[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.328273] audit: type=1400 audit(1602408343.179:8): avc: denied { execmem } for pid=6501 comm="syz-executor251" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 41.358923] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. [ 41.369181] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 41.378609] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 41.386069] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 41.398966] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 41.412230] ntfs: (device loop0): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 41.421630] ntfs: (device loop0): map_mft_record(): Failed with error code 5. executing program [ 41.429005] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 41.441310] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 41.453306] ntfs: volume version 3.1. [ 41.527567] ntfs: volume version 3.1. [ 41.531476] ================================================================== [ 41.538848] BUG: KASAN: use-after-free in ntfs_are_names_equal+0x196/0x1a0 [ 41.545874] Read of size 2 at addr ffff88808d64fee8 by task syz-executor251/6511 [ 41.553408] [ 41.555062] CPU: 0 PID: 6511 Comm: syz-executor251 Not tainted 4.19.150-syzkaller #0 [ 41.562938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.572293] Call Trace: [ 41.574900] dump_stack+0x22c/0x33e [ 41.578536] print_address_description.cold+0x56/0x25c [ 41.583825] kasan_report_error.cold+0x66/0xb9 [ 41.588409] ? ntfs_are_names_equal+0x196/0x1a0 [ 41.593142] __asan_report_load2_noabort+0x88/0x90 [ 41.598067] ? copy_mnt_ns+0xae0/0xae0 [ 41.601977] ? ntfs_are_names_equal+0x196/0x1a0 [ 41.606682] ntfs_are_names_equal+0x196/0x1a0 [ 41.611161] ntfs_attr_find+0x436/0xb70 [ 41.615118] ntfs_attr_lookup+0x1087/0x2060 [ 41.619525] ? do_read_cache_page+0xfe/0x11d0 [ 41.624003] ? ntfs_end_buffer_async_read+0x1300/0x1300 [ 41.629350] ? check_preemption_disabled+0x41/0x2b0 [ 41.638754] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 41.644068] ? kmem_cache_alloc+0x31b/0x4a0 [ 41.648382] ntfs_attr_iget+0x652/0x2430 [ 41.652437] ? __ntfs_init_inode+0x500/0x500 [ 41.656838] ntfs_read_locked_inode+0x27c1/0x5490 [ 41.661665] ? ntfs_index_lookup.cold+0xc2/0xc2 [ 41.666334] ? ntfs_test_inode+0x2c0/0x2c0 [ 41.670561] ? iget5_locked+0x3c/0xd0 [ 41.674344] ntfs_iget+0x12d/0x180 [ 41.677867] ? ntfs_read_locked_inode+0x5490/0x5490 [ 41.682862] ? iput+0x511/0x890 [ 41.686138] ? kfree+0x1a7/0x250 [ 41.689496] ntfs_fill_super+0x552c/0x89d2 [ 41.693715] ? ntfs_remount+0x500/0x500 [ 41.697674] ? __mutex_add_waiter+0x160/0x160 [ 41.702150] ? set_blocksize+0x163/0x3f0 [ 41.706462] mount_bdev+0x2fc/0x3b0 [ 41.710139] ? ntfs_remount+0x500/0x500 [ 41.714168] mount_fs+0xa3/0x318 [ 41.717522] vfs_kern_mount.part.0+0x68/0x470 [ 41.721998] do_mount+0x51c/0x2f10 [ 41.725536] ? __do_page_fault+0x1ca/0xe00 [ 41.729754] ? copy_mount_string+0x40/0x40 [ 41.733969] ? copy_mount_options+0x1c3/0x370 [ 41.738467] ? copy_mount_options+0x1d0/0x370 [ 41.742945] ? memset+0x20/0x40 [ 41.746217] ? copy_mount_options+0x261/0x370 [ 41.750707] ksys_mount+0xcf/0x130 [ 41.754248] __x64_sys_mount+0xba/0x150 [ 41.758299] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 41.762864] do_syscall_64+0xf9/0x670 [ 41.766665] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.771838] RIP: 0033:0x44955a [ 41.775011] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 41.793901] RSP: 002b:00007ffca5b3c378 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 41.801685] RAX: ffffffffffffffda RBX: 00007ffca5b3c3d0 RCX: 000000000044955a [ 41.808949] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffca5b3c390 [ 41.816291] RBP: 00007ffca5b3c390 R08: 00007ffca5b3c3d0 R09: 0000000000000000 [ 41.823554] R10: 0000000000000000 R11: 0000000000000287 R12: 00000000000000ab [ 41.830817] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 41.838071] [ 41.839692] The buggy address belongs to the page: [ 41.844601] page:ffffea00023593c0 count:1 mapcount:0 mapping:ffff8880a4214308 index:0x80d0 [ 41.852995] flags: 0xfffe000004003c(referenced|uptodate|dirty|lru|swapbacked) [ 41.860249] raw: 00fffe000004003c ffffea00020f1448 ffffea00021d0708 ffff8880a4214308 [ 41.868137] raw: 00000000000080d0 0000000000000000 00000001ffffffff ffff88821b6e4b40 [ 41.876001] page dumped because: kasan: bad access detected [ 41.881789] page->mem_cgroup:ffff88821b6e4b40 [ 41.886261] [ 41.887870] Memory state around the buggy address: [ 41.892783] ffff88808d64fd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.900122] ffff88808d64fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.907459] >ffff88808d64fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.914805] ^ [ 41.921545] ffff88808d64ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.928900] ffff88808d64ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.936235] ================================================================== [ 41.943661] Disabling lock debugging due to kernel taint [ 41.949436] Kernel panic - not syncing: panic_on_warn set ... [ 41.949436] [ 41.956812] CPU: 0 PID: 6511 Comm: syz-executor251 Tainted: G B 4.19.150-syzkaller #0 [ 41.966081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.975438] Call Trace: [ 41.978032] dump_stack+0x22c/0x33e [ 41.981667] panic+0x2ac/0x565 [ 41.984857] ? __warn_printk+0xf3/0xf3 [ 41.988748] ? preempt_schedule_common+0x45/0xc0 [ 41.993499] ? ___preempt_schedule+0x16/0x18 [ 41.997898] ? trace_hardirqs_on+0x55/0x210 [ 42.002224] kasan_end_report+0x43/0x49 [ 42.006186] kasan_report_error.cold+0x83/0xb9 [ 42.010749] ? ntfs_are_names_equal+0x196/0x1a0 [ 42.015413] __asan_report_load2_noabort+0x88/0x90 [ 42.020339] ? copy_mnt_ns+0xae0/0xae0 [ 42.024216] ? ntfs_are_names_equal+0x196/0x1a0 [ 42.028885] ntfs_are_names_equal+0x196/0x1a0 [ 42.033373] ntfs_attr_find+0x436/0xb70 [ 42.037330] ntfs_attr_lookup+0x1087/0x2060 [ 42.041646] ? do_read_cache_page+0xfe/0x11d0 [ 42.046120] ? ntfs_end_buffer_async_read+0x1300/0x1300 [ 42.051472] ? check_preemption_disabled+0x41/0x2b0 [ 42.056491] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 42.061767] ? kmem_cache_alloc+0x31b/0x4a0 [ 42.066070] ntfs_attr_iget+0x652/0x2430 [ 42.070138] ? __ntfs_init_inode+0x500/0x500 [ 42.074547] ntfs_read_locked_inode+0x27c1/0x5490 [ 42.079373] ? ntfs_index_lookup.cold+0xc2/0xc2 [ 42.084050] ? ntfs_test_inode+0x2c0/0x2c0 [ 42.088275] ? iget5_locked+0x3c/0xd0 [ 42.092071] ntfs_iget+0x12d/0x180 [ 42.095608] ? ntfs_read_locked_inode+0x5490/0x5490 [ 42.100607] ? iput+0x511/0x890 [ 42.103865] ? kfree+0x1a7/0x250 [ 42.107212] ntfs_fill_super+0x552c/0x89d2 [ 42.111429] ? ntfs_remount+0x500/0x500 [ 42.115385] ? __mutex_add_waiter+0x160/0x160 [ 42.119860] ? set_blocksize+0x163/0x3f0 [ 42.123991] mount_bdev+0x2fc/0x3b0 [ 42.127618] ? ntfs_remount+0x500/0x500 [ 42.131589] mount_fs+0xa3/0x318 [ 42.134950] vfs_kern_mount.part.0+0x68/0x470 [ 42.139441] do_mount+0x51c/0x2f10 [ 42.142978] ? __do_page_fault+0x1ca/0xe00 [ 42.147210] ? copy_mount_string+0x40/0x40 [ 42.151423] ? copy_mount_options+0x1c3/0x370 [ 42.155907] ? copy_mount_options+0x1d0/0x370 [ 42.160740] ? memset+0x20/0x40 [ 42.164006] ? copy_mount_options+0x261/0x370 [ 42.168573] ksys_mount+0xcf/0x130 [ 42.172098] __x64_sys_mount+0xba/0x150 [ 42.176111] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 42.180693] do_syscall_64+0xf9/0x670 [ 42.184479] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.189662] RIP: 0033:0x44955a [ 42.192834] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 42.211743] RSP: 002b:00007ffca5b3c378 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 42.219453] RAX: ffffffffffffffda RBX: 00007ffca5b3c3d0 RCX: 000000000044955a [ 42.226703] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffca5b3c390 [ 42.233955] RBP: 00007ffca5b3c390 R08: 00007ffca5b3c3d0 R09: 0000000000000000 [ 42.241203] R10: 0000000000000000 R11: 0000000000000287 R12: 00000000000000ab [ 42.248463] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 42.257164] Kernel Offset: disabled [ 42.260807] Rebooting in 86400 seconds..