Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.322902] ================================================================== [ 27.330282] BUG: KASAN: use-after-free in ntfs_attr_find+0xacd/0xc20 [ 27.336768] Read of size 2 at addr ffff88818115858b by task syz-executor189/7955 [ 27.344286] [ 27.345911] CPU: 1 PID: 7955 Comm: syz-executor189 Not tainted 4.14.294-syzkaller #0 [ 27.353773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 27.363103] Call Trace: [ 27.365668] dump_stack+0x1b2/0x281 [ 27.369273] print_address_description.cold+0x54/0x1d3 [ 27.374523] kasan_report_error.cold+0x8a/0x191 [ 27.379166] ? ntfs_attr_find+0xacd/0xc20 [ 27.383296] __asan_report_load_n_noabort+0x6b/0x80 [ 27.388294] ? ntfs_attr_find+0xacd/0xc20 [ 27.392418] ntfs_attr_find+0xacd/0xc20 [ 27.396377] ntfs_attr_lookup+0xeca/0x1f30 [ 27.400597] ? do_raw_spin_unlock+0x164/0x220 [ 27.405069] ? _raw_spin_unlock+0x29/0x40 [ 27.409197] ? cache_alloc_refill+0x2fa/0x350 [ 27.413667] ? check_preemption_disabled+0x35/0x240 [ 27.418659] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 27.423910] ? kmem_cache_alloc+0x2f8/0x3c0 [ 27.428204] ntfs_read_inode_mount+0x7b1/0x2060 [ 27.432962] ntfs_fill_super+0x9a6/0x7170 [ 27.437086] ? vsnprintf+0x260/0x1340 [ 27.440862] ? pointer+0x9e0/0x9e0 [ 27.444376] ? lock_downgrade+0x740/0x740 [ 27.448496] ? ntfs_big_inode_init_once+0x20/0x20 [ 27.453311] ? snprintf+0xa5/0xd0 [ 27.456737] ? vsprintf+0x30/0x30 [ 27.460167] ? ns_test_super+0x50/0x50 [ 27.464032] ? set_blocksize+0x125/0x380 [ 27.468069] mount_bdev+0x2b3/0x360 [ 27.471672] ? ntfs_big_inode_init_once+0x20/0x20 [ 27.476489] mount_fs+0x92/0x2a0 [ 27.479830] vfs_kern_mount.part.0+0x5b/0x470 [ 27.484304] do_mount+0xe65/0x2a30 [ 27.487827] ? retint_kernel+0x2d/0x2d [ 27.491691] ? copy_mount_string+0x40/0x40 [ 27.495903] ? memset+0x20/0x40 [ 27.499161] ? copy_mount_options+0x1fa/0x2f0 [ 27.503628] ? copy_mnt_ns+0xa30/0xa30 [ 27.507489] SyS_mount+0xa8/0x120 [ 27.510916] ? copy_mnt_ns+0xa30/0xa30 [ 27.514776] do_syscall_64+0x1d5/0x640 [ 27.518643] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.523806] RIP: 0033:0x7ff887b57f6a [ 27.527506] RSP: 002b:00007ffe4ab7e418 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 27.535187] RAX: ffffffffffffffda RBX: 00007ffe4ab7e470 RCX: 00007ff887b57f6a [ 27.542431] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe4ab7e430 [ 27.549679] RBP: 00007ffe4ab7e430 R08: 00007ffe4ab7e470 R09: 0000000000000000 [ 27.556929] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200007a0 [ 27.564189] R13: 0000000000000003 R14: 0000000000000004 R15: 000000000000003c [ 27.571432] [ 27.573030] The buggy address belongs to the page: [ 27.577950] page:ffffea0006045600 count:0 mapcount:0 mapping: (null) index:0x0 [ 27.586064] flags: 0x57ff00000000000() [ 27.589926] raw: 057ff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 27.597800] raw: ffffea0006045620 ffffea0006045620 0000000000000000 0000000000000000 [ 27.605650] page dumped because: kasan: bad access detected [ 27.611332] [ 27.612940] Memory state around the buggy address: [ 27.617849] ffff888181158480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.625184] ffff888181158500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.632519] >ffff888181158580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.639848] ^ [ 27.643447] ffff888181158600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.650780] ffff888181158680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.658107] ================================================================== [ 27.665436] Disabling lock debugging due to kernel taint [ 27.673028] Kernel panic - not syncing: panic_on_warn set ... [ 27.673028] [ 27.680397] CPU: 0 PID: 7955 Comm: syz-executor189 Tainted: G B 4.14.294-syzkaller #0 [ 27.689473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 27.698800] Call Trace: [ 27.701365] dump_stack+0x1b2/0x281 [ 27.704967] panic+0x1f9/0x42d [ 27.708154] ? add_taint.cold+0x16/0x16 [ 27.712102] ? ___preempt_schedule+0x16/0x18 [ 27.716483] kasan_end_report+0x43/0x49 [ 27.720431] kasan_report_error.cold+0xa7/0x191 [ 27.725075] ? ntfs_attr_find+0xacd/0xc20 [ 27.729197] __asan_report_load_n_noabort+0x6b/0x80 [ 27.734200] ? ntfs_attr_find+0xacd/0xc20 [ 27.738327] ntfs_attr_find+0xacd/0xc20 [ 27.742281] ntfs_attr_lookup+0xeca/0x1f30 [ 27.746494] ? do_raw_spin_unlock+0x164/0x220 [ 27.750970] ? _raw_spin_unlock+0x29/0x40 [ 27.755175] ? cache_alloc_refill+0x2fa/0x350 [ 27.759650] ? check_preemption_disabled+0x35/0x240 [ 27.764641] ? ntfs_attr_reinit_search_ctx+0x3c0/0x3c0 [ 27.769992] ? kmem_cache_alloc+0x2f8/0x3c0 [ 27.774287] ntfs_read_inode_mount+0x7b1/0x2060 [ 27.778934] ntfs_fill_super+0x9a6/0x7170 [ 27.783074] ? vsnprintf+0x260/0x1340 [ 27.786853] ? pointer+0x9e0/0x9e0 [ 27.790371] ? lock_downgrade+0x740/0x740 [ 27.794492] ? ntfs_big_inode_init_once+0x20/0x20 [ 27.799308] ? snprintf+0xa5/0xd0 [ 27.802739] ? vsprintf+0x30/0x30 [ 27.806168] ? ns_test_super+0x50/0x50 [ 27.810036] ? set_blocksize+0x125/0x380 [ 27.814072] mount_bdev+0x2b3/0x360 [ 27.817675] ? ntfs_big_inode_init_once+0x20/0x20 [ 27.822582] mount_fs+0x92/0x2a0 [ 27.825921] vfs_kern_mount.part.0+0x5b/0x470 [ 27.830400] do_mount+0xe65/0x2a30 [ 27.833920] ? retint_kernel+0x2d/0x2d [ 27.837781] ? copy_mount_string+0x40/0x40 [ 27.842029] ? memset+0x20/0x40 [ 27.845284] ? copy_mount_options+0x1fa/0x2f0 [ 27.849766] ? copy_mnt_ns+0xa30/0xa30 [ 27.853640] SyS_mount+0xa8/0x120 [ 27.857086] ? copy_mnt_ns+0xa30/0xa30 [ 27.860953] do_syscall_64+0x1d5/0x640 [ 27.864822] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.870014] RIP: 0033:0x7ff887b57f6a [ 27.873697] RSP: 002b:00007ffe4ab7e418 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 27.881467] RAX: ffffffffffffffda RBX: 00007ffe4ab7e470 RCX: 00007ff887b57f6a [ 27.888716] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe4ab7e430 [ 27.895961] RBP: 00007ffe4ab7e430 R08: 00007ffe4ab7e470 R09: 0000000000000000 [ 27.903215] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200007a0 [ 27.910464] R13: 0000000000000003 R14: 0000000000000004 R15: 000000000000003c [ 27.917793] Kernel Offset: disabled [ 27.921403] Rebooting in 86400 seconds..