syzkaller
syzkaller login: [   21.860515][ T1173] sftp-server (1173) used greatest stack depth: 23296 bytes left
[   21.868148][ T1171] sshd (1171) used greatest stack depth: 22752 bytes left
[   29.951504][ T1190] cgroup: Unknown subsys name 'net'
[   30.080411][ T1190] cgroup: Unknown subsys name 'rlimit'
[   30.330269][ T1190] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   37.447581][ T1255] syz-executor (1255) used greatest stack depth: 21288 bytes left
[   43.583804][ T1689] syz-executor (1689) used greatest stack depth: 20904 bytes left
Warning: Permanently added '10.128.15.209' (ED25519) to the list of known hosts.
2025/01/09 19:52:33 ignoring optional flag "sandboxArg"="0"
2025/01/09 19:52:33 parsed 1 programs
[   64.354227][ T2125] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/01/09 19:52:41 executed programs: 0
2025/01/09 19:52:47 executed programs: 2
[   77.721147][ T3036] loop3: detected capacity change from 0 to 4096
[   77.729342][ T3036] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512)
[   77.787170][ T3036] loop3: detected capacity change from 4096 to 0
[   77.794619][ T3036] ==================================================================
[   77.802713][ T3036] BUG: KASAN: slab-out-of-bounds in ntfs_set_ea+0x648/0x13a0
[   77.810098][ T3036] Write of size 6 at addr ffff888013e837e4 by task syz.3.15/3036
[   77.817792][ T3036] 
[   77.820216][ T3036] CPU: 1 PID: 3036 Comm: syz.3.15 Not tainted 6.1.124-syzkaller #0
[   77.828079][ T3036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   77.838119][ T3036] Call Trace:
[   77.841381][ T3036]  <TASK>
[   77.844293][ T3036]  dump_stack_lvl+0xf4/0x251
[   77.848860][ T3036]  ? nf_tcp_handle_invalid+0x2f3/0x2f3
[   77.854299][ T3036]  ? panic+0x3fe/0x3fe
[   77.858341][ T3036]  ? _printk+0xca/0x10a
[   77.862473][ T3036]  ? __virt_addr_valid+0x139/0x270
[   77.867570][ T3036]  ? __virt_addr_valid+0x221/0x270
[   77.872654][ T3036]  print_report+0x15f/0x4f0
[   77.877136][ T3036]  ? __virt_addr_valid+0x139/0x270
[   77.882306][ T3036]  ? __virt_addr_valid+0x221/0x270
[   77.887567][ T3036]  ? ntfs_set_ea+0x648/0x13a0
[   77.892217][ T3036]  kasan_report+0x136/0x160
[   77.896699][ T3036]  ? ntfs_set_ea+0x648/0x13a0
[   77.901443][ T3036]  kasan_check_range+0x27f/0x290
[   77.906352][ T3036]  ? ntfs_set_ea+0x648/0x13a0
[   77.911009][ T3036]  memcpy+0x3c/0x60
[   77.914814][ T3036]  ntfs_set_ea+0x648/0x13a0
[   77.919293][ T3036]  ? ntfs_save_wsl_perm+0x480/0x480
[   77.924466][ T3036]  ? make_kuid+0x6d0/0x6d0
[   77.928859][ T3036]  ? tomoyo_path_number_perm+0x54d/0x6a0
[   77.934467][ T3036]  ntfs_save_wsl_perm+0x128/0x480
[   77.939468][ T3036]  ? current_time+0x82/0x240
[   77.944048][ T3036]  ? ntfs_listxattr+0x5d0/0x5d0
[   77.948878][ T3036]  ? in_group_or_capable+0x10/0x30
[   77.954028][ T3036]  ? setattr_copy+0x313/0x510
[   77.958681][ T3036]  ntfs3_setattr+0x295/0x910
[   77.963285][ T3036]  ? current_time+0x82/0x240
[   77.967859][ T3036]  ? PageUptodate+0x180/0x180
[   77.972513][ T3036]  ? common_perm_cond+0x2cf/0x390
[   77.977521][ T3036]  ? common_perm+0x1a0/0x1a0
[   77.982116][ T3036]  notify_change+0x937/0xc40
[   77.986701][ T3036]  chmod_common+0x2b2/0x4d0
[   77.991201][ T3036]  ? __ia32_sys_chroot+0x30/0x30
[   77.996139][ T3036]  ? kmem_cache_free+0x2e8/0x510
[   78.001063][ T3036]  __x64_sys_fchmodat+0x109/0x180
[   78.006083][ T3036]  ? __ia32_sys_fchmod+0x100/0x100
[   78.011274][ T3036]  ? switch_fpu_return+0xc9/0x130
[   78.016313][ T3036]  do_syscall_64+0x3b/0x80
[   78.020713][ T3036]  ? clear_bhb_loop+0x45/0xa0
[   78.025384][ T3036]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   78.031263][ T3036] RIP: 0033:0x7fad0437e719
[   78.035669][ T3036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.055383][ T3036] RSP: 002b:00007fad051fc038 EFLAGS: 00000246 ORIG_RAX: 000000000000010c
[   78.063802][ T3036] RAX: ffffffffffffffda RBX: 00007fad04535f80 RCX: 00007fad0437e719
[   78.071763][ T3036] RDX: 0000000000000141 RSI: 0000000020000200 RDI: ffffffffffffff9c
[   78.079740][ T3036] RBP: 00007fad043f175e R08: 0000000000000000 R09: 0000000000000000
[   78.087700][ T3036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   78.095654][ T3036] R13: 0000000000000000 R14: 00007fad04535f80 R15: 00007ffe2663fc68
[   78.103637][ T3036]  </TASK>
[   78.106655][ T3036] 
[   78.108977][ T3036] Allocated by task 1:
[   78.113036][ T3036]  kasan_set_track+0x4b/0x70
[   78.117608][ T3036]  __kasan_slab_alloc+0x65/0x70
[   78.122510][ T3036]  slab_post_alloc_hook+0x54/0x3e0
[   78.127713][ T3036]  kmem_cache_alloc+0x10c/0x290
[   78.132555][ T3036]  __kernfs_new_node+0xd7/0x6b0
[   78.137403][ T3036]  kernfs_new_node+0x109/0x1d0
[   78.142161][ T3036]  __kernfs_create_file+0x24/0x280
[   78.147338][ T3036]  sysfs_create_file_ns+0x35f/0x4c0
[   78.152516][ T3036]  bus_add_driver+0x320/0x4f0
[   78.157177][ T3036]  driver_register+0x1f9/0x330
[   78.161919][ T3036]  do_one_initcall+0x19f/0x4c0
[   78.166666][ T3036]  do_initcall_level+0x11e/0x1cd
[   78.171581][ T3036]  do_initcalls+0x46/0x74
[   78.175884][ T3036]  kernel_init_freeable+0x375/0x4e4
[   78.181056][ T3036]  kernel_init+0x14/0x190
[   78.185366][ T3036]  ret_from_fork+0x1f/0x30
[   78.189761][ T3036] 
[   78.192082][ T3036] The buggy address belongs to the object at ffff888013e83740
[   78.192082][ T3036]  which belongs to the cache kernfs_node_cache of size 168
[   78.206632][ T3036] The buggy address is located 164 bytes inside of
[   78.206632][ T3036]  168-byte region [ffff888013e83740, ffff888013e837e8)
[   78.220050][ T3036] 
[   78.222360][ T3036] The buggy address belongs to the physical page:
[   78.228846][ T3036] page:ffffea00004fa0c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13e83
[   78.238976][ T3036] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   78.246500][ T3036] raw: 00fff00000000200 ffffea00003f9340 dead000000000004 ffff888140009b40
[   78.255090][ T3036] raw: 0000000000000000 0000000000110011 00000001ffffffff 0000000000000000
[   78.263757][ T3036] page dumped because: kasan: bad access detected
[   78.270165][ T3036] page_owner tracks the page as allocated
[   78.275861][ T3036] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 3394479423, free_ts 3309036217
[   78.293295][ T3036]  post_alloc_hook+0x286/0x2b0
[   78.298042][ T3036]  get_page_from_freelist+0x340b/0x35b0
[   78.304007][ T3036]  __alloc_pages+0x251/0x640
[   78.308581][ T3036]  alloc_page_interleave+0xf/0x120
[   78.313665][ T3036]  alloc_slab_page+0x6a/0x150
[   78.318314][ T3036]  new_slab+0x70/0x250
[   78.322370][ T3036]  ___slab_alloc+0x9df/0xe70
[   78.326964][ T3036]  kmem_cache_alloc+0x18b/0x290
[   78.331801][ T3036]  __kernfs_new_node+0xd7/0x6b0
[   78.336692][ T3036]  kernfs_new_node+0x109/0x1d0
[   78.341444][ T3036]  __kernfs_create_file+0x24/0x280
[   78.346547][ T3036]  sysfs_add_file_mode_ns+0x1c2/0x230
[   78.351894][ T3036]  sysfs_merge_group+0x1e3/0x3f0
[   78.356805][ T3036]  dpm_sysfs_add+0x86/0x1b0
[   78.361286][ T3036]  device_add+0x675/0xd90
[   78.365590][ T3036]  device_create_with_groups+0x230/0x2b0
[   78.371196][ T3036] page last free stack trace:
[   78.375844][ T3036]  free_unref_page_prepare+0x10b7/0x13b0
[   78.381648][ T3036]  free_unref_page+0x33/0x390
[   78.386302][ T3036]  __vunmap+0x397/0x760
[   78.390449][ T3036]  free_work+0x3d/0x70
[   78.394508][ T3036]  process_one_work+0x745/0xe90
[   78.399363][ T3036]  worker_thread+0x806/0xe60
[   78.403934][ T3036]  kthread+0x1e8/0x240
[   78.407987][ T3036]  ret_from_fork+0x1f/0x30
[   78.412392][ T3036] 
[   78.414711][ T3036] Memory state around the buggy address:
[   78.420320][ T3036]  ffff888013e83680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   78.428370][ T3036]  ffff888013e83700: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   78.436406][ T3036] >ffff888013e83780: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   78.444471][ T3036]                                                           ^
[   78.451920][ T3036]  ffff888013e83800: fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00
[   78.459991][ T3036]  ffff888013e83880: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   78.468037][ T3036] ==================================================================
[   78.478251][ T3036] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   78.485759][ T3036] Kernel Offset: disabled
[   78.490069][ T3036] Rebooting in 86400 seconds..