Warning: Permanently added '10.128.0.3' (ED25519) to the list of known hosts. 2023/12/23 02:27:23 ignoring optional flag "sandboxArg"="0" 2023/12/23 02:27:23 parsed 1 programs 2023/12/23 02:27:23 executed programs: 0 [ 51.890356][ T2241] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.319692][ T2660] loop0: detected capacity change from 0 to 190 [ 55.328453][ T2660] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid boot sector checksum. [ 55.339354][ T2660] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 55.349259][ T2660] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 55.357220][ T2660] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 55.370496][ T2660] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 55.383712][ T2660] ntfs: (device loop0): ntfs_external_attr_find(): Base inode 0xa contains corrupt attribute list attribute. Unmount and run chkdsk. [ 55.397820][ T2660] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to lookup $DATA attribute. [ 55.407274][ T2660] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 55.420806][ T2660] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 55.433074][ T2660] ntfs: volume version 3.1. [ 55.438011][ T2660] syz-executor.0: attempt to access beyond end of device [ 55.438011][ T2660] loop0: rw=0, sector=2072, nr_sectors = 8 limit=190 [ 55.451829][ T2660] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x103. [ 55.462713][ T2660] syz-executor.0: attempt to access beyond end of device [ 55.462713][ T2660] loop0: rw=0, sector=552, nr_sectors = 8 limit=190 [ 55.478273][ T2660] syz-executor.0: attempt to access beyond end of device [ 55.478273][ T2660] loop0: rw=0, sector=224, nr_sectors = 8 limit=190 [ 55.513198][ T2662] loop0: detected capacity change from 0 to 190 [ 55.529420][ T2662] ntfs: volume version 3.1. [ 55.534503][ T2662] syz-executor.0: attempt to access beyond end of device [ 55.534503][ T2662] loop0: rw=0, sector=2072, nr_sectors = 8 limit=190 [ 55.549372][ T2662] syz-executor.0: attempt to access beyond end of device [ 55.549372][ T2662] loop0: rw=0, sector=552, nr_sectors = 8 limit=190 [ 55.564827][ T2662] syz-executor.0: attempt to access beyond end of device [ 55.564827][ T2662] loop0: rw=0, sector=224, nr_sectors = 8 limit=190 [ 55.596288][ T2664] loop0: detected capacity change from 0 to 190 [ 55.609864][ T2664] ntfs: volume version 3.1. [ 55.615475][ T2664] syz-executor.0: attempt to access beyond end of device [ 55.615475][ T2664] loop0: rw=0, sector=2072, nr_sectors = 8 limit=190 [ 55.630570][ T2664] syz-executor.0: attempt to access beyond end of device [ 55.630570][ T2664] loop0: rw=0, sector=552, nr_sectors = 8 limit=190 [ 55.645252][ T2664] syz-executor.0: attempt to access beyond end of device [ 55.645252][ T2664] loop0: rw=0, sector=224, nr_sectors = 8 limit=190 [ 55.683172][ T2666] loop0: detected capacity change from 0 to 190 [ 55.692303][ T2666] ================================================================== [ 55.700420][ T2666] BUG: KASAN: use-after-free in ntfs_read_folio+0x810/0x1bd0 [ 55.707961][ T2666] Read of size 1 at addr ffff88806eb9c17f by task syz-executor.0/2666 [ 55.716887][ T2666] [ 55.719217][ T2666] CPU: 0 PID: 2666 Comm: syz-executor.0 Not tainted 6.7.0-rc6-syzkaller #0 [ 55.728399][ T2666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 55.739811][ T2666] Call Trace: [ 55.743093][ T2666] [ 55.746102][ T2666] dump_stack_lvl+0xf8/0x260 [ 55.751341][ T2666] ? nf_tcp_handle_invalid+0x300/0x300 [ 55.756792][ T2666] ? panic+0x500/0x500 [ 55.760861][ T2666] ? _printk+0xce/0x110 [ 55.765018][ T2666] print_report+0x163/0x540 [ 55.769735][ T2666] ? lock_acquire+0xc2/0x3a0 [ 55.774705][ T2666] ? __lock_acquire+0xc10/0xc10 [ 55.780154][ T2666] ? ntfs_read_folio+0x810/0x1bd0 [ 55.785158][ T2666] kasan_report+0x142/0x170 [ 55.789683][ T2666] ? ntfs_read_folio+0x810/0x1bd0 [ 55.794851][ T2666] kasan_check_range+0x27e/0x290 [ 55.799786][ T2666] ? ntfs_read_folio+0x810/0x1bd0 [ 55.805146][ T2666] __asan_memcpy+0x29/0x70 [ 55.810376][ T2666] ntfs_read_folio+0x810/0x1bd0 [ 55.815217][ T2666] ? folio_add_lru+0x184/0x540 [ 55.820062][ T2666] ? folio_add_lru+0x184/0x540 [ 55.824900][ T2666] ? rcu_is_watching+0x1f/0x90 [ 55.829655][ T2666] ? folio_add_lru+0x184/0x540 [ 55.834401][ T2666] ? lock_acquire+0xc2/0x3a0 [ 55.838978][ T2666] ? __lock_acquire+0xc10/0xc10 [ 55.843909][ T2666] ? read_lock_is_recursive+0x20/0x20 [ 55.849548][ T2666] ? ntfs_writepage+0x11f0/0x11f0 [ 55.855266][ T2666] ? folio_add_lru+0x540/0x540 [ 55.860211][ T2666] ? folio_batch_add_and_move+0xc8/0x190 [ 55.866179][ T2666] ? folio_add_lru+0x184/0x540 [ 55.871016][ T2666] ? folio_add_lru+0x2ee/0x540 [ 55.875847][ T2666] filemap_read_folio+0x151/0x530 [ 55.881108][ T2666] ? ntfs_writepage+0x11f0/0x11f0 [ 55.886242][ T2666] ? maybe_unlock_mmap_for_io+0x1c0/0x1c0 [ 55.892394][ T2666] ? __filemap_get_folio+0x4b/0x690 [ 55.897629][ T2666] do_read_cache_folio+0x104/0x5a0 [ 55.902820][ T2666] ? ntfs_writepage+0x11f0/0x11f0 [ 55.908084][ T2666] do_read_cache_page+0x11/0x160 [ 55.913004][ T2666] load_system_files+0x1c57/0x3e40 [ 55.918276][ T2666] ? vmap+0x230/0x230 [ 55.922274][ T2666] ? ntfs_setup_allocators+0x250/0x250 [ 55.927817][ T2666] ? mutex_unlock+0x10/0x10 [ 55.932476][ T2666] ? __asan_memset+0x23/0x40 [ 55.937155][ T2666] ? generate_default_upcase+0x88/0x8f0 [ 55.942958][ T2666] ? vmalloc+0x74/0x80 [ 55.947016][ T2666] ntfs_fill_super+0x123f/0x23d0 [ 55.952168][ T2666] mount_bdev+0x1d6/0x290 [ 55.956673][ T2666] ? ntfs_mount+0x10/0x10 [ 55.961167][ T2666] ? get_tree_bdev+0x5b0/0x5b0 [ 55.966214][ T2666] ? vfs_parse_fs_string+0x17f/0x210 [ 55.971573][ T2666] ? vfs_parse_fs_param+0x380/0x380 [ 55.976934][ T2666] legacy_get_tree+0xe9/0x170 [ 55.981608][ T2666] ? ntfs_rl_punch_nolock+0x1140/0x1140 [ 55.987565][ T2666] vfs_get_tree+0x7e/0x190 [ 55.991963][ T2666] do_new_mount+0x1e5/0x930 [ 55.996458][ T2666] ? do_move_mount_old+0x120/0x120 [ 56.001543][ T2666] __se_sys_mount+0x242/0x2d0 [ 56.006509][ T2666] ? __x64_sys_mount+0xc0/0xc0 [ 56.011686][ T2666] ? fpregs_assert_state_consistent+0x47/0x60 [ 56.017929][ T2666] do_syscall_64+0x45/0xe0 [ 56.022363][ T2666] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.028532][ T2666] RIP: 0033:0x7f659fe7e1ea [ 56.033221][ T2666] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 56.053335][ T2666] RSP: 002b:00007f65a0b0aee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 56.061824][ T2666] RAX: ffffffffffffffda RBX: 00007f65a0b0af80 RCX: 00007f659fe7e1ea [ 56.069779][ T2666] RDX: 0000000020000040 RSI: 000000002001f200 RDI: 00007f65a0b0af40 [ 56.077751][ T2666] RBP: 0000000020000040 R08: 00007f65a0b0af80 R09: 0000000000000000 [ 56.086221][ T2666] R10: 0000000000000000 R11: 0000000000000246 R12: 000000002001f200 [ 56.094177][ T2666] R13: 00007f65a0b0af40 R14: 000000000000097e R15: 0000000020000000 [ 56.102318][ T2666] [ 56.105333][ T2666] [ 56.107815][ T2666] The buggy address belongs to the physical page: [ 56.114736][ T2666] page:ffffea0001bae700 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6eb9c [ 56.125435][ T2666] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 56.132618][ T2666] page_type: 0xffffffff() [ 56.137011][ T2666] raw: 00fff00000000000 ffffea0001bae748 ffffea0001bae6c8 0000000000000000 [ 56.146047][ T2666] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 56.154952][ T2666] page dumped because: kasan: bad access detected [ 56.161338][ T2666] page_owner tracks the page as freed [ 56.166685][ T2666] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 2660, tgid 2658 (syz-executor.0), ts 55318645673, free_ts 55506696208 [ 56.183670][ T2666] post_alloc_hook+0x10b/0x130 [ 56.188411][ T2666] get_page_from_freelist+0x345c/0x35f0 [ 56.193929][ T2666] __alloc_pages+0x255/0x650 [ 56.198489][ T2666] alloc_pages_mpol+0x27f/0x4d0 [ 56.203309][ T2666] shmem_alloc_and_add_folio+0x2de/0xb60 [ 56.208913][ T2666] shmem_get_folio_gfp+0x581/0x14b0 [ 56.214079][ T2666] shmem_write_begin+0x148/0x3d0 [ 56.218987][ T2666] generic_perform_write+0x30c/0x580 [ 56.224418][ T2666] shmem_file_write_iter+0xb6/0xd0 [ 56.229502][ T2666] vfs_write+0x63a/0xc80 [ 56.233815][ T2666] ksys_write+0x163/0x250 [ 56.238133][ T2666] do_syscall_64+0x45/0xe0 [ 56.242529][ T2666] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.248409][ T2666] page last free stack trace: [ 56.253057][ T2666] free_unref_page_prepare+0x7f9/0x910 [ 56.258754][ T2666] free_unref_page_list+0x54b/0x7f0 [ 56.264023][ T2666] release_pages+0x194b/0x1b10 [ 56.268938][ T2666] __folio_batch_release+0x66/0xe0 [ 56.274029][ T2666] shmem_undo_range+0x50e/0x1520 [ 56.278950][ T2666] shmem_evict_inode+0x3b5/0x8b0 [ 56.283929][ T2666] evict+0x263/0x640 [ 56.287800][ T2666] __dentry_kill+0x380/0x5d0 [ 56.292365][ T2666] dentry_kill+0xbb/0x1e0 [ 56.297365][ T2666] dput+0x13c/0x2b0 [ 56.301224][ T2666] __fput+0x4d1/0x7e0 [ 56.305199][ T2666] task_work_run+0x20a/0x280 [ 56.309767][ T2666] exit_to_user_mode_loop+0xa9/0xc0 [ 56.314955][ T2666] exit_to_user_mode_prepare+0x64/0xb0 [ 56.320402][ T2666] syscall_exit_to_user_mode+0x2c/0x1e0 [ 56.326669][ T2666] do_syscall_64+0x52/0xe0 [ 56.331252][ T2666] [ 56.333555][ T2666] Memory state around the buggy address: [ 56.339158][ T2666] ffff88806eb9c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.347464][ T2666] ffff88806eb9c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.355600][ T2666] >ffff88806eb9c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.363980][ T2666] ^ [ 56.372374][ T2666] ffff88806eb9c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.380592][ T2666] ffff88806eb9c200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.388811][ T2666] ================================================================== [ 56.397194][ T2666] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.406052][ T2666] Kernel Offset: disabled [ 56.410357][ T2666] Rebooting in 86400 seconds..