INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   43.661596] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker.
[   43.672539] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt.  Run chkdsk.
[   43.681512] ntfs: (device loop0): map_mft_record(): Failed with error code 5.
[   43.688800] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[   43.701034] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[   43.713391] ntfs: (device loop0): map_mft_record_page(): Mft record 0xa is corrupt.  Run chkdsk.
[   43.722328] ntfs: (device loop0): map_mft_record(): Failed with error code 5.
[   43.729611] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[   43.741846] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[   43.753032] ntfs: volume version 3.1.
executing program
[   43.756849] ntfs: (device loop0): map_mft_record_page(): Mft record 0x2 is corrupt.  Run chkdsk.
executing program
[   43.789254] ntfs: volume version 3.1.
executing program
executing program
[   43.811905] ntfs: volume version 3.1.
[   43.831751] ntfs: volume version 3.1.
[   43.852818] ntfs: volume version 3.1.
[   43.857690] ==================================================================
[   43.865042] BUG: KASAN: use-after-free in ntfs_read_locked_inode+0x47fe/0x51b0
[   43.872373] Read of size 8 at addr ffff8801becc42e8 by task syzkaller675411/4496
[   43.879871] 
[   43.881470] CPU: 0 PID: 4496 Comm: syzkaller675411 Not tainted 4.16.0+ #15
[   43.888451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.897775] Call Trace:
[   43.900341]  dump_stack+0x1a7/0x27d
[   43.903939]  ? arch_local_irq_restore+0x53/0x53
[   43.908578]  ? show_regs_print_info+0x18/0x18
[   43.913045]  ? kasan_check_write+0x14/0x20
[   43.917252]  ? ntfs_read_locked_inode+0x47fe/0x51b0
[   43.922241]  print_address_description+0x73/0x250
[   43.927054]  ? ntfs_read_locked_inode+0x47fe/0x51b0
[   43.932056]  kasan_report+0x23c/0x360
[   43.935828]  __asan_report_load_n_noabort+0xf/0x20
[   43.940727]  ntfs_read_locked_inode+0x47fe/0x51b0
[   43.945538]  ? inode_lru_isolate+0x4e0/0x4e0
[   43.949917]  ? rcu_note_context_switch+0x710/0x710
[   43.954817]  ntfs_iget+0x1ab/0x240
[   43.958325]  ? up_write+0x72/0x210
[   43.961834]  ? ntfs_read_locked_inode+0x51b0/0x51b0
[   43.966819]  ? down_read+0x1b0/0x1b0
[   43.970506]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   43.975403]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   43.980307]  load_system_files+0x5f06/0x6c80
[   43.984687]  ? ntfs_map_page+0x310/0x310
[   43.988805]  ? lock_downgrade+0x980/0x980
[   43.992923]  ? lock_release+0xa40/0xa40
[   43.996883]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   44.001609]  ? modules_open+0xa0/0xa0
[   44.005382]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   44.010111]  ? modules_open+0xa0/0xa0
[   44.013881]  ? __bpf_trace_bpf_map_next_key+0x50/0x50
[   44.019042]  ? kasan_check_read+0x11/0x20
[   44.023162]  ? is_bpf_text_address+0x7b/0x120
[   44.027630]  ? lock_downgrade+0x980/0x980
[   44.031749]  ? lock_release+0xa40/0xa40
[   44.035689]  ? kasan_check_read+0x11/0x20
[   44.039808]  ? rcu_is_watching+0x85/0x130
[   44.043925]  ? rcu_report_exp_cpu_mult+0x480/0x480
[   44.048824]  ? is_bpf_text_address+0xa4/0x120
[   44.053289]  ? kernel_text_address+0xd1/0xe0
[   44.057666]  ? __unwind_start+0x169/0x330
[   44.061784]  ? unwind_get_return_address+0x61/0xa0
[   44.066684]  ? __save_stack_trace+0x7e/0xd0
[   44.070976]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   44.075874]  ? check_same_owner+0x320/0x320
[   44.080164]  ? rcu_note_context_switch+0x710/0x710
[   44.085064]  ? save_stack+0xa3/0xd0
[   44.088663]  ? __might_sleep+0x95/0x190
[   44.092609]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   44.097512]  ? __alloc_pages_nodemask+0x85e/0xdd0
[   44.102323]  ? ksys_mount+0xab/0x120
[   44.106008]  ? SyS_mount+0x39/0x50
[   44.109517]  ? do_syscall_64+0x281/0x940
[   44.113551]  ? __alloc_pages_slowpath+0x2d30/0x2d30
[   44.118537]  ? do_raw_spin_lock+0xc1/0x230
[   44.122742]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   44.127642]  ? ntfs_fill_super+0x147d/0x2fb0
[   44.132022]  ? lock_downgrade+0x980/0x980
[   44.136140]  ? rcu_note_context_switch+0x710/0x710
[   44.141040]  ? kasan_unpoison_shadow+0x35/0x50
[   44.145591]  ? vmap_page_range_noflush+0x53e/0x740
[   44.150493]  ? kasan_check_write+0x14/0x20
[   44.154699]  ? __mutex_unlock_slowpath+0x181/0x7e0
[   44.159598]  ? __vmalloc_node_range+0x37a/0x650
[   44.164239]  ? memset+0x31/0x40
[   44.167492]  ? generate_default_upcase+0x40d/0x4e0
[   44.172392]  ntfs_fill_super+0x1485/0x2fb0
[   44.176602]  mount_bdev+0x2b7/0x370
[   44.180199]  ? load_system_files+0x6c80/0x6c80
[   44.184755]  ntfs_mount+0x34/0x40
[   44.188181]  mount_fs+0x66/0x2d0
[   44.191517]  vfs_kern_mount.part.26+0xc6/0x4a0
[   44.196069]  ? may_umount+0xa0/0xa0
[   44.199668]  ? _raw_read_unlock+0x22/0x30
[   44.203787]  ? __get_fs_type+0x8a/0xc0
[   44.207645]  do_mount+0xea4/0x2b90
[   44.211157]  ? copy_mount_string+0x40/0x40
[   44.215368]  ? rcu_pm_notify+0xc0/0xc0
[   44.219226]  ? copy_mount_options+0x5f/0x2e0
[   44.223602]  ? rcu_read_lock_sched_held+0x108/0x120
[   44.228772]  ? kmem_cache_alloc_trace+0x459/0x740
[   44.233584]  ? kasan_check_write+0x14/0x20
[   44.237789]  ? _copy_from_user+0x99/0x110
[   44.241910]  ? copy_mount_options+0x1f7/0x2e0
[   44.246376]  ksys_mount+0xab/0x120
[   44.249886]  SyS_mount+0x39/0x50
[   44.253222]  ? ksys_mount+0x120/0x120
[   44.256996]  do_syscall_64+0x281/0x940
[   44.260857]  ? vmalloc_sync_all+0x30/0x30
[   44.264975]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   44.269700]  ? syscall_return_slowpath+0x550/0x550
[   44.274598]  ? syscall_return_slowpath+0x2ac/0x550
[   44.279497]  ? prepare_exit_to_usermode+0x350/0x350
[   44.284482]  ? retint_user+0x18/0x18
[   44.288168]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.292982]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.298140] RIP: 0033:0x44597a
[   44.301299] RSP: 002b:00007ffe9dfbd7d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[   44.308976] RAX: ffffffffffffffda RBX: 0000000020000a80 RCX: 000000000044597a
[   44.316219] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe9dfbd850
[   44.323461] RBP: 0000000000000003 R08: 0000000020077a00 R09: 000000000000000a
[   44.330701] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[   44.337943] R13: 000000000000ab33 R14: 0000000000000000 R15: 0000000000000000
[   44.345187] 
[   44.346783] The buggy address belongs to the page:
[   44.351683] page:ffffea0006fb3100 count:0 mapcount:0 mapping:0000000000000000 index:0x1
[   44.359797] flags: 0x2fffc0000000000()
[   44.363657] raw: 02fffc0000000000 0000000000000000 0000000000000001 00000000ffffffff
[   44.371514] raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
[   44.379370] page dumped because: kasan: bad access detected
[   44.385052] 
[   44.386648] Memory state around the buggy address:
[   44.391550]  ffff8801becc4180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   44.398883]  ffff8801becc4200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   44.406216] >ffff8801becc4280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   44.413543]                                                           ^
[   44.420377]  ffff8801becc4300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   44.427708]  ffff8801becc4380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   44.435381] ==================================================================
[   44.442707] Disabling lock debugging due to kernel taint
[   44.448228] Kernel panic - not syncing: panic_on_warn set ...
[   44.448228] 
[   44.455572] CPU: 0 PID: 4496 Comm: syzkaller675411 Tainted: G    B            4.16.0+ #15
[   44.463857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.473181] Call Trace:
[   44.475743]  dump_stack+0x1a7/0x27d
[   44.479341]  ? arch_local_irq_restore+0x53/0x53
[   44.484592]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   44.489319]  ? vsnprintf+0x1ed/0x1900
[   44.493090]  ? ntfs_read_locked_inode+0x4740/0x51b0
[   44.498089]  panic+0x1f8/0x42c
[   44.501263]  ? refcount_error_report+0x214/0x214
[   44.505995]  ? do_raw_spin_unlock+0x9e/0x310
[   44.510373]  ? do_raw_spin_unlock+0x9e/0x310
[   44.514751]  ? ntfs_read_locked_inode+0x47fe/0x51b0
[   44.519740]  kasan_end_report+0x50/0x50
[   44.523697]  kasan_report+0x149/0x360
[   44.527469]  __asan_report_load_n_noabort+0xf/0x20
[   44.532371]  ntfs_read_locked_inode+0x47fe/0x51b0
[   44.537186]  ? inode_lru_isolate+0x4e0/0x4e0
[   44.541565]  ? rcu_note_context_switch+0x710/0x710
[   44.546465]  ntfs_iget+0x1ab/0x240
[   44.549974]  ? up_write+0x72/0x210
[   44.553486]  ? ntfs_read_locked_inode+0x51b0/0x51b0
[   44.558472]  ? down_read+0x1b0/0x1b0
[   44.562153]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   44.567050]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   44.571950]  load_system_files+0x5f06/0x6c80
[   44.576332]  ? ntfs_map_page+0x310/0x310
[   44.580368]  ? lock_downgrade+0x980/0x980
[   44.584487]  ? lock_release+0xa40/0xa40
[   44.588432]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   44.593159]  ? modules_open+0xa0/0xa0
[   44.596930]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   44.601656]  ? modules_open+0xa0/0xa0
[   44.605428]  ? __bpf_trace_bpf_map_next_key+0x50/0x50
[   44.610591]  ? kasan_check_read+0x11/0x20
[   44.614711]  ? is_bpf_text_address+0x7b/0x120
[   44.619180]  ? lock_downgrade+0x980/0x980
[   44.623300]  ? lock_release+0xa40/0xa40
[   44.627246]  ? kasan_check_read+0x11/0x20
[   44.631368]  ? rcu_is_watching+0x85/0x130
[   44.635486]  ? rcu_report_exp_cpu_mult+0x480/0x480
[   44.640385]  ? is_bpf_text_address+0xa4/0x120
[   44.644848]  ? kernel_text_address+0xd1/0xe0
[   44.649226]  ? __unwind_start+0x169/0x330
[   44.653350]  ? unwind_get_return_address+0x61/0xa0
[   44.658249]  ? __save_stack_trace+0x7e/0xd0
[   44.662537]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   44.667439]  ? check_same_owner+0x320/0x320
[   44.671732]  ? rcu_note_context_switch+0x710/0x710
[   44.676630]  ? save_stack+0xa3/0xd0
[   44.680227]  ? __might_sleep+0x95/0x190
[   44.684171]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   44.689072]  ? __alloc_pages_nodemask+0x85e/0xdd0
[   44.693884]  ? ksys_mount+0xab/0x120
[   44.697566]  ? SyS_mount+0x39/0x50
[   44.701089]  ? do_syscall_64+0x281/0x940
[   44.705118]  ? __alloc_pages_slowpath+0x2d30/0x2d30
[   44.710105]  ? do_raw_spin_lock+0xc1/0x230
[   44.714308]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   44.719206]  ? ntfs_fill_super+0x147d/0x2fb0
[   44.723583]  ? lock_downgrade+0x980/0x980
[   44.727700]  ? rcu_note_context_switch+0x710/0x710
[   44.732599]  ? kasan_unpoison_shadow+0x35/0x50
[   44.737151]  ? vmap_page_range_noflush+0x53e/0x740
[   44.742049]  ? kasan_check_write+0x14/0x20
[   44.746253]  ? __mutex_unlock_slowpath+0x181/0x7e0
[   44.751154]  ? __vmalloc_node_range+0x37a/0x650
[   44.755795]  ? memset+0x31/0x40
[   44.759044]  ? generate_default_upcase+0x40d/0x4e0
[   44.763942]  ntfs_fill_super+0x1485/0x2fb0
[   44.768149]  mount_bdev+0x2b7/0x370
[   44.771743]  ? load_system_files+0x6c80/0x6c80
[   44.776307]  ntfs_mount+0x34/0x40
[   44.779730]  mount_fs+0x66/0x2d0
[   44.783066]  vfs_kern_mount.part.26+0xc6/0x4a0
[   44.787615]  ? may_umount+0xa0/0xa0
[   44.791212]  ? _raw_read_unlock+0x22/0x30
[   44.795328]  ? __get_fs_type+0x8a/0xc0
[   44.799189]  do_mount+0xea4/0x2b90
[   44.802711]  ? copy_mount_string+0x40/0x40
[   44.806915]  ? rcu_pm_notify+0xc0/0xc0
[   44.810787]  ? copy_mount_options+0x5f/0x2e0
[   44.815165]  ? rcu_read_lock_sched_held+0x108/0x120
[   44.820149]  ? kmem_cache_alloc_trace+0x459/0x740
[   44.824959]  ? kasan_check_write+0x14/0x20
[   44.829168]  ? _copy_from_user+0x99/0x110
[   44.833286]  ? copy_mount_options+0x1f7/0x2e0
[   44.837750]  ksys_mount+0xab/0x120
[   44.841260]  SyS_mount+0x39/0x50
[   44.844596]  ? ksys_mount+0x120/0x120
[   44.848368]  do_syscall_64+0x281/0x940
[   44.852224]  ? vmalloc_sync_all+0x30/0x30
[   44.856358]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   44.861095]  ? syscall_return_slowpath+0x550/0x550
[   44.865994]  ? syscall_return_slowpath+0x2ac/0x550
[   44.870891]  ? prepare_exit_to_usermode+0x350/0x350
[   44.875878]  ? retint_user+0x18/0x18
[   44.879561]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.884372]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.889533] RIP: 0033:0x44597a
[   44.892695] RSP: 002b:00007ffe9dfbd7d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[   44.900374] RAX: ffffffffffffffda RBX: 0000000020000a80 RCX: 000000000044597a
[   44.907616] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe9dfbd850
[   44.914858] RBP: 0000000000000003 R08: 0000000020077a00 R09: 000000000000000a
[   44.922110] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[   44.929356] R13: 000000000000ab33 R14: 0000000000000000 R15: 0000000000000000
[   44.936986] Dumping ftrace buffer:
[   44.940495]    (ftrace buffer empty)
[   44.944176] Kernel Offset: disabled
[   44.947772] Rebooting in 86400 seconds..