Warning: Permanently added '10.128.1.22' (ECDSA) to the list of known hosts. executing program [ 27.918858] ====================================================== [ 27.918858] WARNING: the mand mount option is being deprecated and [ 27.918858] will be removed in v5.15! [ 27.918858] ====================================================== [ 27.944447] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. mounting read-only. [ 27.956416] ================================================================== [ 27.963853] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x62a/0x680 [ 27.970419] Write of size 1 at addr ffff8880a430a14e by task syz-executor321/7977 [ 27.978019] [ 27.979624] CPU: 0 PID: 7977 Comm: syz-executor321 Not tainted 4.14.300-syzkaller #0 [ 27.987485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.996822] Call Trace: [ 27.999388] dump_stack+0x1b2/0x281 [ 28.002991] print_address_description.cold+0x54/0x1d3 [ 28.008238] kasan_report_error.cold+0x8a/0x191 [ 28.012880] ? hfs_asc2mac+0x62a/0x680 [ 28.016739] __asan_report_store1_noabort+0x68/0x70 [ 28.021726] ? char2uni+0x1/0xe0 [ 28.025063] ? hfs_asc2mac+0x62a/0x680 [ 28.028921] hfs_asc2mac+0x62a/0x680 [ 28.032628] ? hfs_mac2asc+0x490/0x490 [ 28.036488] ? __kmalloc+0x3a4/0x400 [ 28.040173] ? hfs_find_init+0x91/0x220 [ 28.044121] hfs_cat_build_key+0xbe/0x1a0 [ 28.048239] hfs_lookup+0x18c/0x2b0 [ 28.051848] ? hfs_rename+0x1e0/0x1e0 [ 28.056059] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 28.061917] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.067343] ? __d_lookup_rcu+0x640/0x640 [ 28.071464] ? lock_acquire+0x170/0x3f0 [ 28.075412] ? lookup_slow+0x129/0x400 [ 28.079361] lookup_slow+0x20a/0x400 [ 28.083049] ? follow_dotdot_rcu+0xf00/0xf00 [ 28.087429] ? lookup_fast+0x430/0xe30 [ 28.091382] ? security_inode_permission+0xb5/0xf0 [ 28.096288] walk_component+0x6a1/0xbc0 [ 28.100235] ? lookup_fast+0xe30/0xe30 [ 28.104181] ? walk_component+0xbc0/0xbc0 [ 28.108300] path_lookupat+0x1bb/0x780 [ 28.112162] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 28.116975] ? path_mountpoint+0x940/0x940 [ 28.121183] ? putname+0xcd/0x110 [ 28.124606] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.129593] ? kmem_cache_free+0x23a/0x2b0 [ 28.133800] filename_lookup+0x18a/0x510 [ 28.137838] ? filename_parentat+0x520/0x520 [ 28.142221] ? getname_kernel+0x4e/0x340 [ 28.146256] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.151677] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.156665] ? memcpy+0x35/0x50 [ 28.159936] ? getname_kernel+0x1fd/0x340 [ 28.164057] do_mount+0xb78/0x2a30 [ 28.167570] ? lock_acquire+0x170/0x3f0 [ 28.171517] ? lock_downgrade+0x740/0x740 [ 28.175639] ? copy_mount_string+0x40/0x40 [ 28.179845] ? __might_fault+0x177/0x1b0 [ 28.183881] ? _copy_from_user+0x96/0x100 [ 28.188088] ? copy_mount_options+0x1fa/0x2f0 [ 28.192553] ? copy_mnt_ns+0xa30/0xa30 [ 28.196411] SyS_mount+0xa8/0x120 [ 28.199848] ? copy_mnt_ns+0xa30/0xa30 [ 28.203713] do_syscall_64+0x1d5/0x640 [ 28.207577] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.212828] [ 28.214429] Allocated by task 7977: [ 28.218028] kasan_kmalloc+0xeb/0x160 [ 28.221885] __kmalloc+0x15a/0x400 [ 28.225404] hfs_find_init+0x91/0x220 [ 28.229174] hfs_lookup+0xea/0x2b0 [ 28.232683] lookup_slow+0x20a/0x400 [ 28.236366] walk_component+0x6a1/0xbc0 [ 28.240311] path_lookupat+0x1bb/0x780 [ 28.244170] filename_lookup+0x18a/0x510 [ 28.248205] do_mount+0xb78/0x2a30 [ 28.251722] SyS_mount+0xa8/0x120 [ 28.255147] do_syscall_64+0x1d5/0x640 [ 28.259025] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.264181] [ 28.265780] Freed by task 6199: [ 28.269032] kasan_slab_free+0xc3/0x1a0 [ 28.272978] kfree+0xc9/0x250 [ 28.276056] apparmor_file_free_security+0x7e/0xb0 [ 28.281044] security_file_free+0x42/0x80 [ 28.285164] put_filp+0x23/0x90 [ 28.288415] path_openat+0x212b/0x2970 [ 28.292274] do_filp_open+0x179/0x3c0 [ 28.296043] do_sys_open+0x296/0x410 [ 28.299731] do_syscall_64+0x1d5/0x640 [ 28.303589] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.308745] [ 28.310349] The buggy address belongs to the object at ffff8880a430a100 [ 28.310349] which belongs to the cache kmalloc-96 of size 96 [ 28.322816] The buggy address is located 78 bytes inside of [ 28.322816] 96-byte region [ffff8880a430a100, ffff8880a430a160) [ 28.334485] The buggy address belongs to the page: [ 28.339383] page:ffffea000290c280 count:1 mapcount:0 mapping:ffff8880a430a000 index:0x0 [ 28.347495] flags: 0xfff00000000100(slab) [ 28.351616] raw: 00fff00000000100 ffff8880a430a000 0000000000000000 0000000100000020 [ 28.359468] raw: ffffea0002bb4560 ffffea000294efa0 ffff88813fe744c0 0000000000000000 [ 28.367317] page dumped because: kasan: bad access detected [ 28.372996] [ 28.374600] Memory state around the buggy address: [ 28.379499] ffff8880a430a000: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 28.386826] ffff8880a430a080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 28.394156] >ffff8880a430a100: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 28.401482] ^ [ 28.407167] ffff8880a430a180: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 28.414494] ffff8880a430a200: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 28.421821] ================================================================== [ 28.429149] Disabling lock debugging due to kernel taint [ 28.436993] Kernel panic - not syncing: panic_on_warn set ... [ 28.436993] [ 28.444362] CPU: 1 PID: 7977 Comm: syz-executor321 Tainted: G B 4.14.300-syzkaller #0 [ 28.453525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.462880] Call Trace: [ 28.465451] dump_stack+0x1b2/0x281 [ 28.469049] panic+0x1f9/0x42d [ 28.472211] ? add_taint.cold+0x16/0x16 [ 28.476157] ? ___preempt_schedule+0x16/0x18 [ 28.480537] kasan_end_report+0x43/0x49 [ 28.484482] kasan_report_error.cold+0xa7/0x191 [ 28.489122] ? hfs_asc2mac+0x62a/0x680 [ 28.492982] __asan_report_store1_noabort+0x68/0x70 [ 28.498057] ? char2uni+0x1/0xe0 [ 28.501395] ? hfs_asc2mac+0x62a/0x680 [ 28.505257] hfs_asc2mac+0x62a/0x680 [ 28.508945] ? hfs_mac2asc+0x490/0x490 [ 28.512802] ? __kmalloc+0x3a4/0x400 [ 28.516490] ? hfs_find_init+0x91/0x220 [ 28.520433] hfs_cat_build_key+0xbe/0x1a0 [ 28.524550] hfs_lookup+0x18c/0x2b0 [ 28.528148] ? hfs_rename+0x1e0/0x1e0 [ 28.531919] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 28.537774] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.543198] ? __d_lookup_rcu+0x640/0x640 [ 28.547317] ? lock_acquire+0x170/0x3f0 [ 28.551274] ? lookup_slow+0x129/0x400 [ 28.555135] lookup_slow+0x20a/0x400 [ 28.558820] ? follow_dotdot_rcu+0xf00/0xf00 [ 28.563202] ? lookup_fast+0x430/0xe30 [ 28.567062] ? security_inode_permission+0xb5/0xf0 [ 28.571961] walk_component+0x6a1/0xbc0 [ 28.575907] ? lookup_fast+0xe30/0xe30 [ 28.579763] ? walk_component+0xbc0/0xbc0 [ 28.583883] path_lookupat+0x1bb/0x780 [ 28.587741] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 28.592556] ? path_mountpoint+0x940/0x940 [ 28.596760] ? putname+0xcd/0x110 [ 28.600184] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.605177] ? kmem_cache_free+0x23a/0x2b0 [ 28.609384] filename_lookup+0x18a/0x510 [ 28.613416] ? filename_parentat+0x520/0x520 [ 28.617799] ? getname_kernel+0x4e/0x340 [ 28.621849] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.627276] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.632267] ? memcpy+0x35/0x50 [ 28.635518] ? getname_kernel+0x1fd/0x340 [ 28.639638] do_mount+0xb78/0x2a30 [ 28.643148] ? lock_acquire+0x170/0x3f0 [ 28.647091] ? lock_downgrade+0x740/0x740 [ 28.651208] ? copy_mount_string+0x40/0x40 [ 28.655413] ? __might_fault+0x177/0x1b0 [ 28.659447] ? _copy_from_user+0x96/0x100 [ 28.663566] ? copy_mount_options+0x1fa/0x2f0 [ 28.668032] ? copy_mnt_ns+0xa30/0xa30 [ 28.671892] SyS_mount+0xa8/0x120 [ 28.675316] ? copy_mnt_ns+0xa30/0xa30 [ 28.679174] do_syscall_64+0x1d5/0x640 [ 28.683033] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.688360] Kernel Offset: disabled [ 28.691963] Rebooting in 86400 seconds..