Warning: Permanently added '10.128.1.131' (ECDSA) to the list of known hosts. executing program [ 44.172652][ T3959] loop0: detected capacity change from 0 to 64 [ 44.177354][ T3959] hfs: unable to locate alternate MDB [ 44.178670][ T3959] hfs: continuing without an alternate MDB [ 44.184995][ T3959] ================================================================== [ 44.186900][ T3959] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read+0x1b4/0x2dc [ 44.188616][ T3959] Write of size 256 at addr ffff0000cfc35700 by task syz-executor583/3959 [ 44.190437][ T3959] [ 44.190951][ T3959] CPU: 1 PID: 3959 Comm: syz-executor583 Not tainted 5.15.114-syzkaller #0 [ 44.192952][ T3959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 44.195289][ T3959] Call trace: [ 44.196036][ T3959] dump_backtrace+0x0/0x530 [ 44.197102][ T3959] show_stack+0x2c/0x3c [ 44.198130][ T3959] dump_stack_lvl+0x108/0x170 [ 44.199295][ T3959] print_address_description+0x7c/0x3f0 [ 44.200629][ T3959] kasan_report+0x174/0x1e4 [ 44.201727][ T3959] kasan_check_range+0x274/0x2b4 [ 44.202875][ T3959] memcpy+0xb4/0xe8 [ 44.203757][ T3959] hfs_bnode_read+0x1b4/0x2dc [ 44.204841][ T3959] hfs_bnode_read_key+0x154/0x21c [ 44.205974][ T3959] hfs_brec_insert+0x508/0x97c [ 44.207094][ T3959] hfs_cat_create+0x4f0/0x844 [ 44.208228][ T3959] hfs_create+0x70/0xe4 [ 44.209224][ T3959] path_openat+0xec0/0x26f0 [ 44.210301][ T3959] do_filp_open+0x1a8/0x3b4 [ 44.211368][ T3959] do_sys_openat2+0x128/0x3d8 [ 44.212453][ T3959] __arm64_sys_openat+0x1f0/0x240 [ 44.213541][ T3959] invoke_syscall+0x98/0x2b8 [ 44.214531][ T3959] el0_svc_common+0x138/0x258 [ 44.215658][ T3959] do_el0_svc+0x58/0x14c [ 44.216740][ T3959] el0_svc+0x7c/0x1f0 [ 44.217682][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 44.218837][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 44.219859][ T3959] [ 44.220455][ T3959] Allocated by task 3959: [ 44.221410][ T3959] ____kasan_kmalloc+0xbc/0xfc [ 44.222473][ T3959] __kasan_kmalloc+0x10/0x1c [ 44.223602][ T3959] __kmalloc+0x29c/0x4c8 [ 44.224536][ T3959] hfs_find_init+0x88/0x1c8 [ 44.225523][ T3959] hfs_cat_create+0x168/0x844 [ 44.226599][ T3959] hfs_create+0x70/0xe4 [ 44.227669][ T3959] path_openat+0xec0/0x26f0 [ 44.228722][ T3959] do_filp_open+0x1a8/0x3b4 [ 44.229850][ T3959] do_sys_openat2+0x128/0x3d8 [ 44.230989][ T3959] __arm64_sys_openat+0x1f0/0x240 [ 44.232114][ T3959] invoke_syscall+0x98/0x2b8 [ 44.233217][ T3959] el0_svc_common+0x138/0x258 [ 44.234316][ T3959] do_el0_svc+0x58/0x14c [ 44.235319][ T3959] el0_svc+0x7c/0x1f0 [ 44.236293][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 44.237514][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 44.238564][ T3959] [ 44.239118][ T3959] The buggy address belongs to the object at ffff0000cfc35700 [ 44.239118][ T3959] which belongs to the cache kmalloc-128 of size 128 [ 44.242505][ T3959] The buggy address is located 0 bytes inside of [ 44.242505][ T3959] 128-byte region [ffff0000cfc35700, ffff0000cfc35780) [ 44.245594][ T3959] The buggy address belongs to the page: [ 44.246942][ T3959] page:000000006bed105e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fc35 [ 44.249340][ T3959] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 44.251192][ T3959] raw: 05ffc00000000200 fffffc00033f0dc0 0000000300000003 ffff0000c0002300 [ 44.253257][ T3959] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 44.255241][ T3959] page dumped because: kasan: bad access detected [ 44.256819][ T3959] [ 44.257349][ T3959] Memory state around the buggy address: [ 44.258724][ T3959] ffff0000cfc35600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.260606][ T3959] ffff0000cfc35680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.262381][ T3959] >ffff0000cfc35700: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 44.264291][ T3959] ^ [ 44.265848][ T3959] ffff0000cfc35780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.267665][ T3959] ffff0000cfc35800: fb fb fb fb fb fb fb fb fb fb