Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. executing program [ 29.857711] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 29.872850] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 29.885448] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 29.910627] ntfs: volume version 3.1. [ 29.914491] ntfs: (device loop0): ntfs_check_logfile(): $LogFile is too small. [ 29.922135] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 29.935420] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 29.944644] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 29.955245] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 29.970813] ntfs: (device loop0): map_mft_record_page(): Attempt to read mft record 0x10000, which is beyond the end of the mft. This is probably a bug in the ntfs driver. [ 29.987664] ntfs: (device loop0): map_mft_record(): Failed with error code 2. [ 29.996405] ================================================================== [ 30.003868] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0x2fd3/0x37f0 [ 30.010698] Read of size 1 at addr ffff8880b3f10971 by task syz-executor223/7964 [ 30.018235] [ 30.019861] CPU: 0 PID: 7964 Comm: syz-executor223 Not tainted 4.14.302-syzkaller #0 [ 30.027726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 30.037505] Call Trace: [ 30.040160] dump_stack+0x1b2/0x281 [ 30.044036] print_address_description.cold+0x54/0x1d3 [ 30.049285] kasan_report_error.cold+0x8a/0x191 [ 30.053929] ? ntfs_readdir+0x2fd3/0x37f0 [ 30.058080] __asan_report_load1_noabort+0x68/0x70 [ 30.063607] ? ntfs_readdir+0x2fd3/0x37f0 [ 30.067908] ntfs_readdir+0x2fd3/0x37f0 [ 30.071861] ? __fsnotify_inode_delete+0x20/0x20 [ 30.076751] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 30.083403] ? lock_acquire+0x170/0x3f0 [ 30.087357] ? iterate_dir+0x387/0x5e0 [ 30.091488] ? ntfs_dir_fsync+0x3b0/0x3b0 [ 30.095611] iterate_dir+0x478/0x5e0 [ 30.099310] SyS_getdents64+0x125/0x230 [ 30.103264] ? SyS_getdents+0x240/0x240 [ 30.107211] ? filldir+0x390/0x390 [ 30.110727] ? do_syscall_64+0x4c/0x640 [ 30.114707] ? SyS_getdents+0x240/0x240 [ 30.118657] do_syscall_64+0x1d5/0x640 [ 30.122566] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.127754] RIP: 0033:0x7fd4c153a789 [ 30.131440] RSP: 002b:00007ffca8591da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 30.139252] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd4c153a789 [ 30.146522] RDX: 0000000000000098 RSI: 0000000020000080 RDI: 0000000000000004 [ 30.153774] RBP: 00007fd4c14fa020 R08: 0000000000000000 R09: 0000000000000000 [ 30.161173] R10: 000000000001e706 R11: 0000000000000246 R12: 00007fd4c14fa0b0 [ 30.168535] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.175794] [ 30.177595] Allocated by task 7964: [ 30.181237] kasan_kmalloc+0xeb/0x160 [ 30.185028] __kmalloc+0x15a/0x400 [ 30.188546] ntfs_readdir+0x37d/0x37f0 [ 30.192423] iterate_dir+0x478/0x5e0 [ 30.196119] SyS_getdents64+0x125/0x230 [ 30.200074] do_syscall_64+0x1d5/0x640 [ 30.203946] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.209211] [ 30.210822] Freed by task 17: [ 30.213906] kasan_slab_free+0xc3/0x1a0 [ 30.217854] kfree+0xc9/0x250 [ 30.220933] __d_free_external+0x3f/0x60 [ 30.225015] rcu_process_callbacks+0x780/0x1180 [ 30.230008] __do_softirq+0x24d/0x9ff [ 30.233785] [ 30.235472] The buggy address belongs to the object at ffff8880b3f10900 [ 30.235472] which belongs to the cache kmalloc-64 of size 64 [ 30.247955] The buggy address is located 49 bytes to the right of [ 30.247955] 64-byte region [ffff8880b3f10900, ffff8880b3f10940) [ 30.262261] The buggy address belongs to the page: [ 30.267174] page:ffffea0002cfc400 count:1 mapcount:0 mapping:ffff8880b3f10000 index:0x0 [ 30.275564] flags: 0xfff00000000100(slab) [ 30.279688] raw: 00fff00000000100 ffff8880b3f10000 0000000000000000 0000000100000020 [ 30.287545] raw: ffffea0002a77620 ffffea0002598ea0 ffff88813fe74340 0000000000000000 [ 30.295655] page dumped because: kasan: bad access detected [ 30.301421] [ 30.303580] Memory state around the buggy address: [ 30.309491] ffff8880b3f10800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 30.316831] ffff8880b3f10880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.324519] >ffff8880b3f10900: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 30.331937] ^ [ 30.338921] ffff8880b3f10980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 30.346250] ffff8880b3f10a00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.353592] ================================================================== [ 30.360952] Disabling lock debugging due to kernel taint [ 30.366582] Kernel panic - not syncing: panic_on_warn set ... [ 30.366582] [ 30.374372] CPU: 0 PID: 7964 Comm: syz-executor223 Tainted: G B 4.14.302-syzkaller #0 [ 30.383546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 30.392975] Call Trace: [ 30.395540] dump_stack+0x1b2/0x281 [ 30.399226] panic+0x1f9/0x42d [ 30.402392] ? add_taint.cold+0x16/0x16 [ 30.406337] ? ___preempt_schedule+0x16/0x18 [ 30.410737] kasan_end_report+0x43/0x49 [ 30.414709] kasan_report_error.cold+0xa7/0x191 [ 30.419364] ? ntfs_readdir+0x2fd3/0x37f0 [ 30.423498] __asan_report_load1_noabort+0x68/0x70 [ 30.428409] ? ntfs_readdir+0x2fd3/0x37f0 [ 30.432544] ntfs_readdir+0x2fd3/0x37f0 [ 30.436612] ? __fsnotify_inode_delete+0x20/0x20 [ 30.442170] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 30.449018] ? lock_acquire+0x170/0x3f0 [ 30.453081] ? iterate_dir+0x387/0x5e0 [ 30.457033] ? ntfs_dir_fsync+0x3b0/0x3b0 [ 30.461164] iterate_dir+0x478/0x5e0 [ 30.464880] SyS_getdents64+0x125/0x230 [ 30.468828] ? SyS_getdents+0x240/0x240 [ 30.473182] ? filldir+0x390/0x390 [ 30.476744] ? do_syscall_64+0x4c/0x640 [ 30.480718] ? SyS_getdents+0x240/0x240 [ 30.484703] do_syscall_64+0x1d5/0x640 [ 30.488596] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.493765] RIP: 0033:0x7fd4c153a789 [ 30.497463] RSP: 002b:00007ffca8591da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 30.505797] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd4c153a789 [ 30.513308] RDX: 0000000000000098 RSI: 0000000020000080 RDI: 0000000000000004 [ 30.520969] RBP: 00007fd4c14fa020 R08: 0000000000000000 R09: 0000000000000000 [ 30.528651] R10: 000000000001e706 R11: 0000000000000246 R12: 00007fd4c14fa0b0 [ 30.536040] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.543504] Kernel Offset: disabled [ 30.547419] Rebooting in 86400 seconds..