Hello, syzbot found the following issue on: HEAD commit: 0326074ff465 Merge tag 'net-next-6.1' of git://git.kernel... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16880492880000 kernel config: https://syzkaller.appspot.com/x/.config?x=e1de7ca9efcc028c dashboard link: https://syzkaller.appspot.com/bug?extid=f553b35c5f71737636f7 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: i386 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+f553b35c5f71737636f7@xxxxxxxxxxxxxxxxxxxxxxxxx general protection fault, probably for non-canonical address 0xdffffc0004e2d052: 0000 [#1] PREEMPT SMP KASAN KASAN: probably user-memory-access in range [0x0000000027168290-0x0000000027168297] CPU: 1 PID: 4671 Comm: syz-executor.1 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 RIP: 0010:ntfs_set_inode+0x4a/0x70 fs/ntfs3/inode.c:485 Code: 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 26 48 8d 7d 40 8b 1b 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 13 48 89 5d 40 31 c0 5b 5d c3 48 89 df e8 bf 73 1f RSP: 0018:ffffc90022fe7968 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 000000000000000a RCX: ffffc90003851000 RDX: 0000000004e2d052 RSI: ffffffff82a8af0d RDI: 0000000027168290 RBP: 0000000027168250 R08: 0000000000000001 R09: 0000000000000003 R10: fffff520045fcf21 R11: 0000000000000000 R12: ffffc90022fe7cb0 R13: ffffffff82a8aeff R14: 0000000000000000 R15: ffff888027168278 FS: 0000000000000000(0000) GS:ffff88802c900000(0063) knlGS:00000000f7fc9b40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00007f7612c78eb0 CR3: 0000000042c19000 CR4: 0000000000150ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> log_replay+0xf7f0/0xf7f0 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:ntfs_set_inode+0x4a/0x70 fs/ntfs3/inode.c:485 Code: 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 26 48 8d 7d 40 8b 1b 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 13 48 89 5d 40 31 c0 5b 5d c3 48 89 df e8 bf 73 1f RSP: 0018:ffffc90022fe7968 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 000000000000000a RCX: ffffc90003851000 RDX: 0000000004e2d052 RSI: ffffffff82a8af0d RDI: 0000000027168290 RBP: 0000000027168250 R08: 0000000000000001 R09: 0000000000000003 R10: fffff520045fcf21 R11: 0000000000000000 R12: ffffc90022fe7cb0 R13: ffffffff82a8aeff R14: 0000000000000000 R15: ffff888027168278 FS: 0000000000000000(0000) GS:ffff88802c900000(0063) knlGS:00000000f7fc9b40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00007f7612c78eb0 CR3: 0000000042c19000 CR4: 0000000000150ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 14 02 adc $0x2,%al 2: 48 89 d8 mov %rbx,%rax 5: 83 e0 07 and $0x7,%eax 8: 83 c0 03 add $0x3,%eax b: 38 d0 cmp %dl,%al d: 7c 04 jl 0x13 f: 84 d2 test %dl,%dl 11: 75 26 jne 0x39 13: 48 8d 7d 40 lea 0x40(%rbp),%rdi 17: 8b 1b mov (%rbx),%ebx 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 75 13 jne 0x43 30: 48 89 5d 40 mov %rbx,0x40(%rbp) 34: 31 c0 xor %eax,%eax 36: 5b pop %rbx 37: 5d pop %rbp 38: c3 retq 39: 48 89 df mov %rbx,%rdi 3c: e8 .byte 0xe8 3d: bf .byte 0xbf 3e: 73 1f jae 0x5f --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.