Warning: Permanently added '10.128.0.10' (ED25519) to the list of known hosts. executing program [ 35.737131][ T4220] loop0: detected capacity change from 0 to 1024 [ 35.740328][ T4220] ======================================================= [ 35.740328][ T4220] WARNING: The mand mount option has been deprecated and [ 35.740328][ T4220] and is ignored by this kernel. Remove the mand [ 35.740328][ T4220] option from the mount to silence this warning. [ 35.740328][ T4220] ======================================================= [ 35.755936][ T4220] ================================================================== [ 35.757681][ T4220] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 [ 35.759406][ T4220] Read of size 2 at addr ffff0000c4a0e40c by task syz-executor223/4220 [ 35.761301][ T4220] [ 35.761839][ T4220] CPU: 0 PID: 4220 Comm: syz-executor223 Not tainted 6.1.83-syzkaller #0 [ 35.763702][ T4220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.766010][ T4220] Call trace: [ 35.766728][ T4220] dump_backtrace+0x1c8/0x1f4 [ 35.767755][ T4220] show_stack+0x2c/0x3c [ 35.768699][ T4220] dump_stack_lvl+0x108/0x170 [ 35.769761][ T4220] print_report+0x174/0x4c0 [ 35.770811][ T4220] kasan_report+0xd4/0x130 [ 35.771876][ T4220] __asan_report_load2_noabort+0x2c/0x38 [ 35.773203][ T4220] hfsplus_uni2asc+0x624/0x1018 [ 35.774375][ T4220] hfsplus_readdir+0x7a0/0xf28 [ 35.775554][ T4220] iterate_dir+0x1f4/0x4e4 [ 35.776556][ T4220] __arm64_sys_getdents64+0x1c4/0x4a0 [ 35.777737][ T4220] invoke_syscall+0x98/0x2c0 [ 35.778819][ T4220] el0_svc_common+0x138/0x258 [ 35.779894][ T4220] do_el0_svc+0x64/0x218 [ 35.780883][ T4220] el0_svc+0x58/0x168 [ 35.781815][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 35.782976][ T4220] el0t_64_sync+0x18c/0x190 [ 35.784048][ T4220] [ 35.784624][ T4220] Allocated by task 4220: [ 35.785607][ T4220] kasan_set_track+0x4c/0x80 [ 35.786621][ T4220] kasan_save_alloc_info+0x24/0x30 [ 35.787755][ T4220] __kasan_kmalloc+0xac/0xc4 [ 35.788805][ T4220] __kmalloc+0xd8/0x1c4 [ 35.789758][ T4220] hfsplus_find_init+0x84/0x1bc [ 35.790905][ T4220] hfsplus_readdir+0x1c8/0xf28 [ 35.791993][ T4220] iterate_dir+0x1f4/0x4e4 [ 35.793087][ T4220] __arm64_sys_getdents64+0x1c4/0x4a0 [ 35.794279][ T4220] invoke_syscall+0x98/0x2c0 [ 35.795447][ T4220] el0_svc_common+0x138/0x258 [ 35.796508][ T4220] do_el0_svc+0x64/0x218 [ 35.797595][ T4220] el0_svc+0x58/0x168 [ 35.798595][ T4220] el0t_64_sync_handler+0x84/0xf0 [ 35.799761][ T4220] el0t_64_sync+0x18c/0x190 [ 35.800722][ T4220] [ 35.801204][ T4220] The buggy address belongs to the object at ffff0000c4a0e000 [ 35.801204][ T4220] which belongs to the cache kmalloc-2k of size 2048 [ 35.804447][ T4220] The buggy address is located 1036 bytes inside of [ 35.804447][ T4220] 2048-byte region [ffff0000c4a0e000, ffff0000c4a0e800) [ 35.807507][ T4220] [ 35.808023][ T4220] The buggy address belongs to the physical page: [ 35.809493][ T4220] page:000000007acca05d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a08 [ 35.811867][ T4220] head:000000007acca05d order:3 compound_mapcount:0 compound_pincount:0 [ 35.813753][ T4220] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 35.815713][ T4220] raw: 05ffc00000010200 fffffc0003117e00 dead000000000002 ffff0000c0002900 [ 35.817721][ T4220] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 35.819781][ T4220] page dumped because: kasan: bad access detected [ 35.821423][ T4220] [ 35.821943][ T4220] Memory state around the buggy address: [ 35.823233][ T4220] ffff0000c4a0e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.825127][ T4220] ffff0000c4a0e380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.826960][ T4220] >ffff0000c4a0e400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.828723][ T4220] ^ [ 35.829674][ T4220] ffff0000c4a0e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.831550][ T4220] ffff0000c4a0e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.833485][ T4220] ================================================================== [ 35.836374][ T4220] Disabling lock debugging due to kernel taint