Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts. executing program [ 32.849621] audit: type=1400 audit(1602294655.369:8): avc: denied { execmem } for pid=6365 comm="syz-executor116" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 32.863399] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. [ 32.881434] ================================================================== [ 32.888800] BUG: KASAN: slab-out-of-bounds in ntfs_attr_find+0x8df/0xa10 [ 32.895621] Read of size 4 at addr ffff88809705417f by task syz-executor116/6365 [ 32.903148] [ 32.904750] CPU: 1 PID: 6365 Comm: syz-executor116 Not tainted 4.14.198-syzkaller #0 [ 32.912625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.921951] Call Trace: [ 32.924524] dump_stack+0x1b2/0x283 [ 32.928137] print_address_description.cold+0x54/0x1d3 [ 32.933386] kasan_report_error.cold+0x8a/0x194 [ 32.938032] ? ntfs_attr_find+0x8df/0xa10 [ 32.942151] __asan_report_load_n_noabort+0x6b/0x80 [ 32.947139] ? ntfs_attr_find+0x8df/0xa10 [ 32.951269] ntfs_attr_find+0x8df/0xa10 [ 32.955215] ntfs_attr_lookup+0xeca/0x1f30 [ 32.959436] ? do_raw_spin_unlock+0x164/0x220 [ 32.963914] ? _raw_spin_unlock+0x29/0x40 [ 32.968037] ? cache_alloc_refill+0x2fa/0x350 [ 32.972512] ? __wait_on_bit+0x150/0x150 [ 32.976557] ? check_preemption_disabled+0x35/0x240 [ 32.981548] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 32.986812] ? kmem_cache_alloc+0x2f8/0x3c0 [ 32.991114] ntfs_read_inode_mount+0x6b4/0x1fb0 [ 32.995759] ntfs_fill_super+0x9a6/0x7170 [ 32.999881] ? vsnprintf+0x260/0x1340 [ 33.003664] ? pointer+0x9e0/0x9e0 [ 33.007194] ? lock_downgrade+0x740/0x740 [ 33.011324] ? ntfs_big_inode_init_once+0x20/0x20 [ 33.016140] ? snprintf+0xa5/0xd0 [ 33.019566] ? vsprintf+0x30/0x30 [ 33.022992] ? ns_test_super+0x50/0x50 [ 33.026852] ? set_blocksize+0x125/0x380 [ 33.030887] mount_bdev+0x2b3/0x360 [ 33.034501] ? ntfs_big_inode_init_once+0x20/0x20 [ 33.039328] mount_fs+0x92/0x2a0 [ 33.042667] vfs_kern_mount.part.0+0x5b/0x470 [ 33.047137] do_mount+0xe53/0x2a00 [ 33.050650] ? copy_mount_string+0x40/0x40 [ 33.054858] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 33.059846] ? copy_mnt_ns+0xa30/0xa30 [ 33.063716] ? copy_mount_options+0x1fa/0x2f0 [ 33.068197] ? copy_mnt_ns+0xa30/0xa30 [ 33.072065] SyS_mount+0xa8/0x120 [ 33.075499] ? copy_mnt_ns+0xa30/0xa30 [ 33.079373] do_syscall_64+0x1d5/0x640 [ 33.083245] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.088405] RIP: 0033:0x44995a [ 33.091589] RSP: 002b:00007ffe78e7a858 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 33.099280] RAX: ffffffffffffffda RBX: 00007ffe78e7a8b0 RCX: 000000000044995a [ 33.106559] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe78e7a870 [ 33.113815] RBP: 00007ffe78e7a870 R08: 00007ffe78e7a8b0 R09: 00007ffe00000015 [ 33.121086] R10: 0000000000000000 R11: 0000000000000287 R12: 000000000000013c [ 33.128345] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 33.135591] [ 33.137191] Allocated by task 3648: [ 33.140792] kasan_kmalloc+0xeb/0x160 [ 33.144569] kmem_cache_alloc+0x124/0x3c0 [ 33.148705] getname_flags+0xc8/0x550 [ 33.152477] SyS_renameat2+0x17b/0xad0 [ 33.156337] do_syscall_64+0x1d5/0x640 [ 33.160210] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.165376] [ 33.166988] Freed by task 3648: [ 33.170240] kasan_slab_free+0xc3/0x1a0 [ 33.174185] kmem_cache_free+0x7c/0x2b0 [ 33.178133] putname+0xcd/0x110 [ 33.181393] SyS_renameat2+0x214/0xad0 [ 33.185261] do_syscall_64+0x1d5/0x640 [ 33.189122] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.194280] [ 33.195879] The buggy address belongs to the object at ffff888097054280 [ 33.195879] which belongs to the cache names_cache of size 4096 [ 33.208594] The buggy address is located 257 bytes to the left of [ 33.208594] 4096-byte region [ffff888097054280, ffff888097055280) [ 33.220975] The buggy address belongs to the page: [ 33.225876] page:ffffea00025c1500 count:1 mapcount:0 mapping:ffff888097054280 index:0x0 compound_mapcount: 0 [ 33.235814] flags: 0xfffe0000008100(slab|head) [ 33.240369] raw: 00fffe0000008100 ffff888097054280 0000000000000000 0000000100000001 [ 33.248234] raw: ffffea00025da820 ffffea00025fe120 ffff8880aa58ccc0 0000000000000000 [ 33.256082] page dumped because: kasan: bad access detected [ 33.261771] [ 33.263367] Memory state around the buggy address: [ 33.268266] ffff888097054000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.275609] ffff888097054080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.282962] >ffff888097054100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.290306] ^ [ 33.297550] ffff888097054180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.304979] ffff888097054200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.312321] ================================================================== [ 33.320603] Disabling lock debugging due to kernel taint [ 33.328881] Kernel panic - not syncing: panic_on_warn set ... [ 33.328881] [ 33.337293] CPU: 0 PID: 6365 Comm: syz-executor116 Tainted: G B 4.14.198-syzkaller #0 [ 33.346374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.355711] Call Trace: [ 33.358521] dump_stack+0x1b2/0x283 [ 33.362125] panic+0x1f9/0x42d [ 33.365290] ? add_taint.cold+0x16/0x16 [ 33.369238] ? ___preempt_schedule+0x16/0x18 [ 33.373637] kasan_end_report+0x43/0x49 [ 33.377608] kasan_report_error.cold+0xa7/0x194 [ 33.382282] ? ntfs_attr_find+0x8df/0xa10 [ 33.386402] __asan_report_load_n_noabort+0x6b/0x80 [ 33.391403] ? ntfs_attr_find+0x8df/0xa10 [ 33.395531] ntfs_attr_find+0x8df/0xa10 [ 33.399495] ntfs_attr_lookup+0xeca/0x1f30 [ 33.403709] ? do_raw_spin_unlock+0x164/0x220 [ 33.408178] ? _raw_spin_unlock+0x29/0x40 [ 33.412298] ? cache_alloc_refill+0x2fa/0x350 [ 33.416762] ? __wait_on_bit+0x150/0x150 [ 33.420795] ? check_preemption_disabled+0x35/0x240 [ 33.425797] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 33.431047] ? kmem_cache_alloc+0x2f8/0x3c0 [ 33.435356] ntfs_read_inode_mount+0x6b4/0x1fb0 [ 33.440003] ntfs_fill_super+0x9a6/0x7170 [ 33.444125] ? vsnprintf+0x260/0x1340 [ 33.447910] ? pointer+0x9e0/0x9e0 [ 33.451424] ? lock_downgrade+0x740/0x740 [ 33.455571] ? ntfs_big_inode_init_once+0x20/0x20 [ 33.460392] ? snprintf+0xa5/0xd0 [ 33.463816] ? vsprintf+0x30/0x30 [ 33.467256] ? ns_test_super+0x50/0x50 [ 33.471137] ? set_blocksize+0x125/0x380 [ 33.475173] mount_bdev+0x2b3/0x360 [ 33.479221] ? ntfs_big_inode_init_once+0x20/0x20 [ 33.484048] mount_fs+0x92/0x2a0 [ 33.487390] vfs_kern_mount.part.0+0x5b/0x470 [ 33.491857] do_mount+0xe53/0x2a00 [ 33.495393] ? copy_mount_string+0x40/0x40 [ 33.499602] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 33.504594] ? copy_mnt_ns+0xa30/0xa30 [ 33.508456] ? copy_mount_options+0x1fa/0x2f0 [ 33.512921] ? copy_mnt_ns+0xa30/0xa30 [ 33.516779] SyS_mount+0xa8/0x120 [ 33.520214] ? copy_mnt_ns+0xa30/0xa30 [ 33.524084] do_syscall_64+0x1d5/0x640 [ 33.527957] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.533122] RIP: 0033:0x44995a [ 33.536294] RSP: 002b:00007ffe78e7a858 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 33.543987] RAX: ffffffffffffffda RBX: 00007ffe78e7a8b0 RCX: 000000000044995a [ 33.551245] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe78e7a870 [ 33.558492] RBP: 00007ffe78e7a870 R08: 00007ffe78e7a8b0 R09: 00007ffe00000015 [ 33.565770] R10: 0000000000000000 R11: 0000000000000287 R12: 000000000000013c [ 33.573014] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 33.581168] Kernel Offset: disabled [ 33.584775] Rebooting in 86400 seconds..