24.363606][  T285]  ? ext4_search_dir+0xf7/0x1b0
[   24.368302][  T285]  __asan_report_load1_noabort+0x14/0x20
[   24.373770][  T285]  ext4_search_dir+0xf7/0x1b0
[   24.378276][  T285]  ext4_find_inline_entry+0x4b6/0x5e0
[   24.383487][  T285]  ? __kasan_check_write+0x14/0x20
[   24.388435][  T285]  ? ext4_try_create_inline_dir+0x320/0x320
[   24.394157][  T285]  ? stack_trace_save+0x113/0x1c0
[   24.399021][  T285]  __ext4_find_entry+0x2b0/0x1990
[   24.403974][  T285]  ? __kasan_slab_alloc+0xc3/0xe0
[   24.408824][  T285]  ? __kasan_slab_alloc+0xb1/0xe0
[   24.413685][  T285]  ? __d_alloc+0x2d/0x6c0
[   24.417862][  T285]  ? d_alloc+0x4b/0x1d0
[   24.421854][  T285]  ? __lookup_hash+0xe7/0x290
[   24.426377][  T285]  ? do_syscall_64+0x34/0x70
[   24.430792][  T285]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.436704][  T285]  ? ext4_ci_compare+0x660/0x660
[   24.441475][  T285]  ? generic_set_encrypted_ci_d_ops+0x91/0xf0
[   24.447372][  T285]  ext4_lookup+0x3c6/0xaa0
[   24.451621][  T285]  ? ext4_add_entry+0x1280/0x1280
[   24.456479][  T285]  ? __kasan_check_write+0x14/0x20
[   24.461444][  T285]  ? _raw_spin_lock+0xa4/0x1b0
[   24.466024][  T285]  ? __d_alloc+0x4dd/0x6c0
[   24.470277][  T285]  ? _raw_spin_unlock+0x4d/0x70
[   24.474963][  T285]  ? d_alloc+0x199/0x1d0
[   24.479044][  T285]  __lookup_hash+0x143/0x290
[   24.483473][  T285]  filename_create+0x202/0x750
[   24.488069][  T285]  ? __check_object_size+0x2e6/0x3c0
[   24.493276][  T285]  ? kern_path_create+0x40/0x40
[   24.497966][  T285]  do_mknodat+0x187/0x450
[   24.502393][  T285]  ? may_open+0x3f0/0x3f0
[   24.506561][  T285]  ? debug_smp_processor_id+0x17/0x20
[   24.511765][  T285]  __x64_sys_mknod+0x80/0x90
[   24.516188][  T285]  do_syscall_64+0x34/0x70
[   24.520446][  T285]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.526266][  T285] RIP: 0033:0x7f2100597459
[   24.530512][  T285] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   24.549949][  T285] RSP: 002b:00007ffeca0b2538 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[   24.558197][  T285] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f2100597459
[   24.566005][  T285] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000000
[   24.573819][  T285] RBP: 0000000000000000 R08: 0000000000001501 R09: 00007ffeca0b2810
[   24.581629][  T285] R10: 0000000000001505 R11: 0000000000000246 R12: 00007ffeca0b2810
[   24.589443][  T285] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffeca0b25a0
[   24.597250][  T285] 
[   24.599424][  T285] Allocated by task 0:
[   24.603323][  T285] (stack is not available)
[   24.607577][  T285] 
[   24.609749][  T285] Freed by task 221:
[   24.613502][  T285]  kasan_set_track+0x4b/0x70
[   24.617913][  T285]  kasan_set_free_info+0x23/0x40
[   24.622684][  T285]  ____kasan_slab_free+0x121/0x160
[   24.627717][  T285]  __kasan_slab_free+0x11/0x20
[   24.632318][  T285]  slab_free_freelist_hook+0xc0/0x190
[   24.637530][  T285]  kfree+0xc3/0x270
[   24.641170][  T285]  skb_release_data+0x5c6/0x6f0
[   24.645858][  T285]  kfree_skb_partial+0x6e/0x90
[   24.650457][  T285]  tcp_rcv_established+0x11f3/0x1a90
[   24.655579][  T285]  tcp_v4_do_rcv+0x3d7/0x7d0
[   24.660004][  T285]  tcp_v4_rcv+0x23a8/0x2930
[   24.664345][  T285]  ip_protocol_deliver_rcu+0x2f4/0x650
[   24.669640][  T285]  ip_local_deliver+0x2c6/0x590
[   24.674326][  T285]  ip_sublist_rcv+0x7e2/0x990
[   24.678840][  T285]  ip_list_rcv+0x422/0x470
[   24.683291][  T285]  __netif_receive_skb_list_core+0x6b1/0x890
[   24.689107][  T285]  netif_receive_skb_list_internal+0x967/0xcc0
[   24.695102][  T285]  napi_complete_done+0x344/0x750
[   24.699957][  T285]  virtnet_poll+0xb60/0x11f0
[   24.704383][  T285]  net_rx_action+0x516/0x10d0
[   24.708894][  T285]  __do_softirq+0x268/0x5bb
[   24.713229][  T285] 
[   24.715403][  T285] The buggy address belongs to the object at ffff888117db8800
[   24.715403][  T285]  which belongs to the cache kmalloc-1k of size 1024
[   24.729295][  T285] The buggy address is located 256 bytes inside of
[   24.729295][  T285]  1024-byte region [ffff888117db8800, ffff888117db8c00)
[   24.742569][  T285] The buggy address belongs to the page:
[   24.748054][  T285] page:ffffea00045f6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117db8
[   24.758105][  T285] head:ffffea00045f6e00 order:3 compound_mapcount:0 compound_pincount:0
[   24.766270][  T285] flags: 0x4000000000010200(slab|head)
[   24.771564][  T285] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00
[   24.779986][  T285] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   24.788541][  T285] page dumped because: kasan: bad access detected
[   24.794794][  T285] page_owner tracks the page as allocated
[   24.800350][  T285] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 221, ts 15658858125, free_ts 15658063705
[   24.818571][  T285]  prep_new_page+0x166/0x180
[   24.822988][  T285]  get_page_from_freelist+0x2d8c/0x2f30
[   24.828374][  T285]  __alloc_pages_nodemask+0x435/0xaf0
[   24.833577][  T285]  new_slab+0x80/0x400
[   24.837485][  T285]  ___slab_alloc+0x302/0x4b0
[   24.841912][  T285]  __slab_alloc+0x63/0xa0
[   24.846075][  T285]  __kmalloc_track_caller+0x1f8/0x320
[   24.851282][  T285]  __alloc_skb+0xbc/0x510
[   24.855451][  T285]  __tcp_send_ack+0x95/0x6d0
[   24.859884][  T285]  tcp_send_ack+0x3b/0x60
[   24.864039][  T285]  __tcp_ack_snd_check+0x3e3/0x940
[   24.869008][  T285]  tcp_rcv_established+0x11b3/0x1a90
[   24.874121][  T285]  tcp_v4_do_rcv+0x3d7/0x7d0
[   24.878543][  T285]  tcp_v4_rcv+0x23a8/0x2930
[   24.882878][  T285]  ip_protocol_deliver_rcu+0x2f4/0x650
[   24.888193][  T285]  ip_local_deliver+0x2c6/0x590
[   24.892855][  T285] page last free stack trace:
[   24.897377][  T285]  __free_pages_ok+0x82c/0x850
[   24.901979][  T285]  free_compound_page+0x73/0x90
[   24.906681][  T285]  __put_compound_page+0x73/0xb0
[   24.911445][  T285]  __put_page+0xc0/0xe0
[   24.915433][  T285]  skb_release_data+0x240/0x6f0
[   24.920117][  T285]  __kfree_skb+0x50/0x70
[   24.924192][  T285]  tcp_recvmsg+0x1765/0x3590
[   24.928632][  T285]  inet_recvmsg+0x158/0x500
[   24.932967][  T285]  sock_read_iter+0x353/0x480
[   24.937467][  T285]  vfs_read+0x990/0xba0
[   24.941457][  T285]  ksys_read+0x199/0x2c0
[   24.945541][  T285]  __x64_sys_read+0x7b/0x90
[   24.949880][  T285]  do_syscall_64+0x34/0x70
[   24.954132][  T285]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.959862][  T285] 
[   24.962026][  T285] Memory state around the buggy address:
[   24.967498][  T285]  ffff888117db8800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.975397][  T285]  ffff888117db8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.983296][  T285] >ffff888117db8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.991185][  T285]                    ^
[   24.995097][  T285]  ffff888117db8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.002996][  T285]  ffff888117db8a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.010892][  T285] ==================================================================
[   25.018960][  T285] Disabling lock debugging due to kernel taint
[   25.025288][  T285] EXT4-fs error (device loop0): ext4_find_dest_de:2076: inode #12: block 7: comm syz-executor953: bad entry in directory: directory entry overrun - offset=0, inode=1793120026, rec_len=34652, size=56 fake=0
[   25.055931][  T283] EXT4-fs error (device loop0): ext4_lookup:1827: inode #11: comm syz-executor953: iget: bad extra_isize 62855 (inode size 256)
[   25.069369][  T283] EXT4-fs error (device loop0): ext4_lookup:1827: inode #11: comm syz-executor953: iget: bad extra_isize 62855 (inode size 256)