Warning: Permanently added '10.128.0.48' (ED25519) to the list of known hosts. executing program [ 32.813763][ T6162] loop0: detected capacity change from 0 to 1024 [ 32.827707][ T6162] ================================================================== [ 32.829863][ T6162] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 [ 32.831798][ T6162] Read of size 2 at addr ffff0000d6e70218 by task syz-executor278/6162 [ 32.833950][ T6162] [ 32.834546][ T6162] CPU: 1 PID: 6162 Comm: syz-executor278 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 32.837070][ T6162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 32.839673][ T6162] Call trace: [ 32.840509][ T6162] dump_backtrace+0x1b8/0x1e4 [ 32.841702][ T6162] show_stack+0x2c/0x3c [ 32.842819][ T6162] dump_stack_lvl+0xd0/0x124 [ 32.844076][ T6162] print_report+0x178/0x518 [ 32.845296][ T6162] kasan_report+0xd8/0x138 [ 32.846572][ T6162] __asan_report_load2_noabort+0x20/0x2c [ 32.848098][ T6162] hfsplus_uni2asc+0x624/0x1018 [ 32.849311][ T6162] hfsplus_listxattr+0x5bc/0xc9c [ 32.850637][ T6162] listxattr+0x108/0x368 [ 32.851819][ T6162] __arm64_sys_llistxattr+0x13c/0x21c [ 32.853286][ T6162] invoke_syscall+0x98/0x2b8 [ 32.854606][ T6162] el0_svc_common+0x130/0x23c [ 32.855845][ T6162] do_el0_svc+0x48/0x58 [ 32.857001][ T6162] el0_svc+0x54/0x168 [ 32.858091][ T6162] el0t_64_sync_handler+0x84/0xfc [ 32.859481][ T6162] el0t_64_sync+0x190/0x194 [ 32.860709][ T6162] [ 32.861306][ T6162] Allocated by task 6162: [ 32.862497][ T6162] kasan_save_track+0x40/0x78 [ 32.863754][ T6162] kasan_save_alloc_info+0x40/0x50 [ 32.865126][ T6162] __kasan_kmalloc+0xac/0xc4 [ 32.866497][ T6162] __kmalloc+0x2bc/0x5d4 [ 32.867693][ T6162] hfsplus_find_init+0x84/0x1bc [ 32.869090][ T6162] hfsplus_listxattr+0x31c/0xc9c [ 32.870509][ T6162] listxattr+0x108/0x368 [ 32.871649][ T6162] __arm64_sys_llistxattr+0x13c/0x21c [ 32.873143][ T6162] invoke_syscall+0x98/0x2b8 [ 32.874508][ T6162] el0_svc_common+0x130/0x23c [ 32.875789][ T6162] do_el0_svc+0x48/0x58 [ 32.876963][ T6162] el0_svc+0x54/0x168 [ 32.878103][ T6162] el0t_64_sync_handler+0x84/0xfc [ 32.879597][ T6162] el0t_64_sync+0x190/0x194 [ 32.880854][ T6162] [ 32.881498][ T6162] The buggy address belongs to the object at ffff0000d6e70000 [ 32.881498][ T6162] which belongs to the cache kmalloc-1k of size 1024 [ 32.885533][ T6162] The buggy address is located 0 bytes to the right of [ 32.885533][ T6162] allocated 536-byte region [ffff0000d6e70000, ffff0000d6e70218) [ 32.889771][ T6162] [ 32.890435][ T6162] The buggy address belongs to the physical page: [ 32.892313][ T6162] page:00000000770130d2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x116e70 [ 32.895397][ T6162] head:00000000770130d2 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.897991][ T6162] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 32.900286][ T6162] page_type: 0xffffffff() [ 32.901542][ T6162] raw: 05ffc00000000840 ffff0000c0001dc0 dead000000000122 0000000000000000 [ 32.903977][ T6162] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 32.906412][ T6162] page dumped because: kasan: bad access detected [ 32.908199][ T6162] [ 32.908870][ T6162] Memory state around the buggy address: [ 32.910466][ T6162] ffff0000d6e70100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.912783][ T6162] ffff0000d6e70180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.915063][ T6162] >ffff0000d6e70200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.917375][ T6162] ^ [ 32.918781][ T6162] ffff0000d6e70280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.921055][ T6162] ffff0000d6e70300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.923299][ T6162] ================================================================== [ 32.926243][ T6162] Disabling lock debugging due to kernel taint [ 32.928034][ T6162] hfsplus: unicode conversion failed