Warning: Permanently added '10.128.1.30' (ED25519) to the list of known hosts.
2024/04/26 19:43:08 ignoring optional flag "sandboxArg"="0"
2024/04/26 19:43:08 parsed 1 programs
2024/04/26 19:43:08 executed programs: 0
[   46.925060][ T2484] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   49.604013][ T2900] loop0: detected capacity change from 0 to 4096
[   49.708316][ T2900] ntfs3: loop0: ino=22, "file0" failed to undo rename
[   49.788932][ T2903] loop0: detected capacity change from 0 to 4096
[   49.883811][ T2903] ==================================================================
[   49.892182][ T2903] BUG: KASAN: use-after-free in __list_add_valid+0x81/0xa0
[   49.899920][ T2903] Read of size 8 at addr ffff88802858b518 by task syz-executor.0/2903
[   49.908141][ T2903] 
[   49.910636][ T2903] CPU: 0 PID: 2903 Comm: syz-executor.0 Not tainted 5.14.0-rc7-syzkaller #0
[   49.919472][ T2903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   49.929513][ T2903] Call Trace:
[   49.932774][ T2903]  dump_stack_lvl+0x41/0x5e
[   49.937274][ T2903]  print_address_description.constprop.0.cold+0x6c/0x30a
[   49.944362][ T2903]  ? __list_add_valid+0x81/0xa0
[   49.949289][ T2903]  ? __list_add_valid+0x81/0xa0
[   49.954194][ T2903]  kasan_report.cold+0x83/0xdf
[   49.958925][ T2903]  ? __list_add_valid+0x81/0xa0
[   49.963836][ T2903]  __list_add_valid+0x81/0xa0
[   49.968567][ T2903]  chrdev_open+0x40c/0x650
[   49.972957][ T2903]  ? __unregister_chrdev+0xe0/0xe0
[   49.978121][ T2903]  ? security_file_open+0x49/0x400
[   49.983207][ T2903]  do_dentry_open+0x425/0xf80
[   49.987940][ T2903]  ? __unregister_chrdev+0xe0/0xe0
[   49.993103][ T2903]  ? may_open+0xce/0x330
[   49.997337][ T2903]  path_openat+0x1593/0x22b0
[   50.001893][ T2903]  ? kmem_cache_alloc+0x271/0x3a0
[   50.007588][ T2903]  ? entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.014071][ T2903]  ? lookup_open.isra.0+0x15e0/0x15e0
[   50.019409][ T2903]  ? lock_downgrade+0x540/0x540
[   50.024317][ T2903]  ? wake_up_var+0x120/0x120
[   50.028876][ T2903]  ? futex_wait_restart+0x210/0x210
[   50.034129][ T2903]  do_filp_open+0x199/0x3d0
[   50.038783][ T2903]  ? may_open_dev+0xd0/0xd0
[   50.043256][ T2903]  ? do_raw_spin_lock+0x120/0x2b0
[   50.048345][ T2903]  ? rwlock_bug.part.0+0x90/0x90
[   50.053249][ T2903]  ? lock_acquire+0x132/0x290
[   50.057897][ T2903]  ? _raw_spin_unlock+0x24/0x40
[   50.062924][ T2903]  ? alloc_fd+0x17c/0x4e0
[   50.067522][ T2903]  ? getname_flags.part.0+0x89/0x440
[   50.072775][ T2903]  do_sys_openat2+0x11e/0x360
[   50.077773][ T2903]  ? build_open_flags+0x490/0x490
[   50.082866][ T2903]  ? lock_downgrade+0x540/0x540
[   50.087686][ T2903]  __x64_sys_openat+0x11b/0x1d0
[   50.092508][ T2903]  ? get_vtime_delta+0x163/0x250
[   50.097501][ T2903]  ? __ia32_sys_open+0x190/0x190
[   50.102407][ T2903]  ? vtime_user_exit+0xde/0x180
[   50.107574][ T2903]  ? __context_tracking_exit+0x33/0x90
[   50.113091][ T2903]  do_syscall_64+0x3c/0x90
[   50.118428][ T2903]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.124555][ T2903] RIP: 0033:0x7efd3e5b0ea9
[   50.128946][ T2903] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   50.148699][ T2903] RSP: 002b:00007efd3e1320c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   50.157531][ T2903] RAX: ffffffffffffffda RBX: 00007efd3e6def80 RCX: 00007efd3e5b0ea9
[   50.165651][ T2903] RDX: 0000000000000000 RSI: 0000000020002140 RDI: ffffffffffffff9c
[   50.173593][ T2903] RBP: 00007efd3e5fd4a4 R08: 0000000000000000 R09: 0000000000000000
[   50.181623][ T2903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   50.189566][ T2903] R13: 0000000000000006 R14: 00007efd3e6def80 R15: 00007ffc56648a98
[   50.197523][ T2903] 
[   50.199824][ T2903] Allocated by task 2900:
[   50.204563][ T2903]  kasan_save_stack+0x1b/0x40
[   50.209222][ T2903]  __kasan_slab_alloc+0x83/0xb0
[   50.214050][ T2903]  kmem_cache_alloc+0x19c/0x3a0
[   50.218869][ T2903]  ntfs_alloc_inode+0x13/0x60
[   50.223603][ T2903]  alloc_inode+0x59/0x1e0
[   50.227902][ T2903]  new_inode+0x1a/0x2d0
[   50.232033][ T2903]  ntfs_new_inode+0x32/0xd0
[   50.236518][ T2903]  ntfs_create_inode+0x2d3/0x4b80
[   50.241604][ T2903]  ntfs_mknod+0x49/0x80
[   50.245729][ T2903]  vfs_mknod+0x119/0x3c0
[   50.249941][ T2903]  do_mknodat.part.0+0x1b9/0x3e0
[   50.254969][ T2903]  do_syscall_64+0x3c/0x90
[   50.259718][ T2903]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.265932][ T2903] 
[   50.268236][ T2903] Freed by task 0:
[   50.272380][ T2903]  kasan_save_stack+0x1b/0x40
[   50.277658][ T2903]  kasan_set_track+0x1c/0x30
[   50.282226][ T2903]  kasan_set_free_info+0x20/0x30
[   50.287136][ T2903]  __kasan_slab_free+0xff/0x130
[   50.291979][ T2903]  slab_free_freelist_hook+0xb9/0x1f0
[   50.297334][ T2903]  kmem_cache_free+0x8a/0x450
[   50.302081][ T2903]  rcu_core+0x553/0x10c0
[   50.306288][ T2903]  __do_softirq+0x1f1/0x641
[   50.310777][ T2903] 
[   50.313074][ T2903] Last potentially related work creation:
[   50.318847][ T2903]  kasan_save_stack+0x1b/0x40
[   50.323586][ T2903]  kasan_record_aux_stack+0xe9/0x110
[   50.329273][ T2903]  call_rcu+0x98/0x6a0
[   50.333317][ T2903]  destroy_inode+0xb7/0x190
[   50.337796][ T2903]  __dentry_kill+0x31a/0x5f0
[   50.342380][ T2903]  shrink_dentry_list+0x189/0x500
[   50.347374][ T2903]  shrink_dcache_parent+0x158/0x200
[   50.352541][ T2903]  shrink_dcache_for_umount+0x54/0x2c0
[   50.357971][ T2903]  generic_shutdown_super+0x5c/0x330
[   50.363317][ T2903]  kill_block_super+0x93/0xd0
[   50.368142][ T2903]  deactivate_locked_super+0x80/0x130
[   50.373654][ T2903]  cleanup_mnt+0x2b8/0x3e0
[   50.378218][ T2903]  task_work_run+0xc5/0x150
[   50.382868][ T2903]  exit_to_user_mode_prepare+0x16e/0x170
[   50.388818][ T2903]  syscall_exit_to_user_mode+0x13/0x30
[   50.394948][ T2903]  do_syscall_64+0x4a/0x90
[   50.399496][ T2903]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.405542][ T2903] 
[   50.407866][ T2903] The buggy address belongs to the object at ffff88802858af08
[   50.407866][ T2903]  which belongs to the cache ntfs_inode_cache of size 1592
[   50.422783][ T2903] The buggy address is located 1552 bytes inside of
[   50.422783][ T2903]  1592-byte region [ffff88802858af08, ffff88802858b540)
[   50.436485][ T2903] The buggy address belongs to the page:
[   50.442181][ T2903] page:ffffea0000a16200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28588
[   50.452311][ T2903] head:ffffea0000a16200 order:3 compound_mapcount:0 compound_pincount:0
[   50.460862][ T2903] memcg:ffff8880102f9501
[   50.465254][ T2903] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   50.473207][ T2903] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff8881427c9dc0
[   50.481846][ T2903] raw: 0000000000000000 0000000080130013 00000001ffffffff ffff8880102f9501
[   50.491371][ T2903] page dumped because: kasan: bad access detected
[   50.497763][ T2903] page_owner tracks the page as allocated
[   50.504231][ T2903] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 2900, ts 49690240092, free_ts 0
[   50.525121][ T2903]  get_page_from_freelist+0x1357/0x2ea0
[   50.530729][ T2903]  __alloc_pages+0x1b2/0x480
[   50.535298][ T2903]  allocate_slab+0x315/0x480
[   50.539856][ T2903]  ___slab_alloc+0x44c/0x710
[   50.544476][ T2903]  __slab_alloc.constprop.0+0x44/0x80
[   50.549911][ T2903]  kmem_cache_alloc+0x350/0x3a0
[   50.554991][ T2903]  ntfs_alloc_inode+0x13/0x60
[   50.559985][ T2903]  alloc_inode+0x59/0x1e0
[   50.564473][ T2903]  iget5_locked+0x3f/0xa0
[   50.571133][ T2903]  ntfs_iget5+0xc3/0x3130
[   50.575452][ T2903]  ntfs_fill_super+0x1347/0x3670
[   50.580466][ T2903]  get_tree_bdev+0x392/0x680
[   50.585228][ T2903]  vfs_get_tree+0x88/0x1c0
[   50.589627][ T2903]  path_mount+0x41e/0x1a00
[   50.594018][ T2903]  __x64_sys_mount+0x1f5/0x260
[   50.598836][ T2903]  do_syscall_64+0x3c/0x90
[   50.603237][ T2903] page_owner free stack trace missing
[   50.608670][ T2903] 
[   50.610969][ T2903] Memory state around the buggy address:
[   50.616566][ T2903]  ffff88802858b400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.624595][ T2903]  ffff88802858b480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.632740][ T2903] >ffff88802858b500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   50.641645][ T2903]                             ^
[   50.646492][ T2903]  ffff88802858b580: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   50.654542][ T2903]  ffff88802858b600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.662780][ T2903] ==================================================================
[   50.670822][ T2903] Disabling lock debugging due to kernel taint
[   50.677413][ T2903] Kernel panic - not syncing: panic_on_warn set ...
[   50.684564][ T2903] Kernel Offset: disabled
[   50.688959][ T2903] Rebooting in 86400 seconds..