forked to background, child pid 3182
no interfaces have a carri[ 18.654124][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0
er
[ 18.665407][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 34.276760][ T3596] loop0: detected capacity change from 0 to 4096
[ 34.283954][ T3596] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512)
[ 34.293275][ T3596] ==================================================================
[ 34.301407][ T3596] BUG: KASAN: use-after-free in run_unpack+0x8b7/0x970
[ 34.308261][ T3596] Read of size 1 at addr ffff88802038af00 by task syz-executor391/3596
[ 34.316471][ T3596]
[ 34.318772][ T3596] CPU: 0 PID: 3596 Comm: syz-executor391 Not tainted 6.0.0-syzkaller-07994-ge8bc52cb8df8 #0
[ 34.328810][ T3596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 34.338844][ T3596] Call Trace:
[ 34.342101][ T3596]
[ 34.345016][ T3596] dump_stack_lvl+0xcd/0x134
[ 34.349590][ T3596] print_report.cold+0x2ba/0x719
[ 34.354535][ T3596] ? run_unpack+0x8b7/0x970
[ 34.359043][ T3596] kasan_report+0xb1/0x1e0
[ 34.363446][ T3596] ? run_unpack+0x8b7/0x970
[ 34.367956][ T3596] run_unpack+0x8b7/0x970
[ 34.372287][ T3596] ? run_pack+0x1100/0x1100
[ 34.376792][ T3596] ? ntfs_bread_run+0x310/0x310
[ 34.381652][ T3596] ? kfree+0x1fb/0x580
[ 34.385721][ T3596] run_unpack_ex+0xb0/0x7c0
[ 34.390226][ T3596] ? mi_enum_attr+0x34f/0x630
[ 34.395061][ T3596] ? ni_enum_attr_ex+0x281/0x400
[ 34.399983][ T3596] ? run_unpack+0x970/0x970
[ 34.404467][ T3596] ? ni_fname_type.part.0+0x1e0/0x1e0
[ 34.409821][ T3596] ? mi_read+0x27f/0x5b0
[ 34.414063][ T3596] ntfs_iget5+0xc20/0x3280
[ 34.418480][ T3596] ? ntfs_write_end+0x800/0x800
[ 34.423330][ T3596] ntfs_loadlog_and_replay+0x124/0x5d0
[ 34.428775][ T3596] ? ntfs_write_end+0x800/0x800
[ 34.433624][ T3596] ? ntfs_bio_fill_1+0xa10/0xa10
[ 34.438563][ T3596] ? destroy_inode+0xc4/0x1b0
[ 34.443245][ T3596] ? iput.part.0+0x55d/0x810
[ 34.447910][ T3596] ntfs_fill_super+0x1eff/0x37f0
[ 34.452834][ T3596] ? put_ntfs+0x330/0x330
[ 34.457166][ T3596] ? set_blocksize+0x2e5/0x370
[ 34.461935][ T3596] get_tree_bdev+0x440/0x760
[ 34.466511][ T3596] ? put_ntfs+0x330/0x330
[ 34.470843][ T3596] vfs_get_tree+0x89/0x2f0
[ 34.475244][ T3596] path_mount+0x1326/0x1e20
[ 34.479909][ T3596] ? kmem_cache_free+0xeb/0x5b0
[ 34.484759][ T3596] ? finish_automount+0x960/0x960
[ 34.489787][ T3596] ? putname+0xfe/0x140
[ 34.493926][ T3596] __x64_sys_mount+0x27f/0x300
[ 34.498678][ T3596] ? copy_mnt_ns+0xae0/0xae0
[ 34.503364][ T3596] ? trace_hardirqs_on+0x2d/0x120
[ 34.508388][ T3596] do_syscall_64+0x35/0xb0
[ 34.512793][ T3596] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 34.518673][ T3596] RIP: 0033:0x7fe50e8e568a
[ 34.523274][ T3596] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 34.542863][ T3596] RSP: 002b:00007fff7da0bda8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 34.551261][ T3596] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe50e8e568a
[ 34.559211][ T3596] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff7da0bdc0
[ 34.567161][ T3596] RBP: 00007fff7da0bdc0 R08: 00007fff7da0be00 R09: 0000555556a132c0
[ 34.575110][ T3596] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 34.583065][ T3596] R13: 00007fff7da0be00 R14: 000000000000010c R15: 0000000020001b20
[ 34.591284][ T3596]
[ 34.594281][ T3596]
[ 34.596584][ T3596] Allocated by task 3575:
[ 34.600892][ T3596] kasan_save_stack+0x1e/0x40
[ 34.605557][ T3596] __kasan_kmalloc+0xa9/0xd0
[ 34.610133][ T3596] tomoyo_realpath_from_path+0xbf/0x600
[ 34.615669][ T3596] tomoyo_path_perm+0x21b/0x400
[ 34.620507][ T3596] security_inode_getattr+0xcf/0x140
[ 34.625794][ T3596] vfs_statx+0x16e/0x430
[ 34.630118][ T3596] vfs_fstatat+0x8c/0xb0
[ 34.634421][ T3596] __do_sys_newfstatat+0x94/0x120
[ 34.639425][ T3596] do_syscall_64+0x35/0xb0
[ 34.643823][ T3596] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 34.649719][ T3596]
[ 34.652019][ T3596] Freed by task 3575:
[ 34.655974][ T3596] kasan_save_stack+0x1e/0x40
[ 34.660632][ T3596] kasan_set_track+0x21/0x30
[ 34.665205][ T3596] kasan_set_free_info+0x20/0x30
[ 34.670131][ T3596] ____kasan_slab_free+0x166/0x1c0
[ 34.675224][ T3596] slab_free_freelist_hook+0x8b/0x1c0
[ 34.680588][ T3596] kfree+0xe2/0x580
[ 34.684374][ T3596] tomoyo_realpath_from_path+0x18c/0x600
[ 34.690003][ T3596] tomoyo_path_perm+0x21b/0x400
[ 34.695102][ T3596] security_inode_getattr+0xcf/0x140
[ 34.700372][ T3596] vfs_statx+0x16e/0x430
[ 34.704590][ T3596] vfs_fstatat+0x8c/0xb0
[ 34.708809][ T3596] __do_sys_newfstatat+0x94/0x120
[ 34.713810][ T3596] do_syscall_64+0x35/0xb0
[ 34.718209][ T3596] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 34.724081][ T3596]
[ 34.726452][ T3596] The buggy address belongs to the object at ffff88802038a000
[ 34.726452][ T3596] which belongs to the cache kmalloc-4k of size 4096
[ 34.740496][ T3596] The buggy address is located 3840 bytes inside of
[ 34.740496][ T3596] 4096-byte region [ffff88802038a000, ffff88802038b000)
[ 34.754008][ T3596]
[ 34.756310][ T3596] The buggy address belongs to the physical page:
[ 34.762693][ T3596] page:ffffea000080e200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20388
[ 34.772819][ T3596] head:ffffea000080e200 order:3 compound_mapcount:0 compound_pincount:0
[ 34.781117][ T3596] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 34.789076][ T3596] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888011842140
[ 34.797637][ T3596] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 34.806196][ T3596] page dumped because: kasan: bad access detected
[ 34.812595][ T3596] page_owner tracks the page as allocated
[ 34.818282][ T3596] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 6644107682, free_ts 0
[ 34.837876][ T3596] get_page_from_freelist+0x109b/0x2ce0
[ 34.843433][ T3596] __alloc_pages+0x1c7/0x510
[ 34.848008][ T3596] alloc_page_interleave+0x1e/0x200
[ 34.853186][ T3596] alloc_pages+0x22f/0x270
[ 34.857585][ T3596] allocate_slab+0x27e/0x3d0
[ 34.862151][ T3596] ___slab_alloc+0x84f/0xe80
[ 34.866719][ T3596] __slab_alloc.constprop.0+0x4d/0xa0
[ 34.872067][ T3596] __kmalloc+0x32b/0x340
[ 34.876287][ T3596] wpan_phy_new+0x23/0x290
[ 34.880685][ T3596] ieee802154_alloc_hw+0x11b/0x7a0
[ 34.885777][ T3596] hwsim_add_one+0x9b/0x12e0
[ 34.890609][ T3596] hwsim_probe+0x48/0x120
[ 34.895360][ T3596] platform_probe+0xfc/0x1f0
[ 34.900106][ T3596] really_probe+0x249/0xb90
[ 34.904764][ T3596] __driver_probe_device+0x1df/0x4d0
[ 34.910119][ T3596] driver_probe_device+0x4c/0x1a0
[ 34.915209][ T3596] page_owner free stack trace missing
[ 34.920769][ T3596]
[ 34.923067][ T3596] Memory state around the buggy address:
[ 34.928843][ T3596] ffff88802038ae00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.936878][ T3596] ffff88802038ae80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.944915][ T3596] >ffff88802038af00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.952947][ T3596] ^
[ 34.957073][ T3596] ffff88802038af80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 34.965108][ T3596] ffff88802038b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 34.973141][ T3596] ==================================================================
[ 34.982054][ T3596] Kernel panic - not syncing: panic_on_warn set ...
[ 34.988648][ T3596] CPU: 1 PID: 3596 Comm: syz-executor391 Not tainted 6.0.0-syzkaller-07994-ge8bc52cb8df8 #0
[ 34.998917][ T3596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 35.009139][ T3596] Call Trace:
[ 35.012400][ T3596]
[ 35.015309][ T3596] dump_stack_lvl+0xcd/0x134
[ 35.019895][ T3596] panic+0x2c8/0x622
[ 35.023774][ T3596] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 35.029737][ T3596] ? preempt_schedule_common+0x59/0xc0
[ 35.035200][ T3596] ? preempt_schedule_thunk+0x16/0x18
[ 35.040561][ T3596] ? run_unpack+0x8b7/0x970
[ 35.045049][ T3596] end_report.part.0+0x3f/0x7c
[ 35.049803][ T3596] kasan_report.cold+0xa/0xf
[ 35.054465][ T3596] ? run_unpack+0x8b7/0x970
[ 35.058951][ T3596] run_unpack+0x8b7/0x970
[ 35.063263][ T3596] ? run_pack+0x1100/0x1100
[ 35.067749][ T3596] ? ntfs_bread_run+0x310/0x310
[ 35.072584][ T3596] ? kfree+0x1fb/0x580
[ 35.076634][ T3596] run_unpack_ex+0xb0/0x7c0
[ 35.081122][ T3596] ? mi_enum_attr+0x34f/0x630
[ 35.085779][ T3596] ? ni_enum_attr_ex+0x281/0x400
[ 35.090703][ T3596] ? run_unpack+0x970/0x970
[ 35.095189][ T3596] ? ni_fname_type.part.0+0x1e0/0x1e0
[ 35.100547][ T3596] ? mi_read+0x27f/0x5b0
[ 35.104947][ T3596] ntfs_iget5+0xc20/0x3280
[ 35.109346][ T3596] ? ntfs_write_end+0x800/0x800
[ 35.114174][ T3596] ntfs_loadlog_and_replay+0x124/0x5d0
[ 35.119618][ T3596] ? ntfs_write_end+0x800/0x800
[ 35.124447][ T3596] ? ntfs_bio_fill_1+0xa10/0xa10
[ 35.129367][ T3596] ? destroy_inode+0xc4/0x1b0
[ 35.134026][ T3596] ? iput.part.0+0x55d/0x810
[ 35.138879][ T3596] ntfs_fill_super+0x1eff/0x37f0
[ 35.143986][ T3596] ? put_ntfs+0x330/0x330
[ 35.148299][ T3596] ? set_blocksize+0x2e5/0x370
[ 35.153047][ T3596] get_tree_bdev+0x440/0x760
[ 35.157621][ T3596] ? put_ntfs+0x330/0x330
[ 35.161938][ T3596] vfs_get_tree+0x89/0x2f0
[ 35.166340][ T3596] path_mount+0x1326/0x1e20
[ 35.170828][ T3596] ? kmem_cache_free+0xeb/0x5b0
[ 35.175657][ T3596] ? finish_automount+0x960/0x960
[ 35.180670][ T3596] ? putname+0xfe/0x140
[ 35.184813][ T3596] __x64_sys_mount+0x27f/0x300
[ 35.189561][ T3596] ? copy_mnt_ns+0xae0/0xae0
[ 35.194132][ T3596] ? trace_hardirqs_on+0x2d/0x120
[ 35.199144][ T3596] do_syscall_64+0x35/0xb0
[ 35.203540][ T3596] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 35.209413][ T3596] RIP: 0033:0x7fe50e8e568a
[ 35.213804][ T3596] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 35.233653][ T3596] RSP: 002b:00007fff7da0bda8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 35.242061][ T3596] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe50e8e568a
[ 35.250019][ T3596] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff7da0bdc0
[ 35.257976][ T3596] RBP: 00007fff7da0bdc0 R08: 00007fff7da0be00 R09: 0000555556a132c0
[ 35.265928][ T3596] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 35.273896][ T3596] R13: 00007fff7da0be00 R14: 000000000000010c R15: 0000000020001b20
[ 35.281851][ T3596]
[ 35.285623][ T3596] Kernel Offset: disabled
[ 35.289936][ T3596] Rebooting in 86400 seconds..