Warning: Permanently added '10.128.1.32' (ECDSA) to the list of known hosts. executing program [ 34.028037] ================================================================== [ 34.035526] BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x68f/0x710 [ 34.042111] Write of size 1 at addr ffff8880ab7ae84e by task syz-executor104/8092 [ 34.049727] [ 34.051361] CPU: 1 PID: 8092 Comm: syz-executor104 Not tainted 4.19.211-syzkaller #0 [ 34.059416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 34.068782] Call Trace: [ 34.071362] dump_stack+0x1fc/0x2ef [ 34.074975] print_address_description.cold+0x54/0x219 [ 34.080237] kasan_report_error.cold+0x8a/0x1b9 [ 34.084890] ? hfs_asc2mac+0x68f/0x710 [ 34.088762] __asan_report_store1_noabort+0x88/0x90 [ 34.093761] ? hfs_asc2mac+0x68f/0x710 [ 34.097629] hfs_asc2mac+0x68f/0x710 [ 34.101327] ? hfs_mac2asc+0x530/0x530 [ 34.105201] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 34.110197] ? __kmalloc+0x38e/0x3c0 [ 34.113894] ? hfs_find_init+0x91/0x230 [ 34.117853] hfs_cat_build_key+0xbe/0x1a0 [ 34.121992] hfs_lookup+0x1c2/0x300 [ 34.125606] ? apparmor_file_open+0xc90/0xc90 [ 34.130086] ? hfs_rename+0x200/0x200 [ 34.133876] ? from_kgid+0x87/0xc0 [ 34.137396] ? from_kuid_munged+0x130/0x130 [ 34.141698] ? security_capable+0x8f/0xc0 [ 34.145832] ? capable_wrt_inode_uidgid+0x1d2/0x220 [ 34.150830] ? generic_permission+0x116/0x4d0 [ 34.155307] ? security_inode_permission+0xc5/0xf0 [ 34.160218] ? inode_permission.part.0+0x10c/0x450 [ 34.165128] ? hfs_rename+0x200/0x200 [ 34.168909] lookup_open+0x698/0x1a20 [ 34.172701] ? vfs_mkdir+0x7a0/0x7a0 [ 34.176398] ? unlazy_walk+0x1a4/0x540 [ 34.180277] ? check_preemption_disabled+0x41/0x280 [ 34.185285] path_openat+0x1094/0x2df0 [ 34.189161] ? path_lookupat+0x8d0/0x8d0 [ 34.193207] ? mark_held_locks+0xf0/0xf0 [ 34.197248] ? check_preemption_disabled+0x41/0x280 [ 34.202247] do_filp_open+0x18c/0x3f0 [ 34.206036] ? may_open_dev+0xf0/0xf0 [ 34.209823] ? lock_downgrade+0x720/0x720 [ 34.213964] ? lock_acquire+0x170/0x3c0 [ 34.217923] ? __alloc_fd+0x34/0x570 [ 34.221618] ? do_raw_spin_unlock+0x171/0x230 [ 34.226093] ? _raw_spin_unlock+0x29/0x40 [ 34.230220] ? __alloc_fd+0x28d/0x570 [ 34.234004] do_sys_open+0x3b3/0x520 [ 34.237701] ? filp_open+0x70/0x70 [ 34.241225] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.246573] ? trace_hardirqs_off_caller+0x6e/0x210 [ 34.251579] ? do_syscall_64+0x21/0x620 [ 34.255538] do_syscall_64+0xf9/0x620 [ 34.259322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.264493] RIP: 0033:0x7f46a3f60289 [ 34.268190] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.287075] RSP: 002b:00007ffc09034198 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 34.294764] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f46a3f60289 [ 34.302020] RDX: 000000000000275a RSI: 0000000020000000 RDI: 00000000ffffff9c [ 34.309268] RBP: 00007ffc090341a0 R08: 00007ffc090341a0 R09: 00007f46a3f1d5b0 [ 34.316517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 34.323766] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 34.331024] [ 34.332631] Allocated by task 8092: [ 34.336240] __kmalloc+0x15a/0x3c0 [ 34.339762] hfs_find_init+0x91/0x230 [ 34.343568] hfs_lookup+0xfe/0x300 [ 34.347094] lookup_open+0x698/0x1a20 [ 34.350872] path_openat+0x1094/0x2df0 [ 34.354738] do_filp_open+0x18c/0x3f0 [ 34.358517] do_sys_open+0x3b3/0x520 [ 34.362211] do_syscall_64+0xf9/0x620 [ 34.366026] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.371191] [ 34.372800] Freed by task 6184: [ 34.376058] kfree+0xcc/0x210 [ 34.379146] kernfs_fop_release+0xe3/0x190 [ 34.383361] __fput+0x2ce/0x890 [ 34.386622] task_work_run+0x148/0x1c0 [ 34.390491] exit_to_usermode_loop+0x251/0x2a0 [ 34.395052] do_syscall_64+0x538/0x620 [ 34.398919] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.404081] [ 34.405708] The buggy address belongs to the object at ffff8880ab7ae800 [ 34.405708] which belongs to the cache kmalloc-96 of size 96 [ 34.418167] The buggy address is located 78 bytes inside of [ 34.418167] 96-byte region [ffff8880ab7ae800, ffff8880ab7ae860) [ 34.429844] The buggy address belongs to the page: [ 34.434756] page:ffffea0002adeb80 count:1 mapcount:0 mapping:ffff88813bff04c0 index:0x0 [ 34.442875] flags: 0xfff00000000100(slab) [ 34.447004] raw: 00fff00000000100 ffffea00028fc2c8 ffffea0002cca5c8 ffff88813bff04c0 [ 34.454872] raw: 0000000000000000 ffff8880ab7ae000 0000000100000020 0000000000000000 [ 34.462727] page dumped because: kasan: bad access detected [ 34.468411] [ 34.470017] Memory state around the buggy address: [ 34.474921] ffff8880ab7ae700: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 34.482260] ffff8880ab7ae780: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 34.489599] >ffff8880ab7ae800: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 34.496937] ^ [ 34.502624] ffff8880ab7ae880: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 34.509958] ffff8880ab7ae900: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 34.517290] ================================================================== [ 34.524633] Disabling lock debugging due to kernel taint [ 34.530657] Kernel panic - not syncing: panic_on_warn set ... [ 34.530657] [ 34.538029] CPU: 1 PID: 8092 Comm: syz-executor104 Tainted: G B 4.19.211-syzkaller #0 [ 34.547306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 34.556657] Call Trace: [ 34.559254] dump_stack+0x1fc/0x2ef [ 34.562885] panic+0x26a/0x50e [ 34.566073] ? __warn_printk+0xf3/0xf3 [ 34.569943] ? preempt_schedule_common+0x45/0xc0 [ 34.574679] ? ___preempt_schedule+0x16/0x18 [ 34.579071] ? trace_hardirqs_on+0x55/0x210 [ 34.583372] kasan_end_report+0x43/0x49 [ 34.587326] kasan_report_error.cold+0xa7/0x1b9 [ 34.591979] ? hfs_asc2mac+0x68f/0x710 [ 34.595847] __asan_report_store1_noabort+0x88/0x90 [ 34.600842] ? hfs_asc2mac+0x68f/0x710 [ 34.604709] hfs_asc2mac+0x68f/0x710 [ 34.608403] ? hfs_mac2asc+0x530/0x530 [ 34.612271] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 34.617266] ? __kmalloc+0x38e/0x3c0 [ 34.620955] ? hfs_find_init+0x91/0x230 [ 34.624907] hfs_cat_build_key+0xbe/0x1a0 [ 34.629047] hfs_lookup+0x1c2/0x300 [ 34.632656] ? apparmor_file_open+0xc90/0xc90 [ 34.637131] ? hfs_rename+0x200/0x200 [ 34.640911] ? from_kgid+0x87/0xc0 [ 34.644429] ? from_kuid_munged+0x130/0x130 [ 34.648730] ? security_capable+0x8f/0xc0 [ 34.652869] ? capable_wrt_inode_uidgid+0x1d2/0x220 [ 34.657866] ? generic_permission+0x116/0x4d0 [ 34.662343] ? security_inode_permission+0xc5/0xf0 [ 34.667252] ? inode_permission.part.0+0x10c/0x450 [ 34.672162] ? hfs_rename+0x200/0x200 [ 34.675942] lookup_open+0x698/0x1a20 [ 34.679724] ? vfs_mkdir+0x7a0/0x7a0 [ 34.683417] ? unlazy_walk+0x1a4/0x540 [ 34.687288] ? check_preemption_disabled+0x41/0x280 [ 34.692287] path_openat+0x1094/0x2df0 [ 34.696160] ? path_lookupat+0x8d0/0x8d0 [ 34.700199] ? mark_held_locks+0xf0/0xf0 [ 34.704241] ? check_preemption_disabled+0x41/0x280 [ 34.709236] do_filp_open+0x18c/0x3f0 [ 34.713014] ? may_open_dev+0xf0/0xf0 [ 34.716799] ? lock_downgrade+0x720/0x720 [ 34.720924] ? lock_acquire+0x170/0x3c0 [ 34.724884] ? __alloc_fd+0x34/0x570 [ 34.728663] ? do_raw_spin_unlock+0x171/0x230 [ 34.733139] ? _raw_spin_unlock+0x29/0x40 [ 34.737265] ? __alloc_fd+0x28d/0x570 [ 34.741051] do_sys_open+0x3b3/0x520 [ 34.744744] ? filp_open+0x70/0x70 [ 34.748264] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.753610] ? trace_hardirqs_off_caller+0x6e/0x210 [ 34.758609] ? do_syscall_64+0x21/0x620 [ 34.762565] do_syscall_64+0xf9/0x620 [ 34.766350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.771520] RIP: 0033:0x7f46a3f60289 [ 34.775243] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.794298] RSP: 002b:00007ffc09034198 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 34.801982] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f46a3f60289 [ 34.809238] RDX: 000000000000275a RSI: 0000000020000000 RDI: 00000000ffffff9c [ 34.816487] RBP: 00007ffc090341a0 R08: 00007ffc090341a0 R09: 00007f46a3f1d5b0 [ 34.823736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 34.831077] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 34.838505] Kernel Offset: disabled [ 34.842200] Rebooting in 86400 seconds..