[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.879069] ================================================================== [ 27.886535] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x82a/0x910 [ 27.893443] Read of size 2 at addr ffff8880b323b9cc by task syz-executor841/7983 [ 27.900955] [ 27.902560] CPU: 1 PID: 7983 Comm: syz-executor841 Not tainted 4.14.300-syzkaller #0 [ 27.910413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.919740] Call Trace: [ 27.922306] dump_stack+0x1b2/0x281 [ 27.925908] ? char2uni+0xf0/0xf0 [ 27.929333] print_address_description.cold+0x54/0x1d3 [ 27.934583] kasan_report_error.cold+0x8a/0x191 [ 27.939227] ? hfsplus_uni2asc+0x82a/0x910 [ 27.943456] __asan_report_load2_noabort+0x68/0x70 [ 27.948361] ? char2uni+0x50/0xf0 [ 27.951790] ? hfsplus_uni2asc+0x82a/0x910 [ 27.955999] hfsplus_uni2asc+0x82a/0x910 [ 27.960037] ? char2uni+0xf0/0xf0 [ 27.963465] hfsplus_readdir+0x6e4/0xd70 [ 27.967532] ? hfsplus_dir_release+0x1b0/0x1b0 [ 27.972100] ? aa_file_perm+0x304/0xab0 [ 27.976051] ? mark_held_locks+0xa6/0xf0 [ 27.980955] ? trace_hardirqs_on+0x10/0x10 [ 27.985203] ? aa_path_link+0x3a0/0x3a0 [ 27.989165] ? timespec_trunc+0xb7/0x120 [ 27.993209] ? fsnotify+0x974/0x11b0 [ 27.996900] ? put_timespec64+0xf0/0xf0 [ 28.000857] ? __fsnotify_inode_delete+0x20/0x20 [ 28.005590] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 28.012232] ? lock_acquire+0x170/0x3f0 [ 28.016187] ? iterate_dir+0xbc/0x5e0 [ 28.019973] iterate_dir+0x1a0/0x5e0 [ 28.023697] SyS_getdents64+0x125/0x230 [ 28.027677] ? SyS_getdents+0x240/0x240 [ 28.031635] ? filldir+0x390/0x390 [ 28.035165] ? do_syscall_64+0x4c/0x640 [ 28.039115] ? SyS_getdents+0x240/0x240 [ 28.043066] do_syscall_64+0x1d5/0x640 [ 28.046935] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.052137] [ 28.053742] Allocated by task 7983: [ 28.057346] kasan_kmalloc+0xeb/0x160 [ 28.061124] __kmalloc+0x15a/0x400 [ 28.064650] hfsplus_find_init+0x91/0x220 [ 28.068785] hfsplus_readdir+0x1dc/0xd70 [ 28.072837] iterate_dir+0x1a0/0x5e0 [ 28.076531] SyS_getdents64+0x125/0x230 [ 28.080513] do_syscall_64+0x1d5/0x640 [ 28.084390] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.089558] [ 28.091164] Freed by task 0: [ 28.094155] (stack is not available) [ 28.097851] [ 28.099459] The buggy address belongs to the object at ffff8880b323b5c0 [ 28.099459] which belongs to the cache kmalloc-2048 of size 2048 [ 28.112272] The buggy address is located 1036 bytes inside of [ 28.112272] 2048-byte region [ffff8880b323b5c0, ffff8880b323bdc0) [ 28.124297] The buggy address belongs to the page: [ 28.129200] page:ffffea0002cc8e80 count:1 mapcount:0 mapping:ffff8880b323a4c0 index:0x0 compound_mapcount: 0 [ 28.139141] flags: 0xfff00000008100(slab|head) [ 28.143697] raw: 00fff00000008100 ffff8880b323a4c0 0000000000000000 0000000100000003 [ 28.151554] raw: ffffea0002cd9420 ffff88813fe64948 ffff88813fe74c40 0000000000000000 [ 28.159598] page dumped because: kasan: bad access detected [ 28.165279] [ 28.166879] Memory state around the buggy address: [ 28.171793] ffff8880b323b880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.179482] ffff8880b323b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.186822] >ffff8880b323b980: 00 00 00 00 00 00 00 00 00 04 fc fc fc fc fc fc [ 28.194152] ^ [ 28.199839] ffff8880b323ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.207173] ffff8880b323ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.214502] ================================================================== [ 28.221829] Disabling lock debugging due to kernel taint [ 28.236121] Kernel panic - not syncing: panic_on_warn set ... [ 28.236121] [ 28.243511] CPU: 1 PID: 7983 Comm: syz-executor841 Tainted: G B 4.14.300-syzkaller #0 [ 28.252591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.261922] Call Trace: [ 28.264487] dump_stack+0x1b2/0x281 [ 28.268088] ? char2uni+0xf0/0xf0 [ 28.271512] panic+0x1f9/0x42d [ 28.274693] ? add_taint.cold+0x16/0x16 [ 28.278642] ? ___preempt_schedule+0x16/0x18 [ 28.283022] kasan_end_report+0x43/0x49 [ 28.286966] kasan_report_error.cold+0xa7/0x191 [ 28.291608] ? hfsplus_uni2asc+0x82a/0x910 [ 28.295818] __asan_report_load2_noabort+0x68/0x70 [ 28.300855] ? char2uni+0x50/0xf0 [ 28.304285] ? hfsplus_uni2asc+0x82a/0x910 [ 28.308498] hfsplus_uni2asc+0x82a/0x910 [ 28.312538] ? char2uni+0xf0/0xf0 [ 28.315967] hfsplus_readdir+0x6e4/0xd70 [ 28.320004] ? hfsplus_dir_release+0x1b0/0x1b0 [ 28.324566] ? aa_file_perm+0x304/0xab0 [ 28.328514] ? mark_held_locks+0xa6/0xf0 [ 28.332548] ? trace_hardirqs_on+0x10/0x10 [ 28.336769] ? aa_path_link+0x3a0/0x3a0 [ 28.340727] ? timespec_trunc+0xb7/0x120 [ 28.344763] ? fsnotify+0x974/0x11b0 [ 28.348448] ? put_timespec64+0xf0/0xf0 [ 28.352400] ? __fsnotify_inode_delete+0x20/0x20 [ 28.357128] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 28.363784] ? lock_acquire+0x170/0x3f0 [ 28.367854] ? iterate_dir+0xbc/0x5e0 [ 28.371642] iterate_dir+0x1a0/0x5e0 [ 28.375336] SyS_getdents64+0x125/0x230 [ 28.379289] ? SyS_getdents+0x240/0x240 [ 28.383251] ? filldir+0x390/0x390 [ 28.386768] ? do_syscall_64+0x4c/0x640 [ 28.390754] ? SyS_getdents+0x240/0x240 [ 28.394811] do_syscall_64+0x1d5/0x640 [ 28.398762] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.404132] Kernel Offset: disabled [ 28.407740] Rebooting in 86400 seconds..