[ 46.206461] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. 2020/03/16 21:57:50 parsed 1 programs 2020/03/16 21:57:50 executed programs: 0 [ 51.418280] IPVS: ftp: loaded support on port[0] = 21 [ 51.455610] IPVS: ftp: loaded support on port[0] = 21 [ 51.460038] IPVS: ftp: loaded support on port[0] = 21 [ 51.462775] IPVS: ftp: loaded support on port[0] = 21 [ 51.467395] IPVS: ftp: loaded support on port[0] = 21 [ 51.473053] IPVS: ftp: loaded support on port[0] = 21 [ 51.530384] ntfs: (device loop5): is_boot_sector_ntfs(): Invalid end of sector marker. [ 51.545162] ntfs: (device loop5): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 51.554192] ntfs: (device loop5): map_mft_record(): Failed with error code 5. [ 51.561500] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 51.574954] ntfs: (device loop5): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 51.596514] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. [ 51.606306] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 51.615290] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 51.622603] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 51.635583] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 51.649967] ntfs: volume version 3.1. [ 51.661740] ================================================================== [ 51.662801] ntfs: volume version 3.1. [ 51.669131] BUG: KASAN: use-after-free in ntfs_read_locked_inode+0x4429/0x52a0 [ 51.669135] Read of size 8 at addr ffff8881bae342e8 by task syz-executor/4458 [ 51.669136] [ 51.669141] CPU: 1 PID: 4458 Comm: syz-executor Not tainted 5.6.0-rc6-syzkaller #0 [ 51.669144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.669146] Call Trace: [ 51.669154] dump_stack+0x12f/0x187 [ 51.669160] ? ntfs_read_locked_inode+0x4429/0x52a0 [ 51.702010] ntfs: volume version 3.1. [ 51.706345] print_address_description.constprop.8+0x3b/0x60 [ 51.706352] ? ntfs_read_locked_inode+0x4429/0x52a0 [ 51.706355] ? ntfs_read_locked_inode+0x4429/0x52a0 [ 51.706358] __kasan_report.cold.11+0x1b/0x32 [ 51.706362] ? ntfs_read_locked_inode+0x4429/0x52a0 [ 51.706366] kasan_report+0x12/0x20 [ 51.706370] __asan_report_load_n_noabort+0xf/0x20 [ 51.706374] ntfs_read_locked_inode+0x4429/0x52a0 [ 51.706379] ntfs_iget+0xe6/0x120 [ 51.706383] ? ntfs_read_locked_inode+0x52a0/0x52a0 [ 51.706390] ? kfree+0x1d6/0x290 [ 51.771999] load_system_files+0x55fa/0x6530 [ 51.776420] ? __mutex_lock+0x40b/0x1400 [ 51.780469] ? ntfs_remount+0x420/0x420 [ 51.784431] ? __kasan_check_write+0x14/0x20 [ 51.789165] ? ntfs_read_inode_mount+0xc63/0x20c0 [ 51.793984] ? wait_for_completion+0x460/0x460 [ 51.798572] ntfs_fill_super+0x12a6/0x2d40 [ 51.802796] ? snprintf+0x91/0xc0 [ 51.806229] ? vsprintf+0x20/0x20 [ 51.809669] mount_bdev+0x27b/0x340 [ 51.813285] ? load_system_files+0x6530/0x6530 [ 51.817846] ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0 [ 51.822666] ntfs_mount+0x10/0x20 [ 51.826099] legacy_get_tree+0x103/0x1f0 [ 51.830139] vfs_get_tree+0x8b/0x2d0 [ 51.833830] ? capable+0x14/0x20 [ 51.837193] do_mount+0x1285/0x1b70 [ 51.840821] ? lock_downgrade+0x900/0x900 [ 51.844969] ? copy_mount_string+0x20/0x20 [ 51.849193] ? __kasan_check_write+0x14/0x20 [ 51.853609] ? _copy_from_user+0xd6/0x110 [ 51.857737] __x64_sys_mount+0x169/0x1c0 [ 51.861778] do_syscall_64+0xd0/0x630 [ 51.865559] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.870731] RIP: 0033:0x457e5a [ 51.873901] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 51.892874] RSP: 002b:00007fefa4581bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 51.900569] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457e5a [ 51.907836] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fefa4581c00 [ 51.915151] RBP: 000000000000005a R08: 0000000020077a00 R09: 0000000020000000 [ 51.922403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 51.929658] R13: 000000000000066c R14: 00000000006fcac0 R15: 0000000000000000 [ 51.936917] [ 51.938523] The buggy address belongs to the page: [ 51.943431] page:ffffea0006eb8d00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 51.951808] flags: 0x2fffc0000000000() [ 51.955784] raw: 02fffc0000000000 ffffea0006eb8d48 ffffea0006eb9888 0000000000000000 [ 51.963655] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 51.971537] page dumped because: kasan: bad access detected [ 51.977234] [ 51.978845] Memory state around the buggy address: [ 51.983754] ffff8881bae34180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.991118] ffff8881bae34200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 51.998473] >ffff8881bae34280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.005820] ^ [ 52.012582] ffff8881bae34300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.019963] ffff8881bae34380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.027316] ================================================================== [ 52.034664] Disabling lock debugging due to kernel taint [ 52.040206] Kernel panic - not syncing: panic_on_warn set ... [ 52.046090] CPU: 1 PID: 4458 Comm: syz-executor Tainted: G B 5.6.0-rc6-syzkaller #0 [ 52.055264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.064599] Call Trace: [ 52.067225] dump_stack+0x12f/0x187 [ 52.070841] ? ntfs_read_locked_inode+0x43a0/0x52a0 [ 52.075841] panic+0x22a/0x4f5 [ 52.079011] ? add_taint.cold.7+0x11/0x11 [ 52.083138] ? do_raw_spin_unlock+0x54/0x260 [ 52.087527] ? do_raw_spin_unlock+0x54/0x260 [ 52.091963] ? ntfs_read_locked_inode+0x4429/0x52a0 [ 52.096957] ? ntfs_read_locked_inode+0x4429/0x52a0 [ 52.101953] end_report+0x47/0x4f [ 52.105387] __kasan_report.cold.11+0xe/0x32 [ 52.109795] ? ntfs_read_locked_inode+0x4429/0x52a0 [ 52.114801] kasan_report+0x12/0x20 [ 52.118414] __asan_report_load_n_noabort+0xf/0x20 [ 52.123324] ntfs_read_locked_inode+0x4429/0x52a0 [ 52.128151] ntfs_iget+0xe6/0x120 [ 52.131584] ? ntfs_read_locked_inode+0x52a0/0x52a0 [ 52.136586] ? kfree+0x1d6/0x290 [ 52.139928] load_system_files+0x55fa/0x6530 [ 52.144341] ? __mutex_lock+0x40b/0x1400 [ 52.148385] ? ntfs_remount+0x420/0x420 [ 52.152338] ? __kasan_check_write+0x14/0x20 [ 52.156737] ? ntfs_read_inode_mount+0xc63/0x20c0 [ 52.161564] ? wait_for_completion+0x460/0x460 [ 52.166142] ntfs_fill_super+0x12a6/0x2d40 [ 52.170354] ? snprintf+0x91/0xc0 [ 52.173785] ? vsprintf+0x20/0x20 [ 52.177216] mount_bdev+0x27b/0x340 [ 52.180835] ? load_system_files+0x6530/0x6530 [ 52.185396] ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0 [ 52.190215] ntfs_mount+0x10/0x20 [ 52.193651] legacy_get_tree+0x103/0x1f0 [ 52.197700] vfs_get_tree+0x8b/0x2d0 [ 52.201406] ? capable+0x14/0x20 [ 52.204757] do_mount+0x1285/0x1b70 [ 52.208370] ? lock_downgrade+0x900/0x900 [ 52.212500] ? copy_mount_string+0x20/0x20 [ 52.216721] ? __kasan_check_write+0x14/0x20 [ 52.221179] ? _copy_from_user+0xd6/0x110 [ 52.225309] __x64_sys_mount+0x169/0x1c0 [ 52.229445] do_syscall_64+0xd0/0x630 [ 52.233234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.238599] RIP: 0033:0x457e5a [ 52.241796] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 52.260694] RSP: 002b:00007fefa4581bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 52.268397] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457e5a [ 52.275647] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fefa4581c00 [ 52.282983] RBP: 000000000000005a R08: 0000000020077a00 R09: 0000000020000000 [ 52.290234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 52.297496] R13: 000000000000066c R14: 00000000006fcac0 R15: 0000000000000000 [ 52.305354] Kernel Offset: disabled [ 52.308965] Rebooting in 86400 seconds..