Warning: Permanently added '10.128.0.230' (ED25519) to the list of known hosts. executing program syzkaller login: [ 34.075237][ T4220] loop0: detected capacity change from 0 to 4096 [ 34.081749][ T4220] ntfs: (device loop0): check_mft_mirror(): Incomplete multi sector transfer detected in mft mirror record 0. [ 34.084816][ T4220] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 34.088481][ T4220] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 34.092008][ T4220] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 34.095435][ T4220] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 34.099071][ T4220] ntfs: volume version 3.1. [ 34.101959][ T4220] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 34.105040][ T4220] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 34.108654][ T4220] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 34.111808][ T4220] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 34.114671][ T4220] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 34.120195][ T4220] ================================================================== [ 34.122283][ T4220] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xb00/0x2be8 [ 34.124256][ T4220] Read of size 1 at addr ffff0000c3eec171 by task syz-executor227/4220 [ 34.126484][ T4220] [ 34.127100][ T4220] CPU: 1 PID: 4220 Comm: syz-executor227 Not tainted 6.1.82-syzkaller #0 [ 34.129234][ T4220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 34.131894][ T4220] Call trace: [ 34.132709][ T4220] dump_backtrace+0x1c8/0x1f4 [ 34.133980][ T4220] show_stack+0x2c/0x3c [ 34.135039][ T4220] dump_stack_lvl+0x108/0x170 [ 34.136308][ T4220] print_report+0x174/0x4c0 [ 34.137471][ T4220] kasan_report+0xd4/0x130 [ 34.138650][ T4220] __asan_report_load1_noabort+0x2c/0x38 [ 34.140105][ T4220] ntfs_readdir+0xb00/0x2be8 [ 34.141304][ T4220] iterate_dir+0x1f4/0x4e4 [ 34.142414][ T4220] __arm64_sys_getdents64+0x1c4/0x4a0 [ 34.143743][ T4220] invoke_syscall+0x98/0x2c0 [ 34.144911][ T4220] el0_svc_common+0x138/0x258 [ 34.146159][ T4220] do_el0_svc+0x64/0x218 [ 34.147255][ T4220] el0_svc+0x58/0x168 [ 34.148319][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 34.149620][ T4220] el0t_64_sync+0x18c/0x190 [ 34.150790][ T4220] [ 34.151419][ T4220] Allocated by task 4220: [ 34.152531][ T4220] kasan_set_track+0x4c/0x80 [ 34.153659][ T4220] kasan_save_alloc_info+0x24/0x30 [ 34.154958][ T4220] __kasan_kmalloc+0xac/0xc4 [ 34.156084][ T4220] __kmalloc+0xd8/0x1c4 [ 34.157166][ T4220] ntfs_readdir+0x65c/0x2be8 [ 34.158339][ T4220] iterate_dir+0x1f4/0x4e4 [ 34.159468][ T4220] __arm64_sys_getdents64+0x1c4/0x4a0 [ 34.160861][ T4220] invoke_syscall+0x98/0x2c0 [ 34.161968][ T4220] el0_svc_common+0x138/0x258 [ 34.163133][ T4220] do_el0_svc+0x64/0x218 [ 34.164244][ T4220] el0_svc+0x58/0x168 [ 34.165311][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 34.166671][ T4220] el0t_64_sync+0x18c/0x190 [ 34.167786][ T4220] [ 34.168382][ T4220] The buggy address belongs to the object at ffff0000c3eec100 [ 34.168382][ T4220] which belongs to the cache kmalloc-128 of size 128 [ 34.172075][ T4220] The buggy address is located 113 bytes inside of [ 34.172075][ T4220] 128-byte region [ffff0000c3eec100, ffff0000c3eec180) [ 34.175462][ T4220] [ 34.176080][ T4220] The buggy address belongs to the physical page: [ 34.177676][ T4220] page:00000000a6c1bd03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eec [ 34.180383][ T4220] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 34.182361][ T4220] raw: 05ffc00000000200 0000000000000000 dead000000000001 ffff0000c0002300 [ 34.184585][ T4220] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 34.186728][ T4220] page dumped because: kasan: bad access detected [ 34.188358][ T4220] [ 34.188988][ T4220] Memory state around the buggy address: [ 34.190433][ T4220] ffff0000c3eec000: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.192648][ T4220] ffff0000c3eec080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.194718][ T4220] >ffff0000c3eec100: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 34.196855][ T4220] ^ [ 34.198835][ T4220] ffff0000c3eec180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.200963][ T4220] ffff0000c3eec200: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.203065][ T4220] ================================================================== [ 34.206093][ T4220] Disabling lock debugging due to kernel taint