Warning: Permanently added '10.128.1.98' (ED25519) to the list of known hosts.
executing program
[ 56.602993][ T5215] loop0: detected capacity change from 0 to 512
[ 56.625952][ T5215] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 56.709522][ T5215] loop0: detected capacity change from 512 to 511
[ 56.737079][ T5213] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 21: comm syz-executor129: bad entry in directory: directory entry overrun - offset=1004, inode=0, rec_len=1000, size=1024 fake=0
[ 56.760185][ T5213] ==================================================================
[ 56.768276][ T5213] BUG: KASAN: use-after-free in ext4_inlinedir_to_tree+0x57a/0x11d0
[ 56.776267][ T5213] Read of size 324 at addr ffff8880717c5c05 by task syz-executor129/5213
[ 56.784696][ T5213]
[ 56.787025][ T5213] CPU: 0 UID: 0 PID: 5213 Comm: syz-executor129 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0
[ 56.798127][ T5213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 56.808189][ T5213] Call Trace:
[ 56.811471][ T5213]
[ 56.814395][ T5213] dump_stack_lvl+0x241/0x360
[ 56.819062][ T5213] ? __pfx_dump_stack_lvl+0x10/0x10
[ 56.824243][ T5213] ? __pfx__printk+0x10/0x10
[ 56.828821][ T5213] ? _printk+0xd5/0x120
[ 56.832964][ T5213] ? __virt_addr_valid+0x183/0x530
[ 56.838407][ T5213] ? __virt_addr_valid+0x183/0x530
[ 56.843501][ T5213] print_report+0x169/0x550
[ 56.847987][ T5213] ? __virt_addr_valid+0x183/0x530
[ 56.853087][ T5213] ? __virt_addr_valid+0x183/0x530
[ 56.858195][ T5213] ? __virt_addr_valid+0x45f/0x530
[ 56.863301][ T5213] ? __phys_addr+0xba/0x170
[ 56.867794][ T5213] ? ext4_inlinedir_to_tree+0x57a/0x11d0
[ 56.873425][ T5213] kasan_report+0x143/0x180
[ 56.877923][ T5213] ? ext4_inlinedir_to_tree+0x57a/0x11d0
[ 56.883599][ T5213] kasan_check_range+0x282/0x290
[ 56.888531][ T5213] ? ext4_inlinedir_to_tree+0x57a/0x11d0
[ 56.894155][ T5213] __asan_memcpy+0x29/0x70
[ 56.898560][ T5213] ext4_inlinedir_to_tree+0x57a/0x11d0
[ 56.904012][ T5213] ? is_bpf_text_address+0x285/0x2a0
[ 56.909291][ T5213] ? __kernel_text_address+0xd/0x40
[ 56.914483][ T5213] ? __pfx_ext4_inlinedir_to_tree+0x10/0x10
[ 56.920381][ T5213] ? kasan_save_track+0x51/0x80
[ 56.925225][ T5213] ? kasan_save_track+0x3f/0x80
[ 56.930063][ T5213] ? __kasan_kmalloc+0x98/0xb0
[ 56.934814][ T5213] ? __kmalloc_cache_noprof+0x19c/0x2c0
[ 56.940353][ T5213] ? ext4_readdir+0x4c4/0x3500
[ 56.945104][ T5213] ? do_syscall_64+0xf3/0x230
[ 56.949768][ T5213] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.955826][ T5213] ext4_htree_fill_tree+0x5d8/0x1400
[ 56.961114][ T5213] ? __pfx_ext4_htree_fill_tree+0x10/0x10
[ 56.967266][ T5213] ? __kmalloc_cache_noprof+0x19c/0x2c0
[ 56.972805][ T5213] ext4_readdir+0x2b1c/0x3500
[ 56.977475][ T5213] ? __pfx___might_resched+0x10/0x10
[ 56.982751][ T5213] ? __mutex_trylock_common+0x183/0x2e0
[ 56.988286][ T5213] ? __pfx___might_resched+0x10/0x10
[ 56.993570][ T5213] ? __pfx___mutex_trylock_common+0x10/0x10
[ 56.999460][ T5213] ? down_read_killable+0xaaa/0xd30
[ 57.004665][ T5213] ? __pfx_ext4_readdir+0x10/0x10
[ 57.009701][ T5213] ? trace_contention_end+0x3c/0x120
[ 57.014987][ T5213] ? __mutex_lock+0x2ef/0xd70
[ 57.019663][ T5213] ? iterate_dir+0x215/0x810
[ 57.024270][ T5213] ? __pfx_down_read_killable+0x10/0x10
[ 57.030179][ T5213] ? __fdget_pos+0x24e/0x310
[ 57.034773][ T5213] ? __pfx___mutex_lock+0x10/0x10
[ 57.039795][ T5213] ? __pfx_reacquire_held_locks+0x10/0x10
[ 57.045504][ T5213] ? bpf_lsm_file_permission+0x9/0x10
[ 57.050872][ T5213] iterate_dir+0x57a/0x810
[ 57.055282][ T5213] __se_sys_getdents64+0x20d/0x4f0
[ 57.060384][ T5213] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 57.066357][ T5213] ? __pfx___se_sys_getdents64+0x10/0x10
[ 57.072322][ T5213] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 57.078306][ T5213] ? __pfx_filldir64+0x10/0x10
[ 57.083088][ T5213] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 57.089434][ T5213] ? exc_page_fault+0x590/0x8c0
[ 57.094288][ T5213] ? do_syscall_64+0xb6/0x230
[ 57.098954][ T5213] do_syscall_64+0xf3/0x230
[ 57.103451][ T5213] ? clear_bhb_loop+0x35/0x90
[ 57.108122][ T5213] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 57.114013][ T5213] RIP: 0033:0x7fcb146ca613
[ 57.118421][ T5213] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 23 fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8
[ 57.138015][ T5213] RSP: 002b:00007fffaa54eac8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[ 57.146420][ T5213] RAX: ffffffffffffffda RBX: 0000555567e83770 RCX: 00007fcb146ca613
[ 57.154382][ T5213] RDX: 0000000000008000 RSI: 0000555567e83770 RDI: 0000000000000005
[ 57.162346][ T5213] RBP: 0000555567e83744 R08: 0000000000000000 R09: 0000000000000000
[ 57.170306][ T5213] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8
[ 57.178281][ T5213] R13: 0000000000000016 R14: 0000555567e83740 R15: 00007fffaa551e30
[ 57.186265][ T5213]
[ 57.189281][ T5213]
[ 57.191596][ T5213] The buggy address belongs to the physical page:
[ 57.198004][ T5213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x5615451c4 pfn:0x717c5
[ 57.207448][ T5213] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 57.214569][ T5213] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[ 57.223176][ T5213] raw: 00000005615451c4 0000000000000000 00000000ffffffff 0000000000000000
[ 57.231750][ T5213] page dumped because: kasan: bad access detected
[ 57.238170][ T5213] page_owner tracks the page as freed
[ 57.243614][ T5213] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5174, tgid 5174 (sftp-server), ts 48575534501, free_ts 49882330156
[ 57.262211][ T5213] post_alloc_hook+0x1f3/0x230
[ 57.266974][ T5213] get_page_from_freelist+0x2e4c/0x2f10
[ 57.272517][ T5213] __alloc_pages_noprof+0x256/0x6c0
[ 57.277707][ T5213] alloc_pages_mpol_noprof+0x3e8/0x680
[ 57.283177][ T5213] vma_alloc_folio_noprof+0x12e/0x230
[ 57.288549][ T5213] folio_prealloc+0x31/0x170
[ 57.293135][ T5213] handle_pte_fault+0x255e/0x6fc0
[ 57.298153][ T5213] handle_mm_fault+0xf70/0x1880
[ 57.302991][ T5213] exc_page_fault+0x459/0x8c0
[ 57.307659][ T5213] asm_exc_page_fault+0x26/0x30
[ 57.312497][ T5213] page last free pid 5174 tgid 5174 stack trace:
[ 57.318801][ T5213] free_unref_folios+0x100f/0x1ac0
[ 57.323898][ T5213] folios_put_refs+0x76e/0x860
[ 57.328650][ T5213] free_pages_and_swap_cache+0x2ea/0x690
[ 57.334272][ T5213] tlb_flush_mmu+0x3a3/0x680
[ 57.338863][ T5213] tlb_finish_mmu+0xd4/0x200
[ 57.343456][ T5213] exit_mmap+0x44f/0xc80
[ 57.347699][ T5213] __mmput+0x115/0x380
[ 57.351761][ T5213] exit_mm+0x220/0x310
[ 57.355823][ T5213] do_exit+0x9b2/0x27f0
[ 57.359963][ T5213] do_group_exit+0x207/0x2c0
[ 57.364544][ T5213] __x64_sys_exit_group+0x3f/0x40
[ 57.369563][ T5213] x64_sys_call+0x2634/0x2640
[ 57.374234][ T5213] do_syscall_64+0xf3/0x230
[ 57.378720][ T5213] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 57.384603][ T5213]
[ 57.386921][ T5213] Memory state around the buggy address:
[ 57.392545][ T5213] ffff8880717c5b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.400593][ T5213] ffff8880717c5b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.408633][ T5213] >ffff8880717c5c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.416684][ T5213] ^
[ 57.420733][ T5213] ffff8880717c5c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.428863][ T5213] ffff8880717c5d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.436903][ T5213] ==================================================================
[ 57.445421][ T5213] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 57.452619][ T5213] CPU: 0 UID: 0 PID: 5213 Comm: syz-executor129 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0
[ 57.463807][ T5213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 57.473851][ T5213] Call Trace:
[ 57.477122][ T5213]
[ 57.480129][ T5213] dump_stack_lvl+0x241/0x360
[ 57.484809][ T5213] ? __pfx_dump_stack_lvl+0x10/0x10
[ 57.489995][ T5213] ? __pfx__printk+0x10/0x10
[ 57.494576][ T5213] ? preempt_schedule+0xe1/0xf0
[ 57.499416][ T5213] ? vscnprintf+0x5d/0x90
[ 57.503735][ T5213] panic+0x349/0x860
[ 57.507622][ T5213] ? check_panic_on_warn+0x21/0xb0
[ 57.512807][ T5213] ? __pfx_panic+0x10/0x10
[ 57.517227][ T5213] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 57.523206][ T5213] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 57.529522][ T5213] ? print_report+0x502/0x550
[ 57.534197][ T5213] check_panic_on_warn+0x86/0xb0
[ 57.539125][ T5213] ? ext4_inlinedir_to_tree+0x57a/0x11d0
[ 57.544757][ T5213] end_report+0x77/0x160
[ 57.548999][ T5213] kasan_report+0x154/0x180
[ 57.553490][ T5213] ? ext4_inlinedir_to_tree+0x57a/0x11d0
[ 57.559217][ T5213] kasan_check_range+0x282/0x290
[ 57.564145][ T5213] ? ext4_inlinedir_to_tree+0x57a/0x11d0
[ 57.569766][ T5213] __asan_memcpy+0x29/0x70
[ 57.574169][ T5213] ext4_inlinedir_to_tree+0x57a/0x11d0
[ 57.579626][ T5213] ? is_bpf_text_address+0x285/0x2a0
[ 57.584994][ T5213] ? __kernel_text_address+0xd/0x40
[ 57.590182][ T5213] ? __pfx_ext4_inlinedir_to_tree+0x10/0x10
[ 57.596125][ T5213] ? kasan_save_track+0x51/0x80
[ 57.600963][ T5213] ? kasan_save_track+0x3f/0x80
[ 57.605799][ T5213] ? __kasan_kmalloc+0x98/0xb0
[ 57.610549][ T5213] ? __kmalloc_cache_noprof+0x19c/0x2c0
[ 57.616084][ T5213] ? ext4_readdir+0x4c4/0x3500
[ 57.620837][ T5213] ? do_syscall_64+0xf3/0x230
[ 57.625588][ T5213] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 57.631646][ T5213] ext4_htree_fill_tree+0x5d8/0x1400
[ 57.636928][ T5213] ? __pfx_ext4_htree_fill_tree+0x10/0x10
[ 57.642645][ T5213] ? __kmalloc_cache_noprof+0x19c/0x2c0
[ 57.648187][ T5213] ext4_readdir+0x2b1c/0x3500
[ 57.652857][ T5213] ? __pfx___might_resched+0x10/0x10
[ 57.658130][ T5213] ? __mutex_trylock_common+0x183/0x2e0
[ 57.663750][ T5213] ? __pfx___might_resched+0x10/0x10
[ 57.669024][ T5213] ? __pfx___mutex_trylock_common+0x10/0x10
[ 57.674903][ T5213] ? down_read_killable+0xaaa/0xd30
[ 57.680090][ T5213] ? __pfx_ext4_readdir+0x10/0x10
[ 57.685107][ T5213] ? trace_contention_end+0x3c/0x120
[ 57.690377][ T5213] ? __mutex_lock+0x2ef/0xd70
[ 57.695126][ T5213] ? iterate_dir+0x215/0x810
[ 57.699702][ T5213] ? __pfx_down_read_killable+0x10/0x10
[ 57.705233][ T5213] ? __fdget_pos+0x24e/0x310
[ 57.709812][ T5213] ? __pfx___mutex_lock+0x10/0x10
[ 57.714823][ T5213] ? __pfx_reacquire_held_locks+0x10/0x10
[ 57.720530][ T5213] ? bpf_lsm_file_permission+0x9/0x10
[ 57.725893][ T5213] iterate_dir+0x57a/0x810
[ 57.730302][ T5213] __se_sys_getdents64+0x20d/0x4f0
[ 57.735401][ T5213] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 57.741372][ T5213] ? __pfx___se_sys_getdents64+0x10/0x10
[ 57.746992][ T5213] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 57.752960][ T5213] ? __pfx_filldir64+0x10/0x10
[ 57.757710][ T5213] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 57.764029][ T5213] ? exc_page_fault+0x590/0x8c0
[ 57.768872][ T5213] ? do_syscall_64+0xb6/0x230
[ 57.773536][ T5213] do_syscall_64+0xf3/0x230
[ 57.778022][ T5213] ? clear_bhb_loop+0x35/0x90
[ 57.782686][ T5213] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 57.788564][ T5213] RIP: 0033:0x7fcb146ca613
[ 57.792967][ T5213] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 23 fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8
[ 57.812558][ T5213] RSP: 002b:00007fffaa54eac8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[ 57.820961][ T5213] RAX: ffffffffffffffda RBX: 0000555567e83770 RCX: 00007fcb146ca613
[ 57.828915][ T5213] RDX: 0000000000008000 RSI: 0000555567e83770 RDI: 0000000000000005
[ 57.836871][ T5213] RBP: 0000555567e83744 R08: 0000000000000000 R09: 0000000000000000
[ 57.844865][ T5213] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8
[ 57.852820][ T5213] R13: 0000000000000016 R14: 0000555567e83740 R15: 00007fffaa551e30
[ 57.860781][ T5213]
[ 57.863889][ T5213] Kernel Offset: disabled
[ 57.868365][ T5213] Rebooting in 86400 seconds..