Warning: Permanently added '10.128.1.109' (ECDSA) to the list of known hosts. syzkaller login: [ 35.239767] IPVS: ftp: loaded support on port[0] = 21 [ 35.313319] chnl_net:caif_netlink_parms(): no params data found [ 35.392047] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.398607] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.406844] device bridge_slave_0 entered promiscuous mode [ 35.414669] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.421340] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.428363] device bridge_slave_1 entered promiscuous mode [ 35.446745] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 35.455755] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 35.474177] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 35.482126] team0: Port device team_slave_0 added [ 35.487550] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 35.495204] team0: Port device team_slave_1 added [ 35.510810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.517048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.542397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.553690] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.560039] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.585301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.599138] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 35.606745] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 35.626166] device hsr_slave_0 entered promiscuous mode [ 35.631928] device hsr_slave_1 entered promiscuous mode [ 35.637874] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 35.645177] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 35.707256] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.713712] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.720454] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.726784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.758157] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 35.765779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.774007] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.782886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.791530] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.798444] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.806250] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 35.816544] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 35.822869] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.832390] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.840569] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.846911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.856674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.864300] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.870722] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.891549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 35.900224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 35.907704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.915511] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.923520] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 35.932517] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 35.938509] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 35.951216] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 35.958268] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 35.965151] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 35.975353] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.007953] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 36.017558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.046919] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 36.054570] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 36.061274] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 36.070581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.078027] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.085615] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.094024] device veth0_vlan entered promiscuous mode [ 36.103181] device veth1_vlan entered promiscuous mode [ 36.109371] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 36.117689] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 36.129550] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 36.138310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 36.146540] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 36.154146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.163925] device veth0_macvtap entered promiscuous mode [ 36.170792] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 36.178674] device veth1_macvtap entered promiscuous mode [ 36.187397] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 36.196698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 36.206804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.213947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.222283] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 36.232514] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.239811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.351417] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 36.358171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.369455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.385169] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 36.394890] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready executing program [ 36.409346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.416471] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.424827] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 36.463817] attempt to access beyond end of device [ 36.469169] loop0: rw=0, want=32770, limit=4096 [ 36.476103] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4000. [ 36.486214] attempt to access beyond end of device [ 36.491283] loop0: rw=0, want=32772, limit=4096 [ 36.495959] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4001. [ 36.506097] attempt to access beyond end of device [ 36.512056] loop0: rw=0, want=32774, limit=4096 [ 36.516738] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4002. [ 36.526732] attempt to access beyond end of device [ 36.532335] loop0: rw=0, want=32776, limit=4096 [ 36.537012] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x4003. [ 36.546622] ntfs: (device loop0): check_mft_mirror(): Failed to read $MFTMirr. [ 36.554066] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 36.568086] ================================================================== [ 36.575448] BUG: KASAN: use-after-free in ntfs_attr_find+0x9db/0xb10 [ 36.581933] Read of size 4 at addr ffff88808bd69148 by task syz-executor164/8105 [ 36.589455] [ 36.591067] CPU: 0 PID: 8105 Comm: syz-executor164 Not tainted 4.19.211-syzkaller #0 [ 36.598944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 36.608278] Call Trace: [ 36.610852] dump_stack+0x1fc/0x2ef [ 36.614483] print_address_description.cold+0x54/0x219 [ 36.619755] kasan_report_error.cold+0x8a/0x1b9 [ 36.624403] ? ntfs_attr_find+0x9db/0xb10 [ 36.628534] __asan_report_load_n_noabort+0x8b/0xa0 [ 36.633544] ? ntfs_attr_find+0x9db/0xb10 [ 36.637683] ntfs_attr_find+0x9db/0xb10 [ 36.641642] ntfs_attr_lookup+0x1020/0x1f90 [ 36.645948] ? lock_downgrade+0x720/0x720 [ 36.650087] ? do_raw_spin_unlock+0x171/0x230 [ 36.654573] ? _raw_spin_unlock+0x29/0x40 [ 36.658739] ? cache_alloc_refill+0x1da/0x340 [ 36.663225] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 36.668494] ? kmem_cache_alloc+0x2e1/0x370 [ 36.672799] ntfs_attr_iget+0x652/0x23a0 [ 36.676841] ? __ntfs_warning+0x116/0x160 [ 36.680993] ? __ntfs_init_inode+0x500/0x500 [ 36.685383] ? do_read_cache_page+0xfe/0x1170 [ 36.689860] ntfs_fill_super+0xbf5/0x7e10 [ 36.694000] ? ntfs_big_inode_init_once+0x20/0x20 [ 36.698826] ? vsprintf+0x30/0x30 [ 36.702261] ? wait_for_completion_io+0x10/0x10 [ 36.706910] ? set_blocksize+0x163/0x3f0 [ 36.710967] mount_bdev+0x2fc/0x3b0 [ 36.714589] ? ntfs_big_inode_init_once+0x20/0x20 [ 36.719423] mount_fs+0xa3/0x310 [ 36.722776] vfs_kern_mount.part.0+0x68/0x470 [ 36.727263] do_mount+0x115c/0x2f50 [ 36.730874] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 36.735437] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 36.740185] ? copy_mount_string+0x40/0x40 [ 36.744411] ? ksys_mount+0xad/0x130 [ 36.748103] ksys_mount+0xcf/0x130 [ 36.751624] __x64_sys_mount+0xba/0x150 [ 36.755577] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 36.760140] do_syscall_64+0xf9/0x620 [ 36.763927] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.769119] RIP: 0033:0x7f62da2a0bda [ 36.772839] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 08 01 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 36.791739] RSP: 002b:00007ffff5362308 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 36.799429] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f62da2a0bda [ 36.806692] RDX: 000000002001f6c0 RSI: 000000002001f640 RDI: 00007ffff5362310 [ 36.813946] RBP: 00007ffff5362310 R08: 00007ffff5362350 R09: 000000000001f61d [ 36.821222] R10: 0000000000008703 R11: 0000000000000286 R12: 0000000000000004 [ 36.828480] R13: 0000555557271380 R14: 00007ffff5362350 R15: 0000000000000000 [ 36.835736] [ 36.837349] The buggy address belongs to the page: [ 36.842401] page:ffffea00022f5a40 count:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 36.850526] flags: 0xfff00000000000() [ 36.854313] raw: 00fff00000000000 ffffea00022f5a88 ffffea000230c7c8 0000000000000000 [ 36.862191] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 36.870079] page dumped because: kasan: bad access detected [ 36.875779] [ 36.877396] Memory state around the buggy address: [ 36.882303] ffff88808bd69000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.889640] ffff88808bd69080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.897067] >ffff88808bd69100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.904427] ^ [ 36.910118] ffff88808bd69180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.917455] ffff88808bd69200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.924789] ================================================================== [ 36.932125] Disabling lock debugging due to kernel taint [ 36.940842] Kernel panic - not syncing: panic_on_warn set ... [ 36.940842] [ 36.948221] CPU: 0 PID: 8105 Comm: syz-executor164 Tainted: G B 4.19.211-syzkaller #0 [ 36.957481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 36.966846] Call Trace: [ 36.969444] dump_stack+0x1fc/0x2ef [ 36.973084] panic+0x26a/0x50e [ 36.976267] ? __warn_printk+0xf3/0xf3 [ 36.980138] ? preempt_schedule_common+0x45/0xc0 [ 36.984874] ? ___preempt_schedule+0x16/0x18 [ 36.989266] ? trace_hardirqs_on+0x55/0x210 [ 36.993587] kasan_end_report+0x43/0x49 [ 36.997662] kasan_report_error.cold+0xa7/0x1b9 [ 37.002316] ? ntfs_attr_find+0x9db/0xb10 [ 37.006535] __asan_report_load_n_noabort+0x8b/0xa0 [ 37.011534] ? ntfs_attr_find+0x9db/0xb10 [ 37.015683] ntfs_attr_find+0x9db/0xb10 [ 37.019689] ntfs_attr_lookup+0x1020/0x1f90 [ 37.024000] ? lock_downgrade+0x720/0x720 [ 37.028145] ? do_raw_spin_unlock+0x171/0x230 [ 37.032651] ? _raw_spin_unlock+0x29/0x40 [ 37.036778] ? cache_alloc_refill+0x1da/0x340 [ 37.041267] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 37.046542] ? kmem_cache_alloc+0x2e1/0x370 [ 37.050845] ntfs_attr_iget+0x652/0x23a0 [ 37.054884] ? __ntfs_warning+0x116/0x160 [ 37.059011] ? __ntfs_init_inode+0x500/0x500 [ 37.063406] ? do_read_cache_page+0xfe/0x1170 [ 37.067890] ntfs_fill_super+0xbf5/0x7e10 [ 37.072019] ? ntfs_big_inode_init_once+0x20/0x20 [ 37.076836] ? vsprintf+0x30/0x30 [ 37.080270] ? wait_for_completion_io+0x10/0x10 [ 37.084919] ? set_blocksize+0x163/0x3f0 [ 37.088959] mount_bdev+0x2fc/0x3b0 [ 37.092567] ? ntfs_big_inode_init_once+0x20/0x20 [ 37.097393] mount_fs+0xa3/0x310 [ 37.100746] vfs_kern_mount.part.0+0x68/0x470 [ 37.105225] do_mount+0x115c/0x2f50 [ 37.108836] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.113407] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.118159] ? copy_mount_string+0x40/0x40 [ 37.122374] ? ksys_mount+0xad/0x130 [ 37.126092] ksys_mount+0xcf/0x130 [ 37.129613] __x64_sys_mount+0xba/0x150 [ 37.133568] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.138142] do_syscall_64+0xf9/0x620 [ 37.141931] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.147100] RIP: 0033:0x7f62da2a0bda [ 37.150795] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 08 01 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 37.169674] RSP: 002b:00007ffff5362308 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 37.177356] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f62da2a0bda [ 37.184609] RDX: 000000002001f6c0 RSI: 000000002001f640 RDI: 00007ffff5362310 [ 37.191864] RBP: 00007ffff5362310 R08: 00007ffff5362350 R09: 000000000001f61d [ 37.199410] R10: 0000000000008703 R11: 0000000000000286 R12: 0000000000000004 [ 37.206670] R13: 0000555557271380 R14: 00007ffff5362350 R15: 0000000000000000 [ 37.214155] Kernel Offset: disabled [ 37.217763] Rebooting in 86400 seconds..