[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   43.273701] can: request_module (can-proto-0) failed.
[   43.282914] can: request_module (can-proto-0) failed.
[   44.151910] IPVS: ftp: loaded support on port[0] = 21
[   44.825966] 8021q: adding VLAN 0 to HW filter on device bond0
[   44.898060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.196273] tipc: TX() has been purged, node left!
[   46.784487] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts.
2020/02/11 22:09:21 parsed 1 programs
2020/02/11 22:09:21 executed programs: 0
[   51.845727] IPVS: ftp: loaded support on port[0] = 21
[   51.850365] IPVS: ftp: loaded support on port[0] = 21
[   51.855027] IPVS: ftp: loaded support on port[0] = 21
[   51.874503] IPVS: ftp: loaded support on port[0] = 21
[   51.876229] IPVS: ftp: loaded support on port[0] = 21
[   51.893700] IPVS: ftp: loaded support on port[0] = 21
[   52.019477] ntfs: (device loop2): is_boot_sector_ntfs(): Invalid end of sector marker.
[   52.042313] ==================================================================
[   52.049871] BUG: KASAN: use-after-free in ntfs_attr_find+0x9df/0xb00
[   52.056365] Read of size 4 at addr ffff8881c8406d35 by task syz-executor2/4459
[   52.063741] 
[   52.065366] CPU: 0 PID: 4459 Comm: syz-executor2 Not tainted 5.6.0-rc1-syzkaller #0
[   52.073370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.082741] Call Trace:
[   52.085311]  dump_stack+0x12f/0x187
[   52.088926]  ? ntfs_attr_find+0x9df/0xb00
[   52.093189]  print_address_description.constprop.8+0x3b/0x60
[   52.098965]  ? ntfs_attr_find+0x9df/0xb00
[   52.103097]  ? ntfs_attr_find+0x9df/0xb00
[   52.107224]  __kasan_report.cold.11+0x1b/0x32
[   52.111748]  ? __isolate_free_page+0x430/0x490
[   52.116495]  ? ntfs_attr_find+0x9df/0xb00
[   52.120626]  kasan_report+0x12/0x20
[   52.124240]  __asan_report_load_n_noabort+0xf/0x20
[   52.129294]  ntfs_attr_find+0x9df/0xb00
[   52.133246]  ? __alloc_pages_nodemask+0x563/0x850
[   52.138076]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   52.142898]  ? __kasan_check_write+0x14/0x20
[   52.147293]  ntfs_attr_lookup+0x10c9/0x23c0
[   52.151697]  ? kasan_unpoison_shadow+0x35/0x50
[   52.156270]  ? __kasan_kmalloc.constprop.7+0xc1/0xd0
[   52.161357]  ? kmem_cache_alloc+0x30b/0x740
[   52.165662]  ? ntfs_attr_reinit_search_ctx+0x3a0/0x3a0
[   52.170932]  ntfs_read_inode_mount+0x6bf/0x20c0
[   52.175621]  ntfs_fill_super+0x1217/0x2d40
[   52.179841]  ? snprintf+0x91/0xc0
[   52.183279]  ? vsprintf+0x20/0x20
[   52.186715]  mount_bdev+0x27b/0x340
[   52.190319]  ? load_system_files+0x6530/0x6530
[   52.194891]  ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0
[   52.199725]  ntfs_mount+0x10/0x20
[   52.203232]  legacy_get_tree+0x103/0x1f0
[   52.207289]  vfs_get_tree+0x8b/0x2d0
[   52.210981]  ? capable+0x14/0x20
[   52.214372]  do_mount+0x1285/0x1b70
[   52.217981]  ? lock_downgrade+0x900/0x900
[   52.222241]  ? copy_mount_string+0x20/0x20
[   52.226460]  ? __kasan_check_write+0x14/0x20
[   52.230847]  ? _copy_from_user+0xd6/0x110
[   52.234983]  __x64_sys_mount+0x169/0x1c0
[   52.239036]  do_syscall_64+0xd0/0x600
[   52.242837]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.248010] RIP: 0033:0x457dea
[   52.251191] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
[   52.270150] RSP: 002b:00007f2290159bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   52.277849] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457dea
[   52.285225] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f2290159c00
[   52.292471] RBP: 0000000000000002 R08: 000000002007e200 R09: 0000000020000000
[   52.299904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   52.307164] R13: 000000000000066c R14: 00000000006fbac0 R15: 0000000000000000
[   52.314423] 
[   52.316029] Allocated by task 4329:
[   52.319645]  save_stack+0x21/0x90
[   52.323087]  __kasan_kmalloc.constprop.7+0xc1/0xd0
[   52.328015]  kasan_slab_alloc+0x12/0x20
[   52.331985]  kmem_cache_alloc+0x121/0x740
[   52.336119]  getname_flags+0xb8/0x510
[   52.339907]  user_path_at_empty+0x1e/0x40
[   52.344034]  vfs_statx+0xbf/0x140
[   52.347475]  __do_sys_newstat+0x85/0xe0
[   52.351476]  __x64_sys_newstat+0x4f/0x70
[   52.355524]  do_syscall_64+0xd0/0x600
[   52.359356]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.364526] 
[   52.366133] Freed by task 4329:
[   52.369405]  save_stack+0x21/0x90
[   52.372841]  __kasan_slab_free+0x11a/0x170
[   52.377051]  kasan_slab_free+0xe/0x10
[   52.380846]  kmem_cache_free+0x86/0x2e0
[   52.384802]  putname+0xa8/0xe0
[   52.387977]  filename_lookup.part.62+0x1e2/0x320
[   52.392716]  user_path_at_empty+0x39/0x40
[   52.396891]  vfs_statx+0xbf/0x140
[   52.400331]  __do_sys_newstat+0x85/0xe0
[   52.404296]  __x64_sys_newstat+0x4f/0x70
[   52.408377]  do_syscall_64+0xd0/0x600
[   52.412160]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.417342] 
[   52.418981] The buggy address belongs to the object at ffff8881c8406740
[   52.418981]  which belongs to the cache names_cache of size 4096
[   52.431809] The buggy address is located 1525 bytes inside of
[   52.431809]  4096-byte region [ffff8881c8406740, ffff8881c8407740)
[   52.443980] The buggy address belongs to the page:
[   52.448894] page:ffffea0007210180 refcount:1 mapcount:0 mapping:ffff8881da199a80 index:0x0 compound_mapcount: 0
[   52.459105] flags: 0x2fffc0000010200(slab|head)
[   52.463759] raw: 02fffc0000010200 ffffea0007213b88 ffffea0007211588 ffff8881da199a80
[   52.471690] raw: 0000000000000000 ffff8881c8406740 0000000100000001 0000000000000000
[   52.479619] page dumped because: kasan: bad access detected
[   52.485356] 
[   52.486966] Memory state around the buggy address:
[   52.491898]  ffff8881c8406c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.499258]  ffff8881c8406c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.506670] >ffff8881c8406d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.514014]                                      ^
[   52.518926]  ffff8881c8406d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.526406]  ffff8881c8406e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.533785] ==================================================================
[   52.541295] Disabling lock debugging due to kernel taint
[   52.546851] Kernel panic - not syncing: panic_on_warn set ...
[   52.552738] CPU: 0 PID: 4459 Comm: syz-executor2 Tainted: G    B             5.6.0-rc1-syzkaller #0
[   52.562020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.571536] Call Trace:
[   52.574120]  dump_stack+0x12f/0x187
[   52.577737]  ? ntfs_attr_find+0x950/0xb00
[   52.581871]  panic+0x22a/0x4f5
[   52.585050]  ? add_taint.cold.7+0x11/0x11
[   52.589200]  ? do_raw_spin_unlock+0x54/0x260
[   52.594552]  ? do_raw_spin_unlock+0x54/0x260
[   52.598962]  ? ntfs_attr_find+0x9df/0xb00
[   52.603096]  ? ntfs_attr_find+0x9df/0xb00
[   52.607333]  end_report+0x47/0x4f
[   52.610786]  __kasan_report.cold.11+0xe/0x32
[   52.615174]  ? __isolate_free_page+0x430/0x490
[   52.619742]  ? ntfs_attr_find+0x9df/0xb00
[   52.623877]  kasan_report+0x12/0x20
[   52.627484]  __asan_report_load_n_noabort+0xf/0x20
[   52.632403]  ntfs_attr_find+0x9df/0xb00
[   52.636371]  ? __alloc_pages_nodemask+0x563/0x850
[   52.641204]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   52.646035]  ? __kasan_check_write+0x14/0x20
[   52.650444]  ntfs_attr_lookup+0x10c9/0x23c0
[   52.654759]  ? kasan_unpoison_shadow+0x35/0x50
[   52.659349]  ? __kasan_kmalloc.constprop.7+0xc1/0xd0
[   52.664457]  ? kmem_cache_alloc+0x30b/0x740
[   52.668770]  ? ntfs_attr_reinit_search_ctx+0x3a0/0x3a0
[   52.674041]  ntfs_read_inode_mount+0x6bf/0x20c0
[   52.678697]  ntfs_fill_super+0x1217/0x2d40
[   52.682931]  ? snprintf+0x91/0xc0
[   52.686364]  ? vsprintf+0x20/0x20
[   52.689809]  mount_bdev+0x27b/0x340
[   52.693422]  ? load_system_files+0x6530/0x6530
[   52.697987]  ? ntfs_rl_punch_nolock+0x1ec0/0x1ec0
[   52.702954]  ntfs_mount+0x10/0x20
[   52.706395]  legacy_get_tree+0x103/0x1f0
[   52.710435]  vfs_get_tree+0x8b/0x2d0
[   52.714134]  ? capable+0x14/0x20
[   52.717483]  do_mount+0x1285/0x1b70
[   52.721089]  ? lock_downgrade+0x900/0x900
[   52.725235]  ? copy_mount_string+0x20/0x20
[   52.729450]  ? __kasan_check_write+0x14/0x20
[   52.733842]  ? _copy_from_user+0xd6/0x110
[   52.737976]  __x64_sys_mount+0x169/0x1c0
[   52.742089]  do_syscall_64+0xd0/0x600
[   52.745873]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.751175] RIP: 0033:0x457dea
[   52.754364] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
[   52.773252] RSP: 002b:00007f2290159bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   52.780948] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457dea
[   52.788288] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f2290159c00
[   52.795545] RBP: 0000000000000002 R08: 000000002007e200 R09: 0000000020000000
[   52.802906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   52.810272] R13: 000000000000066c R14: 00000000006fbac0 R15: 0000000000000000
[   52.818388] Kernel Offset: disabled
[   52.821998] Rebooting in 86400 seconds..