Warning: Permanently added '10.128.0.247' (ECDSA) to the list of known hosts. executing program [ 31.586670] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. [ 31.597222] ntfs: (device loop0): ntfs_is_extended_system_file(): Inode hard link count doesn't match number of name attributes. You should run chkdsk. [ 31.613510] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. [ 31.621918] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 31.634800] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 31.647606] ntfs: (device loop0): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 31.656739] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 31.664258] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 31.676638] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. executing program [ 31.687562] ntfs: (device loop0): map_mft_record_page(): Mft record 0x4 is corrupt. Run chkdsk. [ 31.747557] ================================================================== [ 31.754977] BUG: KASAN: use-after-free in ntfs_read_locked_inode+0x425a/0x5000 [ 31.762342] Read of size 8 at addr ffff88808b8803d5 by task syz-executor224/8003 [ 31.770028] [ 31.771801] CPU: 1 PID: 8003 Comm: syz-executor224 Not tainted 4.14.210-syzkaller #0 [ 31.779682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.789156] Call Trace: [ 31.791768] dump_stack+0x1b2/0x283 [ 31.795407] print_address_description.cold+0x54/0x1d3 [ 31.800689] kasan_report_error.cold+0x8a/0x194 [ 31.805367] ? ntfs_read_locked_inode+0x425a/0x5000 [ 31.810499] __asan_report_load_n_noabort+0x6b/0x80 [ 31.815780] ? ntfs_read_locked_inode+0x425a/0x5000 [ 31.820910] ntfs_read_locked_inode+0x425a/0x5000 [ 31.825743] ? _raw_spin_unlock+0x29/0x40 [ 31.830335] ? iget5_locked+0x129/0x450 [ 31.834439] ? ntfs_index_lookup+0x2780/0x2780 [ 31.839054] ntfs_iget+0xfa/0x130 [ 31.842495] ? ntfs_read_locked_inode+0x5000/0x5000 [ 31.847655] ntfs_fill_super+0xa5a/0x7170 [ 31.851915] ? vsnprintf+0x260/0x1340 [ 31.855708] ? pointer+0x9e0/0x9e0 [ 31.859424] ? lock_downgrade+0x740/0x740 [ 31.863816] ? ntfs_big_inode_init_once+0x20/0x20 [ 31.868645] ? snprintf+0xa5/0xd0 [ 31.872086] ? vsprintf+0x30/0x30 [ 31.875653] ? ns_test_super+0x50/0x50 [ 31.879529] ? set_blocksize+0x125/0x380 [ 31.883577] mount_bdev+0x2b3/0x360 [ 31.887190] ? ntfs_big_inode_init_once+0x20/0x20 [ 31.892068] mount_fs+0x92/0x2a0 [ 31.895422] vfs_kern_mount.part.0+0x5b/0x470 [ 31.900073] do_mount+0xe53/0x2a00 [ 31.903603] ? copy_mount_string+0x40/0x40 [ 31.907877] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 31.912926] ? copy_mnt_ns+0xa30/0xa30 [ 31.916801] ? copy_mount_options+0x1fa/0x2f0 [ 31.921353] ? copy_mnt_ns+0xa30/0xa30 [ 31.925223] SyS_mount+0xa8/0x120 [ 31.928658] ? copy_mnt_ns+0xa30/0xa30 [ 31.932719] do_syscall_64+0x1d5/0x640 [ 31.936595] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.941954] RIP: 0033:0x4494fa [ 31.945295] RSP: 002b:00007ffcc6fe8988 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 31.953097] RAX: ffffffffffffffda RBX: 00007ffcc6fe89e0 RCX: 00000000004494fa [ 31.960398] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcc6fe89a0 [ 31.967858] RBP: 00007ffcc6fe89a0 R08: 00007ffcc6fe89e0 R09: 0000000000000000 [ 31.975164] R10: 0000000000000000 R11: 0000000000000287 R12: 00000000000000ab [ 31.982422] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 31.989682] [ 31.991348] The buggy address belongs to the page: [ 31.996266] page:ffffea00022e2000 count:0 mapcount:0 mapping: (null) index:0x1 [ 32.004392] flags: 0xfff00000000000() [ 32.008179] raw: 00fff00000000000 0000000000000000 0000000000000001 00000000ffffffff [ 32.016182] raw: ffffea00022e2060 ffffea00022e1fe0 0000000000000000 0000000000000000 [ 32.024170] page dumped because: kasan: bad access detected [ 32.029864] [ 32.031480] Memory state around the buggy address: [ 32.036394] ffff88808b880280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.043789] ffff88808b880300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.051133] >ffff88808b880380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.058479] ^ [ 32.064702] ffff88808b880400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.072221] ffff88808b880480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.079623] ================================================================== [ 32.087055] Disabling lock debugging due to kernel taint [ 32.093399] Kernel panic - not syncing: panic_on_warn set ... [ 32.093399] [ 32.101003] CPU: 1 PID: 8003 Comm: syz-executor224 Tainted: G B 4.14.210-syzkaller #0 [ 32.110220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.119574] Call Trace: [ 32.122313] dump_stack+0x1b2/0x283 [ 32.125942] panic+0x1f9/0x42d [ 32.129130] ? add_taint.cold+0x16/0x16 [ 32.133095] ? ___preempt_schedule+0x16/0x18 [ 32.137585] kasan_end_report+0x43/0x49 [ 32.141552] kasan_report_error.cold+0xa7/0x194 [ 32.146219] ? ntfs_read_locked_inode+0x425a/0x5000 [ 32.153381] __asan_report_load_n_noabort+0x6b/0x80 [ 32.158386] ? ntfs_read_locked_inode+0x425a/0x5000 [ 32.163392] ntfs_read_locked_inode+0x425a/0x5000 [ 32.168280] ? _raw_spin_unlock+0x29/0x40 [ 32.172486] ? iget5_locked+0x129/0x450 [ 32.176451] ? ntfs_index_lookup+0x2780/0x2780 [ 32.181024] ntfs_iget+0xfa/0x130 [ 32.184524] ? ntfs_read_locked_inode+0x5000/0x5000 [ 32.189541] ntfs_fill_super+0xa5a/0x7170 [ 32.193684] ? vsnprintf+0x260/0x1340 [ 32.197613] ? pointer+0x9e0/0x9e0 [ 32.201142] ? lock_downgrade+0x740/0x740 [ 32.205275] ? ntfs_big_inode_init_once+0x20/0x20 [ 32.210106] ? snprintf+0xa5/0xd0 [ 32.213684] ? vsprintf+0x30/0x30 [ 32.217125] ? ns_test_super+0x50/0x50 [ 32.221096] ? set_blocksize+0x125/0x380 [ 32.225237] mount_bdev+0x2b3/0x360 [ 32.228856] ? ntfs_big_inode_init_once+0x20/0x20 [ 32.233875] mount_fs+0x92/0x2a0 [ 32.237236] vfs_kern_mount.part.0+0x5b/0x470 [ 32.241814] do_mount+0xe53/0x2a00 [ 32.245348] ? copy_mount_string+0x40/0x40 [ 32.249628] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 32.254642] ? copy_mnt_ns+0xa30/0xa30 [ 32.258591] ? copy_mount_options+0x1fa/0x2f0 [ 32.263076] ? copy_mnt_ns+0xa30/0xa30 [ 32.266980] SyS_mount+0xa8/0x120 [ 32.270448] ? copy_mnt_ns+0xa30/0xa30 [ 32.274336] do_syscall_64+0x1d5/0x640 [ 32.278222] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.283404] RIP: 0033:0x4494fa [ 32.286582] RSP: 002b:00007ffcc6fe8988 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 32.294528] RAX: ffffffffffffffda RBX: 00007ffcc6fe89e0 RCX: 00000000004494fa [ 32.301788] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcc6fe89a0 [ 32.309250] RBP: 00007ffcc6fe89a0 R08: 00007ffcc6fe89e0 R09: 0000000000000000 [ 32.316589] R10: 0000000000000000 R11: 0000000000000287 R12: 00000000000000ab [ 32.323990] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 32.331952] Kernel Offset: disabled [ 32.335578] Rebooting in 86400 seconds..