Warning: Permanently added '10.128.0.193' (ED25519) to the list of known hosts. executing program [ 31.156258][ T6162] loop0: detected capacity change from 0 to 4096 [ 31.162738][ T6162] ntfs: (device loop0): check_mft_mirror(): Incomplete multi sector transfer detected in mft mirror record 0. [ 31.165704][ T6162] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 31.169291][ T6162] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 31.172504][ T6162] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 31.175902][ T6162] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 31.179700][ T6162] ntfs: volume version 3.1. [ 31.183189][ T6162] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 31.186539][ T6162] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 31.190376][ T6162] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 31.193398][ T6162] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 31.196360][ T6162] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 31.201651][ T6162] ================================================================== [ 31.203701][ T6162] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xb00/0x2bf0 [ 31.205617][ T6162] Read of size 1 at addr ffff0000cfc16271 by task syz-executor217/6162 [ 31.207720][ T6162] [ 31.208344][ T6162] CPU: 1 PID: 6162 Comm: syz-executor217 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 31.210813][ T6162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 31.213490][ T6162] Call trace: [ 31.214331][ T6162] dump_backtrace+0x1b8/0x1e4 [ 31.215587][ T6162] show_stack+0x2c/0x3c [ 31.216694][ T6162] dump_stack_lvl+0xd0/0x124 [ 31.217902][ T6162] print_report+0x178/0x518 [ 31.219147][ T6162] kasan_report+0xd8/0x138 [ 31.220303][ T6162] __asan_report_load1_noabort+0x20/0x2c [ 31.221698][ T6162] ntfs_readdir+0xb00/0x2bf0 [ 31.223017][ T6162] wrap_directory_iterator+0xa8/0xf4 [ 31.224398][ T6162] shared_ntfs_readdir+0x30/0x40 [ 31.225694][ T6162] iterate_dir+0x3f8/0x580 [ 31.226869][ T6162] __arm64_sys_getdents64+0x1c4/0x4a0 [ 31.228254][ T6162] invoke_syscall+0x98/0x2b8 [ 31.229425][ T6162] el0_svc_common+0x130/0x23c [ 31.230631][ T6162] do_el0_svc+0x48/0x58 [ 31.231699][ T6162] el0_svc+0x54/0x168 [ 31.232723][ T6162] el0t_64_sync_handler+0x84/0xfc [ 31.234064][ T6162] el0t_64_sync+0x190/0x194 [ 31.235242][ T6162] [ 31.235878][ T6162] Allocated by task 6162: [ 31.236954][ T6162] kasan_save_track+0x40/0x78 [ 31.238202][ T6162] kasan_save_alloc_info+0x40/0x50 [ 31.239590][ T6162] __kasan_kmalloc+0xac/0xc4 [ 31.240805][ T6162] __kmalloc+0x2bc/0x5d4 [ 31.241906][ T6162] ntfs_readdir+0x65c/0x2bf0 [ 31.243085][ T6162] wrap_directory_iterator+0xa8/0xf4 [ 31.244481][ T6162] shared_ntfs_readdir+0x30/0x40 [ 31.245822][ T6162] iterate_dir+0x3f8/0x580 [ 31.246947][ T6162] __arm64_sys_getdents64+0x1c4/0x4a0 [ 31.248384][ T6162] invoke_syscall+0x98/0x2b8 [ 31.249596][ T6162] el0_svc_common+0x130/0x23c [ 31.250721][ T6162] do_el0_svc+0x48/0x58 [ 31.251795][ T6162] el0_svc+0x54/0x168 [ 31.252819][ T6162] el0t_64_sync_handler+0x84/0xfc [ 31.254155][ T6162] el0t_64_sync+0x190/0x194 [ 31.255284][ T6162] [ 31.255893][ T6162] The buggy address belongs to the object at ffff0000cfc16200 [ 31.255893][ T6162] which belongs to the cache kmalloc-64 of size 64 [ 31.259535][ T6162] The buggy address is located 57 bytes to the right of [ 31.259535][ T6162] allocated 56-byte region [ffff0000cfc16200, ffff0000cfc16238) [ 31.263295][ T6162] [ 31.263892][ T6162] The buggy address belongs to the physical page: [ 31.265562][ T6162] page:000000005c730d7a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fc16 [ 31.268234][ T6162] ksm flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff) [ 31.270297][ T6162] page_type: 0xffffffff() [ 31.271456][ T6162] raw: 05ffc00000000800 ffff0000c0001640 fffffdffc3303540 dead000000000003 [ 31.273711][ T6162] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 31.275940][ T6162] page dumped because: kasan: bad access detected [ 31.277621][ T6162] [ 31.278221][ T6162] Memory state around the buggy address: [ 31.279727][ T6162] ffff0000cfc16100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 31.281861][ T6162] ffff0000cfc16180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.283922][ T6162] >ffff0000cfc16200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 31.285973][ T6162] ^ [ 31.287914][ T6162] ffff0000cfc16280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 31.290058][ T6162] ffff0000cfc16300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 31.292187][ T6162] ================================================================== [ 31.294400][ T6162] Disabling lock debugging due to kernel taint