Warning: Permanently added '10.128.1.201' (ED25519) to the list of known hosts.
2024/08/12 19:03:04 ignoring optional flag "sandboxArg"="0"
2024/08/12 19:03:04 parsed 1 programs
2024/08/12 19:03:04 executed programs: 0
[   47.572145][ T2177] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   51.187408][ T2595] loop0: detected capacity change from 0 to 4096
[   51.217060][ T2595] ntfs3: loop0: ino=22, "file0" ntfs_rename
[   51.266441][ T2598] loop0: detected capacity change from 0 to 4096
[   51.289712][ T2598] ==================================================================
[   51.297791][ T2598] BUG: KASAN: slab-use-after-free in __list_add_valid_or_report+0x4c/0xf0
[   51.306286][ T2598] Read of size 8 at addr ffff8880481cfb20 by task syz-executor.0/2598
[   51.314506][ T2598] 
[   51.316836][ T2598] CPU: 1 UID: 0 PID: 2598 Comm: syz-executor.0 Not tainted 6.11.0-rc3-syzkaller #0
[   51.326105][ T2598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   51.336235][ T2598] Call Trace:
[   51.339498][ T2598]  <TASK>
[   51.341611][ T2599] ntfs3: loop0: ino=22, "file0" ntfs_rename
[   51.342504][ T2598]  dump_stack_lvl+0x108/0x280
[   51.353183][ T2598]  ? __pfx_dump_stack_lvl+0x10/0x10
[   51.358379][ T2598]  ? __pfx__printk+0x10/0x10
[   51.362940][ T2598]  ? _printk+0xce/0x120
[   51.367072][ T2598]  ? __virt_addr_valid+0x141/0x270
[   51.372187][ T2598]  ? __virt_addr_valid+0x229/0x270
[   51.377271][ T2598]  print_report+0x169/0x550
[   51.381752][ T2598]  ? __virt_addr_valid+0x141/0x270
[   51.386843][ T2598]  ? __virt_addr_valid+0x229/0x270
[   51.391938][ T2598]  ? __list_add_valid_or_report+0x4c/0xf0
[   51.397860][ T2598]  kasan_report+0x143/0x180
[   51.402458][ T2598]  ? __list_add_valid_or_report+0x4c/0xf0
[   51.408199][ T2598]  __list_add_valid_or_report+0x4c/0xf0
[   51.413716][ T2598]  chrdev_open+0x2db/0x580
[   51.418102][ T2598]  ? __pfx_chrdev_open+0x10/0x10
[   51.423096][ T2598]  ? do_raw_spin_unlock+0x13c/0x8b0
[   51.428276][ T2598]  do_dentry_open+0x6e1/0x1090
[   51.433013][ T2598]  ? __pfx_chrdev_open+0x10/0x10
[   51.437920][ T2598]  vfs_open+0x36/0x290
[   51.441960][ T2598]  path_openat+0x21bf/0x2870
[   51.446549][ T2598]  ? __pfx_stack_trace_save+0x10/0x10
[   51.451895][ T2598]  ? stack_depot_save_flags+0x2c/0x6c0
[   51.457322][ T2598]  ? __pfx_path_openat+0x10/0x10
[   51.462229][ T2598]  ? __lock_acquire+0x61d/0xc60
[   51.467051][ T2598]  do_filp_open+0x22b/0x440
[   51.471533][ T2598]  ? __pfx_do_filp_open+0x10/0x10
[   51.476556][ T2598]  ? _raw_spin_unlock+0x28/0x50
[   51.481400][ T2598]  ? alloc_fd+0x3dd/0x480
[   51.485705][ T2598]  do_sys_openat2+0xf6/0x180
[   51.490276][ T2598]  ? __pfx_do_sys_openat2+0x10/0x10
[   51.495459][ T2598]  ? rcu_is_watching+0x1f/0xa0
[   51.500400][ T2598]  ? __rseq_handle_notify_resume+0x86e/0xe60
[   51.506369][ T2598]  __x64_sys_openat+0x20d/0x260
[   51.511203][ T2598]  ? __pfx___x64_sys_openat+0x10/0x10
[   51.516587][ T2598]  ? switch_fpu_return+0xce/0x140
[   51.521582][ T2598]  do_syscall_64+0x8d/0x170
[   51.526056][ T2598]  ? clear_bhb_loop+0x55/0xb0
[   51.530787][ T2598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.536820][ T2598] RIP: 0033:0x7f3f6c27dea9
[   51.541302][ T2598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   51.560967][ T2598] RSP: 002b:00007f3f6d06d0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   51.569448][ T2598] RAX: ffffffffffffffda RBX: 00007f3f6c3abf80 RCX: 00007f3f6c27dea9
[   51.577393][ T2598] RDX: 0000000000000000 RSI: 0000000020002140 RDI: ffffffffffffff9c
[   51.585335][ T2598] RBP: 00007f3f6c2ca4a4 R08: 0000000000000000 R09: 0000000000000000
[   51.593308][ T2598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   51.601251][ T2598] R13: 0000000000000016 R14: 00007f3f6c3abf80 R15: 00007ffdc864e438
[   51.609195][ T2598]  </TASK>
[   51.612191][ T2598] 
[   51.614493][ T2598] Allocated by task 2595:
[   51.618788][ T2598]  kasan_save_track+0x3f/0x80
[   51.623439][ T2598]  __kasan_slab_alloc+0x66/0x80
[   51.628256][ T2598]  kmem_cache_alloc_lru_noprof+0x135/0x360
[   51.634031][ T2598]  ntfs_alloc_inode+0x20/0x70
[   51.638674][ T2598]  new_inode+0x60/0x2a0
[   51.642795][ T2598]  ntfs_new_inode+0x40/0xd0
[   51.647291][ T2598]  ntfs_create_inode+0x4fd/0x3100
[   51.652452][ T2598]  ntfs_mknod+0x17/0x20
[   51.656601][ T2598]  vfs_mknod+0x26c/0x290
[   51.660820][ T2598]  do_mknodat+0x382/0x4a0
[   51.665117][ T2598]  __x64_sys_mknodat+0xa2/0xc0
[   51.669851][ T2598]  do_syscall_64+0x8d/0x170
[   51.674496][ T2598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.680364][ T2598] 
[   51.682660][ T2598] Freed by task 23:
[   51.686447][ T2598]  kasan_save_track+0x3f/0x80
[   51.691092][ T2598]  kasan_save_free_info+0x40/0x50
[   51.696084][ T2598]  poison_slab_object+0xe0/0x150
[   51.701079][ T2598]  __kasan_slab_free+0x37/0x60
[   51.705805][ T2598]  kmem_cache_free+0x12c/0x3b0
[   51.710533][ T2598]  rcu_core+0xc3c/0x1470
[   51.714743][ T2598]  handle_softirqs+0x1b7/0x570
[   51.719469][ T2598]  run_ksoftirqd+0x28/0x40
[   51.723853][ T2598]  smpboot_thread_fn+0x578/0x7f0
[   51.728754][ T2598]  kthread+0x268/0x2c0
[   51.732930][ T2598]  ret_from_fork+0x32/0x60
[   51.737443][ T2598]  ret_from_fork_asm+0x1a/0x30
[   51.742169][ T2598] 
[   51.744564][ T2598] Last potentially related work creation:
[   51.750252][ T2598]  kasan_save_stack+0x3f/0x60
[   51.754899][ T2598]  __kasan_record_aux_stack+0xac/0xc0
[   51.760240][ T2598]  call_rcu+0x159/0x8e0
[   51.764451][ T2598]  __dentry_kill+0x196/0x5b0
[   51.769121][ T2598]  shrink_kill+0x29/0xa0
[   51.773331][ T2598]  shrink_dentry_list+0x1b5/0x410
[   51.778333][ T2598]  shrink_dcache_parent+0xb6/0x2a0
[   51.783419][ T2598]  do_one_tree+0x1b/0xd0
[   51.787637][ T2598]  shrink_dcache_for_umount+0x85/0x120
[   51.793062][ T2598]  generic_shutdown_super+0x63/0x260
[   51.798318][ T2598]  kill_block_super+0x3f/0x80
[   51.802963][ T2598]  ntfs3_kill_sb+0x3f/0x1a0
[   51.807695][ T2598]  deactivate_locked_super+0x9f/0x3a0
[   51.813040][ T2598]  cleanup_mnt+0x29f/0x320
[   51.817425][ T2598]  task_work_run+0x20f/0x290
[   51.821982][ T2598]  syscall_exit_to_user_mode+0xb5/0x1d0
[   51.827602][ T2598]  do_syscall_64+0x9a/0x170
[   51.832107][ T2598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.837981][ T2598] 
[   51.840288][ T2598] The buggy address belongs to the object at ffff8880481cf480
[   51.840288][ T2598]  which belongs to the cache ntfs_inode_cache of size 1736
[   51.854918][ T2598] The buggy address is located 1696 bytes inside of
[   51.854918][ T2598]  freed 1736-byte region [ffff8880481cf480, ffff8880481cfb48)
[   51.868853][ T2598] 
[   51.871146][ T2598] The buggy address belongs to the physical page:
[   51.878140][ T2598] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x481c8
[   51.886870][ T2598] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   51.895380][ T2598] memcg:ffff88800ceb0e01
[   51.899587][ T2598] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   51.907102][ T2598] page_type: 0xfdffffff(slab)
[   51.911771][ T2598] raw: 00fff00000000040 ffff88800b779780 dead000000000122 0000000000000000
[   51.920351][ T2598] raw: 0000000000000000 0000000000110011 00000001fdffffff ffff88800ceb0e01
[   51.928931][ T2598] head: 00fff00000000040 ffff88800b779780 dead000000000122 0000000000000000
[   51.937613][ T2598] head: 0000000000000000 0000000000110011 00000001fdffffff ffff88800ceb0e01
[   51.946339][ T2598] head: 00fff00000000003 ffffea0001207201 ffffffffffffffff 0000000000000000
[   51.954986][ T2598] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   51.963815][ T2598] page dumped because: kasan: bad access detected
[   51.970217][ T2598] page_owner tracks the page as allocated
[   51.975935][ T2598] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 2595, tgid 2594 (syz-executor.0), ts 51196483292, free_ts 5580701083
[   51.999781][ T2598]  post_alloc_hook+0x10f/0x130
[   52.004519][ T2598]  get_page_from_freelist+0x2c48/0x2d00
[   52.010040][ T2598]  __alloc_pages_noprof+0x256/0x670
[   52.015206][ T2598]  alloc_slab_page+0x5f/0x120
[   52.019851][ T2598]  allocate_slab+0x5d/0x290
[   52.024322][ T2598]  ___slab_alloc+0xa7f/0x11d0
[   52.028964][ T2598]  kmem_cache_alloc_lru_noprof+0x1f6/0x360
[   52.034759][ T2598]  ntfs_alloc_inode+0x20/0x70
[   52.039413][ T2598]  iget5_locked+0x89/0x1f0
[   52.043976][ T2598]  ntfs_iget5+0xcb/0x3130
[   52.048273][ T2598]  ntfs_fill_super+0x1f5e/0x3ce0
[   52.053183][ T2598]  get_tree_bdev+0x399/0x590
[   52.057742][ T2598]  vfs_get_tree+0x82/0x190
[   52.062134][ T2598]  do_new_mount+0x21e/0x9b0
[   52.066605][ T2598]  __se_sys_mount+0x23c/0x2d0
[   52.071282][ T2598]  do_syscall_64+0x8d/0x170
[   52.075964][ T2598] page last free pid 1 tgid 1 stack trace:
[   52.081850][ T2598]  free_unref_page+0xb6f/0xca0
[   52.086602][ T2598]  free_contig_range+0x91/0x140
[   52.091598][ T2598]  destroy_args+0x72/0x6e0
[   52.095993][ T2598]  debug_vm_pgtable+0x3c2/0x5e0
[   52.100814][ T2598]  do_one_initcall+0x196/0x4d0
[   52.105557][ T2598]  do_initcall_level+0x11e/0x1e0
[   52.110467][ T2598]  do_initcalls+0x3e/0x70
[   52.114763][ T2598]  kernel_init_freeable+0x36a/0x4c0
[   52.119928][ T2598]  kernel_init+0x18/0x1b0
[   52.124226][ T2598]  ret_from_fork+0x32/0x60
[   52.128607][ T2598]  ret_from_fork_asm+0x1a/0x30
[   52.133358][ T2598] 
[   52.135652][ T2598] Memory state around the buggy address:
[   52.141248][ T2598]  ffff8880481cfa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.149476][ T2598]  ffff8880481cfa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.157526][ T2598] >ffff8880481cfb00: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   52.165567][ T2598]                                ^
[   52.170679][ T2598]  ffff8880481cfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.178805][ T2598]  ffff8880481cfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.186854][ T2598] ==================================================================
[   52.195125][ T2598] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   52.202576][ T2598] Kernel Offset: disabled
[   52.206908][ T2598] Rebooting in 86400 seconds..