Warning: Permanently added '10.128.0.54' (ED25519) to the list of known hosts.
[   31.845236][   T24] audit: type=1400 audit(1730027800.940:66): avc:  denied  { execmem } for  pid=292 comm="syz-executor697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   31.847578][  T292] cgroup: Unknown subsys name 'net'
[   31.848500][   T24] audit: type=1400 audit(1730027800.950:67): avc:  denied  { mounton } for  pid=292 comm="syz-executor697" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   31.852448][   T24] audit: type=1400 audit(1730027800.950:68): avc:  denied  { mount } for  pid=292 comm="syz-executor697" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   31.852610][  T292] cgroup: Unknown subsys name 'devices'
[   31.856016][   T24] audit: type=1400 audit(1730027800.950:69): avc:  denied  { unmount } for  pid=292 comm="syz-executor697" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   32.007241][  T292] cgroup: Unknown subsys name 'hugetlb'
[   32.012628][  T292] cgroup: Unknown subsys name 'rlimit'
[   32.107758][   T24] audit: type=1400 audit(1730027801.210:70): avc:  denied  { mounton } for  pid=292 comm="syz-executor697" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   32.132312][  T293] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   32.132561][   T24] audit: type=1400 audit(1730027801.210:71): avc:  denied  { mount } for  pid=292 comm="syz-executor697" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   32.164124][   T24] audit: type=1400 audit(1730027801.210:72): avc:  denied  { setattr } for  pid=292 comm="syz-executor697" name="raw-gadget" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   32.187299][   T24] audit: type=1400 audit(1730027801.250:73): avc:  denied  { relabelto } for  pid=293 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   32.212439][   T24] audit: type=1400 audit(1730027801.250:74): avc:  denied  { write } for  pid=293 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   32.237812][   T24] audit: type=1400 audit(1730027801.320:75): avc:  denied  { read } for  pid=292 comm="syz-executor697" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   32.238107][  T292] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   32.350137][  T303] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.357025][  T303] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.364242][  T303] device bridge_slave_0 entered promiscuous mode
[   32.371971][  T303] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.378950][  T303] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.386175][  T303] device bridge_slave_1 entered promiscuous mode
[   32.418627][  T299] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.425607][  T299] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.432672][  T299] device bridge_slave_0 entered promiscuous mode
[   32.441212][  T299] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.448142][  T299] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.455351][  T299] device bridge_slave_1 entered promiscuous mode
[   32.469163][  T302] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.476048][  T302] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.483185][  T302] device bridge_slave_0 entered promiscuous mode
[   32.490786][  T302] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.497660][  T302] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.504744][  T302] device bridge_slave_1 entered promiscuous mode
[   32.549493][  T300] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.556414][  T300] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.563511][  T300] device bridge_slave_0 entered promiscuous mode
[   32.573342][  T300] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.580289][  T300] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.587386][  T300] device bridge_slave_1 entered promiscuous mode
[   32.624150][  T301] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.631026][  T301] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.638337][  T301] device bridge_slave_0 entered promiscuous mode
[   32.645005][  T301] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.651954][  T301] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.659047][  T301] device bridge_slave_1 entered promiscuous mode
[   32.750929][  T302] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.757790][  T302] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.764862][  T302] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.771684][  T302] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.783477][  T303] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.790344][  T303] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.797407][  T303] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.804284][  T303] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.830447][  T299] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.837319][  T299] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.844360][  T299] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.851204][  T299] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.863540][  T300] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.870389][  T300] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.877569][  T300] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.884343][  T300] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.920386][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.928046][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.934941][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   32.942427][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.949509][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.956473][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.963380][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.970500][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.977631][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.000029][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.008295][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   33.016408][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.023230][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.030806][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   33.039286][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.046130][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.053253][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   33.061144][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.067973][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.075135][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   33.083184][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.090037][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.097292][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   33.104992][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   33.136310][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.143863][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   33.152483][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   33.160229][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.167476][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.174608][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   33.182675][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.189520][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.196726][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   33.204700][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.211542][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.218677][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   33.226581][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.233395][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.240591][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   33.248742][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.255578][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.272726][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   33.280470][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   33.289262][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   33.301281][  T299] device veth0_vlan entered promiscuous mode
[   33.312595][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   33.320495][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   33.327750][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   33.347195][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.355496][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   33.363165][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   33.371058][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   33.379464][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.386313][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.393453][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   33.401497][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.408441][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.415993][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   33.424860][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   33.432957][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   33.449689][  T299] device veth1_macvtap entered promiscuous mode
[   33.456588][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   33.464025][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   33.472087][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   33.480030][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   33.487925][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   33.495681][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   33.503699][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   33.518102][  T303] device veth0_vlan entered promiscuous mode
[   33.529758][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   33.537972][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   33.546707][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   33.554288][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   33.562099][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   33.570080][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   33.577898][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   33.586114][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   33.594081][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   33.602062][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   33.611315][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   33.618705][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   33.625938][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   33.633119][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   33.641311][  T302] device veth0_vlan entered promiscuous mode
[   33.653195][  T300] device veth0_vlan entered promiscuous mode
[   33.663183][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   33.671462][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   33.679803][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   33.688257][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   33.696626][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   33.704190][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   33.712008][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   33.719838][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   33.727736][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   33.734910][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   33.742215][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   33.749808][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   33.762199][  T301] device veth0_vlan entered promiscuous mode
[   33.770743][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   33.778738][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   33.791631][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   33.800093][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   33.810621][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   33.818878][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   33.827263][  T303] device veth1_macvtap entered promiscuous mode
[   33.835758][  T302] device veth1_macvtap entered promiscuous mode
[   33.843285][  T299] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
executing program
[   33.846670][  T301] device veth1_macvtap entered promiscuous mode
[   33.861777][  T300] device veth1_macvtap entered promiscuous mode
[   33.869223][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   33.876832][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   33.880712][  T324] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   33.884281][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   33.897685][  T324] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   33.907871][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   33.917386][  T324] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[   33.922566][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   33.929960][  T324] System zones: 1-12
[   33.938131][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   33.949587][  T324] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2806: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   33.949829][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   33.962515][  T324] EXT4-fs (loop0): 1 truncate cleaned up
[   33.971089][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   33.975707][  T324] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue
[   34.009145][  T324] ==================================================================
[   34.017031][  T324] BUG: KASAN: slab-out-of-bounds in ext4_search_dir+0xf7/0x1b0
[   34.024389][  T324] Read of size 1 at addr ffff888110100900 by task syz-executor697/324
[   34.032368][  T324] 
[   34.034544][  T324] CPU: 0 PID: 324 Comm: syz-executor697 Not tainted 5.10.226-syzkaller #0
[   34.042883][  T324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   34.052770][  T324] Call Trace:
[   34.055903][  T324]  dump_stack_lvl+0x1e2/0x24b
[   34.060408][  T324]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   34.065700][  T324]  ? panic+0x812/0x812
[   34.069607][  T324]  print_address_description+0x81/0x3b0
[   34.074985][  T324]  kasan_report+0x179/0x1c0
[   34.079323][  T324]  ? ext4_search_dir+0xf7/0x1b0
[   34.084007][  T324]  ? ext4_search_dir+0xf7/0x1b0
[   34.088696][  T324]  __asan_report_load1_noabort+0x14/0x20
[   34.094159][  T324]  ext4_search_dir+0xf7/0x1b0
[   34.098676][  T324]  ext4_find_inline_entry+0x4b6/0x5e0
[   34.103882][  T324]  ? __kasan_check_write+0x14/0x20
[   34.108833][  T324]  ? ext4_try_create_inline_dir+0x320/0x320
[   34.114553][  T324]  ? stack_trace_save+0x113/0x1c0
[   34.119421][  T324]  __ext4_find_entry+0x2b0/0x1990
[   34.124364][  T324]  ? __kasan_slab_alloc+0xc3/0xe0
[   34.129220][  T324]  ? __kasan_slab_alloc+0xb1/0xe0
[   34.134081][  T324]  ? __d_alloc+0x2d/0x6c0
[   34.138246][  T324]  ? d_alloc+0x4b/0x1d0
[   34.142238][  T324]  ? __lookup_hash+0xe7/0x290
[   34.146749][  T324]  ? do_syscall_64+0x34/0x70
[   34.151178][  T324]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.157080][  T324]  ? ext4_ci_compare+0x660/0x660
[   34.161855][  T324]  ? generic_set_encrypted_ci_d_ops+0x91/0xf0
[   34.167752][  T324]  ext4_lookup+0x3c6/0xaa0
[   34.172009][  T324]  ? ext4_add_entry+0x1280/0x1280
[   34.176867][  T324]  ? __kasan_check_write+0x14/0x20
[   34.181811][  T324]  ? _raw_spin_lock+0xa4/0x1b0
[   34.186411][  T324]  ? __d_alloc+0x4dd/0x6c0
[   34.190663][  T324]  ? _raw_spin_unlock+0x4d/0x70
[   34.195346][  T324]  ? d_alloc+0x199/0x1d0
[   34.199428][  T324]  __lookup_hash+0x143/0x290
[   34.203852][  T324]  filename_create+0x202/0x750
[   34.208455][  T324]  ? __check_object_size+0x2e6/0x3c0
[   34.213572][  T324]  ? kern_path_create+0x40/0x40
[   34.218258][  T324]  do_mknodat+0x187/0x450
[   34.222423][  T324]  ? may_open+0x3f0/0x3f0
[   34.226694][  T324]  ? debug_smp_processor_id+0x17/0x20
[   34.231903][  T324]  __x64_sys_mknod+0x80/0x90
[   34.236410][  T324]  do_syscall_64+0x34/0x70
[   34.240666][  T324]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   34.246392][  T324] RIP: 0033:0x7f3c0185cf99
[   34.250647][  T324] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   34.270082][  T324] RSP: 002b:00007ffdd7be8628 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[   34.278328][  T324] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3c0185cf99
[   34.286221][  T324] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000000
[   34.294033][  T324] RBP: 00007f3c018d3488 R08: 0000000000001501 R09: 0000000000000000
[   34.301852][  T324] R10: 0000000000001505 R11: 0000000000000246 R12: 00007ffdd7be86b0
[   34.309654][  T324] R13: 00007ffdd7be8670 R14: 0000000000000003 R15: 0000000000000000
[   34.317461][  T324] 
[   34.319654][  T324] Allocated by task 0:
[   34.323532][  T324] (stack is not available)
[   34.327783][  T324] 
[   34.329955][  T324] Freed by task 24:
[   34.333605][  T324]  kasan_set_track+0x4b/0x70
[   34.338030][  T324]  kasan_set_free_info+0x23/0x40
[   34.342804][  T324]  ____kasan_slab_free+0x121/0x160
[   34.347751][  T324]  __kasan_slab_free+0x11/0x20
[   34.352349][  T324]  slab_free_freelist_hook+0xc0/0x190
[   34.357555][  T324]  kfree+0xc3/0x270
[   34.361205][  T324]  skb_release_data+0x5c6/0x6f0
[   34.365889][  T324]  kfree_skb+0xb9/0x320
[   34.369882][  T324]  kauditd_hold_skb+0x115/0x200
[   34.374566][  T324]  kauditd_send_queue+0x28d/0x2e0
[   34.379428][  T324]  kauditd_thread+0x523/0x890
[   34.383937][  T324]  kthread+0x34b/0x3d0
[   34.387845][  T324]  ret_from_fork+0x1f/0x30
[   34.392090][  T324] 
[   34.394263][  T324] The buggy address belongs to the object at ffff888110100000
[   34.394263][  T324]  which belongs to the cache kmalloc-2k of size 2048
[   34.408149][  T324] The buggy address is located 256 bytes to the right of
[   34.408149][  T324]  2048-byte region [ffff888110100000, ffff888110100800)
[   34.421860][  T324] The buggy address belongs to the page:
[   34.427340][  T324] page:ffffea0004404000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110100
[   34.437606][  T324] head:ffffea0004404000 order:3 compound_mapcount:0 compound_pincount:0
[   34.445766][  T324] flags: 0x4000000000010200(slab|head)
[   34.451054][  T324] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042d80
[   34.459478][  T324] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   34.467882][  T324] page dumped because: kasan: bad access detected
[   34.474136][  T324] page_owner tracks the page as allocated
[   34.479696][  T324] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 299, ts 33857556654, free_ts 33834060065
[   34.499913][  T324]  prep_new_page+0x166/0x180
[   34.504339][  T324]  get_page_from_freelist+0x2d8c/0x2f30
[   34.509732][  T324]  __alloc_pages_nodemask+0x435/0xaf0
[   34.514921][  T324]  new_slab+0x80/0x400
[   34.518823][  T324]  ___slab_alloc+0x302/0x4b0
[   34.523247][  T324]  __slab_alloc+0x63/0xa0
[   34.527413][  T324]  __kmalloc+0x204/0x330
[   34.531494][  T324]  kvmalloc_node+0x82/0x130
[   34.535837][  T324]  xt_alloc_table_info+0x42/0xb0
[   34.540609][  T324]  ip6t_register_table+0xbe/0x4a0
[   34.545464][  T324]  ip6table_mangle_table_init+0x7b/0xa0
[   34.550861][  T324]  xt_find_table_lock+0x24a/0x3e0
[   34.555725][  T324]  xt_request_find_table_lock+0x27/0xf0
[   34.561088][  T324]  do_ip6t_get_ctl+0x86c/0x1890
[   34.565777][  T324]  nf_getsockopt+0x26c/0x290
[   34.570199][  T324]  ipv6_getsockopt+0x1dc1/0x3010
[   34.574969][  T324] page last free stack trace:
[   34.579487][  T324]  __free_pages_ok+0x82c/0x850
[   34.584088][  T324]  free_the_page+0x76/0x370
[   34.588426][  T324]  __free_pages+0x67/0xc0
[   34.592587][  T324]  __free_slab+0xcf/0x190
[   34.596751][  T324]  unfreeze_partials+0x15e/0x190
[   34.601528][  T324]  put_cpu_partial+0xbf/0x180
[   34.606045][  T324]  __slab_free+0x2c8/0x3a0
[   34.610294][  T324]  ___cache_free+0x111/0x130
[   34.614716][  T324]  qlink_free+0x50/0x90
[   34.618707][  T324]  qlist_free_all+0x47/0xb0
[   34.623045][  T324]  kasan_quarantine_reduce+0x15a/0x170
[   34.628340][  T324]  __kasan_slab_alloc+0x2f/0xe0
[   34.633027][  T324]  slab_post_alloc_hook+0x61/0x2f0
[   34.637974][  T324]  kmem_cache_alloc_trace+0x163/0x2e0
[   34.643181][  T324]  ____ip_mc_inc_group+0x1fb/0x890
[   34.648149][  T324]  ip_mc_up+0x10f/0x1e0
[   34.652110][  T324] 
[   34.654280][  T324] Memory state around the buggy address:
[   34.659757][  T324]  ffff888110100800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.667650][  T324]  ffff888110100880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.675549][  T324] >ffff888110100900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.683445][  T324]                    ^
[   34.687352][  T324]  ffff888110100980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.695248][  T324]  ffff888110100a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.703140][  T324] ==================================================================
[   34.711034][  T324] Disabling lock debugging due to kernel taint
[   34.719561][  T324] EXT4-fs error (device loop0): ext4_find_dest_de:2077: inode #12: block 7: comm syz-executor697: bad entry in directory: directory entry overrun - offset=0, inode=1793120026, rec_len=34652, size=56 fake=0
[   34.733441][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   34.750740][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.758971][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   34.767235][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.775336][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   34.775781][  T299] EXT4-fs error (device loop0): ext4_lookup:1828: inode #11: comm syz-executor697: iget: bad extra_isize 62855 (inode size 256)
[   34.784067][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.796800][  T299] EXT4-fs error (device loop0): ext4_lookup:1828: inode #11: comm syz-executor697: iget: bad extra_isize 62855 (inode size 256)
executing program
[   34.834369][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   34.842801][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.851142][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   34.862560][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.871339][  T332] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   34.873181][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   34.884324][  T332] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[   34.889556][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.896818][  T332] System zones: 1-12
[   34.904679][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   34.916222][  T332] EXT4-fs (loop2): 1 truncate cleaned up
[   34.916418][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   34.921668][  T332] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue
[   34.964825][  T332] EXT4-fs error (device loop2): ext4_find_dest_de:2077: inode #12: block 7: comm syz-executor697: bad entry in directory: directory entry overrun - offset=0, inode=1793120026, rec_len=34652, size=56 fake=0
executing program
executing program
[   34.992813][  T302] EXT4-fs error (device loop2): ext4_lookup:1828: inode #11: comm syz-executor697: iget: bad extra_isize 62855 (inode size 256)
[   35.020305][  T302] EXT4-fs error (device loop2): ext4_lookup:1828: inode #11: comm syz-executor697: iget: bad extra_isize 62855 (inode size 256)
[   35.036850][  T339] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   35.049121][  T339] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[   35.057180][  T339] System zones: 1-12
[   35.061836][  T339] EXT4-fs (loop3): 1 truncate cleaned up
[   35.067403][  T339] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue
[   35.085179][  T343] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   35.096257][  T343] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[   35.103981][  T343] System zones: 1-12
[   35.108640][  T343] EXT4-fs (loop1): 1 truncate cleaned up
[   35.114071][  T343] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue
[   35.142137][  T339] EXT4-fs error (device loop3): ext4_find_dest_de:2077: inode #12: block 7: comm syz-executor697: bad entry in directory: directory entry overrun - offset=0, inode=1793120026, rec_len=34652, size=56 fake=0
[   35.162162][  T342] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   35.175384][  T343] EXT4-fs error (device loop1): ext4_find_dest_de:2077: inode #12: block 7: comm syz-executor697: bad entry in directory: directory entry overrun - offset=0, inode=1793120026, rec_len=34652, size=56 fake=0
[   35.175815][  T342] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[   35.206023][  T303] EXT4-fs error (device loop3): ext4_lookup:1828: inode #11: comm syz-executor697: iget: bad extra_isize 62855 (inode size 256)
[   35.206236][  T342] System zones: 1-12
[   35.219451][  T303] EXT4-fs error (device loop3): ext4_lookup:1828: inode #11: comm syz-executor697: iget: bad extra_isize 62855 (inode size 256)
[   35.236916][  T342] EXT4-fs (loop4): 1 truncate cleaned up
[   35.242369][  T342] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue
[   35.259988][  T300] EXT4-fs error (device loop1): ext4_lookup:1828: inode #11: comm syz-executor697: iget: bad extra_isize 62855 (inode size 256)
[   35.277504][  T300] EXT4-fs error (device loop1): ext4_lookup:1828: inode #11: comm syz-executor697: iget: bad extra_isize 62855 (inode size 256)
[   35.291388][  T342] EXT4-fs error (device loop4): ext4_find_dest_de:2077: inode #12: block 7: comm syz-executor697: bad entry in directory: directory entry overrun - offset=0, inode=1793120026, rec_len=34652, size=56 fake=0
[   35.321714][  T301] EXT4-fs error (device loop4): ext4_lookup:1828: inode #11: comm syz-executor697: iget: bad extra_isize 62855 (inode size 256)
[   35.334966][  T301] EXT4-fs error (device loop4): ext4_lookup:1828: inode #11: comm syz-executor697: iget: bad extra_isize 62855 (inode size 256)
[   35.546044][    T9] device bridge_slave_1 left promiscuous mode
[   35.551950][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.559302][    T9] device bridge_slave_0 left promiscuous mode
[   35.565214][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.572995][    T9] device veth1_macvtap left promiscuous mode
[   35.578815][    T9] device veth0_vlan left promiscuous mode
[   37.106150][    T9] device bridge_slave_1 left promiscuous mode
[   37.112054][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.119352][    T9] device bridge_slave_0 left promiscuous mode
[   37.125250][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.133118][    T9] device bridge_slave_1 left promiscuous mode
[   37.139031][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.146349][    T9] device bridge_slave_0 left promiscuous mode
[   37.152247][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.159821][    T9] device bridge_slave_1 left promiscuous mode
[   37.165753][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.172844][    T9] device bridge_slave_0 left promiscuous mode
[   37.178825][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.186495][    T9] device bridge_slave_1 left promiscuous mode
[   37.192392][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.199788][    T9] device bridge_slave_0 left promiscuous mode
[   37.205722][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.213702][    T9] device veth1_macvtap left promiscuous mode
[   37.219543][    T9] device veth0_vlan left promiscuous mode
[   37.225141][    T9] device veth1_macvtap left promiscuous mode
[   37.230903][    T9] device veth0_vlan left promiscuous mode
[   37.236531][    T9] device veth1_macvtap left promiscuous mode
[   37.242220][    T9] device veth0_vlan left promiscuous mode
[   37.248077][    T9] device veth1_macvtap left promiscuous mode
[   37.253856][    T9] device veth0_vlan left promiscuous mode