./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3655274274
<...>
Warning: Permanently added '10.128.1.178' (ED25519) to the list of known hosts.
execve("./syz-executor3655274274", ["./syz-executor3655274274"], 0x7fff66d56410 /* 10 vars */) = 0
brk(NULL) = 0x5555562f8000
brk(0x5555562f8d00) = 0x5555562f8d00
arch_prctl(ARCH_SET_FS, 0x5555562f8380) = 0
set_tid_address(0x5555562f8650) = 5019
set_robust_list(0x5555562f8660, 24) = 0
rseq(0x5555562f8ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3655274274", 4096) = 28
getrandom("\xea\x75\xc2\xbd\xfb\xeb\xbe\x82", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x5555562f8d00
brk(0x555556319d00) = 0x555556319d00
brk(0x55555631a000) = 0x55555631a000
mprotect(0x7fd3e4f81000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3dcad1000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7fd3dcad1000, 524288) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
mount("/dev/loop0", "./file0", "hfsplus", MS_NODIRATIME|MS_SILENT, "\x74\x79\x70\x65\x3d\xfa\x35\x4a\x6d\x2c\x6e\x6c\x73\x3d\x69\x73\x6f\x38\x38\x35\x39\x2d\x31\x2c") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
[ 44.006258][ T5019] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5019 'syz-executor365'
[ 44.025401][ T5019] loop0: detected capacity change from 0 to 1024
[ 44.056650][ T5019] ==================================================================
[ 44.064761][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 44.072447][ T5019] Read of size 2 at addr ffff88814a9ba40c by task syz-executor365/5019
[ 44.080752][ T5019]
[ 44.083072][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Not tainted 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 44.093499][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 44.103544][ T5019] Call Trace:
[ 44.106811][ T5019]
[ 44.109725][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 44.114319][ T5019] print_report+0xc4/0x620
[ 44.118740][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 44.123756][ T5019] ? __phys_addr+0xc6/0x140
[ 44.128248][ T5019] kasan_report+0xda/0x110
[ 44.132687][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 44.137623][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 44.142848][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 44.147608][ T5019] hfsplus_readdir+0x871/0xff0
[ 44.152363][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 44.157636][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 44.162659][ T5019] ? down_read_killable+0x222/0x4b0
[ 44.167845][ T5019] ? down_read+0x470/0x470
[ 44.172249][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 44.177611][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 44.183315][ T5019] iterate_dir+0x59e/0x740
[ 44.187725][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 44.192940][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 44.198217][ T5019] ? fillonedir+0x400/0x400
[ 44.202738][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 44.207945][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 44.213137][ T5019] ? ptrace_notify+0xf4/0x130
[ 44.217803][ T5019] do_syscall_64+0x38/0xb0
[ 44.222208][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.228101][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 44.232499][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 44.252098][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 44.260503][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 44.268463][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 44.276417][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 44.284380][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 44.292335][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 44.300308][ T5019]
[ 44.303309][ T5019]
[ 44.305612][ T5019] Allocated by task 5019:
[ 44.309923][ T5019] kasan_save_stack+0x33/0x50
[ 44.314603][ T5019] kasan_set_track+0x25/0x30
[ 44.319188][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 44.323767][ T5019] __kmalloc+0x5d/0x100
[ 44.327913][ T5019] hfsplus_find_init+0x95/0x200
[ 44.333005][ T5019] hfsplus_readdir+0x262/0xff0
[ 44.337755][ T5019] iterate_dir+0x59e/0x740
[ 44.342165][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 44.347351][ T5019] do_syscall_64+0x38/0xb0
[ 44.351749][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.357647][ T5019]
[ 44.359955][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 44.359955][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 44.374006][ T5019] The buggy address is located 0 bytes to the right of
[ 44.374006][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 44.388580][ T5019]
[ 44.390889][ T5019] The buggy address belongs to the physical page:
[ 44.397283][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 44.407509][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 44.416426][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 44.424480][ T5019] page_type: 0xffffffff()
[ 44.428802][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 44.437405][ T5019] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 44.445982][ T5019] page dumped because: kasan: bad access detected
[ 44.452371][ T5019] page_owner tracks the page as allocated
[ 44.458066][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 44.477690][ T5019] post_alloc_hook+0x2d2/0x350
[ 44.482458][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 44.488002][ T5019] __alloc_pages+0x1d0/0x4a0
[ 44.492591][ T5019] alloc_page_interleave+0x1e/0x250
[ 44.497782][ T5019] alloc_pages+0x22a/0x270
[ 44.502213][ T5019] allocate_slab+0x24e/0x380
[ 44.506803][ T5019] ___slab_alloc+0x8bc/0x1570
[ 44.511477][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 44.516854][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 44.522299][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 44.528010][ T5019] kmalloc_reserve+0xef/0x270
[ 44.532674][ T5019] __alloc_skb+0x12b/0x330
[ 44.537079][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 44.542347][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 44.546750][ T5019] register_netdevice+0x125c/0x1630
[ 44.551935][ T5019] register_netdev+0x2f/0x50
[ 44.556519][ T5019] page_owner free stack trace missing
[ 44.561882][ T5019]
[ 44.564186][ T5019] Memory state around the buggy address:
[ 44.569837][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 44.577896][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 44.585939][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 44.594005][ T5019] ^
[ 44.598400][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 44.606452][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 44.614499][ T5019] ==================================================================
[ 44.622907][ T5019] Disabling lock debugging due to kernel taint
[ 44.629146][ T5019] ==================================================================
[ 44.637204][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 44.644833][ T5019] Read of size 2 at addr ffff88814a9ba40e by task syz-executor365/5019
[ 44.653071][ T5019]
[ 44.655387][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 44.667275][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 44.677350][ T5019] Call Trace:
[ 44.680621][ T5019]
[ 44.683543][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 44.688138][ T5019] print_report+0xc4/0x620
[ 44.692564][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 44.697602][ T5019] ? __phys_addr+0xc6/0x140
[ 44.702107][ T5019] kasan_report+0xda/0x110
[ 44.706552][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 44.711494][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 44.716454][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 44.721223][ T5019] hfsplus_readdir+0x871/0xff0
[ 44.725986][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 44.731354][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 44.736394][ T5019] ? down_read_killable+0x222/0x4b0
[ 44.741591][ T5019] ? down_read+0x470/0x470
[ 44.746005][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 44.751374][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 44.757093][ T5019] iterate_dir+0x59e/0x740
[ 44.761508][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 44.766701][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 44.771993][ T5019] ? fillonedir+0x400/0x400
[ 44.776491][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 44.781722][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 44.786926][ T5019] ? ptrace_notify+0xf4/0x130
[ 44.791603][ T5019] do_syscall_64+0x38/0xb0
[ 44.796019][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.802039][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 44.806454][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 44.826527][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 44.834949][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 44.842923][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 44.850884][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 44.859198][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 44.867197][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 44.875166][ T5019]
[ 44.878221][ T5019]
[ 44.880536][ T5019] Allocated by task 5019:
[ 44.884872][ T5019] kasan_save_stack+0x33/0x50
[ 44.889551][ T5019] kasan_set_track+0x25/0x30
[ 44.894238][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 44.898830][ T5019] __kmalloc+0x5d/0x100
[ 44.902993][ T5019] hfsplus_find_init+0x95/0x200
[ 44.907851][ T5019] hfsplus_readdir+0x262/0xff0
[ 44.912612][ T5019] iterate_dir+0x59e/0x740
[ 44.917020][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 44.922212][ T5019] do_syscall_64+0x38/0xb0
[ 44.926617][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.932508][ T5019]
[ 44.934815][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 44.934815][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 44.948866][ T5019] The buggy address is located 2 bytes to the right of
[ 44.948866][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 44.963445][ T5019]
[ 44.965762][ T5019] The buggy address belongs to the physical page:
[ 44.972223][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 44.982499][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 44.991431][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 44.999574][ T5019] page_type: 0xffffffff()
[ 45.003891][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 45.012493][ T5019] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 45.021104][ T5019] page dumped because: kasan: bad access detected
[ 45.027949][ T5019] page_owner tracks the page as allocated
[ 45.033680][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 45.055238][ T5019] post_alloc_hook+0x2d2/0x350
[ 45.060096][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 45.065665][ T5019] __alloc_pages+0x1d0/0x4a0
[ 45.070289][ T5019] alloc_page_interleave+0x1e/0x250
[ 45.075507][ T5019] alloc_pages+0x22a/0x270
[ 45.079914][ T5019] allocate_slab+0x24e/0x380
[ 45.084497][ T5019] ___slab_alloc+0x8bc/0x1570
[ 45.089206][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 45.094614][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 45.100061][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 45.105776][ T5019] kmalloc_reserve+0xef/0x270
[ 45.110447][ T5019] __alloc_skb+0x12b/0x330
[ 45.114859][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 45.120132][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 45.124536][ T5019] register_netdevice+0x125c/0x1630
[ 45.129762][ T5019] register_netdev+0x2f/0x50
[ 45.134343][ T5019] page_owner free stack trace missing
[ 45.139705][ T5019]
[ 45.142011][ T5019] Memory state around the buggy address:
[ 45.147643][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 45.155698][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 45.163821][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 45.171897][ T5019] ^
[ 45.176218][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 45.184280][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 45.192345][ T5019] ==================================================================
[ 45.200830][ T5019] ==================================================================
[ 45.208923][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 45.216562][ T5019] Read of size 2 at addr ffff88814a9ba410 by task syz-executor365/5019
[ 45.224834][ T5019]
[ 45.227271][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 45.239169][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 45.249237][ T5019] Call Trace:
[ 45.252511][ T5019]
[ 45.255428][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 45.260014][ T5019] print_report+0xc4/0x620
[ 45.264425][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 45.269441][ T5019] ? __phys_addr+0xc6/0x140
[ 45.273938][ T5019] kasan_report+0xda/0x110
[ 45.278354][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 45.283291][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 45.288420][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 45.293453][ T5019] hfsplus_readdir+0x871/0xff0
[ 45.298226][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 45.303505][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 45.308546][ T5019] ? down_read_killable+0x222/0x4b0
[ 45.313777][ T5019] ? down_read+0x470/0x470
[ 45.318195][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 45.323569][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 45.329289][ T5019] iterate_dir+0x59e/0x740
[ 45.333704][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 45.338897][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 45.344182][ T5019] ? fillonedir+0x400/0x400
[ 45.348683][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 45.353901][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 45.359097][ T5019] ? ptrace_notify+0xf4/0x130
[ 45.363766][ T5019] do_syscall_64+0x38/0xb0
[ 45.368185][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 45.374124][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 45.378527][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 45.398132][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 45.406537][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 45.414495][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 45.422479][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 45.430545][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 45.438588][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 45.446581][ T5019]
[ 45.449591][ T5019]
[ 45.451897][ T5019] Allocated by task 5019:
[ 45.456215][ T5019] kasan_save_stack+0x33/0x50
[ 45.460902][ T5019] kasan_set_track+0x25/0x30
[ 45.465500][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 45.470102][ T5019] __kmalloc+0x5d/0x100
[ 45.474266][ T5019] hfsplus_find_init+0x95/0x200
[ 45.479110][ T5019] hfsplus_readdir+0x262/0xff0
[ 45.483962][ T5019] iterate_dir+0x59e/0x740
[ 45.488422][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 45.493622][ T5019] do_syscall_64+0x38/0xb0
[ 45.498039][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 45.503931][ T5019]
[ 45.506327][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 45.506327][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 45.520472][ T5019] The buggy address is located 4 bytes to the right of
[ 45.520472][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 45.535067][ T5019]
[ 45.537382][ T5019] The buggy address belongs to the physical page:
[ 45.543780][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 45.554007][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 45.562966][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 45.571028][ T5019] page_type: 0xffffffff()
[ 45.575349][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 45.583920][ T5019] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 45.592487][ T5019] page dumped because: kasan: bad access detected
[ 45.598881][ T5019] page_owner tracks the page as allocated
[ 45.604576][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 45.624231][ T5019] post_alloc_hook+0x2d2/0x350
[ 45.629005][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 45.634545][ T5019] __alloc_pages+0x1d0/0x4a0
[ 45.639124][ T5019] alloc_page_interleave+0x1e/0x250
[ 45.644310][ T5019] alloc_pages+0x22a/0x270
[ 45.648714][ T5019] allocate_slab+0x24e/0x380
[ 45.653293][ T5019] ___slab_alloc+0x8bc/0x1570
[ 45.657966][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 45.663330][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 45.668777][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 45.674489][ T5019] kmalloc_reserve+0xef/0x270
[ 45.679152][ T5019] __alloc_skb+0x12b/0x330
[ 45.683555][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 45.688834][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 45.693242][ T5019] register_netdevice+0x125c/0x1630
[ 45.698430][ T5019] register_netdev+0x2f/0x50
[ 45.703006][ T5019] page_owner free stack trace missing
[ 45.708353][ T5019]
[ 45.710661][ T5019] Memory state around the buggy address:
[ 45.716269][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 45.724315][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 45.732360][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 45.740402][ T5019] ^
[ 45.744967][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 45.753015][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 45.761061][ T5019] ==================================================================
[ 45.769439][ T5019] ==================================================================
[ 45.777508][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 45.785138][ T5019] Read of size 2 at addr ffff88814a9ba412 by task syz-executor365/5019
[ 45.793358][ T5019]
[ 45.795667][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 45.807565][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 45.817609][ T5019] Call Trace:
[ 45.820872][ T5019]
[ 45.823788][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 45.828379][ T5019] print_report+0xc4/0x620
[ 45.832792][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 45.837818][ T5019] ? __phys_addr+0xc6/0x140
[ 45.842317][ T5019] kasan_report+0xda/0x110
[ 45.846732][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 45.851669][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 45.856611][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 45.861375][ T5019] hfsplus_readdir+0x871/0xff0
[ 45.866138][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 45.871420][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 45.876456][ T5019] ? down_read_killable+0x222/0x4b0
[ 45.881659][ T5019] ? down_read+0x470/0x470
[ 45.886071][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 45.891445][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 45.897161][ T5019] iterate_dir+0x59e/0x740
[ 45.901573][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 45.906767][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 45.912052][ T5019] ? fillonedir+0x400/0x400
[ 45.916556][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 45.921750][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 45.926943][ T5019] ? ptrace_notify+0xf4/0x130
[ 45.931613][ T5019] do_syscall_64+0x38/0xb0
[ 45.936017][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 45.941944][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 45.946349][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 45.965951][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 45.974358][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 45.982324][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 45.990285][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 45.998244][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 46.006204][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 46.014173][ T5019]
[ 46.017183][ T5019]
[ 46.019492][ T5019] Allocated by task 5019:
[ 46.023798][ T5019] kasan_save_stack+0x33/0x50
[ 46.028480][ T5019] kasan_set_track+0x25/0x30
[ 46.033061][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 46.037734][ T5019] __kmalloc+0x5d/0x100
[ 46.041883][ T5019] hfsplus_find_init+0x95/0x200
[ 46.046727][ T5019] hfsplus_readdir+0x262/0xff0
[ 46.051483][ T5019] iterate_dir+0x59e/0x740
[ 46.055898][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 46.061232][ T5019] do_syscall_64+0x38/0xb0
[ 46.065672][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.071641][ T5019]
[ 46.073959][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 46.073959][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 46.088003][ T5019] The buggy address is located 6 bytes to the right of
[ 46.088003][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 46.102581][ T5019]
[ 46.104909][ T5019] The buggy address belongs to the physical page:
[ 46.111312][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 46.121551][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 46.130503][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 46.138573][ T5019] page_type: 0xffffffff()
[ 46.142885][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 46.151462][ T5019] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 46.160029][ T5019] page dumped because: kasan: bad access detected
[ 46.166421][ T5019] page_owner tracks the page as allocated
[ 46.172122][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 46.191789][ T5019] post_alloc_hook+0x2d2/0x350
[ 46.196566][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 46.202109][ T5019] __alloc_pages+0x1d0/0x4a0
[ 46.206692][ T5019] alloc_page_interleave+0x1e/0x250
[ 46.211879][ T5019] alloc_pages+0x22a/0x270
[ 46.216296][ T5019] allocate_slab+0x24e/0x380
[ 46.220931][ T5019] ___slab_alloc+0x8bc/0x1570
[ 46.225773][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 46.231164][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 46.236622][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 46.242336][ T5019] kmalloc_reserve+0xef/0x270
[ 46.246995][ T5019] __alloc_skb+0x12b/0x330
[ 46.251401][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 46.256681][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 46.261090][ T5019] register_netdevice+0x125c/0x1630
[ 46.266275][ T5019] register_netdev+0x2f/0x50
[ 46.270852][ T5019] page_owner free stack trace missing
[ 46.276198][ T5019]
[ 46.278501][ T5019] Memory state around the buggy address:
[ 46.284132][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.292184][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.300227][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 46.308268][ T5019] ^
[ 46.312838][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 46.320923][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 46.328975][ T5019] ==================================================================
[ 46.337277][ T5019] ==================================================================
[ 46.345408][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 46.353080][ T5019] Read of size 2 at addr ffff88814a9ba414 by task syz-executor365/5019
[ 46.361307][ T5019]
[ 46.363615][ T5019] CPU: 0 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 46.375571][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 46.385985][ T5019] Call Trace:
[ 46.389259][ T5019]
[ 46.392175][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 46.396764][ T5019] print_report+0xc4/0x620
[ 46.401185][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 46.406291][ T5019] ? __phys_addr+0xc6/0x140
[ 46.410784][ T5019] kasan_report+0xda/0x110
[ 46.415193][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 46.420124][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 46.425081][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 46.429846][ T5019] hfsplus_readdir+0x871/0xff0
[ 46.434598][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 46.439911][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 46.444962][ T5019] ? down_read_killable+0x222/0x4b0
[ 46.450198][ T5019] ? down_read+0x470/0x470
[ 46.454642][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 46.460025][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 46.465740][ T5019] iterate_dir+0x59e/0x740
[ 46.470160][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 46.475357][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 46.480639][ T5019] ? fillonedir+0x400/0x400
[ 46.485131][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 46.490350][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 46.495575][ T5019] ? ptrace_notify+0xf4/0x130
[ 46.500255][ T5019] do_syscall_64+0x38/0xb0
[ 46.504669][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.510580][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 46.514979][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 46.534638][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 46.543044][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 46.551004][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 46.558980][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 46.566960][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 46.574926][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 46.582905][ T5019]
[ 46.585906][ T5019]
[ 46.588211][ T5019] Allocated by task 5019:
[ 46.592538][ T5019] kasan_save_stack+0x33/0x50
[ 46.597212][ T5019] kasan_set_track+0x25/0x30
[ 46.601786][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 46.606358][ T5019] __kmalloc+0x5d/0x100
[ 46.610502][ T5019] hfsplus_find_init+0x95/0x200
[ 46.615376][ T5019] hfsplus_readdir+0x262/0xff0
[ 46.620118][ T5019] iterate_dir+0x59e/0x740
[ 46.624517][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 46.629703][ T5019] do_syscall_64+0x38/0xb0
[ 46.634142][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.640059][ T5019]
[ 46.642364][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 46.642364][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 46.656420][ T5019] The buggy address is located 8 bytes to the right of
[ 46.656420][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 46.670992][ T5019]
[ 46.673295][ T5019] The buggy address belongs to the physical page:
[ 46.679682][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 46.689903][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 46.698834][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 46.706885][ T5019] page_type: 0xffffffff()
[ 46.711200][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 46.719853][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 46.728417][ T5019] page dumped because: kasan: bad access detected
[ 46.734806][ T5019] page_owner tracks the page as allocated
[ 46.740494][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 46.760108][ T5019] post_alloc_hook+0x2d2/0x350
[ 46.764861][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 46.770394][ T5019] __alloc_pages+0x1d0/0x4a0
[ 46.774975][ T5019] alloc_page_interleave+0x1e/0x250
[ 46.780163][ T5019] alloc_pages+0x22a/0x270
[ 46.784565][ T5019] allocate_slab+0x24e/0x380
[ 46.789134][ T5019] ___slab_alloc+0x8bc/0x1570
[ 46.793791][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 46.799150][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 46.804592][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 46.810318][ T5019] kmalloc_reserve+0xef/0x270
[ 46.814976][ T5019] __alloc_skb+0x12b/0x330
[ 46.819383][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 46.824660][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 46.829059][ T5019] register_netdevice+0x125c/0x1630
[ 46.834238][ T5019] register_netdev+0x2f/0x50
[ 46.838814][ T5019] page_owner free stack trace missing
[ 46.844163][ T5019]
[ 46.846469][ T5019] Memory state around the buggy address:
[ 46.852087][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.860127][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.868193][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 46.876233][ T5019] ^
[ 46.880806][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 46.888854][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 46.896925][ T5019] ==================================================================
[ 46.905327][ T5019] ==================================================================
[ 46.913410][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 46.921139][ T5019] Read of size 2 at addr ffff88814a9ba416 by task syz-executor365/5019
[ 46.929371][ T5019]
[ 46.931721][ T5019] CPU: 0 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 46.943619][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 46.953676][ T5019] Call Trace:
[ 46.956949][ T5019]
[ 46.959867][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 46.964453][ T5019] print_report+0xc4/0x620
[ 46.968865][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 46.973888][ T5019] ? __phys_addr+0xc6/0x140
[ 46.978386][ T5019] kasan_report+0xda/0x110
[ 46.982805][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 46.987748][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 46.992699][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 46.997473][ T5019] hfsplus_readdir+0x871/0xff0
[ 47.002235][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 47.007516][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 47.012564][ T5019] ? down_read_killable+0x222/0x4b0
[ 47.017780][ T5019] ? down_read+0x470/0x470
[ 47.022206][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 47.027589][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 47.033315][ T5019] iterate_dir+0x59e/0x740
[ 47.037733][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 47.042938][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 47.048226][ T5019] ? fillonedir+0x400/0x400
[ 47.052735][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 47.057939][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 47.063141][ T5019] ? ptrace_notify+0xf4/0x130
[ 47.067810][ T5019] do_syscall_64+0x38/0xb0
[ 47.072217][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.078163][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 47.082594][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 47.102391][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 47.110816][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 47.118785][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 47.126747][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 47.134711][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 47.142680][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 47.150665][ T5019]
[ 47.153678][ T5019]
[ 47.155986][ T5019] Allocated by task 5019:
[ 47.160299][ T5019] kasan_save_stack+0x33/0x50
[ 47.164979][ T5019] kasan_set_track+0x25/0x30
[ 47.169668][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 47.174261][ T5019] __kmalloc+0x5d/0x100
[ 47.178410][ T5019] hfsplus_find_init+0x95/0x200
[ 47.183253][ T5019] hfsplus_readdir+0x262/0xff0
[ 47.188007][ T5019] iterate_dir+0x59e/0x740
[ 47.192420][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 47.197626][ T5019] do_syscall_64+0x38/0xb0
[ 47.202029][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.207922][ T5019]
[ 47.210272][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 47.210272][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 47.224357][ T5019] The buggy address is located 10 bytes to the right of
[ 47.224357][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 47.239021][ T5019]
[ 47.241335][ T5019] The buggy address belongs to the physical page:
[ 47.247740][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 47.257973][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 47.266903][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 47.274982][ T5019] page_type: 0xffffffff()
[ 47.279671][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 47.288251][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 47.296838][ T5019] page dumped because: kasan: bad access detected
[ 47.303259][ T5019] page_owner tracks the page as allocated
[ 47.308972][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 47.328602][ T5019] post_alloc_hook+0x2d2/0x350
[ 47.333387][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 47.338932][ T5019] __alloc_pages+0x1d0/0x4a0
[ 47.343611][ T5019] alloc_page_interleave+0x1e/0x250
[ 47.348814][ T5019] alloc_pages+0x22a/0x270
[ 47.353228][ T5019] allocate_slab+0x24e/0x380
[ 47.357810][ T5019] ___slab_alloc+0x8bc/0x1570
[ 47.362479][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 47.367846][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 47.373294][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 47.379007][ T5019] kmalloc_reserve+0xef/0x270
[ 47.383675][ T5019] __alloc_skb+0x12b/0x330
[ 47.388117][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 47.393412][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 47.397826][ T5019] register_netdevice+0x125c/0x1630
[ 47.403025][ T5019] register_netdev+0x2f/0x50
[ 47.407616][ T5019] page_owner free stack trace missing
[ 47.412972][ T5019]
[ 47.415278][ T5019] Memory state around the buggy address:
[ 47.420893][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.428945][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.436997][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 47.445048][ T5019] ^
[ 47.449646][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 47.457703][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 47.465777][ T5019] ==================================================================
[ 47.479302][ T5019] ==================================================================
[ 47.487397][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 47.495038][ T5019] Read of size 2 at addr ffff88814a9ba418 by task syz-executor365/5019
[ 47.503262][ T5019]
[ 47.505575][ T5019] CPU: 0 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 47.517486][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 47.527546][ T5019] Call Trace:
[ 47.530821][ T5019]
[ 47.533740][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 47.538335][ T5019] print_report+0xc4/0x620
[ 47.542753][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 47.547779][ T5019] ? __phys_addr+0xc6/0x140
[ 47.552288][ T5019] kasan_report+0xda/0x110
[ 47.556705][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 47.561685][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 47.566651][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 47.571421][ T5019] hfsplus_readdir+0x871/0xff0
[ 47.576180][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 47.581464][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 47.586504][ T5019] ? down_read_killable+0x222/0x4b0
[ 47.591707][ T5019] ? down_read+0x470/0x470
[ 47.596393][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 47.601812][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 47.607527][ T5019] iterate_dir+0x59e/0x740
[ 47.611942][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 47.617139][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 47.622421][ T5019] ? fillonedir+0x400/0x400
[ 47.626937][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 47.632176][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 47.637433][ T5019] ? ptrace_notify+0xf4/0x130
[ 47.642129][ T5019] do_syscall_64+0x38/0xb0
[ 47.646540][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.652436][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 47.656838][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 47.676446][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 47.684855][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 47.692822][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 47.700796][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 47.708792][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 47.716768][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 47.724738][ T5019]
[ 47.727760][ T5019]
[ 47.730092][ T5019] Allocated by task 5019:
[ 47.734405][ T5019] kasan_save_stack+0x33/0x50
[ 47.739081][ T5019] kasan_set_track+0x25/0x30
[ 47.743666][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 47.748257][ T5019] __kmalloc+0x5d/0x100
[ 47.752418][ T5019] hfsplus_find_init+0x95/0x200
[ 47.757257][ T5019] hfsplus_readdir+0x262/0xff0
[ 47.762012][ T5019] iterate_dir+0x59e/0x740
[ 47.766425][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 47.771620][ T5019] do_syscall_64+0x38/0xb0
[ 47.776021][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.781913][ T5019]
[ 47.784222][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 47.784222][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 47.798329][ T5019] The buggy address is located 12 bytes to the right of
[ 47.798329][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 47.813031][ T5019]
[ 47.815349][ T5019] The buggy address belongs to the physical page:
[ 47.821740][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 47.831978][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 47.840901][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 47.848953][ T5019] page_type: 0xffffffff()
[ 47.853269][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 47.861874][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 47.870456][ T5019] page dumped because: kasan: bad access detected
[ 47.876886][ T5019] page_owner tracks the page as allocated
[ 47.882590][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 47.902226][ T5019] post_alloc_hook+0x2d2/0x350
[ 47.907000][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 47.912545][ T5019] __alloc_pages+0x1d0/0x4a0
[ 47.917129][ T5019] alloc_page_interleave+0x1e/0x250
[ 47.922321][ T5019] alloc_pages+0x22a/0x270
[ 47.926734][ T5019] allocate_slab+0x24e/0x380
[ 47.931320][ T5019] ___slab_alloc+0x8bc/0x1570
[ 47.935985][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 47.941370][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 47.946848][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 47.952562][ T5019] kmalloc_reserve+0xef/0x270
[ 47.957229][ T5019] __alloc_skb+0x12b/0x330
[ 47.961639][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 47.966938][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 47.971342][ T5019] register_netdevice+0x125c/0x1630
[ 47.976534][ T5019] register_netdev+0x2f/0x50
[ 47.981118][ T5019] page_owner free stack trace missing
[ 47.986469][ T5019]
[ 47.988791][ T5019] Memory state around the buggy address:
[ 47.994416][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 48.002465][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 48.010534][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.018592][ T5019] ^
[ 48.023432][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.031478][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.039528][ T5019] ==================================================================
[ 48.047913][ T5019] ==================================================================
[ 48.056040][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 48.063716][ T5019] Read of size 2 at addr ffff88814a9ba41a by task syz-executor365/5019
[ 48.071966][ T5019]
[ 48.074285][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 48.086182][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 48.096228][ T5019] Call Trace:
[ 48.099523][ T5019]
[ 48.102449][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 48.107177][ T5019] print_report+0xc4/0x620
[ 48.111631][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 48.116664][ T5019] ? __phys_addr+0xc6/0x140
[ 48.121170][ T5019] kasan_report+0xda/0x110
[ 48.125579][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 48.130528][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 48.135461][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 48.140219][ T5019] hfsplus_readdir+0x871/0xff0
[ 48.144974][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 48.150256][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 48.155307][ T5019] ? down_read_killable+0x222/0x4b0
[ 48.160504][ T5019] ? down_read+0x470/0x470
[ 48.164914][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 48.170287][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 48.176004][ T5019] iterate_dir+0x59e/0x740
[ 48.180419][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 48.185619][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 48.190897][ T5019] ? fillonedir+0x400/0x400
[ 48.195409][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 48.200600][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 48.205798][ T5019] ? ptrace_notify+0xf4/0x130
[ 48.210468][ T5019] do_syscall_64+0x38/0xb0
[ 48.214891][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.220817][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 48.225225][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 48.244825][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 48.253242][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 48.261203][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 48.269165][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 48.277126][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 48.285087][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 48.293052][ T5019]
[ 48.296058][ T5019]
[ 48.298365][ T5019] Allocated by task 5019:
[ 48.302760][ T5019] kasan_save_stack+0x33/0x50
[ 48.307439][ T5019] kasan_set_track+0x25/0x30
[ 48.312031][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 48.316610][ T5019] __kmalloc+0x5d/0x100
[ 48.320763][ T5019] hfsplus_find_init+0x95/0x200
[ 48.325616][ T5019] hfsplus_readdir+0x262/0xff0
[ 48.330365][ T5019] iterate_dir+0x59e/0x740
[ 48.334773][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 48.339978][ T5019] do_syscall_64+0x38/0xb0
[ 48.344384][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.350277][ T5019]
[ 48.352582][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 48.352582][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 48.366618][ T5019] The buggy address is located 14 bytes to the right of
[ 48.366618][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 48.381271][ T5019]
[ 48.383577][ T5019] The buggy address belongs to the physical page:
[ 48.389970][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 48.400192][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 48.409107][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 48.417154][ T5019] page_type: 0xffffffff()
[ 48.421466][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 48.430042][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 48.438609][ T5019] page dumped because: kasan: bad access detected
[ 48.445004][ T5019] page_owner tracks the page as allocated
[ 48.450695][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 48.470320][ T5019] post_alloc_hook+0x2d2/0x350
[ 48.475082][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 48.480620][ T5019] __alloc_pages+0x1d0/0x4a0
[ 48.485201][ T5019] alloc_page_interleave+0x1e/0x250
[ 48.490389][ T5019] alloc_pages+0x22a/0x270
[ 48.494795][ T5019] allocate_slab+0x24e/0x380
[ 48.499372][ T5019] ___slab_alloc+0x8bc/0x1570
[ 48.504032][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 48.509392][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 48.514837][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 48.520590][ T5019] kmalloc_reserve+0xef/0x270
[ 48.525254][ T5019] __alloc_skb+0x12b/0x330
[ 48.529659][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 48.534934][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 48.539345][ T5019] register_netdevice+0x125c/0x1630
[ 48.544533][ T5019] register_netdev+0x2f/0x50
[ 48.549108][ T5019] page_owner free stack trace missing
[ 48.554460][ T5019]
[ 48.556767][ T5019] Memory state around the buggy address:
[ 48.562380][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 48.570425][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 48.578470][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.586511][ T5019] ^
[ 48.591339][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.599386][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.607423][ T5019] ==================================================================
[ 48.615610][ T5019] ==================================================================
[ 48.623807][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 48.631474][ T5019] Read of size 2 at addr ffff88814a9ba41c by task syz-executor365/5019
[ 48.639702][ T5019]
[ 48.642007][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 48.653875][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 48.665220][ T5019] Call Trace:
[ 48.668484][ T5019]
[ 48.671397][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 48.675974][ T5019] print_report+0xc4/0x620
[ 48.680382][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 48.685485][ T5019] ? __phys_addr+0xc6/0x140
[ 48.689982][ T5019] kasan_report+0xda/0x110
[ 48.694392][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 48.699325][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 48.704270][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 48.709019][ T5019] hfsplus_readdir+0x871/0xff0
[ 48.713792][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 48.719061][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 48.724095][ T5019] ? down_read_killable+0x222/0x4b0
[ 48.729290][ T5019] ? down_read+0x470/0x470
[ 48.733729][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 48.739100][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 48.744818][ T5019] iterate_dir+0x59e/0x740
[ 48.749245][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 48.754531][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 48.759815][ T5019] ? fillonedir+0x400/0x400
[ 48.764321][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 48.769513][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 48.774708][ T5019] ? ptrace_notify+0xf4/0x130
[ 48.779376][ T5019] do_syscall_64+0x38/0xb0
[ 48.783781][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.789685][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 48.794093][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 48.813727][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 48.822133][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 48.830093][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 48.838053][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 48.846015][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 48.853998][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 48.861976][ T5019]
[ 48.864982][ T5019]
[ 48.867292][ T5019] Allocated by task 5019:
[ 48.871609][ T5019] kasan_save_stack+0x33/0x50
[ 48.876285][ T5019] kasan_set_track+0x25/0x30
[ 48.880881][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 48.885462][ T5019] __kmalloc+0x5d/0x100
[ 48.889614][ T5019] hfsplus_find_init+0x95/0x200
[ 48.894462][ T5019] hfsplus_readdir+0x262/0xff0
[ 48.899211][ T5019] iterate_dir+0x59e/0x740
[ 48.903622][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 48.908811][ T5019] do_syscall_64+0x38/0xb0
[ 48.913217][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.919121][ T5019]
[ 48.921431][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 48.921431][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 48.935481][ T5019] The buggy address is located 16 bytes to the right of
[ 48.935481][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 48.950176][ T5019]
[ 48.952490][ T5019] The buggy address belongs to the physical page:
[ 48.958901][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 48.969123][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 48.978043][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 48.986097][ T5019] page_type: 0xffffffff()
[ 48.990418][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 48.998996][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 49.007565][ T5019] page dumped because: kasan: bad access detected
[ 49.013959][ T5019] page_owner tracks the page as allocated
[ 49.019658][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 49.039359][ T5019] post_alloc_hook+0x2d2/0x350
[ 49.044129][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 49.049680][ T5019] __alloc_pages+0x1d0/0x4a0
[ 49.054269][ T5019] alloc_page_interleave+0x1e/0x250
[ 49.059464][ T5019] alloc_pages+0x22a/0x270
[ 49.063869][ T5019] allocate_slab+0x24e/0x380
[ 49.068522][ T5019] ___slab_alloc+0x8bc/0x1570
[ 49.073239][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 49.078614][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 49.084592][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 49.090355][ T5019] kmalloc_reserve+0xef/0x270
[ 49.095032][ T5019] __alloc_skb+0x12b/0x330
[ 49.099445][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 49.104722][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 49.109139][ T5019] register_netdevice+0x125c/0x1630
[ 49.114347][ T5019] register_netdev+0x2f/0x50
[ 49.118941][ T5019] page_owner free stack trace missing
[ 49.124287][ T5019]
[ 49.126595][ T5019] Memory state around the buggy address:
[ 49.132242][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.140304][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.148364][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.156413][ T5019] ^
[ 49.161249][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.169644][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.177685][ T5019] ==================================================================
[ 49.186638][ T5019] ==================================================================
[ 49.194753][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 49.202388][ T5019] Read of size 2 at addr ffff88814a9ba41e by task syz-executor365/5019
[ 49.210637][ T5019]
[ 49.212953][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 49.224834][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 49.234887][ T5019] Call Trace:
[ 49.238155][ T5019]
[ 49.241076][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 49.245681][ T5019] print_report+0xc4/0x620
[ 49.250127][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 49.255153][ T5019] ? __phys_addr+0xc6/0x140
[ 49.259645][ T5019] kasan_report+0xda/0x110
[ 49.264053][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 49.268982][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 49.273913][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 49.278671][ T5019] hfsplus_readdir+0x871/0xff0
[ 49.283425][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 49.288709][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 49.293753][ T5019] ? down_read_killable+0x222/0x4b0
[ 49.298946][ T5019] ? down_read+0x470/0x470
[ 49.303350][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 49.308720][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 49.314430][ T5019] iterate_dir+0x59e/0x740
[ 49.318847][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 49.324045][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 49.329321][ T5019] ? fillonedir+0x400/0x400
[ 49.333816][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 49.339020][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 49.344230][ T5019] ? ptrace_notify+0xf4/0x130
[ 49.348936][ T5019] do_syscall_64+0x38/0xb0
[ 49.353344][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.359248][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 49.363650][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.383332][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 49.391785][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 49.399755][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 49.407716][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 49.415677][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 49.423638][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 49.431610][ T5019]
[ 49.434645][ T5019]
[ 49.436956][ T5019] Allocated by task 5019:
[ 49.441265][ T5019] kasan_save_stack+0x33/0x50
[ 49.445946][ T5019] kasan_set_track+0x25/0x30
[ 49.450532][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 49.455173][ T5019] __kmalloc+0x5d/0x100
[ 49.459354][ T5019] hfsplus_find_init+0x95/0x200
[ 49.464197][ T5019] hfsplus_readdir+0x262/0xff0
[ 49.468944][ T5019] iterate_dir+0x59e/0x740
[ 49.473352][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 49.478540][ T5019] do_syscall_64+0x38/0xb0
[ 49.482947][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.488845][ T5019]
[ 49.491158][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 49.491158][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 49.505201][ T5019] The buggy address is located 18 bytes to the right of
[ 49.505201][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 49.519961][ T5019]
[ 49.522281][ T5019] The buggy address belongs to the physical page:
[ 49.528676][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 49.538924][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 49.547847][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 49.555901][ T5019] page_type: 0xffffffff()
[ 49.560226][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 49.568805][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 49.577372][ T5019] page dumped because: kasan: bad access detected
[ 49.583776][ T5019] page_owner tracks the page as allocated
[ 49.589477][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 49.609151][ T5019] post_alloc_hook+0x2d2/0x350
[ 49.613938][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 49.619492][ T5019] __alloc_pages+0x1d0/0x4a0
[ 49.624082][ T5019] alloc_page_interleave+0x1e/0x250
[ 49.629281][ T5019] alloc_pages+0x22a/0x270
[ 49.633694][ T5019] allocate_slab+0x24e/0x380
[ 49.638271][ T5019] ___slab_alloc+0x8bc/0x1570
[ 49.642942][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 49.648308][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 49.653967][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 49.659684][ T5019] kmalloc_reserve+0xef/0x270
[ 49.664350][ T5019] __alloc_skb+0x12b/0x330
[ 49.668754][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 49.674032][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 49.678435][ T5019] register_netdevice+0x125c/0x1630
[ 49.683622][ T5019] register_netdev+0x2f/0x50
[ 49.688201][ T5019] page_owner free stack trace missing
[ 49.693552][ T5019]
[ 49.695858][ T5019] Memory state around the buggy address:
[ 49.701472][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.709523][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.717663][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.725706][ T5019] ^
[ 49.730554][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.738703][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 49.746751][ T5019] ==================================================================
[ 49.755085][ T5019] ==================================================================
[ 49.763162][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 49.770817][ T5019] Read of size 2 at addr ffff88814a9ba420 by task syz-executor365/5019
[ 49.779061][ T5019]
[ 49.781374][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 49.793258][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 49.803313][ T5019] Call Trace:
[ 49.806586][ T5019]
[ 49.809512][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 49.814111][ T5019] print_report+0xc4/0x620
[ 49.818527][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 49.823546][ T5019] ? __phys_addr+0xc6/0x140
[ 49.828048][ T5019] kasan_report+0xda/0x110
[ 49.832465][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 49.837401][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 49.842331][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 49.847090][ T5019] hfsplus_readdir+0x871/0xff0
[ 49.851849][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 49.857128][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 49.862159][ T5019] ? down_read_killable+0x222/0x4b0
[ 49.867357][ T5019] ? down_read+0x470/0x470
[ 49.871768][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 49.877149][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 49.882865][ T5019] iterate_dir+0x59e/0x740
[ 49.887284][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 49.892486][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 49.897776][ T5019] ? fillonedir+0x400/0x400
[ 49.902285][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 49.907482][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 49.912694][ T5019] ? ptrace_notify+0xf4/0x130
[ 49.917390][ T5019] do_syscall_64+0x38/0xb0
[ 49.921816][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.927720][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 49.932122][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.951744][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 49.960193][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 49.968166][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 49.976130][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 49.984103][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 49.992088][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 50.000064][ T5019]
[ 50.003071][ T5019]
[ 50.005383][ T5019] Allocated by task 5019:
[ 50.009696][ T5019] kasan_save_stack+0x33/0x50
[ 50.014402][ T5019] kasan_set_track+0x25/0x30
[ 50.018987][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 50.023575][ T5019] __kmalloc+0x5d/0x100
[ 50.027750][ T5019] hfsplus_find_init+0x95/0x200
[ 50.032611][ T5019] hfsplus_readdir+0x262/0xff0
[ 50.037364][ T5019] iterate_dir+0x59e/0x740
[ 50.041777][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 50.046975][ T5019] do_syscall_64+0x38/0xb0
[ 50.051378][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.057278][ T5019]
[ 50.059587][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 50.059587][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 50.073645][ T5019] The buggy address is located 20 bytes to the right of
[ 50.073645][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 50.088312][ T5019]
[ 50.090650][ T5019] The buggy address belongs to the physical page:
[ 50.097056][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 50.107308][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 50.116228][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 50.124282][ T5019] page_type: 0xffffffff()
[ 50.128598][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 50.137174][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 50.145741][ T5019] page dumped because: kasan: bad access detected
[ 50.152160][ T5019] page_owner tracks the page as allocated
[ 50.157864][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 50.177483][ T5019] post_alloc_hook+0x2d2/0x350
[ 50.182253][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 50.187795][ T5019] __alloc_pages+0x1d0/0x4a0
[ 50.192382][ T5019] alloc_page_interleave+0x1e/0x250
[ 50.197568][ T5019] alloc_pages+0x22a/0x270
[ 50.201972][ T5019] allocate_slab+0x24e/0x380
[ 50.206553][ T5019] ___slab_alloc+0x8bc/0x1570
[ 50.211220][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 50.216584][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 50.222028][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 50.227741][ T5019] kmalloc_reserve+0xef/0x270
[ 50.232410][ T5019] __alloc_skb+0x12b/0x330
[ 50.236811][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 50.242100][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 50.246504][ T5019] register_netdevice+0x125c/0x1630
[ 50.251695][ T5019] register_netdev+0x2f/0x50
[ 50.256274][ T5019] page_owner free stack trace missing
[ 50.261717][ T5019]
[ 50.264030][ T5019] Memory state around the buggy address:
[ 50.269644][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.277694][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.285742][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.293820][ T5019] ^
[ 50.298929][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.306980][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.315027][ T5019] ==================================================================
[ 50.323522][ T5019] ==================================================================
[ 50.331587][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 50.339218][ T5019] Read of size 2 at addr ffff88814a9ba422 by task syz-executor365/5019
[ 50.347469][ T5019]
[ 50.349774][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 50.361654][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 50.371708][ T5019] Call Trace:
[ 50.374979][ T5019]
[ 50.377894][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 50.382477][ T5019] print_report+0xc4/0x620
[ 50.386884][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 50.391895][ T5019] ? __phys_addr+0xc6/0x140
[ 50.396384][ T5019] kasan_report+0xda/0x110
[ 50.400790][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 50.405717][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 50.410650][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 50.415410][ T5019] hfsplus_readdir+0x871/0xff0
[ 50.420161][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 50.425432][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 50.430464][ T5019] ? down_read_killable+0x222/0x4b0
[ 50.435665][ T5019] ? down_read+0x470/0x470
[ 50.440075][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 50.445448][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 50.451177][ T5019] iterate_dir+0x59e/0x740
[ 50.455590][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 50.460802][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 50.466108][ T5019] ? fillonedir+0x400/0x400
[ 50.470617][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 50.475827][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 50.481049][ T5019] ? ptrace_notify+0xf4/0x130
[ 50.485733][ T5019] do_syscall_64+0x38/0xb0
[ 50.490153][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.496068][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 50.500475][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 50.520096][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 50.528509][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 50.536479][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 50.544451][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 50.552417][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 50.560379][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 50.568351][ T5019]
[ 50.571360][ T5019]
[ 50.573665][ T5019] Allocated by task 5019:
[ 50.577979][ T5019] kasan_save_stack+0x33/0x50
[ 50.582669][ T5019] kasan_set_track+0x25/0x30
[ 50.587261][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 50.591864][ T5019] __kmalloc+0x5d/0x100
[ 50.596018][ T5019] hfsplus_find_init+0x95/0x200
[ 50.600864][ T5019] hfsplus_readdir+0x262/0xff0
[ 50.605616][ T5019] iterate_dir+0x59e/0x740
[ 50.610026][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 50.615239][ T5019] do_syscall_64+0x38/0xb0
[ 50.619654][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.625548][ T5019]
[ 50.627858][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 50.627858][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 50.641909][ T5019] The buggy address is located 22 bytes to the right of
[ 50.641909][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 50.656579][ T5019]
[ 50.658999][ T5019] The buggy address belongs to the physical page:
[ 50.665394][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 50.675709][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 50.684646][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 50.692707][ T5019] page_type: 0xffffffff()
[ 50.697028][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 50.705621][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 50.714199][ T5019] page dumped because: kasan: bad access detected
[ 50.720602][ T5019] page_owner tracks the page as allocated
[ 50.726298][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 50.745938][ T5019] post_alloc_hook+0x2d2/0x350
[ 50.750718][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 50.756263][ T5019] __alloc_pages+0x1d0/0x4a0
[ 50.760850][ T5019] alloc_page_interleave+0x1e/0x250
[ 50.766042][ T5019] alloc_pages+0x22a/0x270
[ 50.770459][ T5019] allocate_slab+0x24e/0x380
[ 50.775053][ T5019] ___slab_alloc+0x8bc/0x1570
[ 50.779725][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 50.785091][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 50.790631][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 50.796345][ T5019] kmalloc_reserve+0xef/0x270
[ 50.801014][ T5019] __alloc_skb+0x12b/0x330
[ 50.805421][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 50.810701][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 50.815112][ T5019] register_netdevice+0x125c/0x1630
[ 50.820300][ T5019] register_netdev+0x2f/0x50
[ 50.824878][ T5019] page_owner free stack trace missing
[ 50.830236][ T5019]
[ 50.832547][ T5019] Memory state around the buggy address:
[ 50.838159][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.846209][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.854283][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.862353][ T5019] ^
[ 50.867458][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.875502][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.883549][ T5019] ==================================================================
[ 50.892336][ T5019] ==================================================================
[ 50.900459][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 50.908118][ T5019] Read of size 2 at addr ffff88814a9ba424 by task syz-executor365/5019
[ 50.916365][ T5019]
[ 50.918680][ T5019] CPU: 0 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 50.930559][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 50.940608][ T5019] Call Trace:
[ 50.943877][ T5019]
[ 50.946796][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 50.951425][ T5019] print_report+0xc4/0x620
[ 50.955861][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 50.960878][ T5019] ? __phys_addr+0xc6/0x140
[ 50.965370][ T5019] kasan_report+0xda/0x110
[ 50.969840][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 50.974777][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 50.979708][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 50.984462][ T5019] hfsplus_readdir+0x871/0xff0
[ 50.989215][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 50.994490][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 50.999553][ T5019] ? down_read_killable+0x222/0x4b0
[ 51.004759][ T5019] ? down_read+0x470/0x470
[ 51.009173][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 51.014537][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 51.020252][ T5019] iterate_dir+0x59e/0x740
[ 51.024663][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 51.029886][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 51.035164][ T5019] ? fillonedir+0x400/0x400
[ 51.039670][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 51.044864][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 51.050239][ T5019] ? ptrace_notify+0xf4/0x130
[ 51.054910][ T5019] do_syscall_64+0x38/0xb0
[ 51.059313][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.065224][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 51.069632][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 51.089231][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 51.097638][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 51.105611][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 51.113591][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 51.121580][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 51.129543][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 51.137535][ T5019]
[ 51.140545][ T5019]
[ 51.142850][ T5019] Allocated by task 5019:
[ 51.147151][ T5019] kasan_save_stack+0x33/0x50
[ 51.151817][ T5019] kasan_set_track+0x25/0x30
[ 51.156394][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 51.160974][ T5019] __kmalloc+0x5d/0x100
[ 51.165129][ T5019] hfsplus_find_init+0x95/0x200
[ 51.169968][ T5019] hfsplus_readdir+0x262/0xff0
[ 51.174721][ T5019] iterate_dir+0x59e/0x740
[ 51.179121][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 51.184309][ T5019] do_syscall_64+0x38/0xb0
[ 51.188739][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.194662][ T5019]
[ 51.196964][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 51.196964][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 51.210998][ T5019] The buggy address is located 24 bytes to the right of
[ 51.210998][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 51.225708][ T5019]
[ 51.228028][ T5019] The buggy address belongs to the physical page:
[ 51.234427][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 51.244676][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 51.253593][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 51.261637][ T5019] page_type: 0xffffffff()
[ 51.265943][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 51.274570][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 51.283128][ T5019] page dumped because: kasan: bad access detected
[ 51.289523][ T5019] page_owner tracks the page as allocated
[ 51.295213][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 51.314855][ T5019] post_alloc_hook+0x2d2/0x350
[ 51.319644][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 51.325181][ T5019] __alloc_pages+0x1d0/0x4a0
[ 51.329764][ T5019] alloc_page_interleave+0x1e/0x250
[ 51.334949][ T5019] alloc_pages+0x22a/0x270
[ 51.339355][ T5019] allocate_slab+0x24e/0x380
[ 51.343931][ T5019] ___slab_alloc+0x8bc/0x1570
[ 51.348715][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 51.354101][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 51.359555][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 51.365268][ T5019] kmalloc_reserve+0xef/0x270
[ 51.369939][ T5019] __alloc_skb+0x12b/0x330
[ 51.374337][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 51.379619][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 51.384016][ T5019] register_netdevice+0x125c/0x1630
[ 51.389196][ T5019] register_netdev+0x2f/0x50
[ 51.393766][ T5019] page_owner free stack trace missing
[ 51.399112][ T5019]
[ 51.401412][ T5019] Memory state around the buggy address:
[ 51.407019][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.415057][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.423106][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 51.431162][ T5019] ^
[ 51.436254][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 51.444304][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 51.452349][ T5019] ==================================================================
[ 51.460751][ T5019] ==================================================================
[ 51.468819][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 51.476446][ T5019] Read of size 2 at addr ffff88814a9ba426 by task syz-executor365/5019
[ 51.484679][ T5019]
[ 51.486994][ T5019] CPU: 0 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 51.498873][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 51.508912][ T5019] Call Trace:
[ 51.512179][ T5019]
[ 51.515094][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 51.519678][ T5019] print_report+0xc4/0x620
[ 51.524094][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 51.529114][ T5019] ? __phys_addr+0xc6/0x140
[ 51.533613][ T5019] kasan_report+0xda/0x110
[ 51.538028][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 51.542963][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 51.547891][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 51.552664][ T5019] hfsplus_readdir+0x871/0xff0
[ 51.557422][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 51.562701][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 51.567739][ T5019] ? down_read_killable+0x222/0x4b0
[ 51.572963][ T5019] ? down_read+0x470/0x470
[ 51.577392][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 51.582759][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 51.588471][ T5019] iterate_dir+0x59e/0x740
[ 51.592888][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 51.598079][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 51.603360][ T5019] ? fillonedir+0x400/0x400
[ 51.607856][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 51.613061][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 51.618260][ T5019] ? ptrace_notify+0xf4/0x130
[ 51.622939][ T5019] do_syscall_64+0x38/0xb0
[ 51.627429][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.633320][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 51.637724][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 51.657329][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 51.665734][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 51.673706][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 51.681674][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 51.689639][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 51.697690][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 51.705666][ T5019]
[ 51.708672][ T5019]
[ 51.710976][ T5019] Allocated by task 5019:
[ 51.715284][ T5019] kasan_save_stack+0x33/0x50
[ 51.719969][ T5019] kasan_set_track+0x25/0x30
[ 51.724552][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 51.729134][ T5019] __kmalloc+0x5d/0x100
[ 51.733285][ T5019] hfsplus_find_init+0x95/0x200
[ 51.738133][ T5019] hfsplus_readdir+0x262/0xff0
[ 51.742887][ T5019] iterate_dir+0x59e/0x740
[ 51.747322][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 51.752513][ T5019] do_syscall_64+0x38/0xb0
[ 51.756913][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.762799][ T5019]
[ 51.765104][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 51.765104][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 51.779145][ T5019] The buggy address is located 26 bytes to the right of
[ 51.779145][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 51.793796][ T5019]
[ 51.796114][ T5019] The buggy address belongs to the physical page:
[ 51.802503][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 51.812726][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 51.821640][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 51.831167][ T5019] page_type: 0xffffffff()
[ 51.835479][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 51.844052][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 51.852613][ T5019] page dumped because: kasan: bad access detected
[ 51.859007][ T5019] page_owner tracks the page as allocated
[ 51.864701][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 51.884319][ T5019] post_alloc_hook+0x2d2/0x350
[ 51.889084][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 51.894626][ T5019] __alloc_pages+0x1d0/0x4a0
[ 51.899212][ T5019] alloc_page_interleave+0x1e/0x250
[ 51.904402][ T5019] alloc_pages+0x22a/0x270
[ 51.908810][ T5019] allocate_slab+0x24e/0x380
[ 51.913389][ T5019] ___slab_alloc+0x8bc/0x1570
[ 51.918051][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 51.923411][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 51.928860][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 51.934570][ T5019] kmalloc_reserve+0xef/0x270
[ 51.939235][ T5019] __alloc_skb+0x12b/0x330
[ 51.943637][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 51.948909][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 51.953312][ T5019] register_netdevice+0x125c/0x1630
[ 51.958497][ T5019] register_netdev+0x2f/0x50
[ 51.963073][ T5019] page_owner free stack trace missing
[ 51.968419][ T5019]
[ 51.970722][ T5019] Memory state around the buggy address:
[ 51.976334][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.984380][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 51.992422][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.000460][ T5019] ^
[ 52.005562][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.013620][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.021664][ T5019] ==================================================================
[ 52.029939][ T5019] ==================================================================
[ 52.038014][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 52.045685][ T5019] Read of size 2 at addr ffff88814a9ba428 by task syz-executor365/5019
[ 52.053907][ T5019]
[ 52.056208][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 52.068104][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 52.078160][ T5019] Call Trace:
[ 52.081421][ T5019]
[ 52.084335][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 52.088919][ T5019] print_report+0xc4/0x620
[ 52.093327][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 52.098333][ T5019] ? __phys_addr+0xc6/0x140
[ 52.102827][ T5019] kasan_report+0xda/0x110
[ 52.107330][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 52.112255][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 52.117188][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 52.121940][ T5019] hfsplus_readdir+0x871/0xff0
[ 52.126691][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 52.131957][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 52.136984][ T5019] ? down_read_killable+0x222/0x4b0
[ 52.142172][ T5019] ? down_read+0x470/0x470
[ 52.146573][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 52.151931][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 52.157630][ T5019] iterate_dir+0x59e/0x740
[ 52.162036][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 52.167216][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 52.172485][ T5019] ? fillonedir+0x400/0x400
[ 52.176975][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.182154][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 52.187345][ T5019] ? ptrace_notify+0xf4/0x130
[ 52.192005][ T5019] do_syscall_64+0x38/0xb0
[ 52.196405][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.202303][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 52.206699][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 52.226290][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 52.234704][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 52.242663][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 52.250619][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 52.258570][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 52.266525][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 52.274476][ T5019]
[ 52.277472][ T5019]
[ 52.279770][ T5019] Allocated by task 5019:
[ 52.284070][ T5019] kasan_save_stack+0x33/0x50
[ 52.288729][ T5019] kasan_set_track+0x25/0x30
[ 52.293302][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 52.297879][ T5019] __kmalloc+0x5d/0x100
[ 52.302014][ T5019] hfsplus_find_init+0x95/0x200
[ 52.306842][ T5019] hfsplus_readdir+0x262/0xff0
[ 52.311584][ T5019] iterate_dir+0x59e/0x740
[ 52.315978][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 52.321158][ T5019] do_syscall_64+0x38/0xb0
[ 52.325552][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.331452][ T5019]
[ 52.333756][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 52.333756][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 52.347800][ T5019] The buggy address is located 28 bytes to the right of
[ 52.347800][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 52.362444][ T5019]
[ 52.364747][ T5019] The buggy address belongs to the physical page:
[ 52.371135][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 52.381353][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 52.390264][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 52.398394][ T5019] page_type: 0xffffffff()
[ 52.402703][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 52.411264][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 52.419820][ T5019] page dumped because: kasan: bad access detected
[ 52.426205][ T5019] page_owner tracks the page as allocated
[ 52.431894][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 52.451497][ T5019] post_alloc_hook+0x2d2/0x350
[ 52.456246][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 52.461782][ T5019] __alloc_pages+0x1d0/0x4a0
[ 52.466366][ T5019] alloc_page_interleave+0x1e/0x250
[ 52.471545][ T5019] alloc_pages+0x22a/0x270
[ 52.475942][ T5019] allocate_slab+0x24e/0x380
[ 52.480513][ T5019] ___slab_alloc+0x8bc/0x1570
[ 52.485168][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 52.490520][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 52.495956][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 52.501658][ T5019] kmalloc_reserve+0xef/0x270
[ 52.506311][ T5019] __alloc_skb+0x12b/0x330
[ 52.510705][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 52.515972][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 52.520369][ T5019] register_netdevice+0x125c/0x1630
[ 52.525550][ T5019] register_netdev+0x2f/0x50
[ 52.530121][ T5019] page_owner free stack trace missing
[ 52.535460][ T5019]
[ 52.537760][ T5019] Memory state around the buggy address:
[ 52.543365][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.551406][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.559447][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.567481][ T5019] ^
[ 52.572827][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.580866][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.588992][ T5019] ==================================================================
[ 52.597438][ T5019] ==================================================================
[ 52.605495][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 52.613124][ T5019] Read of size 2 at addr ffff88814a9ba42a by task syz-executor365/5019
[ 52.621343][ T5019]
[ 52.623647][ T5019] CPU: 1 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 52.635517][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 52.645554][ T5019] Call Trace:
[ 52.648819][ T5019]
[ 52.651735][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 52.656315][ T5019] print_report+0xc4/0x620
[ 52.660726][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 52.665744][ T5019] ? __phys_addr+0xc6/0x140
[ 52.670239][ T5019] kasan_report+0xda/0x110
[ 52.674647][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 52.679576][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 52.684506][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 52.689258][ T5019] hfsplus_readdir+0x871/0xff0
[ 52.694014][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 52.699288][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 52.704317][ T5019] ? down_read_killable+0x222/0x4b0
[ 52.709513][ T5019] ? down_read+0x470/0x470
[ 52.713926][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 52.719291][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 52.725005][ T5019] iterate_dir+0x59e/0x740
[ 52.729416][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 52.734608][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 52.739897][ T5019] ? fillonedir+0x400/0x400
[ 52.744398][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.749586][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 52.754778][ T5019] ? ptrace_notify+0xf4/0x130
[ 52.759446][ T5019] do_syscall_64+0x38/0xb0
[ 52.763852][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.769746][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 52.774144][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 52.793750][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 52.802154][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 52.810198][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 52.818155][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 52.826132][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 52.834093][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 52.842076][ T5019]
[ 52.845079][ T5019]
[ 52.847382][ T5019] Allocated by task 5019:
[ 52.851687][ T5019] kasan_save_stack+0x33/0x50
[ 52.856356][ T5019] kasan_set_track+0x25/0x30
[ 52.860940][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 52.865520][ T5019] __kmalloc+0x5d/0x100
[ 52.869670][ T5019] hfsplus_find_init+0x95/0x200
[ 52.874515][ T5019] hfsplus_readdir+0x262/0xff0
[ 52.879268][ T5019] iterate_dir+0x59e/0x740
[ 52.883676][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 52.888869][ T5019] do_syscall_64+0x38/0xb0
[ 52.893268][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.899154][ T5019]
[ 52.901461][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 52.901461][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 52.915501][ T5019] The buggy address is located 30 bytes to the right of
[ 52.915501][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 52.930159][ T5019]
[ 52.932469][ T5019] The buggy address belongs to the physical page:
[ 52.938857][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 52.949079][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 52.958019][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 52.966076][ T5019] page_type: 0xffffffff()
[ 52.970396][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 52.978970][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 52.987538][ T5019] page dumped because: kasan: bad access detected
[ 52.993929][ T5019] page_owner tracks the page as allocated
[ 52.999624][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 53.019245][ T5019] post_alloc_hook+0x2d2/0x350
[ 53.024019][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 53.029563][ T5019] __alloc_pages+0x1d0/0x4a0
[ 53.034171][ T5019] alloc_page_interleave+0x1e/0x250
[ 53.039404][ T5019] alloc_pages+0x22a/0x270
[ 53.043813][ T5019] allocate_slab+0x24e/0x380
[ 53.048392][ T5019] ___slab_alloc+0x8bc/0x1570
[ 53.053055][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 53.058418][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 53.063873][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 53.069588][ T5019] kmalloc_reserve+0xef/0x270
[ 53.074254][ T5019] __alloc_skb+0x12b/0x330
[ 53.078665][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 53.083939][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 53.088344][ T5019] register_netdevice+0x125c/0x1630
[ 53.093532][ T5019] register_netdev+0x2f/0x50
[ 53.098112][ T5019] page_owner free stack trace missing
[ 53.103459][ T5019]
[ 53.105767][ T5019] Memory state around the buggy address:
[ 53.111380][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.119443][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.127580][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.135625][ T5019] ^
[ 53.141011][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.149056][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.157098][ T5019] ==================================================================
[ 53.165276][ T5019] ==================================================================
[ 53.173370][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 53.181011][ T5019] Read of size 2 at addr ffff88814a9ba42c by task syz-executor365/5019
[ 53.189224][ T5019]
[ 53.191531][ T5019] CPU: 0 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 53.203403][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 53.213442][ T5019] Call Trace:
[ 53.216705][ T5019]
[ 53.219623][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 53.224206][ T5019] print_report+0xc4/0x620
[ 53.228613][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 53.233636][ T5019] ? __phys_addr+0xc6/0x140
[ 53.238127][ T5019] kasan_report+0xda/0x110
[ 53.242548][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 53.247472][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 53.252416][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 53.257170][ T5019] hfsplus_readdir+0x871/0xff0
[ 53.261923][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 53.267202][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 53.272227][ T5019] ? down_read_killable+0x222/0x4b0
[ 53.277410][ T5019] ? down_read+0x470/0x470
[ 53.281812][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 53.287192][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 53.292893][ T5019] iterate_dir+0x59e/0x740
[ 53.297305][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 53.302491][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 53.307760][ T5019] ? fillonedir+0x400/0x400
[ 53.312245][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.317427][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.322633][ T5019] ? ptrace_notify+0xf4/0x130
[ 53.327292][ T5019] do_syscall_64+0x38/0xb0
[ 53.331689][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.337574][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 53.341971][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 53.361561][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 53.369955][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 53.377906][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 53.385853][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 53.393823][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 53.401782][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 53.409735][ T5019]
[ 53.412732][ T5019]
[ 53.415031][ T5019] Allocated by task 5019:
[ 53.419355][ T5019] kasan_save_stack+0x33/0x50
[ 53.424015][ T5019] kasan_set_track+0x25/0x30
[ 53.428585][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 53.433152][ T5019] __kmalloc+0x5d/0x100
[ 53.437287][ T5019] hfsplus_find_init+0x95/0x200
[ 53.442119][ T5019] hfsplus_readdir+0x262/0xff0
[ 53.446861][ T5019] iterate_dir+0x59e/0x740
[ 53.451259][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 53.456435][ T5019] do_syscall_64+0x38/0xb0
[ 53.460831][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.466712][ T5019]
[ 53.469013][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 53.469013][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 53.483045][ T5019] The buggy address is located 32 bytes to the right of
[ 53.483045][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 53.497690][ T5019]
[ 53.499990][ T5019] The buggy address belongs to the physical page:
[ 53.506376][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 53.516592][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 53.525495][ T5019] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 53.533536][ T5019] page_type: 0xffffffff()
[ 53.537844][ T5019] raw: 057ff00000010200 ffff888012842000 dead000000000100 dead000000000122
[ 53.546404][ T5019] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 53.555482][ T5019] page dumped because: kasan: bad access detected
[ 53.561869][ T5019] page_owner tracks the page as allocated
[ 53.567647][ T5019] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9198199991, free_ts 0
[ 53.587246][ T5019] post_alloc_hook+0x2d2/0x350
[ 53.591996][ T5019] get_page_from_freelist+0x10a9/0x31e0
[ 53.597522][ T5019] __alloc_pages+0x1d0/0x4a0
[ 53.602094][ T5019] alloc_page_interleave+0x1e/0x250
[ 53.607274][ T5019] alloc_pages+0x22a/0x270
[ 53.611679][ T5019] allocate_slab+0x24e/0x380
[ 53.616246][ T5019] ___slab_alloc+0x8bc/0x1570
[ 53.620904][ T5019] __slab_alloc.constprop.0+0x56/0xa0
[ 53.626257][ T5019] __kmem_cache_alloc_node+0x137/0x350
[ 53.631698][ T5019] __kmalloc_node_track_caller+0x4d/0x100
[ 53.637405][ T5019] kmalloc_reserve+0xef/0x270
[ 53.642060][ T5019] __alloc_skb+0x12b/0x330
[ 53.646456][ T5019] rtmsg_ifinfo_build_skb+0x7d/0x270
[ 53.651736][ T5019] rtmsg_ifinfo+0x9f/0x1a0
[ 53.656129][ T5019] register_netdevice+0x125c/0x1630
[ 53.661309][ T5019] register_netdev+0x2f/0x50
[ 53.665879][ T5019] page_owner free stack trace missing
[ 53.671221][ T5019]
[ 53.673520][ T5019] Memory state around the buggy address:
[ 53.679121][ T5019] ffff88814a9ba300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.687173][ T5019] ffff88814a9ba380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.695231][ T5019] >ffff88814a9ba400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.703268][ T5019] ^
[ 53.708619][ T5019] ffff88814a9ba480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.716656][ T5019] ffff88814a9ba500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.724690][ T5019] ==================================================================
[ 53.733000][ T5019] ==================================================================
[ 53.741050][ T5019] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x8fd/0xa00
[ 53.748678][ T5019] Read of size 2 at addr ffff88814a9ba42e by task syz-executor365/5019
[ 53.756901][ T5019]
[ 53.759210][ T5019] CPU: 0 PID: 5019 Comm: syz-executor365 Tainted: G B 6.5.0-rc1-syzkaller-00152-g4b810bf037e5 #0
[ 53.771077][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 53.781113][ T5019] Call Trace:
[ 53.784379][ T5019]
[ 53.787299][ T5019] dump_stack_lvl+0xd9/0x1b0
[ 53.791878][ T5019] print_report+0xc4/0x620
[ 53.796287][ T5019] ? __virt_addr_valid+0x5e/0x2d0
[ 53.801298][ T5019] ? __phys_addr+0xc6/0x140
[ 53.805798][ T5019] kasan_report+0xda/0x110
[ 53.810209][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 53.815138][ T5019] ? hfsplus_uni2asc+0x8fd/0xa00
[ 53.820069][ T5019] hfsplus_uni2asc+0x8fd/0xa00
[ 53.824825][ T5019] hfsplus_readdir+0x871/0xff0
[ 53.829578][ T5019] ? hfsplus_dir_release+0x1c0/0x1c0
[ 53.834852][ T5019] ? __lock_acquire+0x250f/0x5de0
[ 53.839881][ T5019] ? down_read_killable+0x222/0x4b0
[ 53.845071][ T5019] ? down_read+0x470/0x470
[ 53.849474][ T5019] ? fsnotify_perm.part.0+0x268/0x630
[ 53.854836][ T5019] ? apparmor_file_permission+0x21f/0x4f0
[ 53.860541][ T5019] iterate_dir+0x59e/0x740
[ 53.864969][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 53.870164][ T5019] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 53.875444][ T5019] ? fillonedir+0x400/0x400
[ 53.879938][ T5019] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.885128][ T5019] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.890322][ T5019] ? ptrace_notify+0xf4/0x130
[ 53.894988][ T5019] do_syscall_64+0x38/0xb0
[ 53.899391][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.905284][ T5019] RIP: 0033:0x7fd3e4f0e649
[ 53.909685][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 53.929281][ T5019] RSP: 002b:00007fffba15f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 53.937699][ T5019] RAX: ffffffffffffffda RBX: 00007fffba15f1f8 RCX: 00007fd3e4f0e649
[ 53.945678][ T5019] RDX: 0000000000000067 RSI: 0000000020000540 RDI: 0000000000000003
[ 53.953637][ T5019] RBP: 00007fd3e4f81610 R08: 0000000000000651 R09: 00007fffba15f1f8
[ 53.961595][ T5019] R10: 00007fffba15eee0 R11: 0000000000000246 R12: 0000000000000001
[ 53.969552][ T5019] R13: 00007fffba15f1e8 R14: 0000000000000001 R15: 0000000000000001
[ 53.977518][ T5019]
[ 53.980544][ T5019]
[ 53.982849][ T5019] Allocated by task 5019:
[ 53.987159][ T5019] kasan_save_stack+0x33/0x50
[ 53.991833][ T5019] kasan_set_track+0x25/0x30
[ 53.996412][ T5019] __kasan_kmalloc+0xa2/0xb0
[ 54.000995][ T5019] __kmalloc+0x5d/0x100
[ 54.005147][ T5019] hfsplus_find_init+0x95/0x200
[ 54.009992][ T5019] hfsplus_readdir+0x262/0xff0
[ 54.014763][ T5019] iterate_dir+0x59e/0x740
[ 54.019174][ T5019] __x64_sys_getdents64+0x14f/0x2e0
[ 54.024363][ T5019] do_syscall_64+0x38/0xb0
[ 54.028765][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.034664][ T5019]
[ 54.036972][ T5019] The buggy address belongs to the object at ffff88814a9ba000
[ 54.036972][ T5019] which belongs to the cache kmalloc-2k of size 2048
[ 54.051006][ T5019] The buggy address is located 34 bytes to the right of
[ 54.051006][ T5019] allocated 1036-byte region [ffff88814a9ba000, ffff88814a9ba40c)
[ 54.065692][ T5019]
[ 54.068000][ T5019] The buggy address belongs to the physical page:
[ 54.074389][ T5019] page:ffffea00052a6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a9b8
[ 54.084666][ T5019] head:ffffea00052a6e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0