Warning: Permanently added '10.128.1.110' (ED25519) to the list of known hosts. 2023/07/24 22:04:37 ignoring optional flag "sandboxArg"="0" 2023/07/24 22:04:37 parsed 1 programs 2023/07/24 22:04:37 executed programs: 0 [ 47.674530][ T2647] loop0: detected capacity change from 0 to 4096 [ 47.682680][ T2647] syz-executor.0: attempt to access beyond end of device [ 47.682680][ T2647] loop0: rw=0, sector=32768, nr_sectors = 2 limit=4096 [ 47.696881][ T2647] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4000. [ 47.707316][ T2647] syz-executor.0: attempt to access beyond end of device [ 47.707316][ T2647] loop0: rw=0, sector=32770, nr_sectors = 2 limit=4096 [ 47.721305][ T2647] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4001. [ 47.731609][ T2647] syz-executor.0: attempt to access beyond end of device [ 47.731609][ T2647] loop0: rw=0, sector=32772, nr_sectors = 2 limit=4096 [ 47.745322][ T2647] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4002. [ 47.755721][ T2647] syz-executor.0: attempt to access beyond end of device [ 47.755721][ T2647] loop0: rw=0, sector=32774, nr_sectors = 2 limit=4096 [ 47.769545][ T2647] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4003. [ 47.779824][ T2647] ntfs: (device loop0): check_mft_mirror(): Failed to read $MFTMirr. [ 47.787887][ T2647] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 47.802563][ T2647] ntfs: (device loop0): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x0, type 0xb0, name_len 0). Marking corrupt inode and base inode 0x0 as bad. Run chkdsk. [ 47.823229][ T2647] ntfs: (device loop0): load_system_files(): Failed to load $MFT/$BITMAP attribute. [ 47.832654][ T2647] ntfs: (device loop0): ntfs_fill_super(): Failed to load system files. [ 47.901169][ T2649] loop0: detected capacity change from 0 to 4096 [ 47.909169][ T2649] syz-executor.0: attempt to access beyond end of device [ 47.909169][ T2649] loop0: rw=0, sector=32768, nr_sectors = 2 limit=4096 [ 47.923038][ T2649] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4000. [ 47.933291][ T2649] syz-executor.0: attempt to access beyond end of device [ 47.933291][ T2649] loop0: rw=0, sector=32770, nr_sectors = 2 limit=4096 [ 47.947067][ T2649] syz-executor.0: attempt to access beyond end of device [ 47.947067][ T2649] loop0: rw=0, sector=32772, nr_sectors = 2 limit=4096 [ 47.960798][ T2649] syz-executor.0: attempt to access beyond end of device [ 47.960798][ T2649] loop0: rw=0, sector=32774, nr_sectors = 2 limit=4096 [ 47.974768][ T2649] ================================================================== [ 47.982821][ T2649] BUG: KASAN: use-after-free in ntfs_attr_find+0x9cc/0xbf0 [ 47.989986][ T2649] Read of size 2 at addr ffff88806b42c152 by task syz-executor.0/2649 [ 47.998104][ T2649] [ 48.000419][ T2649] CPU: 1 PID: 2649 Comm: syz-executor.0 Not tainted 6.5.0-rc3-syzkaller #0 [ 48.008963][ T2649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 48.019096][ T2649] Call Trace: [ 48.022345][ T2649] [ 48.025244][ T2649] dump_stack_lvl+0x3d/0x60 [ 48.029735][ T2649] print_report+0xc4/0x620 [ 48.034113][ T2649] ? ntfs_attr_get_search_ctx+0x40/0x1e0 [ 48.039725][ T2649] kasan_report+0xda/0x110 [ 48.044106][ T2649] ? ntfs_attr_find+0x9cc/0xbf0 [ 48.048921][ T2649] ? ntfs_attr_find+0x9cc/0xbf0 [ 48.053732][ T2649] ntfs_attr_find+0x9cc/0xbf0 [ 48.058376][ T2649] ntfs_attr_lookup+0xe4e/0x22b0 [ 48.063303][ T2649] ? kasan_set_track+0x25/0x30 [ 48.068032][ T2649] ? rcu_is_watching+0x15/0xb0 [ 48.072772][ T2649] ? ntfs_attr_reinit_search_ctx+0x3a0/0x3a0 [ 48.078735][ T2649] ntfs_attr_iget+0x5f9/0x2510 [ 48.083464][ T2649] ? __ntfs_warning+0xcc/0x1f0 [ 48.088223][ T2649] ? __ntfs_init_inode+0x5d0/0x5d0 [ 48.093564][ T2649] ? ntfs_end_buffer_async_read+0x1150/0x1150 [ 48.099596][ T2649] ntfs_fill_super+0x1e37/0x7bf0 [ 48.104511][ T2649] ? load_and_init_usnjrnl+0xd80/0xd80 [ 48.109985][ T2649] ? snprintf+0xab/0xe0 [ 48.114114][ T2649] ? vsprintf+0x20/0x20 [ 48.118241][ T2649] ? sget+0x2ef/0x510 [ 48.122188][ T2649] ? load_and_init_usnjrnl+0xd80/0xd80 [ 48.127612][ T2649] mount_bdev+0x256/0x300 [ 48.131908][ T2649] ? ntfs_rl_punch_nolock+0x15d0/0x15d0 [ 48.137417][ T2649] legacy_get_tree+0xfe/0x1f0 [ 48.142074][ T2649] ? security_capable+0x67/0xa0 [ 48.146900][ T2649] vfs_get_tree+0x82/0x210 [ 48.151302][ T2649] path_mount+0x878/0x1a00 [ 48.155703][ T2649] ? finish_automount+0x720/0x720 [ 48.160691][ T2649] ? kmem_cache_free+0xe9/0x460 [ 48.165504][ T2649] ? getname_flags.part.0+0x88/0x430 [ 48.170762][ T2649] __x64_sys_mount+0x208/0x280 [ 48.175501][ T2649] ? copy_mnt_ns+0xa70/0xa70 [ 48.180049][ T2649] ? fpregs_assert_state_consistent+0x41/0x60 [ 48.186075][ T2649] do_syscall_64+0x38/0x80 [ 48.190452][ T2649] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.196305][ T2649] RIP: 0033:0x7fdbe2e7e05a [ 48.200686][ T2649] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 48.220254][ T2649] RSP: 002b:00007fdbe3c3eee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 48.228711][ T2649] RAX: ffffffffffffffda RBX: 00007fdbe3c3ef80 RCX: 00007fdbe2e7e05a [ 48.236643][ T2649] RDX: 000000002001f6c0 RSI: 000000002001f640 RDI: 00007fdbe3c3ef40 [ 48.244584][ T2649] RBP: 000000002001f6c0 R08: 00007fdbe3c3ef80 R09: 0000000000008703 [ 48.252527][ T2649] R10: 0000000000008703 R11: 0000000000000246 R12: 000000002001f640 [ 48.260460][ T2649] R13: 00007fdbe3c3ef40 R14: 000000000001f621 R15: 000000002001f700 [ 48.268397][ T2649] [ 48.271381][ T2649] [ 48.273670][ T2649] The buggy address belongs to the physical page: [ 48.280043][ T2649] page:ffffea0001ad0b00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6b42c [ 48.290148][ T2649] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 48.297218][ T2649] page_type: 0xffffffff() [ 48.301507][ T2649] raw: 00fff00000000000 ffffea0001aeb648 ffffea0001ad0088 0000000000000000 [ 48.310298][ T2649] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 48.319293][ T2649] page dumped because: kasan: bad access detected [ 48.325673][ T2649] page_owner tracks the page as freed [ 48.331188][ T2649] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 2649, tgid 2648 (syz-executor.0), ts 47888812802, free_ts 47901000047 [ 48.349988][ T2649] post_alloc_hook+0x281/0x2f0 [ 48.354725][ T2649] get_page_from_freelist+0xfcb/0x31e0 [ 48.360151][ T2649] __alloc_pages+0x1d0/0x470 [ 48.364881][ T2649] __folio_alloc+0x16/0x40 [ 48.369265][ T2649] vma_alloc_folio+0x10e/0x610 [ 48.373990][ T2649] __handle_mm_fault+0xd56/0x3110 [ 48.378978][ T2649] handle_mm_fault+0x239/0x5f0 [ 48.383705][ T2649] do_user_addr_fault+0x196/0x910 [ 48.388692][ T2649] exc_page_fault+0x5d/0xb0 [ 48.393157][ T2649] asm_exc_page_fault+0x26/0x30 [ 48.397970][ T2649] page last free stack trace: [ 48.402625][ T2649] free_unref_page_prepare+0x5aa/0xc40 [ 48.408047][ T2649] free_unref_page_list+0xe6/0xaa0 [ 48.413122][ T2649] release_pages+0x2a8/0x1040 [ 48.417847][ T2649] tlb_batch_pages_flush+0x79/0x140 [ 48.423009][ T2649] tlb_finish_mmu+0x114/0x6c0 [ 48.427664][ T2649] unmap_region+0x206/0x2d0 [ 48.432127][ T2649] do_vmi_align_munmap.constprop.0+0xbc8/0x1470 [ 48.438326][ T2649] __vm_munmap+0x11d/0x2d0 [ 48.442702][ T2649] __x64_sys_munmap+0x54/0x80 [ 48.447338][ T2649] do_syscall_64+0x38/0x80 [ 48.451715][ T2649] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.457571][ T2649] [ 48.459879][ T2649] Memory state around the buggy address: [ 48.465475][ T2649] ffff88806b42c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.473588][ T2649] ffff88806b42c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.481619][ T2649] >ffff88806b42c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.489661][ T2649] ^ [ 48.496316][ T2649] ffff88806b42c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.504339][ T2649] ffff88806b42c200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.512375][ T2649] ================================================================== [ 48.520830][ T2649] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 48.528963][ T2649] Kernel Offset: disabled [ 48.533258][ T2649] Rebooting in 86400 seconds..