[ 18.291929][ T3637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.295676][ T3637] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.341186][ T334] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.344381][ T3550] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 44.138363][ T3961] loop0: detected capacity change from 0 to 4096 [ 44.144758][ T3961] ntfs: (device loop0): ntfs_is_extended_system_file(): Corrupt file name attribute. You should run chkdsk. [ 44.147180][ T3961] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. [ 44.149020][ T3961] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 44.152165][ T3961] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 44.161651][ T3961] ntfs: volume version 3.1. [ 44.164322][ T3961] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 44.166458][ T3961] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 44.168958][ T3961] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 44.174773][ T3961] ================================================================== [ 44.176548][ T3961] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xb60/0x2748 [ 44.178142][ T3961] Read of size 1 at addr ffff0000c11ec071 by task syz-executor195/3961 [ 44.179854][ T3961] [ 44.180321][ T3961] CPU: 0 PID: 3961 Comm: syz-executor195 Not tainted 5.15.115-syzkaller #0 [ 44.182230][ T3961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 44.184483][ T3961] Call trace: [ 44.185237][ T3961] dump_backtrace+0x0/0x530 [ 44.186188][ T3961] show_stack+0x2c/0x3c [ 44.187059][ T3961] dump_stack_lvl+0x108/0x170 [ 44.188098][ T3961] print_address_description+0x7c/0x3f0 [ 44.189229][ T3961] kasan_report+0x174/0x1e4 [ 44.190177][ T3961] __asan_report_load1_noabort+0x44/0x50 [ 44.191344][ T3961] ntfs_readdir+0xb60/0x2748 [ 44.192373][ T3961] iterate_dir+0x1f4/0x4e4 [ 44.193380][ T3961] __arm64_sys_getdents64+0x1c4/0x4c4 [ 44.194549][ T3961] invoke_syscall+0x98/0x2b8 [ 44.195603][ T3961] el0_svc_common+0x138/0x258 [ 44.196634][ T3961] do_el0_svc+0x58/0x14c [ 44.197615][ T3961] el0_svc+0x7c/0x1f0 [ 44.198497][ T3961] el0t_64_sync_handler+0x84/0xe4 [ 44.199581][ T3961] el0t_64_sync+0x1a0/0x1a4 [ 44.200512][ T3961] [ 44.201036][ T3961] Allocated by task 3961: [ 44.201994][ T3961] ____kasan_kmalloc+0xbc/0xfc [ 44.203077][ T3961] __kasan_kmalloc+0x10/0x1c [ 44.204113][ T3961] __kmalloc+0x29c/0x4c8 [ 44.205085][ T3961] ntfs_readdir+0x66c/0x2748 [ 44.206133][ T3961] iterate_dir+0x1f4/0x4e4 [ 44.207051][ T3961] __arm64_sys_getdents64+0x1c4/0x4c4 [ 44.208242][ T3961] invoke_syscall+0x98/0x2b8 [ 44.209251][ T3961] el0_svc_common+0x138/0x258 [ 44.210322][ T3961] do_el0_svc+0x58/0x14c [ 44.211273][ T3961] el0_svc+0x7c/0x1f0 [ 44.212163][ T3961] el0t_64_sync_handler+0x84/0xe4 [ 44.213305][ T3961] el0t_64_sync+0x1a0/0x1a4 [ 44.214264][ T3961] [ 44.214776][ T3961] The buggy address belongs to the object at ffff0000c11ec000 [ 44.214776][ T3961] which belongs to the cache kmalloc-128 of size 128 [ 44.217908][ T3961] The buggy address is located 113 bytes inside of [ 44.217908][ T3961] 128-byte region [ffff0000c11ec000, ffff0000c11ec080) [ 44.220762][ T3961] The buggy address belongs to the page: [ 44.221970][ T3961] page:000000002b07e914 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1011ec [ 44.224251][ T3961] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 44.225971][ T3961] raw: 05ffc00000000200 dead000000000100 dead000000000122 ffff0000c0002300 [ 44.227861][ T3961] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 44.229777][ T3961] page dumped because: kasan: bad access detected [ 44.231175][ T3961] [ 44.231685][ T3961] Memory state around the buggy address: [ 44.232978][ T3961] ffff0000c11ebf00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 44.234760][ T3961] ffff0000c11ebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.236504][ T3961] >ffff0000c11ec000: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 44.238254][ T3961] ^ [ 44.239937][ T3961] ffff0000c11ec080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.241693][ T3961] ffff0000c11ec100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.243501][ T3961] ================================================================== [ 44.245313][ T3961] Disabling lock debugging due to kernel taint