Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts.
[   23.191442][   T24] audit: type=1400 audit(1721595145.520:66): avc:  denied  { execmem } for  pid=283 comm="syz-executor255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   23.196844][  T283] cgroup: Unknown subsys name 'net'
[   23.210749][   T24] audit: type=1400 audit(1721595145.520:67): avc:  denied  { mounton } for  pid=283 comm="syz-executor255" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   23.238437][   T24] audit: type=1400 audit(1721595145.520:68): avc:  denied  { mount } for  pid=283 comm="syz-executor255" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.238594][  T283] cgroup: Unknown subsys name 'devices'
[   23.260651][   T24] audit: type=1400 audit(1721595145.550:69): avc:  denied  { unmount } for  pid=283 comm="syz-executor255" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.407769][  T283] cgroup: Unknown subsys name 'hugetlb'
[   23.413152][  T283] cgroup: Unknown subsys name 'rlimit'
[   23.591514][  T285] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   23.600187][   T24] audit: type=1400 audit(1721595145.930:70): avc:  denied  { relabelto } for  pid=285 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.625366][   T24] audit: type=1400 audit(1721595145.930:71): avc:  denied  { write } for  pid=285 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[   23.710856][   T24] audit: type=1400 audit(1721595146.040:72): avc:  denied  { read } for  pid=283 comm="syz-executor255" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.736412][   T24] audit: type=1400 audit(1721595146.040:73): avc:  denied  { open } for  pid=283 comm="syz-executor255" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.736439][  T283] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   23.772248][   T24] audit: type=1400 audit(1721595146.100:74): avc:  denied  { mounton } for  pid=286 comm="syz-executor255" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   23.795961][   T24] audit: type=1400 audit(1721595146.100:75): avc:  denied  { mount } for  pid=286 comm="syz-executor255" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   23.812408][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.824938][  T286] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.832157][  T286] device bridge_slave_0 entered promiscuous mode
[   23.838774][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.845585][  T286] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.852887][  T286] device bridge_slave_1 entered promiscuous mode
[   23.886094][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.892935][  T286] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.900030][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.906822][  T286] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.924485][  T287] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.931711][  T287] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.939088][  T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.947120][  T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.955397][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.963374][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.970210][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.978231][  T287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.986080][  T287] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.992885][  T287] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.004589][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.019834][  T286] device veth0_vlan entered promiscuous mode
[   24.026634][  T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.034728][  T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.042668][  T287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.050131][  T287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.057297][  T287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.067612][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.076081][  T286] device veth1_macvtap entered promiscuous mode
executing program
[   24.088005][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.096138][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.111810][  T286] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   24.147246][  T294] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[   24.154264][  T294] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   24.162719][  T294] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b016c118, mo2=0002]
[   24.170476][  T294] System zones: 1-12
[   24.175139][  T294] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2204: inode #15: comm syz-executor255: corrupted in-inode xattr
[   24.187712][  T294] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz-executor255: couldn't read orphan inode 15 (err -117)
[   24.199980][  T294] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,grpquota,,errors=continue
[   24.232175][  T286] ==================================================================
[   24.240146][  T286] BUG: KASAN: slab-out-of-bounds in ext4_htree_fill_tree+0x1316/0x13e0
[   24.248196][  T286] Read of size 1 at addr ffff8881085a5a67 by task syz-executor255/286
[   24.256172][  T286] 
[   24.258348][  T286] CPU: 0 PID: 286 Comm: syz-executor255 Not tainted 5.10.221-syzkaller-01371-g1240968f7644 #0
[   24.268412][  T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   24.278310][  T286] Call Trace:
[   24.281436][  T286]  dump_stack_lvl+0x1e2/0x24b
[   24.285948][  T286]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   24.291244][  T286]  ? panic+0x812/0x812
[   24.295160][  T286]  print_address_description+0x81/0x3b0
[   24.300529][  T286]  ? ext4_htree_store_dirent+0x19c/0x590
[   24.305996][  T286]  kasan_report+0x179/0x1c0
[   24.310337][  T286]  ? ext4_htree_fill_tree+0x1316/0x13e0
[   24.315719][  T286]  ? ext4_htree_fill_tree+0x1316/0x13e0
[   24.321099][  T286]  __asan_report_load1_noabort+0x14/0x20
[   24.326569][  T286]  ext4_htree_fill_tree+0x1316/0x13e0
[   24.331774][  T286]  ? ext4_handle_dirty_dirblock+0x6e0/0x6e0
[   24.337506][  T286]  ? __kasan_kmalloc+0x9/0x10
[   24.342015][  T286]  ? ext4_readdir+0x4df/0x37c0
[   24.346615][  T286]  ext4_readdir+0x2dde/0x37c0
[   24.351132][  T286]  ? handle_pte_fault+0x1472/0x3e30
[   24.356164][  T286]  ? ext4_dir_llseek+0x4c0/0x4c0
[   24.360940][  T286]  ? __kasan_check_write+0x14/0x20
[   24.365885][  T286]  ? down_read_killable+0x101/0x220
[   24.370919][  T286]  ? down_read_interruptible+0x220/0x220
[   24.376387][  T286]  ? security_file_permission+0x86/0xb0
[   24.381768][  T286]  iterate_dir+0x265/0x580
[   24.386018][  T286]  ? ext4_dir_llseek+0x4c0/0x4c0
[   24.390804][  T286]  __se_sys_getdents64+0x1c1/0x460
[   24.395768][  T286]  ? __x64_sys_getdents64+0x90/0x90
[   24.400775][  T286]  ? filldir+0x680/0x680
[   24.404857][  T286]  ? debug_smp_processor_id+0x17/0x20
[   24.410066][  T286]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   24.415977][  T286]  ? irqentry_exit_to_user_mode+0x41/0x80
[   24.421523][  T286]  __x64_sys_getdents64+0x7b/0x90
[   24.426385][  T286]  do_syscall_64+0x34/0x70
[   24.430637][  T286]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   24.436361][  T286] RIP: 0033:0x7f7a12597ca3
[   24.440617][  T286] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 e2 0f fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8
[   24.460056][  T286] RSP: 002b:00007ffdddbaf8b8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[   24.468298][  T286] RAX: ffffffffffffffda RBX: 0000555556787730 RCX: 00007f7a12597ca3
[   24.476106][  T286] RDX: 0000000000008000 RSI: 0000555556787730 RDI: 0000000000000004
[   24.483929][  T286] RBP: 0000555556787704 R08: 0000000000000000 R09: 0000000000000000
[   24.491730][  T286] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8
[   24.499541][  T286] R13: 0000000000000010 R14: 0000555556787700 R15: 0000000000000001
[   24.507354][  T286] 
[   24.509524][  T286] Allocated by task 1:
[   24.513435][  T286]  __kasan_slab_alloc+0xb1/0xe0
[   24.518123][  T286]  slab_post_alloc_hook+0x61/0x2f0
[   24.523068][  T286]  kmem_cache_alloc+0x168/0x2e0
[   24.527962][  T286]  __kernfs_new_node+0xdb/0x700
[   24.532646][  T286]  kernfs_new_node+0x130/0x230
[   24.537246][  T286]  kernfs_create_dir_ns+0x44/0x130
[   24.542196][  T286]  sysfs_create_dir_ns+0x185/0x390
[   24.547143][  T286]  kobject_add_internal+0x763/0xd90
[   24.552178][  T286]  kobject_init_and_add+0x120/0x190
[   24.557210][  T286]  locate_module_kobject+0xe4/0x164
[   24.562241][  T286]  kernel_add_sysfs_param+0x24/0x12d
[   24.567362][  T286]  param_sysfs_builtin+0x16a/0x1e2
[   24.572309][  T286]  param_sysfs_init+0x6a/0x6f
[   24.576835][  T286]  do_one_initcall+0x189/0x620
[   24.581428][  T286]  do_initcall_level+0x186/0x304
[   24.586200][  T286]  do_initcalls+0x4e/0x8e
[   24.590365][  T286]  do_basic_setup+0x88/0x91
[   24.594710][  T286]  kernel_init_freeable+0x2be/0x3f5
[   24.599739][  T286]  kernel_init+0x11/0x280
[   24.603926][  T286]  ret_from_fork+0x1f/0x30
[   24.608154][  T286] 
[   24.610329][  T286] The buggy address belongs to the object at ffff8881085a59c0
[   24.610329][  T286]  which belongs to the cache kernfs_node_cache of size 144
[   24.624742][  T286] The buggy address is located 23 bytes to the right of
[   24.624742][  T286]  144-byte region [ffff8881085a59c0, ffff8881085a5a50)
[   24.638270][  T286] The buggy address belongs to the page:
[   24.643758][  T286] page:ffffea0004216940 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8881085a5680 pfn:0x1085a5
[   24.655121][  T286] flags: 0x4000000000000200(slab)
[   24.659975][  T286] raw: 4000000000000200 ffffea0004216988 ffffea0004216888 ffff888100192000
[   24.668392][  T286] raw: ffff8881085a5680 000000000013000e 00000001ffffffff 0000000000000000
[   24.676804][  T286] page dumped because: kasan: bad access detected
[   24.683060][  T286] page_owner tracks the page as allocated
[   24.688616][  T286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 985291219, free_ts 0
[   24.703196][  T286]  prep_new_page+0x166/0x180
[   24.707622][  T286]  get_page_from_freelist+0x2d8c/0x2f30
[   24.713002][  T286]  __alloc_pages_nodemask+0x435/0xaf0
[   24.718210][  T286]  new_slab+0x80/0x400
[   24.722117][  T286]  ___slab_alloc+0x302/0x4b0
[   24.726544][  T286]  __slab_alloc+0x63/0xa0
[   24.730709][  T286]  kmem_cache_alloc+0x1b9/0x2e0
[   24.735392][  T286]  __kernfs_new_node+0xdb/0x700
[   24.740078][  T286]  kernfs_new_node+0x130/0x230
[   24.744685][  T286]  __kernfs_create_file+0x4a/0x270
[   24.749627][  T286]  sysfs_add_file_mode_ns+0x273/0x320
[   24.754839][  T286]  internal_create_group+0x573/0xf00
[   24.759959][  T286]  sysfs_create_group+0x1f/0x30
[   24.764648][  T286]  kernel_add_sysfs_param+0xea/0x12d
[   24.769763][  T286]  param_sysfs_builtin+0x16a/0x1e2
[   24.774713][  T286]  param_sysfs_init+0x6a/0x6f
[   24.779218][  T286] page_owner free stack trace missing
[   24.784431][  T286] 
[   24.786605][  T286] Memory state around the buggy address:
[   24.792080][  T286]  ffff8881085a5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.799968][  T286]  ffff8881085a5980: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   24.807866][  T286] >ffff8881085a5a00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   24.815758][  T286]                                                        ^
[   24.822793][  T286]  ffff8881085a5a80: fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.830692][  T286]  ffff8881085a5b00: fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00 00
[   24.838586][  T286] ==================================================================
[   24.846485][  T286] Disabling lock debugging due to kernel taint