DUID 00:04:4f:52:9e:ef:28:bc:79:ad:2a:9e:d1:97:f2:e1:e7:a4
forked to background, child pid 4667
[   21.589509][ T4668] 8021q: adding VLAN 0 to HW filter on device bond0
[   21.600235][ T4668] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.96' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   40.830199][ T4992] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4992 'syz-executor147'
[   40.859038][ T4992] loop0: detected capacity change from 0 to 4096
[   40.880029][ T4992] ntfs: volume version 3.1.
[   40.886911][ T4992] ==================================================================
[   40.894965][ T4992] BUG: KASAN: use-after-free in ntfs_lookup_inode_by_name+0x2b7e/0x2f00
[   40.903286][ T4992] Read of size 8 at addr ffff888074ea955a by task syz-executor147/4992
[   40.911498][ T4992] 
[   40.913798][ T4992] CPU: 0 PID: 4992 Comm: syz-executor147 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0
[   40.924211][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   40.934242][ T4992] Call Trace:
[   40.937502][ T4992]  <TASK>
[   40.940450][ T4992]  dump_stack_lvl+0xd9/0x150
[   40.945031][ T4992]  print_address_description.constprop.0+0x2c/0x3c0
[   40.951604][ T4992]  ? ntfs_lookup_inode_by_name+0x2b7e/0x2f00
[   40.957565][ T4992]  kasan_report+0x11c/0x130
[   40.962050][ T4992]  ? ntfs_lookup_inode_by_name+0x2b7e/0x2f00
[   40.968011][ T4992]  ntfs_lookup_inode_by_name+0x2b7e/0x2f00
[   40.973801][ T4992]  ? rcu_is_watching+0x12/0xb0
[   40.978547][ T4992]  ntfs_fill_super+0x46a6/0x93f0
[   40.983499][ T4992]  ? parse_options+0x1d70/0x1d70
[   40.988436][ T4992]  ? vsprintf+0x30/0x30
[   40.992573][ T4992]  ? set_blocksize+0x2d8/0x370
[   40.997323][ T4992]  mount_bdev+0x358/0x420
[   41.001635][ T4992]  ? parse_options+0x1d70/0x1d70
[   41.006551][ T4992]  ? ntfs_rl_punch_nolock+0x15c0/0x15c0
[   41.012075][ T4992]  legacy_get_tree+0x109/0x220
[   41.016823][ T4992]  vfs_get_tree+0x8d/0x350
[   41.021221][ T4992]  path_mount+0x134b/0x1e40
[   41.025709][ T4992]  ? kmem_cache_free+0xe9/0x480
[   41.030545][ T4992]  ? finish_automount+0x9b0/0x9b0
[   41.035571][ T4992]  ? putname+0x102/0x140
[   41.039794][ T4992]  __x64_sys_mount+0x283/0x300
[   41.044600][ T4992]  ? copy_mnt_ns+0xb30/0xb30
[   41.049170][ T4992]  ? syscall_enter_from_user_mode+0x26/0x80
[   41.055041][ T4992]  do_syscall_64+0x39/0xb0
[   41.059467][ T4992]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.065348][ T4992] RIP: 0033:0x7f08dabee3ba
[   41.069764][ T4992] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   41.089352][ T4992] RSP: 002b:00007ffcce52fe78 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   41.097746][ T4992] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f08dabee3ba
[   41.105718][ T4992] RDX: 000000002001ec80 RSI: 000000002001ecc0 RDI: 00007ffcce52fe90
[   41.113668][ T4992] RBP: 00007ffcce52fe90 R08: 00007ffcce52fed0 R09: 000000000001ec63
[   41.121641][ T4992] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[   41.129590][ T4992] R13: 000055555702f380 R14: 0000000000000000 R15: 00007ffcce52fed0
[   41.137543][ T4992]  </TASK>
[   41.140543][ T4992] 
[   41.142844][ T4992] The buggy address belongs to the physical page:
[   41.149226][ T4992] page:ffffea0001d3aa40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x74ea9
[   41.159349][ T4992] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   41.166430][ T4992] page_type: 0xffffffff()
[   41.170734][ T4992] raw: 00fff00000000000 ffffea0001d3aa88 ffffea0001d3aa08 0000000000000000
[   41.179325][ T4992] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   41.187901][ T4992] page dumped because: kasan: bad access detected
[   41.194285][ T4992] page_owner tracks the page as freed
[   41.199628][ T4992] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4992, tgid 4992 (syz-executor147), ts 40845439657, free_ts 40858180917
[   41.218529][ T4992]  post_alloc_hook+0x2db/0x350
[   41.223274][ T4992]  get_page_from_freelist+0xf41/0x2c00
[   41.228711][ T4992]  __alloc_pages+0x1cb/0x4a0
[   41.233305][ T4992]  __folio_alloc+0x16/0x40
[   41.237709][ T4992]  vma_alloc_folio+0x155/0x890
[   41.242485][ T4992]  __handle_mm_fault+0x224c/0x41c0
[   41.247574][ T4992]  handle_mm_fault+0x2af/0x9f0
[   41.252311][ T4992]  do_user_addr_fault+0x2ca/0x1210
[   41.257427][ T4992]  exc_page_fault+0x98/0x170
[   41.261996][ T4992]  asm_exc_page_fault+0x26/0x30
[   41.266826][ T4992] page last free stack trace:
[   41.271470][ T4992]  free_unref_page_prepare+0x62e/0xcb0
[   41.276911][ T4992]  free_unref_page_list+0xe3/0xa70
[   41.282001][ T4992]  release_pages+0xcd8/0x1380
[   41.286656][ T4992]  tlb_batch_pages_flush+0xa8/0x1a0
[   41.291835][ T4992]  tlb_finish_mmu+0x14b/0x7e0
[   41.296495][ T4992]  unmap_region+0x23d/0x2d0
[   41.301061][ T4992]  do_vmi_align_munmap+0xf0c/0x1640
[   41.306259][ T4992]  do_vmi_munmap+0x26e/0x2c0
[   41.310834][ T4992]  __vm_munmap+0x133/0x3b0
[   41.315232][ T4992]  __x64_sys_munmap+0x62/0x80
[   41.319889][ T4992]  do_syscall_64+0x39/0xb0
[   41.324301][ T4992]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.330194][ T4992] 
[   41.332494][ T4992] Memory state around the buggy address:
[   41.338100][ T4992]  ffff888074ea9400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.346138][ T4992]  ffff888074ea9480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.354172][ T4992] >ffff888074ea9500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.362208][ T4992]                                                     ^
[   41.369115][ T4992]  ffff888074ea9580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.377154][ T4992]  ffff888074ea9600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.385189][ T4992] ==================================================================
[   41.393607][ T4992] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   41.400881][ T4992] CPU: 0 PID: 4992 Comm: syz-executor147 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0
[   41.411279][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   41.421317][ T4992] Call Trace:
[   41.424581][ T4992]  <TASK>
[   41.427500][ T4992]  dump_stack_lvl+0xd9/0x150
[   41.432111][ T4992]  panic+0x686/0x730
[   41.436001][ T4992]  ? panic_smp_self_stop+0xa0/0xa0
[   41.441109][ T4992]  ? preempt_schedule_thunk+0x1a/0x20
[   41.446476][ T4992]  ? preempt_schedule_common+0x45/0xb0
[   41.451928][ T4992]  check_panic_on_warn+0xb1/0xc0
[   41.456859][ T4992]  end_report+0xe9/0x120
[   41.461103][ T4992]  ? ntfs_lookup_inode_by_name+0x2b7e/0x2f00
[   41.467077][ T4992]  kasan_report+0xf9/0x130
[   41.471492][ T4992]  ? ntfs_lookup_inode_by_name+0x2b7e/0x2f00
[   41.477463][ T4992]  ntfs_lookup_inode_by_name+0x2b7e/0x2f00
[   41.483267][ T4992]  ? rcu_is_watching+0x12/0xb0
[   41.488060][ T4992]  ntfs_fill_super+0x46a6/0x93f0
[   41.492998][ T4992]  ? parse_options+0x1d70/0x1d70
[   41.497933][ T4992]  ? vsprintf+0x30/0x30
[   41.502088][ T4992]  ? set_blocksize+0x2d8/0x370
[   41.506852][ T4992]  mount_bdev+0x358/0x420
[   41.511175][ T4992]  ? parse_options+0x1d70/0x1d70
[   41.516108][ T4992]  ? ntfs_rl_punch_nolock+0x15c0/0x15c0
[   41.521644][ T4992]  legacy_get_tree+0x109/0x220
[   41.526399][ T4992]  vfs_get_tree+0x8d/0x350
[   41.530814][ T4992]  path_mount+0x134b/0x1e40
[   41.535336][ T4992]  ? kmem_cache_free+0xe9/0x480
[   41.540182][ T4992]  ? finish_automount+0x9b0/0x9b0
[   41.545199][ T4992]  ? putname+0x102/0x140
[   41.549428][ T4992]  __x64_sys_mount+0x283/0x300
[   41.554193][ T4992]  ? copy_mnt_ns+0xb30/0xb30
[   41.558781][ T4992]  ? syscall_enter_from_user_mode+0x26/0x80
[   41.564665][ T4992]  do_syscall_64+0x39/0xb0
[   41.569070][ T4992]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.574964][ T4992] RIP: 0033:0x7f08dabee3ba
[   41.579367][ T4992] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   41.598978][ T4992] RSP: 002b:00007ffcce52fe78 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   41.607391][ T4992] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f08dabee3ba
[   41.615355][ T4992] RDX: 000000002001ec80 RSI: 000000002001ecc0 RDI: 00007ffcce52fe90
[   41.623318][ T4992] RBP: 00007ffcce52fe90 R08: 00007ffcce52fed0 R09: 000000000001ec63
[   41.631277][ T4992] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[   41.639237][ T4992] R13: 000055555702f380 R14: 0000000000000000 R15: 00007ffcce52fed0
[   41.647200][ T4992]  </TASK>
[   41.650887][ T4992] Kernel Offset: disabled
[   41.655211][ T4992] Rebooting in 86400 seconds..