Warning: Permanently added '10.128.1.184' (ED25519) to the list of known hosts. executing program [ 35.312960][ T6168] loop0: detected capacity change from 0 to 1024 [ 35.325792][ T6168] ================================================================== [ 35.328030][ T6168] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 [ 35.330096][ T6168] Read of size 2 at addr ffff0000d87a940c by task syz-executor785/6168 [ 35.332419][ T6168] [ 35.333069][ T6168] CPU: 0 PID: 6168 Comm: syz-executor785 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 35.335902][ T6168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 35.338658][ T6168] Call trace: [ 35.339534][ T6168] dump_backtrace+0x1b8/0x1e4 [ 35.340819][ T6168] show_stack+0x2c/0x3c [ 35.341953][ T6168] dump_stack_lvl+0xd0/0x124 [ 35.343222][ T6168] print_report+0x178/0x518 [ 35.344452][ T6168] kasan_report+0xd8/0x138 [ 35.345695][ T6168] __asan_report_load2_noabort+0x20/0x2c [ 35.347254][ T6168] hfsplus_uni2asc+0x624/0x1018 [ 35.348599][ T6168] hfsplus_readdir+0x7a0/0xf28 [ 35.349974][ T6168] iterate_dir+0x3f8/0x580 [ 35.351213][ T6168] __arm64_sys_getdents64+0x1c4/0x4a0 [ 35.352735][ T6168] invoke_syscall+0x98/0x2b8 [ 35.353948][ T6168] el0_svc_common+0x130/0x23c [ 35.355306][ T6168] do_el0_svc+0x48/0x58 [ 35.356491][ T6168] el0_svc+0x54/0x168 [ 35.357559][ T6168] el0t_64_sync_handler+0x84/0xfc [ 35.358957][ T6168] el0t_64_sync+0x190/0x194 [ 35.360275][ T6168] [ 35.360908][ T6168] Allocated by task 6168: [ 35.362118][ T6168] kasan_save_track+0x40/0x78 [ 35.363421][ T6168] kasan_save_alloc_info+0x40/0x50 [ 35.364857][ T6168] __kasan_kmalloc+0xac/0xc4 [ 35.366104][ T6168] __kmalloc+0x2bc/0x5d4 [ 35.367287][ T6168] hfsplus_find_init+0x84/0x1bc [ 35.368630][ T6168] hfsplus_readdir+0x1c8/0xf28 [ 35.369963][ T6168] iterate_dir+0x3f8/0x580 [ 35.371143][ T6168] __arm64_sys_getdents64+0x1c4/0x4a0 [ 35.372656][ T6168] invoke_syscall+0x98/0x2b8 [ 35.373903][ T6168] el0_svc_common+0x130/0x23c [ 35.375175][ T6168] do_el0_svc+0x48/0x58 [ 35.376307][ T6168] el0_svc+0x54/0x168 [ 35.377402][ T6168] el0t_64_sync_handler+0x84/0xfc [ 35.378785][ T6168] el0t_64_sync+0x190/0x194 [ 35.380013][ T6168] [ 35.380653][ T6168] The buggy address belongs to the object at ffff0000d87a9000 [ 35.380653][ T6168] which belongs to the cache kmalloc-2k of size 2048 [ 35.384495][ T6168] The buggy address is located 0 bytes to the right of [ 35.384495][ T6168] allocated 1036-byte region [ffff0000d87a9000, ffff0000d87a940c) [ 35.388612][ T6168] [ 35.389261][ T6168] The buggy address belongs to the physical page: [ 35.390986][ T6168] page:000000005b101f1c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1187a8 [ 35.393772][ T6168] head:000000005b101f1c order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.396364][ T6168] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 35.398618][ T6168] page_type: 0xffffffff() [ 35.399793][ T6168] raw: 05ffc00000000840 ffff0000c0002000 dead000000000122 0000000000000000 [ 35.402203][ T6168] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 35.404679][ T6168] page dumped because: kasan: bad access detected [ 35.406495][ T6168] [ 35.407124][ T6168] Memory state around the buggy address: [ 35.408654][ T6168] ffff0000d87a9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.410997][ T6168] ffff0000d87a9380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.413294][ T6168] >ffff0000d87a9400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.415578][ T6168] ^ [ 35.416833][ T6168] ffff0000d87a9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.419078][ T6168] ffff0000d87a9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.421299][ T6168] ================================================================== [ 35.424465][ T6168] Disabling lock debugging due to kernel taint