Warning: Permanently added '10.128.1.242' (ED25519) to the list of known hosts. executing program [ 32.809144][ T6237] loop0: detected capacity change from 0 to 1024 [ 32.826849][ T6237] ================================================================== [ 32.828776][ T6237] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 [ 32.830654][ T6237] Read of size 2 at addr ffff0000d08dfa18 by task syz-executor995/6237 [ 32.832696][ T6237] [ 32.833262][ T6237] CPU: 1 PID: 6237 Comm: syz-executor995 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0 [ 32.835656][ T6237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 32.838082][ T6237] Call trace: [ 32.838887][ T6237] dump_backtrace+0x1b8/0x1e4 [ 32.840042][ T6237] show_stack+0x2c/0x3c [ 32.841054][ T6237] dump_stack_lvl+0xe4/0x150 [ 32.842206][ T6237] print_report+0x198/0x538 [ 32.843287][ T6237] kasan_report+0xd8/0x138 [ 32.844365][ T6237] __asan_report_load2_noabort+0x20/0x2c [ 32.845764][ T6237] hfsplus_uni2asc+0x624/0x1018 [ 32.846937][ T6237] hfsplus_listxattr+0x5bc/0xc9c [ 32.848116][ T6237] listxattr+0x108/0x368 [ 32.849129][ T6237] __arm64_sys_llistxattr+0x13c/0x21c [ 32.850397][ T6237] invoke_syscall+0x98/0x2b8 [ 32.851512][ T6237] el0_svc_common+0x130/0x23c [ 32.852701][ T6237] do_el0_svc+0x48/0x58 [ 32.853704][ T6237] el0_svc+0x54/0x168 [ 32.854682][ T6237] el0t_64_sync_handler+0x84/0xfc [ 32.855887][ T6237] el0t_64_sync+0x190/0x194 [ 32.856950][ T6237] [ 32.857464][ T6237] Allocated by task 6237: [ 32.858473][ T6237] kasan_save_track+0x40/0x78 [ 32.859615][ T6237] kasan_save_alloc_info+0x40/0x50 [ 32.860800][ T6237] __kasan_kmalloc+0xac/0xc4 [ 32.861920][ T6237] __kmalloc+0x2b8/0x508 [ 32.862994][ T6237] hfsplus_find_init+0x84/0x1bc [ 32.864151][ T6237] hfsplus_listxattr+0x31c/0xc9c [ 32.865393][ T6237] listxattr+0x108/0x368 [ 32.866402][ T6237] __arm64_sys_llistxattr+0x13c/0x21c [ 32.867783][ T6237] invoke_syscall+0x98/0x2b8 [ 32.868843][ T6237] el0_svc_common+0x130/0x23c [ 32.869947][ T6237] do_el0_svc+0x48/0x58 [ 32.870940][ T6237] el0_svc+0x54/0x168 [ 32.871904][ T6237] el0t_64_sync_handler+0x84/0xfc [ 32.873083][ T6237] el0t_64_sync+0x190/0x194 [ 32.874164][ T6237] [ 32.874750][ T6237] The buggy address belongs to the object at ffff0000d08df800 [ 32.874750][ T6237] which belongs to the cache kmalloc-1k of size 1024 [ 32.877994][ T6237] The buggy address is located 0 bytes to the right of [ 32.877994][ T6237] allocated 536-byte region [ffff0000d08df800, ffff0000d08dfa18) [ 32.881384][ T6237] [ 32.881934][ T6237] The buggy address belongs to the physical page: [ 32.883457][ T6237] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108d8 [ 32.885627][ T6237] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.887480][ T6237] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 32.889391][ T6237] page_type: 0xffffffff() [ 32.890457][ T6237] raw: 05ffc00000000840 ffff0000c0001dc0 dead000000000122 0000000000000000 [ 32.892482][ T6237] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 32.894566][ T6237] head: 05ffc00000000840 ffff0000c0001dc0 dead000000000122 0000000000000000 [ 32.896622][ T6237] head: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 32.898593][ T6237] head: 05ffc00000000003 fffffdffc3423601 dead000000000122 00000000ffffffff [ 32.900539][ T6237] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000 [ 32.902717][ T6237] page dumped because: kasan: bad access detected [ 32.904261][ T6237] [ 32.904802][ T6237] Memory state around the buggy address: [ 32.906202][ T6237] ffff0000d08df900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.908110][ T6237] ffff0000d08df980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.910087][ T6237] >ffff0000d08dfa00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.911925][ T6237] ^ [ 32.913008][ T6237] ffff0000d08dfa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.914915][ T6237] ffff0000d08dfb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.916829][ T6237] ================================================================== [ 32.918931][ T6237] Disabling lock debugging due to kernel taint [ 32.920417][ T6237] hfsplus: unicode conversion failed