Warning: Permanently added '10.128.1.125' (ED25519) to the list of known hosts. executing program syzkaller login: [ 35.628459][ T4222] loop0: detected capacity change from 0 to 4096 [ 35.634067][ T4222] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 35.637084][ T4222] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 35.640644][ T4222] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 35.644332][ T4222] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 35.647822][ T4222] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 35.651617][ T4222] ntfs: volume version 3.1. [ 35.654371][ T4222] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 35.657406][ T4222] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 35.661091][ T4222] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 35.664081][ T4222] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 35.666816][ T4222] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 35.672671][ T4222] ================================================================== [ 35.674656][ T4222] BUG: KASAN: use-after-free in ntfs_read_folio+0x6c0/0x1d70 [ 35.676459][ T4222] Read of size 285212680 at addr ffff0000e2ec8a9a by task syz-executor264/4222 [ 35.678515][ T4222] [ 35.679056][ T4222] CPU: 1 PID: 4222 Comm: syz-executor264 Not tainted 6.1.90-syzkaller #0 [ 35.681058][ T4222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.683533][ T4222] Call trace: [ 35.684290][ T4222] dump_backtrace+0x1c8/0x1f4 [ 35.685431][ T4222] show_stack+0x2c/0x3c [ 35.686458][ T4222] dump_stack_lvl+0x108/0x170 [ 35.687668][ T4222] print_report+0x174/0x4c0 [ 35.688925][ T4222] kasan_report+0xd4/0x130 [ 35.690065][ T4222] kasan_check_range+0x264/0x2a4 [ 35.691411][ T4222] memcpy+0x48/0x90 [ 35.692329][ T4222] ntfs_read_folio+0x6c0/0x1d70 [ 35.693456][ T4222] filemap_read_folio+0x14c/0x39c [ 35.694624][ T4222] do_read_cache_folio+0x24c/0x544 [ 35.695827][ T4222] read_cache_page+0x6c/0x180 [ 35.697121][ T4222] ntfs_readdir+0x564/0x2be8 [ 35.698212][ T4222] iterate_dir+0x1f4/0x4e4 [ 35.699218][ T4222] __arm64_sys_getdents64+0x1c4/0x4a0 [ 35.700518][ T4222] invoke_syscall+0x98/0x2c0 [ 35.701600][ T4222] el0_svc_common+0x138/0x258 [ 35.702666][ T4222] do_el0_svc+0x64/0x218 [ 35.703710][ T4222] el0_svc+0x58/0x168 [ 35.704656][ T4222] el0t_64_sync_handler+0x84/0xf0 [ 35.705943][ T4222] el0t_64_sync+0x18c/0x190 [ 35.707002][ T4222] [ 35.707571][ T4222] The buggy address belongs to the physical page: [ 35.709008][ T4222] page:000000001cb9128d refcount:3 mapcount:0 mapping:00000000615e5686 index:0x2 pfn:0x122ec8 [ 35.711283][ T4222] memcg:ffff0000c0940000 [ 35.712272][ T4222] aops:ntfs_mst_aops ino:0 [ 35.713389][ T4222] flags: 0x5ffd60000002056(referenced|uptodate|lru|workingset|private|node=0|zone=2|lastcpupid=0x7ff) [ 35.715998][ T4222] raw: 05ffd60000002056 fffffc0003819448 fffffc00037d1148 ffff0000e2468548 [ 35.718033][ T4222] raw: 0000000000000002 ffff0000e250d3a0 00000003ffffffff ffff0000c0940000 [ 35.720055][ T4222] page dumped because: kasan: bad access detected [ 35.721625][ T4222] [ 35.722205][ T4222] Memory state around the buggy address: [ 35.723434][ T4222] ffff0000e2ed0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.725356][ T4222] ffff0000e2ed0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.727260][ T4222] >ffff0000e2ed1000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.729310][ T4222] ^ [ 35.730347][ T4222] ffff0000e2ed1080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.732213][ T4222] ffff0000e2ed1100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.734145][ T4222] ================================================================== [ 35.736360][ T4222] Disabling lock debugging due to kernel taint