Warning: Permanently added '10.128.1.100' (ED25519) to the list of known hosts.
executing program
[   80.570730][ T5217] loop0: detected capacity change from 0 to 512
[   80.579200][ T5217] EXT4-fs: Ignoring removed mblk_io_submit option
[   80.588452][ T5217] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   80.603091][ T5217] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[   80.611378][ T5217] System zones: 1-12
[   80.618669][ T5217] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor400: corrupted in-inode xattr: e_value size too large
[   80.634829][ T5217] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz-executor400: couldn't read orphan inode 15 (err -117)
[   80.649159][ T5217] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.667693][ T5217] EXT4-fs warning (device loop0): dx_probe:833: inode #2: comm syz-executor400: Unrecognised inode hash code 4
[   80.679620][ T5217] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz-executor400: Corrupt directory, running e2fsck is recommended
[   80.693061][ T5217] ==================================================================
[   80.701137][ T5217] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x6fd/0x880
[   80.709064][ T5217] Read of size 2 at addr ffff88807fc17003 by task syz-executor400/5217
[   80.717334][ T5217] 
[   80.719674][ T5217] CPU: 0 UID: 0 PID: 5217 Comm: syz-executor400 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[   80.730792][ T5217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   80.740895][ T5217] Call Trace:
[   80.744192][ T5217]  <TASK>
[   80.747153][ T5217]  dump_stack_lvl+0x241/0x360
[   80.752028][ T5217]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.757241][ T5217]  ? __pfx__printk+0x10/0x10
[   80.761840][ T5217]  ? _printk+0xd5/0x120
[   80.765999][ T5217]  ? __virt_addr_valid+0x183/0x530
[   80.771118][ T5217]  ? __virt_addr_valid+0x183/0x530
[   80.776240][ T5217]  print_report+0x169/0x550
[   80.780762][ T5217]  ? __virt_addr_valid+0x183/0x530
[   80.785904][ T5217]  ? __virt_addr_valid+0x183/0x530
[   80.791070][ T5217]  ? __virt_addr_valid+0x45f/0x530
[   80.796207][ T5217]  ? __phys_addr+0xba/0x170
[   80.800735][ T5217]  ? __ext4_check_dir_entry+0x6fd/0x880
[   80.806308][ T5217]  kasan_report+0x143/0x180
[   80.810835][ T5217]  ? __ext4_check_dir_entry+0x6fd/0x880
[   80.816410][ T5217]  __ext4_check_dir_entry+0x6fd/0x880
[   80.821801][ T5217]  ? __pfx_ext4_dirblock_csum_verify+0x10/0x10
[   80.827966][ T5217]  ext4_readdir+0x1436/0x3a60
[   80.832663][ T5217]  ? __mutex_trylock_common+0x183/0x2e0
[   80.838221][ T5217]  ? __pfx_ext4_readdir+0x10/0x10
[   80.843259][ T5217]  ? trace_contention_end+0x3c/0x120
[   80.848551][ T5217]  ? iterate_dir+0x20c/0x800
[   80.853154][ T5217]  ? __pfx_down_read_killable+0x10/0x10
[   80.858706][ T5217]  ? fdget_pos+0x24e/0x320
[   80.863137][ T5217]  ? __pfx___mutex_lock+0x10/0x10
[   80.868167][ T5217]  ? __pfx_lock_release+0x10/0x10
[   80.873207][ T5217]  iterate_dir+0x571/0x800
[   80.877635][ T5217]  __se_sys_getdents64+0x1d3/0x4a0
[   80.882782][ T5217]  ? do_raw_spin_unlock+0x13c/0x8b0
[   80.887993][ T5217]  ? __pfx___se_sys_getdents64+0x10/0x10
[   80.893635][ T5217]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   80.899627][ T5217]  ? __pfx_filldir64+0x10/0x10
[   80.904400][ T5217]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   80.910736][ T5217]  ? do_syscall_64+0x100/0x230
[   80.915510][ T5217]  ? do_syscall_64+0xb6/0x230
[   80.920191][ T5217]  do_syscall_64+0xf3/0x230
[   80.924696][ T5217]  ? clear_bhb_loop+0x35/0x90
[   80.929381][ T5217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.935299][ T5217] RIP: 0033:0x7fcfd760b6d9
[   80.939726][ T5217] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   80.959346][ T5217] RSP: 002b:00007ffe192a0be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   80.967771][ T5217] RAX: ffffffffffffffda RBX: 00007ffe192a0bf0 RCX: 00007fcfd760b6d9
[   80.975750][ T5217] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000005
[   80.983725][ T5217] RBP: 00007ffe192a0bf8 R08: 6c616b7a79732f2e R09: 6c616b7a79732f2e
[   80.991720][ T5217] R10: 6c616b7a79732f2e R11: 0000000000000246 R12: 0000000000000000
[   80.999698][ T5217] R13: 00007ffe192a0e58 R14: 0000000000000001 R15: 0000000000000001
[   81.007688][ T5217]  </TASK>
[   81.010707][ T5217] 
[   81.013032][ T5217] The buggy address belongs to the physical page:
[   81.019445][ T5217] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x56388aa96 pfn:0x7fc17
[   81.028910][ T5217] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   81.036213][ T5217] raw: 00fff00000000000 ffffea0001ffe808 ffff8880b8644af0 0000000000000000
[   81.044802][ T5217] raw: 000000056388aa96 0000000000000000 00000000ffffffff 0000000000000000
[   81.053393][ T5217] page dumped because: kasan: bad access detected
[   81.059831][ T5217] page_owner tracks the page as freed
[   81.065198][ T5217] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5214, tgid 5214 (sftp-server), ts 74824128125, free_ts 74900105933
[   81.083789][ T5217]  post_alloc_hook+0x1f3/0x230
[   81.088569][ T5217]  get_page_from_freelist+0x3039/0x3180
[   81.094129][ T5217]  __alloc_pages_noprof+0x256/0x6c0
[   81.099341][ T5217]  alloc_pages_mpol_noprof+0x3e8/0x680
[   81.104805][ T5217]  vma_alloc_folio_noprof+0x12e/0x230
[   81.110182][ T5217]  folio_prealloc+0x31/0x170
[   81.114785][ T5217]  handle_pte_fault+0x24dd/0x6800
[   81.119823][ T5217]  handle_mm_fault+0x1053/0x1ad0
[   81.124860][ T5217]  exc_page_fault+0x459/0x8c0
[   81.129555][ T5217]  asm_exc_page_fault+0x26/0x30
[   81.134427][ T5217] page last free pid 5214 tgid 5214 stack trace:
[   81.140767][ T5217]  free_unref_folios+0xee2/0x18a0
[   81.145810][ T5217]  folios_put_refs+0x76c/0x860
[   81.150580][ T5217]  free_pages_and_swap_cache+0x2ea/0x690
[   81.156223][ T5217]  tlb_flush_mmu+0x3a3/0x680
[   81.160846][ T5217]  tlb_finish_mmu+0xd4/0x200
[   81.165469][ T5217]  exit_mmap+0x496/0xc40
[   81.169738][ T5217]  __mmput+0x115/0x380
[   81.173826][ T5217]  exit_mm+0x220/0x310
[   81.177906][ T5217]  do_exit+0x9b2/0x28e0
[   81.182076][ T5217]  do_group_exit+0x207/0x2c0
[   81.186672][ T5217]  __x64_sys_exit_group+0x3f/0x40
[   81.191705][ T5217]  x64_sys_call+0x2634/0x2640
[   81.196397][ T5217]  do_syscall_64+0xf3/0x230
[   81.200906][ T5217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.206817][ T5217] 
[   81.209142][ T5217] Memory state around the buggy address:
[   81.214780][ T5217]  ffff88807fc16f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   81.222847][ T5217]  ffff88807fc16f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   81.230914][ T5217] >ffff88807fc17000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   81.238972][ T5217]                    ^
[   81.243052][ T5217]  ffff88807fc17080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   81.251116][ T5217]  ffff88807fc17100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   81.259175][ T5217] ==================================================================
[   81.267614][ T5217] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   81.274835][ T5217] CPU: 0 UID: 0 PID: 5217 Comm: syz-executor400 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[   81.285975][ T5217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   81.296048][ T5217] Call Trace:
[   81.299330][ T5217]  <TASK>
[   81.302265][ T5217]  dump_stack_lvl+0x241/0x360
[   81.306979][ T5217]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.312186][ T5217]  ? __pfx__printk+0x10/0x10
[   81.316784][ T5217]  ? preempt_schedule+0xe1/0xf0
[   81.321650][ T5217]  ? vscnprintf+0x5d/0x90
[   81.326016][ T5217]  panic+0x349/0x880
[   81.329917][ T5217]  ? check_panic_on_warn+0x21/0xb0
[   81.335039][ T5217]  ? __pfx_panic+0x10/0x10
[   81.339462][ T5217]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   81.345461][ T5217]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   81.351817][ T5217]  ? print_report+0x502/0x550
[   81.356509][ T5217]  check_panic_on_warn+0x86/0xb0
[   81.361454][ T5217]  ? __ext4_check_dir_entry+0x6fd/0x880
[   81.367019][ T5217]  end_report+0x77/0x160
[   81.371277][ T5217]  kasan_report+0x154/0x180
[   81.375795][ T5217]  ? __ext4_check_dir_entry+0x6fd/0x880
[   81.381357][ T5217]  __ext4_check_dir_entry+0x6fd/0x880
[   81.386740][ T5217]  ? __pfx_ext4_dirblock_csum_verify+0x10/0x10
[   81.392935][ T5217]  ext4_readdir+0x1436/0x3a60
[   81.397632][ T5217]  ? __mutex_trylock_common+0x183/0x2e0
[   81.403192][ T5217]  ? __pfx_ext4_readdir+0x10/0x10
[   81.408251][ T5217]  ? trace_contention_end+0x3c/0x120
[   81.413548][ T5217]  ? iterate_dir+0x20c/0x800
[   81.418148][ T5217]  ? __pfx_down_read_killable+0x10/0x10
[   81.423725][ T5217]  ? fdget_pos+0x24e/0x320
[   81.428158][ T5217]  ? __pfx___mutex_lock+0x10/0x10
[   81.433190][ T5217]  ? __pfx_lock_release+0x10/0x10
[   81.438232][ T5217]  iterate_dir+0x571/0x800
[   81.442665][ T5217]  __se_sys_getdents64+0x1d3/0x4a0
[   81.447787][ T5217]  ? do_raw_spin_unlock+0x13c/0x8b0
[   81.453280][ T5217]  ? __pfx___se_sys_getdents64+0x10/0x10
[   81.458928][ T5217]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   81.464921][ T5217]  ? __pfx_filldir64+0x10/0x10
[   81.469696][ T5217]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   81.476039][ T5217]  ? do_syscall_64+0x100/0x230
[   81.480813][ T5217]  ? do_syscall_64+0xb6/0x230
[   81.485503][ T5217]  do_syscall_64+0xf3/0x230
[   81.490011][ T5217]  ? clear_bhb_loop+0x35/0x90
[   81.494698][ T5217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.500608][ T5217] RIP: 0033:0x7fcfd760b6d9
[   81.505026][ T5217] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   81.524637][ T5217] RSP: 002b:00007ffe192a0be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   81.533067][ T5217] RAX: ffffffffffffffda RBX: 00007ffe192a0bf0 RCX: 00007fcfd760b6d9
[   81.541044][ T5217] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000005
[   81.549023][ T5217] RBP: 00007ffe192a0bf8 R08: 6c616b7a79732f2e R09: 6c616b7a79732f2e
[   81.557017][ T5217] R10: 6c616b7a79732f2e R11: 0000000000000246 R12: 0000000000000000
[   81.565012][ T5217] R13: 00007ffe192a0e58 R14: 0000000000000001 R15: 0000000000000001
[   81.573006][ T5217]  </TASK>
[   81.576342][ T5217] Kernel Offset: disabled
[   81.580674][ T5217] Rebooting in 86400 seconds..