[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.180809] ================================================================== [ 35.188339] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x62a/0x680 [ 35.194905] Write of size 1 at addr ffff8880b3becace by task syz-executor225/7961 [ 35.202510] [ 35.204122] CPU: 0 PID: 7961 Comm: syz-executor225 Not tainted 4.14.300-syzkaller #0 [ 35.211984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.221313] Call Trace: [ 35.223886] dump_stack+0x1b2/0x281 [ 35.227492] print_address_description.cold+0x54/0x1d3 [ 35.232745] kasan_report_error.cold+0x8a/0x191 [ 35.237389] ? hfs_asc2mac+0x62a/0x680 [ 35.241251] __asan_report_store1_noabort+0x68/0x70 [ 35.246280] ? uni2char+0x101/0x110 [ 35.249879] ? hfs_asc2mac+0x62a/0x680 [ 35.253741] hfs_asc2mac+0x62a/0x680 [ 35.257442] ? hfs_mac2asc+0x490/0x490 [ 35.261316] ? __kmalloc+0x3a4/0x400 [ 35.265009] ? hfs_find_init+0x91/0x220 [ 35.268964] hfs_cat_build_key+0xbe/0x1a0 [ 35.273098] hfs_lookup+0x18c/0x2b0 [ 35.276707] ? hfs_rename+0x1e0/0x1e0 [ 35.280522] ? lock_acquire+0x170/0x3f0 [ 35.284503] ? __d_lookup_rcu+0x640/0x640 [ 35.288628] ? mark_held_locks+0xa6/0xf0 [ 35.292666] ? d_lookup+0x172/0x220 [ 35.296271] ? d_lookup+0x156/0x220 [ 35.299876] ? hfs_rename+0x1e0/0x1e0 [ 35.303652] lookup_open+0x5c4/0x1750 [ 35.307431] ? vfs_mkdir+0x6e0/0x6e0 [ 35.311125] path_openat+0x14bb/0x2970 [ 35.314989] ? path_lookupat+0x780/0x780 [ 35.319029] ? trace_hardirqs_on+0x10/0x10 [ 35.323240] ? trace_hardirqs_on+0x10/0x10 [ 35.327454] do_filp_open+0x179/0x3c0 [ 35.331231] ? may_open_dev+0xe0/0xe0 [ 35.335011] ? lock_downgrade+0x740/0x740 [ 35.339149] ? do_raw_spin_unlock+0x164/0x220 [ 35.343627] ? _raw_spin_unlock+0x29/0x40 [ 35.347841] ? __alloc_fd+0x1be/0x490 [ 35.351624] ? _raw_spin_unlock_irq+0x24/0x80 [ 35.356101] do_sys_open+0x296/0x410 [ 35.359794] ? filp_open+0x60/0x60 [ 35.363311] ? do_syscall_64+0x4c/0x640 [ 35.367256] ? do_sys_open+0x410/0x410 [ 35.371118] do_syscall_64+0x1d5/0x640 [ 35.374983] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.380150] [ 35.381752] Allocated by task 7961: [ 35.385360] kasan_kmalloc+0xeb/0x160 [ 35.389136] __kmalloc+0x15a/0x400 [ 35.392651] hfs_find_init+0x91/0x220 [ 35.396423] hfs_lookup+0xea/0x2b0 [ 35.399936] lookup_open+0x5c4/0x1750 [ 35.403797] path_openat+0x14bb/0x2970 [ 35.407658] do_filp_open+0x179/0x3c0 [ 35.411443] do_sys_open+0x296/0x410 [ 35.415148] do_syscall_64+0x1d5/0x640 [ 35.419042] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.424216] [ 35.425821] Freed by task 6442: [ 35.429078] kasan_slab_free+0xc3/0x1a0 [ 35.433030] kfree+0xc9/0x250 [ 35.436125] apparmor_file_free_security+0x7e/0xb0 [ 35.441043] security_file_free+0x42/0x80 [ 35.445176] put_filp+0x23/0x90 [ 35.448442] path_openat+0x212b/0x2970 [ 35.452309] do_filp_open+0x179/0x3c0 [ 35.456086] do_sys_open+0x296/0x410 [ 35.459781] do_syscall_64+0x1d5/0x640 [ 35.463648] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.468809] [ 35.470411] The buggy address belongs to the object at ffff8880b3beca80 [ 35.470411] which belongs to the cache kmalloc-96 of size 96 [ 35.482867] The buggy address is located 78 bytes inside of [ 35.482867] 96-byte region [ffff8880b3beca80, ffff8880b3becae0) [ 35.494538] The buggy address belongs to the page: [ 35.499443] page:ffffea0002cefb00 count:1 mapcount:0 mapping:ffff8880b3bec000 index:0x0 [ 35.507561] flags: 0xfff00000000100(slab) [ 35.511685] raw: 00fff00000000100 ffff8880b3bec000 0000000000000000 0000000100000020 [ 35.519631] raw: ffffea0002cfd660 ffffea0002cd8f20 ffff88813fe744c0 0000000000000000 [ 35.527483] page dumped because: kasan: bad access detected [ 35.533208] [ 35.534809] Memory state around the buggy address: [ 35.539711] ffff8880b3bec980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 35.547042] ffff8880b3beca00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 35.554374] >ffff8880b3beca80: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 35.561705] ^ [ 35.567388] ffff8880b3becb00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 35.574720] ffff8880b3becb80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 35.582049] ================================================================== [ 35.589380] Disabling lock debugging due to kernel taint [ 35.595081] Kernel panic - not syncing: panic_on_warn set ... [ 35.595081] [ 35.602434] CPU: 0 PID: 7961 Comm: syz-executor225 Tainted: G B 4.14.300-syzkaller #0 [ 35.611520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.620950] Call Trace: [ 35.623526] dump_stack+0x1b2/0x281 [ 35.627128] panic+0x1f9/0x42d [ 35.630293] ? add_taint.cold+0x16/0x16 [ 35.634239] ? ___preempt_schedule+0x16/0x18 [ 35.638617] kasan_end_report+0x43/0x49 [ 35.642561] kasan_report_error.cold+0xa7/0x191 [ 35.647203] ? hfs_asc2mac+0x62a/0x680 [ 35.651062] __asan_report_store1_noabort+0x68/0x70 [ 35.656051] ? uni2char+0x101/0x110 [ 35.659647] ? hfs_asc2mac+0x62a/0x680 [ 35.663504] hfs_asc2mac+0x62a/0x680 [ 35.667188] ? hfs_mac2asc+0x490/0x490 [ 35.671048] ? __kmalloc+0x3a4/0x400 [ 35.674730] ? hfs_find_init+0x91/0x220 [ 35.678681] hfs_cat_build_key+0xbe/0x1a0 [ 35.682798] hfs_lookup+0x18c/0x2b0 [ 35.686421] ? hfs_rename+0x1e0/0x1e0 [ 35.690193] ? lock_acquire+0x170/0x3f0 [ 35.694175] ? __d_lookup_rcu+0x640/0x640 [ 35.698310] ? mark_held_locks+0xa6/0xf0 [ 35.702347] ? d_lookup+0x172/0x220 [ 35.705950] ? d_lookup+0x156/0x220 [ 35.709556] ? hfs_rename+0x1e0/0x1e0 [ 35.713334] lookup_open+0x5c4/0x1750 [ 35.717129] ? vfs_mkdir+0x6e0/0x6e0 [ 35.720839] path_openat+0x14bb/0x2970 [ 35.724709] ? path_lookupat+0x780/0x780 [ 35.728747] ? trace_hardirqs_on+0x10/0x10 [ 35.732959] ? trace_hardirqs_on+0x10/0x10 [ 35.737166] do_filp_open+0x179/0x3c0 [ 35.740939] ? may_open_dev+0xe0/0xe0 [ 35.744712] ? lock_downgrade+0x740/0x740 [ 35.748838] ? do_raw_spin_unlock+0x164/0x220 [ 35.753309] ? _raw_spin_unlock+0x29/0x40 [ 35.757433] ? __alloc_fd+0x1be/0x490 [ 35.761206] ? _raw_spin_unlock_irq+0x24/0x80 [ 35.765687] do_sys_open+0x296/0x410 [ 35.769461] ? filp_open+0x60/0x60 [ 35.772973] ? do_syscall_64+0x4c/0x640 [ 35.776918] ? do_sys_open+0x410/0x410 [ 35.780783] do_syscall_64+0x1d5/0x640 [ 35.784666] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.790029] Kernel Offset: disabled [ 35.793632] Rebooting in 86400 seconds..