loop4: detected capacity change from 0 to 4096 ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). ntfs3(loop4): $AttrDef is corrupted. BUG: unable to handle page fault for address: fffff52100c86ee7 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 23ffed067 P4D 23ffed067 PUD 0 Oops: Oops: 0002 [#1] SMP KASAN PTI CPU: 1 UID: 0 PID: 6249 Comm: syz.4.49 Tainted: G W 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT_{RT,(full)} Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:__schedule+0x171d/0x4c20 kernel/sched/core.c:6972 Code: 48 89 c7 e8 95 05 a1 f6 31 ff 49 39 de 40 0f 95 c7 e8 e7 0e a1 f6 48 c7 84 24 00 01 00 00 0e 36 e0 45 48 8b 84 24 f8 00 00 00 <4a> c7 04 20 00 00 00 00 4a c7 44 20 09 00 00 00 00 42 c7 44 20 11 RSP: 0018:ffffc90006437640 EFLAGS: 00010202 RAX: 1ffff92000c86ee8 RBX: ffff88801cab1dc0 RCX: 4afcdd36dc68ad00 RDX: 0000000000000000 RSI: ffffffff8b61e260 RDI: ffffffff8b61e220 RBP: ffffc90006437850 R08: ffffffff8efa3c37 R09: 1ffffffff1df4786 R10: dffffc0000000000 R11: fffffbfff1df4787 R12: dffffc00ffffffff R13: 1ffff110171276bf R14: ffff888028f39dc0 R15: ffff88801cab32ec FS: 00007f5225e6e6c0(0000) GS:ffff888126c1e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffff52100c86ee7 CR3: 0000000036ae6000 CR4: 00000000003526f0 Call Trace: preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7145 preempt_schedule+0xae/0xc0 kernel/sched/core.c:7169 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12 percpu_up_read+0x12d/0x140 include/linux/percpu-rwsem.h:134 flock_lock_inode+0xe03/0x1430 fs/locks.c:1138 locks_remove_flock fs/locks.c:2655 [inline] locks_remove_file+0x36b/0xeb0 fs/locks.c:2697 __fput+0x3b4/0xa80 fs/file_table.c:460 fput_close_sync+0x119/0x200 fs/file_table.c:573 __do_sys_close fs/open.c:1587 [inline] __se_sys_close fs/open.c:1572 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1572 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f522800d60a Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 43 91 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 a3 91 02 00 8b 44 24 RSP: 002b:00007f5225e6de50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f522800d60a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000002204014 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000016 R13: 00007f5225e6deb0 R14: 000000000001f886 R15: 0000200000000780 Modules linked in: CR2: fffff52100c86ee7 ---[ end trace 0000000000000000 ]--- RIP: 0010:__schedule+0x171d/0x4c20 kernel/sched/core.c:6972 Code: 48 89 c7 e8 95 05 a1 f6 31 ff 49 39 de 40 0f 95 c7 e8 e7 0e a1 f6 48 c7 84 24 00 01 00 00 0e 36 e0 45 48 8b 84 24 f8 00 00 00 <4a> c7 04 20 00 00 00 00 4a c7 44 20 09 00 00 00 00 42 c7 44 20 11 RSP: 0018:ffffc90006437640 EFLAGS: 00010202 RAX: 1ffff92000c86ee8 RBX: ffff88801cab1dc0 RCX: 4afcdd36dc68ad00 RDX: 0000000000000000 RSI: ffffffff8b61e260 RDI: ffffffff8b61e220 RBP: ffffc90006437850 R08: ffffffff8efa3c37 R09: 1ffffffff1df4786 R10: dffffc0000000000 R11: fffffbfff1df4787 R12: dffffc00ffffffff R13: 1ffff110171276bf R14: ffff888028f39dc0 R15: ffff88801cab32ec FS: 00007f5225e6e6c0(0000) GS:ffff888126c1e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffff52100c86ee7 CR3: 0000000036ae6000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 48 89 c7 mov %rax,%rdi 3: e8 95 05 a1 f6 call 0xf6a1059d 8: 31 ff xor %edi,%edi a: 49 39 de cmp %rbx,%r14 d: 40 0f 95 c7 setne %dil 11: e8 e7 0e a1 f6 call 0xf6a10efd 16: 48 c7 84 24 00 01 00 movq $0x45e0360e,0x100(%rsp) 1d: 00 0e 36 e0 45 22: 48 8b 84 24 f8 00 00 mov 0xf8(%rsp),%rax 29: 00 * 2a: 4a c7 04 20 00 00 00 movq $0x0,(%rax,%r12,1) <-- trapping instruction 31: 00 32: 4a c7 44 20 09 00 00 movq $0x0,0x9(%rax,%r12,1) 39: 00 00 3b: 42 rex.X 3c: c7 .byte 0xc7 3d: 44 20 11 and %r10b,(%rcx)