DUID 00:04:1b:4d:40:85:b1:6b:61:74:2c:72:11:ce:21:17:3d:97
forked to background, child pid 3171
[ 23.302530][ T3172] 8021q: adding VLAN 0 to HW filter on device bond0
[ 23.314156][ T3172] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.62' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 48.276272][ T3499] loop0: detected capacity change from 0 to 4096
[ 48.306814][ T3499] ntfs: volume version 3.1.
[ 48.316022][ T3499] ==================================================================
[ 48.324182][ T3499] BUG: KASAN: use-after-free in ntfs_lookup_inode_by_name+0xe8d/0x3200
[ 48.332633][ T3499] Read of size 8 at addr ffff88807224755a by task syz-executor365/3499
[ 48.340869][ T3499]
[ 48.343269][ T3499] CPU: 0 PID: 3499 Comm: syz-executor365 Not tainted 5.15.115-syzkaller #0
[ 48.351843][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 48.361969][ T3499] Call Trace:
[ 48.365333][ T3499]
[ 48.368332][ T3499] dump_stack_lvl+0x1e3/0x2cb
[ 48.373166][ T3499] ? io_uring_drop_tctx_refs+0x19d/0x19d
[ 48.378860][ T3499] ? _printk+0xd1/0x111
[ 48.383105][ T3499] ? __wake_up_klogd+0xcc/0x100
[ 48.388164][ T3499] ? panic+0x84d/0x84d
[ 48.392217][ T3499] ? _raw_spin_lock_irqsave+0xdd/0x120
[ 48.397753][ T3499] print_address_description+0x63/0x3b0
[ 48.403890][ T3499] ? ntfs_lookup_inode_by_name+0xe8d/0x3200
[ 48.410826][ T3499] kasan_report+0x16b/0x1c0
[ 48.415682][ T3499] ? ntfs_lookup_inode_by_name+0xe8d/0x3200
[ 48.421795][ T3499] ntfs_lookup_inode_by_name+0xe8d/0x3200
[ 48.427895][ T3499] ? do_raw_spin_lock+0x14a/0x370
[ 48.433351][ T3499] ? down_write+0x10e/0x170
[ 48.437874][ T3499] ? down_read_killable+0x350/0x350
[ 48.443286][ T3499] check_windows_hibernation_status+0xfc/0x6f0
[ 48.450020][ T3499] ? load_and_check_logfile+0xd0/0xd0
[ 48.455377][ T3499] ? rcu_is_watching+0x11/0xa0
[ 48.460124][ T3499] ? load_system_files+0x3f7f/0x5700
[ 48.465422][ T3499] ? kfree+0x4a/0x270
[ 48.469402][ T3499] load_system_files+0x4041/0x5700
[ 48.475122][ T3499] ? ntfs_setup_allocators+0x2d0/0x2d0
[ 48.481027][ T3499] ? memset+0x1f/0x40
[ 48.485030][ T3499] ? generate_default_upcase+0x8e9/0x930
[ 48.491056][ T3499] ntfs_fill_super+0x1c7f/0x2e20
[ 48.495998][ T3499] mount_bdev+0x2c9/0x3f0
[ 48.500562][ T3499] ? ntfs_mount+0x40/0x40
[ 48.506194][ T3499] legacy_get_tree+0xeb/0x180
[ 48.510875][ T3499] ? ntfs_rl_punch_nolock+0x15b0/0x15b0
[ 48.516503][ T3499] vfs_get_tree+0x88/0x270
[ 48.521001][ T3499] do_new_mount+0x28b/0xae0
[ 48.525491][ T3499] ? do_move_mount_old+0x160/0x160
[ 48.530679][ T3499] ? user_path_at_empty+0x12b/0x180
[ 48.535848][ T3499] __se_sys_mount+0x2d5/0x3c0
[ 48.540507][ T3499] ? __x64_sys_mount+0xc0/0xc0
[ 48.545248][ T3499] ? syscall_enter_from_user_mode+0x2e/0x230
[ 48.551204][ T3499] ? lockdep_hardirqs_on+0x94/0x130
[ 48.556381][ T3499] ? __x64_sys_mount+0x1c/0xc0
[ 48.561384][ T3499] do_syscall_64+0x3d/0xb0
[ 48.565781][ T3499] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.571648][ T3499] RIP: 0033:0x7f8372a7bb0a
[ 48.576047][ T3499] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 08 01 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 48.596325][ T3499] RSP: 002b:00007fff42a74d98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 48.604975][ T3499] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8372a7bb0a
[ 48.613223][ T3499] RDX: 000000002001ec80 RSI: 000000002001ecc0 RDI: 00007fff42a74db0
[ 48.621871][ T3499] RBP: 00007fff42a74db0 R08: 00007fff42a74df0 R09: 000000000001ec63
[ 48.630816][ T3499] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 48.640006][ T3499] R13: 0000555556e422b8 R14: 0000000000000000 R15: 00007fff42a74df0
[ 48.648242][ T3499]
[ 48.651262][ T3499]
[ 48.653566][ T3499] The buggy address belongs to the page:
[ 48.659260][ T3499] page:ffffea0001c891c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x72247
[ 48.669867][ T3499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 48.677065][ T3499] raw: 00fff00000000000 ffffea0001c89208 ffffea0001c89188 0000000000000000
[ 48.685636][ T3499] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 48.694195][ T3499] page dumped because: kasan: bad access detected
[ 48.700579][ T3499] page_owner tracks the page as freed
[ 48.705921][ T3499] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, ts 10249786585, free_ts 11376687921
[ 48.719095][ T3499] split_map_pages+0x246/0x510
[ 48.723864][ T3499] isolate_freepages_range+0x47c/0x4e0
[ 48.729332][ T3499] alloc_contig_range+0xc2b/0xf90
[ 48.734359][ T3499] alloc_contig_pages+0x3ea/0x4e0
[ 48.739365][ T3499] debug_vm_pgtable_alloc_huge_page+0xb9/0x108
[ 48.745588][ T3499] init_args+0xa3e/0xdb5
[ 48.749924][ T3499] debug_vm_pgtable+0xaa/0x462
[ 48.754680][ T3499] do_one_initcall+0x22b/0x7a0
[ 48.759426][ T3499] do_initcall_level+0x157/0x207
[ 48.765096][ T3499] do_initcalls+0x49/0x86
[ 48.769409][ T3499] kernel_init_freeable+0x43c/0x5c5
[ 48.774701][ T3499] kernel_init+0x19/0x290
[ 48.779007][ T3499] ret_from_fork+0x1f/0x30
[ 48.783398][ T3499] page last free stack trace:
[ 48.788128][ T3499] free_unref_page_prepare+0xc34/0xcf0
[ 48.793591][ T3499] free_unref_page+0x95/0x2d0
[ 48.798257][ T3499] free_contig_range+0x95/0xf0
[ 48.803389][ T3499] destroy_args+0xfe/0x97f
[ 48.807900][ T3499] debug_vm_pgtable+0x40d/0x462
[ 48.812756][ T3499] do_one_initcall+0x22b/0x7a0
[ 48.817521][ T3499] do_initcall_level+0x157/0x207
[ 48.822629][ T3499] do_initcalls+0x49/0x86
[ 48.826968][ T3499] kernel_init_freeable+0x43c/0x5c5
[ 48.832266][ T3499] kernel_init+0x19/0x290
[ 48.836665][ T3499] ret_from_fork+0x1f/0x30
[ 48.841065][ T3499]
[ 48.843374][ T3499] Memory state around the buggy address:
[ 48.849086][ T3499] ffff888072247400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 48.857217][ T3499] ffff888072247480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 48.865429][ T3499] >ffff888072247500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 48.873659][ T3499] ^
[ 48.880602][ T3499] ffff888072247580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 48.889173][ T3499] ffff888072247600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 48.897389][ T3499] ==================================================================
[ 48.905432][ T3499] Disabling lock debugging due to kernel taint
[ 48.912216][ T3499] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 48.920112][ T3499] CPU: 1 PID: 3499 Comm: syz-executor365 Tainted: G B 5.15.115-syzkaller #0
[ 48.930070][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 48.940345][ T3499] Call Trace:
[ 48.943618][ T3499]
[ 48.946535][ T3499] dump_stack_lvl+0x1e3/0x2cb
[ 48.951283][ T3499] ? io_uring_drop_tctx_refs+0x19d/0x19d
[ 48.956895][ T3499] ? panic+0x84d/0x84d
[ 48.961022][ T3499] ? preempt_schedule_common+0xa6/0xd0
[ 48.966701][ T3499] ? preempt_schedule+0xd9/0xe0
[ 48.972139][ T3499] panic+0x318/0x84d
[ 48.976100][ T3499] ? check_panic_on_warn+0x1d/0xa0
[ 48.981190][ T3499] ? fb_is_primary_device+0xcc/0xcc
[ 48.986452][ T3499] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 48.992404][ T3499] ? _raw_spin_unlock+0x40/0x40
[ 48.997231][ T3499] check_panic_on_warn+0x7e/0xa0
[ 49.002142][ T3499] ? ntfs_lookup_inode_by_name+0xe8d/0x3200
[ 49.008009][ T3499] end_report+0x6d/0xf0
[ 49.012226][ T3499] kasan_report+0x18e/0x1c0
[ 49.016706][ T3499] ? ntfs_lookup_inode_by_name+0xe8d/0x3200
[ 49.022580][ T3499] ntfs_lookup_inode_by_name+0xe8d/0x3200
[ 49.028300][ T3499] ? do_raw_spin_lock+0x14a/0x370
[ 49.033323][ T3499] ? down_write+0x10e/0x170
[ 49.037813][ T3499] ? down_read_killable+0x350/0x350
[ 49.043716][ T3499] check_windows_hibernation_status+0xfc/0x6f0
[ 49.049852][ T3499] ? load_and_check_logfile+0xd0/0xd0
[ 49.055199][ T3499] ? rcu_is_watching+0x11/0xa0
[ 49.060069][ T3499] ? load_system_files+0x3f7f/0x5700
[ 49.065503][ T3499] ? kfree+0x4a/0x270
[ 49.069645][ T3499] load_system_files+0x4041/0x5700
[ 49.074732][ T3499] ? ntfs_setup_allocators+0x2d0/0x2d0
[ 49.080450][ T3499] ? memset+0x1f/0x40
[ 49.084423][ T3499] ? generate_default_upcase+0x8e9/0x930
[ 49.090129][ T3499] ntfs_fill_super+0x1c7f/0x2e20
[ 49.095232][ T3499] mount_bdev+0x2c9/0x3f0
[ 49.099553][ T3499] ? ntfs_mount+0x40/0x40
[ 49.103863][ T3499] legacy_get_tree+0xeb/0x180
[ 49.108520][ T3499] ? ntfs_rl_punch_nolock+0x15b0/0x15b0
[ 49.114127][ T3499] vfs_get_tree+0x88/0x270
[ 49.118542][ T3499] do_new_mount+0x28b/0xae0
[ 49.123206][ T3499] ? do_move_mount_old+0x160/0x160
[ 49.128380][ T3499] ? user_path_at_empty+0x12b/0x180
[ 49.133561][ T3499] __se_sys_mount+0x2d5/0x3c0
[ 49.138223][ T3499] ? __x64_sys_mount+0xc0/0xc0
[ 49.142963][ T3499] ? syscall_enter_from_user_mode+0x2e/0x230
[ 49.148918][ T3499] ? lockdep_hardirqs_on+0x94/0x130
[ 49.154089][ T3499] ? __x64_sys_mount+0x1c/0xc0
[ 49.158832][ T3499] do_syscall_64+0x3d/0xb0
[ 49.163223][ T3499] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.169093][ T3499] RIP: 0033:0x7f8372a7bb0a
[ 49.173486][ T3499] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 08 01 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.193069][ T3499] RSP: 002b:00007fff42a74d98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 49.201557][ T3499] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8372a7bb0a
[ 49.209502][ T3499] RDX: 000000002001ec80 RSI: 000000002001ecc0 RDI: 00007fff42a74db0
[ 49.217458][ T3499] RBP: 00007fff42a74db0 R08: 00007fff42a74df0 R09: 000000000001ec63
[ 49.225407][ T3499] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 49.233457][ T3499] R13: 0000555556e422b8 R14: 0000000000000000 R15: 00007fff42a74df0
[ 49.241759][ T3499]
[ 49.245008][ T3499] Kernel Offset: disabled
[ 49.249316][ T3499] Rebooting in 86400 seconds..