Warning: Permanently added '10.128.0.197' (ED25519) to the list of known hosts. executing program [ 31.372941][ T6164] loop0: detected capacity change from 0 to 1024 [ 31.381674][ T6164] ================================================================== [ 31.383878][ T6164] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 [ 31.385816][ T6164] Read of size 2 at addr ffff0000d653e40c by task syz-executor353/6164 [ 31.387946][ T6164] [ 31.388559][ T6164] CPU: 0 PID: 6164 Comm: syz-executor353 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 31.391117][ T6164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 31.393722][ T6164] Call trace: [ 31.394598][ T6164] dump_backtrace+0x1b8/0x1e4 [ 31.395836][ T6164] show_stack+0x2c/0x3c [ 31.396956][ T6164] dump_stack_lvl+0xd0/0x124 [ 31.398133][ T6164] print_report+0x178/0x518 [ 31.399399][ T6164] kasan_report+0xd8/0x138 [ 31.400576][ T6164] __asan_report_load2_noabort+0x20/0x2c [ 31.402090][ T6164] hfsplus_uni2asc+0x624/0x1018 [ 31.403407][ T6164] hfsplus_readdir+0x7a0/0xf28 [ 31.404666][ T6164] iterate_dir+0x3f8/0x580 [ 31.405811][ T6164] __arm64_sys_getdents64+0x1c4/0x4a0 [ 31.407237][ T6164] invoke_syscall+0x98/0x2b8 [ 31.408436][ T6164] el0_svc_common+0x130/0x23c [ 31.409727][ T6164] do_el0_svc+0x48/0x58 [ 31.410861][ T6164] el0_svc+0x54/0x168 [ 31.411922][ T6164] el0t_64_sync_handler+0x84/0xfc [ 31.413283][ T6164] el0t_64_sync+0x190/0x194 [ 31.414526][ T6164] [ 31.415138][ T6164] Allocated by task 6164: [ 31.416263][ T6164] kasan_save_track+0x40/0x78 [ 31.417542][ T6164] kasan_save_alloc_info+0x40/0x50 [ 31.418900][ T6164] __kasan_kmalloc+0xac/0xc4 [ 31.420127][ T6164] __kmalloc+0x2bc/0x5d4 [ 31.421260][ T6164] hfsplus_find_init+0x84/0x1bc [ 31.422644][ T6164] hfsplus_readdir+0x1c8/0xf28 [ 31.423962][ T6164] iterate_dir+0x3f8/0x580 [ 31.425166][ T6164] __arm64_sys_getdents64+0x1c4/0x4a0 [ 31.426591][ T6164] invoke_syscall+0x98/0x2b8 [ 31.427745][ T6164] el0_svc_common+0x130/0x23c [ 31.429020][ T6164] do_el0_svc+0x48/0x58 [ 31.430164][ T6164] el0_svc+0x54/0x168 [ 31.431278][ T6164] el0t_64_sync_handler+0x84/0xfc [ 31.432590][ T6164] el0t_64_sync+0x190/0x194 [ 31.433882][ T6164] [ 31.434535][ T6164] The buggy address belongs to the object at ffff0000d653e000 [ 31.434535][ T6164] which belongs to the cache kmalloc-2k of size 2048 [ 31.438291][ T6164] The buggy address is located 0 bytes to the right of [ 31.438291][ T6164] allocated 1036-byte region [ffff0000d653e000, ffff0000d653e40c) [ 31.442181][ T6164] [ 31.442821][ T6164] The buggy address belongs to the physical page: [ 31.444559][ T6164] page:00000000905dde3f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x116538 [ 31.447348][ T6164] head:00000000905dde3f order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.449805][ T6164] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 31.451981][ T6164] page_type: 0xffffffff() [ 31.453172][ T6164] raw: 05ffc00000000840 ffff0000c0002000 dead000000000122 0000000000000000 [ 31.455502][ T6164] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 31.457829][ T6164] page dumped because: kasan: bad access detected [ 31.459561][ T6164] [ 31.460177][ T6164] Memory state around the buggy address: [ 31.461718][ T6164] ffff0000d653e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.463902][ T6164] ffff0000d653e380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.466121][ T6164] >ffff0000d653e400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.468260][ T6164] ^ [ 31.469429][ T6164] ffff0000d653e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.471620][ T6164] ffff0000d653e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.473724][ T6164] ================================================================== [ 31.476421][ T6164] Disabling lock debugging due to kernel taint