[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.140021] ================================================================== [ 41.147514] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x68f/0x710 [ 41.154085] Write of size 1 at addr ffff8880b34ee34e by task syz-executor409/8103 [ 41.161683] [ 41.163311] CPU: 1 PID: 8103 Comm: syz-executor409 Not tainted 4.19.211-syzkaller #0 [ 41.171192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 41.180537] Call Trace: [ 41.183109] dump_stack+0x1fc/0x2ef [ 41.186722] print_address_description.cold+0x54/0x219 [ 41.191985] kasan_report_error.cold+0x8a/0x1b9 [ 41.196662] ? hfs_asc2mac+0x68f/0x710 [ 41.200528] __asan_report_store1_noabort+0x88/0x90 [ 41.205532] ? hfs_asc2mac+0x68f/0x710 [ 41.209410] hfs_asc2mac+0x68f/0x710 [ 41.213108] ? hfs_mac2asc+0x530/0x530 [ 41.216978] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 41.221980] ? __kmalloc+0x38e/0x3c0 [ 41.225775] ? hfs_find_init+0x91/0x230 [ 41.229738] hfs_cat_build_key+0xbe/0x1a0 [ 41.233868] hfs_lookup+0x1c2/0x300 [ 41.237481] ? apparmor_file_open+0xc90/0xc90 [ 41.241960] ? hfs_rename+0x200/0x200 [ 41.245743] ? userns_put+0xb0/0xb0 [ 41.249351] ? apparmor_path_mknod+0x16a/0x240 [ 41.253912] ? param_get_aalockpolicy+0x90/0x90 [ 41.258560] ? __d_lookup+0x411/0x710 [ 41.262341] ? generic_permission+0x116/0x4d0 [ 41.266813] ? security_inode_permission+0xc5/0xf0 [ 41.271724] ? inode_permission.part.0+0x10c/0x450 [ 41.276638] ? hfs_rename+0x200/0x200 [ 41.280418] lookup_open+0x698/0x1a20 [ 41.284202] ? vfs_mkdir+0x7a0/0x7a0 [ 41.287894] ? unlazy_walk+0x1a4/0x540 [ 41.291762] ? check_preemption_disabled+0x41/0x280 [ 41.296765] path_openat+0x1094/0x2df0 [ 41.300637] ? path_lookupat+0x8d0/0x8d0 [ 41.304677] ? mark_held_locks+0xf0/0xf0 [ 41.308716] ? check_preemption_disabled+0x41/0x280 [ 41.313713] do_filp_open+0x18c/0x3f0 [ 41.317491] ? may_open_dev+0xf0/0xf0 [ 41.321278] ? lock_downgrade+0x720/0x720 [ 41.325404] ? lock_acquire+0x170/0x3c0 [ 41.329355] ? __alloc_fd+0x34/0x570 [ 41.333053] ? do_raw_spin_unlock+0x171/0x230 [ 41.337529] ? _raw_spin_unlock+0x29/0x40 [ 41.341653] ? __alloc_fd+0x28d/0x570 [ 41.345438] do_sys_open+0x3b3/0x520 [ 41.349131] ? filp_open+0x70/0x70 [ 41.352651] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.357991] ? trace_hardirqs_off_caller+0x6e/0x210 [ 41.362988] ? do_syscall_64+0x21/0x620 [ 41.366944] do_syscall_64+0xf9/0x620 [ 41.370726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.375906] RIP: 0033:0x7f4391f03ed9 [ 41.379597] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.398692] RSP: 002b:00007fffa455a208 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 41.406376] RAX: ffffffffffffffda RBX: 00007fffa455a218 RCX: 00007f4391f03ed9 [ 41.413622] RDX: 000000000000275a RSI: 0000000020000300 RDI: 00000000ffffff9c [ 41.420868] RBP: 00007fffa455a210 R08: 00007fffa455a210 R09: 00007f4391ec1490 [ 41.428115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 41.435363] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 41.442614] [ 41.444314] Allocated by task 8103: [ 41.447920] __kmalloc+0x15a/0x3c0 [ 41.451437] hfs_find_init+0x91/0x230 [ 41.455216] hfs_lookup+0xfe/0x300 [ 41.458734] lookup_open+0x698/0x1a20 [ 41.462513] path_openat+0x1094/0x2df0 [ 41.466379] do_filp_open+0x18c/0x3f0 [ 41.470154] do_sys_open+0x3b3/0x520 [ 41.473844] do_syscall_64+0xf9/0x620 [ 41.477626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.482787] [ 41.484391] Freed by task 6316: [ 41.487649] kfree+0xcc/0x210 [ 41.490732] apparmor_file_free_security+0x9a/0xd0 [ 41.495639] security_file_free+0x3e/0x70 [ 41.499765] __fput+0x42a/0x890 [ 41.503022] task_work_run+0x148/0x1c0 [ 41.506897] exit_to_usermode_loop+0x251/0x2a0 [ 41.511454] do_syscall_64+0x538/0x620 [ 41.515320] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.520484] [ 41.522091] The buggy address belongs to the object at ffff8880b34ee300 [ 41.522091] which belongs to the cache kmalloc-96 of size 96 [ 41.534552] The buggy address is located 78 bytes inside of [ 41.534552] 96-byte region [ffff8880b34ee300, ffff8880b34ee360) [ 41.546331] The buggy address belongs to the page: [ 41.551245] page:ffffea0002cd3b80 count:1 mapcount:0 mapping:ffff88813bff04c0 index:0x0 [ 41.559395] flags: 0xfff00000000100(slab) [ 41.563526] raw: 00fff00000000100 ffffea0002cdc888 ffffea0002cb0488 ffff88813bff04c0 [ 41.571392] raw: 0000000000000000 ffff8880b34ee000 0000000100000020 0000000000000000 [ 41.579246] page dumped because: kasan: bad access detected [ 41.584930] [ 41.586542] Memory state around the buggy address: [ 41.591465] ffff8880b34ee200: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 41.598820] ffff8880b34ee280: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 41.606164] >ffff8880b34ee300: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 41.613500] ^ [ 41.619222] ffff8880b34ee380: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 41.626558] ffff8880b34ee400: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 41.633897] ================================================================== [ 41.641233] Disabling lock debugging due to kernel taint [ 41.653360] Kernel panic - not syncing: panic_on_warn set ... [ 41.653360] [ 41.660831] CPU: 0 PID: 8103 Comm: syz-executor409 Tainted: G B 4.19.211-syzkaller #0 [ 41.670098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 41.679439] Call Trace: [ 41.682013] dump_stack+0x1fc/0x2ef [ 41.685636] panic+0x26a/0x50e [ 41.688805] ? __warn_printk+0xf3/0xf3 [ 41.692669] ? preempt_schedule_common+0x45/0xc0 [ 41.697402] ? ___preempt_schedule+0x16/0x18 [ 41.701791] ? trace_hardirqs_on+0x55/0x210 [ 41.706203] kasan_end_report+0x43/0x49 [ 41.710161] kasan_report_error.cold+0xa7/0x1b9 [ 41.714819] ? hfs_asc2mac+0x68f/0x710 [ 41.718692] __asan_report_store1_noabort+0x88/0x90 [ 41.723687] ? hfs_asc2mac+0x68f/0x710 [ 41.727555] hfs_asc2mac+0x68f/0x710 [ 41.731336] ? hfs_mac2asc+0x530/0x530 [ 41.735206] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 41.740201] ? __kmalloc+0x38e/0x3c0 [ 41.743888] ? hfs_find_init+0x91/0x230 [ 41.747842] hfs_cat_build_key+0xbe/0x1a0 [ 41.752058] hfs_lookup+0x1c2/0x300 [ 41.755672] ? apparmor_file_open+0xc90/0xc90 [ 41.760143] ? hfs_rename+0x200/0x200 [ 41.763920] ? userns_put+0xb0/0xb0 [ 41.767526] ? apparmor_path_mknod+0x16a/0x240 [ 41.772083] ? param_get_aalockpolicy+0x90/0x90 [ 41.776737] ? __d_lookup+0x411/0x710 [ 41.780514] ? generic_permission+0x116/0x4d0 [ 41.784987] ? security_inode_permission+0xc5/0xf0 [ 41.789892] ? inode_permission.part.0+0x10c/0x450 [ 41.794797] ? hfs_rename+0x200/0x200 [ 41.798574] lookup_open+0x698/0x1a20 [ 41.802354] ? vfs_mkdir+0x7a0/0x7a0 [ 41.806044] ? unlazy_walk+0x1a4/0x540 [ 41.809915] ? check_preemption_disabled+0x41/0x280 [ 41.814911] path_openat+0x1094/0x2df0 [ 41.818779] ? path_lookupat+0x8d0/0x8d0 [ 41.822819] ? mark_held_locks+0xf0/0xf0 [ 41.826863] ? check_preemption_disabled+0x41/0x280 [ 41.831872] do_filp_open+0x18c/0x3f0 [ 41.835650] ? may_open_dev+0xf0/0xf0 [ 41.839535] ? lock_downgrade+0x720/0x720 [ 41.843657] ? lock_acquire+0x170/0x3c0 [ 41.847605] ? __alloc_fd+0x34/0x570 [ 41.851297] ? do_raw_spin_unlock+0x171/0x230 [ 41.855771] ? _raw_spin_unlock+0x29/0x40 [ 41.859900] ? __alloc_fd+0x28d/0x570 [ 41.863679] do_sys_open+0x3b3/0x520 [ 41.867367] ? filp_open+0x70/0x70 [ 41.870890] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.876233] ? trace_hardirqs_off_caller+0x6e/0x210 [ 41.881224] ? do_syscall_64+0x21/0x620 [ 41.885174] do_syscall_64+0xf9/0x620 [ 41.888951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.894115] RIP: 0033:0x7f4391f03ed9 [ 41.897808] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.916693] RSP: 002b:00007fffa455a208 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 41.924388] RAX: ffffffffffffffda RBX: 00007fffa455a218 RCX: 00007f4391f03ed9 [ 41.931647] RDX: 000000000000275a RSI: 0000000020000300 RDI: 00000000ffffff9c [ 41.938897] RBP: 00007fffa455a210 R08: 00007fffa455a210 R09: 00007f4391ec1490 [ 41.946172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 41.953422] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 41.960868] Kernel Offset: disabled [ 41.964498] Rebooting in 86400 seconds..