关键漏洞信息 漏洞类型: Slab-out-of-bounds in 触发条件: 在调用 方法时可能触发此问题。 上游提交: c80aa2aaa5e69d5219c6af8ef7e754114bd68d2 错误日志: - BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x2f4/0x360 - Read of size 8 at addr ffff888105fc6c0 by task repro/9784 - CPU: 0 PID: 9784 Comm: repro Not tainted 6.16.0-rc3 #7 PREEMPT(full) - Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 调用堆栈: - dump_stack_lvl+0x10e/0x1f0 - print_report+0xd0/0x660 - __virt_addr_valid+0x81/0x160 - __phys_addr+0xe8/0x180 - hfsplus_bnode_read+0x2f4/0x360 - kasan_report+0xc6/0x100 - hfsplus_bnode_read+0x2f4/0x360 - hfsplus_bnode_dump+0x2ec/0x380 - __pfx_hfsplus_bnode_dump+0x10/0x10 - hfsplus_bnode_write_u16+0x83/0xb0 - srcu_gp_start+0xd0/0x310 - __mark_inode_dirty+0x29e/0xe40 - hfsplus_brec_remove+0x3d2/0x4e0 - __hfsplus_delete_attr+0x290/0x3a0 - __pfx_hfs_find_lst_rec_by_cnid+0x10/0x10 - __pfx___hfsplus_delete_attr+0x10/0x10 - __asan_memset+0x23/0x50 - hfsplus_delete_all_attrs+0x262/0x320 - __pfx_hfsplus_delete_all_attrs+0x10/0x10 - rcu_is_watching+0x12/0xc0 - __mark_inode_dirty+0x29e/0xe40 - hfsplus_delete_cat+0x845/0xde0 - __pfx_hfsplus_delete_cat+0x10/0x10 - hfsplus_unlink+0x1ca/0x7c0 - __pfx_hfsplus_unlink+0x10/0x10 - down_write+0x148/0x200 - __pfx_down_write+0x10/0x10 `` hfsplus_bnode_read()` 函数中存在一个越界访问的问题,可能导致内存损坏或系统崩溃。