loop0: detected capacity change from 0 to 4096 ntfs: volume version 3.1. ================================================================== BUG: KASAN: use-after-free in sle64_to_cpup fs/ntfs/endian.h:46 [inline] BUG: KASAN: use-after-free in ntfs_lookup_inode_by_name+0xb28/0x2824 fs/ntfs/dir.c:292 Read of size 8 at addr ffff0000e23cb55a by task syz-executor199/4218 CPU: 1 PID: 4218 Comm: syz-executor199 Not tainted 6.1.28-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x174/0x4c0 mm/kasan/report.c:395 kasan_report+0xd4/0x130 mm/kasan/report.c:495 __asan_report_load8_noabort+0x2c/0x38 mm/kasan/report_generic.c:351 sle64_to_cpup fs/ntfs/endian.h:46 [inline] ntfs_lookup_inode_by_name+0xb28/0x2824 fs/ntfs/dir.c:292 check_windows_hibernation_status+0xe4/0x630 fs/ntfs/super.c:1274 load_system_files+0x3494/0x4734 fs/ntfs/super.c:1989 ntfs_fill_super+0x14e0/0x2314 fs/ntfs/super.c:2892 mount_bdev+0x26c/0x368 fs/super.c:1423 ntfs_mount+0x44/0x58 fs/ntfs/super.c:3049 legacy_get_tree+0xd4/0x16c fs/fs_context.c:610 vfs_get_tree+0x90/0x274 fs/super.c:1553 do_new_mount+0x25c/0x8c8 fs/namespace.c:3040 path_mount+0x590/0xe58 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 The buggy address belongs to the physical page: page:000000007d476225 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1223cb flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000000000 fffffc000388f308 fffffc000388f288 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000e23cb400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff0000e23cb480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff0000e23cb500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff0000e23cb580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff0000e23cb600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ntfs: (device loop0): ntfs_lookup_inode_by_name(): Directory index record with vcn 0xffffffffffffffff is corrupt. Corrupt inode 0x5. Run chkdsk. ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. ------------[ cut here ]------------ kernel BUG at fs/inode.c:611! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 4218 Comm: syz-executor199 Tainted: G B 6.1.28-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : clear_inode+0x124/0x148 fs/inode.c:611 lr : clear_inode+0x124/0x148 fs/inode.c:611 sp : ffff80001db77730 x29: ffff80001db77730 x28: 1fffe0001c4a88dd x27: dfff800000000000 x26: 1fffe0001c4a88db x25: 1fffe0001c4a88a9 x24: dfff800000000000 x23: ffff80000961147c x22: dfff800000000000 x21: 0000000000000001 x20: ffff0000e2544750 x19: ffff0000e2544520 x18: 0000000000000140 x17: ffff80001558d000 x16: ffff80000831de80 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000406 x12: ffff700003b6eecc x11: ff80800008aa2c14 x10: 0000000000000000 x9 : ffff800008aa2c14 x8 : ffff0000c4ab3780 x7 : 0000000000000000 x6 : ffff800008aa2b24 x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80000831dfb0 x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000 Call trace: clear_inode+0x124/0x148 fs/inode.c:611 ntfs_evict_big_inode+0x44/0x41c fs/ntfs/inode.c:2252 evict+0x260/0x68c fs/inode.c:664 iput_final fs/inode.c:1747 [inline] iput+0x7c0/0x8a4 fs/inode.c:1773 ntfs_put_super+0x82c/0xe28 fs/ntfs/super.c:2356 generic_shutdown_super+0x130/0x328 fs/super.c:501 kill_block_super+0x70/0xdc fs/super.c:1450 deactivate_locked_super+0xac/0x124 fs/super.c:332 deactivate_super+0xf0/0x110 fs/super.c:363 cleanup_mnt+0x394/0x41c fs/namespace.c:1186 __cleanup_mnt+0x20/0x30 fs/namespace.c:1193 task_work_run+0x240/0x2f0 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x554/0x1a88 kernel/exit.c:869 do_group_exit+0x194/0x22c kernel/exit.c:1019 __do_sys_exit_group kernel/exit.c:1030 [inline] __se_sys_exit_group kernel/exit.c:1028 [inline] __wake_up_parent+0x0/0x60 kernel/exit.c:1028 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 Code: a8c47bfd d50323bf d65f03c0 97e95fac (d4210000) ---[ end trace 0000000000000000 ]---