Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts. 2023/07/20 07:04:55 ignoring optional flag "sandboxArg"="0" 2023/07/20 07:04:55 parsed 1 programs 2023/07/20 07:04:55 executed programs: 0 [ 50.466099][ T2014] loop0: detected capacity change from 0 to 4096 [ 50.486702][ T2014] ntfs: volume version 3.1. [ 50.493522][ T2014] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Directory index record with vcn 0x7824bc8b48000000 is corrupt. Corrupt inode 0x5. Run chkdsk. [ 50.509083][ T2014] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 50.520576][ T2014] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 50.592699][ T2016] loop0: detected capacity change from 0 to 4096 [ 50.619111][ T2016] ntfs: volume version 3.1. [ 50.625331][ T2016] ================================================================== [ 50.633388][ T2016] BUG: KASAN: use-after-free in ntfs_lookup_inode_by_name+0x2b7a/0x2cf0 [ 50.641810][ T2016] Read of size 8 at addr ffff88806928555a by task syz-executor.0/2016 [ 50.650013][ T2016] [ 50.652331][ T2016] CPU: 1 PID: 2016 Comm: syz-executor.0 Not tainted 5.15.120-syzkaller #0 [ 50.661407][ T2016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 50.671626][ T2016] Call Trace: [ 50.674901][ T2016] [ 50.677895][ T2016] dump_stack_lvl+0x41/0x5e [ 50.682372][ T2016] print_address_description.constprop.0.cold+0x6c/0x309 [ 50.689368][ T2016] ? ntfs_lookup_inode_by_name+0x2b7a/0x2cf0 [ 50.695379][ T2016] ? ntfs_lookup_inode_by_name+0x2b7a/0x2cf0 [ 50.701569][ T2016] kasan_report.cold+0x83/0xdf [ 50.706404][ T2016] ? ntfs_lookup_inode_by_name+0x2b7a/0x2cf0 [ 50.712385][ T2016] ntfs_lookup_inode_by_name+0x2b7a/0x2cf0 [ 50.718160][ T2016] ? rcu_is_watching+0x11/0xa0 [ 50.722978][ T2016] ? kfree+0x329/0x4e0 [ 50.727119][ T2016] ntfs_fill_super+0x5c0b/0x82d0 [ 50.732113][ T2016] ? load_and_init_usnjrnl+0xd90/0xd90 [ 50.737649][ T2016] ? snprintf+0x9e/0xd0 [ 50.741782][ T2016] ? vsprintf+0x10/0x10 [ 50.745904][ T2016] ? sget+0x390/0x470 [ 50.749858][ T2016] mount_bdev+0x2c3/0x3a0 [ 50.754150][ T2016] ? load_and_init_usnjrnl+0xd90/0xd90 [ 50.759842][ T2016] ? ntfs_rl_punch_nolock+0x1e60/0x1e60 [ 50.765705][ T2016] legacy_get_tree+0xfa/0x1f0 [ 50.770504][ T2016] ? security_capable+0x4c/0x90 [ 50.775354][ T2016] vfs_get_tree+0x83/0x1b0 [ 50.779874][ T2016] path_mount+0x41e/0x19f0 [ 50.784649][ T2016] ? finish_automount+0x7d0/0x7d0 [ 50.790229][ T2016] ? user_path_at_empty+0x40/0x50 [ 50.795356][ T2016] ? kmem_cache_free+0x7e/0x470 [ 50.800363][ T2016] ? rcu_is_watching+0x11/0xa0 [ 50.805395][ T2016] __x64_sys_mount+0x1f5/0x260 [ 50.810330][ T2016] ? copy_mnt_ns+0xd20/0xd20 [ 50.815142][ T2016] do_syscall_64+0x35/0x80 [ 50.819546][ T2016] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 50.825414][ T2016] RIP: 0033:0x7fc7e2b5e05a [ 50.830064][ T2016] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 50.849927][ T2016] RSP: 002b:00007fc7e26deee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 50.858317][ T2016] RAX: ffffffffffffffda RBX: 00007fc7e26def80 RCX: 00007fc7e2b5e05a [ 50.866276][ T2016] RDX: 000000002001ec80 RSI: 000000002001ecc0 RDI: 00007fc7e26def40 [ 50.874218][ T2016] RBP: 000000002001ec80 R08: 00007fc7e26def80 R09: 0000000000000000 [ 50.882405][ T2016] R10: 0000000000000000 R11: 0000000000000246 R12: 000000002001ecc0 [ 50.890479][ T2016] R13: 00007fc7e26def40 R14: 000000000001ec6a R15: 000000002001ed00 [ 50.898622][ T2016] [ 50.901620][ T2016] [ 50.903920][ T2016] The buggy address belongs to the page: [ 50.909532][ T2016] page:ffffea0001a4a140 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x69285 [ 50.919662][ T2016] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 50.926884][ T2016] raw: 00fff00000000000 ffffea0001a4a188 ffffea0001a4a108 0000000000000000 [ 50.935545][ T2016] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 50.944584][ T2016] page dumped because: kasan: bad access detected [ 50.951213][ T2016] page_owner tracks the page as freed [ 50.956659][ T2016] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 2016, ts 50555396104, free_ts 50563479937 [ 50.972267][ T2016] get_page_from_freelist+0x1334/0x2dc0 [ 50.977819][ T2016] __alloc_pages+0x1b2/0x440 [ 50.982650][ T2016] alloc_pages_vma+0xe0/0x650 [ 50.987303][ T2016] __handle_mm_fault+0x1ce9/0x3400 [ 50.992400][ T2016] handle_mm_fault+0x1c5/0x5b0 [ 50.997130][ T2016] do_user_addr_fault+0x298/0xcb0 [ 51.002208][ T2016] exc_page_fault+0x5a/0xb0 [ 51.006811][ T2016] asm_exc_page_fault+0x22/0x30 [ 51.011631][ T2016] page last free stack trace: [ 51.016269][ T2016] free_pcp_prepare+0x379/0x850 [ 51.021095][ T2016] free_unref_page_list+0x16f/0xca0 [ 51.026318][ T2016] release_pages+0xb3a/0x1480 [ 51.030958][ T2016] tlb_finish_mmu+0x127/0x790 [ 51.035612][ T2016] unmap_region+0x298/0x390 [ 51.040083][ T2016] __do_munmap+0x481/0x10c0 [ 51.044558][ T2016] __vm_munmap+0xd2/0x1a0 [ 51.048860][ T2016] __x64_sys_munmap+0x5d/0x80 [ 51.053529][ T2016] do_syscall_64+0x35/0x80 [ 51.057916][ T2016] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 51.063885][ T2016] [ 51.066180][ T2016] Memory state around the buggy address: [ 51.072005][ T2016] ffff888069285400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.080123][ T2016] ffff888069285480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.088246][ T2016] >ffff888069285500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.096430][ T2016] ^ [ 51.103332][ T2016] ffff888069285580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.111447][ T2016] ffff888069285600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.119737][ T2016] ================================================================== [ 51.127761][ T2016] Disabling lock debugging due to kernel taint [ 51.136624][ T2016] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 51.144224][ T2016] Kernel Offset: disabled [ 51.148572][ T2016] Rebooting in 86400 seconds..