Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 46.887516] can: request_module (can-proto-0) failed. [ 46.896038] can: request_module (can-proto-0) failed. [ 47.803127] IPVS: ftp: loaded support on port[0] = 21 [ 48.152089] ip (3655) used greatest stack depth: 23424 bytes left [ 48.579955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.663669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.954521] tipc: TX() has been purged, node left! [ 50.580350] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.199' (ECDSA) to the list of known hosts. 2020/04/16 12:43:41 parsed 1 programs 2020/04/16 12:43:41 executed programs: 0 [ 56.439861] IPVS: ftp: loaded support on port[0] = 21 [ 56.454268] IPVS: ftp: loaded support on port[0] = 21 [ 56.457172] IPVS: ftp: loaded support on port[0] = 21 [ 56.468728] IPVS: ftp: loaded support on port[0] = 21 [ 56.472501] IPVS: ftp: loaded support on port[0] = 21 [ 56.515773] IPVS: ftp: loaded support on port[0] = 21 [ 56.564040] ntfs: (device loop5): is_boot_sector_ntfs(): Invalid end of sector marker. [ 56.575069] ntfs: (device loop5): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 56.585192] ntfs: (device loop5): map_mft_record(): Failed with error code 5. [ 56.592972] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 56.607016] ntfs: (device loop5): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 56.632332] ntfs: (device loop5): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 56.641472] ntfs: (device loop5): map_mft_record(): Failed with error code 5. [ 56.648873] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 56.712266] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. [ 56.719914] ntfs: (device loop5): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 56.745639] ntfs: volume version 3.1. [ 56.749970] ntfs: volume version 3.1. [ 56.751367] ntfs: volume version 3.1. [ 56.760360] ================================================================== [ 56.767744] BUG: KASAN: use-after-free in ntfs_read_locked_inode+0x442f/0x52a0 [ 56.775112] Read of size 8 at addr ffff8881b6d262e8 by task syz-executor5/3893 [ 56.782461] [ 56.784074] CPU: 0 PID: 3893 Comm: syz-executor5 Not tainted 5.7.0-rc1-syzkaller #0 [ 56.791876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.801340] Call Trace: [ 56.803920] dump_stack+0x12f/0x187 [ 56.804459] ntfs: volume version 3.1. [ 56.807541] ? ntfs_read_locked_inode+0x442f/0x52a0 [ 56.807545] ? ntfs_read_locked_inode+0x442f/0x52a0 [ 56.807550] print_address_description.constprop.8+0x3b/0x60 [ 56.807555] ? ntfs_read_locked_inode+0x442f/0x52a0 [ 56.807558] ? ntfs_read_locked_inode+0x442f/0x52a0 [ 56.807562] __kasan_report.cold.11+0x37/0x4e [ 56.807566] ? ntfs_read_locked_inode+0x442f/0x52a0 [ 56.807569] kasan_report+0x38/0x50 [ 56.807575] __asan_report_load_n_noabort+0xf/0x20 [ 56.834678] ntfs: volume version 3.1. [ 56.837363] ntfs_read_locked_inode+0x442f/0x52a0 [ 56.837370] ntfs_iget+0xe6/0x120 [ 56.837374] ? ntfs_read_locked_inode+0x52a0/0x52a0 [ 56.837381] ? kfree+0x1d6/0x290 [ 56.837385] load_system_files+0x53df/0x6270 [ 56.837391] ? insert_vmap_area_augment.constprop.52+0x8d0/0x8d0 [ 56.837396] ? ntfs_remount+0x420/0x420 [ 56.837399] ? __kasan_check_write+0x14/0x20 [ 56.837408] ? wait_for_completion+0x280/0x280 [ 56.859972] ntfs: volume version 3.1. [ 56.860095] ? generate_default_upcase+0xb5/0x510 [ 56.860101] ntfs_fill_super+0x12a6/0x2d40 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 56.913027] ? snprintf+0x91/0xc0 [ 56.916478] ? vsprintf+0x20/0x20 [ 56.919927] mount_bdev+0x27b/0x340 [ 56.923786] ? load_system_files+0x6270/0x6270 [ 56.928374] ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0 [ 56.933291] ntfs_mount+0x10/0x20 [ 56.936730] legacy_get_tree+0x103/0x1f0 [ 56.940786] vfs_get_tree+0x8b/0x2d0 [ 56.944497] ? capable+0x14/0x20 [ 56.947877] do_mount+0x1287/0x1c30 [ 56.951502] ? lock_downgrade+0x960/0x960 [ 56.955650] ? copy_mount_string+0x20/0x20 [ 56.959881] ? ___might_sleep+0x13e/0x2b0 [ 56.964129] ? __kasan_check_write+0x14/0x20 [ 56.968548] ? _copy_from_user+0xc5/0x110 [ 56.972798] __x64_sys_mount+0x169/0x1c0 [ 56.976865] do_syscall_64+0xd0/0x630 [ 56.980753] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 56.985950] RIP: 0033:0x457e5a [ 56.989148] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 57.008045] RSP: 002b:00007f348d686bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 57.015751] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457e5a [ 57.023024] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f348d686c00 [ 57.030289] RBP: 000000000000005a R08: 0000000020077a00 R09: 0000000020000000 [ 57.037555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 57.044822] R13: 000000000000066c R14: 00000000006fcac0 R15: 0000000000000000 [ 57.052094] [ 57.053714] The buggy address belongs to the page: [ 57.058635] page:ffffea0006db4980 refcount:0 mapcount:0 mapping:000000007312f99d index:0x1 [ 57.067028] flags: 0x2fffc0000000000() [ 57.071262] raw: 02fffc0000000000 ffffea0006db49c8 ffffea0006db4948 0000000000000000 [ 57.079401] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 57.087455] page dumped because: kasan: bad access detected [ 57.093170] [ 57.094854] Memory state around the buggy address: [ 57.099785] ffff8881b6d26180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.107139] ffff8881b6d26200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.114496] >ffff8881b6d26280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.121866] ^ [ 57.128615] ffff8881b6d26300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.135968] ffff8881b6d26380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.143307] ================================================================== [ 57.150692] Disabling lock debugging due to kernel taint [ 57.156275] Kernel panic - not syncing: panic_on_warn set ... RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 [ 57.162168] CPU: 0 PID: 3893 Comm: syz-executor5 Tainted: G B 5.7.0-rc1-syzkaller #0 [ 57.173862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.183214] Call Trace: [ 57.185806] dump_stack+0x12f/0x187 [ 57.189521] ? ntfs_read_locked_inode+0x4360/0x52a0 [ 57.194535] ? ntfs_read_locked_inode+0x442f/0x52a0 [ 57.199552] panic+0x22a/0x4f5 [ 57.202755] ? add_taint.cold.7+0x11/0x11 [ 57.206906] ? do_raw_spin_unlock+0x54/0x260 [ 57.211299] ? do_raw_spin_unlock+0x54/0x260 [ 57.218045] ? ntfs_read_locked_inode+0x442f/0x52a0 [ 57.223050] ? ntfs_read_locked_inode+0x442f/0x52a0 [ 57.228048] end_report+0x51/0x59 [ 57.231605] __kasan_report.cold.11+0xe/0x4e [ 57.235992] ? ntfs_read_locked_inode+0x442f/0x52a0 [ 57.241004] kasan_report+0x38/0x50 [ 57.245134] __asan_report_load_n_noabort+0xf/0x20 [ 57.250542] ntfs_read_locked_inode+0x442f/0x52a0 [ 57.255377] ntfs_iget+0xe6/0x120 [ 57.258823] ? ntfs_read_locked_inode+0x52a0/0x52a0 [ 57.263934] ? kfree+0x1d6/0x290 [ 57.267382] load_system_files+0x53df/0x6270 [ 57.271861] ? insert_vmap_area_augment.constprop.52+0x8d0/0x8d0 [ 57.278529] ? ntfs_remount+0x420/0x420 [ 57.282493] ? __kasan_check_write+0x14/0x20 [ 57.286881] ? wait_for_completion+0x280/0x280 [ 57.291615] ? generate_default_upcase+0xb5/0x510 [ 57.296441] ntfs_fill_super+0x12a6/0x2d40 [ 57.300667] ? snprintf+0x91/0xc0 [ 57.304118] ? vsprintf+0x20/0x20 [ 57.307582] mount_bdev+0x27b/0x340 [ 57.311188] ? load_system_files+0x6270/0x6270 [ 57.315746] ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0 [ 57.320568] ntfs_mount+0x10/0x20 [ 57.323998] legacy_get_tree+0x103/0x1f0 [ 57.328043] vfs_get_tree+0x8b/0x2d0 [ 57.331735] ? capable+0x14/0x20 [ 57.335089] do_mount+0x1287/0x1c30 [ 57.338705] ? lock_downgrade+0x960/0x960 [ 57.342844] ? copy_mount_string+0x20/0x20 [ 57.347052] ? ___might_sleep+0x13e/0x2b0 [ 57.351193] ? __kasan_check_write+0x14/0x20 [ 57.355586] ? _copy_from_user+0xc5/0x110 [ 57.359765] __x64_sys_mount+0x169/0x1c0 [ 57.364272] do_syscall_64+0xd0/0x630 [ 57.368073] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 57.373350] RIP: 0033:0x457e5a [ 57.376524] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 57.395600] RSP: 002b:00007f348d686bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 57.403318] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457e5a [ 57.410658] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f348d686c00 [ 57.418003] RBP: 000000000000005a R08: 0000000020077a00 R09: 0000000020000000 [ 57.425251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 57.432603] R13: 000000000000066c R14: 00000000006fcac0 R15: 0000000000000000 [ 57.440665] Kernel Offset: disabled [ 57.444387] Rebooting in 86400 seconds..