[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   44.159479] can: request_module (can-proto-0) failed.
[   44.168405] can: request_module (can-proto-0) failed.
[   45.062312] IPVS: ftp: loaded support on port[0] = 21
[   45.765206] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.842770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.134372] tipc: TX() has been purged, node left!
[   47.635868] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts.
2019/12/10 13:17:58 parsed 1 programs
2019/12/10 13:17:58 executed programs: 0
[   52.820721] IPVS: ftp: loaded support on port[0] = 21
[   52.829905] IPVS: ftp: loaded support on port[0] = 21
[   52.852367] IPVS: ftp: loaded support on port[0] = 21
[   52.854685] IPVS: ftp: loaded support on port[0] = 21
[   52.871359] IPVS: ftp: loaded support on port[0] = 21
[   52.874432] IPVS: ftp: loaded support on port[0] = 21
[   52.983761] ntfs: (device loop1): is_boot_sector_ntfs(): Invalid end of sector marker.
[   52.992779] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker.
[   53.016152] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt.  Run chkdsk.
[   53.025217] ntfs: (device loop0): map_mft_record(): Failed with error code 5.
[   53.032545] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[   53.054476] ntfs: (device loop1): map_mft_record_page(): Mft record 0x1 is corrupt.  Run chkdsk.
[   53.057703] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[   53.063480] ntfs: (device loop1): map_mft_record(): Failed with error code 5.
[   53.063486] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[   53.076278] ntfs: (device loop0): map_mft_record_page(): Mft record 0xa is corrupt.  Run chkdsk.
[   53.084928] ntfs: volume version 3.1.
[   53.120068] ntfs: volume version 3.1.
[   53.129065] ==================================================================
[   53.136458] BUG: KASAN: use-after-free in ntfs_read_locked_inode+0x4429/0x52a0
[   53.143809] Read of size 8 at addr ffff8881ba2ce2e8 by task syz-executor1/4447
[   53.151161] 
[   53.152781] CPU: 0 PID: 4447 Comm: syz-executor1 Not tainted 5.5.0-rc1-syzkaller #0
[   53.160565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.169913] Call Trace:
[   53.172534]  dump_stack+0x12f/0x187
[   53.176164]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.177464] ntfs: volume version 3.1.
[   53.181209]  print_address_description.constprop.8+0x3b/0x60
[   53.181215]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.181219]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.181222]  __kasan_report.cold.11+0x1b/0x39
[   53.181226]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.181229]  kasan_report+0x12/0x20
[   53.181233]  __asan_report_load_n_noabort+0xf/0x20
[   53.181237]  ntfs_read_locked_inode+0x4429/0x52a0
[   53.181242]  ntfs_iget+0xe6/0x120
[   53.181246]  ? ntfs_read_locked_inode+0x52a0/0x52a0
[   53.210749] ntfs: volume version 3.1.
[   53.213908]  ? kfree+0x1d6/0x290
[   53.213914]  load_system_files+0x55fa/0x6530
[   53.213920]  ? __mutex_lock+0x40b/0x1400
[   53.213924]  ? ntfs_remount+0x420/0x420
[   53.213929]  ? kvfree+0x2c/0x30
[   53.213932]  ? __kasan_check_write+0x14/0x20
[   53.213937]  ? ntfs_read_inode_mount+0xc63/0x20c0
[   53.213940]  ? wait_for_completion+0x460/0x460
[   53.213945]  ntfs_fill_super+0x12ad/0x2d50
[   53.270970] ntfs: volume version 3.1.
[   53.272922]  ? snprintf+0x91/0xc0
[   53.272926]  ? vsprintf+0x20/0x20
RESULT: signal 0, coverage 0 errno 0
RESULT: signal 0, coverage 0 errno 0
RESULT: signal 0, coverage 0 errno 0
RESULT: signal 0, coverage 0 errno 0
[   53.272932]  mount_bdev+0x27b/0x340
[   53.272937]  ? load_system_files+0x6530/0x6530
[   53.272942]  ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0
[   53.272947]  ntfs_mount+0x10/0x20
[   53.300243]  legacy_get_tree+0x103/0x1f0
[   53.304284]  vfs_get_tree+0x8b/0x2d0
[   53.307980]  ? capable+0x14/0x20
[   53.311321]  do_mount+0x1285/0x1b70
[   53.314969]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   53.319784]  ? copy_mount_string+0x20/0x20
[   53.323992]  ? kmem_cache_alloc_trace+0x372/0x760
[   53.328807]  ? __kasan_check_write+0x14/0x20
RESULT: signal 0, coverage 0 errno 0
[   53.333220]  ? __kasan_check_read+0x11/0x20
[   53.335099] ntfs: volume version 3.1.
[   53.337526]  ? copy_mount_options+0x77/0x2c0
[   53.337530]  ksys_mount+0xba/0xe0
[   53.337533]  __x64_sys_mount+0xb9/0x150
[   53.337540]  do_syscall_64+0xd0/0x600
[   53.337547]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.337552] RIP: 0033:0x457e5a
[   53.365372] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
[   53.384306] RSP: 002b:00007f71e86c7bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   53.392120] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457e5a
[   53.399379] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f71e86c7c00
[   53.406631] RBP: 000000000000005a R08: 0000000020077a00 R09: 0000000020000000
[   53.413942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   53.421192] R13: 000000000000066c R14: 00000000006fcac0 R15: 0000000000000000
[   53.428577] 
[   53.430192] The buggy address belongs to the page:
[   53.435095] page:ffffea0006e8b380 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1
[   53.443469] raw: 02fffc0000000000 ffffea0006e8b3c8 ffffea0006e8b348 0000000000000000
[   53.451325] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   53.459187] page dumped because: kasan: bad access detected
[   53.464873] 
[   53.466484] Memory state around the buggy address:
[   53.471651]  ffff8881ba2ce180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.478990]  ffff8881ba2ce200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.486333] >ffff8881ba2ce280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.493705]                                                           ^
[   53.500431]  ffff8881ba2ce300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.507763]  ffff8881ba2ce380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   53.515096] ==================================================================
[   53.522427] Disabling lock debugging due to kernel taint
[   53.527916] Kernel panic - not syncing: panic_on_warn set ...
[   53.533800] CPU: 0 PID: 4447 Comm: syz-executor1 Tainted: G    B             5.5.0-rc1-syzkaller #0
[   53.542960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.552297] Call Trace:
[   53.554864]  dump_stack+0x12f/0x187
[   53.558478]  ? ntfs_read_locked_inode+0x4400/0x52a0
[   53.563480]  panic+0x22a/0x4f5
[   53.566656]  ? add_taint.cold.7+0x11/0x11
[   53.570799]  ? do_raw_spin_unlock+0x54/0x260
[   53.575185]  ? do_raw_spin_unlock+0x54/0x260
[   53.579588]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.584581]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.589580]  end_report+0x47/0x4f
[   53.593011]  __kasan_report.cold.11+0xe/0x39
[   53.597396]  ? ntfs_read_locked_inode+0x4429/0x52a0
[   53.602410]  kasan_report+0x12/0x20
[   53.606011]  __asan_report_load_n_noabort+0xf/0x20
[   53.610914]  ntfs_read_locked_inode+0x4429/0x52a0
[   53.615728]  ntfs_iget+0xe6/0x120
[   53.619156]  ? ntfs_read_locked_inode+0x52a0/0x52a0
[   53.624152]  ? kfree+0x1d6/0x290
[   53.627496]  load_system_files+0x55fa/0x6530
[   53.631880]  ? __mutex_lock+0x40b/0x1400
[   53.635914]  ? ntfs_remount+0x420/0x420
[   53.639867]  ? kvfree+0x2c/0x30
[   53.643130]  ? __kasan_check_write+0x14/0x20
[   53.647870]  ? ntfs_read_inode_mount+0xc63/0x20c0
[   53.652711]  ? wait_for_completion+0x460/0x460
[   53.657271]  ntfs_fill_super+0x12ad/0x2d50
[   53.661498]  ? snprintf+0x91/0xc0
[   53.664936]  ? vsprintf+0x20/0x20
[   53.668379]  mount_bdev+0x27b/0x340
[   53.672090]  ? load_system_files+0x6530/0x6530
[   53.676669]  ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0
[   53.681492]  ntfs_mount+0x10/0x20
[   53.684926]  legacy_get_tree+0x103/0x1f0
[   53.688963]  vfs_get_tree+0x8b/0x2d0
[   53.692652]  ? capable+0x14/0x20
[   53.696784]  do_mount+0x1285/0x1b70
[   53.700415]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   53.705237]  ? copy_mount_string+0x20/0x20
[   53.709454]  ? kmem_cache_alloc_trace+0x372/0x760
[   53.714284]  ? __kasan_check_write+0x14/0x20
[   53.718677]  ? __kasan_check_read+0x11/0x20
[   53.722973]  ? copy_mount_options+0x77/0x2c0
[   53.727358]  ksys_mount+0xba/0xe0
[   53.730840]  __x64_sys_mount+0xb9/0x150
[   53.734819]  do_syscall_64+0xd0/0x600
[   53.738637]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.743845] RIP: 0033:0x457e5a
[   53.747014] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
[   53.767910] RSP: 002b:00007f71e86c7bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   53.775625] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457e5a
[   53.782927] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f71e86c7c00
[   53.790189] RBP: 000000000000005a R08: 0000000020077a00 R09: 0000000020000000
[   53.797441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   53.804697] R13: 000000000000066c R14: 00000000006fcac0 R15: 0000000000000000
[   53.812596] Kernel Offset: disabled
[   53.816301] Rebooting in 86400 seconds..