Starting System Logging Service... Starting getty on tty2-tty6 if dbus and logind are not available... [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. [ OK ] Started Regular background program processing daemon. [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started System Logging Service. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts. syzkaller login: [ 43.897737][ T6839] IPVS: ftp: loaded support on port[0] = 21 [ 44.029521][ T6839] chnl_net:caif_netlink_parms(): no params data found [ 44.075365][ T6839] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.082726][ T6839] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.091469][ T6839] device bridge_slave_0 entered promiscuous mode [ 44.099248][ T6839] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.107584][ T6839] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.115669][ T6839] device bridge_slave_1 entered promiscuous mode [ 44.133835][ T6839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.144483][ T6839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.164835][ T6839] team0: Port device team_slave_0 added [ 44.172511][ T6839] team0: Port device team_slave_1 added [ 44.187936][ T6839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.195022][ T6839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.221127][ T6839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.233094][ T6839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.240100][ T6839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.266454][ T6839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.290888][ T6839] device hsr_slave_0 entered promiscuous mode [ 44.297514][ T6839] device hsr_slave_1 entered promiscuous mode [ 44.379393][ T6839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 44.388290][ T6839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 44.398988][ T6839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 44.408086][ T6839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 44.428917][ T6839] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.436114][ T6839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.443729][ T6839] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.450863][ T6839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.488997][ T6839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.501374][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.512410][ T3921] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.520846][ T3921] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.528416][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 44.541148][ T6839] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.551759][ T2594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.560835][ T2594] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.567994][ T2594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.590706][ T2594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.598937][ T2594] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.606150][ T2594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.614519][ T2594] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.623332][ T2594] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.636369][ T6839] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 44.648315][ T6839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 44.662917][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.671242][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.679529][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.687853][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.704471][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.712395][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.724715][ T6839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.743643][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.761244][ T2594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.769421][ T2594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.777260][ T2594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.787268][ T6839] device veth0_vlan entered promiscuous mode [ 44.798819][ T6839] device veth1_vlan entered promiscuous mode [ 44.817817][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 44.826336][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 44.835374][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.845709][ T6839] device veth0_macvtap entered promiscuous mode [ 44.855349][ T6839] device veth1_macvtap entered promiscuous mode [ 44.870443][ T6839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.878010][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.889434][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready executing program [ 44.901008][ T6839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.910551][ T6839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.919296][ T6839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.932747][ T6839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.943770][ T6839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.955741][ T3921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.988139][ T6839] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. [ 44.999228][ T6839] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 45.009867][ T6839] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 45.017940][ T6839] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 45.031908][ T6839] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 45.045711][ T6839] ntfs: (device loop0): map_mft_record_page(): Mft record 0xa is corrupt. Run chkdsk. [ 45.055972][ T6839] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 45.064862][ T6839] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 45.078234][ T6839] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 45.090855][ T6839] ntfs: volume version 3.1. [ 45.095380][ T6839] ntfs: (device loop0): map_mft_record_page(): Mft record 0x2 is corrupt. Run chkdsk. [ 45.105993][ T6839] ================================================================== [ 45.114034][ T6839] BUG: KASAN: use-after-free in ntfs_are_names_equal+0x2f8/0x340 [ 45.121722][ T6839] Read of size 2 at addr ffff888086758ee8 by task syz-executor601/6839 [ 45.129932][ T6839] [ 45.132237][ T6839] CPU: 0 PID: 6839 Comm: syz-executor601 Not tainted 5.9.0-syzkaller #0 [ 45.140531][ T6839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.150562][ T6839] Call Trace: [ 45.153832][ T6839] dump_stack+0x1d6/0x29e [ 45.158129][ T6839] print_address_description+0x66/0x620 [ 45.163656][ T6839] ? printk+0x62/0x83 [ 45.167609][ T6839] ? vprintk_emit+0x2f0/0x370 [ 45.172270][ T6839] kasan_report+0x132/0x1d0 [ 45.176747][ T6839] ? mount_single+0x190/0x1b0 [ 45.181402][ T6839] ? ntfs_are_names_equal+0x2f8/0x340 [ 45.186741][ T6839] ? ntfs_fill_super+0x5c38/0x8bd0 [ 45.191824][ T6839] ? do_syscall_64+0x31/0x70 [ 45.196376][ T6839] ntfs_are_names_equal+0x2f8/0x340 [ 45.201539][ T6839] ? xas_load+0x3f2/0x410 [ 45.205846][ T6839] ntfs_attr_find+0x36d/0xac0 [ 45.210495][ T6839] ? mark_lock+0x13d/0x1b20 [ 45.214977][ T6839] ntfs_attr_lookup+0x1ec/0x23b0 [ 45.219987][ T6839] ? mark_page_accessed+0x72a/0x8f0 [ 45.225149][ T6839] ? slab_post_alloc_hook+0x3e/0x290 [ 45.230541][ T6839] ? trace_kmem_cache_alloc+0xb9/0x120 [ 45.235965][ T6839] ? ntfs_attr_get_search_ctx+0x4d/0x190 [ 45.241608][ T6839] ? kmem_cache_alloc+0x1e1/0x2d0 [ 45.246599][ T6839] ? ntfs_attr_get_search_ctx+0x4d/0x190 [ 45.252200][ T6839] ? memset+0x1f/0x40 [ 45.256180][ T6839] ntfs_attr_iget+0x48c/0x21a0 [ 45.260929][ T6839] ? _raw_spin_unlock_irqrestore+0x72/0x90 [ 45.266701][ T6839] ? unmap_mft_record+0x98/0xd0 [ 45.271525][ T6839] ntfs_read_locked_inode+0x36fd/0x4e30 [ 45.277050][ T6839] ? ntfs_iget+0x130/0x130 [ 45.281441][ T6839] ntfs_iget+0xc2/0x130 [ 45.285579][ T6839] ntfs_fill_super+0x5c38/0x8bd0 [ 45.290509][ T6839] mount_bdev+0x24f/0x360 [ 45.294809][ T6839] ? ntfs_mount+0x40/0x40 [ 45.299226][ T6839] legacy_get_tree+0xea/0x180 [ 45.303872][ T6839] ? ntfs_rl_punch_nolock+0x16f0/0x16f0 [ 45.309390][ T6839] vfs_get_tree+0x88/0x270 [ 45.313779][ T6839] path_mount+0x179d/0x29e0 [ 45.318251][ T6839] __se_sys_mount+0x126/0x180 [ 45.322897][ T6839] do_syscall_64+0x31/0x70 [ 45.327282][ T6839] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.333152][ T6839] RIP: 0033:0x45726a [ 45.337015][ T6839] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 8d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 45.356588][ T6839] RSP: 002b:00007ffcaca0cb18 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 45.364965][ T6839] RAX: ffffffffffffffda RBX: 00007ffcaca0cb70 RCX: 000000000045726a [ 45.372906][ T6839] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcaca0cb30 [ 45.380861][ T6839] RBP: 0000000000000004 R08: 00007ffcaca0cb70 R09: 0000000000316777 [ 45.388801][ T6839] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000003 [ 45.396737][ T6839] R13: 00007ffcaca0cb30 R14: 0000000000000000 R15: 0000000020001218 [ 45.404679][ T6839] [ 45.406979][ T6839] The buggy address belongs to the page: [ 45.412578][ T6839] page:000000007012e419 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x86758 [ 45.422690][ T6839] flags: 0xfffe0000000000() [ 45.427163][ T6839] raw: 00fffe0000000000 ffffea000219d688 ffffea000219d3c8 0000000000000000 [ 45.435709][ T6839] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 45.444250][ T6839] page dumped because: kasan: bad access detected [ 45.450624][ T6839] [ 45.452918][ T6839] Memory state around the buggy address: [ 45.458513][ T6839] ffff888086758d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.466539][ T6839] ffff888086758e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.474569][ T6839] >ffff888086758e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.482594][ T6839] ^ [ 45.490016][ T6839] ffff888086758f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.498047][ T6839] ffff888086758f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.506070][ T6839] ================================================================== [ 45.514112][ T6839] Disabling lock debugging due to kernel taint [ 45.523692][ T6839] Kernel panic - not syncing: panic_on_warn set ... [ 45.530390][ T6839] CPU: 0 PID: 6839 Comm: syz-executor601 Tainted: G B 5.9.0-syzkaller #0 [ 45.540101][ T6839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.550144][ T6839] Call Trace: [ 45.553405][ T6839] dump_stack+0x1d6/0x29e [ 45.557701][ T6839] panic+0x2c0/0x800 [ 45.561570][ T6839] ? trace_hardirqs_on+0x30/0x80 [ 45.566574][ T6839] kasan_report+0x1c9/0x1d0 [ 45.571047][ T6839] ? mount_single+0x190/0x1b0 [ 45.575712][ T6839] ? ntfs_are_names_equal+0x2f8/0x340 [ 45.581047][ T6839] ? ntfs_fill_super+0x5c38/0x8bd0 [ 45.586139][ T6839] ? do_syscall_64+0x31/0x70 [ 45.590697][ T6839] ntfs_are_names_equal+0x2f8/0x340 [ 45.595979][ T6839] ? xas_load+0x3f2/0x410 [ 45.600277][ T6839] ntfs_attr_find+0x36d/0xac0 [ 45.604935][ T6839] ? mark_lock+0x13d/0x1b20 [ 45.609414][ T6839] ntfs_attr_lookup+0x1ec/0x23b0 [ 45.614325][ T6839] ? mark_page_accessed+0x72a/0x8f0 [ 45.619489][ T6839] ? slab_post_alloc_hook+0x3e/0x290 [ 45.624762][ T6839] ? trace_kmem_cache_alloc+0xb9/0x120 [ 45.630201][ T6839] ? ntfs_attr_get_search_ctx+0x4d/0x190 [ 45.635796][ T6839] ? kmem_cache_alloc+0x1e1/0x2d0 [ 45.640784][ T6839] ? ntfs_attr_get_search_ctx+0x4d/0x190 [ 45.646381][ T6839] ? memset+0x1f/0x40 [ 45.650329][ T6839] ntfs_attr_iget+0x48c/0x21a0 [ 45.655061][ T6839] ? _raw_spin_unlock_irqrestore+0x72/0x90 [ 45.660832][ T6839] ? unmap_mft_record+0x98/0xd0 [ 45.665649][ T6839] ntfs_read_locked_inode+0x36fd/0x4e30 [ 45.671160][ T6839] ? ntfs_iget+0x130/0x130 [ 45.675540][ T6839] ntfs_iget+0xc2/0x130 [ 45.679687][ T6839] ntfs_fill_super+0x5c38/0x8bd0 [ 45.684597][ T6839] mount_bdev+0x24f/0x360 [ 45.688890][ T6839] ? ntfs_mount+0x40/0x40 [ 45.693192][ T6839] legacy_get_tree+0xea/0x180 [ 45.697832][ T6839] ? ntfs_rl_punch_nolock+0x16f0/0x16f0 [ 45.703342][ T6839] vfs_get_tree+0x88/0x270 [ 45.707732][ T6839] path_mount+0x179d/0x29e0 [ 45.712203][ T6839] __se_sys_mount+0x126/0x180 [ 45.716864][ T6839] do_syscall_64+0x31/0x70 [ 45.721250][ T6839] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.727107][ T6839] RIP: 0033:0x45726a [ 45.730967][ T6839] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 8d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 45.750539][ T6839] RSP: 002b:00007ffcaca0cb18 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 45.758927][ T6839] RAX: ffffffffffffffda RBX: 00007ffcaca0cb70 RCX: 000000000045726a [ 45.766881][ T6839] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcaca0cb30 [ 45.774839][ T6839] RBP: 0000000000000004 R08: 00007ffcaca0cb70 R09: 0000000000316777 [ 45.782776][ T6839] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000003 [ 45.790715][ T6839] R13: 00007ffcaca0cb30 R14: 0000000000000000 R15: 0000000020001218 [ 45.799972][ T6839] Kernel Offset: disabled [ 45.804281][ T6839] Rebooting in 86400 seconds..