Warning: Permanently added '10.128.1.75' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 48.148154][ T3600] loop0: detected capacity change from 0 to 264192
[ 48.169499][ T3600] ntfs3: loop0: Failed to load $Extend.
[ 48.183413][ T3600] ==================================================================
[ 48.191503][ T3600] BUG: KASAN: use-after-free in hdr_find_e+0x255/0x580
[ 48.198375][ T3600] Read of size 2 at addr ffff8880786eb820 by task syz-executor222/3600
[ 48.206612][ T3600]
[ 48.208937][ T3600] CPU: 0 PID: 3600 Comm: syz-executor222 Not tainted 6.0.0-rc7-syzkaller-00029-g3800a713b607 #0
[ 48.219348][ T3600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 48.229410][ T3600] Call Trace:
[ 48.232852][ T3600]
[ 48.235776][ T3600] dump_stack_lvl+0x1b1/0x28e
[ 48.240489][ T3600] ? fortify_panic+0x13/0x13
[ 48.245056][ T3600] ? __wake_up_klogd+0xcd/0x100
[ 48.249946][ T3600] ? panic+0x715/0x715
[ 48.254007][ T3600] ? _printk+0xc0/0x100
[ 48.258142][ T3600] ? _raw_spin_lock_irqsave+0x8e/0x100
[ 48.263582][ T3600] print_address_description+0x65/0x4b0
[ 48.269108][ T3600] print_report+0x108/0x1f0
[ 48.273592][ T3600] ? hdr_find_e+0x255/0x580
[ 48.278074][ T3600] kasan_report+0xc3/0xf0
[ 48.282394][ T3600] ? hdr_find_e+0x255/0x580
[ 48.286894][ T3600] hdr_find_e+0x255/0x580
[ 48.291214][ T3600] ? indx_update_dup+0x750/0x750
[ 48.296139][ T3600] ? indx_find+0xb20/0xb20
[ 48.300541][ T3600] ? __up_read+0x251/0x690
[ 48.304942][ T3600] ? __lock_acquire+0x1f60/0x1f60
[ 48.309958][ T3600] ? ntfs_write_bh+0x15b/0x7d0
[ 48.314719][ T3600] ? indx_read+0x687/0x880
[ 48.319125][ T3600] indx_find+0x4ff/0xb20
[ 48.323356][ T3600] ? indx_read+0x880/0x880
[ 48.327754][ T3600] ? __mutex_lock_common+0x45f/0x26e0
[ 48.333116][ T3600] ? dir_search_u+0x111/0x320
[ 48.337781][ T3600] ? kmem_cache_alloc_trace+0x97/0x310
[ 48.343225][ T3600] ? dir_search_u+0x111/0x320
[ 48.347888][ T3600] dir_search_u+0x161/0x320
[ 48.352394][ T3600] ? ntfs_nls_to_utf16+0xcb0/0xcb0
[ 48.357494][ T3600] ? ntfs_utf16_to_nls+0x6e0/0x6e0
[ 48.362674][ T3600] ? ntfs_lookup+0x4e/0x1b0
[ 48.367176][ T3600] ? trace_kmem_cache_alloc+0x2d/0xe0
[ 48.372543][ T3600] ? kmem_cache_alloc+0x202/0x310
[ 48.377562][ T3600] ? ntfs_lookup+0x4e/0x1b0
[ 48.382050][ T3600] ntfs_lookup+0x112/0x1b0
[ 48.386468][ T3600] ? ntfs3_get_parent+0x310/0x310
[ 48.391479][ T3600] path_openat+0x10e6/0x2df0
[ 48.396063][ T3600] ? do_filp_open+0x4f0/0x4f0
[ 48.400731][ T3600] do_filp_open+0x264/0x4f0
[ 48.405216][ T3600] ? vfs_tmpfile+0x2e0/0x2e0
[ 48.409806][ T3600] ? do_raw_spin_unlock+0x134/0x8a0
[ 48.414993][ T3600] ? _raw_spin_unlock+0x24/0x40
[ 48.419828][ T3600] ? alloc_fd+0x5ca/0x670
[ 48.424150][ T3600] do_sys_openat2+0x124/0x4e0
[ 48.428812][ T3600] ? read_lock_is_recursive+0x10/0x10
[ 48.434168][ T3600] ? __ct_user_exit+0x81/0xe0
[ 48.438842][ T3600] ? do_sys_open+0x220/0x220
[ 48.443428][ T3600] __x64_sys_openat+0x243/0x290
[ 48.448266][ T3600] ? __ia32_sys_open+0x270/0x270
[ 48.453190][ T3600] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 48.459157][ T3600] ? lockdep_hardirqs_on+0x8d/0x130
[ 48.464343][ T3600] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 48.470397][ T3600] do_syscall_64+0x3d/0xb0
[ 48.474802][ T3600] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.480682][ T3600] RIP: 0033:0x7f6ebc72f029
[ 48.485081][ T3600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 48.504681][ T3600] RSP: 002b:00007ffda4fbe348 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 48.513128][ T3600] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6ebc72f029
[ 48.521086][ T3600] RDX: 000000000000275a RSI: 00000000200001c0 RDI: 00000000ffffff9c
[ 48.529043][ T3600] RBP: 00007f6ebc6ee890 R08: 0000000000000000 R09: 0000000000000000
[ 48.537085][ T3600] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ebc6ee920
[ 48.545058][ T3600] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 48.553020][ T3600]
[ 48.556023][ T3600]
[ 48.558339][ T3600] Allocated by task 3253:
[ 48.562645][ T3600] __kasan_slab_alloc+0xa3/0xd0
[ 48.567487][ T3600] kmem_cache_alloc+0x1a6/0x310
[ 48.572337][ T3600] getname_flags+0xb8/0x4e0
[ 48.576822][ T3600] user_path_at_empty+0x2a/0x1a0
[ 48.581741][ T3600] __x64_sys_statfs+0x106/0x230
[ 48.586572][ T3600] do_syscall_64+0x3d/0xb0
[ 48.590972][ T3600] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.596847][ T3600]
[ 48.599155][ T3600] Freed by task 3253:
[ 48.603114][ T3600] kasan_set_track+0x3d/0x60
[ 48.607687][ T3600] kasan_set_free_info+0x1f/0x40
[ 48.612605][ T3600] ____kasan_slab_free+0xd8/0x120
[ 48.617610][ T3600] slab_free_freelist_hook+0x12e/0x1a0
[ 48.623054][ T3600] kmem_cache_free+0x95/0x1d0
[ 48.627717][ T3600] user_path_at_empty+0x149/0x1a0
[ 48.632723][ T3600] __x64_sys_statfs+0x106/0x230
[ 48.637556][ T3600] do_syscall_64+0x3d/0xb0
[ 48.641956][ T3600] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.647853][ T3600]
[ 48.650159][ T3600] The buggy address belongs to the object at ffff8880786eb300
[ 48.650159][ T3600] which belongs to the cache names_cache of size 4096
[ 48.664279][ T3600] The buggy address is located 1312 bytes inside of
[ 48.664279][ T3600] 4096-byte region [ffff8880786eb300, ffff8880786ec300)
[ 48.677720][ T3600]
[ 48.680041][ T3600] The buggy address belongs to the physical page:
[ 48.686448][ T3600] page:ffffea0001e1ba00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x786e8
[ 48.696586][ T3600] head:ffffea0001e1ba00 order:3 compound_mapcount:0 compound_pincount:0
[ 48.704890][ T3600] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 48.712855][ T3600] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff8880121db500
[ 48.721420][ T3600] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
[ 48.729980][ T3600] page dumped because: kasan: bad access detected
[ 48.736382][ T3600] page_owner tracks the page as allocated
[ 48.742080][ T3600] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3253, tgid 3253 (rm), ts 23835929867, free_ts 23812724158
[ 48.762551][ T3600] get_page_from_freelist+0x742/0x7c0
[ 48.767910][ T3600] __alloc_pages+0x259/0x560
[ 48.772485][ T3600] alloc_slab_page+0x70/0xf0
[ 48.777055][ T3600] allocate_slab+0x5e/0x520
[ 48.781552][ T3600] ___slab_alloc+0x3ee/0xc40
[ 48.786131][ T3600] kmem_cache_alloc+0x25d/0x310
[ 48.790964][ T3600] getname_flags+0xb8/0x4e0
[ 48.795450][ T3600] do_sys_openat2+0xba/0x4e0
[ 48.800024][ T3600] __x64_sys_openat+0x243/0x290
[ 48.804855][ T3600] do_syscall_64+0x3d/0xb0
[ 48.809256][ T3600] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.815134][ T3600] page last free stack trace:
[ 48.819784][ T3600] free_pcp_prepare+0x812/0x900
[ 48.824626][ T3600] free_unref_page+0x7d/0x5f0
[ 48.829284][ T3600] __unfreeze_partials+0x1ab/0x200
[ 48.834385][ T3600] put_cpu_partial+0x106/0x170
[ 48.839135][ T3600] qlist_free_all+0x2b/0x70
[ 48.843619][ T3600] kasan_quarantine_reduce+0x169/0x180
[ 48.849074][ T3600] __kasan_slab_alloc+0x2f/0xd0
[ 48.853909][ T3600] __kmalloc+0x1bd/0x370
[ 48.858135][ T3600] load_elf_binary+0x2eb/0x27c0
[ 48.862971][ T3600] bprm_execve+0x8dc/0x1590
[ 48.867472][ T3600] do_execveat_common+0x59b/0x750
[ 48.872509][ T3600] __x64_sys_execve+0x8e/0xa0
[ 48.877183][ T3600] do_syscall_64+0x3d/0xb0
[ 48.881600][ T3600] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.887481][ T3600]
[ 48.889785][ T3600] Memory state around the buggy address:
[ 48.895395][ T3600] ffff8880786eb700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.903437][ T3600] ffff8880786eb780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.911480][ T3600] >ffff8880786eb800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.919518][ T3600] ^
[ 48.924607][ T3600] ffff8880786eb880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.932652][ T3600] ffff8880786eb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.940690][ T3600] ==================================================================
[ 48.949372][ T3600] Kernel panic - not syncing: panic_on_warn set ...
[ 48.955962][ T3600] CPU: 0 PID: 3600 Comm: syz-executor222 Not tainted 6.0.0-rc7-syzkaller-00029-g3800a713b607 #0
[ 48.966365][ T3600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 48.976489][ T3600] Call Trace:
[ 48.979752][ T3600]
[ 48.982668][ T3600] dump_stack_lvl+0x1b1/0x28e
[ 48.987337][ T3600] ? fortify_panic+0x13/0x13
[ 48.991912][ T3600] ? panic+0x715/0x715
[ 48.995965][ T3600] ? preempt_schedule_common+0xb7/0xe0
[ 49.001412][ T3600] ? vscnprintf+0x59/0x80
[ 49.005725][ T3600] panic+0x2d6/0x715
[ 49.009611][ T3600] ? fb_is_primary_device+0xcc/0xcc
[ 49.014791][ T3600] ? _raw_spin_unlock_irqrestore+0x110/0x120
[ 49.020756][ T3600] ? print_report+0x1b4/0x1f0
[ 49.025420][ T3600] ? hdr_find_e+0x255/0x580
[ 49.029906][ T3600] end_report+0x91/0xa0
[ 49.034048][ T3600] kasan_report+0xd0/0xf0
[ 49.038364][ T3600] ? hdr_find_e+0x255/0x580
[ 49.042853][ T3600] hdr_find_e+0x255/0x580
[ 49.047169][ T3600] ? indx_update_dup+0x750/0x750
[ 49.052104][ T3600] ? indx_find+0xb20/0xb20
[ 49.056505][ T3600] ? __up_read+0x251/0x690
[ 49.060903][ T3600] ? __lock_acquire+0x1f60/0x1f60
[ 49.065911][ T3600] ? ntfs_write_bh+0x15b/0x7d0
[ 49.070662][ T3600] ? indx_read+0x687/0x880
[ 49.075078][ T3600] indx_find+0x4ff/0xb20
[ 49.079304][ T3600] ? indx_read+0x880/0x880
[ 49.083709][ T3600] ? __mutex_lock_common+0x45f/0x26e0
[ 49.089066][ T3600] ? dir_search_u+0x111/0x320
[ 49.093728][ T3600] ? kmem_cache_alloc_trace+0x97/0x310
[ 49.099172][ T3600] ? dir_search_u+0x111/0x320
[ 49.103835][ T3600] dir_search_u+0x161/0x320
[ 49.108339][ T3600] ? ntfs_nls_to_utf16+0xcb0/0xcb0
[ 49.113434][ T3600] ? ntfs_utf16_to_nls+0x6e0/0x6e0
[ 49.118530][ T3600] ? ntfs_lookup+0x4e/0x1b0
[ 49.123115][ T3600] ? trace_kmem_cache_alloc+0x2d/0xe0
[ 49.128471][ T3600] ? kmem_cache_alloc+0x202/0x310
[ 49.133491][ T3600] ? ntfs_lookup+0x4e/0x1b0
[ 49.137978][ T3600] ntfs_lookup+0x112/0x1b0
[ 49.142377][ T3600] ? ntfs3_get_parent+0x310/0x310
[ 49.147385][ T3600] path_openat+0x10e6/0x2df0
[ 49.151972][ T3600] ? do_filp_open+0x4f0/0x4f0
[ 49.156637][ T3600] do_filp_open+0x264/0x4f0
[ 49.161122][ T3600] ? vfs_tmpfile+0x2e0/0x2e0
[ 49.165700][ T3600] ? do_raw_spin_unlock+0x134/0x8a0
[ 49.170887][ T3600] ? _raw_spin_unlock+0x24/0x40
[ 49.175723][ T3600] ? alloc_fd+0x5ca/0x670
[ 49.180052][ T3600] do_sys_openat2+0x124/0x4e0
[ 49.184724][ T3600] ? read_lock_is_recursive+0x10/0x10
[ 49.190090][ T3600] ? __ct_user_exit+0x81/0xe0
[ 49.194763][ T3600] ? do_sys_open+0x220/0x220
[ 49.199340][ T3600] __x64_sys_openat+0x243/0x290
[ 49.204173][ T3600] ? __ia32_sys_open+0x270/0x270
[ 49.209094][ T3600] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 49.215058][ T3600] ? lockdep_hardirqs_on+0x8d/0x130
[ 49.220243][ T3600] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 49.226205][ T3600] do_syscall_64+0x3d/0xb0
[ 49.230605][ T3600] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.236486][ T3600] RIP: 0033:0x7f6ebc72f029
[ 49.240886][ T3600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.260476][ T3600] RSP: 002b:00007ffda4fbe348 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 49.268872][ T3600] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6ebc72f029
[ 49.276827][ T3600] RDX: 000000000000275a RSI: 00000000200001c0 RDI: 00000000ffffff9c
[ 49.284780][ T3600] RBP: 00007f6ebc6ee890 R08: 0000000000000000 R09: 0000000000000000
[ 49.292738][ T3600] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ebc6ee920
[ 49.300699][ T3600] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 49.308671][ T3600]
[ 49.311830][ T3600] Kernel Offset: disabled
[ 49.316141][ T3600] Rebooting in 86400 seconds..