Warning: Permanently added '10.128.0.23' (ED25519) to the list of known hosts. executing program [ 36.818518][ T4291] loop0: detected capacity change from 0 to 4096 [ 36.824413][ T4291] ntfs: (device loop0): check_mft_mirror(): Incomplete multi sector transfer detected in mft mirror record 0. [ 36.826717][ T4291] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 36.829513][ T4291] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 36.831722][ T4291] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 36.835132][ T4291] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 36.838830][ T4291] ntfs: volume version 3.1. [ 36.841019][ T4291] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 36.843899][ T4291] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 36.846843][ T4291] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 36.848942][ T4291] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 36.851053][ T4291] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 36.856073][ T4291] ================================================================== [ 36.857844][ T4291] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xb00/0x2be8 [ 36.859200][ T4291] Read of size 1 at addr ffff0000c8bdc571 by task syz-executor173/4291 [ 36.860677][ T4291] [ 36.861107][ T4291] CPU: 0 PID: 4291 Comm: syz-executor173 Tainted: G W 6.1.122-syzkaller #0 [ 36.862997][ T4291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 36.864950][ T4291] Call trace: [ 36.865527][ T4291] dump_backtrace+0x1c8/0x1f4 [ 36.866486][ T4291] show_stack+0x2c/0x3c [ 36.867326][ T4291] dump_stack_lvl+0x108/0x170 [ 36.868376][ T4291] print_report+0x174/0x4c0 [ 36.869340][ T4291] kasan_report+0xd4/0x130 [ 36.870236][ T4291] __asan_report_load1_noabort+0x2c/0x38 [ 36.871453][ T4291] ntfs_readdir+0xb00/0x2be8 [ 36.872439][ T4291] iterate_dir+0x1f4/0x4ec [ 36.873309][ T4291] __arm64_sys_getdents64+0x1c4/0x4a0 [ 36.874426][ T4291] invoke_syscall+0x98/0x2bc [ 36.875433][ T4291] el0_svc_common+0x138/0x258 [ 36.876586][ T4291] do_el0_svc+0x58/0x13c [ 36.877405][ T4291] el0_svc+0x58/0x168 [ 36.878226][ T4291] el0t_64_sync_handler+0x84/0xf0 [ 36.879315][ T4291] el0t_64_sync+0x18c/0x190 [ 36.880190][ T4291] [ 36.880631][ T4291] Allocated by task 4291: [ 36.881547][ T4291] kasan_set_track+0x4c/0x80 [ 36.882472][ T4291] kasan_save_alloc_info+0x24/0x30 [ 36.883580][ T4291] __kasan_kmalloc+0xac/0xc4 [ 36.884557][ T4291] __kmalloc+0xd8/0x1c4 [ 36.885485][ T4291] ntfs_readdir+0x65c/0x2be8 [ 36.886559][ T4291] iterate_dir+0x1f4/0x4ec [ 36.887545][ T4291] __arm64_sys_getdents64+0x1c4/0x4a0 [ 36.888752][ T4291] invoke_syscall+0x98/0x2bc [ 36.889685][ T4291] el0_svc_common+0x138/0x258 [ 36.890735][ T4291] do_el0_svc+0x58/0x13c [ 36.891646][ T4291] el0_svc+0x58/0x168 [ 36.892503][ T4291] el0t_64_sync_handler+0x84/0xf0 [ 36.893588][ T4291] el0t_64_sync+0x18c/0x190 [ 36.894638][ T4291] [ 36.895096][ T4291] Last potentially related work creation: [ 36.896396][ T4291] kasan_save_stack+0x40/0x70 [ 36.897460][ T4291] __kasan_record_aux_stack+0xcc/0xe8 [ 36.898519][ T4291] kasan_record_aux_stack_noalloc+0x14/0x20 [ 36.899799][ T4291] kvfree_call_rcu+0xb4/0x714 [ 36.900669][ T4291] kernfs_unlink_open_file+0x398/0x448 [ 36.901798][ T4291] kernfs_fop_release+0x130/0x198 [ 36.902828][ T4291] __fput+0x1c8/0x7c8 [ 36.903686][ T4291] ____fput+0x20/0x30 [ 36.904488][ T4291] task_work_run+0x240/0x2f0 [ 36.905318][ T4291] do_notify_resume+0x2080/0x2cb8 [ 36.906485][ T4291] el0_svc+0x9c/0x168 [ 36.907305][ T4291] el0t_64_sync_handler+0x84/0xf0 [ 36.908191][ T4291] el0t_64_sync+0x18c/0x190 [ 36.908981][ T4291] [ 36.909518][ T4291] The buggy address belongs to the object at ffff0000c8bdc500 [ 36.909518][ T4291] which belongs to the cache kmalloc-128 of size 128 [ 36.912379][ T4291] The buggy address is located 113 bytes inside of [ 36.912379][ T4291] 128-byte region [ffff0000c8bdc500, ffff0000c8bdc580) [ 36.914800][ T4291] [ 36.915301][ T4291] The buggy address belongs to the physical page: [ 36.916922][ T4291] page:00000000ad478c7e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108bdc [ 36.918997][ T4291] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 36.920705][ T4291] raw: 05ffc00000000200 fffffc000334d3c0 dead000000000003 ffff0000c0002300 [ 36.922471][ T4291] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 36.924111][ T4291] page dumped because: kasan: bad access detected [ 36.925493][ T4291] [ 36.925981][ T4291] Memory state around the buggy address: [ 36.927129][ T4291] ffff0000c8bdc400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.928731][ T4291] ffff0000c8bdc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.930387][ T4291] >ffff0000c8bdc500: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 36.932014][ T4291] ^ [ 36.933515][ T4291] ffff0000c8bdc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.935348][ T4291] ffff0000c8bdc600: 06 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.937021][ T4291] ================================================================== [ 36.939652][ T4291] Disabling lock debugging due to kernel taint