[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 90.633936] audit: type=1400 audit(1602297986.243:8): avc: denied { execmem } for pid=6334 comm="syz-executor795" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 90.650134] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. [ 90.663534] ================================================================== [ 90.670904] BUG: KASAN: slab-out-of-bounds in ntfs_attr_find+0x8df/0xa10 [ 90.677735] Read of size 4 at addr ffff88809787217f by task syz-executor795/6334 [ 90.685260] [ 90.686873] CPU: 1 PID: 6334 Comm: syz-executor795 Not tainted 4.14.198-syzkaller #0 [ 90.694758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 90.704089] Call Trace: [ 90.706679] dump_stack+0x1b2/0x283 [ 90.710295] print_address_description.cold+0x54/0x1d3 [ 90.716507] kasan_report_error.cold+0x8a/0x194 [ 90.721150] ? ntfs_attr_find+0x8df/0xa10 [ 90.725282] __asan_report_load_n_noabort+0x6b/0x80 [ 90.730271] ? ntfs_attr_find+0x8df/0xa10 [ 90.734401] ntfs_attr_find+0x8df/0xa10 [ 90.738348] ntfs_attr_lookup+0xeca/0x1f30 [ 90.742558] ? do_raw_spin_unlock+0x164/0x220 [ 90.747027] ? _raw_spin_unlock+0x29/0x40 [ 90.751147] ? cache_alloc_refill+0x2fa/0x350 [ 90.755613] ? check_preemption_disabled+0x35/0x240 [ 90.760611] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 90.765857] ? kmem_cache_alloc+0x2f8/0x3c0 [ 90.770160] ntfs_read_inode_mount+0x6b4/0x1fb0 [ 90.774805] ntfs_fill_super+0x9a6/0x7170 [ 90.778933] ? vsnprintf+0x260/0x1340 [ 90.782714] ? pointer+0x9e0/0x9e0 [ 90.786228] ? lock_downgrade+0x740/0x740 [ 90.790344] ? ntfs_big_inode_init_once+0x20/0x20 [ 90.795169] ? snprintf+0xa5/0xd0 [ 90.798593] ? vsprintf+0x30/0x30 [ 90.802029] ? ns_test_super+0x50/0x50 [ 90.805932] ? set_blocksize+0x125/0x380 [ 90.809968] mount_bdev+0x2b3/0x360 [ 90.813582] ? ntfs_big_inode_init_once+0x20/0x20 [ 90.818398] mount_fs+0x92/0x2a0 [ 90.821738] vfs_kern_mount.part.0+0x5b/0x470 [ 90.826225] do_mount+0xe53/0x2a00 [ 90.829737] ? retint_kernel+0x2d/0x2d [ 90.833597] ? copy_mount_string+0x40/0x40 [ 90.837825] ? memset+0x20/0x40 [ 90.841079] ? copy_mount_options+0x1fa/0x2f0 [ 90.845557] ? copy_mnt_ns+0xa30/0xa30 [ 90.849416] SyS_mount+0xa8/0x120 [ 90.852862] ? copy_mnt_ns+0xa30/0xa30 [ 90.856735] do_syscall_64+0x1d5/0x640 [ 90.861400] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 90.866575] RIP: 0033:0x44c1fa [ 90.869736] RSP: 002b:00007ffdc7f91008 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 90.877429] RAX: ffffffffffffffda RBX: 00007ffdc7f91060 RCX: 000000000044c1fa [ 90.884672] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffdc7f91020 [ 90.891928] RBP: 00007ffdc7f91020 R08: 00007ffdc7f91060 R09: 00007ffd00000015 [ 90.899170] R10: 0000000000000000 R11: 0000000000000287 R12: 000000000000025d [ 90.906409] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 90.913651] [ 90.915247] The buggy address belongs to the page: [ 90.920157] page:ffffea00025e1c80 count:0 mapcount:-127 mapping: (null) index:0xffff888097872300 [ 90.929934] flags: 0xfffe0000000000() [ 90.933715] raw: 00fffe0000000000 0000000000000000 ffff888097872300 00000000ffffff80 [ 90.941575] raw: ffffea00026172a0 ffffea00026192a0 0000000000000001 0000000000000000 [ 90.949424] page dumped because: kasan: bad access detected [ 90.955113] [ 90.956720] Memory state around the buggy address: [ 90.961620] ffff888097872000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 90.968952] ffff888097872080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 90.976295] >ffff888097872100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 90.983742] ^ [ 90.991136] ffff888097872180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 90.998557] ffff888097872200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 91.005888] ================================================================== [ 91.013216] Disabling lock debugging due to kernel taint [ 91.018967] Kernel panic - not syncing: panic_on_warn set ... [ 91.018967] [ 91.026324] CPU: 1 PID: 6334 Comm: syz-executor795 Tainted: G B 4.14.198-syzkaller #0 [ 91.035405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 91.044741] Call Trace: [ 91.047312] dump_stack+0x1b2/0x283 [ 91.050935] panic+0x1f9/0x42d [ 91.054097] ? add_taint.cold+0x16/0x16 [ 91.058057] ? ___preempt_schedule+0x16/0x18 [ 91.062439] kasan_end_report+0x43/0x49 [ 91.066385] kasan_report_error.cold+0xa7/0x194 [ 91.071030] ? ntfs_attr_find+0x8df/0xa10 [ 91.075157] __asan_report_load_n_noabort+0x6b/0x80 [ 91.080154] ? ntfs_attr_find+0x8df/0xa10 [ 91.084273] ntfs_attr_find+0x8df/0xa10 [ 91.088237] ntfs_attr_lookup+0xeca/0x1f30 [ 91.092470] ? do_raw_spin_unlock+0x164/0x220 [ 91.096939] ? _raw_spin_unlock+0x29/0x40 [ 91.101061] ? cache_alloc_refill+0x2fa/0x350 [ 91.105543] ? check_preemption_disabled+0x35/0x240 [ 91.110534] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 91.115792] ? kmem_cache_alloc+0x2f8/0x3c0 [ 91.120085] ntfs_read_inode_mount+0x6b4/0x1fb0 [ 91.124746] ntfs_fill_super+0x9a6/0x7170 [ 91.128878] ? vsnprintf+0x260/0x1340 [ 91.132652] ? pointer+0x9e0/0x9e0 [ 91.136174] ? lock_downgrade+0x740/0x740 [ 91.140294] ? ntfs_big_inode_init_once+0x20/0x20 [ 91.145105] ? snprintf+0xa5/0xd0 [ 91.148630] ? vsprintf+0x30/0x30 [ 91.152065] ? ns_test_super+0x50/0x50 [ 91.155925] ? set_blocksize+0x125/0x380 [ 91.159971] mount_bdev+0x2b3/0x360 [ 91.163578] ? ntfs_big_inode_init_once+0x20/0x20 [ 91.168401] mount_fs+0x92/0x2a0 [ 91.171738] vfs_kern_mount.part.0+0x5b/0x470 [ 91.176214] do_mount+0xe53/0x2a00 [ 91.179726] ? retint_kernel+0x2d/0x2d [ 91.183584] ? copy_mount_string+0x40/0x40 [ 91.187791] ? memset+0x20/0x40 [ 91.191040] ? copy_mount_options+0x1fa/0x2f0 [ 91.195505] ? copy_mnt_ns+0xa30/0xa30 [ 91.199363] SyS_mount+0xa8/0x120 [ 91.202796] ? copy_mnt_ns+0xa30/0xa30 [ 91.206659] do_syscall_64+0x1d5/0x640 [ 91.210520] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 91.215693] RIP: 0033:0x44c1fa [ 91.218851] RSP: 002b:00007ffdc7f91008 EFLAGS: 00000287 ORIG_RAX: 00000000000000a5 [ 91.226528] RAX: ffffffffffffffda RBX: 00007ffdc7f91060 RCX: 000000000044c1fa [ 91.233776] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffdc7f91020 [ 91.241034] RBP: 00007ffdc7f91020 R08: 00007ffdc7f91060 R09: 00007ffd00000015 [ 91.248278] R10: 0000000000000000 R11: 0000000000000287 R12: 000000000000025d [ 91.255520] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 91.263916] Kernel Offset: disabled [ 91.267528] Rebooting in 86400 seconds..