Warning: Permanently added '10.128.0.8' (ED25519) to the list of known hosts. executing program [ 42.729635][ T3968] loop0: detected capacity change from 0 to 1024 [ 42.740709][ T3968] ================================================================== [ 42.742841][ T3968] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 [ 42.744738][ T3968] Read of size 2 at addr ffff0000da04340c by task syz-executor377/3968 [ 42.746806][ T3968] [ 42.747365][ T3968] CPU: 1 PID: 3968 Comm: syz-executor377 Not tainted 5.15.123-syzkaller #0 [ 42.749652][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 42.752290][ T3968] Call trace: [ 42.753100][ T3968] dump_backtrace+0x0/0x530 [ 42.754263][ T3968] show_stack+0x2c/0x3c [ 42.755297][ T3968] dump_stack_lvl+0x108/0x170 [ 42.756510][ T3968] print_address_description+0x7c/0x3f0 [ 42.757986][ T3968] kasan_report+0x174/0x1e4 [ 42.759053][ T3968] __asan_report_load2_noabort+0x44/0x50 [ 42.760471][ T3968] hfsplus_uni2asc+0x624/0x1018 [ 42.761749][ T3968] hfsplus_readdir+0x79c/0xf68 [ 42.763024][ T3968] iterate_dir+0x1f4/0x4e4 [ 42.764202][ T3968] __arm64_sys_getdents64+0x1c4/0x4c4 [ 42.765605][ T3968] invoke_syscall+0x98/0x2b8 [ 42.766809][ T3968] el0_svc_common+0x138/0x258 [ 42.767966][ T3968] do_el0_svc+0x58/0x14c [ 42.769066][ T3968] el0_svc+0x7c/0x1f0 [ 42.770056][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 42.771347][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 42.772482][ T3968] [ 42.773099][ T3968] Allocated by task 3968: [ 42.774177][ T3968] ____kasan_kmalloc+0xbc/0xfc [ 42.775374][ T3968] __kasan_kmalloc+0x10/0x1c [ 42.776567][ T3968] __kmalloc+0x29c/0x4c8 [ 42.777729][ T3968] hfsplus_find_init+0x84/0x1bc [ 42.778981][ T3968] hfsplus_readdir+0x1c8/0xf68 [ 42.780163][ T3968] iterate_dir+0x1f4/0x4e4 [ 42.781267][ T3968] __arm64_sys_getdents64+0x1c4/0x4c4 [ 42.782714][ T3968] invoke_syscall+0x98/0x2b8 [ 42.783846][ T3968] el0_svc_common+0x138/0x258 [ 42.785022][ T3968] do_el0_svc+0x58/0x14c [ 42.786101][ T3968] el0_svc+0x7c/0x1f0 [ 42.787128][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 42.788450][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 42.789552][ T3968] [ 42.790131][ T3968] The buggy address belongs to the object at ffff0000da043000 [ 42.790131][ T3968] which belongs to the cache kmalloc-2k of size 2048 [ 42.793797][ T3968] The buggy address is located 1036 bytes inside of [ 42.793797][ T3968] 2048-byte region [ffff0000da043000, ffff0000da043800) [ 42.797281][ T3968] The buggy address belongs to the page: [ 42.798828][ T3968] page:00000000491af2da refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a040 [ 42.801416][ T3968] head:00000000491af2da order:3 compound_mapcount:0 compound_pincount:0 [ 42.803605][ T3968] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 42.805641][ T3968] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002900 [ 42.807760][ T3968] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 42.809941][ T3968] page dumped because: kasan: bad access detected [ 42.811531][ T3968] [ 42.812189][ T3968] Memory state around the buggy address: [ 42.813586][ T3968] ffff0000da043300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.815626][ T3968] ffff0000da043380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.817656][ T3968] >ffff0000da043400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.819772][ T3968] ^ [ 42.820834][ T3968] ffff0000da043480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.822864][ T3968] ffff0000da043500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.824897][ T3968] ================================================================== [ 42.826997][ T3968] Disabling lock debugging due to kernel taint