Warning: Permanently added '10.128.1.200' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   34.931560][ T5976] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5976 'syz-executor415'
[   34.940633][ T5976] loop0: detected capacity change from 0 to 1024
[   34.951283][ T5976] ==================================================================
[   34.952913][ T5976] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018
[   34.954442][ T5976] Read of size 2 at addr ffff0000d4ca540c by task syz-executor415/5976
[   34.956121][ T5976] 
[   34.956599][ T5976] CPU: 1 PID: 5976 Comm: syz-executor415 Not tainted 6.4.0-rc7-syzkaller-ge40939bbfc68 #0
[   34.958605][ T5976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   34.960660][ T5976] Call trace:
[   34.961331][ T5976]  dump_backtrace+0x1b8/0x1e4
[   34.962344][ T5976]  show_stack+0x2c/0x44
[   34.963244][ T5976]  dump_stack_lvl+0xd0/0x124
[   34.964199][ T5976]  print_report+0x174/0x514
[   34.965132][ T5976]  kasan_report+0xd4/0x130
[   34.966023][ T5976]  __asan_report_load2_noabort+0x20/0x2c
[   34.967261][ T5976]  hfsplus_uni2asc+0x624/0x1018
[   34.968262][ T5976]  hfsplus_readdir+0x7a0/0xf28
[   34.969242][ T5976]  iterate_dir+0x1f4/0x4e4
[   34.970133][ T5976]  __arm64_sys_getdents64+0x1c4/0x4a0
[   34.971277][ T5976]  invoke_syscall+0x98/0x2c0
[   34.972238][ T5976]  el0_svc_common+0x138/0x244
[   34.973204][ T5976]  do_el0_svc+0x64/0x198
[   34.974118][ T5976]  el0_svc+0x4c/0x160
[   34.974951][ T5976]  el0t_64_sync_handler+0x84/0xfc
[   34.975995][ T5976]  el0t_64_sync+0x190/0x194
[   34.976937][ T5976] 
[   34.977398][ T5976] Allocated by task 5976:
[   34.978260][ T5976]  kasan_set_track+0x4c/0x7c
[   34.979204][ T5976]  kasan_save_alloc_info+0x24/0x30
[   34.980232][ T5976]  __kasan_kmalloc+0xac/0xc4
[   34.981190][ T5976]  __kmalloc+0xcc/0x1b8
[   34.982022][ T5976]  hfsplus_find_init+0x84/0x1bc
[   34.983044][ T5976]  hfsplus_readdir+0x1c8/0xf28
[   34.984039][ T5976]  iterate_dir+0x1f4/0x4e4
[   34.984934][ T5976]  __arm64_sys_getdents64+0x1c4/0x4a0
[   34.986019][ T5976]  invoke_syscall+0x98/0x2c0
[   34.986972][ T5976]  el0_svc_common+0x138/0x244
[   34.987946][ T5976]  do_el0_svc+0x64/0x198
[   34.988795][ T5976]  el0_svc+0x4c/0x160
[   34.989638][ T5976]  el0t_64_sync_handler+0x84/0xfc
[   34.990691][ T5976]  el0t_64_sync+0x190/0x194
[   34.991614][ T5976] 
[   34.992099][ T5976] Last potentially related work creation:
[   34.993269][ T5976]  kasan_save_stack+0x40/0x6c
[   34.994242][ T5976]  __kasan_record_aux_stack+0xcc/0xe8
[   34.995338][ T5976]  kasan_record_aux_stack_noalloc+0x14/0x20
[   34.996579][ T5976]  call_rcu+0x104/0xaf4
[   34.997430][ T5976]  netlink_release+0x12c0/0x1818
[   34.998429][ T5976]  sock_close+0xb8/0x1fc
[   34.999327][ T5976]  __fput+0x30c/0x7bc
[   35.000123][ T5976]  ____fput+0x20/0x30
[   35.000948][ T5976]  task_work_run+0x230/0x2e0
[   35.001883][ T5976]  do_notify_resume+0x2180/0x3c90
[   35.002914][ T5976]  el0_svc+0x94/0x160
[   35.003724][ T5976]  el0t_64_sync_handler+0x84/0xfc
[   35.004759][ T5976]  el0t_64_sync+0x190/0x194
[   35.005673][ T5976] 
[   35.006134][ T5976] The buggy address belongs to the object at ffff0000d4ca5000
[   35.006134][ T5976]  which belongs to the cache kmalloc-2k of size 2048
[   35.009016][ T5976] The buggy address is located 0 bytes to the right of
[   35.009016][ T5976]  allocated 1036-byte region [ffff0000d4ca5000, ffff0000d4ca540c)
[   35.012025][ T5976] 
[   35.012506][ T5976] The buggy address belongs to the physical page:
[   35.013834][ T5976] page:0000000031fd1cb0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114ca0
[   35.015964][ T5976] head:0000000031fd1cb0 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.017796][ T5976] anon flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   35.019577][ T5976] page_type: 0xffffffff()
[   35.020490][ T5976] raw: 05ffc00000010200 ffff0000c0002900 0000000000000000 dead000000000001
[   35.022294][ T5976] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   35.024067][ T5976] page dumped because: kasan: bad access detected
[   35.025384][ T5976] 
[   35.025845][ T5976] Memory state around the buggy address:
[   35.026985][ T5976]  ffff0000d4ca5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.028684][ T5976]  ffff0000d4ca5380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.030293][ T5976] >ffff0000d4ca5400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.031935][ T5976]                       ^
[   35.032821][ T5976]  ffff0000d4ca5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.034499][ T5976]  ffff0000d4ca5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.036204][ T5976] ==================================================================
[   35.039661][ T5976] Disabling lock debugging due to kernel taint