ci starts bisection 2022-12-21 03:28:03.741696651 +0000 UTC m=+65195.574301364 bisecting cause commit starting from 3800a713b6070d4f03fb43613a7b7d536a99b2b7 building syzkaller on 10323ddf71b1e5ea30453d7bf17f0815d9e0514a ensuring issue is reproducible on original commit 3800a713b6070d4f03fb43613a7b7d536a99b2b7 testing commit 3800a713b6070d4f03fb43613a7b7d536a99b2b7 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 62be6a1fe221cc4c32b7b45a512ec5bb5b49f71c363dc9407f102d02ce6c14eb run #0: crashed: KASAN: use-after-free Read in ntfs_iget5 run #1: crashed: KASAN: use-after-free Read in ntfs_iget5 run #2: crashed: KASAN: use-after-free Read in ntfs_iget5 run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #4: crashed: KASAN: use-after-free Read in ntfs_iget5 run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #7: crashed: KASAN: use-after-free Read in ntfs_iget5 run #8: crashed: KASAN: use-after-free Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 run #10: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #11: crashed: KASAN: use-after-free Read in ntfs_iget5 run #12: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #13: crashed: KASAN: use-after-free Read in ntfs_iget5 run #14: crashed: KASAN: use-after-free Read in ntfs_iget5 run #15: crashed: KASAN: use-after-free Read in ntfs_iget5 run #16: crashed: KASAN: use-after-free Read in ntfs_iget5 run #17: crashed: KASAN: use-after-free Read in ntfs_iget5 run #18: crashed: KASAN: use-after-free Read in ntfs_iget5 run #19: crashed: KASAN: use-after-free Read in ntfs_iget5 testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c27e7886ccdb67673ba72eb2d61983426bceccb1ff69eb6767edab4931e01f71 run #0: crashed: KASAN: use-after-free Read in ntfs_iget5 run #1: crashed: KASAN: use-after-free Read in ntfs_iget5 run #2: crashed: KASAN: use-after-free Read in ntfs_iget5 run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #4: crashed: KASAN: use-after-free Read in ntfs_iget5 run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #6: crashed: KASAN: use-after-free Read in ntfs_iget5 run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #8: crashed: KASAN: use-after-free Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d1463fadacd4be55de4ec0f9ce1fdebdd3ca989ea94c20cc41f6c55d2c170cce run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #1: crashed: KASAN: use-after-free Read in ntfs_iget5 run #2: crashed: KASAN: use-after-free Read in ntfs_iget5 run #3: crashed: KASAN: use-after-free Read in ntfs_iget5 run #4: crashed: KASAN: use-after-free Read in ntfs_iget5 run #5: crashed: KASAN: use-after-free Read in ntfs_iget5 run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #7: crashed: KASAN: use-after-free Read in ntfs_iget5 run #8: crashed: KASAN: use-after-free Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 148bc20f317648c04055e8e57e6c5d1b9b94d82c89f32ccd5195d85f1986b1ee run #0: crashed: KASAN: use-after-free Read in ntfs_iget5 run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #2: crashed: KASAN: use-after-free Read in ntfs_iget5 run #3: crashed: KASAN: use-after-free Read in ntfs_iget5 run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #5: crashed: KASAN: use-after-free Read in ntfs_iget5 run #6: crashed: KASAN: use-after-free Read in ntfs_iget5 run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #8: crashed: KASAN: use-after-free Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5dec6dc830384e0787962d7c3bede03ff045ec051a65f47ba287ef2d184fbf9f run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #1: crashed: KASAN: use-after-free Read in ntfs_iget5 run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #3: crashed: KASAN: use-after-free Read in ntfs_iget5 run #4: crashed: KASAN: use-after-free Read in ntfs_iget5 run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #8: crashed: KASAN: use-after-free Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9af4cae1e2241bed92dbe880f7fdc66328fe407ce0b1cdb734da326d7ed8d292 run #0: crashed: KASAN: use-after-free Read in ntfs_iget5 run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #3: crashed: KASAN: use-after-free Read in ntfs_iget5 run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #6: crashed: KASAN: use-after-free Read in ntfs_iget5 run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #8: crashed: KASAN: use-after-free Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 383504c92b91fb6039a613c58445b66e874d371acc81e73bf872a45be743dc01 all runs: OK # git bisect start 8bb7eca972ad531c9b149c0a51ab43a417385813 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 6693 revisions left to test after this (roughly 13 steps) [477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6] Merge tag 'drm-next-2021-08-31-1' of git://anongit.freedesktop.org/drm/drm testing commit 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3ce2becbaa3320ecdd633ac5edde29e97ccb4ca2c362fba38b90d36e23a24c92 all runs: OK # git bisect good 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 Bisecting: 3317 revisions left to test after this (roughly 12 steps) [626bf91a292e2035af5b9d9cce35c5c138dfe06d] Merge tag 'net-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 626bf91a292e2035af5b9d9cce35c5c138dfe06d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: eb51241c210ac2e95ded67ac81a02d696fd0e8c8e0268fb79c3fd8260e44f8f8 run #0: crashed: KASAN: use-after-free Read in ntfs_iget5 run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #3: crashed: KASAN: use-after-free Read in ntfs_iget5 run #4: crashed: KASAN: use-after-free Read in ntfs_iget5 run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #6: crashed: KASAN: use-after-free Read in ntfs_iget5 run #7: crashed: KASAN: use-after-free Read in ntfs_iget5 run #8: crashed: KASAN: use-after-free Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 # git bisect bad 626bf91a292e2035af5b9d9cce35c5c138dfe06d Bisecting: 1702 revisions left to test after this (roughly 11 steps) [23852bec534a1633dc08f4df88b8493ae99953a9] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 23852bec534a1633dc08f4df88b8493ae99953a9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a4fa6634fd39559b2fa12d9969551d5dc45a79d67540c231060704d47d6428de all runs: OK # git bisect good 23852bec534a1633dc08f4df88b8493ae99953a9 Bisecting: 869 revisions left to test after this (roughly 10 steps) [55d1308bdff7341b778e5cf36220616a0dd6ab8f] cdrom: update uniform CD-ROM maintainership in MAINTAINERS file testing commit 55d1308bdff7341b778e5cf36220616a0dd6ab8f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 97194d36b924edd1b2629062a70495a89167dcea76c047e7f7709ed9b57d0094 all runs: OK # git bisect good 55d1308bdff7341b778e5cf36220616a0dd6ab8f Bisecting: 434 revisions left to test after this (roughly 9 steps) [3754707bcc3e190e5dadc978d172b61e809cb3bd] Revert "memcg: enable accounting for file lock caches" testing commit 3754707bcc3e190e5dadc978d172b61e809cb3bd gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cfaf66a064be3247a6bfdc95db28eacc550dc9e021e07a3e3387791ec6e23bcb run #0: crashed: KASAN: use-after-free Read in ntfs_iget5 run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #2: crashed: KASAN: use-after-free Read in ntfs_iget5 run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #4: crashed: KASAN: use-after-free Read in ntfs_iget5 run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #6: crashed: KASAN: use-after-free Read in ntfs_iget5 run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #8: crashed: KASAN: use-after-free Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 # git bisect bad 3754707bcc3e190e5dadc978d172b61e809cb3bd Bisecting: 200 revisions left to test after this (roughly 8 steps) [e07af2626643293fa16df655979e7963250abc63] Merge tag 'arc-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc testing commit e07af2626643293fa16df655979e7963250abc63 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1c960cf71ca626575a6e94958086a1ade93e08347cd38e7b4fa7dcdb3804ee99 run #0: crashed: KASAN: use-after-free Read in ntfs_iget5 run #1: crashed: KASAN: use-after-free Read in ntfs_iget5 run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #3: crashed: KASAN: use-after-free Read in ntfs_iget5 run #4: crashed: KASAN: use-after-free Read in ntfs_iget5 run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #7: crashed: KASAN: use-after-free Read in ntfs_iget5 run #8: crashed: KASAN: use-after-free Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 # git bisect bad e07af2626643293fa16df655979e7963250abc63 Bisecting: 109 revisions left to test after this (roughly 7 steps) [f7464060f7ab9a2424428008f0ee9f1e267e410f] Merge git://github.com/Paragon-Software-Group/linux-ntfs3 testing commit f7464060f7ab9a2424428008f0ee9f1e267e410f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b02a9fb646dd2cf8b65e0fe8ad02515acb39f08269235c18cd010c882a6bd716 run #0: crashed: KASAN: use-after-free Read in ntfs_iget5 run #1: crashed: KASAN: use-after-free Read in ntfs_iget5 run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #3: crashed: KASAN: use-after-free Read in ntfs_iget5 run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #5: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #6: crashed: KASAN: use-after-free Read in ntfs_iget5 run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #8: crashed: KASAN: use-after-free Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 # git bisect bad f7464060f7ab9a2424428008f0ee9f1e267e410f Bisecting: 77 revisions left to test after this (roughly 6 steps) [9605f75cf36e0bcc0f4ada07b5be712d30107607] f2fs: should put a page beyond EOF when preparing a write testing commit 9605f75cf36e0bcc0f4ada07b5be712d30107607 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f445fba5923de3ddddcf17bed718226fc8f761581dfb62a940cebc78c26131d5 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 9605f75cf36e0bcc0f4ada07b5be712d30107607 Bisecting: 38 revisions left to test after this (roughly 5 steps) [8cfb9015280d49f9d92d5b0f88cedf5f0856c0fd] NFS: Always provide aligned buffers to the RPC read layers testing commit 8cfb9015280d49f9d92d5b0f88cedf5f0856c0fd gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3b6d11b084c50734444d809bfbaa8b1b9450e22180f611aed8ec00a3fe48818a all runs: OK # git bisect good 8cfb9015280d49f9d92d5b0f88cedf5f0856c0fd Bisecting: 19 revisions left to test after this (roughly 4 steps) [1263eddfea9988125a4b9608efecc8aff2c721f9] fs/ntfs3: Remove unused including testing commit 1263eddfea9988125a4b9608efecc8aff2c721f9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 504e64fa52cd450c32115839ba6d47a53923f1db152718610fa1ede66b6fead1 run #0: crashed: KASAN: use-after-free Read in ntfs_iget5 run #1: crashed: KASAN: use-after-free Read in ntfs_iget5 run #2: crashed: KASAN: use-after-free Read in ntfs_iget5 run #3: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #4: crashed: KASAN: use-after-free Read in ntfs_iget5 run #5: crashed: KASAN: use-after-free Read in ntfs_iget5 run #6: crashed: KASAN: use-after-free Read in ntfs_iget5 run #7: crashed: KASAN: use-after-free Read in ntfs_iget5 run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #9: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 # git bisect bad 1263eddfea9988125a4b9608efecc8aff2c721f9 Bisecting: 9 revisions left to test after this (roughly 3 steps) [6e5be40d32fb1907285277c02e74493ed43d77fe] fs/ntfs3: Add NTFS3 in fs/Kconfig and fs/Makefile testing commit 6e5be40d32fb1907285277c02e74493ed43d77fe gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 75652a42e7eabcaabb1dc2f40be28829f69af76f9ab86140e756ddc36d5426a4 run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #1: crashed: KASAN: use-after-free Read in ntfs_iget5 run #2: crashed: KASAN: use-after-free Read in ntfs_iget5 run #3: crashed: KASAN: use-after-free Read in ntfs_iget5 run #4: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #5: crashed: KASAN: use-after-free Read in ntfs_iget5 run #6: crashed: KASAN: use-after-free Read in ntfs_iget5 run #7: crashed: KASAN: use-after-free Read in ntfs_iget5 run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_iget5 run #9: crashed: KASAN: use-after-free Read in ntfs_iget5 # git bisect bad 6e5be40d32fb1907285277c02e74493ed43d77fe Bisecting: 4 revisions left to test after this (roughly 2 steps) [4342306f0f0d5ff4315a204d315c1b51b914fca5] fs/ntfs3: Add file operations and implementation testing commit 4342306f0f0d5ff4315a204d315c1b51b914fca5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2d2a8c90a97dfe1a4b55e60ffbc958f8a13a4db34413c0348f392ac5a0632dbb all runs: OK # git bisect good 4342306f0f0d5ff4315a204d315c1b51b914fca5 Bisecting: 2 revisions left to test after this (roughly 1 step) [522e010b58379fbe19b38fdef5016bca0c3cf405] fs/ntfs3: Add compression testing commit 522e010b58379fbe19b38fdef5016bca0c3cf405 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2d2a8c90a97dfe1a4b55e60ffbc958f8a13a4db34413c0348f392ac5a0632dbb all runs: OK # git bisect good 522e010b58379fbe19b38fdef5016bca0c3cf405 Bisecting: 0 revisions left to test after this (roughly 1 step) [12dad495eaab95e0bb784c43869073617c513ea4] fs/ntfs3: Add Kconfig, Makefile and doc testing commit 12dad495eaab95e0bb784c43869073617c513ea4 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2d2a8c90a97dfe1a4b55e60ffbc958f8a13a4db34413c0348f392ac5a0632dbb all runs: OK # git bisect good 12dad495eaab95e0bb784c43869073617c513ea4 6e5be40d32fb1907285277c02e74493ed43d77fe is the first bad commit commit 6e5be40d32fb1907285277c02e74493ed43d77fe Author: Konstantin Komarov Date: Fri Aug 13 17:21:30 2021 +0300 fs/ntfs3: Add NTFS3 in fs/Kconfig and fs/Makefile This adds NTFS3 in fs/Kconfig and fs/Makefile Signed-off-by: Konstantin Komarov fs/Kconfig | 1 + fs/Makefile | 1 + 2 files changed, 2 insertions(+) culprit signature: 75652a42e7eabcaabb1dc2f40be28829f69af76f9ab86140e756ddc36d5426a4 parent signature: 2d2a8c90a97dfe1a4b55e60ffbc958f8a13a4db34413c0348f392ac5a0632dbb revisions tested: 21, total time: 4h20m30.004646212s (build: 2h25m1.568993191s, test: 1h52m29.441494982s) first bad commit: 6e5be40d32fb1907285277c02e74493ed43d77fe fs/ntfs3: Add NTFS3 in fs/Kconfig and fs/Makefile recipients (to): ["almaz.alexandrovich@paragon-software.com" "linux-kernel@vger.kernel.org"] recipients (cc): ["linux-fsdevel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: KASAN: use-after-free Read in ntfs_iget5 loop0: detected capacity change from 0 to 264192 ntfs3: loop0: Unrecognized mount option "iocharset=cp950" or missing value ntfs3: loop0: Different NTFS' sector size and media sector size ntfs3: loop0: Mark volume as dirty due to NTFS errors ================================================================== BUG: KASAN: use-after-free in memcmp+0xa6/0xb0 lib/string.c:939 Read of size 1 at addr ffff88802bcf8f40 by task syz-executor.0/5949 CPU: 0 PID: 5949 Comm: syz-executor.0 Not tainted 5.14.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 print_address_description.constprop.0.cold+0x6c/0x309 mm/kasan/report.c:233 __kasan_report mm/kasan/report.c:419 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:436 memcmp+0xa6/0xb0 lib/string.c:939 memcmp include/linux/fortify-string.h:235 [inline] ntfs_read_mft fs/ntfs3/inode.c:261 [inline] ntfs_iget5+0x15f1/0x2fa0 fs/ntfs3/inode.c:501 ntfs_fill_super+0x2c43/0x3550 fs/ntfs3/super.c:1311 mount_bdev+0x2cb/0x3b0 fs/super.c:1368 legacy_get_tree+0xfa/0x1f0 fs/fs_context.c:610 vfs_get_tree+0x7f/0x2c0 fs/super.c:1498 do_new_mount fs/namespace.c:2905 [inline] path_mount+0x7f3/0x1a40 fs/namespace.c:3235 do_mount fs/namespace.c:3248 [inline] __do_sys_mount fs/namespace.c:3456 [inline] __se_sys_mount fs/namespace.c:3433 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3433 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f354eb0fb9a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f354e281f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f354eb0fb9a RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f354e281fe0 RBP: 00007f354e282020 R08: 00007f354e282020 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000 R13: 0000000020000100 R14: 00007f354e281fe0 R15: 0000000020000140 Allocated by task 5954: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] __kasan_slab_alloc+0x84/0xa0 mm/kasan/common.c:467 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:2956 [inline] slab_alloc mm/slub.c:2964 [inline] kmem_cache_alloc+0x285/0x4a0 mm/slub.c:2969 getname_flags.part.0+0x4a/0x440 fs/namei.c:138 do_sys_openat2+0xd2/0x360 fs/open.c:1198 do_sys_open fs/open.c:1220 [inline] __do_sys_openat fs/open.c:1236 [inline] __se_sys_openat fs/open.c:1231 [inline] __x64_sys_openat+0x11b/0x1d0 fs/open.c:1231 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 5954: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:360 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free mm/kasan/common.c:328 [inline] __kasan_slab_free+0xfb/0x130 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1625 [inline] slab_free_freelist_hook+0xdf/0x240 mm/slub.c:1650 slab_free mm/slub.c:3210 [inline] kmem_cache_free+0x8a/0x5b0 mm/slub.c:3226 do_sys_openat2+0x106/0x360 fs/open.c:1213 do_sys_open fs/open.c:1220 [inline] __do_sys_openat fs/open.c:1236 [inline] __se_sys_openat fs/open.c:1231 [inline] __x64_sys_openat+0x11b/0x1d0 fs/open.c:1231 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff88802bcf8000 which belongs to the cache names_cache of size 4096 The buggy address is located 3904 bytes inside of 4096-byte region [ffff88802bcf8000, ffff88802bcf9000) The buggy address belongs to the page: page:ffffea0000af3e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2bcf8 head:ffffea0000af3e00 order:3 compound_mapcount:0 compound_pincount:0 flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000010200 dead000000000100 dead000000000122 ffff8880105ca3c0 raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4823, ts 14101249310, free_ts 14096699328 prep_new_page mm/page_alloc.c:2436 [inline] get_page_from_freelist+0xa72/0x2f80 mm/page_alloc.c:4169 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5391 alloc_slab_page mm/slub.c:1688 [inline] allocate_slab+0x32e/0x4b0 mm/slub.c:1828 new_slab mm/slub.c:1891 [inline] new_slab_objects mm/slub.c:2637 [inline] ___slab_alloc+0x4ba/0x820 mm/slub.c:2800 __slab_alloc.constprop.0+0xa7/0xf0 mm/slub.c:2840 slab_alloc_node mm/slub.c:2922 [inline] slab_alloc mm/slub.c:2964 [inline] kmem_cache_alloc+0x3e1/0x4a0 mm/slub.c:2969 getname_flags.part.0+0x4a/0x440 fs/namei.c:138 do_sys_openat2+0xd2/0x360 fs/open.c:1198 do_sys_open fs/open.c:1220 [inline] __do_sys_openat fs/open.c:1236 [inline] __se_sys_openat fs/open.c:1231 [inline] __x64_sys_openat+0x11b/0x1d0 fs/open.c:1231 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1346 [inline] free_pcp_prepare+0x2c5/0x780 mm/page_alloc.c:1397 free_unref_page_prepare mm/page_alloc.c:3332 [inline] free_unref_page+0x19/0x690 mm/page_alloc.c:3411 unfreeze_partials+0x17c/0x1d0 mm/slub.c:2418 put_cpu_partial+0x13d/0x230 mm/slub.c:2454 qlink_free mm/kasan/quarantine.c:146 [inline] qlist_free_all+0x5a/0xc0 mm/kasan/quarantine.c:165 kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:272 __kasan_slab_alloc+0x8e/0xa0 mm/kasan/common.c:444 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:2956 [inline] slab_alloc mm/slub.c:2964 [inline] __kmalloc+0x1f4/0x330 mm/slub.c:4108 kmalloc include/linux/slab.h:596 [inline] kzalloc include/linux/slab.h:721 [inline] tomoyo_encode2.part.0+0x92/0x310 security/tomoyo/realpath.c:45 tomoyo_realpath_from_path+0x140/0x6a0 security/tomoyo/realpath.c:288 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_check_open_permission+0x21c/0x2c0 security/tomoyo/file.c:771 security_file_open+0x43/0x410 security/security.c:1633 do_dentry_open+0x30d/0xfc0 fs/open.c:813 do_open fs/namei.c:3374 [inline] path_openat+0x9fa/0x22f0 fs/namei.c:3507 do_filp_open+0x199/0x3d0 fs/namei.c:3534 do_sys_openat2+0x11e/0x360 fs/open.c:1204 Memory state around the buggy address: ffff88802bcf8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88802bcf8e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88802bcf8f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88802bcf8f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88802bcf9000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================