[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   44.907405] can: request_module (can-proto-0) failed.
[   44.916681] can: request_module (can-proto-0) failed.
[   45.735714] IPVS: ftp: loaded support on port[0] = 21
[   46.331122] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.394325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.695527] tipc: TX() has been purged, node left!
[   48.195532] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts.
2020/01/12 20:31:57 parsed 1 programs
2020/01/12 20:31:57 executed programs: 0
[   53.357984] IPVS: ftp: loaded support on port[0] = 21
[   53.384163] IPVS: ftp: loaded support on port[0] = 21
[   53.395970] IPVS: ftp: loaded support on port[0] = 21
[   53.402564] IPVS: ftp: loaded support on port[0] = 21
[   53.412741] IPVS: ftp: loaded support on port[0] = 21
[   53.426695] IPVS: ftp: loaded support on port[0] = 21
[   53.458841] ntfs: (device loop3): is_boot_sector_ntfs(): Invalid end of sector marker.
[   53.469309] ntfs: (device loop3): map_mft_record_page(): Mft record 0x1 is corrupt.  Run chkdsk.
[   53.478284] ntfs: (device loop3): map_mft_record(): Failed with error code 5.
[   53.485584] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[   53.504508] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker.
[   53.513713] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt.  Run chkdsk.
[   53.522666] ntfs: (device loop0): map_mft_record(): Failed with error code 5.
[   53.528531] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[   53.529965] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[   53.530007] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[   53.568355] ntfs: volume version 3.1.
[   53.573944] ==================================================================
[   53.581319] BUG: KASAN: use-after-free in ntfs_read_locked_inode+0x4429/0x52a0
[   53.588665] Read of size 8 at addr ffff8881ba3d02e8 by task syz-executor/4453
[   53.595920] 
[   53.597539] CPU: 1 PID: 4453 Comm: syz-executor Not tainted 5.5.0-rc5-syzkaller #0
[   53.597767] ntfs: volume version 3.1.
RESULT: signal 0, coverage 0 errno 0
[   53.605231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.605234] Call Trace:
[   53.605245]  dump_stack+0x12f/0x187
[   53.605252]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.605257]  print_address_description.constprop.8+0x3b/0x60
[   53.605261]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.605264]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.605267]  __kasan_report.cold.11+0x1b/0x39
[   53.605271]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.605276]  kasan_report+0x12/0x20
[   53.659528]  __asan_report_load_n_noabort+0xf/0x20
[   53.664562]  ntfs_read_locked_inode+0x4429/0x52a0
[   53.669385]  ntfs_iget+0xe6/0x120
[   53.672818]  ? ntfs_read_locked_inode+0x52a0/0x52a0
[   53.677829]  ? kfree+0x1d6/0x290
[   53.681783]  load_system_files+0x55fa/0x6530
[   53.686388]  ? __mutex_lock+0x40b/0x1400
[   53.690433]  ? ntfs_remount+0x420/0x420
[   53.694390]  ? kvfree+0x2c/0x30
[   53.697649]  ? __kasan_check_write+0x14/0x20
[   53.702032]  ? ntfs_read_inode_mount+0xc63/0x20c0
[   53.706853]  ? wait_for_completion+0x460/0x460
[   53.711537]  ntfs_fill_super+0x12ad/0x2d50
[   53.715782]  ? snprintf+0x91/0xc0
[   53.719216]  ? vsprintf+0x20/0x20
[   53.722666]  mount_bdev+0x27b/0x340
[   53.726274]  ? load_system_files+0x6530/0x6530
[   53.730840]  ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0
[   53.736548]  ntfs_mount+0x10/0x20
[   53.739982]  legacy_get_tree+0x103/0x1f0
[   53.744022]  vfs_get_tree+0x8b/0x2d0
[   53.747712]  ? capable+0x14/0x20
[   53.751056]  do_mount+0x1285/0x1b70
[   53.754660]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   53.759828]  ? copy_mount_string+0x20/0x20
[   53.764042]  ? kmem_cache_alloc_trace+0x372/0x760
[   53.768866]  ? __kasan_check_write+0x14/0x20
[   53.773622]  ? _copy_from_user+0xd6/0x110
[   53.777761]  ? __kasan_check_read+0x11/0x20
[   53.782062]  ? copy_mount_options+0x77/0x2c0
[   53.786654]  __x64_sys_mount+0x169/0x1c0
[   53.790862]  do_syscall_64+0xd0/0x600
[   53.794668]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.799843] RIP: 0033:0x457e5a
[   53.803014] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
[   53.822127] RSP: 002b:00007ff197d04bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   53.829832] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457e5a
[   53.837083] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ff197d04c00
[   53.844354] RBP: 000000000000005a R08: 0000000020077a00 R09: 0000000020000000
[   53.851609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   53.858863] R13: 000000000000066c R14: 00000000006fcac0 R15: 0000000000000000
[   53.866134] 
[   53.867741] The buggy address belongs to the page:
[   53.872916] page:ffffea0006e8f400 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1
[   53.881394] raw: 02fffc0000000000 ffffea0006e8f448 ffffea0006e8f3c8 0000000000000000
[   53.889340] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   53.897462] page dumped because: kasan: bad access detected
[   53.903163] 
[   53.904765] Memory state around the buggy address:
[   53.909688]  ffff8881ba3d0180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.917022]  ffff8881ba3d0200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.924471] >ffff8881ba3d0280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.931809]                                                           ^
[   53.938537]  ffff8881ba3d0300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.945894]  ffff8881ba3d0380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.953245] ==================================================================
[   53.960591] Disabling lock debugging due to kernel taint
[   53.966162] Kernel panic - not syncing: panic_on_warn set ...
[   53.972311] CPU: 1 PID: 4453 Comm: syz-executor Tainted: G    B             5.5.0-rc5-syzkaller #0
[   53.982205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.991542] Call Trace:
[   53.994994]  dump_stack+0x12f/0x187
[   53.998603]  ? ntfs_read_locked_inode+0x4370/0x52a0
[   54.003604]  panic+0x22a/0x4f5
[   54.006805]  ? add_taint.cold.7+0x11/0x11
[   54.010931]  ? do_raw_spin_unlock+0x54/0x260
[   54.015343]  ? do_raw_spin_unlock+0x54/0x260
[   54.019746]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   54.024749]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   54.029748]  end_report+0x47/0x4f
[   54.033202]  __kasan_report.cold.11+0xe/0x39
[   54.037591]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   54.042583]  kasan_report+0x12/0x20
[   54.046197]  __asan_report_load_n_noabort+0xf/0x20
[   54.051277]  ntfs_read_locked_inode+0x4429/0x52a0
[   54.056097]  ntfs_iget+0xe6/0x120
[   54.059646]  ? ntfs_read_locked_inode+0x52a0/0x52a0
[   54.064926]  ? kfree+0x1d6/0x290
[   54.068344]  load_system_files+0x55fa/0x6530
[   54.072765]  ? __mutex_lock+0x40b/0x1400
[   54.076810]  ? ntfs_remount+0x420/0x420
[   54.080779]  ? kvfree+0x2c/0x30
[   54.084043]  ? __kasan_check_write+0x14/0x20
[   54.088465]  ? ntfs_read_inode_mount+0xc63/0x20c0
[   54.093571]  ? wait_for_completion+0x460/0x460
[   54.098136]  ntfs_fill_super+0x12ad/0x2d50
[   54.102436]  ? snprintf+0x91/0xc0
[   54.105872]  ? vsprintf+0x20/0x20
[   54.109315]  mount_bdev+0x27b/0x340
[   54.112918]  ? load_system_files+0x6530/0x6530
[   54.117485]  ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0
[   54.122308]  ntfs_mount+0x10/0x20
[   54.125739]  legacy_get_tree+0x103/0x1f0
[   54.129776]  vfs_get_tree+0x8b/0x2d0
[   54.133472]  ? capable+0x14/0x20
[   54.136815]  do_mount+0x1285/0x1b70
[   54.140592]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   54.145462]  ? copy_mount_string+0x20/0x20
[   54.149677]  ? kmem_cache_alloc_trace+0x372/0x760
[   54.154498]  ? __kasan_check_write+0x14/0x20
[   54.158884]  ? _copy_from_user+0xd6/0x110
[   54.163009]  ? __kasan_check_read+0x11/0x20
[   54.167311]  ? copy_mount_options+0x77/0x2c0
[   54.171713]  __x64_sys_mount+0x169/0x1c0
[   54.175769]  do_syscall_64+0xd0/0x600
[   54.179548]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.184712] RIP: 0033:0x457e5a
[   54.187881] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
[   54.206764] RSP: 002b:00007ff197d04bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   54.214453] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457e5a
[   54.221699] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ff197d04c00
[   54.228944] RBP: 000000000000005a R08: 0000000020077a00 R09: 0000000020000000
[   54.236187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   54.243433] R13: 000000000000066c R14: 00000000006fcac0 R15: 0000000000000000
[   54.251514] Kernel Offset: disabled
[   54.255125] Rebooting in 86400 seconds..