Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts. executing program [ 38.338865][ T4217] loop0: detected capacity change from 0 to 1024 [ 38.349654][ T4217] ================================================================== [ 38.351819][ T4217] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 [ 38.353792][ T4217] Read of size 2 at addr ffff0000d565240c by task syz-executor210/4217 [ 38.355942][ T4217] [ 38.356533][ T4217] CPU: 1 PID: 4217 Comm: syz-executor210 Not tainted 6.1.44-syzkaller #0 [ 38.358686][ T4217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 38.361217][ T4217] Call trace: [ 38.362040][ T4217] dump_backtrace+0x1c8/0x1f4 [ 38.363187][ T4217] show_stack+0x2c/0x3c [ 38.364203][ T4217] dump_stack_lvl+0x108/0x170 [ 38.365373][ T4217] print_report+0x174/0x4c0 [ 38.366511][ T4217] kasan_report+0xd4/0x130 [ 38.367656][ T4217] __asan_report_load2_noabort+0x2c/0x38 [ 38.369053][ T4217] hfsplus_uni2asc+0x624/0x1018 [ 38.370236][ T4217] hfsplus_readdir+0x7a0/0xf28 [ 38.371535][ T4217] iterate_dir+0x1f4/0x4e4 [ 38.372646][ T4217] __arm64_sys_getdents64+0x1c4/0x4a0 [ 38.374031][ T4217] invoke_syscall+0x98/0x2c0 [ 38.375234][ T4217] el0_svc_common+0x138/0x258 [ 38.376415][ T4217] do_el0_svc+0x64/0x218 [ 38.377475][ T4217] el0_svc+0x58/0x168 [ 38.378494][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 38.379748][ T4217] el0t_64_sync+0x18c/0x190 [ 38.380839][ T4217] [ 38.381386][ T4217] Allocated by task 4217: [ 38.382543][ T4217] kasan_set_track+0x4c/0x80 [ 38.383686][ T4217] kasan_save_alloc_info+0x24/0x30 [ 38.384982][ T4217] __kasan_kmalloc+0xac/0xc4 [ 38.386131][ T4217] __kmalloc+0xd8/0x1c4 [ 38.387150][ T4217] hfsplus_find_init+0x84/0x1bc [ 38.388358][ T4217] hfsplus_readdir+0x1c8/0xf28 [ 38.389525][ T4217] iterate_dir+0x1f4/0x4e4 [ 38.390639][ T4217] __arm64_sys_getdents64+0x1c4/0x4a0 [ 38.392000][ T4217] invoke_syscall+0x98/0x2c0 [ 38.393171][ T4217] el0_svc_common+0x138/0x258 [ 38.394374][ T4217] do_el0_svc+0x64/0x218 [ 38.395437][ T4217] el0_svc+0x58/0x168 [ 38.396427][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 38.397701][ T4217] el0t_64_sync+0x18c/0x190 [ 38.398878][ T4217] [ 38.399494][ T4217] The buggy address belongs to the object at ffff0000d5652000 [ 38.399494][ T4217] which belongs to the cache kmalloc-2k of size 2048 [ 38.403069][ T4217] The buggy address is located 1036 bytes inside of [ 38.403069][ T4217] 2048-byte region [ffff0000d5652000, ffff0000d5652800) [ 38.406443][ T4217] [ 38.407005][ T4217] The buggy address belongs to the physical page: [ 38.408651][ T4217] page:00000000605faa6f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115650 [ 38.411332][ T4217] head:00000000605faa6f order:3 compound_mapcount:0 compound_pincount:0 [ 38.413563][ T4217] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 38.415618][ T4217] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002900 [ 38.417859][ T4217] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 38.419975][ T4217] page dumped because: kasan: bad access detected [ 38.421559][ T4217] [ 38.422106][ T4217] Memory state around the buggy address: [ 38.423504][ T4217] ffff0000d5652300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.425541][ T4217] ffff0000d5652380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.427548][ T4217] >ffff0000d5652400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.429509][ T4217] ^ [ 38.430597][ T4217] ffff0000d5652480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.432651][ T4217] ffff0000d5652500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.434633][ T4217] ================================================================== [ 38.436891][ T4217] Disabling lock debugging due to kernel taint