Warning: Permanently added '10.128.0.97' (ED25519) to the list of known hosts. executing program [ 35.450830][ T6490] loop0: detected capacity change from 0 to 1024 [ 35.481133][ T6489] ================================================================== [ 35.481165][ T6489] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x648/0x1054 [ 35.481191][ T6489] Read of size 2 at addr ffff0000c5fbc40c by task syz-executor157/6489 [ 35.481207][ T6489] [ 35.481218][ T6489] CPU: 0 UID: 0 PID: 6489 Comm: syz-executor157 Not tainted 6.15.0-rc4-syzkaller-ge0f4c8dd9d2d #0 PREEMPT [ 35.481232][ T6489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 35.481239][ T6489] Call trace: [ 35.481243][ T6489] show_stack+0x2c/0x3c (C) [ 35.481264][ T6489] __dump_stack+0x30/0x40 [ 35.481275][ T6489] dump_stack_lvl+0xd8/0x12c [ 35.481285][ T6489] print_address_description+0xa8/0x254 [ 35.481300][ T6489] print_report+0x68/0x84 [ 35.481312][ T6489] kasan_report+0xb0/0x110 [ 35.481333][ T6489] __asan_report_load2_noabort+0x20/0x2c [ 35.481345][ T6489] hfsplus_uni2asc+0x648/0x1054 [ 35.481358][ T6489] hfsplus_readdir+0x638/0xb3c [ 35.481369][ T6489] iterate_dir+0x458/0x5e0 [ 35.481383][ T6489] __arm64_sys_getdents64+0x114/0x2fc [ 35.481396][ T6489] invoke_syscall+0x98/0x2b8 [ 35.481407][ T6489] el0_svc_common+0x130/0x23c [ 35.481417][ T6489] do_el0_svc+0x48/0x58 [ 35.481427][ T6489] el0_svc+0x58/0x150 [ 35.481440][ T6489] el0t_64_sync_handler+0x78/0x108 [ 35.481452][ T6489] el0t_64_sync+0x198/0x19c [ 35.481465][ T6489] [ 35.481565][ T6489] Allocated by task 6489: [ 35.481577][ T6489] kasan_save_track+0x40/0x78 [ 35.481594][ T6489] kasan_save_alloc_info+0x44/0x54 [ 35.481609][ T6489] __kasan_kmalloc+0x9c/0xb4 [ 35.481626][ T6489] __kmalloc_noprof+0x2fc/0x4c8 [ 35.481645][ T6489] hfsplus_find_init+0x84/0x1bc [ 35.481661][ T6489] hfsplus_readdir+0x19c/0xb3c [ 35.481677][ T6489] iterate_dir+0x458/0x5e0 [ 35.481693][ T6489] __arm64_sys_getdents64+0x114/0x2fc [ 35.481711][ T6489] invoke_syscall+0x98/0x2b8 [ 35.481725][ T6489] el0_svc_common+0x130/0x23c [ 35.481739][ T6489] do_el0_svc+0x48/0x58 [ 35.481753][ T6489] el0_svc+0x58/0x150 [ 35.481769][ T6489] el0t_64_sync_handler+0x78/0x108 [ 35.481785][ T6489] el0t_64_sync+0x198/0x19c [ 35.481800][ T6489] [ 35.481808][ T6489] The buggy address belongs to the object at ffff0000c5fbc000 [ 35.481808][ T6489] which belongs to the cache kmalloc-2k of size 2048 [ 35.481824][ T6489] The buggy address is located 0 bytes to the right of [ 35.481824][ T6489] allocated 1036-byte region [ffff0000c5fbc000, ffff0000c5fbc40c) [ 35.481843][ T6489] [ 35.481852][ T6489] The buggy address belongs to the physical page: [ 35.481863][ T6489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fb8 [ 35.481879][ T6489] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.481895][ T6489] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 35.481912][ T6489] page_type: f5(slab) [ 35.481929][ T6489] raw: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000 [ 35.481945][ T6489] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 35.481962][ T6489] head: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000 [ 35.481979][ T6489] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 35.481996][ T6489] head: 05ffc00000000003 fffffdffc317ee01 00000000ffffffff 00000000ffffffff [ 35.482013][ T6489] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 35.482025][ T6489] page dumped because: kasan: bad access detected [ 35.482036][ T6489] [ 35.482045][ T6489] Memory state around the buggy address: [ 35.482057][ T6489] ffff0000c5fbc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.482071][ T6489] ffff0000c5fbc380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.482085][ T6489] >ffff0000c5fbc400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.482097][ T6489] ^ [ 35.482109][ T6489] ffff0000c5fbc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.482122][ T6489] ffff0000c5fbc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.482134][ T6489] ================================================================== [ 35.482565][ T6489] Disabling lock debugging due to kernel taint