ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
------------[ cut here ]------------
virt_to_phys used for non-linear address: 000000007f72f6e1 (0xdead4ead00000000)
WARNING: CPU: 1 PID: 3961 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
Modules linked in:
CPU: 1 PID: 3961 Comm: syz-executor152 Not tainted 5.15.111-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
lr : __virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
sp : ffff80001a177470
x29: ffff80001a177470 x28: 1fffe0001be81433 x27: dfff800000000000
x26: 1fffe0001be81431 x25: dfff800000000000 x24: ffff800011d7fb00
x23: ffff800016ebf000 x22: ffff800016ebf000 x21: 0000600000000000
x20: dead4ead00000000 x19: deae4ead00000000 x18: 0000000000000001
x17: ff808000083359dc x16: ffff800011948074 x15: ffff8000083359dc
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000832c484 x10: 0000000000000000 x9 : e61a3def619cd400
x8 : e61a3def619cd400 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001a176bd8 x4 : ffff8000149afce0 x3 : ffff80000854d4e0
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000004f
Call trace:
__virt_to_phys+0x114/0x15c arch/arm64/mm/physaddr.c:12
virt_to_head_page include/linux/mm.h:900 [inline]
kfree+0xd4/0x410 mm/slub.c:4554
kvfree+0x40/0x50 mm/util.c:654
run_close fs/ntfs3/ntfs_fs.h:930 [inline]
indx_clear+0x44/0x94 fs/ntfs3/index.c:821
ni_clear+0x1c4/0x390 fs/ntfs3/frecord.c:120
ntfs_evict_inode+0x90/0xc8 fs/ntfs3/inode.c:1780
evict+0x260/0x68c fs/inode.c:587
iput_final fs/inode.c:1663 [inline]
iput+0x744/0x824 fs/inode.c:1689
ntfs_loadlog_and_replay+0x248/0x448 fs/ntfs3/fsntfs.c:301
ntfs_fill_super+0x1a58/0x33ec fs/ntfs3/super.c:1013
get_tree_bdev+0x360/0x54c fs/super.c:1303
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1354
vfs_get_tree+0x90/0x274 fs/super.c:1508
do_new_mount+0x25c/0x8c8 fs/namespace.c:2994
path_mount+0x590/0x104c fs/namespace.c:3324
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount fs/namespace.c:3522 [inline]
__arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3522
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 25608
hardirqs last enabled at (25607): [<ffff80000832a61c>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (25608): [<ffff800011943708>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (24966): [<ffff800008020ccc>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (24966): [<ffff800008020ccc>] __do_softirq+0xb5c/0xe20 kernel/softirq.c:587
softirqs last disabled at (24951): [<ffff8000081b573c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (24951): [<ffff8000081b573c>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (24951): [<ffff8000081b573c>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:636
---[ end trace 359e002bd8e56e53 ]---
Unable to handle kernel paging request at virtual address 007ab33ab9c38008
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
[007ab33ab9c38008] address between user and kernel address ranges
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3961 Comm: syz-executor152 Tainted: G W 5.15.111-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : _compound_head include/linux/page-flags.h:196 [inline]
pc : virt_to_head_page include/linux/mm.h:902 [inline]
pc : kfree+0xe8/0x410 mm/slub.c:4554
lr : virt_to_head_page include/linux/mm.h:900 [inline]
lr : kfree+0xd4/0x410 mm/slub.c:4554
sp : ffff80001a1774a0
x29: ffff80001a1774d0 x28: 1fffe0001be81433 x27: dfff800000000000
x26: 1fffe0001be81431 x25: dfff800000000000 x24: ffff800011d7fb00
x23: ffff800016ebf000 x22: ffff0000df40a0a8 x21: ffff80000875e5c8
x20: 037ab33ab9c38000 x19: dead4ead00000000 x18: 0000000000000001
x17: ff808000083359dc x16: ffff800011948074 x15: ffff8000083359dc
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800008096268 x10: 0000000000000000 x9 : 037ab73ab9c38000
x8 : fffffc0000000000 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001a176bd8 x4 : ffff8000149afce0 x3 : ffff80000854d4e0
x2 : 0000000000000001 x1 : 0000600000000000 x0 : deadceaeb0e00000
Call trace:
virt_to_head_page include/linux/mm.h:900 [inline]
kfree+0xe8/0x410 mm/slub.c:4554
kvfree+0x40/0x50 mm/util.c:654
run_close fs/ntfs3/ntfs_fs.h:930 [inline]
indx_clear+0x44/0x94 fs/ntfs3/index.c:821
ni_clear+0x1c4/0x390 fs/ntfs3/frecord.c:120
ntfs_evict_inode+0x90/0xc8 fs/ntfs3/inode.c:1780
evict+0x260/0x68c fs/inode.c:587
iput_final fs/inode.c:1663 [inline]
iput+0x744/0x824 fs/inode.c:1689
ntfs_loadlog_and_replay+0x248/0x448 fs/ntfs3/fsntfs.c:301
ntfs_fill_super+0x1a58/0x33ec fs/ntfs3/super.c:1013
get_tree_bdev+0x360/0x54c fs/super.c:1303
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1354
vfs_get_tree+0x90/0x274 fs/super.c:1508
do_new_mount+0x25c/0x8c8 fs/namespace.c:2994
path_mount+0x590/0x104c fs/namespace.c:3324
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount fs/namespace.c:3522 [inline]
__arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3522
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: b25657e8 927acd29 cb141929 8b080134 (f9400688)
---[ end trace 359e002bd8e56e54 ]---
----------------
Code disassembly (best guess):
0: b25657e8 mov x8, #0xfffffc0000000000 // #-4398046511104
4: 927acd29 and x9, x9, #0x3ffffffffffffc0
8: cb141929 sub x9, x9, x20, lsl #6
c: 8b080134 add x20, x9, x8
* 10: f9400688 ldr x8, [x20, #8] <-- trapping instruction