[ 18.058275][ T3638] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.062330][ T3638] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.106657][ T1133] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.111443][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.252' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.688020][ T3968] loop0: detected capacity change from 0 to 4096 [ 42.728510][ T3968] ntfs: (device loop0): ntfs_is_extended_system_file(): Corrupt file name attribute. You should run chkdsk. [ 42.731167][ T3968] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. [ 42.733255][ T3968] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 42.736164][ T3968] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 42.746213][ T3968] ntfs: volume version 3.1. [ 42.748883][ T3968] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 42.751235][ T3968] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 42.753704][ T3968] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 42.759408][ T3968] ================================================================== [ 42.761350][ T3968] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xb60/0x2748 [ 42.762958][ T3968] Read of size 1 at addr ffff0000cfd36171 by task syz-executor137/3968 [ 42.764881][ T3968] [ 42.765458][ T3968] CPU: 0 PID: 3968 Comm: syz-executor137 Not tainted 5.15.115-syzkaller #0 [ 42.767514][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 42.769786][ T3968] Call trace: [ 42.770488][ T3968] dump_backtrace+0x0/0x530 [ 42.771547][ T3968] show_stack+0x2c/0x3c [ 42.772509][ T3968] dump_stack_lvl+0x108/0x170 [ 42.773632][ T3968] print_address_description+0x7c/0x3f0 [ 42.774907][ T3968] kasan_report+0x174/0x1e4 [ 42.776001][ T3968] __asan_report_load1_noabort+0x44/0x50 [ 42.777424][ T3968] ntfs_readdir+0xb60/0x2748 [ 42.778432][ T3968] iterate_dir+0x1f4/0x4e4 [ 42.779550][ T3968] __arm64_sys_getdents64+0x1c4/0x4c4 [ 42.780761][ T3968] invoke_syscall+0x98/0x2b8 [ 42.781796][ T3968] el0_svc_common+0x138/0x258 [ 42.782888][ T3968] do_el0_svc+0x58/0x14c [ 42.783785][ T3968] el0_svc+0x7c/0x1f0 [ 42.784711][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 42.785915][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 42.786913][ T3968] [ 42.787405][ T3968] Allocated by task 3968: [ 42.788424][ T3968] ____kasan_kmalloc+0xbc/0xfc [ 42.789520][ T3968] __kasan_kmalloc+0x10/0x1c [ 42.790568][ T3968] __kmalloc+0x29c/0x4c8 [ 42.791518][ T3968] ntfs_readdir+0x66c/0x2748 [ 42.792574][ T3968] iterate_dir+0x1f4/0x4e4 [ 42.793579][ T3968] __arm64_sys_getdents64+0x1c4/0x4c4 [ 42.794862][ T3968] invoke_syscall+0x98/0x2b8 [ 42.795954][ T3968] el0_svc_common+0x138/0x258 [ 42.797014][ T3968] do_el0_svc+0x58/0x14c [ 42.798063][ T3968] el0_svc+0x7c/0x1f0 [ 42.798959][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 42.800099][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 42.801097][ T3968] [ 42.801633][ T3968] The buggy address belongs to the object at ffff0000cfd36100 [ 42.801633][ T3968] which belongs to the cache kmalloc-128 of size 128 [ 42.804859][ T3968] The buggy address is located 113 bytes inside of [ 42.804859][ T3968] 128-byte region [ffff0000cfd36100, ffff0000cfd36180) [ 42.808096][ T3968] The buggy address belongs to the page: [ 42.809361][ T3968] page:000000003e22c994 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fd36 [ 42.811683][ T3968] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 42.813417][ T3968] raw: 05ffc00000000200 dead000000000100 dead000000000122 ffff0000c0002300 [ 42.815289][ T3968] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 42.817267][ T3968] page dumped because: kasan: bad access detected [ 42.818757][ T3968] [ 42.819245][ T3968] Memory state around the buggy address: [ 42.820558][ T3968] ffff0000cfd36000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.822327][ T3968] ffff0000cfd36080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.824126][ T3968] >ffff0000cfd36100: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 42.826087][ T3968] ^ [ 42.827818][ T3968] ffff0000cfd36180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.829615][ T3968] ffff0000cfd36200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.831529][ T3968] ================================================================== [ 42.833355][ T3968] Disabling lock debugging due to kernel taint