Warning: Permanently added '10.128.0.221' (ED25519) to the list of known hosts. executing program [ 44.680755][ T3969] loop0: detected capacity change from 0 to 4096 [ 44.782226][ T3969] ================================================================== [ 44.784056][ T3969] BUG: KASAN: use-after-free in ntfs_attr_find+0x5a0/0x9e4 [ 44.785641][ T3969] Read of size 2 at addr ffff000189421442 by task syz-executor165/3969 [ 44.787378][ T3969] [ 44.787935][ T3969] CPU: 1 PID: 3969 Comm: syz-executor165 Not tainted 5.15.147-syzkaller #0 [ 44.789865][ T3969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 44.792099][ T3969] Call trace: [ 44.792826][ T3969] dump_backtrace+0x0/0x530 [ 44.793841][ T3969] show_stack+0x2c/0x3c [ 44.794726][ T3969] dump_stack_lvl+0x108/0x170 [ 44.795738][ T3969] print_address_description+0x7c/0x3f0 [ 44.796971][ T3969] kasan_report+0x174/0x1e4 [ 44.797954][ T3969] __asan_report_load_n_noabort+0x40/0x4c [ 44.799259][ T3969] ntfs_attr_find+0x5a0/0x9e4 [ 44.800326][ T3969] ntfs_attr_lookup+0x3e0/0x1cf0 [ 44.801486][ T3969] ntfs_read_locked_inode+0x880/0x38f0 [ 44.802641][ T3969] ntfs_iget+0x110/0x19c [ 44.803528][ T3969] load_system_files+0xe0/0x4228 [ 44.804624][ T3969] ntfs_fill_super+0x1670/0x24e8 [ 44.805770][ T3969] mount_bdev+0x274/0x370 [ 44.806737][ T3969] ntfs_mount+0x44/0x58 [ 44.807665][ T3969] legacy_get_tree+0xd4/0x16c [ 44.808716][ T3969] vfs_get_tree+0x90/0x274 [ 44.809737][ T3969] do_new_mount+0x25c/0x8c4 [ 44.810761][ T3969] path_mount+0x594/0x101c [ 44.811768][ T3969] __arm64_sys_mount+0x510/0x5e0 [ 44.812963][ T3969] invoke_syscall+0x98/0x2b8 [ 44.814051][ T3969] el0_svc_common+0x138/0x258 [ 44.815113][ T3969] do_el0_svc+0x58/0x14c [ 44.815993][ T3969] el0_svc+0x7c/0x1f0 [ 44.816842][ T3969] el0t_64_sync_handler+0x84/0xe4 [ 44.817996][ T3969] el0t_64_sync+0x1a0/0x1a4 [ 44.819038][ T3969] [ 44.819569][ T3969] The buggy address belongs to the page: [ 44.820767][ T3969] page:00000000dcecdb73 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1c9421 [ 44.823157][ T3969] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 44.824776][ T3969] raw: 05ffc00000000000 fffffc0005a02408 ffff0001b482b920 0000000000000000 [ 44.826667][ T3969] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 44.828507][ T3969] page dumped because: kasan: bad access detected [ 44.829954][ T3969] [ 44.830440][ T3969] Memory state around the buggy address: [ 44.831595][ T3969] ffff000189421300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.833492][ T3969] ffff000189421380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.835060][ T3969] >ffff000189421400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.836806][ T3969] ^ [ 44.838143][ T3969] ffff000189421480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.840024][ T3969] ffff000189421500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.841790][ T3969] ================================================================== [ 44.843631][ T3969] Disabling lock debugging due to kernel taint [ 44.845103][ T3969] ntfs: (device loop0): ntfs_is_extended_system_file(): Inode hard link count doesn't match number of name attributes. You should run chkdsk. [ 44.848222][ T3969] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. [ 44.850253][ T3969] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 44.853111][ T3969] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 44.856629][ T3969] ntfs: (device loop0): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 44.858700][ T3969] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 44.860584][ T3969] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 44.863457][ T3969] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 44.866444][ T3969] attempt to access beyond end of device [ 44.866444][ T3969] loop0: rw=0, want=32770, limit=4096 [ 44.868805][ T3969] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4000. [ 44.870967][ T3969] attempt to access beyond end of device [ 44.870967][ T3969] loop0: rw=0, want=32772, limit=4096 [ 44.873316][ T3969] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4001. [ 44.875543][ T3969] attempt to access beyond end of device [ 44.875543][ T3969] loop0: rw=0, want=32774, limit=4096 executing program [ 44.999933][ T3971] loop0: detected capacity change from 0 to 4096 [ 45.071991][ T3971] attempt to access beyond end of device [ 45.071991][ T3971] loop0: rw=0, want=32770, limit=4096 [ 45.074450][ T3971] attempt to access beyond end of device [ 45.074450][ T3971] loop0: rw=0, want=32772, limit=4096 [ 45.077098][ T3971] attempt to access beyond end of device [ 45.077098][ T3971] loop0: rw=0, want=32774, limit=4096 executing program [ 45.140961][ T3972] loop0: detected capacity change from 0 to 4096 [ 45.182935][ T3972] attempt to access beyond end of device [ 45.182935][ T3972] loop0: rw=0, want=32770, limit=4096 [ 45.185635][ T3972] attempt to access beyond end of device [ 45.185635][ T3972] loop0: rw=0, want=32772, limit=4096 [ 45.188233][ T3972] attempt to access beyond end of device [ 45.188233][ T3972] loop0: rw=0, want=32774, limit=4096 executing program [ 45.274519][ T3973] loop0: detected capacity change from 0 to 4096 [ 45.332467][ T3973] attempt to access beyond end of device [ 45.332467][ T3973] loop0: rw=0, want=32770, limit=4096 executing program [ 45.421064][ T3974] loop0: detected capacity change from 0 to 4096 executing program [ 45.640630][ T3975] loop0: detected capacity change from 0 to 4096 executing program [ 45.751078][ T3976] loop0: detected capacity change from 0 to 4096 executing program [ 45.901111][ T3977] loop0: detected capacity change from 0 to 4096 executing program [ 46.070845][ T3978] loop0: detected capacity change from 0 to 4096 executing program [ 46.160758][ T3979] loop0: detected capacity change from 0 to 4096 executing program [ 46.251138][ T3980] loop0: detected capacity change from 0 to 4096 executing program [ 46.380674][ T3981] loop0: detected capacity change from 0 to 4096 executing program [ 46.460946][ T3982] loop0: detected capacity change from 0 to 4096 executing program [ 46.621075][ T3983] loop0: detected capacity change from 0 to 4096 executing program [ 46.711154][ T3984] loop0: detected capacity change from 0 to 4096 executing program [ 46.801176][ T3985] loop0: detected capacity change from 0 to 4096 executing program [ 46.991444][ T3986] loop0: detected capacity change from 0 to 4096 executing program [ 47.101636][ T3987] loop0: detected capacity change from 0 to 4096 executing program [ 47.290933][ T3988] loop0: detected capacity change from 0 to 4096 executing program [ 47.441028][ T3989] loop0: detected capacity change from 0 to 4096 executing program [ 47.521149][ T3990] loop0: detected capacity change from 0 to 4096 executing program [ 47.651295][ T3991] loop0: detected capacity change from 0 to 4096 executing program [ 47.711095][ T3992] loop0: detected capacity change from 0 to 4096 executing program [ 47.900939][ T3993] loop0: detected capacity change from 0 to 4096 executing program [ 48.002018][ T3994] loop0: detected capacity change from 0 to 4096 executing program [ 48.121302][ T3995] loop0: detected capacity change from 0 to 4096 executing program [ 48.291263][ T3996] loop0: detected capacity change from 0 to 4096 executing program [ 48.510805][ T3997] loop0: detected capacity change from 0 to 4096 executing program [ 48.651134][ T3998] loop0: detected capacity change from 0 to 4096 executing program [ 48.781546][ T3999] loop0: detected capacity change from 0 to 4096 executing program [ 48.871119][ T4000] loop0: detected capacity change from 0 to 4096 executing program [ 48.971081][ T4001] loop0: detected capacity change from 0 to 4096 executing program [ 49.101049][ T4002] loop0: detected capacity change from 0 to 4096 executing program [ 49.280863][ T4003] loop0: detected capacity change from 0 to 4096 executing program [ 49.371326][ T4004] loop0: detected capacity change from 0 to 4096 executing program [ 49.501704][ T4005] loop0: detected capacity change from 0 to 4096 executing program [ 49.631671][ T4006] loop0: detected capacity change from 0 to 4096 executing program [ 49.741068][ T4007] loop0: detected capacity change from 0 to 4096 executing program [ 49.840818][ T4008] loop0: detected capacity change from 0 to 4096 [ 49.881564][ T4008] __ntfs_error: 484 callbacks suppressed [ 49.881577][ T4008] ntfs: (device loop0): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 49.884692][ T4008] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to lookup attribute list attribute. [ 49.887218][ T4008] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 49.890623][ T4008] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 49.894160][ T4008] ntfs: (device loop0): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 49.896322][ T4008] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 49.898272][ T4008] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 49.901629][ T4008] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 49.904562][ T4008] handle_bad_sector: 104 callbacks suppressed [ 49.904573][ T4008] attempt to access beyond end of device [ 49.904573][ T4008] loop0: rw=0, want=32770, limit=4096 [ 49.920096][ T4008] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4000. [ 49.922452][ T4008] attempt to access beyond end of device [ 49.922452][ T4008] loop0: rw=0, want=32772, limit=4096 [ 49.924860][ T4008] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4001. [ 49.927385][ T4008] attempt to access beyond end of device [ 49.927385][ T4008] loop0: rw=0, want=32774, limit=4096 executing program [ 49.960986][ T4009] loop0: detected capacity change from 0 to 4096 [ 50.002066][ T4009] attempt to access beyond end of device [ 50.002066][ T4009] loop0: rw=0, want=32770, limit=4096 [ 50.004643][ T4009] attempt to access beyond end of device [ 50.004643][ T4009] loop0: rw=0, want=32772, limit=4096 [ 50.007253][ T4009] attempt to access beyond end of device [ 50.007253][ T4009] loop0: rw=0, want=32774, limit=4096 executing program [ 50.051359][ T4010] loop0: detected capacity change from 0 to 4096 [ 50.093489][ T4010] attempt to access beyond end of device [ 50.093489][ T4010] loop0: rw=0, want=32770, limit=4096 [ 50.096079][ T4010] attempt to access beyond end of device [ 50.096079][ T4010] loop0: rw=0, want=32772, limit=4096 [ 50.098672][ T4010] attempt to access beyond end of device [ 50.098672][ T4010] loop0: rw=0, want=32774, limit=4096 executing program [ 50.168442][ T4011] loop0: detected capacity change from 0 to 4096 [ 50.173732][ T4011] attempt to access beyond end of device [ 50.173732][ T4011] loop0: rw=0, want=32770, limit=4096 executing program [ 50.271282][ T4012] loop0: detected capacity change from 0 to 4096 executing program [ 50.391366][ T4013] loop0: detected capacity change from 0 to 4096 executing program [ 50.511261][ T4014] loop0: detected capacity change from 0 to 4096 executing program [ 50.741353][ T4015] loop0: detected capacity change from 0 to 4096 executing program [ 50.820821][ T4016] loop0: detected capacity change from 0 to 4096 executing program [ 50.961125][ T4017] loop0: detected capacity change from 0 to 4096 executing program [ 51.150868][ T4018] loop0: detected capacity change from 0 to 4096 executing program [ 51.301616][ T4019] loop0: detected capacity change from 0 to 4096 executing program [ 51.500805][ T4020] loop0: detected capacity change from 0 to 4096 executing program [ 51.591177][ T4021] loop0: detected capacity change from 0 to 4096 executing program [ 51.771505][ T4022] loop0: detected capacity change from 0 to 4096 executing program [ 51.901160][ T4023] loop0: detected capacity change from 0 to 4096 executing program [ 52.071697][ T4024] loop0: detected capacity change from 0 to 4096 executing program [ 52.220997][ T4025] loop0: detected capacity change from 0 to 4096 executing program [ 52.311189][ T4026] loop0: detected capacity change from 0 to 4096 executing program [ 52.481277][ T4027] loop0: detected capacity change from 0 to 4096 executing program [ 52.571095][ T4028] loop0: detected capacity change from 0 to 4096 executing program [ 52.671207][ T4029] loop0: detected capacity change from 0 to 4096 executing program [ 52.860732][ T4030] loop0: detected capacity change from 0 to 4096 executing program [ 52.940899][ T4031] loop0: detected capacity change from 0 to 4096 executing program [ 53.130914][ T4032] loop0: detected capacity change from 0 to 4096 executing program [ 53.251217][ T4033] loop0: detected capacity change from 0 to 4096 executing program [ 53.400670][ T4034] loop0: detected capacity change from 0 to 4096 executing program [ 53.491239][ T4035] loop0: detected capacity change from 0 to 4096 executing program [ 53.621997][ T4036] loop0: detected capacity change from 0 to 4096 executing program [ 53.821219][ T4037] loop0: detected capacity change from 0 to 4096 executing program [ 53.961054][ T4038] loop0: detected capacity change from 0 to 4096 executing program [ 54.050758][ T4039] loop0: detected capacity change from 0 to 4096 executing program [ 54.171107][ T4040] loop0: detected capacity change from 0 to 4096 executing program [ 54.281245][ T4041] loop0: detected capacity change from 0 to 4096 executing program [ 54.401351][ T4042] loop0: detected capacity change from 0 to 4096 executing program [ 54.491270][ T4043] loop0: detected capacity change from 0 to 4096 executing program [ 54.661319][ T4044] loop0: detected capacity change from 0 to 4096 executing program [ 54.761123][ T4045] loop0: detected capacity change from 0 to 4096