Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts. syzkaller login: [ 40.079945][ T279] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.082082][ T279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.084893][ T5437] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 40.102083][ T279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.104222][ T279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.108098][ T5437] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready executing program [ 40.113181][ T5946] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5946 'syz-executor319' [ 40.119306][ T5946] loop0: detected capacity change from 0 to 190 [ 40.123453][ T5946] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid boot sector checksum. [ 40.127389][ T5946] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 40.129864][ T5946] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 40.132026][ T5946] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 40.135497][ T5946] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 40.139390][ T5946] ntfs: (device loop0): ntfs_external_attr_find(): Base inode 0xa contains corrupt attribute list attribute. Unmount and run chkdsk. [ 40.143014][ T5946] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to lookup $DATA attribute. [ 40.145497][ T5946] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 40.150672][ T5946] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 40.153983][ T5946] ================================================================== [ 40.156124][ T5946] BUG: KASAN: use-after-free in ntfs_read_folio+0x6d4/0x200c [ 40.158048][ T5946] Read of size 1 at addr ffff0000e11f617f by task syz-executor319/5946 [ 40.160289][ T5946] [ 40.160917][ T5946] CPU: 0 PID: 5946 Comm: syz-executor319 Not tainted 6.3.0-rc1-syzkaller-gfe15c26ee26e #0 [ 40.163569][ T5946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 40.166293][ T5946] Call trace: [ 40.167167][ T5946] dump_backtrace+0x1c8/0x1f4 [ 40.168394][ T5946] show_stack+0x2c/0x3c [ 40.169498][ T5946] dump_stack_lvl+0xd0/0x124 [ 40.170681][ T5946] print_report+0x174/0x514 [ 40.171881][ T5946] kasan_report+0xd4/0x130 [ 40.173065][ T5946] kasan_check_range+0x264/0x2a4 [ 40.174359][ T5946] __asan_memcpy+0x48/0x90 [ 40.175544][ T5946] ntfs_read_folio+0x6d4/0x200c [ 40.176877][ T5946] filemap_read_folio+0x14c/0x39c [ 40.178195][ T5946] do_read_cache_folio+0x24c/0x544 [ 40.179576][ T5946] read_cache_page+0x6c/0x180 [ 40.180872][ T5946] load_system_files+0x1e34/0x4734 [ 40.182260][ T5946] ntfs_fill_super+0x14e0/0x2314 [ 40.183589][ T5946] mount_bdev+0x26c/0x368 [ 40.184743][ T5946] ntfs_mount+0x44/0x58 [ 40.185844][ T5946] legacy_get_tree+0xd4/0x16c [ 40.187065][ T5946] vfs_get_tree+0x90/0x274 [ 40.188266][ T5946] do_new_mount+0x25c/0x8c8 [ 40.189469][ T5946] path_mount+0x590/0xe20 [ 40.190629][ T5946] __arm64_sys_mount+0x45c/0x594 [ 40.192027][ T5946] invoke_syscall+0x98/0x2c0 [ 40.193218][ T5946] el0_svc_common+0x138/0x258 [ 40.194454][ T5946] do_el0_svc+0x64/0x198 [ 40.195621][ T5946] el0_svc+0x58/0x168 [ 40.196716][ T5946] el0t_64_sync_handler+0x84/0xf0 [ 40.198033][ T5946] el0t_64_sync+0x190/0x194 [ 40.199244][ T5946] [ 40.199839][ T5946] The buggy address belongs to the physical page: [ 40.201619][ T5946] page:00000000b1c79ae3 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1211f6 [ 40.204355][ T5946] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 40.206232][ T5946] raw: 05ffc00000000000 fffffc0003847848 fffffc0003847d48 0000000000000000 [ 40.208596][ T5946] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 40.210907][ T5946] page dumped because: kasan: bad access detected [ 40.212703][ T5946] [ 40.213357][ T5946] Memory state around the buggy address: [ 40.214963][ T5946] ffff0000e11f6000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.217140][ T5946] ffff0000e11f6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.219393][ T5946] >ffff0000e11f6100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.221474][ T5946] ^ [ 40.223616][ T5946] ffff0000e11f6180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.225845][ T5946] ffff0000e11f6200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.227997][ T5946] ================================================================== [ 40.230296][ T5946] Disabling lock debugging due to kernel taint [ 40.232414][ T5946] ntfs: volume version 3.1. [ 40.233862][ T5946] syz-executor319: attempt to access beyond end of device [ 40.233862][ T5946] loop0: rw=0, sector=2072, nr_sectors = 8 limit=190 [ 40.237541][ T5946] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x103. [ 40.240588][ T5946] syz-executor319: attempt to access beyond end of device [ 40.240588][ T5946] loop0: rw=0, sector=552, nr_sectors = 8 limit=190 [ 40.244746][ T5946] syz-executor319: attempt to access beyond end of device [ 40.244746][ T5946] loop0: rw=0, sector=224, nr_sectors = 8 limit=190