Warning: Permanently added '10.128.0.238' (ED25519) to the list of known hosts. executing program [ 30.829934][ T6164] loop0: detected capacity change from 0 to 4096 [ 30.835794][ T6164] ntfs: (device loop0): check_mft_mirror(): Incomplete multi sector transfer detected in mft mirror record 0. [ 30.838810][ T6164] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 30.842490][ T6164] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 30.845671][ T6164] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 30.849153][ T6164] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 30.852897][ T6164] ntfs: volume version 3.1. [ 30.855020][ T6164] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 30.858113][ T6164] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 30.861726][ T6164] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 30.864583][ T6164] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 30.867510][ T6164] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 30.872535][ T6164] ================================================================== [ 30.874547][ T6164] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xb00/0x2bf0 [ 30.876558][ T6164] Read of size 1 at addr ffff0000c3d78971 by task syz-executor218/6164 [ 30.878680][ T6164] [ 30.879258][ T6164] CPU: 1 PID: 6164 Comm: syz-executor218 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 30.881953][ T6164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 30.884678][ T6164] Call trace: [ 30.885539][ T6164] dump_backtrace+0x1b8/0x1e4 [ 30.886760][ T6164] show_stack+0x2c/0x3c [ 30.887839][ T6164] dump_stack_lvl+0xd0/0x124 [ 30.889057][ T6164] print_report+0x178/0x518 [ 30.890264][ T6164] kasan_report+0xd8/0x138 [ 30.891430][ T6164] __asan_report_load1_noabort+0x20/0x2c [ 30.892847][ T6164] ntfs_readdir+0xb00/0x2bf0 [ 30.894088][ T6164] wrap_directory_iterator+0xa8/0xf4 [ 30.895508][ T6164] shared_ntfs_readdir+0x30/0x40 [ 30.896792][ T6164] iterate_dir+0x3f8/0x580 [ 30.897933][ T6164] __arm64_sys_getdents64+0x1c4/0x4a0 [ 30.899305][ T6164] invoke_syscall+0x98/0x2b8 [ 30.900499][ T6164] el0_svc_common+0x130/0x23c [ 30.901716][ T6164] do_el0_svc+0x48/0x58 [ 30.902890][ T6164] el0_svc+0x54/0x168 [ 30.903922][ T6164] el0t_64_sync_handler+0x84/0xfc [ 30.905229][ T6164] el0t_64_sync+0x190/0x194 [ 30.906375][ T6164] [ 30.906990][ T6164] Allocated by task 6164: [ 30.908156][ T6164] kasan_save_track+0x40/0x78 [ 30.909442][ T6164] kasan_save_alloc_info+0x40/0x50 [ 30.910773][ T6164] __kasan_kmalloc+0xac/0xc4 [ 30.912003][ T6164] __kmalloc+0x2bc/0x5d4 [ 30.913128][ T6164] ntfs_readdir+0x65c/0x2bf0 [ 30.914360][ T6164] wrap_directory_iterator+0xa8/0xf4 [ 30.915741][ T6164] shared_ntfs_readdir+0x30/0x40 [ 30.917025][ T6164] iterate_dir+0x3f8/0x580 [ 30.918208][ T6164] __arm64_sys_getdents64+0x1c4/0x4a0 [ 30.919574][ T6164] invoke_syscall+0x98/0x2b8 [ 30.920722][ T6164] el0_svc_common+0x130/0x23c [ 30.921962][ T6164] do_el0_svc+0x48/0x58 [ 30.923090][ T6164] el0_svc+0x54/0x168 [ 30.924131][ T6164] el0t_64_sync_handler+0x84/0xfc [ 30.925504][ T6164] el0t_64_sync+0x190/0x194 [ 30.926710][ T6164] [ 30.927309][ T6164] The buggy address belongs to the object at ffff0000c3d78900 [ 30.927309][ T6164] which belongs to the cache kmalloc-64 of size 64 [ 30.930954][ T6164] The buggy address is located 57 bytes to the right of [ 30.930954][ T6164] allocated 56-byte region [ffff0000c3d78900, ffff0000c3d78938) [ 30.934627][ T6164] [ 30.935219][ T6164] The buggy address belongs to the physical page: [ 30.936780][ T6164] page:000000000f25687d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d78 [ 30.939408][ T6164] flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff) [ 30.941390][ T6164] page_type: 0xffffffff() [ 30.942520][ T6164] raw: 05ffc00000000800 ffff0000c0001640 fffffdffc35aa940 dead000000000006 [ 30.944765][ T6164] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 30.947006][ T6164] page dumped because: kasan: bad access detected [ 30.948678][ T6164] [ 30.949278][ T6164] Memory state around the buggy address: [ 30.950774][ T6164] ffff0000c3d78800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.952881][ T6164] ffff0000c3d78880: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.954998][ T6164] >ffff0000c3d78900: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 30.957045][ T6164] ^ [ 30.958908][ T6164] ffff0000c3d78980: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.961028][ T6164] ffff0000c3d78a00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.963064][ T6164] ================================================================== [ 30.965325][ T6164] Disabling lock debugging due to kernel taint