Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts. executing program [ 28.530710] ================================================================== [ 28.538195] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x62a/0x680 [ 28.544750] Write of size 1 at addr ffff8880aaeac24e by task syz-executor419/7945 [ 28.552426] [ 28.554052] CPU: 1 PID: 7945 Comm: syz-executor419 Not tainted 4.14.300-syzkaller #0 [ 28.561926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.571278] Call Trace: [ 28.573875] dump_stack+0x1b2/0x281 [ 28.577497] print_address_description.cold+0x54/0x1d3 [ 28.583266] kasan_report_error.cold+0x8a/0x191 [ 28.587908] ? hfs_asc2mac+0x62a/0x680 [ 28.591780] __asan_report_store1_noabort+0x68/0x70 [ 28.597308] ? char2uni+0x61/0xe0 [ 28.600736] ? hfs_asc2mac+0x62a/0x680 [ 28.604601] hfs_asc2mac+0x62a/0x680 [ 28.608288] ? hfs_mac2asc+0x490/0x490 [ 28.612149] ? __kmalloc+0x3a4/0x400 [ 28.615844] ? hfs_find_init+0x91/0x220 [ 28.619877] hfs_cat_build_key+0xbe/0x1a0 [ 28.624122] hfs_lookup+0x18c/0x2b0 [ 28.627744] ? hfs_rename+0x1e0/0x1e0 [ 28.631715] ? lock_acquire+0x170/0x3f0 [ 28.635715] ? apparmor_path_mknod+0x148/0x200 [ 28.640287] ? param_get_aalockpolicy+0x70/0x70 [ 28.644968] ? map_id_up+0xe9/0x180 [ 28.648592] ? security_inode_permission+0xb5/0xf0 [ 28.653511] ? security_inode_create+0xca/0x100 [ 28.658176] ? hfs_rename+0x1e0/0x1e0 [ 28.661965] lookup_open+0x5c4/0x1750 [ 28.665750] ? vfs_mkdir+0x6e0/0x6e0 [ 28.669549] path_openat+0xe08/0x2970 [ 28.673342] ? path_lookupat+0x780/0x780 [ 28.677381] ? trace_hardirqs_on+0x10/0x10 [ 28.681591] ? __might_fault+0x104/0x1b0 [ 28.685632] do_filp_open+0x179/0x3c0 [ 28.689404] ? may_open_dev+0xe0/0xe0 [ 28.693197] ? lock_downgrade+0x740/0x740 [ 28.697317] ? do_raw_spin_unlock+0x164/0x220 [ 28.701970] ? _raw_spin_unlock+0x29/0x40 [ 28.706099] ? __alloc_fd+0x1be/0x490 [ 28.709882] ? is_prefetch.part.0+0x1ab/0x2f0 [ 28.714351] do_sys_open+0x296/0x410 [ 28.718060] ? filp_open+0x60/0x60 [ 28.721577] ? __do_page_fault+0x159/0xad0 [ 28.725805] ? do_syscall_64+0x4c/0x640 [ 28.729759] ? SyS_open+0x30/0x30 [ 28.733192] do_syscall_64+0x1d5/0x640 [ 28.737072] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.742270] [ 28.743870] Allocated by task 7945: [ 28.747470] kasan_kmalloc+0xeb/0x160 [ 28.751245] __kmalloc+0x15a/0x400 [ 28.754758] hfs_find_init+0x91/0x220 [ 28.758565] hfs_lookup+0xea/0x2b0 [ 28.762173] lookup_open+0x5c4/0x1750 [ 28.765947] path_openat+0xe08/0x2970 [ 28.769727] do_filp_open+0x179/0x3c0 [ 28.773500] do_sys_open+0x296/0x410 [ 28.777185] do_syscall_64+0x1d5/0x640 [ 28.781047] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.786206] [ 28.787805] Freed by task 0: [ 28.790792] (stack is not available) [ 28.794473] [ 28.796071] The buggy address belongs to the object at ffff8880aaeac200 [ 28.796071] which belongs to the cache kmalloc-96 of size 96 [ 28.808522] The buggy address is located 78 bytes inside of [ 28.808522] 96-byte region [ffff8880aaeac200, ffff8880aaeac260) [ 28.820191] The buggy address belongs to the page: [ 28.825091] page:ffffea0002abab00 count:1 mapcount:0 mapping:ffff8880aaeac000 index:0x0 [ 28.833205] flags: 0xfff00000000100(slab) [ 28.837478] raw: 00fff00000000100 ffff8880aaeac000 0000000000000000 0000000100000020 [ 28.845344] raw: ffffea0002cc20e0 ffff88813fe64448 ffff88813fe744c0 0000000000000000 [ 28.853199] page dumped because: kasan: bad access detected [ 28.859054] [ 28.860653] Memory state around the buggy address: [ 28.865555] ffff8880aaeac100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.872890] ffff8880aaeac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.880222] >ffff8880aaeac200: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 28.887899] ^ [ 28.893589] ffff8880aaeac280: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 28.900923] ffff8880aaeac300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 28.908250] ================================================================== [ 28.915580] Disabling lock debugging due to kernel taint [ 28.931883] Kernel panic - not syncing: panic_on_warn set ... [ 28.931883] [ 28.939261] CPU: 0 PID: 7945 Comm: syz-executor419 Tainted: G B 4.14.300-syzkaller #0 [ 28.948533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.957946] Call Trace: [ 28.960537] dump_stack+0x1b2/0x281 [ 28.964147] panic+0x1f9/0x42d [ 28.967538] ? add_taint.cold+0x16/0x16 [ 28.971495] ? ___preempt_schedule+0x16/0x18 [ 28.975906] kasan_end_report+0x43/0x49 [ 28.979857] kasan_report_error.cold+0xa7/0x191 [ 28.984534] ? hfs_asc2mac+0x62a/0x680 [ 28.988397] __asan_report_store1_noabort+0x68/0x70 [ 28.993385] ? char2uni+0x61/0xe0 [ 28.996807] ? hfs_asc2mac+0x62a/0x680 [ 29.000666] hfs_asc2mac+0x62a/0x680 [ 29.004353] ? hfs_mac2asc+0x490/0x490 [ 29.008210] ? __kmalloc+0x3a4/0x400 [ 29.011895] ? hfs_find_init+0x91/0x220 [ 29.015840] hfs_cat_build_key+0xbe/0x1a0 [ 29.019958] hfs_lookup+0x18c/0x2b0 [ 29.023562] ? hfs_rename+0x1e0/0x1e0 [ 29.027433] ? lock_acquire+0x170/0x3f0 [ 29.031399] ? apparmor_path_mknod+0x148/0x200 [ 29.035961] ? param_get_aalockpolicy+0x70/0x70 [ 29.040611] ? map_id_up+0xe9/0x180 [ 29.044229] ? security_inode_permission+0xb5/0xf0 [ 29.049246] ? security_inode_create+0xca/0x100 [ 29.053994] ? hfs_rename+0x1e0/0x1e0 [ 29.057781] lookup_open+0x5c4/0x1750 [ 29.061656] ? vfs_mkdir+0x6e0/0x6e0 [ 29.065343] path_openat+0xe08/0x2970 [ 29.069251] ? path_lookupat+0x780/0x780 [ 29.073306] ? trace_hardirqs_on+0x10/0x10 [ 29.077519] ? __might_fault+0x104/0x1b0 [ 29.081645] do_filp_open+0x179/0x3c0 [ 29.085419] ? may_open_dev+0xe0/0xe0 [ 29.089198] ? lock_downgrade+0x740/0x740 [ 29.093316] ? do_raw_spin_unlock+0x164/0x220 [ 29.097791] ? _raw_spin_unlock+0x29/0x40 [ 29.101919] ? __alloc_fd+0x1be/0x490 [ 29.105701] ? is_prefetch.part.0+0x1ab/0x2f0 [ 29.110170] do_sys_open+0x296/0x410 [ 29.113857] ? filp_open+0x60/0x60 [ 29.117466] ? __do_page_fault+0x159/0xad0 [ 29.121676] ? do_syscall_64+0x4c/0x640 [ 29.125887] ? SyS_open+0x30/0x30 [ 29.129321] do_syscall_64+0x1d5/0x640 [ 29.133184] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.138613] Kernel Offset: disabled [ 29.142213] Rebooting in 86400 seconds..