Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts. executing program [ 36.651474][ T3959] loop0: detected capacity change from 0 to 4096 [ 36.729832][ T3959] ntfs: (device loop0): check_mft_mirror(): Incomplete multi sector transfer detected in mft mirror record 0. [ 36.732785][ T3959] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 36.735920][ T3959] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 36.739095][ T3959] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 36.742283][ T3959] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 36.748406][ T3959] ntfs: volume version 3.1. [ 36.751087][ T3959] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 36.754019][ T3959] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 36.757764][ T3959] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 36.760315][ T3959] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 36.762934][ T3959] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 36.768588][ T3959] ================================================================== [ 36.770609][ T3959] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xb60/0x2748 [ 36.772352][ T3959] Read of size 1 at addr ffff0000d181c671 by task syz-executor395/3959 [ 36.774296][ T3959] [ 36.774749][ T3959] CPU: 1 PID: 3959 Comm: syz-executor395 Not tainted 5.15.152-syzkaller #0 [ 36.776766][ T3959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 36.779001][ T3959] Call trace: [ 36.779749][ T3959] dump_backtrace+0x0/0x530 [ 36.780847][ T3959] show_stack+0x2c/0x3c [ 36.781783][ T3959] dump_stack_lvl+0x108/0x170 [ 36.782884][ T3959] print_address_description+0x7c/0x3f0 [ 36.784232][ T3959] kasan_report+0x174/0x1e4 [ 36.785236][ T3959] __asan_report_load1_noabort+0x44/0x50 [ 36.786657][ T3959] ntfs_readdir+0xb60/0x2748 [ 36.787727][ T3959] iterate_dir+0x1f4/0x4e4 [ 36.788763][ T3959] __arm64_sys_getdents64+0x1c4/0x4c4 [ 36.790017][ T3959] invoke_syscall+0x98/0x2b8 [ 36.791107][ T3959] el0_svc_common+0x138/0x258 [ 36.792178][ T3959] do_el0_svc+0x58/0x14c [ 36.793130][ T3959] el0_svc+0x7c/0x1f0 [ 36.794008][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 36.795143][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 36.796101][ T3959] [ 36.796570][ T3959] Allocated by task 3959: [ 36.797514][ T3959] ____kasan_kmalloc+0xbc/0xfc [ 36.798525][ T3959] __kasan_kmalloc+0x10/0x1c [ 36.799605][ T3959] __kmalloc+0x29c/0x4c8 [ 36.800599][ T3959] ntfs_readdir+0x66c/0x2748 [ 36.801599][ T3959] iterate_dir+0x1f4/0x4e4 [ 36.802572][ T3959] __arm64_sys_getdents64+0x1c4/0x4c4 [ 36.803860][ T3959] invoke_syscall+0x98/0x2b8 [ 36.804891][ T3959] el0_svc_common+0x138/0x258 [ 36.805846][ T3959] do_el0_svc+0x58/0x14c [ 36.806784][ T3959] el0_svc+0x7c/0x1f0 [ 36.807667][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 36.808768][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 36.809782][ T3959] [ 36.810280][ T3959] The buggy address belongs to the object at ffff0000d181c600 [ 36.810280][ T3959] which belongs to the cache kmalloc-128 of size 128 [ 36.813447][ T3959] The buggy address is located 113 bytes inside of [ 36.813447][ T3959] 128-byte region [ffff0000d181c600, ffff0000d181c680) [ 36.816556][ T3959] The buggy address belongs to the page: [ 36.817817][ T3959] page:000000002ebe0c44 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11181c [ 36.820077][ T3959] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 36.822020][ T3959] raw: 05ffc00000000200 fffffc00035acfc0 0000000300000003 ffff0000c0002300 [ 36.823984][ T3959] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 36.825933][ T3959] page dumped because: kasan: bad access detected [ 36.827484][ T3959] [ 36.828030][ T3959] Memory state around the buggy address: [ 36.829254][ T3959] ffff0000d181c500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.831119][ T3959] ffff0000d181c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.832972][ T3959] >ffff0000d181c600: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 36.834777][ T3959] ^ [ 36.836587][ T3959] ffff0000d181c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.838420][ T3959] ffff0000d181c700: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 36.840275][ T3959] ================================================================== [ 36.842050][ T3959] Disabling lock debugging due to kernel taint