syzkaller login: [ 81.888626][ T900] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts.
[ 82.876033][ T4995] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 82.883938][ T4995] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 82.891928][ T4995] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 82.900182][ T4995] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 82.908418][ T4995] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 82.915740][ T4995] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[ 82.980089][ T4994] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4994 'syz-executor114'
[ 83.017745][ T4994] loop0: detected capacity change from 0 to 4096
[ 83.028681][ T4994] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk.
[ 83.040576][ T4994] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk.
[ 83.063275][ T4994] ntfs: volume version 3.1.
[ 83.069643][ T4994] ==================================================================
[ 83.077725][ T4994] BUG: KASAN: use-after-free in ntfs_lookup_inode_by_name+0xe86/0x2ca0
[ 83.085995][ T4994] Read of size 8 at addr ffff888074e71b80 by task syz-executor114/4994
[ 83.094239][ T4994]
[ 83.096565][ T4994] CPU: 0 PID: 4994 Comm: syz-executor114 Not tainted 6.4.0-rc6-syzkaller-00269-g1b29d271614a #0
[ 83.107408][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 83.117462][ T4994] Call Trace:
[ 83.120753][ T4994]
[ 83.123691][ T4994] dump_stack_lvl+0x1e7/0x2d0
[ 83.128377][ T4994] ? nf_tcp_handle_invalid+0x650/0x650
[ 83.133836][ T4994] ? panic+0x770/0x770
[ 83.137914][ T4994] ? _printk+0xd5/0x120
[ 83.142075][ T4994] print_report+0x163/0x540
[ 83.146583][ T4994] ? __kasan_slab_alloc+0x66/0x70
[ 83.151612][ T4994] ? __virt_addr_valid+0x22f/0x2e0
[ 83.156733][ T4994] ? __phys_addr+0xba/0x170
[ 83.161242][ T4994] ? ntfs_lookup_inode_by_name+0xe86/0x2ca0
[ 83.167141][ T4994] kasan_report+0x176/0x1b0
[ 83.171653][ T4994] ? ntfs_lookup_inode_by_name+0xe86/0x2ca0
[ 83.177559][ T4994] ntfs_lookup_inode_by_name+0xe86/0x2ca0
[ 83.183299][ T4994] ? clear_nonspinnable+0x60/0x60
[ 83.188329][ T4994] check_windows_hibernation_status+0xf0/0x4c0
[ 83.194489][ T4994] ? load_and_check_logfile+0xd0/0xd0
[ 83.199956][ T4994] ? load_system_files+0x3519/0x4840
[ 83.205329][ T4994] ? rcu_is_watching+0x15/0xb0
[ 83.210103][ T4994] load_system_files+0x35db/0x4840
[ 83.215305][ T4994] ? ntfs_setup_allocators+0x2d0/0x2d0
[ 83.220771][ T4994] ? free_vm_area+0x50/0x50
[ 83.225275][ T4994] ? generate_default_upcase+0x8ed/0x940
[ 83.230912][ T4994] ntfs_fill_super+0x19b3/0x2bd0
[ 83.235873][ T4994] mount_bdev+0x2d0/0x3f0
[ 83.240208][ T4994] ? ntfs_mount+0x40/0x40
[ 83.244544][ T4994] legacy_get_tree+0xef/0x190
[ 83.249222][ T4994] ? ntfs_rl_punch_nolock+0x15b0/0x15b0
[ 83.254773][ T4994] vfs_get_tree+0x8c/0x270
[ 83.259215][ T4994] do_new_mount+0x28f/0xae0
[ 83.263754][ T4994] ? path_mount+0x5f2/0xf80
[ 83.268271][ T4994] ? do_move_mount_old+0x170/0x170
[ 83.273399][ T4994] ? user_path_at_empty+0x12f/0x180
[ 83.278606][ T4994] __se_sys_mount+0x2d9/0x3c0
[ 83.283313][ T4994] ? __x64_sys_mount+0xc0/0xc0
[ 83.288093][ T4994] ? syscall_enter_from_user_mode+0x32/0x230
[ 83.294089][ T4994] ? lockdep_hardirqs_on+0x98/0x140
[ 83.299318][ T4994] ? __x64_sys_mount+0x20/0xc0
[ 83.304102][ T4994] do_syscall_64+0x41/0xc0
[ 83.308525][ T4994] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.314422][ T4994] RIP: 0033:0x7f90058da4ba
[ 83.318839][ T4994] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 08 01 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 83.338450][ T4994] RSP: 002b:00007ffdef280e98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 83.346863][ T4994] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f90058da4ba
[ 83.354832][ T4994] RDX: 0000000020000000 RSI: 000000002001ee80 RDI: 00007ffdef280eb0
[ 83.362807][ T4994] RBP: 00007ffdef280eb0 R08: 00007ffdef280ef0 R09: 000000000001ee3c
[ 83.370862][ T4994] R10: 0000000000004010 R11: 0000000000000286 R12: 0000000000000004
[ 83.379011][ T4994] R13: 000055555674f2b8 R14: 0000000000004010 R15: 00007ffdef280ef0
[ 83.387131][ T4994]
[ 83.390142][ T4994]
[ 83.392467][ T4994] The buggy address belongs to the physical page:
[ 83.398873][ T4994] page:ffffea0001d39c40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x74e71
[ 83.409021][ T4994] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 83.416124][ T4994] page_type: 0xffffffff()
[ 83.420449][ T4994] raw: 00fff00000000000 ffffea0001d39c88 ffffea0001d39c08 0000000000000000
[ 83.429044][ T4994] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 83.437636][ T4994] page dumped because: kasan: bad access detected
[ 83.444056][ T4994] page_owner tracks the page as freed
[ 83.449419][ T4994] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4984, tgid 4984 (sshd), ts 60762967638, free_ts 60822713395
[ 83.467401][ T4994] post_alloc_hook+0x1e6/0x210
[ 83.472170][ T4994] get_page_from_freelist+0x321c/0x33a0
[ 83.477727][ T4994] __alloc_pages+0x255/0x670
[ 83.482340][ T4994] __folio_alloc+0x13/0x30
[ 83.486767][ T4994] vma_alloc_folio+0x48a/0x9a0
[ 83.491531][ T4994] handle_mm_fault+0x2942/0x5860
[ 83.496484][ T4994] exc_page_fault+0x274/0x910
[ 83.501271][ T4994] asm_exc_page_fault+0x26/0x30
[ 83.506312][ T4994] page last free stack trace:
[ 83.510991][ T4994] free_unref_page_prepare+0x903/0xa30
[ 83.516472][ T4994] free_unref_page_list+0x596/0x830
[ 83.521709][ T4994] release_pages+0x2193/0x2470
[ 83.526548][ T4994] tlb_flush_mmu+0x100/0x210
[ 83.531145][ T4994] tlb_finish_mmu+0xd4/0x1f0
[ 83.535739][ T4994] unmap_region+0x258/0x2a0
[ 83.540243][ T4994] do_vmi_align_munmap+0x1123/0x1820
[ 83.545529][ T4994] do_vmi_munmap+0x24a/0x2b0
[ 83.550113][ T4994] __vm_munmap+0x226/0x470
[ 83.554522][ T4994] __x64_sys_munmap+0x69/0x80
[ 83.559205][ T4994] do_syscall_64+0x41/0xc0
[ 83.563621][ T4994] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.569515][ T4994]
[ 83.571832][ T4994] Memory state around the buggy address:
[ 83.577458][ T4994] ffff888074e71a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 83.585518][ T4994] ffff888074e71b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 83.593680][ T4994] >ffff888074e71b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 83.601752][ T4994] ^
[ 83.605826][ T4994] ffff888074e71c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 83.613884][ T4994] ffff888074e71c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 83.621958][ T4994] ==================================================================
[ 83.630395][ T4994] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 83.637614][ T4994] CPU: 0 PID: 4994 Comm: syz-executor114 Not tainted 6.4.0-rc6-syzkaller-00269-g1b29d271614a #0
[ 83.648034][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 83.658119][ T4994] Call Trace:
[ 83.661402][ T4994]
[ 83.664343][ T4994] dump_stack_lvl+0x1e7/0x2d0
[ 83.669037][ T4994] ? nf_tcp_handle_invalid+0x650/0x650
[ 83.674506][ T4994] ? panic+0x770/0x770
[ 83.678589][ T4994] ? vscnprintf+0x5d/0x80
[ 83.682934][ T4994] panic+0x30f/0x770
[ 83.686847][ T4994] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 83.693124][ T4994] ? check_panic_on_warn+0x21/0xa0
[ 83.698288][ T4994] ? __memcpy_flushcache+0x2b0/0x2b0
[ 83.703685][ T4994] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 83.709674][ T4994] ? _raw_spin_unlock+0x40/0x40
[ 83.714537][ T4994] check_panic_on_warn+0x82/0xa0
[ 83.719487][ T4994] ? ntfs_lookup_inode_by_name+0xe86/0x2ca0
[ 83.725395][ T4994] end_report+0x63/0x110
[ 83.729670][ T4994] kasan_report+0x183/0x1b0
[ 83.734185][ T4994] ? ntfs_lookup_inode_by_name+0xe86/0x2ca0
[ 83.740108][ T4994] ntfs_lookup_inode_by_name+0xe86/0x2ca0
[ 83.745849][ T4994] ? clear_nonspinnable+0x60/0x60
[ 83.750895][ T4994] check_windows_hibernation_status+0xf0/0x4c0
[ 83.757095][ T4994] ? load_and_check_logfile+0xd0/0xd0
[ 83.762480][ T4994] ? load_system_files+0x3519/0x4840
[ 83.767773][ T4994] ? rcu_is_watching+0x15/0xb0
[ 83.772585][ T4994] load_system_files+0x35db/0x4840
[ 83.777712][ T4994] ? ntfs_setup_allocators+0x2d0/0x2d0
[ 83.783187][ T4994] ? free_vm_area+0x50/0x50
[ 83.787697][ T4994] ? generate_default_upcase+0x8ed/0x940
[ 83.793345][ T4994] ntfs_fill_super+0x19b3/0x2bd0
[ 83.798310][ T4994] mount_bdev+0x2d0/0x3f0
[ 83.802656][ T4994] ? ntfs_mount+0x40/0x40
[ 83.807009][ T4994] legacy_get_tree+0xef/0x190
[ 83.811708][ T4994] ? ntfs_rl_punch_nolock+0x15b0/0x15b0
[ 83.817277][ T4994] vfs_get_tree+0x8c/0x270
[ 83.821736][ T4994] do_new_mount+0x28f/0xae0
[ 83.826364][ T4994] ? path_mount+0x5f2/0xf80
[ 83.830919][ T4994] ? do_move_mount_old+0x170/0x170
[ 83.836075][ T4994] ? user_path_at_empty+0x12f/0x180
[ 83.841306][ T4994] __se_sys_mount+0x2d9/0x3c0
[ 83.846038][ T4994] ? __x64_sys_mount+0xc0/0xc0
[ 83.850818][ T4994] ? syscall_enter_from_user_mode+0x32/0x230
[ 83.856819][ T4994] ? lockdep_hardirqs_on+0x98/0x140
[ 83.862220][ T4994] ? __x64_sys_mount+0x20/0xc0
[ 83.867027][ T4994] do_syscall_64+0x41/0xc0
[ 83.871482][ T4994] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.877412][ T4994] RIP: 0033:0x7f90058da4ba
[ 83.881840][ T4994] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 08 01 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 83.901635][ T4994] RSP: 002b:00007ffdef280e98 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 83.910062][ T4994] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f90058da4ba
[ 83.918121][ T4994] RDX: 0000000020000000 RSI: 000000002001ee80 RDI: 00007ffdef280eb0
[ 83.926102][ T4994] RBP: 00007ffdef280eb0 R08: 00007ffdef280ef0 R09: 000000000001ee3c
[ 83.934114][ T4994] R10: 0000000000004010 R11: 0000000000000286 R12: 0000000000000004
[ 83.942095][ T4994] R13: 000055555674f2b8 R14: 0000000000004010 R15: 00007ffdef280ef0
[ 83.950084][ T4994]
[ 83.953177][ T4994] Kernel Offset: disabled
[ 83.957510][ T4994] Rebooting in 86400 seconds..