[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   45.355593] can: request_module (can-proto-0) failed.
[   45.364360] can: request_module (can-proto-0) failed.
[   46.178265] IPVS: ftp: loaded support on port[0] = 21
[   46.709293] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.771107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.374979] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.58' (ECDSA) to the list of known hosts.
2019/08/01 03:48:51 parsed 1 programs
2019/08/01 03:48:51 executed programs: 0
[   54.282629] IPVS: ftp: loaded support on port[0] = 21
[   54.302016] IPVS: ftp: loaded support on port[0] = 21
[   54.334280] IPVS: ftp: loaded support on port[0] = 21
[   54.341901] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker.
[   54.352111] IPVS: ftp: loaded support on port[0] = 21
[   54.361792] IPVS: ftp: loaded support on port[0] = 21
[   54.363940] IPVS: ftp: loaded support on port[0] = 21
[   54.373425] ==================================================================
[   54.380796] BUG: KASAN: slab-out-of-bounds in ntfs_attr_find+0x9df/0xb00
[   54.387627] Read of size 4 at addr ffff8881d123f5f5 by task syz-executor/4412
[   54.394890] 
[   54.396514] CPU: 1 PID: 4412 Comm: syz-executor Not tainted 5.3.0-rc2+ #1
[   54.403426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.412768] Call Trace:
[   54.415348]  dump_stack+0x115/0x167
[   54.418967]  ? ntfs_attr_find+0x9df/0xb00
[   54.423148]  print_address_description+0x6f/0x2fe
[   54.427985]  ? ntfs_attr_find+0x9df/0xb00
[   54.432124]  ? ntfs_attr_find+0x9df/0xb00
[   54.436271]  __kasan_report.cold.7+0x1b/0x3f
[   54.440697]  ? __isolate_free_page+0x400/0x490
[   54.445269]  ? ntfs_attr_find+0x9df/0xb00
[   54.449409]  kasan_report+0x12/0x17
[   54.453028]  __asan_report_load_n_noabort+0xf/0x20
[   54.457947]  ntfs_attr_find+0x9df/0xb00
[   54.461913]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   54.466833]  ? __alloc_pages_nodemask+0x552/0x830
[   54.471667]  ? __switch_to_asm+0x40/0x70
[   54.475720]  ? __switch_to_asm+0x34/0x70
[   54.479774]  ? __kasan_check_write+0x14/0x20
[   54.484174]  ntfs_attr_lookup+0x10c9/0x23c0
[   54.488489]  ? kasan_unpoison_shadow+0x35/0x50
[   54.493060]  ? __kasan_kmalloc.constprop.7+0xc1/0xd0
[   54.498166]  ? kmem_cache_alloc+0x30b/0x740
[   54.502481]  ? ntfs_attr_reinit_search_ctx+0x3a0/0x3a0
[   54.507753]  ntfs_read_inode_mount+0x6bf/0x20c0
[   54.512421]  ntfs_fill_super+0x121e/0x2d50
[   54.516651]  ? snprintf+0x91/0xc0
[   54.520095]  ? vsprintf+0x20/0x20
[   54.523542]  mount_bdev+0x27b/0x340
[   54.527166]  ? load_system_files+0x6530/0x6530
[   54.531743]  ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0
[   54.536577]  ntfs_mount+0x10/0x20
[   54.540021]  legacy_get_tree+0x103/0x1f0
[   54.544074]  vfs_get_tree+0x8b/0x360
[   54.547806]  ? capable+0x14/0x20
[   54.548046] ntfs: (device loop5): is_boot_sector_ntfs(): Invalid end of sector marker.
[   54.551422]  do_mount+0x584/0x1b40
[   54.551427]  ? kasan_unpoison_shadow+0x35/0x50
[   54.551431]  ? copy_mount_string+0x20/0x20
[   54.551437]  ? rcu_read_lock_sched_held+0x108/0x120
[   54.551443]  ? kmem_cache_alloc_trace+0x372/0x760
[   54.551446]  ? __kasan_check_write+0x14/0x20
[   54.551450]  ? __kasan_check_read+0x11/0x20
[   54.551454]  ? copy_mount_options+0x77/0x2c0
[   54.594729]  ksys_mount+0xba/0xe0
[   54.598172]  __x64_sys_mount+0xb9/0x150
[   54.602131]  do_syscall_64+0xd6/0x550
[   54.605918]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.611087] RIP: 0033:0x457dea
[   54.614269] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
[   54.633165] RSP: 002b:00007f3f44d37bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   54.640951] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457dea
[   54.648219] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f3f44d37c00
[   54.655478] RBP: 0000000000000002 R08: 000000002007e200 R09: 0000000020000000
[   54.662733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   54.669990] R13: 000000000000066c R14: 00000000006fbac0 R15: 0000000000000000
[   54.677728] 
[   54.679342] Allocated by task 4399:
[   54.682962]  save_stack+0x21/0x90
[   54.686399]  __kasan_kmalloc.constprop.7+0xc1/0xd0
[   54.691308]  kasan_kmalloc+0x9/0x10
[   54.694917]  __kmalloc+0x164/0x760
[   54.698437]  __register_sysctl_table+0xaa/0xe90
[   54.703089]  register_net_sysctl+0x10/0x20
[   54.707304]  neigh_sysctl_register+0x2ff/0x7e0
[   54.711870]  devinet_sysctl_register+0x8f/0x1e0
[   54.716517]  inetdev_init+0x1f9/0x3f0
[   54.720297]  inetdev_event+0xcb9/0x1210
[   54.724251]  notifier_call_chain+0x8b/0x160
[   54.728554]  raw_notifier_call_chain+0x11/0x20
[   54.733116]  call_netdevice_notifiers_info+0x28/0x60
[   54.738206]  register_netdevice+0x8f0/0x10c0
[   54.742595]  register_netdev+0x19/0x30
[   54.746481]  vti6_init_net+0x404/0x680
[   54.750350]  ops_init+0x98/0x380
[   54.753713]  setup_net+0x2da/0x7b0
[   54.757236]  copy_net_ns+0x24a/0x365
[   54.760933]  create_new_namespaces+0x4ae/0x810
[   54.765493]  unshare_nsproxy_namespaces+0x87/0x1a0
[   54.770406]  ksys_unshare+0x324/0x6f0
[   54.774188]  __x64_sys_unshare+0x2c/0x40
[   54.778249]  do_syscall_64+0xd6/0x550
[   54.782029]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.787196] 
[   54.788809] Freed by task 0:
[   54.791804] (stack is not available)
[   54.795497] 
[   54.797104] The buggy address belongs to the object at ffff8881d123f200
[   54.797104]  which belongs to the cache kmalloc-1k of size 1024
[   54.809745] The buggy address is located 1013 bytes inside of
[   54.809745]  1024-byte region [ffff8881d123f200, ffff8881d123f600)
[   54.821771] The buggy address belongs to the page:
[   54.826684] page:ffffea0007448f80 refcount:1 mapcount:0 mapping:ffff8881da000c40 index:0x0 compound_mapcount: 0
[   54.836896] flags: 0x2fffc0000010200(slab|head)
[   54.841551] raw: 02fffc0000010200 ffffea000744a408 ffffea00073f7808 ffff8881da000c40
[   54.849415] raw: 0000000000000000 ffff8881d123e000 0000000100000007 0000000000000000
[   54.857275] page dumped because: kasan: bad access detected
[   54.862964] 
[   54.864571] Memory state around the buggy address:
[   54.869497]  ffff8881d123f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.876841]  ffff8881d123f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.884378] >ffff8881d123f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.891719]                                                              ^
[   54.898714]  ffff8881d123f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.906053]  ffff8881d123f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.913400] ==================================================================
[   54.920745] Disabling lock debugging due to kernel taint
[   54.926287] Kernel panic - not syncing: panic_on_warn set ...
[   54.932174] CPU: 1 PID: 4412 Comm: syz-executor Tainted: G    B             5.3.0-rc2+ #1
[   54.940480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.949834] Call Trace:
[   54.952421]  dump_stack+0x115/0x167
[   54.955538] ntfs: (device loop2): is_boot_sector_ntfs(): Invalid end of sector marker.
[   54.956041]  ? ntfs_attr_find+0x8f0/0xb00
[   54.956048]  panic+0x223/0x4ee
[   54.956054]  ? add_taint.cold.7+0x11/0x11
[   54.975554]  ? do_raw_spin_unlock+0x54/0x260
[   54.976033] ntfs: (device loop2): ntfs_read_inode_mount(): $MFT/$DATA attribute not found. $MFT is corrupt. Run chkdsk.
[   54.979956]  ? do_raw_spin_unlock+0x54/0x260
[   54.979961]  ? ntfs_attr_find+0x9df/0xb00
[   54.979964]  ? ntfs_attr_find+0x9df/0xb00
[   54.979969]  end_report+0x47/0x4f
[   54.979973]  __kasan_report.cold.7+0xe/0x3f
[   54.979978]  ? __isolate_free_page+0x400/0x490
[   54.979981]  ? ntfs_attr_find+0x9df/0xb00
[   54.979985]  kasan_report+0x12/0x17
[   54.979989]  __asan_report_load_n_noabort+0xf/0x20
[   54.979992]  ntfs_attr_find+0x9df/0xb00
[   54.979998]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   54.980003]  ? __alloc_pages_nodemask+0x552/0x830
[   54.990963] ntfs: (device loop2): ntfs_read_inode_mount(): Failed. Marking inode as bad.
[   54.995318]  ? __switch_to_asm+0x40/0x70
[   54.995321]  ? __switch_to_asm+0x34/0x70
[   54.995326]  ? __kasan_check_write+0x14/0x20
[   54.995332]  ntfs_attr_lookup+0x10c9/0x23c0
[   54.999485] ntfs: (device loop2): ntfs_fill_super(): Failed to load essential metadata.
[   55.003589]  ? kasan_unpoison_shadow+0x35/0x50
[   55.003592]  ? __kasan_kmalloc.constprop.7+0xc1/0xd0
[   55.003598]  ? kmem_cache_alloc+0x30b/0x740
[   55.003603]  ? ntfs_attr_reinit_search_ctx+0x3a0/0x3a0
[   55.029831] ntfs: (device loop5): ntfs_read_inode_mount(): $MFT/$DATA attribute not found. $MFT is corrupt. Run chkdsk.
[   55.032536]  ntfs_read_inode_mount+0x6bf/0x20c0
[   55.032545]  ntfs_fill_super+0x121e/0x2d50
[   55.032551]  ? snprintf+0x91/0xc0
[   55.032554]  ? vsprintf+0x20/0x20
[   55.032560]  mount_bdev+0x27b/0x340
[   55.032564]  ? load_system_files+0x6530/0x6530
[   55.032568]  ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0
[   55.032571]  ntfs_mount+0x10/0x20
[   55.032575]  legacy_get_tree+0x103/0x1f0
[   55.032580]  vfs_get_tree+0x8b/0x360
[   55.037541] ntfs: (device loop5): ntfs_read_inode_mount(): Failed. Marking inode as bad.
[   55.042360]  ? capable+0x14/0x20
[   55.042367]  do_mount+0x584/0x1b40
[   55.042371]  ? kasan_unpoison_shadow+0x35/0x50
[   55.042375]  ? copy_mount_string+0x20/0x20
[   55.050626] ntfs: (device loop5): ntfs_fill_super(): Failed to load essential metadata.
[   55.054645]  ? rcu_read_lock_sched_held+0x108/0x120
[   55.054652]  ? kmem_cache_alloc_trace+0x372/0x760
[   55.054655]  ? __kasan_check_write+0x14/0x20
[   55.054659]  ? __kasan_check_read+0x11/0x20
[   55.054663]  ? copy_mount_options+0x77/0x2c0
[   55.054667]  ksys_mount+0xba/0xe0
[   55.203910]  __x64_sys_mount+0xb9/0x150
[   55.207880]  do_syscall_64+0xd6/0x550
[   55.211674]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.216847] RIP: 0033:0x457dea
[   55.220016] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
[   55.238894] RSP: 002b:00007f3f44d37bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   55.246584] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457dea
[   55.253837] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f3f44d37c00
[   55.261087] RBP: 0000000000000002 R08: 000000002007e200 R09: 0000000020000000
[   55.268332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   55.275582] R13: 000000000000066c R14: 00000000006fbac0 R15: 0000000000000000
[   55.283213] Kernel Offset: disabled
[   55.286834] Rebooting in 86400 seconds..