Warning: Permanently added '10.128.0.82' (ED25519) to the list of known hosts.
executing program
[   19.804144][   T24] audit: type=1400 audit(1729251691.840:66): avc:  denied  { execmem } for  pid=281 comm="syz-executor343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   19.813458][   T24] audit: type=1400 audit(1729251691.850:67): avc:  denied  { read write } for  pid=281 comm="syz-executor343" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   19.818796][   T24] audit: type=1400 audit(1729251691.850:68): avc:  denied  { open } for  pid=281 comm="syz-executor343" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   19.822872][   T24] audit: type=1400 audit(1729251691.850:69): avc:  denied  { ioctl } for  pid=281 comm="syz-executor343" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   19.902567][  T281] ======================================================
[   19.902567][  T281] WARNING: the mand mount option is being deprecated and
[   19.902567][  T281]          will be removed in v5.15!
[   19.902567][  T281] ======================================================
[   19.902605][   T24] audit: type=1400 audit(1729251691.940:70): avc:  denied  { mounton } for  pid=281 comm="syz-executor343" path="/root/syzkaller.WpqUqh/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   20.033315][  T281] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   20.042301][   T24] audit: type=1400 audit(1729251692.080:71): avc:  denied  { mount } for  pid=281 comm="syz-executor343" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   20.064519][   T24] audit: type=1400 audit(1729251692.080:72): avc:  denied  { write } for  pid=281 comm="syz-executor343" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   20.069431][  T281] ==================================================================
[   20.086887][   T24] audit: type=1400 audit(1729251692.080:73): avc:  denied  { add_name } for  pid=281 comm="syz-executor343" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   20.094466][  T281] BUG: KASAN: use-after-free in ext4_search_dir+0xf7/0x1b0
[   20.094485][  T281] Read of size 1 at addr ffff88810dbc6d0b by task syz-executor343/281
[   20.115325][   T24] audit: type=1400 audit(1729251692.080:74): avc:  denied  { create } for  pid=281 comm="syz-executor343" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   20.122042][  T281] 
[   20.122056][  T281] CPU: 1 PID: 281 Comm: syz-executor343 Not tainted 5.10.226-syzkaller-00709-ge5e5644ea27f #0
[   20.122062][  T281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   20.122066][  T281] Call Trace:
[   20.122087][  T281]  dump_stack_lvl+0x1e2/0x24b
[   20.130162][   T24] audit: type=1400 audit(1729251692.080:75): avc:  denied  { read write open } for  pid=281 comm="syz-executor343" path="/root/syzkaller.WpqUqh/file0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   20.150088][  T281]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   20.150097][  T281]  ? panic+0x812/0x812
[   20.150110][  T281]  print_address_description+0x81/0x3b0
[   20.150128][  T281]  kasan_report+0x179/0x1c0
[   20.225555][  T281]  ? ext4_search_dir+0xf7/0x1b0
[   20.230226][  T281]  ? ext4_search_dir+0xf7/0x1b0
[   20.234914][  T281]  __asan_report_load1_noabort+0x14/0x20
[   20.240390][  T281]  ext4_search_dir+0xf7/0x1b0
[   20.244896][  T281]  ext4_find_inline_entry+0x4b6/0x5e0
[   20.250108][  T281]  ? ext4_try_create_inline_dir+0x320/0x320
[   20.255847][  T281]  ? __se_sys_mount+0x285/0x3b0
[   20.260522][  T281]  __ext4_find_entry+0x2b0/0x1990
[   20.265383][  T281]  ? ext4_ci_compare+0x660/0x660
[   20.270162][  T281]  ? __d_lookup_rcu+0x604/0x650
[   20.274839][  T281]  ? __kasan_check_write+0x14/0x20
[   20.279792][  T281]  ? generic_set_encrypted_ci_d_ops+0x91/0xf0
[   20.285777][  T281]  ext4_lookup+0x3c6/0xaa0
[   20.290032][  T281]  ? ext4_add_entry+0x1280/0x1280
[   20.294896][  T281]  ? __kasan_check_write+0x14/0x20
[   20.299845][  T281]  __lookup_slow+0x2b9/0x400
[   20.304284][  T281]  ? lookup_one_len+0x2c0/0x2c0
[   20.308973][  T281]  ? lookup_fast+0x340/0x7d0
[   20.313388][  T281]  ? security_inode_permission+0xb0/0xf0
[   20.318851][  T281]  ? handle_dots+0x1030/0x1030
[   20.323448][  T281]  ? inode_permission+0xf1/0x500
[   20.328387][  T281]  lookup_slow+0x5a/0x80
[   20.332450][  T281]  walk_component+0x48c/0x610
[   20.336966][  T281]  ? nd_alloc_stack+0xf0/0xf0
[   20.341589][  T281]  ? handle_lookup_down+0x130/0x130
[   20.346634][  T281]  path_lookupat+0x16d/0x450
[   20.351111][  T281]  filename_lookup+0x26a/0x6f0
[   20.355970][  T281]  ? hashlen_string+0x120/0x120
[   20.360646][  T281]  ? getname_flags+0x1fd/0x520
[   20.365249][  T281]  user_path_at_empty+0x40/0x50
[   20.370104][  T281]  __se_sys_mount+0x285/0x3b0
[   20.374643][  T281]  ? __x64_sys_mount+0xd0/0xd0
[   20.379214][  T281]  __x64_sys_mount+0xbf/0xd0
[   20.383647][  T281]  do_syscall_64+0x34/0x70
[   20.387896][  T281]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   20.393633][  T281] RIP: 0033:0x7f6c5e3f4ff9
[   20.397877][  T281] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   20.417318][  T281] RSP: 002b:00007ffe01797a78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   20.425680][  T281] RAX: ffffffffffffffda RBX: 00007ffe01797b40 RCX: 00007f6c5e3f4ff9
[   20.433663][  T281] RDX: 0000000000000000 RSI: 0000000020002ac0 RDI: 0000000000000000
[   20.441490][  T281] RBP: 00007ffe01797b48 R08: 0000000000000000 R09: 00007f6c5e43e150
[   20.449393][  T281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   20.457188][  T281] R13: 00007ffe01797de8 R14: 0000000000000001 R15: 0000000000000001
[   20.465085][  T281] 
[   20.467248][  T281] The buggy address belongs to the page:
[   20.472901][  T281] page:ffffea000436f180 refcount:2 mapcount:0 mapping:ffff88810b203bf0 index:0x16 pfn:0x10dbc6
[   20.483071][  T281] aops:shmem_aops ino:2 dentry name:"messages"
[   20.489049][  T281] flags: 0x400000000008002e(referenced|uptodate|dirty|active|swapbacked)
[   20.497290][  T281] raw: 400000000008002e dead000000000100 dead000000000122 ffff88810b203bf0
[   20.505719][  T281] raw: 0000000000000016 0000000000000000 00000002ffffffff ffff888100144000
[   20.514139][  T281] page dumped because: kasan: bad access detected
[   20.520374][  T281] page->mem_cgroup:ffff888100144000
[   20.525408][  T281] page_owner tracks the page as allocated
[   20.530966][  T281] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 76, ts 20115280481, free_ts 20029059593
[   20.545128][  T281]  prep_new_page+0x166/0x180
[   20.549540][  T281]  get_page_from_freelist+0x2d8c/0x2f30
[   20.554927][  T281]  __alloc_pages_nodemask+0x435/0xaf0
[   20.560217][  T281]  shmem_alloc_page+0x257/0x420
[   20.564901][  T281]  shmem_alloc_and_acct_page+0x395/0x8e0
[   20.570368][  T281]  shmem_getpage_gfp+0x891/0x2480
[   20.575245][  T281]  shmem_write_begin+0xca/0x1b0
[   20.579931][  T281]  generic_perform_write+0x2cd/0x570
[   20.585062][  T281]  __generic_file_write_iter+0x23c/0x560
[   20.590508][  T281]  generic_file_write_iter+0xaf/0x1c0
[   20.595722][  T281]  vfs_write+0xb4c/0xe70
[   20.599965][  T281]  ksys_write+0x199/0x2c0
[   20.604137][  T281]  __x64_sys_write+0x7b/0x90
[   20.608578][  T281]  do_syscall_64+0x34/0x70
[   20.612819][  T281]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   20.618542][  T281] page last free stack trace:
[   20.623096][  T281]  free_unref_page_prepare+0x2ae/0x2d0
[   20.628401][  T281]  free_unref_page_list+0x122/0xb20
[   20.633400][  T281]  release_pages+0xea0/0xef0
[   20.637812][  T281]  __pagevec_release+0x84/0x100
[   20.642506][  T281]  shmem_undo_range+0x7d1/0x1a60
[   20.647278][  T281]  shmem_evict_inode+0x215/0x9d0
[   20.652049][  T281]  evict+0x526/0x9c0
[   20.655791][  T281]  iput+0x632/0x7e0
[   20.659538][  T281]  dentry_unlink_inode+0x2ea/0x3d0
[   20.664498][  T281]  __dentry_kill+0x447/0x650
[   20.668926][  T281]  dentry_kill+0xc0/0x2a0
[   20.673089][  T281]  dput+0x40/0x80
[   20.676554][  T281]  do_renameat2+0xadf/0x1240
[   20.680983][  T281]  __x64_sys_rename+0x86/0x90
[   20.685495][  T281]  do_syscall_64+0x34/0x70
[   20.690045][  T281]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   20.695721][  T281] 
[   20.697885][  T281] Memory state around the buggy address:
[   20.703365][  T281]  ffff88810dbc6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.711386][  T281]  ffff88810dbc6c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.719257][  T281] >ffff88810dbc6d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.727160][  T281]                       ^
[   20.731324][  T281]  ffff88810dbc6d80: 00 00 00 00 00 00 0