[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.72' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.154469] ====================================================== [ 27.154469] WARNING: the mand mount option is being deprecated and [ 27.154469] will be removed in v5.15! [ 27.154469] ====================================================== [ 27.181074] ================================================================== [ 27.188537] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x62a/0x680 [ 27.195110] Write of size 1 at addr ffff88809657624e by task syz-executor130/7970 [ 27.202715] [ 27.204338] CPU: 0 PID: 7970 Comm: syz-executor130 Not tainted 4.14.300-syzkaller #0 [ 27.212199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.221530] Call Trace: [ 27.224095] dump_stack+0x1b2/0x281 [ 27.227697] print_address_description.cold+0x54/0x1d3 [ 27.232945] kasan_report_error.cold+0x8a/0x191 [ 27.237587] ? hfs_asc2mac+0x62a/0x680 [ 27.241445] __asan_report_store1_noabort+0x68/0x70 [ 27.246435] ? uni2char+0x101/0x110 [ 27.250035] ? hfs_asc2mac+0x62a/0x680 [ 27.253894] hfs_asc2mac+0x62a/0x680 [ 27.257581] ? hfs_mac2asc+0x490/0x490 [ 27.261442] ? __kmalloc+0x3a4/0x400 [ 27.265130] ? hfs_find_init+0x91/0x220 [ 27.269077] hfs_cat_build_key+0xbe/0x1a0 [ 27.273203] hfs_lookup+0x18c/0x2b0 [ 27.276809] ? hfs_rename+0x1e0/0x1e0 [ 27.280582] ? d_alloc+0x1c7/0x240 [ 27.284096] ? lock_acquire+0x170/0x3f0 [ 27.288042] ? lock_downgrade+0x740/0x740 [ 27.292165] ? do_raw_spin_unlock+0x164/0x220 [ 27.296631] ? _raw_spin_unlock+0x29/0x40 [ 27.300751] ? d_alloc+0x1cc/0x240 [ 27.304262] __lookup_hash+0x1bb/0x270 [ 27.308125] filename_create+0x156/0x3f0 [ 27.312159] ? kern_path_mountpoint+0x40/0x40 [ 27.316630] SyS_mknodat+0x13f/0x470 [ 27.320317] ? do_file_open_root+0x490/0x490 [ 27.324697] ? do_syscall_64+0x4c/0x640 [ 27.328642] ? SyS_mknodat+0x470/0x470 [ 27.332500] do_syscall_64+0x1d5/0x640 [ 27.336362] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.341525] [ 27.343128] Allocated by task 7970: [ 27.346730] kasan_kmalloc+0xeb/0x160 [ 27.350510] __kmalloc+0x15a/0x400 [ 27.354024] hfs_find_init+0x91/0x220 [ 27.357793] hfs_lookup+0xea/0x2b0 [ 27.361303] __lookup_hash+0x1bb/0x270 [ 27.365162] filename_create+0x156/0x3f0 [ 27.369194] SyS_mknodat+0x13f/0x470 [ 27.372883] do_syscall_64+0x1d5/0x640 [ 27.376744] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.381906] [ 27.383505] Freed by task 1: [ 27.386500] kasan_slab_free+0xc3/0x1a0 [ 27.390447] kfree+0xc9/0x250 [ 27.393526] apparmor_file_free_security+0x7e/0xb0 [ 27.398453] security_file_free+0x42/0x80 [ 27.402576] put_filp+0x23/0x90 [ 27.405825] path_openat+0x6ce/0x2970 [ 27.409595] do_filp_open+0x179/0x3c0 [ 27.413369] do_sys_open+0x296/0x410 [ 27.417054] do_syscall_64+0x1d5/0x640 [ 27.420913] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.426156] [ 27.427754] The buggy address belongs to the object at ffff888096576200 [ 27.427754] which belongs to the cache kmalloc-96 of size 96 [ 27.440205] The buggy address is located 78 bytes inside of [ 27.440205] 96-byte region [ffff888096576200, ffff888096576260) [ 27.451872] The buggy address belongs to the page: [ 27.456774] page:ffffea0002595d80 count:1 mapcount:0 mapping:ffff888096576000 index:0x0 [ 27.464888] flags: 0xfff00000000100(slab) [ 27.469009] raw: 00fff00000000100 ffff888096576000 0000000000000000 0000000100000020 [ 27.476862] raw: ffffea0002ce8a60 ffffea0002cf0f60 ffff88813fe744c0 0000000000000000 [ 27.484710] page dumped because: kasan: bad access detected [ 27.490393] [ 27.491995] Memory state around the buggy address: [ 27.496894] ffff888096576100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 27.504228] ffff888096576180: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 27.511558] >ffff888096576200: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 27.518888] ^ [ 27.524568] ffff888096576280: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 27.531896] ffff888096576300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 27.539222] ================================================================== [ 27.546557] Disabling lock debugging due to kernel taint [ 27.554283] Kernel panic - not syncing: panic_on_warn set ... [ 27.554283] [ 27.561645] CPU: 1 PID: 7970 Comm: syz-executor130 Tainted: G B 4.14.300-syzkaller #0 [ 27.570731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.580062] Call Trace: [ 27.582798] dump_stack+0x1b2/0x281 [ 27.586398] panic+0x1f9/0x42d [ 27.589561] ? add_taint.cold+0x16/0x16 [ 27.593505] ? ___preempt_schedule+0x16/0x18 [ 27.597884] kasan_end_report+0x43/0x49 [ 27.601831] kasan_report_error.cold+0xa7/0x191 [ 27.606500] ? hfs_asc2mac+0x62a/0x680 [ 27.610361] __asan_report_store1_noabort+0x68/0x70 [ 27.615345] ? uni2char+0x101/0x110 [ 27.618939] ? hfs_asc2mac+0x62a/0x680 [ 27.622806] hfs_asc2mac+0x62a/0x680 [ 27.626497] ? hfs_mac2asc+0x490/0x490 [ 27.630356] ? __kmalloc+0x3a4/0x400 [ 27.634040] ? hfs_find_init+0x91/0x220 [ 27.637983] hfs_cat_build_key+0xbe/0x1a0 [ 27.642103] hfs_lookup+0x18c/0x2b0 [ 27.645711] ? hfs_rename+0x1e0/0x1e0 [ 27.649496] ? d_alloc+0x1c7/0x240 [ 27.653013] ? lock_acquire+0x170/0x3f0 [ 27.656967] ? lock_downgrade+0x740/0x740 [ 27.661089] ? do_raw_spin_unlock+0x164/0x220 [ 27.665565] ? _raw_spin_unlock+0x29/0x40 [ 27.669681] ? d_alloc+0x1cc/0x240 [ 27.673192] __lookup_hash+0x1bb/0x270 [ 27.677051] filename_create+0x156/0x3f0 [ 27.681091] ? kern_path_mountpoint+0x40/0x40 [ 27.685569] SyS_mknodat+0x13f/0x470 [ 27.689256] ? do_file_open_root+0x490/0x490 [ 27.693637] ? do_syscall_64+0x4c/0x640 [ 27.697581] ? SyS_mknodat+0x470/0x470 [ 27.701444] do_syscall_64+0x1d5/0x640 [ 27.705311] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.710550] Kernel Offset: disabled [ 27.714153] Rebooting in 86400 seconds..