Warning: Permanently added '10.128.1.80' (ED25519) to the list of known hosts. 2023/11/30 00:45:37 ignoring optional flag "sandboxArg"="0" 2023/11/30 00:45:37 parsed 1 programs 2023/11/30 00:45:37 executed programs: 0 [ 55.351517][ T1996] loop0: detected capacity change from 0 to 4096 [ 55.372757][ T1996] ntfs: volume version 3.1. [ 55.379849][ T1996] ================================================================== [ 55.388107][ T1996] BUG: KASAN: use-after-free in ntfs_lookup_inode_by_name+0xfd8/0x2e80 [ 55.396646][ T1996] Read of size 8 at addr ffff88806a77a55a by task syz-executor.0/1996 [ 55.404893][ T1996] [ 55.407293][ T1996] CPU: 1 PID: 1996 Comm: syz-executor.0 Not tainted 6.1.64-syzkaller #0 [ 55.415791][ T1996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 55.426004][ T1996] Call Trace: [ 55.429282][ T1996] [ 55.432192][ T1996] dump_stack_lvl+0xf4/0x251 [ 55.437103][ T1996] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 55.442627][ T1996] ? panic+0x3f7/0x3f7 [ 55.446670][ T1996] ? _printk+0xca/0x10a [ 55.450895][ T1996] print_report+0x15f/0x4f0 [ 55.455563][ T1996] ? __kasan_slab_alloc+0x65/0x70 [ 55.460562][ T1996] ? ntfs_lookup_inode_by_name+0xfd8/0x2e80 [ 55.466562][ T1996] kasan_report+0x136/0x160 [ 55.471358][ T1996] ? ntfs_lookup_inode_by_name+0xfd8/0x2e80 [ 55.477501][ T1996] ntfs_lookup_inode_by_name+0xfd8/0x2e80 [ 55.484112][ T1996] ? rcu_is_watching+0x1b/0x90 [ 55.489051][ T1996] ? lock_acquire+0xbe/0x390 [ 55.493634][ T1996] ? __down_write_common+0x12a/0x1e0 [ 55.499351][ T1996] check_windows_hibernation_status+0xfc/0x560 [ 55.505655][ T1996] ? ntfs_test_inode+0x230/0x230 [ 55.510571][ T1996] ? load_and_check_logfile+0xc0/0xc0 [ 55.516006][ T1996] ? load_system_files+0x34e8/0x4880 [ 55.521266][ T1996] ? rcu_is_watching+0x1b/0x90 [ 55.526088][ T1996] load_system_files+0x35a0/0x4880 [ 55.531282][ T1996] ? ntfs_setup_allocators+0x250/0x250 [ 55.536739][ T1996] ? generate_default_upcase+0x66/0x8e0 [ 55.542277][ T1996] ? vmalloc+0x70/0x80 [ 55.546496][ T1996] ntfs_fill_super+0x1239/0x23c0 [ 55.551565][ T1996] mount_bdev+0x26b/0x340 [ 55.555956][ T1996] ? ntfs_mount+0x10/0x10 [ 55.560348][ T1996] legacy_get_tree+0xe5/0x170 [ 55.565114][ T1996] ? ntfs_rl_punch_nolock+0x1130/0x1130 [ 55.570659][ T1996] vfs_get_tree+0x7a/0x170 [ 55.575063][ T1996] do_new_mount+0x1e1/0x8f0 [ 55.579554][ T1996] ? do_move_mount_old+0x120/0x120 [ 55.584816][ T1996] __se_sys_mount+0x23e/0x2d0 [ 55.589554][ T1996] ? __x64_sys_mount+0xc0/0xc0 [ 55.594638][ T1996] ? switch_fpu_return+0xc9/0x130 [ 55.599894][ T1996] do_syscall_64+0x3d/0x80 [ 55.604285][ T1996] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.610254][ T1996] RIP: 0033:0x7ff76187e05a [ 55.614910][ T1996] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.634665][ T1996] RSP: 002b:00007ff76257bee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 55.643236][ T1996] RAX: ffffffffffffffda RBX: 00007ff76257bf80 RCX: 00007ff76187e05a [ 55.651448][ T1996] RDX: 000000002001ec80 RSI: 000000002001ecc0 RDI: 00007ff76257bf40 [ 55.660126][ T1996] RBP: 000000002001ec80 R08: 00007ff76257bf80 R09: 0000000000000000 [ 55.668436][ T1996] R10: 0000000000000000 R11: 0000000000000246 R12: 000000002001ecc0 [ 55.676387][ T1996] R13: 00007ff76257bf40 R14: 000000000001ec6a R15: 000000002001ed00 [ 55.684340][ T1996] [ 55.687515][ T1996] [ 55.689833][ T1996] The buggy address belongs to the physical page: [ 55.696241][ T1996] page:ffffea0001a9de80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6a77a [ 55.706635][ T1996] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 55.713836][ T1996] raw: 00fff00000000000 ffffea0001a9dec8 ffffea0001a9de48 0000000000000000 [ 55.722847][ T1996] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 55.731432][ T1996] page dumped because: kasan: bad access detected [ 55.737925][ T1996] page_owner tracks the page as freed [ 55.743278][ T1996] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1996, tgid 1994 (syz-executor.0), ts 55340805060, free_ts 55350996778 [ 55.763421][ T1996] post_alloc_hook+0x286/0x2b0 [ 55.768710][ T1996] get_page_from_freelist+0x2fdd/0x3170 [ 55.775111][ T1996] __alloc_pages+0x251/0x640 [ 55.779771][ T1996] __folio_alloc+0xf/0x30 [ 55.784419][ T1996] vma_alloc_folio+0x484/0x9e0 [ 55.789238][ T1996] wp_page_copy+0x1f9/0x1970 [ 55.793885][ T1996] handle_mm_fault+0x1f58/0x4260 [ 55.798802][ T1996] exc_page_fault+0x22a/0x5e0 [ 55.803538][ T1996] asm_exc_page_fault+0x22/0x30 [ 55.808359][ T1996] page last free stack trace: [ 55.813435][ T1996] free_unref_page_prepare+0xd4b/0xee0 [ 55.818874][ T1996] free_unref_page_list+0x54b/0x7e0 [ 55.824151][ T1996] release_pages+0x175c/0x1900 [ 55.828886][ T1996] tlb_flush_mmu+0xe5/0x1d0 [ 55.833447][ T1996] tlb_finish_mmu+0xb0/0x1b0 [ 55.838096][ T1996] unmap_region+0x265/0x2b0 [ 55.842601][ T1996] do_mas_align_munmap+0xa6c/0x11e0 [ 55.847788][ T1996] do_mas_munmap+0x195/0x1f0 [ 55.852448][ T1996] __vm_munmap+0x236/0x300 [ 55.856856][ T1996] __x64_sys_munmap+0x57/0x60 [ 55.861528][ T1996] do_syscall_64+0x3d/0x80 [ 55.865932][ T1996] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.871841][ T1996] [ 55.874322][ T1996] Memory state around the buggy address: [ 55.880016][ T1996] ffff88806a77a400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.888697][ T1996] ffff88806a77a480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.897259][ T1996] >ffff88806a77a500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.906991][ T1996] ^ [ 55.914111][ T1996] ffff88806a77a580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.922330][ T1996] ffff88806a77a600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.930737][ T1996] ================================================================== [ 55.939361][ T1996] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.947333][ T1996] Kernel Offset: disabled [ 55.952362][ T1996] Rebooting in 86400 seconds..