Warning: Permanently added '10.128.1.56' (ED25519) to the list of known hosts. 2024/01/29 00:04:32 ignoring optional flag "sandboxArg"="0" 2024/01/29 00:04:32 parsed 1 programs 2024/01/29 00:04:32 executed programs: 0 [ 76.460981][ T1577] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.201026][ T3588] loop1: detected capacity change from 0 to 4096 2024/01/29 00:04:43 executed programs: 5 [ 87.415097][ T3607] loop4: detected capacity change from 0 to 4096 [ 87.490624][ T3621] loop1: detected capacity change from 0 to 4096 [ 87.673283][ T3640] loop3: detected capacity change from 0 to 4096 [ 87.683798][ T3648] loop4: detected capacity change from 0 to 4096 [ 87.841867][ T3653] loop0: detected capacity change from 0 to 4096 [ 87.866066][ T3659] loop1: detected capacity change from 0 to 4096 [ 87.988976][ T3664] loop4: detected capacity change from 0 to 4096 [ 88.004067][ T3667] loop3: detected capacity change from 0 to 4096 [ 88.135164][ T3675] loop2: detected capacity change from 0 to 4096 [ 88.289650][ T3684] loop3: detected capacity change from 0 to 4096 [ 88.317391][ T3687] loop4: detected capacity change from 0 to 4096 [ 88.324705][ T3685] loop1: detected capacity change from 0 to 4096 [ 88.332882][ T3686] loop0: detected capacity change from 0 to 4096 [ 88.350912][ T3689] loop2: detected capacity change from 0 to 4096 [ 88.613381][ T3695] loop3: detected capacity change from 0 to 4096 [ 88.634967][ T3698] loop4: detected capacity change from 0 to 4096 [ 88.665733][ T3704] loop0: detected capacity change from 0 to 4096 [ 88.694978][ T3702] loop1: detected capacity change from 0 to 4096 [ 88.696040][ T3705] loop2: detected capacity change from 0 to 4096 [ 88.895004][ T3713] loop4: detected capacity change from 0 to 4096 [ 89.043576][ T3720] loop3: detected capacity change from 0 to 4096 [ 89.056267][ T3721] loop2: detected capacity change from 0 to 4096 [ 89.073065][ T3715] loop1: detected capacity change from 0 to 4096 [ 89.098548][ T3719] loop0: detected capacity change from 0 to 4096 [ 89.297140][ T3724] loop4: detected capacity change from 0 to 4096 [ 89.434738][ T3734] loop3: detected capacity change from 0 to 4096 [ 89.442613][ T3735] loop0: detected capacity change from 0 to 4096 [ 89.443982][ T3737] loop1: detected capacity change from 0 to 4096 [ 89.458808][ T3733] loop2: detected capacity change from 0 to 4096 [ 89.685898][ T3742] loop4: detected capacity change from 0 to 4096 [ 89.700448][ T3744] loop3: detected capacity change from 0 to 4096 [ 89.761275][ T3748] loop0: detected capacity change from 0 to 4096 [ 89.879116][ T3751] loop2: detected capacity change from 0 to 4096 [ 89.888332][ T3752] loop1: detected capacity change from 0 to 4096 [ 90.033907][ T3757] loop4: detected capacity change from 0 to 4096 [ 90.076747][ T3759] loop3: detected capacity change from 0 to 4096 [ 90.207508][ T3767] loop1: detected capacity change from 0 to 4096 [ 90.213583][ T3765] loop2: detected capacity change from 0 to 4096 [ 90.219504][ T3761] loop0: detected capacity change from 0 to 4096 [ 90.403010][ T3775] loop3: detected capacity change from 0 to 4096 [ 90.426163][ T3771] loop4: detected capacity change from 0 to 4096 [ 90.568819][ T3779] loop1: detected capacity change from 0 to 4096 [ 90.584012][ T3783] loop0: detected capacity change from 0 to 4096 [ 90.675003][ T3787] loop3: detected capacity change from 0 to 4096 [ 90.694578][ T3782] loop2: detected capacity change from 0 to 4096 [ 90.767988][ T3789] loop4: detected capacity change from 0 to 4096 [ 90.926903][ T3793] loop0: detected capacity change from 0 to 4096 [ 90.950785][ T3797] loop1: detected capacity change from 0 to 4096 [ 91.034260][ T3800] loop2: detected capacity change from 0 to 4096 [ 91.139206][ T3803] loop3: detected capacity change from 0 to 4096 [ 91.175406][ T3805] loop4: detected capacity change from 0 to 4096 [ 91.193389][ T3809] ================================================================== [ 91.201755][ T3809] BUG: KASAN: use-after-free in mi_enum_attr+0x365/0x480 [ 91.209007][ T3809] Read of size 4 at addr ffff88800c7d9b45 by task syz-executor.2/3809 [ 91.217324][ T3809] [ 91.219734][ T3809] CPU: 1 PID: 3809 Comm: syz-executor.2 Not tainted 5.16.0-syzkaller #0 [ 91.228289][ T3809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 91.238414][ T3809] Call Trace: [ 91.241859][ T3809] [ 91.244767][ T3809] dump_stack_lvl+0xf4/0x251 [ 91.249335][ T3809] ? fat_msg+0x170/0x170 [ 91.253552][ T3809] ? _printk+0xca/0x10a [ 91.257765][ T3809] ? stack_trace_snprint+0xe0/0xe0 [ 91.262962][ T3809] ? panic+0x42c/0x42c [ 91.267048][ T3809] ? _raw_spin_lock_irqsave+0xd0/0x110 [ 91.272686][ T3809] print_address_description+0x62/0x350 [ 91.278307][ T3809] ? mi_enum_attr+0x365/0x480 [ 91.282997][ T3809] kasan_report+0x16b/0x1c0 [ 91.287473][ T3809] ? mi_enum_attr+0x365/0x480 [ 91.292123][ T3809] mi_enum_attr+0x365/0x480 [ 91.296601][ T3809] mi_find_attr+0x54/0x200 [ 91.301163][ T3809] ni_find_attr+0x46c/0x680 [ 91.305823][ T3809] ? ni_load_mi+0xe0/0xe0 [ 91.310129][ T3809] ntfs_readlink_hlp+0xa2/0x960 [ 91.315220][ T3809] ntfs_get_link+0x68/0xe0 [ 91.319725][ T3809] ? ntfs_evict_inode+0x90/0x90 [ 91.324547][ T3809] pick_link+0x4f2/0xb70 [ 91.328765][ T3809] step_into+0x918/0xc20 [ 91.332978][ T3809] ? set_root+0x520/0x520 [ 91.337277][ T3809] ? dput+0x228/0x270 [ 91.341231][ T3809] path_openat+0x14ed/0x2700 [ 91.345794][ T3809] ? stack_trace_snprint+0xe0/0xe0 [ 91.350879][ T3809] ? kmem_cache_alloc+0x107/0x2a0 [ 91.355963][ T3809] ? do_filp_open+0x400/0x400 [ 91.360615][ T3809] do_filp_open+0x208/0x400 [ 91.365091][ T3809] ? vfs_tmpfile+0x1d0/0x1d0 [ 91.369659][ T3809] ? _raw_spin_unlock+0x24/0x40 [ 91.374481][ T3809] ? alloc_fd+0x3f1/0x490 [ 91.378783][ T3809] do_sys_openat2+0x10b/0x430 [ 91.383532][ T3809] ? do_sys_open+0x1c0/0x1c0 [ 91.388307][ T3809] __x64_sys_open+0x1eb/0x240 [ 91.393097][ T3809] ? get_vtime_delta+0x122/0x180 [ 91.398044][ T3809] ? do_sys_openat2+0x430/0x430 [ 91.402956][ T3809] ? __context_tracking_exit+0x76/0x80 [ 91.408394][ T3809] ? syscall_enter_from_user_mode+0x1d8/0x230 [ 91.414528][ T3809] do_syscall_64+0x45/0xa0 [ 91.419115][ T3809] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 91.425040][ T3809] RIP: 0033:0x7ff7fe900da9 [ 91.429432][ T3809] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 91.449039][ T3809] RSP: 002b:00007ff7fe4620c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 91.457530][ T3809] RAX: ffffffffffffffda RBX: 00007ff7fea30050 RCX: 00007ff7fe900da9 [ 91.465656][ T3809] RDX: 0000000000000065 RSI: 0000000000000080 RDI: 0000000020000440 [ 91.473772][ T3809] RBP: 00007ff7fe94d47a R08: 0000000000000000 R09: 0000000000000000 [ 91.481803][ T3809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.489834][ T3809] R13: 0000000000000006 R14: 00007ff7fea30050 R15: 00007fff5b205b78 [ 91.497867][ T3809] [ 91.500880][ T3809] [ 91.503263][ T3809] Allocated by task 3767: [ 91.507648][ T3809] __kasan_slab_alloc+0xb1/0xf0 [ 91.512648][ T3809] slab_post_alloc_hook+0x54/0x2f0 [ 91.517836][ T3809] kmem_cache_alloc+0x107/0x2a0 [ 91.522851][ T3809] getname_flags+0x9c/0x430 [ 91.527347][ T3809] __x64_sys_renameat+0x9f/0xc0 [ 91.532174][ T3809] do_syscall_64+0x45/0xa0 [ 91.536562][ T3809] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 91.542431][ T3809] [ 91.544817][ T3809] Freed by task 3767: [ 91.548767][ T3809] kasan_set_track+0x4b/0x80 [ 91.553328][ T3809] kasan_set_free_info+0x1f/0x40 [ 91.558342][ T3809] ____kasan_slab_free+0x102/0x140 [ 91.563433][ T3809] slab_free_freelist_hook+0x12c/0x1a0 [ 91.568994][ T3809] kmem_cache_free+0xc8/0x1f0 [ 91.574733][ T3809] do_renameat2+0xfe3/0x1140 [ 91.579293][ T3809] __x64_sys_renameat+0xb3/0xc0 [ 91.584111][ T3809] do_syscall_64+0x45/0xa0 [ 91.588510][ T3809] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 91.594636][ T3809] [ 91.597023][ T3809] The buggy address belongs to the object at ffff88800c7d9100 [ 91.597023][ T3809] which belongs to the cache names_cache of size 4096 [ 91.611567][ T3809] The buggy address is located 2629 bytes inside of [ 91.611567][ T3809] 4096-byte region [ffff88800c7d9100, ffff88800c7da100) [ 91.625564][ T3809] The buggy address belongs to the page: [ 91.631254][ T3809] page:ffffea000031f600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc7d8 [ 91.641384][ T3809] head:ffffea000031f600 order:3 compound_mapcount:0 compound_pincount:0 [ 91.649849][ T3809] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 91.658055][ T3809] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff8881400073c0 [ 91.666787][ T3809] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 91.675623][ T3809] page dumped because: kasan: bad access detected [ 91.682013][ T3809] page_owner tracks the page as allocated [ 91.687902][ T3809] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1088, ts 48990608652, free_ts 48976482592 [ 91.707308][ T3809] get_page_from_freelist+0x3191/0x3340 [ 91.712850][ T3809] __alloc_pages+0x277/0x700 [ 91.717419][ T3809] new_slab+0x9c/0x440 [ 91.721460][ T3809] ___slab_alloc+0x5c1/0xac0 [ 91.726226][ T3809] kmem_cache_alloc+0x19e/0x2a0 [ 91.731047][ T3809] getname_flags+0x9c/0x430 [ 91.735531][ T3809] user_path_at_empty+0x1e/0x140 [ 91.740437][ T3809] vfs_statx+0xe3/0x320 [ 91.744650][ T3809] __se_sys_newfstatat+0xc4/0x730 [ 91.749735][ T3809] do_syscall_64+0x45/0xa0 [ 91.754324][ T3809] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 91.761262][ T3809] page last free stack trace: [ 91.765927][ T3809] free_unref_page_prepare+0xb5f/0xc10 [ 91.771552][ T3809] free_unref_page+0x95/0x280 [ 91.776196][ T3809] __unfreeze_partials+0x1af/0x210 [ 91.781276][ T3809] put_cpu_partial+0xdc/0x120 [ 91.786023][ T3809] ___cache_free+0xe3/0x100 [ 91.790592][ T3809] qlist_free_all+0x36/0x90 [ 91.795238][ T3809] kasan_quarantine_reduce+0x162/0x190 [ 91.800750][ T3809] __kasan_slab_alloc+0x2f/0xf0 [ 91.806098][ T3809] slab_post_alloc_hook+0x54/0x2f0 [ 91.811350][ T3809] __kmalloc+0x130/0x320 [ 91.815688][ T3809] load_elf_binary+0x23a/0x2240 [ 91.820641][ T3809] bprm_execve+0x785/0x1230 [ 91.825124][ T3809] kernel_execve+0x657/0x720 [ 91.829684][ T3809] call_usermodehelper_exec_async+0x1fc/0x310 [ 91.835900][ T3809] ret_from_fork+0x1f/0x30 [ 91.840288][ T3809] [ 91.842585][ T3809] Memory state around the buggy address: [ 91.848387][ T3809] ffff88800c7d9a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.856516][ T3809] ffff88800c7d9a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.864549][ T3809] >ffff88800c7d9b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.872836][ T3809] ^ [ 91.879133][ T3809] ffff88800c7d9b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.887342][ T3809] ffff88800c7d9c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.895374][ T3809] ================================================================== [ 91.903405][ T3809] Disabling lock debugging due to kernel taint [ 91.911015][ T3807] loop0: detected capacity change from 0 to 4096 [ 91.944870][ T3811] loop1: detected capacity change from 0 to 4096 [ 91.970604][ T3809] Kernel panic - not syncing: panic_on_warn set ... [ 91.977405][ T3809] Kernel Offset: disabled [ 91.981808][ T3809] Rebooting in 86400 seconds..