loop0: detected capacity change from 0 to 4096
ntfs: volume version 3.1.
==================================================================
BUG: KASAN: slab-out-of-bounds in generic_test_bit include/asm-generic/bitops/generic-non-atomic.h:128 [inline]
BUG: KASAN: slab-out-of-bounds in NInoAttr fs/ntfs/inode.h:200 [inline]
BUG: KASAN: slab-out-of-bounds in ntfs_test_inode+0x8c/0x29c fs/ntfs/inode.c:55
Read of size 8 at addr ffff0000fa1ffec0 by task syz.0.5085/15460

CPU: 0 PID: 15460 Comm: syz.0.5085 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 print_address_description+0x88/0x218 mm/kasan/report.c:316
 print_report+0x50/0x68 mm/kasan/report.c:420
 kasan_report+0xa8/0x100 mm/kasan/report.c:524
 __asan_report_load8_noabort+0x2c/0x38 mm/kasan/report_generic.c:351
 generic_test_bit include/asm-generic/bitops/generic-non-atomic.h:128 [inline]
 NInoAttr fs/ntfs/inode.h:200 [inline]
 ntfs_test_inode+0x8c/0x29c fs/ntfs/inode.c:55
 find_inode+0x148/0x31c fs/inode.c:960
 ilookup5_nowait fs/inode.c:1515 [inline]
 ilookup5+0xc0/0x1e4 fs/inode.c:1544
 iget5_locked+0x48/0x228 fs/inode.c:1325
 ntfs_iget+0xb4/0x184 fs/ntfs/inode.c:168
 load_and_check_logfile+0x48/0x104 fs/ntfs/super.c:1208
 load_system_files+0x3188/0x4944 fs/ntfs/super.c:1941
 ntfs_fill_super+0x154c/0x2354 fs/ntfs/super.c:2892
 mount_bdev+0x264/0x358 fs/super.c:1443
 ntfs_mount+0x44/0x58 fs/ntfs/super.c:3049
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:632
 vfs_get_tree+0x90/0x274 fs/super.c:1573
 do_new_mount+0x228/0x810 fs/namespace.c:3078
 path_mount+0x5b4/0xe78 fs/namespace.c:3408
 do_mount fs/namespace.c:3421 [inline]
 __do_sys_mount fs/namespace.c:3629 [inline]
 __se_sys_mount fs/namespace.c:3606 [inline]
 __arm64_sys_mount+0x49c/0x584 fs/namespace.c:3606
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Allocated by task 15240:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
 kasan_save_alloc_info+0x28/0x34 mm/kasan/generic.c:505
 __kasan_slab_alloc+0x70/0x88 mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook+0x74/0x43c mm/slab.h:737
 slab_alloc_node mm/slub.c:3359 [inline]
 slab_alloc mm/slub.c:3367 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3374 [inline]
 kmem_cache_alloc_lru+0x1b0/0x298 mm/slub.c:3390
 xas_alloc lib/xarray.c:377 [inline]
 xas_create+0xe6c/0x1350 lib/xarray.c:679
 xas_store+0x8c/0x14e4 lib/xarray.c:789
 shmem_add_to_page_cache+0x780/0xf2c mm/shmem.c:729
 shmem_get_folio_gfp+0xe68/0x2040 mm/shmem.c:1971
 shmem_get_folio mm/shmem.c:2072 [inline]
 shmem_write_begin+0xf4/0x46c mm/shmem.c:2556
 generic_perform_write+0x230/0x4b0 mm/filemap.c:3846
 __generic_file_write_iter+0x168/0x37c mm/filemap.c:3974
 generic_file_write_iter+0xb4/0x2b0 mm/filemap.c:4006
 call_write_iter include/linux/fs.h:2265 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x5ac/0x7c4 fs/read_write.c:584
 ksys_write+0x120/0x210 fs/read_write.c:637
 __do_sys_write fs/read_write.c:649 [inline]
 __se_sys_write fs/read_write.c:646 [inline]
 __arm64_sys_write+0x7c/0x90 fs/read_write.c:646
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

The buggy address belongs to the object at ffff0000fa1ffc80
 which belongs to the cache radix_tree_node of size 576
The buggy address is located 0 bytes to the right of
 576-byte region [ffff0000fa1ffc80, ffff0000fa1ffec0)

The buggy address belongs to the physical page:
page:00000000f20e5719 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13a1fc
head:00000000f20e5719 order:2 compound_mapcount:0 compound_pincount:0
memcg:ffff0000d33da401
flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c000d500
raw: 0000000000000000 0000000000170017 00000001ffffffff ffff0000d33da401
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000fa1ffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000fa1ffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000fa1ffe80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
                                           ^
 ffff0000fa1fff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000fa1fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================