==================================================================
BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa00 fs/hfsplus/unicode.c:179
Read of size 2 at addr ffff8880b0f1cccc by task syz-executor367/8101

CPU: 1 PID: 8101 Comm: syz-executor367 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_address_description.cold+0x54/0x219 mm/kasan/report.c:256
 kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354
 kasan_report mm/kasan/report.c:412 [inline]
 __asan_report_load2_noabort+0x88/0x90 mm/kasan/report.c:431
 hfsplus_uni2asc+0x910/0xa00 fs/hfsplus/unicode.c:179
 hfsplus_readdir+0x82c/0xf20 fs/hfsplus/dir.c:207
 iterate_dir+0x473/0x5c0 fs/readdir.c:51
 ksys_getdents64+0x175/0x2b0 fs/readdir.c:357
 __do_sys_getdents64 fs/readdir.c:376 [inline]
 __se_sys_getdents64 fs/readdir.c:373 [inline]
 __x64_sys_getdents64+0x6f/0xb0 fs/readdir.c:373
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fa922d4c879
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffce2835048 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
RAX: ffffffffffffffda RBX: 000000000000003f RCX: 00007fa922d4c879
RDX: 0000000000000061 RSI: 0000000020000340 RDI: 0000000000000004
RBP: 00007fa922d0c110 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa922d0c1a0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Allocated by task 8101:
 __do_kmalloc mm/slab.c:3727 [inline]
 __kmalloc+0x15a/0x3c0 mm/slab.c:3736
 kmalloc include/linux/slab.h:520 [inline]
 hfsplus_find_init+0x91/0x220 fs/hfsplus/bfind.c:21
 hfsplus_readdir+0x21b/0xf20 fs/hfsplus/dir.c:144
 iterate_dir+0x473/0x5c0 fs/readdir.c:51
 ksys_getdents64+0x175/0x2b0 fs/readdir.c:357
 __do_sys_getdents64 fs/readdir.c:376 [inline]
 __se_sys_getdents64 fs/readdir.c:373 [inline]
 __x64_sys_getdents64+0x6f/0xb0 fs/readdir.c:373
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 0:
(stack is not available)

The buggy address belongs to the object at ffff8880b0f1c8c0
 which belongs to the cache kmalloc-2048 of size 2048
The buggy address is located 1036 bytes inside of
 2048-byte region [ffff8880b0f1c8c0, ffff8880b0f1d0c0)
The buggy address belongs to the page:
page:ffffea0002c3c700 count:1 mapcount:0 mapping:ffff88813bff0c40 index:0x0 compound_mapcount: 0
flags: 0xfff00000008100(slab|head)
raw: 00fff00000008100 ffffea0002c1ba08 ffff88813bff1948 ffff88813bff0c40
raw: 0000000000000000 ffff8880b0f1c040 0000000100000003 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8880b0f1cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8880b0f1cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8880b0f1cc80: 00 00 00 00 00 00 00 00 00 04 fc fc fc fc fc fc
                                              ^
 ffff8880b0f1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8880b0f1cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================