[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.545844][ T6854] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. [ 47.558828][ T6854] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 47.571013][ T6854] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 47.587594][ T6854] ntfs: (device loop0): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 47.598271][ T6854] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 47.607054][ T6854] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 47.628583][ T6854] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. executing program [ 47.640704][ T6854] ntfs: (device loop0): map_mft_record_page(): Mft record 0x4 is corrupt. Run chkdsk. [ 47.651015][ T6854] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 47.659867][ T6854] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x4 as bad. Run chkdsk. executing program executing program [ 47.868782][ T6868] ================================================================== [ 47.876893][ T6868] BUG: KASAN: use-after-free in ntfs_read_locked_inode+0x3ac0/0x4e30 [ 47.884947][ T6868] Read of size 8 at addr ffff88808581be46 by task syz-executor932/6868 [ 47.893162][ T6868] [ 47.895490][ T6868] CPU: 0 PID: 6868 Comm: syz-executor932 Not tainted 5.9.0-rc6-syzkaller #0 [ 47.904158][ T6868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.914226][ T6868] Call Trace: [ 47.917509][ T6868] dump_stack+0x1d6/0x29e [ 47.921832][ T6868] print_address_description+0x66/0x620 [ 47.927376][ T6868] ? printk+0x62/0x83 [ 47.931351][ T6868] ? _raw_spin_lock_irqsave+0x84/0xd0 [ 47.936803][ T6868] ? vprintk_emit+0x2f0/0x370 [ 47.941557][ T6868] kasan_report+0x132/0x1d0 [ 47.946055][ T6868] ? kasan_save_stack+0x50/0x50 [ 47.950906][ T6868] ? ntfs_read_locked_inode+0x3ac0/0x4e30 [ 47.956803][ T6868] ntfs_read_locked_inode+0x3ac0/0x4e30 [ 47.962358][ T6868] ? ntfs_iget+0x130/0x130 [ 47.967488][ T6868] ? iget5_locked+0x120/0x3f0 [ 47.972504][ T6868] ? ntfs_iget+0x130/0x130 [ 47.976906][ T6868] ntfs_iget+0xc2/0x130 [ 47.981056][ T6868] ntfs_fill_super+0x1c43/0x8bd0 [ 47.985970][ T6868] ? set_blocksize+0x1f5/0x3c0 [ 47.990705][ T6868] mount_bdev+0x24f/0x360 [ 47.995020][ T6868] ? ntfs_mount+0x40/0x40 [ 47.999321][ T6868] legacy_get_tree+0xea/0x180 [ 48.005021][ T6868] ? ntfs_rl_punch_nolock+0x16f0/0x16f0 [ 48.010540][ T6868] vfs_get_tree+0x88/0x270 [ 48.014942][ T6868] path_mount+0x179d/0x29e0 [ 48.019417][ T6868] __se_sys_mount+0x126/0x180 [ 48.024077][ T6868] do_syscall_64+0x31/0x70 [ 48.028565][ T6868] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.034455][ T6868] RIP: 0033:0x4494fa [ 48.038329][ T6868] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 48.057921][ T6868] RSP: 002b:00007ffd7a0b1e08 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 48.066342][ T6868] RAX: ffffffffffffffda RBX: 00007ffd7a0b1e60 RCX: 00000000004494fa [ 48.074286][ T6868] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd7a0b1e20 [ 48.082250][ T6868] RBP: 00007ffd7a0b1e20 R08: 00007ffd7a0b1e60 R09: 0000000000000000 [ 48.090202][ T6868] R10: 0000000000000000 R11: 0000000000000287 R12: 00000000000000ab [ 48.098611][ T6868] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 48.106575][ T6868] [ 48.108895][ T6868] The buggy address belongs to the page: [ 48.114620][ T6868] page:00000000041400fc refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x8581b [ 48.125265][ T6868] flags: 0xfffe0000000000() [ 48.129760][ T6868] raw: 00fffe0000000000 ffffea000224b548 ffffea000224b508 0000000000000000 [ 48.138318][ T6868] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 48.146871][ T6868] page dumped because: kasan: bad access detected [ 48.153263][ T6868] [ 48.155668][ T6868] Memory state around the buggy address: [ 48.161280][ T6868] ffff88808581bd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.169312][ T6868] ffff88808581bd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.177359][ T6868] >ffff88808581be00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.185393][ T6868] ^ [ 48.191523][ T6868] ffff88808581be80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.199552][ T6868] ffff88808581bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.207606][ T6868] ================================================================== [ 48.215637][ T6868] Disabling lock debugging due to kernel taint [ 48.238491][ T6868] Kernel panic - not syncing: panic_on_warn set ... [ 48.245074][ T6868] CPU: 0 PID: 6868 Comm: syz-executor932 Tainted: G B 5.9.0-rc6-syzkaller #0 [ 48.255102][ T6868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.265131][ T6868] Call Trace: [ 48.268397][ T6868] dump_stack+0x1d6/0x29e [ 48.273523][ T6868] panic+0x2c0/0x800 [ 48.277938][ T6868] ? trace_hardirqs_on+0x30/0x80 [ 48.283218][ T6868] kasan_report+0x1c9/0x1d0 [ 48.287828][ T6868] ? kasan_save_stack+0x50/0x50 [ 48.292838][ T6868] ? ntfs_read_locked_inode+0x3ac0/0x4e30 [ 48.298620][ T6868] ntfs_read_locked_inode+0x3ac0/0x4e30 [ 48.304598][ T6868] ? ntfs_iget+0x130/0x130 [ 48.309291][ T6868] ? iget5_locked+0x120/0x3f0 [ 48.314028][ T6868] ? ntfs_iget+0x130/0x130 [ 48.318430][ T6868] ntfs_iget+0xc2/0x130 [ 48.322572][ T6868] ntfs_fill_super+0x1c43/0x8bd0 [ 48.327501][ T6868] ? set_blocksize+0x1f5/0x3c0 [ 48.332236][ T6868] mount_bdev+0x24f/0x360 [ 48.336539][ T6868] ? ntfs_mount+0x40/0x40 [ 48.340863][ T6868] legacy_get_tree+0xea/0x180 [ 48.345529][ T6868] ? ntfs_rl_punch_nolock+0x16f0/0x16f0 [ 48.351054][ T6868] vfs_get_tree+0x88/0x270 [ 48.355443][ T6868] path_mount+0x179d/0x29e0 [ 48.359919][ T6868] __se_sys_mount+0x126/0x180 [ 48.364590][ T6868] do_syscall_64+0x31/0x70 [ 48.368979][ T6868] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.374956][ T6868] RIP: 0033:0x4494fa [ 48.378820][ T6868] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 48.398412][ T6868] RSP: 002b:00007ffd7a0b1e08 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 48.406798][ T6868] RAX: ffffffffffffffda RBX: 00007ffd7a0b1e60 RCX: 00000000004494fa [ 48.414741][ T6868] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd7a0b1e20 [ 48.422682][ T6868] RBP: 00007ffd7a0b1e20 R08: 00007ffd7a0b1e60 R09: 0000000000000000 [ 48.430643][ T6868] R10: 0000000000000000 R11: 0000000000000287 R12: 00000000000000ab [ 48.438600][ T6868] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 48.447759][ T6868] Kernel Offset: disabled [ 48.452086][ T6868] Rebooting in 86400 seconds..