Warning: Permanently added '10.128.1.34' (ED25519) to the list of known hosts. executing program [ 41.160407][ T4021] loop0: detected capacity change from 0 to 4096 [ 41.250983][ T4021] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 41.254405][ T4021] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 41.258603][ T4021] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 41.261605][ T4021] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 41.265037][ T4021] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 41.269709][ T4021] ntfs: volume version 3.1. [ 41.272551][ T4021] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 41.275975][ T4021] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 41.280418][ T4021] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 41.283392][ T4021] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 41.286430][ T4021] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 41.293988][ T4021] ================================================================== [ 41.296309][ T4021] BUG: KASAN: use-after-free in ntfs_readpage+0x670/0x1d94 [ 41.298257][ T4021] Read of size 285212680 at addr ffff0000da4d9a9a by task syz-executor543/4021 [ 41.300683][ T4021] [ 41.301302][ T4021] CPU: 1 PID: 4021 Comm: syz-executor543 Not tainted 5.15.185-syzkaller #0 [ 41.303592][ T4021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.306402][ T4021] Call trace: [ 41.307289][ T4021] dump_backtrace+0x0/0x43c [ 41.308504][ T4021] show_stack+0x2c/0x3c [ 41.309618][ T4021] __dump_stack+0x30/0x40 [ 41.310764][ T4021] dump_stack_lvl+0xf8/0x160 [ 41.311959][ T4021] print_address_description+0x78/0x30c [ 41.313421][ T4021] kasan_report+0xec/0x15c [ 41.314616][ T4021] kasan_check_range+0x270/0x2b0 [ 41.315945][ T4021] memcpy+0x90/0xe8 [ 41.316990][ T4021] ntfs_readpage+0x670/0x1d94 [ 41.318260][ T4021] do_read_cache_page+0x5f4/0x8f8 [ 41.319635][ T4021] read_cache_page+0x68/0x88 [ 41.320869][ T4021] ntfs_readdir+0x568/0x262c [ 41.322130][ T4021] iterate_dir+0x1f0/0x4cc [ 41.323301][ T4021] __arm64_sys_getdents64+0x11c/0x340 [ 41.324732][ T4021] invoke_syscall+0x98/0x2b8 [ 41.326000][ T4021] el0_svc_common+0x138/0x258 [ 41.327232][ T4021] do_el0_svc+0x58/0x14c [ 41.328381][ T4021] el0_svc+0x78/0x1e0 [ 41.329443][ T4021] el0t_64_sync_handler+0xcc/0xe4 [ 41.330749][ T4021] el0t_64_sync+0x1a0/0x1a4 [ 41.331924][ T4021] [ 41.332531][ T4021] The buggy address belongs to the page: [ 41.334035][ T4021] page:000000006857b11d refcount:3 mapcount:0 mapping:0000000076dadcf6 index:0x2 pfn:0x11a4d9 [ 41.336809][ T4021] memcg:ffff0000c08a4000 [ 41.337947][ T4021] aops:ntfs_mst_aops ino:0 [ 41.339150][ T4021] flags: 0x5ffc00000002036(referenced|uptodate|lru|active|private|node=0|zone=2|lastcpupid=0x7ff) [ 41.342091][ T4021] raw: 05ffc00000002036 fffffc000384ad48 fffffc0003574848 ffff0000deb90548 [ 41.344351][ T4021] raw: 0000000000000002 ffff0000debef658 00000003ffffffff ffff0000c08a4000 [ 41.346689][ T4021] page dumped because: kasan: bad access detected [ 41.348416][ T4021] [ 41.349087][ T4021] Memory state around the buggy address: [ 41.350609][ T4021] ffff0000da4dcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.352748][ T4021] ffff0000da4dcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.354938][ T4021] >ffff0000da4dd000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.357102][ T4021] ^ [ 41.358160][ T4021] ffff0000da4dd080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.360354][ T4021] ffff0000da4dd100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.362502][ T4021] ================================================================== [ 41.364735][ T4021] Disabling lock debugging due to kernel taint