syzkaller login: [ 44.788081] can: request_module (can-proto-0) failed. [ 44.792850] can: request_module (can-proto-0) failed. [ 45.670334] IPVS: ftp: loaded support on port[0] = 21 [ 45.829579] ip (3367) used greatest stack depth: 23920 bytes left [ 45.959100] ip (3438) used greatest stack depth: 23392 bytes left [ 46.365313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.434020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.725666] tipc: TX() has been purged, node left! [ 48.158905] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts. 2020/06/15 14:05:30 parsed 1 programs 2020/06/15 14:05:30 executed programs: 0 [ 54.522932] IPVS: ftp: loaded support on port[0] = 21 [ 54.533284] IPVS: ftp: loaded support on port[0] = 21 [ 54.547241] IPVS: ftp: loaded support on port[0] = 21 [ 54.555265] IPVS: ftp: loaded support on port[0] = 21 [ 54.567288] IPVS: ftp: loaded support on port[0] = 21 [ 54.567514] IPVS: ftp: loaded support on port[0] = 21 [ 54.677382] ntfs: (device loop4): is_boot_sector_ntfs(): Invalid end of sector marker. [ 54.688512] ntfs: (device loop4): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 54.698114] ntfs: (device loop4): map_mft_record(): Failed with error code 5. [ 54.705692] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 54.721190] ntfs: (device loop4): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 54.734893] ntfs: (device loop4): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 54.745078] ntfs: (device loop4): map_mft_record(): Failed with error code 5. [ 54.752658] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 54.766340] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 54.780994] ntfs: volume version 3.1. [ 54.784964] ntfs: (device loop4): map_mft_record_page(): Mft record 0x2 is corrupt. Run chkdsk. [ 54.800083] ntfs: volume version 3.1. [ 54.808534] ================================================================== [ 54.809784] ntfs: volume version 3.1. [ 54.816620] BUG: KASAN: use-after-free in ntfs_read_locked_inode+0x43f8/0x5250 [ 54.816624] Read of size 8 at addr ffff8881b549a2e8 by task syz-executor5/3741 [ 54.816625] [ 54.816631] CPU: 0 PID: 3741 Comm: syz-executor5 Not tainted 5.8.0-rc1-syzkaller #0 [ 54.816634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.816636] Call Trace: [ 54.816643] dump_stack+0x136/0x187 [ 54.816647] ? ntfs_read_locked_inode+0x43f8/0x5250 [ 54.816653] print_address_description.constprop.9+0x3f/0x60 [ 54.816658] ? ntfs_read_locked_inode+0x43f8/0x5250 [ 54.816661] ? ntfs_read_locked_inode+0x43f8/0x5250 [ 54.816666] kasan_report.cold.12+0x20/0x37 [ 54.855567] ntfs: volume version 3.1. [ 54.857508] ? ntfs_read_locked_inode+0x43f8/0x5250 [ 54.857516] __asan_report_load_n_noabort+0xf/0x20 [ 54.857520] ntfs_read_locked_inode+0x43f8/0x5250 [ 54.857526] ntfs_iget+0xe6/0x120 [ 54.908587] ? ntfs_read_locked_inode+0x5250/0x5250 [ 54.913791] ? kfree+0x1d6/0x290 [ 54.917237] load_system_files+0x5b5a/0x6230 [ 54.921640] ? __kasan_check_write+0x14/0x20 [ 54.926047] ? ntfs_remount+0x420/0x420 [ 54.930102] ? __kasan_check_write+0x14/0x20 [ 54.935576] ? ntfs_read_inode_mount+0xd5c/0x2140 [ 54.940533] ? wait_for_completion+0x280/0x280 [ 54.945130] ntfs_fill_super+0x1325/0x2e60 [ 54.949371] ? snprintf+0x91/0xc0 [ 54.952830] ? vsprintf+0x20/0x20 [ 54.956285] mount_bdev+0x27b/0x340 [ 54.959916] ? load_system_files+0x6230/0x6230 [ 54.964676] ? ntfs_rl_punch_nolock+0x1da0/0x1da0 [ 54.969879] ntfs_mount+0x10/0x20 [ 54.973330] legacy_get_tree+0x103/0x1f0 [ 54.977393] vfs_get_tree+0x8b/0x2d0 [ 54.981186] ? capable+0x14/0x20 [ 54.984553] do_mount+0x1293/0x1c40 [ 54.988178] ? lock_downgrade+0x960/0x960 [ 54.992319] ? copy_mount_string+0x20/0x20 [ 54.996545] ? ___might_sleep+0x13e/0x2b0 [ 55.000818] ? __kasan_check_write+0x14/0x20 [ 55.005229] ? _copy_from_user+0xc5/0x110 [ 55.009375] __x64_sys_mount+0x169/0x1c0 [ 55.013438] do_syscall_64+0x6e/0xf0 [ 55.017152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.022340] RIP: 0033:0x457e5a [ 55.025903] Code: Bad RIP value. [ 55.029265] RSP: 002b:00007fc8c1c4fbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 55.036973] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457e5a [ 55.044505] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc8c1c4fc00 [ 55.051888] RBP: 000000000000005a R08: 0000000020077a00 R09: 0000000020000000 [ 55.059877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 55.067314] R13: 000000000000066c R14: 00000000006fcac0 R15: 0000000000000000 [ 55.076148] [ 55.077807] The buggy address belongs to the page: [ 55.085089] page:ffffea0006d52680 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 55.093915] flags: 0x2fffc0000000000() [ 55.096432] ntfs: volume version 3.1. [ 55.098611] raw: 02fffc0000000000 ffffea0006d526c8 ffffea0006d52648 0000000000000000 [ 55.098615] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 55.098617] page dumped because: kasan: bad access detected [ 55.098619] [ 55.098627] Memory state around the buggy address: [ 55.133475] ffff8881b549a180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.138123] ntfs: volume version 3.1. [ 55.140930] ffff8881b549a200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.140933] >ffff8881b549a280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.140935] ^ [ 55.140938] ffff8881b549a300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.140942] ffff8881b549a380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 55.181214] ================================================================== [ 55.188567] Disabling lock debugging due to kernel taint [ 55.194146] Kernel panic - not syncing: panic_on_warn set ... [ 55.200031] CPU: 0 PID: 3741 Comm: syz-executor5 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 55.209205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.218768] Call Trace: [ 55.221355] dump_stack+0x136/0x187 [ 55.224995] ? ntfs_read_locked_inode+0x43f0/0x5250 [ 55.230092] panic+0x22a/0x4f5 [ 55.233263] ? __warn_printk+0xd6/0xd6 [ 55.237284] ? do_raw_spin_unlock+0x54/0x260 [ 55.241675] ? do_raw_spin_unlock+0x54/0x260 [ 55.246188] ? ntfs_read_locked_inode+0x43f8/0x5250 [ 55.251189] ? ntfs_read_locked_inode+0x43f8/0x5250 [ 55.256364] end_report+0x51/0x59 [ 55.259801] kasan_report.cold.12+0xe/0x37 [ 55.264057] ? ntfs_read_locked_inode+0x43f8/0x5250 [ 55.269078] __asan_report_load_n_noabort+0xf/0x20 [ 55.274006] ntfs_read_locked_inode+0x43f8/0x5250 [ 55.278922] ntfs_iget+0xe6/0x120 [ 55.282353] ? ntfs_read_locked_inode+0x5250/0x5250 [ 55.287356] ? kfree+0x1d6/0x290 [ 55.290699] load_system_files+0x5b5a/0x6230 [ 55.295115] ? __kasan_check_write+0x14/0x20 [ 55.299629] ? ntfs_remount+0x420/0x420 [ 55.304203] ? __kasan_check_write+0x14/0x20 [ 55.308594] ? ntfs_read_inode_mount+0xd5c/0x2140 [ 55.313422] ? wait_for_completion+0x280/0x280 [ 55.318003] ntfs_fill_super+0x1325/0x2e60 [ 55.322218] ? snprintf+0x91/0xc0 [ 55.325654] ? vsprintf+0x20/0x20 [ 55.329099] mount_bdev+0x27b/0x340 [ 55.332706] ? load_system_files+0x6230/0x6230 [ 55.337264] ? ntfs_rl_punch_nolock+0x1da0/0x1da0 [ 55.342196] ntfs_mount+0x10/0x20 [ 55.345633] legacy_get_tree+0x103/0x1f0 [ 55.349681] vfs_get_tree+0x8b/0x2d0 [ 55.353373] ? capable+0x14/0x20 [ 55.356784] do_mount+0x1293/0x1c40 [ 55.360936] ? lock_downgrade+0x960/0x960 [ 55.365067] ? copy_mount_string+0x20/0x20 [ 55.369299] ? ___might_sleep+0x13e/0x2b0 [ 55.373447] ? __kasan_check_write+0x14/0x20 [ 55.377837] ? _copy_from_user+0xc5/0x110 [ 55.381988] __x64_sys_mount+0x169/0x1c0 [ 55.386041] do_syscall_64+0x6e/0xf0 [ 55.389737] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.394900] RIP: 0033:0x457e5a [ 55.398069] Code: Bad RIP value. [ 55.401406] RSP: 002b:00007fc8c1c4fbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 55.409088] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457e5a [ 55.416733] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc8c1c4fc00 [ 55.424002] RBP: 000000000000005a R08: 0000000020077a00 R09: 0000000020000000 [ 55.431267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 55.438512] R13: 000000000000066c R14: 00000000006fcac0 R15: 0000000000000000 [ 55.446502] Kernel Offset: disabled [ 55.450114] Rebooting in 86400 seconds..