Warning: Permanently added '10.128.10.24' (ED25519) to the list of known hosts. 2023/10/25 21:39:34 ignoring optional flag "sandboxArg"="0" 2023/10/25 21:39:34 parsed 1 programs 2023/10/25 21:39:34 executed programs: 0 [ 56.075974][ T2235] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 60.186746][ T2653] loop0: detected capacity change from 0 to 190 [ 60.194837][ T2653] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid boot sector checksum. [ 60.205423][ T2653] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 60.215920][ T2653] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 60.224307][ T2653] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 60.238145][ T2653] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 60.251360][ T2653] ntfs: (device loop0): ntfs_external_attr_find(): Base inode 0xa contains corrupt attribute list attribute. Unmount and run chkdsk. [ 60.265428][ T2653] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to lookup $DATA attribute. [ 60.275980][ T2653] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 60.289613][ T2653] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 60.301092][ T2653] ================================================================== [ 60.309715][ T2653] BUG: KASAN: use-after-free in ntfs_read_folio+0x7f0/0x1ff0 [ 60.317275][ T2653] Read of size 1 at addr ffff88806bb1317f by task syz-executor.0/2653 [ 60.325599][ T2653] [ 60.328022][ T2653] CPU: 1 PID: 2653 Comm: syz-executor.0 Not tainted 6.6.0-rc7-syzkaller #0 [ 60.337285][ T2653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 60.347596][ T2653] Call Trace: [ 60.350879][ T2653] [ 60.353953][ T2653] dump_stack_lvl+0xf8/0x260 [ 60.358749][ T2653] ? nf_tcp_handle_invalid+0x300/0x300 [ 60.364483][ T2653] ? panic+0x410/0x410 [ 60.368670][ T2653] ? _printk+0xce/0x110 [ 60.372918][ T2653] print_report+0x163/0x540 [ 60.377594][ T2653] ? lock_acquire+0xc2/0x3a0 [ 60.382169][ T2653] ? __lock_acquire+0xbe0/0xbe0 [ 60.387265][ T2653] ? ntfs_read_folio+0x7f0/0x1ff0 [ 60.392313][ T2653] kasan_report+0x175/0x1b0 [ 60.396892][ T2653] ? ntfs_read_folio+0x7f0/0x1ff0 [ 60.402106][ T2653] kasan_check_range+0x27e/0x290 [ 60.407048][ T2653] ? ntfs_read_folio+0x7f0/0x1ff0 [ 60.412053][ T2653] __asan_memcpy+0x29/0x70 [ 60.416453][ T2653] ntfs_read_folio+0x7f0/0x1ff0 [ 60.421386][ T2653] ? do_raw_spin_unlock+0x13b/0x8b0 [ 60.426566][ T2653] ? rcu_is_watching+0x1f/0x90 [ 60.431419][ T2653] ? folio_add_lru+0x184/0x530 [ 60.436168][ T2653] ? rcu_is_watching+0x1f/0x90 [ 60.440914][ T2653] ? folio_add_lru+0x184/0x530 [ 60.445660][ T2653] ? lock_acquire+0xc2/0x3a0 [ 60.450608][ T2653] ? __lock_acquire+0xbe0/0xbe0 [ 60.455470][ T2653] ? read_lock_is_recursive+0x20/0x20 [ 60.460943][ T2653] ? ntfs_writepage+0x14e0/0x14e0 [ 60.466138][ T2653] ? filemap_get_entry+0x341/0x3b0 [ 60.471240][ T2653] ? folio_add_lru+0x530/0x530 [ 60.476011][ T2653] ? folio_batch_add_and_move+0xc8/0x190 [ 60.481912][ T2653] ? folio_add_lru+0x184/0x530 [ 60.487391][ T2653] ? folio_add_lru+0x2ee/0x530 [ 60.492342][ T2653] filemap_read_folio+0x151/0x530 [ 60.497562][ T2653] ? ntfs_writepage+0x14e0/0x14e0 [ 60.502670][ T2653] ? maybe_unlock_mmap_for_io+0x1c0/0x1c0 [ 60.508828][ T2653] ? __filemap_get_folio+0x4b/0x680 [ 60.514013][ T2653] do_read_cache_folio+0x104/0x590 [ 60.519311][ T2653] ? ntfs_writepage+0x14e0/0x14e0 [ 60.524408][ T2653] read_cache_page+0x4f/0x90 [ 60.528980][ T2653] load_system_files+0x2292/0x48a0 [ 60.534075][ T2653] ? __mutex_unlock_slowpath+0x20d/0x5b0 [ 60.539953][ T2653] ? vmap+0x230/0x230 [ 60.543956][ T2653] ? ntfs_setup_allocators+0x250/0x250 [ 60.549583][ T2653] ? mutex_unlock+0x10/0x10 [ 60.554339][ T2653] ? __asan_memset+0x23/0x40 [ 60.559174][ T2653] ? generate_default_upcase+0x88/0x8f0 [ 60.564922][ T2653] ? vmalloc+0x74/0x80 [ 60.569429][ T2653] ntfs_fill_super+0x123f/0x23c0 [ 60.574466][ T2653] mount_bdev+0x1d6/0x290 [ 60.578987][ T2653] ? ntfs_mount+0x10/0x10 [ 60.583647][ T2653] ? get_tree_bdev+0x5b0/0x5b0 [ 60.589140][ T2653] ? vfs_parse_fs_string+0x17f/0x210 [ 60.594804][ T2653] ? vfs_parse_fs_param+0x380/0x380 [ 60.600432][ T2653] legacy_get_tree+0xe9/0x170 [ 60.605194][ T2653] ? ntfs_rl_punch_nolock+0x1140/0x1140 [ 60.611352][ T2653] vfs_get_tree+0x7e/0x190 [ 60.616210][ T2653] do_new_mount+0x1e5/0x8f0 [ 60.620721][ T2653] ? do_move_mount_old+0x120/0x120 [ 60.626227][ T2653] __se_sys_mount+0x242/0x2d0 [ 60.631321][ T2653] ? __x64_sys_mount+0xc0/0xc0 [ 60.636206][ T2653] ? fpregs_assert_state_consistent+0x47/0x60 [ 60.642935][ T2653] do_syscall_64+0x41/0x90 [ 60.647699][ T2653] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.653669][ T2653] RIP: 0033:0x7efc60a7e1ea [ 60.658156][ T2653] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 60.678186][ T2653] RSP: 002b:00007efc61899ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 60.687219][ T2653] RAX: ffffffffffffffda RBX: 00007efc61899f80 RCX: 00007efc60a7e1ea [ 60.695613][ T2653] RDX: 0000000020000040 RSI: 000000002001f200 RDI: 00007efc61899f40 [ 60.704267][ T2653] RBP: 0000000020000040 R08: 00007efc61899f80 R09: 0000000000000000 [ 60.712592][ T2653] R10: 0000000000000000 R11: 0000000000000246 R12: 000000002001f200 [ 60.720786][ T2653] R13: 00007efc61899f40 R14: 000000000000097e R15: 0000000020000000 [ 60.729209][ T2653] [ 60.732234][ T2653] [ 60.734634][ T2653] The buggy address belongs to the physical page: [ 60.741137][ T2653] page:ffffea0001aec4c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6bb13 [ 60.751458][ T2653] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 60.758727][ T2653] page_type: 0xffffffff() [ 60.763044][ T2653] raw: 00fff00000000000 ffffea0001be9688 ffffea0001aec9c8 0000000000000000 [ 60.771658][ T2653] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 60.780587][ T2653] page dumped because: kasan: bad access detected [ 60.786995][ T2653] page_owner tracks the page as freed [ 60.792521][ T2653] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 2250, tgid 2250 (modprobe), ts 56189476528, free_ts 56197618124 [ 60.811454][ T2653] post_alloc_hook+0x26e/0x290 [ 60.816677][ T2653] get_page_from_freelist+0x3201/0x33a0 [ 60.822293][ T2653] __alloc_pages+0x255/0x650 [ 60.827069][ T2653] __folio_alloc+0x13/0x30 [ 60.831678][ T2653] vma_alloc_folio+0x48e/0x9f0 [ 60.836885][ T2653] handle_mm_fault+0x20d3/0x4a30 [ 60.842015][ T2653] exc_page_fault+0x354/0x8b0 [ 60.847231][ T2653] asm_exc_page_fault+0x26/0x30 [ 60.852270][ T2653] page last free stack trace: [ 60.857166][ T2653] free_unref_page_prepare+0x7cd/0x8f0 [ 60.862626][ T2653] free_unref_page_list+0x54b/0x7e0 [ 60.868055][ T2653] release_pages+0x194a/0x1af0 [ 60.873150][ T2653] tlb_flush_mmu+0x273/0x3d0 [ 60.878029][ T2653] tlb_finish_mmu+0xb6/0x1c0 [ 60.882703][ T2653] exit_mmap+0x43e/0x990 [ 60.887045][ T2653] __mmput+0x9b/0x2d0 [ 60.891027][ T2653] exit_mm+0x113/0x1b0 [ 60.895101][ T2653] do_exit+0x7cf/0x2350 [ 60.899256][ T2653] do_group_exit+0x1b9/0x280 [ 60.903924][ T2653] __x64_sys_exit_group+0x3f/0x40 [ 60.909139][ T2653] do_syscall_64+0x41/0x90 [ 60.913809][ T2653] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.920035][ T2653] [ 60.922349][ T2653] Memory state around the buggy address: [ 60.928159][ T2653] ffff88806bb13000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.936721][ T2653] ffff88806bb13080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.945643][ T2653] >ffff88806bb13100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.953773][ T2653] ^ [ 60.961907][ T2653] ffff88806bb13180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.970013][ T2653] ffff88806bb13200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.978236][ T2653] ================================================================== [ 60.986811][ T2653] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.994786][ T2653] Kernel Offset: disabled [ 60.999213][ T2653] Rebooting in 86400 seconds..