Warning: Permanently added '10.128.1.80' (ECDSA) to the list of known hosts.
executing program
[   35.454969][ T5967] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5967 'syz-executor273'
[   35.482476][ T5967] loop0: detected capacity change from 0 to 4096
[   35.487498][ T5967] ntfs: (device loop0): ntfs_is_extended_system_file(): Corrupt file name attribute. You should run chkdsk.
[   35.490128][ T5967] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing.
[   35.492241][ T5967] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[   35.495223][ T5967] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[   35.502875][ T5967] ntfs: volume version 3.1.
[   35.505125][ T5967] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory.  Aborting lookup.
[   35.507309][ T5967] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[   35.509755][ T5967] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[   35.515105][ T5967] ==================================================================
[   35.516935][ T5967] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xb00/0x2be8
[   35.518510][ T5967] Read of size 1 at addr ffff0000ccbc0171 by task syz-executor273/5967
[   35.520264][ T5967] 
[   35.520756][ T5967] CPU: 1 PID: 5967 Comm: syz-executor273 Not tainted 6.4.0-rc4-syzkaller-g7579d8f9bf90 #0
[   35.522958][ T5967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   35.525268][ T5967] Call trace:
[   35.526027][ T5967]  dump_backtrace+0x1b8/0x1e4
[   35.527054][ T5967]  show_stack+0x2c/0x44
[   35.527948][ T5967]  dump_stack_lvl+0xd0/0x124
[   35.528984][ T5967]  print_report+0x174/0x514
[   35.529933][ T5967]  kasan_report+0xd4/0x130
[   35.530913][ T5967]  __asan_report_load1_noabort+0x20/0x2c
[   35.532124][ T5967]  ntfs_readdir+0xb00/0x2be8
[   35.533117][ T5967]  iterate_dir+0x1f4/0x4e4
[   35.534061][ T5967]  __arm64_sys_getdents64+0x1c4/0x4a0
[   35.535254][ T5967]  invoke_syscall+0x98/0x2c0
[   35.536246][ T5967]  el0_svc_common+0x138/0x258
[   35.537280][ T5967]  do_el0_svc+0x64/0x198
[   35.538223][ T5967]  el0_svc+0x4c/0x160
[   35.539133][ T5967]  el0t_64_sync_handler+0x84/0xfc
[   35.540203][ T5967]  el0t_64_sync+0x190/0x194
[   35.541193][ T5967] 
[   35.541756][ T5967] Allocated by task 5967:
[   35.542707][ T5967]  kasan_set_track+0x4c/0x7c
[   35.543716][ T5967]  kasan_save_alloc_info+0x24/0x30
[   35.544820][ T5967]  __kasan_kmalloc+0xac/0xc4
[   35.545854][ T5967]  __kmalloc+0xcc/0x1b8
[   35.546767][ T5967]  ntfs_readdir+0x65c/0x2be8
[   35.547795][ T5967]  iterate_dir+0x1f4/0x4e4
[   35.548827][ T5967]  __arm64_sys_getdents64+0x1c4/0x4a0
[   35.549990][ T5967]  invoke_syscall+0x98/0x2c0
[   35.551017][ T5967]  el0_svc_common+0x138/0x258
[   35.552029][ T5967]  do_el0_svc+0x64/0x198
[   35.552960][ T5967]  el0_svc+0x4c/0x160
[   35.553823][ T5967]  el0t_64_sync_handler+0x84/0xfc
[   35.554874][ T5967]  el0t_64_sync+0x190/0x194
[   35.555867][ T5967] 
[   35.556367][ T5967] Last potentially related work creation:
[   35.557603][ T5967]  kasan_save_stack+0x40/0x6c
[   35.558639][ T5967]  __kasan_record_aux_stack+0xcc/0xe8
[   35.559868][ T5967]  kasan_record_aux_stack_noalloc+0x14/0x20
[   35.561168][ T5967]  kvfree_call_rcu+0xa8/0x688
[   35.562222][ T5967]  kernfs_unlink_open_file+0x398/0x448
[   35.563431][ T5967]  kernfs_fop_release+0x130/0x198
[   35.564515][ T5967]  __fput+0x30c/0x7bc
[   35.565397][ T5967]  ____fput+0x20/0x30
[   35.566333][ T5967]  task_work_run+0x230/0x2e0
[   35.567388][ T5967]  do_notify_resume+0x2180/0x3c90
[   35.568473][ T5967]  el0_svc+0x94/0x160
[   35.569356][ T5967]  el0t_64_sync_handler+0x84/0xfc
[   35.570509][ T5967]  el0t_64_sync+0x190/0x194
[   35.571545][ T5967] 
[   35.572073][ T5967] The buggy address belongs to the object at ffff0000ccbc0100
[   35.572073][ T5967]  which belongs to the cache kmalloc-128 of size 128
[   35.575245][ T5967] The buggy address is located 57 bytes to the right of
[   35.575245][ T5967]  allocated 56-byte region [ffff0000ccbc0100, ffff0000ccbc0138)
[   35.578344][ T5967] 
[   35.578856][ T5967] The buggy address belongs to the physical page:
[   35.580254][ T5967] page:00000000e48019e2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cbc0
[   35.582482][ T5967] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   35.584227][ T5967] page_type: 0xffffffff()
[   35.585238][ T5967] raw: 05ffc00000000200 ffff0000c0002300 fffffc000330fd80 dead000000000002
[   35.587106][ T5967] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   35.588984][ T5967] page dumped because: kasan: bad access detected
[   35.590421][ T5967] 
[   35.590974][ T5967] Memory state around the buggy address:
[   35.592200][ T5967]  ffff0000ccbc0000: 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc fc
[   35.593962][ T5967]  ffff0000ccbc0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.595731][ T5967] >ffff0000ccbc0100: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   35.597520][ T5967]                                                              ^
[   35.599223][ T5967]  ffff0000ccbc0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.600980][ T5967]  ffff0000ccbc0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.602772][ T5967] ==================================================================
[   35.604870][ T5967] Disabling lock debugging due to kernel taint