Warning: Permanently added '10.128.0.141' (ED25519) to the list of known hosts.
[   30.774584][   T24] audit: type=1400 audit(1700213643.820:66): avc:  denied  { execmem } for  pid=290 comm="syz-executor203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   30.780862][   T24] audit: type=1400 audit(1700213643.820:67): avc:  denied  { mounton } for  pid=290 comm="syz-executor203" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   30.789280][   T24] audit: type=1400 audit(1700213643.820:68): avc:  denied  { mount } for  pid=290 comm="syz-executor203" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   30.801984][   T24] audit: type=1400 audit(1700213643.830:69): avc:  denied  { mounton } for  pid=291 comm="syz-executor203" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   30.820275][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.826419][   T24] audit: type=1400 audit(1700213643.830:70): avc:  denied  { mount } for  pid=291 comm="syz-executor203" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   30.832926][  T291] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.855301][   T24] audit: type=1400 audit(1700213643.830:71): avc:  denied  { mounton } for  pid=291 comm="syz-executor203" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   30.862536][  T291] device bridge_slave_0 entered promiscuous mode
[   30.883525][   T24] audit: type=1400 audit(1700213643.830:72): avc:  denied  { module_request } for  pid=291 comm="syz-executor203" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   30.890135][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.918191][  T291] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.925334][  T291] device bridge_slave_1 entered promiscuous mode
[   30.957807][   T24] audit: type=1400 audit(1700213644.000:73): avc:  denied  { create } for  pid=291 comm="syz-executor203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   30.963723][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.978276][   T24] audit: type=1400 audit(1700213644.000:74): avc:  denied  { write } for  pid=291 comm="syz-executor203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   30.985053][  T291] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.005990][   T24] audit: type=1400 audit(1700213644.000:75): avc:  denied  { read } for  pid=291 comm="syz-executor203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   31.012605][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.039577][  T291] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.057272][   T25] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.064489][   T25] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.071999][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   31.079634][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.099693][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   31.107729][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   31.116458][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.123319][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.130698][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   31.138686][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.145512][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.152707][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   31.160505][   T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   31.171517][  T291] device veth0_vlan entered promiscuous mode
[   31.178462][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   31.186272][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   31.193670][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   31.204516][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   31.214164][  T291] device veth1_macvtap entered promiscuous mode
executing program
[   31.226549][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   31.235172][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   31.253125][  T291] EXT4-fs (loop0): Ignoring removed bh option
[   31.259251][  T291] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   31.268935][  T291] EXT4-fs (loop0): 1 truncate cleaned up
[   31.274383][  T291] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue
[   31.295778][  T291] ==================================================================
[   31.303691][  T291] BUG: KASAN: slab-out-of-bounds in ext4_search_dir+0xf7/0x1b0
[   31.311050][  T291] Read of size 1 at addr ffff88811e3b7d23 by task syz-executor203/291
[   31.319026][  T291] 
[   31.321207][  T291] CPU: 0 PID: 291 Comm: syz-executor203 Not tainted 5.10.199-syzkaller-00307-gd30b996835c0 #0
[   31.331267][  T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[   31.341160][  T291] Call Trace:
[   31.344293][  T291]  dump_stack_lvl+0x1e2/0x24b
[   31.348803][  T291]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   31.354093][  T291]  ? panic+0x80b/0x80b
[   31.357999][  T291]  ? ext4_match+0x219/0x720
[   31.362342][  T291]  print_address_description+0x81/0x3b0
[   31.367720][  T291]  kasan_report+0x179/0x1c0
[   31.372065][  T291]  ? ext4_search_dir+0xf7/0x1b0
[   31.376747][  T291]  ? ext4_search_dir+0xf7/0x1b0
[   31.381439][  T291]  __asan_report_load1_noabort+0x14/0x20
[   31.386904][  T291]  ext4_search_dir+0xf7/0x1b0
[   31.391419][  T291]  ext4_find_inline_entry+0x4b6/0x5e0
[   31.396630][  T291]  ? ext4_try_create_inline_dir+0x320/0x320
[   31.402466][  T291]  ? stack_trace_save+0x113/0x1c0
[   31.407324][  T291]  __ext4_find_entry+0x2b0/0x1990
[   31.412189][  T291]  ? __kasan_slab_alloc+0xc3/0xe0
[   31.417044][  T291]  ? __kasan_slab_alloc+0xb1/0xe0
[   31.421905][  T291]  ? __d_alloc+0x2d/0x6c0
[   31.426066][  T291]  ? d_alloc+0x4b/0x1d0
[   31.430060][  T291]  ? __lookup_hash+0xe7/0x290
[   31.434577][  T291]  ? do_syscall_64+0x34/0x70
[   31.439002][  T291]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[   31.444904][  T291]  ? ext4_ci_compare+0x660/0x660
[   31.449686][  T291]  ? generic_set_encrypted_ci_d_ops+0x91/0xf0
[   31.455582][  T291]  ext4_lookup+0x3c6/0xaa0
[   31.459835][  T291]  ? ext4_add_entry+0x1280/0x1280
[   31.464695][  T291]  ? __kasan_check_write+0x14/0x20
[   31.469641][  T291]  ? _raw_spin_lock+0xa4/0x1b0
[   31.474242][  T291]  ? __d_alloc+0x4dd/0x6c0
[   31.478495][  T291]  ? _raw_spin_unlock+0x4d/0x70
[   31.483180][  T291]  ? d_alloc+0x199/0x1d0
[   31.487262][  T291]  __lookup_hash+0x143/0x290
[   31.491688][  T291]  filename_create+0x202/0x750
[   31.496291][  T291]  ? __check_object_size+0x2e6/0x3c0
[   31.501407][  T291]  ? kern_path_create+0x40/0x40
[   31.506095][  T291]  do_mkdirat+0xcc/0x2c0
[   31.510175][  T291]  ? do_mknodat+0x450/0x450
[   31.514516][  T291]  ? debug_smp_processor_id+0x17/0x20
[   31.520156][  T291]  __x64_sys_mkdirat+0x7b/0x90
[   31.524753][  T291]  do_syscall_64+0x34/0x70
[   31.529095][  T291]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[   31.534822][  T291] RIP: 0033:0x7f27e5470539
[   31.539117][  T291] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1c 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   31.558515][  T291] RSP: 002b:00007fffbc113a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   31.566763][  T291] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f27e5470539
[   31.574574][  T291] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 00000000ffffff9c
[   31.582499][  T291] RBP: 00007fffbc113b70 R08: 00000000000014ef R09: 00007f27e54b44ee
[   31.590307][  T291] R10: 00000000000014f3 R11: 0000000000000246 R12: 0000000000000003
[   31.598124][  T291] R13: 00007fffbc113b40 R14: 0000000000000001 R15: 00007fffbc113b70
[   31.605929][  T291] 
[   31.608103][  T291] Allocated by task 0:
[   31.612000][  T291] (stack is not available)
[   31.616249][  T291] 
[   31.618439][  T291] Freed by task 291:
[   31.622163][  T291]  kasan_set_track+0x4b/0x70
[   31.626588][  T291]  kasan_set_free_info+0x23/0x40
[   31.631366][  T291]  ____kasan_slab_free+0x121/0x160
[   31.636319][  T291]  __kasan_slab_free+0x11/0x20
[   31.641135][  T291]  slab_free_freelist_hook+0xc0/0x190
[   31.646316][  T291]  kfree+0xc3/0x270
[   31.649963][  T291]  skb_release_data+0x5c6/0x6f0
[   31.654648][  T291]  consume_skb+0xac/0x250
[   31.658819][  T291]  netlink_broadcast_filtered+0x114e/0x1270
[   31.664548][  T291]  nlmsg_notify+0x101/0x1c0
[   31.668881][  T291]  rtnl_notify+0x9c/0xd0
[   31.672961][  T291]  inet6_rt_notify+0x3c8/0x550
[   31.677559][  T291]  fib6_add+0x233e/0x3d20
[   31.681724][  T291]  ip6_route_add+0x8a/0x130
[   31.686077][  T291]  addrconf_add_linklocal+0x5b5/0x9e0
[   31.691282][  T291]  addrconf_addr_gen+0x572/0xd00
[   31.696055][  T291]  addrconf_dev_config+0x342/0x5a0
[   31.700998][  T291]  addrconf_notify+0x8c5/0xe90
[   31.705594][  T291]  raw_notifier_call_chain+0x8c/0xf0
[   31.710716][  T291]  __dev_notify_flags+0x304/0x610
[   31.715577][  T291]  dev_change_flags+0xf0/0x1a0
[   31.720179][  T291]  do_setlink+0xc5c/0x3c10
[   31.724427][  T291]  rtnl_newlink+0x15f0/0x2000
[   31.728943][  T291]  rtnetlink_rcv_msg+0x955/0xc50
[   31.733714][  T291]  netlink_rcv_skb+0x1cf/0x410
[   31.738345][  T291]  rtnetlink_rcv+0x1c/0x20
[   31.742568][  T291]  netlink_unicast+0x8df/0xac0
[   31.747170][  T291]  netlink_sendmsg+0xa46/0xd00
[   31.751772][  T291]  __sys_sendto+0x545/0x700
[   31.756107][  T291]  __x64_sys_sendto+0xe5/0x100
[   31.760708][  T291]  do_syscall_64+0x34/0x70
[   31.764960][  T291]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[   31.770686][  T291] 
[   31.772863][  T291] The buggy address belongs to the object at ffff88811e3b7800
[   31.772863][  T291]  which belongs to the cache kmalloc-1k of size 1024
[   31.786753][  T291] The buggy address is located 291 bytes to the right of
[   31.786753][  T291]  1024-byte region [ffff88811e3b7800, ffff88811e3b7c00)
[   31.800456][  T291] The buggy address belongs to the page:
[   31.805933][  T291] page:ffffea000478ec00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e3b0
[   31.816009][  T291] head:ffffea000478ec00 order:3 compound_mapcount:0 compound_pincount:0
[   31.824156][  T291] flags: 0x4000000000010200(slab|head)
[   31.829455][  T291] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00
[   31.837871][  T291] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   31.846283][  T291] page dumped because: kasan: bad access detected
[   31.852534][  T291] page_owner tracks the page as allocated
[   31.858099][  T291] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 291, ts 31169733393, free_ts 0
[   31.876068][  T291]  prep_new_page+0x166/0x180
[   31.880609][  T291]  get_page_from_freelist+0x2d8c/0x2f30
[   31.885980][  T291]  __alloc_pages_nodemask+0x435/0xaf0
[   31.891188][  T291]  new_slab+0x80/0x400
[   31.895092][  T291]  ___slab_alloc+0x302/0x4b0
[   31.899521][  T291]  __slab_alloc+0x63/0xa0
[   31.903685][  T291]  __kmalloc_track_caller+0x1f8/0x320
[   31.908900][  T291]  __alloc_skb+0xbc/0x510
[   31.913079][  T291]  rtmsg_fib+0x5de/0xbf0
[   31.917142][  T291]  fib_table_insert+0x1096/0x1eb0
[   31.921996][  T291]  fib_add_ifaddr+0x10ae/0x1a40
[   31.926682][  T291]  fib_netdev_event+0x235/0x5d0
[   31.931376][  T291]  raw_notifier_call_chain+0x8c/0xf0
[   31.936492][  T291]  __dev_notify_flags+0x304/0x610
[   31.941355][  T291]  dev_change_flags+0xf0/0x1a0
[   31.945956][  T291]  do_setlink+0xc5c/0x3c10
[   31.950200][  T291] page_owner free stack trace missing
[   31.955415][  T291] 
[   31.957577][  T291] Memory state around the buggy address:
[   31.963055][  T291]  ffff88811e3b7c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.970957][  T291]  ffff88811e3b7c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.978851][  T291] >ffff88811e3b7d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.986748][  T291]                                ^
[   31.991691][  T291]  ffff88811e3b7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.999593][  T291]  ffff88811e3b7e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.007491][  T291] ==================================================================
[   32.015385][  T291] Disabling lock debugging due to kernel taint
[   32.023349][  T291] EXT4-fs error (device loop0): ext4_find_dest_de:2076: