Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 49.995717][ T3602] loop0: detected capacity change from 0 to 71
[ 50.005002][ T3602] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker.
[ 50.014302][ T3602] ==================================================================
[ 50.022544][ T3602] BUG: KASAN: use-after-free in ntfs_attr_find+0x91a/0xd80
[ 50.029757][ T3602] Read of size 2 at addr ffff888075f890aa by task syz-executor242/3602
[ 50.037983][ T3602]
[ 50.040300][ T3602] CPU: 0 PID: 3602 Comm: syz-executor242 Not tainted 6.0.0-rc6-syzkaller-00291-g3db61221f4e8 #0
[ 50.050691][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 50.060730][ T3602] Call Trace:
[ 50.063993][ T3602]
[ 50.066916][ T3602] dump_stack_lvl+0x1b1/0x28e
[ 50.071587][ T3602] ? fortify_panic+0x13/0x13
[ 50.076158][ T3602] ? _printk+0xc0/0x100
[ 50.080313][ T3602] ? __wake_up_klogd+0xd6/0x100
[ 50.085147][ T3602] ? __wake_up_klogd+0xcd/0x100
[ 50.089980][ T3602] ? panic+0x715/0x715
[ 50.094036][ T3602] ? _printk+0xc0/0x100
[ 50.098208][ T3602] print_address_description+0x65/0x4b0
[ 50.103761][ T3602] print_report+0x108/0x1f0
[ 50.108244][ T3602] ? stack_trace_snprint+0xf0/0xf0
[ 50.113339][ T3602] ? ntfs_attr_find+0x91a/0xd80
[ 50.118170][ T3602] kasan_report+0xc3/0xf0
[ 50.122480][ T3602] ? ntfs_attr_find+0x91a/0xd80
[ 50.127313][ T3602] ntfs_attr_find+0x91a/0xd80
[ 50.131970][ T3602] ? vfs_get_tree+0x88/0x270
[ 50.136541][ T3602] ? do_syscall_64+0x3d/0xb0
[ 50.141124][ T3602] ntfs_attr_lookup+0x4c3/0x2370
[ 50.146047][ T3602] ? print_irqtrace_events+0x220/0x220
[ 50.151578][ T3602] ? ___slab_alloc+0xb02/0xc40
[ 50.156326][ T3602] ? lockdep_hardirqs_on+0x8d/0x130
[ 50.161509][ T3602] ? rcu_read_lock_sched_held+0x5d/0x110
[ 50.167127][ T3602] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 50.173092][ T3602] ? ntfs_attr_reinit_search_ctx+0x2e0/0x2e0
[ 50.179056][ T3602] ? trace_kmem_cache_alloc+0x2d/0xe0
[ 50.184421][ T3602] ? kmem_cache_alloc+0x202/0x310
[ 50.189427][ T3602] ? memset+0x1f/0x40
[ 50.193389][ T3602] ntfs_read_inode_mount+0x8c9/0x2680
[ 50.198768][ T3602] ntfs_fill_super+0x187a/0x2bf0
[ 50.203703][ T3602] mount_bdev+0x26c/0x3a0
[ 50.208016][ T3602] ? ntfs_mount+0x40/0x40
[ 50.212423][ T3602] legacy_get_tree+0xea/0x180
[ 50.217089][ T3602] ? ntfs_rl_punch_nolock+0x1160/0x1160
[ 50.222629][ T3602] vfs_get_tree+0x88/0x270
[ 50.227025][ T3602] do_new_mount+0x289/0xad0
[ 50.231536][ T3602] ? do_move_mount_old+0x150/0x150
[ 50.236668][ T3602] ? user_path_at_empty+0x149/0x1a0
[ 50.241848][ T3602] __se_sys_mount+0x2d3/0x3c0
[ 50.246507][ T3602] ? __x64_sys_mount+0xc0/0xc0
[ 50.251278][ T3602] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 50.257243][ T3602] ? lockdep_hardirqs_on+0x8d/0x130
[ 50.262422][ T3602] ? __x64_sys_mount+0x1c/0xc0
[ 50.267165][ T3602] do_syscall_64+0x3d/0xb0
[ 50.271565][ T3602] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.277440][ T3602] RIP: 0033:0x7fc31d3ea2ea
[ 50.281837][ T3602] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.301426][ T3602] RSP: 002b:00007ffe4c51ba48 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 50.309824][ T3602] RAX: ffffffffffffffda RBX: 00007ffe4c51baa0 RCX: 00007fc31d3ea2ea
[ 50.317777][ T3602] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe4c51ba60
[ 50.325826][ T3602] RBP: 00007ffe4c51ba60 R08: 00007ffe4c51baa0 R09: 0000000000000000
[ 50.333868][ T3602] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000290
[ 50.341837][ T3602] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000006
[ 50.349818][ T3602]
[ 50.352818][ T3602]
[ 50.355122][ T3602] Allocated by task 3601:
[ 50.359430][ T3602] ____kasan_kmalloc+0xcd/0x100
[ 50.364266][ T3602] __kmalloc_node_track_caller+0x265/0x400
[ 50.370055][ T3602] __alloc_skb+0x112/0x2b0
[ 50.374452][ T3602] tcp_stream_alloc_skb+0x3c/0x300
[ 50.379628][ T3602] tcp_sendmsg_locked+0xd70/0x40c0
[ 50.384716][ T3602] tcp_sendmsg+0x2c/0x40
[ 50.388940][ T3602] sock_write_iter+0x3d4/0x540
[ 50.393685][ T3602] vfs_write+0x7dc/0xc50
[ 50.397907][ T3602] ksys_write+0x177/0x2a0
[ 50.402213][ T3602] do_syscall_64+0x3d/0xb0
[ 50.406625][ T3602] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.412500][ T3602]
[ 50.414803][ T3602] Freed by task 3601:
[ 50.418761][ T3602] kasan_set_track+0x3d/0x60
[ 50.423335][ T3602] kasan_set_free_info+0x1f/0x40
[ 50.428257][ T3602] ____kasan_slab_free+0xd8/0x120
[ 50.433267][ T3602] slab_free_freelist_hook+0x12e/0x1a0
[ 50.438708][ T3602] kfree+0xda/0x210
[ 50.442494][ T3602] skb_release_data+0x586/0x790
[ 50.447327][ T3602] __kfree_skb+0x56/0x1d0
[ 50.451637][ T3602] tcp_clean_rtx_queue+0x97c/0x2be0
[ 50.456815][ T3602] tcp_ack+0x1a48/0x3e50
[ 50.461132][ T3602] tcp_rcv_established+0x7d1/0x1a10
[ 50.466307][ T3602] tcp_v4_do_rcv+0x479/0xac0
[ 50.470877][ T3602] tcp_v4_rcv+0x23e0/0x2c80
[ 50.475357][ T3602] ip_protocol_deliver_rcu+0x38d/0x750
[ 50.480794][ T3602] ip_local_deliver_finish+0x269/0x480
[ 50.486227][ T3602] ip_sublist_rcv+0xa8b/0xb70
[ 50.490882][ T3602] ip_list_rcv+0x443/0x490
[ 50.495276][ T3602] __netif_receive_skb_list_core+0x71e/0x930
[ 50.501234][ T3602] __netif_receive_skb_list+0x4a1/0x570
[ 50.506772][ T3602] netif_receive_skb_list_internal+0x528/0x820
[ 50.512905][ T3602] napi_complete_done+0x34d/0x7f0
[ 50.517925][ T3602] virtnet_poll+0xc03/0x1280
[ 50.522500][ T3602] __napi_poll+0xbe/0x4b0
[ 50.526904][ T3602] net_rx_action+0x75c/0x1080
[ 50.531558][ T3602] __do_softirq+0x362/0x773
[ 50.536041][ T3602]
[ 50.538362][ T3602] The buggy address belongs to the object at ffff888075f89000
[ 50.538362][ T3602] which belongs to the cache kmalloc-1k of size 1024
[ 50.552394][ T3602] The buggy address is located 170 bytes inside of
[ 50.552394][ T3602] 1024-byte region [ffff888075f89000, ffff888075f89400)
[ 50.565730][ T3602]
[ 50.568038][ T3602] The buggy address belongs to the physical page:
[ 50.574425][ T3602] page:ffffea0001d7e200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75f88
[ 50.584562][ T3602] head:ffffea0001d7e200 order:3 compound_mapcount:0 compound_pincount:0
[ 50.592948][ T3602] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 50.600908][ T3602] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888012041dc0
[ 50.609555][ T3602] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 50.618128][ T3602] page dumped because: kasan: bad access detected
[ 50.624515][ T3602] page_owner tracks the page as allocated
[ 50.630206][ T3602] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3601, tgid 3601 (sshd), ts 49847600136, free_ts 49807687157
[ 50.650846][ T3602] get_page_from_freelist+0x742/0x7c0
[ 50.656201][ T3602] __alloc_pages+0x259/0x560
[ 50.660770][ T3602] alloc_slab_page+0x70/0xf0
[ 50.665349][ T3602] allocate_slab+0x5e/0x520
[ 50.669840][ T3602] ___slab_alloc+0x3ee/0xc40
[ 50.674435][ T3602] __kmalloc_node+0x2cd/0x420
[ 50.679102][ T3602] kvmalloc_node+0x6e/0x160
[ 50.683591][ T3602] bpf_int_jit_compile+0x542/0xbc40
[ 50.688781][ T3602] bpf_prog_select_runtime+0x853/0xb60
[ 50.694229][ T3602] bpf_prepare_filter+0x10ba/0x1380
[ 50.699429][ T3602] bpf_prog_create_from_user+0x2a1/0x3d0
[ 50.705045][ T3602] do_seccomp+0x826/0xf20
[ 50.709364][ T3602] __do_sys_prctl+0x5e9/0x12a0
[ 50.714123][ T3602] do_syscall_64+0x3d/0xb0
[ 50.718521][ T3602] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.724397][ T3602] page last free stack trace:
[ 50.729050][ T3602] free_pcp_prepare+0x812/0x900
[ 50.733881][ T3602] free_unref_page+0x7d/0x5f0
[ 50.738557][ T3602] page_to_skb+0x661/0xb80
[ 50.742970][ T3602] receive_mergeable+0x353/0x26b0
[ 50.748081][ T3602] receive_buf+0x15c/0x1c50
[ 50.752562][ T3602] virtnet_poll+0x64b/0x1280
[ 50.757143][ T3602] __napi_poll+0xbe/0x4b0
[ 50.761451][ T3602] net_rx_action+0x75c/0x1080
[ 50.767063][ T3602] __do_softirq+0x362/0x773
[ 50.771545][ T3602]
[ 50.773865][ T3602] Memory state around the buggy address:
[ 50.779484][ T3602] ffff888075f88f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.787526][ T3602] ffff888075f89000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.795564][ T3602] >ffff888075f89080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.803600][ T3602] ^
[ 50.808945][ T3602] ffff888075f89100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.817005][ T3602] ffff888075f89180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.825052][ T3602] ==================================================================
[ 50.833392][ T3602] Kernel panic - not syncing: panic_on_warn set ...
[ 50.840014][ T3602] CPU: 0 PID: 3602 Comm: syz-executor242 Not tainted 6.0.0-rc6-syzkaller-00291-g3db61221f4e8 #0
[ 50.850412][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 50.860455][ T3602] Call Trace:
[ 50.863725][ T3602]
[ 50.866652][ T3602] dump_stack_lvl+0x1b1/0x28e
[ 50.871326][ T3602] ? fortify_panic+0x13/0x13
[ 50.875905][ T3602] ? panic+0x715/0x715
[ 50.879967][ T3602] ? preempt_schedule_common+0xb7/0xe0
[ 50.885418][ T3602] ? vscnprintf+0x59/0x80
[ 50.889740][ T3602] panic+0x2d6/0x715
[ 50.893632][ T3602] ? fb_is_primary_device+0xcc/0xcc
[ 50.898822][ T3602] ? _raw_spin_unlock_irqrestore+0x110/0x120
[ 50.904819][ T3602] ? print_report+0x1b4/0x1f0
[ 50.909489][ T3602] ? ntfs_attr_find+0x91a/0xd80
[ 50.914341][ T3602] end_report+0x91/0xa0
[ 50.918484][ T3602] kasan_report+0xd0/0xf0
[ 50.922805][ T3602] ? ntfs_attr_find+0x91a/0xd80
[ 50.927654][ T3602] ntfs_attr_find+0x91a/0xd80
[ 50.932326][ T3602] ? vfs_get_tree+0x88/0x270
[ 50.936936][ T3602] ? do_syscall_64+0x3d/0xb0
[ 50.941521][ T3602] ntfs_attr_lookup+0x4c3/0x2370
[ 50.946447][ T3602] ? print_irqtrace_events+0x220/0x220
[ 50.951899][ T3602] ? ___slab_alloc+0xb02/0xc40
[ 50.956652][ T3602] ? lockdep_hardirqs_on+0x8d/0x130
[ 50.961846][ T3602] ? rcu_read_lock_sched_held+0x5d/0x110
[ 50.967468][ T3602] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 50.973437][ T3602] ? ntfs_attr_reinit_search_ctx+0x2e0/0x2e0
[ 50.979406][ T3602] ? trace_kmem_cache_alloc+0x2d/0xe0
[ 50.984766][ T3602] ? kmem_cache_alloc+0x202/0x310
[ 50.989796][ T3602] ? memset+0x1f/0x40
[ 50.993769][ T3602] ntfs_read_inode_mount+0x8c9/0x2680
[ 50.999150][ T3602] ntfs_fill_super+0x187a/0x2bf0
[ 51.004102][ T3602] mount_bdev+0x26c/0x3a0
[ 51.008443][ T3602] ? ntfs_mount+0x40/0x40
[ 51.012773][ T3602] legacy_get_tree+0xea/0x180
[ 51.017439][ T3602] ? ntfs_rl_punch_nolock+0x1160/0x1160
[ 51.022975][ T3602] vfs_get_tree+0x88/0x270
[ 51.027395][ T3602] do_new_mount+0x289/0xad0
[ 51.031888][ T3602] ? do_move_mount_old+0x150/0x150
[ 51.036989][ T3602] ? user_path_at_empty+0x149/0x1a0
[ 51.042265][ T3602] __se_sys_mount+0x2d3/0x3c0
[ 51.046934][ T3602] ? __x64_sys_mount+0xc0/0xc0
[ 51.051690][ T3602] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 51.057659][ T3602] ? lockdep_hardirqs_on+0x8d/0x130
[ 51.062846][ T3602] ? __x64_sys_mount+0x1c/0xc0
[ 51.067604][ T3602] do_syscall_64+0x3d/0xb0
[ 51.072023][ T3602] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.077906][ T3602] RIP: 0033:0x7fc31d3ea2ea
[ 51.082314][ T3602] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.101962][ T3602] RSP: 002b:00007ffe4c51ba48 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 51.110363][ T3602] RAX: ffffffffffffffda RBX: 00007ffe4c51baa0 RCX: 00007fc31d3ea2ea
[ 51.118496][ T3602] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe4c51ba60
[ 51.126458][ T3602] RBP: 00007ffe4c51ba60 R08: 00007ffe4c51baa0 R09: 0000000000000000
[ 51.134434][ T3602] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000290
[ 51.142393][ T3602] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000006
[ 51.150362][ T3602]
[ 51.153537][ T3602] Kernel Offset: disabled
[ 51.157853][ T3602] Rebooting in 86400 seconds..