Warning: Permanently added '10.128.1.185' (ECDSA) to the list of known hosts. executing program [ 34.898993][ T4216] loop0: detected capacity change from 0 to 4096 [ 34.903773][ T4216] ntfs: (device loop0): ntfs_is_extended_system_file(): Corrupt file name attribute. You should run chkdsk. [ 34.906342][ T4216] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. [ 34.908166][ T4216] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 34.910817][ T4216] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 34.918521][ T4216] ntfs: volume version 3.1. [ 34.920746][ T4216] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 34.922750][ T4216] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 34.925099][ T4216] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 34.930264][ T4216] ================================================================== [ 34.931861][ T4216] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xb00/0x2be8 [ 34.933269][ T4216] Read of size 1 at addr ffff0000c937c771 by task syz-executor427/4216 [ 34.934936][ T4216] [ 34.935439][ T4216] CPU: 1 PID: 4216 Comm: syz-executor427 Not tainted 6.1.32-syzkaller #0 [ 34.937098][ T4216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 34.939132][ T4216] Call trace: [ 34.939836][ T4216] dump_backtrace+0x1c8/0x1f4 [ 34.940825][ T4216] show_stack+0x2c/0x3c [ 34.941685][ T4216] dump_stack_lvl+0x108/0x170 [ 34.942642][ T4216] print_report+0x174/0x4c0 [ 34.943558][ T4216] kasan_report+0xd4/0x130 [ 34.944516][ T4216] __asan_report_load1_noabort+0x2c/0x38 [ 34.945731][ T4216] ntfs_readdir+0xb00/0x2be8 [ 34.946718][ T4216] iterate_dir+0x1f4/0x4e4 [ 34.947652][ T4216] __arm64_sys_getdents64+0x1c4/0x4a0 [ 34.948755][ T4216] invoke_syscall+0x98/0x2c0 [ 34.949696][ T4216] el0_svc_common+0x138/0x258 [ 34.950710][ T4216] do_el0_svc+0x64/0x218 [ 34.951570][ T4216] el0_svc+0x58/0x168 [ 34.952522][ T4216] el0t_64_sync_handler+0x84/0xf0 [ 34.953574][ T4216] el0t_64_sync+0x18c/0x190 [ 34.954551][ T4216] [ 34.955081][ T4216] Allocated by task 4216: [ 34.955961][ T4216] kasan_set_track+0x4c/0x80 [ 34.956893][ T4216] kasan_save_alloc_info+0x24/0x30 [ 34.957948][ T4216] __kasan_kmalloc+0xac/0xc4 [ 34.958920][ T4216] __kmalloc+0xd8/0x1c4 [ 34.959766][ T4216] ntfs_readdir+0x65c/0x2be8 [ 34.960739][ T4216] iterate_dir+0x1f4/0x4e4 [ 34.961626][ T4216] __arm64_sys_getdents64+0x1c4/0x4a0 [ 34.962747][ T4216] invoke_syscall+0x98/0x2c0 [ 34.963678][ T4216] el0_svc_common+0x138/0x258 [ 34.964674][ T4216] do_el0_svc+0x64/0x218 [ 34.965517][ T4216] el0_svc+0x58/0x168 [ 34.966348][ T4216] el0t_64_sync_handler+0x84/0xf0 [ 34.967387][ T4216] el0t_64_sync+0x18c/0x190 [ 34.968300][ T4216] [ 34.968778][ T4216] Last potentially related work creation: [ 34.969989][ T4216] kasan_save_stack+0x40/0x70 [ 34.970950][ T4216] __kasan_record_aux_stack+0xcc/0xe8 [ 34.972091][ T4216] kasan_record_aux_stack_noalloc+0x14/0x20 [ 34.973290][ T4216] kvfree_call_rcu+0xb4/0x714 [ 34.974274][ T4216] kernfs_unlink_open_file+0x398/0x448 [ 34.975459][ T4216] kernfs_fop_release+0x130/0x198 [ 34.976495][ T4216] __fput+0x30c/0x7bc [ 34.977343][ T4216] ____fput+0x20/0x30 [ 34.978126][ T4216] task_work_run+0x240/0x2f0 [ 34.979109][ T4216] do_notify_resume+0x2144/0x3470 [ 34.980158][ T4216] el0_svc+0x9c/0x168 [ 34.980970][ T4216] el0t_64_sync_handler+0x84/0xf0 [ 34.981974][ T4216] el0t_64_sync+0x18c/0x190 [ 34.982974][ T4216] [ 34.983441][ T4216] The buggy address belongs to the object at ffff0000c937c700 [ 34.983441][ T4216] which belongs to the cache kmalloc-128 of size 128 [ 34.986371][ T4216] The buggy address is located 113 bytes inside of [ 34.986371][ T4216] 128-byte region [ffff0000c937c700, ffff0000c937c780) [ 34.989211][ T4216] [ 34.989683][ T4216] The buggy address belongs to the physical page: [ 34.991021][ T4216] page:00000000259bfe20 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10937c [ 34.993133][ T4216] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 34.994859][ T4216] raw: 05ffc00000000200 fffffc000366ac00 dead000000000003 ffff0000c0002300 [ 34.996634][ T4216] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 34.998455][ T4216] page dumped because: kasan: bad access detected [ 34.999835][ T4216] [ 35.000333][ T4216] Memory state around the buggy address: [ 35.001464][ T4216] ffff0000c937c600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.003058][ T4216] ffff0000c937c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.004782][ T4216] >ffff0000c937c700: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 35.006424][ T4216] ^ [ 35.007983][ T4216] ffff0000c937c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.009776][ T4216] ffff0000c937c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.011495][ T4216] ================================================================== [ 35.014061][ T4216] Disabling lock debugging due to kernel taint