Warning: Permanently added '10.128.0.217' (ECDSA) to the list of known hosts. 2020/06/15 15:17:59 parsed 1 programs 2020/06/15 15:17:59 executed programs: 0 [ 55.184566] IPVS: ftp: loaded support on port[0] = 21 [ 55.184604] IPVS: ftp: loaded support on port[0] = 21 [ 55.197674] IPVS: ftp: loaded support on port[0] = 21 [ 55.207736] IPVS: ftp: loaded support on port[0] = 21 [ 55.217739] IPVS: ftp: loaded support on port[0] = 21 [ 55.223482] IPVS: ftp: loaded support on port[0] = 21 [ 55.386889] ntfs: (device loop2): is_boot_sector_ntfs(): Invalid end of sector marker. [ 55.396341] ================================================================== [ 55.403724] BUG: KASAN: use-after-free in ntfs_attr_find+0xa45/0xb70 [ 55.410337] Read of size 4 at addr ffff8881c885ad35 by task syz-executor2/3729 [ 55.410972] ntfs: (device loop1): is_boot_sector_ntfs(): Invalid end of sector marker. [ 55.417682] [ 55.417690] CPU: 0 PID: 3729 Comm: syz-executor2 Not tainted 5.8.0-rc1-syzkaller #0 [ 55.417692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.417694] Call Trace: [ 55.417705] dump_stack+0x136/0x187 [ 55.417712] ? ntfs_attr_find+0xa45/0xb70 [ 55.417717] print_address_description.constprop.9+0x3f/0x60 [ 55.417722] ? __kasan_kmalloc.constprop.8+0xc1/0xd0 [ 55.465632] ? ntfs_attr_find+0xa45/0xb70 [ 55.470194] ? ntfs_attr_find+0xa45/0xb70 [ 55.474332] kasan_report.cold.12+0x20/0x37 [ 55.478630] ? ntfs_attr_find+0xa45/0xb70 [ 55.482751] __asan_report_load_n_noabort+0xf/0x20 [ 55.487668] ntfs_attr_find+0xa45/0xb70 [ 55.491619] ? __alloc_pages_nodemask+0x55a/0x840 [ 55.496434] ? __kasan_check_write+0x14/0x20 [ 55.500817] ntfs_attr_lookup+0x10c9/0x2390 [ 55.505120] ? kasan_unpoison_shadow+0x35/0x50 [ 55.509701] ? __kasan_kmalloc.constprop.8+0xc1/0xd0 [ 55.514780] ? kmem_cache_alloc+0x309/0x740 [ 55.519076] ? ntfs_attr_reinit_search_ctx+0x3a0/0x3a0 [ 55.524326] ntfs_read_inode_mount+0x6c2/0x2140 [ 55.528968] ntfs_fill_super+0x1296/0x2e60 [ 55.533219] ? snprintf+0x91/0xc0 [ 55.536654] ? vsprintf+0x20/0x20 [ 55.540085] mount_bdev+0x27b/0x340 [ 55.543690] ? load_system_files+0x6230/0x6230 [ 55.548246] ? ntfs_rl_punch_nolock+0x1da0/0x1da0 [ 55.553061] ntfs_mount+0x10/0x20 [ 55.556487] legacy_get_tree+0x103/0x1f0 [ 55.560541] vfs_get_tree+0x8b/0x2d0 [ 55.564228] ? capable+0x14/0x20 [ 55.567566] do_mount+0x1293/0x1c40 [ 55.571168] ? lock_downgrade+0x960/0x960 [ 55.575302] ? copy_mount_string+0x20/0x20 [ 55.579511] ? ___might_sleep+0x13e/0x2b0 [ 55.583632] ? __kasan_check_write+0x14/0x20 [ 55.588014] ? _copy_from_user+0xc5/0x110 [ 55.592135] __x64_sys_mount+0x169/0x1c0 [ 55.596174] do_syscall_64+0x6e/0xf0 [ 55.599865] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.605027] RIP: 0033:0x457dea [ 55.608191] Code: Bad RIP value. [ 55.611530] RSP: 002b:00007faa1b304bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 55.619211] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457dea [ 55.626454] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007faa1b304c00 [ 55.635520] RBP: 0000000000000002 R08: 000000002007e200 R09: 0000000020000000 [ 55.642788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 55.650047] R13: 000000000000066c R14: 00000000006fbac0 R15: 0000000000000000 [ 55.657401] [ 55.659028] Allocated by task 2091: [ 55.662633] save_stack+0x21/0x50 [ 55.666074] __kasan_kmalloc.constprop.8+0xc1/0xd0 [ 55.671002] kasan_slab_alloc+0x12/0x20 [ 55.674949] kmem_cache_alloc+0x121/0x740 [ 55.679086] getname_flags+0xb8/0x510 [ 55.682861] user_path_at_empty+0x1e/0x40 [ 55.686984] vfs_statx+0xfc/0x2e0 [ 55.690411] __do_sys_newlstat+0x85/0xe0 [ 55.694459] __x64_sys_newlstat+0x4f/0x70 [ 55.698580] do_syscall_64+0x6e/0xf0 [ 55.702269] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.707428] [ 55.709031] Freed by task 2091: [ 55.712297] save_stack+0x21/0x50 [ 55.715722] __kasan_slab_free+0x11a/0x170 [ 55.719931] kasan_slab_free+0xe/0x10 [ 55.723707] kmem_cache_free+0x86/0x2e0 [ 55.727655] putname+0xa8/0xe0 [ 55.730821] filename_lookup.part.56+0x1e3/0x350 [ 55.735547] user_path_at_empty+0x39/0x40 [ 55.739665] vfs_statx+0xfc/0x2e0 [ 55.743088] __do_sys_newlstat+0x85/0xe0 [ 55.747120] __x64_sys_newlstat+0x4f/0x70 [ 55.751260] do_syscall_64+0x6e/0xf0 [ 55.754959] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.760117] [ 55.761758] The buggy address belongs to the object at ffff8881c885a680 [ 55.761758] which belongs to the cache names_cache of size 4096 [ 55.774486] The buggy address is located 1717 bytes inside of [ 55.774486] 4096-byte region [ffff8881c885a680, ffff8881c885b680) [ 55.786506] The buggy address belongs to the page: [ 55.791414] page:ffffea0007221680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea0007221680 order:1 compound_mapcount:0 [ 55.804129] flags: 0x2fffc0000010200(slab|head) [ 55.808800] raw: 02fffc0000010200 ffffea0007221408 ffffea000724dd08 ffff8881da1a1a80 [ 55.816653] raw: 0000000000000000 ffff8881c885a680 0000000100000001 0000000000000000 [ 55.824503] page dumped because: kasan: bad access detected [ 55.830184] [ 55.831787] Memory state around the buggy address: [ 55.836702] ffff8881c885ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.844552] ffff8881c885ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.851884] >ffff8881c885ad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.859229] ^ [ 55.864132] ffff8881c885ad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.871466] ffff8881c885ae00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.878795] ================================================================== [ 55.886129] Disabling lock debugging due to kernel taint [ 55.891629] Kernel panic - not syncing: panic_on_warn set ... [ 55.897518] CPU: 0 PID: 3729 Comm: syz-executor2 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 55.900923] ntfs: (device loop1): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 55.907735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.907738] Call Trace: [ 55.907751] dump_stack+0x136/0x187 [ 55.907757] ? ntfs_attr_find+0xa00/0xb70 [ 55.907762] panic+0x22a/0x4f5 [ 55.907766] ? __warn_printk+0xd6/0xd6 [ 55.907771] ? do_raw_spin_unlock+0x54/0x260 [ 55.907774] ? do_raw_spin_unlock+0x54/0x260 [ 55.907778] ? ntfs_attr_find+0xa45/0xb70 [ 55.907780] ? ntfs_attr_find+0xa45/0xb70 [ 55.907785] end_report+0x51/0x59 [ 55.907788] kasan_report.cold.12+0xe/0x37 [ 55.907791] ? ntfs_attr_find+0xa45/0xb70 [ 55.907799] __asan_report_load_n_noabort+0xf/0x20 [ 55.915539] ntfs: (device loop1): ntfs_read_inode_mount(): Failed to lookup attribute list attribute. You should run chkdsk. [ 55.924848] ntfs_attr_find+0xa45/0xb70 [ 55.924853] ? __alloc_pages_nodemask+0x55a/0x840 [ 55.924857] ? __kasan_check_write+0x14/0x20 [ 55.924861] ntfs_attr_lookup+0x10c9/0x2390 [ 55.924865] ? kasan_unpoison_shadow+0x35/0x50 [ 55.924868] ? __kasan_kmalloc.constprop.8+0xc1/0xd0 [ 55.924872] ? kmem_cache_alloc+0x309/0x740 [ 55.924876] ? ntfs_attr_reinit_search_ctx+0x3a0/0x3a0 [ 55.924881] ntfs_read_inode_mount+0x6c2/0x2140 [ 55.924887] ntfs_fill_super+0x1296/0x2e60 [ 55.927475] ntfs: (device loop1): ntfs_read_inode_mount(): Failed. Marking inode as bad. [ 55.931074] ? snprintf+0x91/0xc0 [ 55.931077] ? vsprintf+0x20/0x20 [ 55.931083] mount_bdev+0x27b/0x340 [ 55.931087] ? load_system_files+0x6230/0x6230 [ 55.935250] ntfs: (device loop1): ntfs_fill_super(): Failed to load essential metadata. [ 55.938397] ? ntfs_rl_punch_nolock+0x1da0/0x1da0 [ 55.938400] ntfs_mount+0x10/0x20 [ 55.938404] legacy_get_tree+0x103/0x1f0 [ 55.938410] vfs_get_tree+0x8b/0x2d0 [ 56.082058] ? capable+0x14/0x20 [ 56.085402] do_mount+0x1293/0x1c40 [ 56.089005] ? lock_downgrade+0x960/0x960 [ 56.093361] ? copy_mount_string+0x20/0x20 [ 56.097586] ? ___might_sleep+0x13e/0x2b0 [ 56.101723] ? __kasan_check_write+0x14/0x20 [ 56.106110] ? _copy_from_user+0xc5/0x110 [ 56.110408] __x64_sys_mount+0x169/0x1c0 [ 56.114455] do_syscall_64+0x6e/0xf0 [ 56.118154] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.123330] RIP: 0033:0x457dea [ 56.126598] Code: Bad RIP value. [ 56.129956] RSP: 002b:00007faa1b304bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 56.138076] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457dea [ 56.145342] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007faa1b304c00 [ 56.152612] RBP: 0000000000000002 R08: 000000002007e200 R09: 0000000020000000 [ 56.159875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 56.167143] R13: 000000000000066c R14: 00000000006fbac0 R15: 0000000000000000 [ 56.175371] Kernel Offset: disabled [ 56.178984] Rebooting in 86400 seconds..