Warning: Permanently added '10.128.0.154' (ED25519) to the list of known hosts. executing program [ 32.943073][ T6162] loop0: detected capacity change from 0 to 4096 [ 32.948974][ T6162] ntfs: (device loop0): check_mft_mirror(): Incomplete multi sector transfer detected in mft mirror record 0. [ 32.951932][ T6162] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 32.955594][ T6162] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 32.959706][ T6162] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 32.963198][ T6162] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 32.966863][ T6162] ntfs: volume version 3.1. [ 32.969405][ T6162] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 32.972509][ T6162] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 32.976334][ T6162] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 32.979679][ T6162] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 32.982762][ T6162] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 32.988633][ T6162] ================================================================== [ 32.990652][ T6162] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xb00/0x2bf0 [ 32.992540][ T6162] Read of size 1 at addr ffff0000d03719f1 by task syz-executor906/6162 [ 32.994641][ T6162] [ 32.995242][ T6162] CPU: 0 PID: 6162 Comm: syz-executor906 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 32.997822][ T6162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 33.000577][ T6162] Call trace: [ 33.001420][ T6162] dump_backtrace+0x1b8/0x1e4 [ 33.002719][ T6162] show_stack+0x2c/0x3c [ 33.003913][ T6162] dump_stack_lvl+0xd0/0x124 [ 33.005211][ T6162] print_report+0x178/0x518 [ 33.006439][ T6162] kasan_report+0xd8/0x138 [ 33.007644][ T6162] __asan_report_load1_noabort+0x20/0x2c [ 33.009209][ T6162] ntfs_readdir+0xb00/0x2bf0 [ 33.010450][ T6162] wrap_directory_iterator+0xa8/0xf4 [ 33.011909][ T6162] shared_ntfs_readdir+0x30/0x40 [ 33.013264][ T6162] iterate_dir+0x3f8/0x580 [ 33.014486][ T6162] __arm64_sys_getdents64+0x1c4/0x4a0 [ 33.015880][ T6162] invoke_syscall+0x98/0x2b8 [ 33.017121][ T6162] el0_svc_common+0x130/0x23c [ 33.018330][ T6162] do_el0_svc+0x48/0x58 [ 33.019430][ T6162] el0_svc+0x54/0x168 [ 33.020495][ T6162] el0t_64_sync_handler+0x84/0xfc [ 33.021916][ T6162] el0t_64_sync+0x190/0x194 [ 33.023184][ T6162] [ 33.023832][ T6162] Allocated by task 6162: [ 33.024987][ T6162] kasan_save_track+0x40/0x78 [ 33.026274][ T6162] kasan_save_alloc_info+0x40/0x50 [ 33.027614][ T6162] __kasan_kmalloc+0xac/0xc4 [ 33.028845][ T6162] __kmalloc+0x2bc/0x5d4 [ 33.029969][ T6162] ntfs_readdir+0x65c/0x2bf0 [ 33.031218][ T6162] wrap_directory_iterator+0xa8/0xf4 [ 33.032631][ T6162] shared_ntfs_readdir+0x30/0x40 [ 33.033989][ T6162] iterate_dir+0x3f8/0x580 [ 33.035150][ T6162] __arm64_sys_getdents64+0x1c4/0x4a0 [ 33.036610][ T6162] invoke_syscall+0x98/0x2b8 [ 33.037833][ T6162] el0_svc_common+0x130/0x23c [ 33.039081][ T6162] do_el0_svc+0x48/0x58 [ 33.040133][ T6162] el0_svc+0x54/0x168 [ 33.041201][ T6162] el0t_64_sync_handler+0x84/0xfc [ 33.042509][ T6162] el0t_64_sync+0x190/0x194 [ 33.043660][ T6162] [ 33.044276][ T6162] The buggy address belongs to the object at ffff0000d0371980 [ 33.044276][ T6162] which belongs to the cache kmalloc-64 of size 64 [ 33.048043][ T6162] The buggy address is located 57 bytes to the right of [ 33.048043][ T6162] allocated 56-byte region [ffff0000d0371980, ffff0000d03719b8) [ 33.051938][ T6162] [ 33.052537][ T6162] The buggy address belongs to the physical page: [ 33.054277][ T6162] page:0000000083407c63 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0000d0371780 pfn:0x110371 [ 33.057354][ T6162] flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff) [ 33.059429][ T6162] page_type: 0xffffffff() [ 33.060614][ T6162] raw: 05ffc00000000800 ffff0000c0001640 fffffdffc33d9380 dead000000000006 [ 33.062959][ T6162] raw: ffff0000d0371780 0000000080200017 00000001ffffffff 0000000000000000 [ 33.065276][ T6162] page dumped because: kasan: bad access detected [ 33.066951][ T6162] [ 33.067614][ T6162] Memory state around the buggy address: [ 33.069154][ T6162] ffff0000d0371880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.071316][ T6162] ffff0000d0371900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.073505][ T6162] >ffff0000d0371980: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 33.075667][ T6162] ^ [ 33.077737][ T6162] ffff0000d0371a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.079898][ T6162] ffff0000d0371a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.082007][ T6162] ================================================================== [ 33.084339][ T6162] Disabling lock debugging due to kernel taint