libceph: mon0 [d::]:6789 connect error ================================================================== BUG: KASAN: slab-out-of-bounds in ntfs_attr_find+0x8df/0xa10 fs/ntfs/attrib.c:613 Read of size 4 at addr ffff8880a88b420a by task syz-executor.4/14509 CPU: 0 PID: 14509 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 print_address_description.cold+0x54/0x1d3 mm/kasan/report.c:252 kasan_report_error.cold+0x8a/0x194 mm/kasan/report.c:351 kasan_report mm/kasan/report.c:409 [inline] __asan_report_load_n_noabort+0x6b/0x80 mm/kasan/report.c:440 ntfs_attr_find+0x8df/0xa10 fs/ntfs/attrib.c:613 ntfs_attr_lookup+0xeca/0x1f30 fs/ntfs/attrib.c:1203 ntfs_read_inode_mount+0x6b4/0x1fb0 fs/ntfs/inode.c:1867 ntfs_fill_super+0x9a6/0x7170 fs/ntfs/super.c:2871 mount_bdev+0x2b3/0x360 fs/super.c:1134 mount_fs+0x92/0x2a0 fs/super.c:1237 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046 vfs_kern_mount fs/namespace.c:1036 [inline] do_new_mount fs/namespace.c:2549 [inline] do_mount+0xe53/0x2a00 fs/namespace.c:2879 SYSC_mount fs/namespace.c:3095 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3072 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x460bca RSP: 002b:00007fbaf3381a88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007fbaf3381b20 RCX: 0000000000460bca RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fbaf3381ae0 RBP: 00007fbaf3381ae0 R08: 00007fbaf3381b20 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000280 Allocated by task 13882: save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 kmem_cache_alloc+0x124/0x3c0 mm/slab.c:3552 kmem_cache_zalloc include/linux/slab.h:651 [inline] get_empty_filp+0x86/0x3e0 fs/file_table.c:123 path_openat+0x84/0x2970 fs/namei.c:3545 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb Freed by task 8227: save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_slab_free+0xc3/0x1a0 mm/kasan/kasan.c:524 __cache_free mm/slab.c:3496 [inline] kmem_cache_free+0x7c/0x2b0 mm/slab.c:3758 __rcu_reclaim kernel/rcu/rcu.h:195 [inline] rcu_do_batch kernel/rcu/tree.c:2699 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] rcu_process_callbacks+0x780/0x1180 kernel/rcu/tree.c:2946 __do_softirq+0x254/0xa1d kernel/softirq.c:288 The buggy address belongs to the object at ffff8880a88b4000 which belongs to the cache filp of size 456 The buggy address is located 66 bytes to the right of 456-byte region [ffff8880a88b4000, ffff8880a88b41c8) The buggy address belongs to the page: page:ffffea0002a22d00 count:1 mapcount:0 mapping:ffff8880a88b4000 index:0x0 flags: 0xfffe0000000100(slab) raw: 00fffe0000000100 ffff8880a88b4000 0000000000000000 0000000100000006 raw: ffffea00022e9320 ffffea0002535d20 ffff88821f8b9800 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880a88b4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880a88b4180: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc >ffff8880a88b4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8880a88b4280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880a88b4300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use) BFS-fs: bfs_fill_super(): loop3 is unclean, continuing libceph: connect [d::]:6789 error -101 libceph: mon0 [d::]:6789 connect error ceph: No mds server is up or the cluster is laggy libceph: connect [d::]:6789 error -101 libceph: mon0 [d::]:6789 connect error BFS-fs: bfs_fill_super(): loop3 is unclean, continuing libceph: connect [d::]:6789 error -101 ceph: No mds server is up or the cluster is laggy libceph: mon0 [d::]:6789 connect error