Warning: Permanently added '10.128.1.59' (ED25519) to the list of known hosts.
[   24.332717][   T28] audit: type=1400 audit(1735663485.790:66): avc:  denied  { execmem } for  pid=289 comm="syz-executor425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   24.335392][  T289] cgroup: Unknown subsys name 'net'
[   24.352573][   T28] audit: type=1400 audit(1735663485.790:67): avc:  denied  { mounton } for  pid=289 comm="syz-executor425" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   24.380152][   T28] audit: type=1400 audit(1735663485.790:68): avc:  denied  { mount } for  pid=289 comm="syz-executor425" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.380345][  T289] cgroup: Unknown subsys name 'devices'
[   24.402334][   T28] audit: type=1400 audit(1735663485.810:69): avc:  denied  { unmount } for  pid=289 comm="syz-executor425" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.511440][  T289] cgroup: Unknown subsys name 'hugetlb'
[   24.516859][  T289] cgroup: Unknown subsys name 'rlimit'
[   24.611364][   T28] audit: type=1400 audit(1735663486.070:70): avc:  denied  { mounton } for  pid=289 comm="syz-executor425" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   24.636293][   T28] audit: type=1400 audit(1735663486.070:71): avc:  denied  { mount } for  pid=289 comm="syz-executor425" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   24.659468][   T28] audit: type=1400 audit(1735663486.070:72): avc:  denied  { setattr } for  pid=289 comm="syz-executor425" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   24.681878][  T290] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   24.691587][   T28] audit: type=1400 audit(1735663486.150:73): avc:  denied  { relabelto } for  pid=290 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.716827][   T28] audit: type=1400 audit(1735663486.150:74): avc:  denied  { write } for  pid=290 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.773501][   T28] audit: type=1400 audit(1735663486.230:75): avc:  denied  { read } for  pid=289 comm="syz-executor425" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.773973][  T289] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   24.843224][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.850207][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.857358][  T292] device bridge_slave_0 entered promiscuous mode
[   24.864165][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.871028][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.878344][  T292] device bridge_slave_1 entered promiscuous mode
[   24.948100][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.955121][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.962226][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.969085][  T292] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.000219][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.007377][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.014687][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   25.022104][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.031250][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.039419][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.046261][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.055851][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.063994][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.070858][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.083231][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.099629][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.107943][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.119001][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.127918][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.135261][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.143719][  T292] device veth0_vlan entered promiscuous mode
[   25.154287][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.163711][  T292] device veth1_macvtap entered promiscuous mode
[   25.173452][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.184046][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   25.202289][  T292] request_module fs-gadgetfs succeeded, but still no fs?
[   25.228125][  T299] loop0: detected capacity change from 0 to 2048
[   25.234707][  T299] =======================================================
[   25.234707][  T299] WARNING: The mand mount option has been deprecated and
[   25.234707][  T299]          and is ignored by this kernel. Remove the mand
[   25.234707][  T299]          option from the mount to silence this warning.
[   25.234707][  T299] =======================================================
[   25.282192][  T299] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   25.300029][  T299] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2186: inode #12: comm syz-executor425: corrupted in-inode xattr
[   25.323898][  T292] ==================================================================
[   25.331778][  T292] BUG: KASAN: use-after-free in ext4_read_inline_dir+0x48c/0xf60
[   25.339327][  T292] Read of size 68 at addr ffff888126c3dd05 by task syz-executor425/292
[   25.347393][  T292] 
[   25.349576][  T292] CPU: 1 PID: 292 Comm: syz-executor425 Not tainted 6.1.118-syzkaller-00078-ge2b9748880b9 #0
[   25.359546][  T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   25.369790][  T292] Call Trace:
[   25.372918][  T292]  <TASK>
[   25.375688][  T292]  dump_stack_lvl+0x151/0x1b7
[   25.380203][  T292]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   25.385497][  T292]  ? _printk+0xd1/0x111
[   25.389490][  T292]  ? __virt_addr_valid+0x242/0x2f0
[   25.394432][  T292]  print_report+0x158/0x4e0
[   25.398775][  T292]  ? __virt_addr_valid+0x242/0x2f0
[   25.403727][  T292]  ? kasan_addr_to_slab+0xd/0x80
[   25.408500][  T292]  ? ext4_read_inline_dir+0x48c/0xf60
[   25.413708][  T292]  kasan_report+0x13c/0x170
[   25.418042][  T292]  ? ext4_read_inline_dir+0x48c/0xf60
[   25.423256][  T292]  kasan_check_range+0x294/0x2a0
[   25.428025][  T292]  ? ext4_read_inline_dir+0x48c/0xf60
[   25.433235][  T292]  memcpy+0x2d/0x70
[   25.436884][  T292]  ext4_read_inline_dir+0x48c/0xf60
[   25.441912][  T292]  ? stack_trace_snprint+0xf0/0xf0
[   25.446859][  T292]  ? putname+0xfa/0x150
[   25.450849][  T292]  ? putname+0xfa/0x150
[   25.454844][  T292]  ? ext4_inlinedir_to_tree+0x1230/0x1230
[   25.460399][  T292]  ? kasan_set_track+0x60/0x70
[   25.464999][  T292]  ? kasan_set_track+0x4b/0x70
[   25.469595][  T292]  ? kasan_save_free_info+0x2b/0x40
[   25.474627][  T292]  ? ____kasan_slab_free+0x131/0x180
[   25.479749][  T292]  ? __kasan_slab_free+0x11/0x20
[   25.484525][  T292]  ? __x64_sys_newfstatat+0x9b/0xb0
[   25.489556][  T292]  ? x64_sys_call+0x6e2/0x9a0
[   25.494077][  T292]  ? do_syscall_64+0x3b/0xb0
[   25.498497][  T292]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   25.504491][  T292]  ext4_readdir+0x3d1/0x3860
[   25.508921][  T292]  ? down_read_killable+0x1206/0x1ff0
[   25.514120][  T292]  ? debug_smp_processor_id+0x17/0x20
[   25.519332][  T292]  ? kasan_quarantine_put+0x34/0x1a0
[   25.524447][  T292]  ? ext4_dir_llseek+0x540/0x540
[   25.529232][  T292]  ? down_read_interruptible+0x1ed0/0x1ed0
[   25.534863][  T292]  ? from_kgid_munged+0x1fa/0x7a0
[   25.539729][  T292]  ? __kasan_slab_free+0x11/0x20
[   25.544498][  T292]  ? __kasan_check_read+0x11/0x20
[   25.549363][  T292]  ? security_file_permission+0x86/0xb0
[   25.554739][  T292]  iterate_dir+0x265/0x600
[   25.558994][  T292]  ? ext4_dir_llseek+0x540/0x540
[   25.563787][  T292]  __se_sys_getdents64+0x1c1/0x460
[   25.568713][  T292]  ? __x64_sys_getdents64+0x90/0x90
[   25.573772][  T292]  ? filldir+0x670/0x670
[   25.577848][  T292]  ? debug_smp_processor_id+0x17/0x20
[   25.583033][  T292]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   25.588938][  T292]  __x64_sys_getdents64+0x7b/0x90
[   25.593800][  T292]  x64_sys_call+0x5ae/0x9a0
[   25.598132][  T292]  do_syscall_64+0x3b/0xb0
[   25.602387][  T292]  ? clear_bhb_loop+0x55/0xb0
[   25.606899][  T292]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   25.612627][  T292] RIP: 0033:0x7ff1154c6753
[   25.616882][  T292] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 d2 12 fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8
[   25.636411][  T292] RSP: 002b:00007ffc14c8a6e8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[   25.644660][  T292] RAX: ffffffffffffffda RBX: 00005555700aa870 RCX: 00007ff1154c6753
[   25.652472][  T292] RDX: 0000000000008000 RSI: 00005555700aa870 RDI: 0000000000000005
[   25.660282][  T292] RBP: 00005555700aa844 R08: 0000000000000000 R09: 0000000000000000
[   25.668092][  T292] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8
[   25.675901][  T292] R13: 0000000000000016 R14: 00005555700aa840 R15: 0000000000000001
[   25.683713][  T292]  </TASK>
[   25.686592][  T292] 
[   25.688791][  T292] The buggy address belongs to the physical page:
[   25.697693][  T292] page:ffffea00049b0f40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x126c3d
[   25.707759][  T292] flags: 0x4000000000000000(zone=1)
[   25.712795][  T292] raw: 4000000000000000 ffffea00049b0f88 ffffea00049b0f08 0000000000000000
[   25.721210][  T292] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   25.729622][  T292] page dumped because: kasan: bad access detected
[   25.735881][  T292] page_owner info is not present (never set?)
[   25.741773][  T292] 
[   25.743944][  T292] Memory state around the buggy address:
[   25.749413][  T292]  ffff888126c3dc00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.757314][  T292]  ffff888126c3dc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.765211][  T292] >ffff888126c3dd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.773105][  T292]                    ^
[   25.777012][  T292]  ffff888126c3dd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.784937][  T292]  ffff888126c3de00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.792809][  T292] ==================================================================
[   25.802208][  T292] Disabling lock debugging due to kernel taint
[   25.808297][  T292] EXT4-fs error (device loop0): ext4_read_inline_dir:1593: inode #12: block 5: comm syz-executor425: path /0/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=1633771873, rec_len=24929, size=148 fake=0
[   25.830101][  T292] EXT4-fs error (device loop0): ext4_read_inline_dir:1593: inode #12: block 5: comm syz-executor425: path /0/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=1633771873, rec_len=24929, size=148 fake=0
[   25.852059][  T292] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 5: comm syz-executor425: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=1633771873, rec_len=24929, size=60 fake=0
[   25.872471][  T292] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 1633771873, rec_len 24929, name_len 97inline size 60
[   25.887610][  T292] EXT4-fs error (device loop0): ext4_read_inline_dir:1593: inode #12: block 5: comm syz-executor425: path /0/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=1633771873, rec_len=24929, size=148 fake=0
[   25.909391][  T292] EXT4-fs error (device loop0): ext4_read_inline_dir:1593: inode #12: block 5: comm syz-executor425: path /0/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=1633771873, rec_len=24929, size=148 fake=0
[   25.931410][  T292] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 5: comm syz-executor425: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=1633771873, rec_len=24929, size=60 fake=0
[   25.950978][  T292] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 1633771873, rec_len 24929, name_len 97inline size 60
[   25.966308][  T292] EXT4-fs error (device loop0): ext4_read_inline_dir:1593: inode #12: block 5: comm syz-executor425: path /0/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=1633771873, rec_len=24929, size=148 fake=0
[   25.988127][  T292] EXT4-fs error (device loop0): ext4_read_inline_dir:1593: inode #12: block 5: comm syz-executor425: path /0/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=1633771873, rec_len=24929, size=148 fake=0
[   26.010172][  T292] EXT4-fs error (device loop0): empty_inline_dir:1877: inode #12: block 5: comm syz-executor425: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=1633771873, rec_len=24929, size=60 fake=0
[   26.029562][  T292] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 1633771873, rec_len 24929, name_len 97inline size 60
[   26.045105][  T292] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 1633771873, rec_len 24929, name_len 97inline size 60
[   26.060658][  T292] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 1633771873, rec_len 24929, name_len 97inline size 60
[   26.076766][  T292] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 1633771873, rec_len 24929, name_len 97inline size 60
[   26.092646][  T292] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 1633771873, rec_len 24929, name_len 97inline size 60
[   26.108252][  T292] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 1633771873, rec_len 24929, name_len 97inline size 60
[   26.123855][  T292] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 1633771873, rec_len 24929, name_len 97inline size 60
[   26.139676][  T292] EXT4-fs warning (device loop0): empty_inline_dir:1884: bad inline directory (dir #12) - inode 1633771873, rec_len 24929, name_len 97inline size 60