Extracting prog: 2m36.136636811s
Minimizing prog: 9m57.079049859s
Simplifying prog options: 0s
Extracting C: 1m0.543263755s
Simplifying C: 9m39.911946145s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000240), &(0x7f0000000640)='./file2\x00', 0x1008810, &(0x7f0000002600)=ANY=[], 0x1, 0x61a, &(0x7f0000000680)="$eJzs3U9vHGcdB/Dvrv+tg5S6btIGVAmrSBXCIlnbEilcKKUgC1WoEgcuXCziNFY2aWW7yO2BBsQh4tSXUA5+A4gDhyLlQHuEUyVuRj0icfdt0czOeDex69jxn92Ez0eanefZ55lnf/ObZyczY0Ub4P/W8nzGH6SR5fm3tor6zvZSZ2d76U5RHtte6iSZStJMWkkaxdt/SfJlci+9JV+vGwbW+3zxaeudzz/+7H6v1qqWsn/jsO2OZi+WmV6s5fq0xls88Xjl3rXq2mySuZPFB6ejW/v3gc3197L913ONCgA4D41k7KD3Z5IL1cVrcR/QuyruXWM/1e4NOwAAAAA4B8/tZjdbuTjsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBpUv3+f6NamnV5Lo369/+rbqXJIYZ6Kh4MOwAAAAAAAAAAOAXf3M1utnKxrncb5d/8Xykrl8rXr+X9bGQ167maraxkM5tZz0KSmYGBJrdWut0jbbm4f8vNzfXF89lfAAAAAAAAAHhG/T7L/b//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKGgkY71VuVyqyzNpjidpJZks+t1L/lmXR8vEsXq/fmZxAAAAwOh4bje72crFut5tlPf8L5b3/a28n7vZzFo208lqbpTPAnp3/c2d7aXOzvbSnWLZP+6P/nusMMoR03v2cPAnXyl7TOdm1sp3rubXeTed3Eiz3LJwpY7n4Lh+V8TU+GHliJHdqNbFnv+sWo+GmTIjE3sZaVexFdl4/vBMHPPoPPpJC2nuPfm5dAY5v1Cti/15c/Ry3qprq1kcmH0vHpaJYmLP/vKP12917t6+dXNjfnR26Qk9OieWBjLx0uFz4hnLRLvMxOW9+nJ+ml9kPnN5O+tZy2+yks2sZi5vlqWVaj4XrzM720vdno8OyNTrDz1ffftxkUxWx6V3Fj1eTK+U217MWn6ed3OjPKLtXM/1LOZ7+X7aDx3hywce4Y+6VXP5rW8e71v/rW9XhYkkPzn2g9yzVOT1+YG8Dp5zZ8q2wXf6WZo9/XPj+DeqQjF73hi5c2M/ExPlvxJ1Jl54NBMPH9w/lRNno3P39vqtlfeO+HmvVusiAz/el4nu2Mn36EkV82W2OFhl7eHZUbS9cGDbQtl2aa+tua/t8l7b476pk9U13P6RFsu2lw5s6213ZaBteu9o9q+3ABh5F75zYXL6P9P/mP5k+g/Tt6bfar0x9drUy5OZ+PvED8bbY682X278OZ/kt/37fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MltfPDh7ZVOZ3Vd4Skr3D965/rXmIYe88gV5pKczoBzJ9m8OzUS2RgsTA35xAScuWubd967tvHBh99du7NS/2rfawsLC9fb126udVar12FHCQCcpv5F/7AjAQAAAAAAAAAAAAAAvsp5/HfiYe8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwbFuez/iDNLLQvtou6jvbS51iqcv9nq0kjaLwt+RfXyb30lsyk1+N1Z0aX/U5X3zaeufzjz+73x+rVfdvHLbd0QzEkjSr9WmNt3ji8fp7OJdktlrD0P0vAAD//7hAAFQ=")
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})

program did not crash
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=58.453789107s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000240), &(0x7f0000000640)='./file2\x00', 0x1008810, &(0x7f0000002600)=ANY=[], 0x1, 0x61a, &(0x7f0000000680)="$eJzs3U9vHGcdB/Dvrv+tg5S6btIGVAmrSBXCIlnbEilcKKUgC1WoEgcuXCziNFY2aWW7yO2BBsQh4tSXUA5+A4gDhyLlQHuEUyVuRj0icfdt0czOeDex69jxn92Ez0eanefZ55lnf/ObZyczY0Ub4P/W8nzGH6SR5fm3tor6zvZSZ2d76U5RHtte6iSZStJMWkkaxdt/SfJlci+9JV+vGwbW+3zxaeudzz/+7H6v1qqWsn/jsO2OZi+WmV6s5fq0xls88Xjl3rXq2mySuZPFB6ejW/v3gc3197L913ONCgA4D41k7KD3Z5IL1cVrcR/QuyruXWM/1e4NOwAAAAA4B8/tZjdbuTjsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBpUv3+f6NamnV5Lo369/+rbqXJIYZ6Kh4MOwAAAAAAAAAAOAXf3M1utnKxrncb5d/8Xykrl8rXr+X9bGQ167maraxkM5tZz0KSmYGBJrdWut0jbbm4f8vNzfXF89lfAAAAAAAAAHhG/T7L/b//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKGgkY71VuVyqyzNpjidpJZks+t1L/lmXR8vEsXq/fmZxAAAAwOh4bje72crFut5tlPf8L5b3/a28n7vZzFo208lqbpTPAnp3/c2d7aXOzvbSnWLZP+6P/nusMMoR03v2cPAnXyl7TOdm1sp3rubXeTed3Eiz3LJwpY7n4Lh+V8TU+GHliJHdqNbFnv+sWo+GmTIjE3sZaVexFdl4/vBMHPPoPPpJC2nuPfm5dAY5v1Cti/15c/Ry3qprq1kcmH0vHpaJYmLP/vKP12917t6+dXNjfnR26Qk9OieWBjLx0uFz4hnLRLvMxOW9+nJ+ml9kPnN5O+tZy2+yks2sZi5vlqWVaj4XrzM720vdno8OyNTrDz1ffftxkUxWx6V3Fj1eTK+U217MWn6ed3OjPKLtXM/1LOZ7+X7aDx3hywce4Y+6VXP5rW8e71v/rW9XhYkkPzn2g9yzVOT1+YG8Dp5zZ8q2wXf6WZo9/XPj+DeqQjF73hi5c2M/ExPlvxJ1Jl54NBMPH9w/lRNno3P39vqtlfeO+HmvVusiAz/el4nu2Mn36EkV82W2OFhl7eHZUbS9cGDbQtl2aa+tua/t8l7b476pk9U13P6RFsu2lw5s6213ZaBteu9o9q+3ABh5F75zYXL6P9P/mP5k+g/Tt6bfar0x9drUy5OZ+PvED8bbY682X278OZ/kt/37fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MltfPDh7ZVOZ3Vd4Skr3D965/rXmIYe88gV5pKczoBzJ9m8OzUS2RgsTA35xAScuWubd967tvHBh99du7NS/2rfawsLC9fb126udVar12FHCQCcpv5F/7AjAQAAAAAAAAAAAAAAvsp5/HfiYe8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwbFuez/iDNLLQvtou6jvbS51iqcv9nq0kjaLwt+RfXyb30lsyk1+N1Z0aX/U5X3zaeufzjz+73x+rVfdvHLbd0QzEkjSr9WmNt3ji8fp7OJdktlrD0P0vAAD//7hAAFQ=")
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)

program did not crash
testing program (duration=58.453789107s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-mount$fuse
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000240), &(0x7f0000000640)='./file2\x00', 0x1008810, &(0x7f0000002600)=ANY=[], 0x1, 0x61a, &(0x7f0000000680)="$eJzs3U9vHGcdB/Dvrv+tg5S6btIGVAmrSBXCIlnbEilcKKUgC1WoEgcuXCziNFY2aWW7yO2BBsQh4tSXUA5+A4gDhyLlQHuEUyVuRj0icfdt0czOeDex69jxn92Ez0eanefZ55lnf/ObZyczY0Ub4P/W8nzGH6SR5fm3tor6zvZSZ2d76U5RHtte6iSZStJMWkkaxdt/SfJlci+9JV+vGwbW+3zxaeudzz/+7H6v1qqWsn/jsO2OZi+WmV6s5fq0xls88Xjl3rXq2mySuZPFB6ejW/v3gc3197L913ONCgA4D41k7KD3Z5IL1cVrcR/QuyruXWM/1e4NOwAAAAA4B8/tZjdbuTjsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBpUv3+f6NamnV5Lo369/+rbqXJIYZ6Kh4MOwAAAAAAAAAAOAXf3M1utnKxrncb5d/8Xykrl8rXr+X9bGQ167maraxkM5tZz0KSmYGBJrdWut0jbbm4f8vNzfXF89lfAAAAAAAAAHhG/T7L/b//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKGgkY71VuVyqyzNpjidpJZks+t1L/lmXR8vEsXq/fmZxAAAAwOh4bje72crFut5tlPf8L5b3/a28n7vZzFo208lqbpTPAnp3/c2d7aXOzvbSnWLZP+6P/nusMMoR03v2cPAnXyl7TOdm1sp3rubXeTed3Eiz3LJwpY7n4Lh+V8TU+GHliJHdqNbFnv+sWo+GmTIjE3sZaVexFdl4/vBMHPPoPPpJC2nuPfm5dAY5v1Cti/15c/Ry3qprq1kcmH0vHpaJYmLP/vKP12917t6+dXNjfnR26Qk9OieWBjLx0uFz4hnLRLvMxOW9+nJ+ml9kPnN5O+tZy2+yks2sZi5vlqWVaj4XrzM720vdno8OyNTrDz1ffftxkUxWx6V3Fj1eTK+U217MWn6ed3OjPKLtXM/1LOZ7+X7aDx3hywce4Y+6VXP5rW8e71v/rW9XhYkkPzn2g9yzVOT1+YG8Dp5zZ8q2wXf6WZo9/XPj+DeqQjF73hi5c2M/ExPlvxJ1Jl54NBMPH9w/lRNno3P39vqtlfeO+HmvVusiAz/el4nu2Mn36EkV82W2OFhl7eHZUbS9cGDbQtl2aa+tua/t8l7b476pk9U13P6RFsu2lw5s6213ZaBteu9o9q+3ABh5F75zYXL6P9P/mP5k+g/Tt6bfar0x9drUy5OZ+PvED8bbY682X278OZ/kt/37fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MltfPDh7ZVOZ3Vd4Skr3D965/rXmIYe88gV5pKczoBzJ9m8OzUS2RgsTA35xAScuWubd967tvHBh99du7NS/2rfawsLC9fb126udVar12FHCQCcpv5F/7AjAQAAAAAAAAAAAAAAvsp5/HfiYe8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwbFuez/iDNLLQvtou6jvbS51iqcv9nq0kjaLwt+RfXyb30lsyk1+N1Z0aX/U5X3zaeufzjz+73x+rVfdvHLbd0QzEkjSr9WmNt3ji8fp7OJdktlrD0P0vAAD//7hAAFQ=")
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f0000002140)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}})

program did not crash
testing program (duration=58.453789107s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$fuse-mount$fuse
detailed listing:
executing program 0:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})

program did not crash
testing program (duration=58.453789107s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000240), &(0x7f0000000640)='./file2\x00', 0x1008810, &(0x7f0000002600)=ANY=[], 0x1, 0x61a, &(0x7f0000000680)="$eJzs3U9vHGcdB/Dvrv+tg5S6btIGVAmrSBXCIlnbEilcKKUgC1WoEgcuXCziNFY2aWW7yO2BBsQh4tSXUA5+A4gDhyLlQHuEUyVuRj0icfdt0czOeDex69jxn92Ez0eanefZ55lnf/ObZyczY0Ub4P/W8nzGH6SR5fm3tor6zvZSZ2d76U5RHtte6iSZStJMWkkaxdt/SfJlci+9JV+vGwbW+3zxaeudzz/+7H6v1qqWsn/jsO2OZi+WmV6s5fq0xls88Xjl3rXq2mySuZPFB6ejW/v3gc3197L913ONCgA4D41k7KD3Z5IL1cVrcR/QuyruXWM/1e4NOwAAAAA4B8/tZjdbuTjsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBpUv3+f6NamnV5Lo369/+rbqXJIYZ6Kh4MOwAAAAAAAAAAOAXf3M1utnKxrncb5d/8Xykrl8rXr+X9bGQ167maraxkM5tZz0KSmYGBJrdWut0jbbm4f8vNzfXF89lfAAAAAAAAAHhG/T7L/b//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKGgkY71VuVyqyzNpjidpJZks+t1L/lmXR8vEsXq/fmZxAAAAwOh4bje72crFut5tlPf8L5b3/a28n7vZzFo208lqbpTPAnp3/c2d7aXOzvbSnWLZP+6P/nusMMoR03v2cPAnXyl7TOdm1sp3rubXeTed3Eiz3LJwpY7n4Lh+V8TU+GHliJHdqNbFnv+sWo+GmTIjE3sZaVexFdl4/vBMHPPoPPpJC2nuPfm5dAY5v1Cti/15c/Ry3qprq1kcmH0vHpaJYmLP/vKP12917t6+dXNjfnR26Qk9OieWBjLx0uFz4hnLRLvMxOW9+nJ+ml9kPnN5O+tZy2+yks2sZi5vlqWVaj4XrzM720vdno8OyNTrDz1ffftxkUxWx6V3Fj1eTK+U217MWn6ed3OjPKLtXM/1LOZ7+X7aDx3hywce4Y+6VXP5rW8e71v/rW9XhYkkPzn2g9yzVOT1+YG8Dp5zZ8q2wXf6WZo9/XPj+DeqQjF73hi5c2M/ExPlvxJ1Jl54NBMPH9w/lRNno3P39vqtlfeO+HmvVusiAz/el4nu2Mn36EkV82W2OFhl7eHZUbS9cGDbQtl2aa+tua/t8l7b476pk9U13P6RFsu2lw5s6213ZaBteu9o9q+3ABh5F75zYXL6P9P/mP5k+g/Tt6bfar0x9drUy5OZ+PvED8bbY682X278OZ/kt/37fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MltfPDh7ZVOZ3Vd4Skr3D965/rXmIYe88gV5pKczoBzJ9m8OzUS2RgsTA35xAScuWubd967tvHBh99du7NS/2rfawsLC9fb126udVar12FHCQCcpv5F/7AjAQAAAAAAAAAAAAAAvsp5/HfiYe8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwbFuez/iDNLLQvtou6jvbS51iqcv9nq0kjaLwt+RfXyb30lsyk1+N1Z0aX/U5X3zaeufzjz+73x+rVfdvHLbd0QzEkjSr9WmNt3ji8fp7OJdktlrD0P0vAAD//7hAAFQ=")
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})

program did not crash
testing program (duration=58.453789107s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000240), &(0x7f0000000640)='./file2\x00', 0x1008810, &(0x7f0000002600)=ANY=[], 0x1, 0x61a, &(0x7f0000000680)="$eJzs3U9vHGcdB/Dvrv+tg5S6btIGVAmrSBXCIlnbEilcKKUgC1WoEgcuXCziNFY2aWW7yO2BBsQh4tSXUA5+A4gDhyLlQHuEUyVuRj0icfdt0czOeDex69jxn92Ez0eanefZ55lnf/ObZyczY0Ub4P/W8nzGH6SR5fm3tor6zvZSZ2d76U5RHtte6iSZStJMWkkaxdt/SfJlci+9JV+vGwbW+3zxaeudzz/+7H6v1qqWsn/jsO2OZi+WmV6s5fq0xls88Xjl3rXq2mySuZPFB6ejW/v3gc3197L913ONCgA4D41k7KD3Z5IL1cVrcR/QuyruXWM/1e4NOwAAAAA4B8/tZjdbuTjsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBpUv3+f6NamnV5Lo369/+rbqXJIYZ6Kh4MOwAAAAAAAAAAOAXf3M1utnKxrncb5d/8Xykrl8rXr+X9bGQ167maraxkM5tZz0KSmYGBJrdWut0jbbm4f8vNzfXF89lfAAAAAAAAAHhG/T7L/b//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKGgkY71VuVyqyzNpjidpJZks+t1L/lmXR8vEsXq/fmZxAAAAwOh4bje72crFut5tlPf8L5b3/a28n7vZzFo208lqbpTPAnp3/c2d7aXOzvbSnWLZP+6P/nusMMoR03v2cPAnXyl7TOdm1sp3rubXeTed3Eiz3LJwpY7n4Lh+V8TU+GHliJHdqNbFnv+sWo+GmTIjE3sZaVexFdl4/vBMHPPoPPpJC2nuPfm5dAY5v1Cti/15c/Ry3qprq1kcmH0vHpaJYmLP/vKP12917t6+dXNjfnR26Qk9OieWBjLx0uFz4hnLRLvMxOW9+nJ+ml9kPnN5O+tZy2+yks2sZi5vlqWVaj4XrzM720vdno8OyNTrDz1ffftxkUxWx6V3Fj1eTK+U217MWn6ed3OjPKLtXM/1LOZ7+X7aDx3hywce4Y+6VXP5rW8e71v/rW9XhYkkPzn2g9yzVOT1+YG8Dp5zZ8q2wXf6WZo9/XPj+DeqQjF73hi5c2M/ExPlvxJ1Jl54NBMPH9w/lRNno3P39vqtlfeO+HmvVusiAz/el4nu2Mn36EkV82W2OFhl7eHZUbS9cGDbQtl2aa+tua/t8l7b476pk9U13P6RFsu2lw5s6213ZaBteu9o9q+3ABh5F75zYXL6P9P/mP5k+g/Tt6bfar0x9drUy5OZ+PvED8bbY682X278OZ/kt/37fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MltfPDh7ZVOZ3Vd4Skr3D965/rXmIYe88gV5pKczoBzJ9m8OzUS2RgsTA35xAScuWubd967tvHBh99du7NS/2rfawsLC9fb126udVar12FHCQCcpv5F/7AjAQAAAAAAAAAAAAAAvsp5/HfiYe8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwbFuez/iDNLLQvtou6jvbS51iqcv9nq0kjaLwt+RfXyb30lsyk1+N1Z0aX/U5X3zaeufzjz+73x+rVfdvHLbd0QzEkjSr9WmNt3ji8fp7OJdktlrD0P0vAAD//7hAAFQ=")
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000000800), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})

program did not crash
testing program (duration=58.453789107s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000240), &(0x7f0000000640)='./file2\x00', 0x1008810, &(0x7f0000002600)=ANY=[], 0x1, 0x61a, &(0x7f0000000680)="$eJzs3U9vHGcdB/Dvrv+tg5S6btIGVAmrSBXCIlnbEilcKKUgC1WoEgcuXCziNFY2aWW7yO2BBsQh4tSXUA5+A4gDhyLlQHuEUyVuRj0icfdt0czOeDex69jxn92Ez0eanefZ55lnf/ObZyczY0Ub4P/W8nzGH6SR5fm3tor6zvZSZ2d76U5RHtte6iSZStJMWkkaxdt/SfJlci+9JV+vGwbW+3zxaeudzz/+7H6v1qqWsn/jsO2OZi+WmV6s5fq0xls88Xjl3rXq2mySuZPFB6ejW/v3gc3197L913ONCgA4D41k7KD3Z5IL1cVrcR/QuyruXWM/1e4NOwAAAAA4B8/tZjdbuTjsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBpUv3+f6NamnV5Lo369/+rbqXJIYZ6Kh4MOwAAAAAAAAAAOAXf3M1utnKxrncb5d/8Xykrl8rXr+X9bGQ167maraxkM5tZz0KSmYGBJrdWut0jbbm4f8vNzfXF89lfAAAAAAAAAHhG/T7L/b//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKGgkY71VuVyqyzNpjidpJZks+t1L/lmXR8vEsXq/fmZxAAAAwOh4bje72crFut5tlPf8L5b3/a28n7vZzFo208lqbpTPAnp3/c2d7aXOzvbSnWLZP+6P/nusMMoR03v2cPAnXyl7TOdm1sp3rubXeTed3Eiz3LJwpY7n4Lh+V8TU+GHliJHdqNbFnv+sWo+GmTIjE3sZaVexFdl4/vBMHPPoPPpJC2nuPfm5dAY5v1Cti/15c/Ry3qprq1kcmH0vHpaJYmLP/vKP12917t6+dXNjfnR26Qk9OieWBjLx0uFz4hnLRLvMxOW9+nJ+ml9kPnN5O+tZy2+yks2sZi5vlqWVaj4XrzM720vdno8OyNTrDz1ffftxkUxWx6V3Fj1eTK+U217MWn6ed3OjPKLtXM/1LOZ7+X7aDx3hywce4Y+6VXP5rW8e71v/rW9XhYkkPzn2g9yzVOT1+YG8Dp5zZ8q2wXf6WZo9/XPj+DeqQjF73hi5c2M/ExPlvxJ1Jl54NBMPH9w/lRNno3P39vqtlfeO+HmvVusiAz/el4nu2Mn36EkV82W2OFhl7eHZUbS9cGDbQtl2aa+tua/t8l7b476pk9U13P6RFsu2lw5s6213ZaBteu9o9q+3ABh5F75zYXL6P9P/mP5k+g/Tt6bfar0x9drUy5OZ+PvED8bbY682X278OZ/kt/37fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MltfPDh7ZVOZ3Vd4Skr3D965/rXmIYe88gV5pKczoBzJ9m8OzUS2RgsTA35xAScuWubd967tvHBh99du7NS/2rfawsLC9fb126udVar12FHCQCcpv5F/7AjAQAAAAAAAAAAAAAAvsp5/HfiYe8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwbFuez/iDNLLQvtou6jvbS51iqcv9nq0kjaLwt+RfXyb30lsyk1+N1Z0aX/U5X3zaeufzjz+73x+rVfdvHLbd0QzEkjSr9WmNt3ji8fp7OJdktlrD0P0vAAD//7hAAFQ=")
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})

program did not crash
testing program (duration=58.453789107s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000240), &(0x7f0000000640)='./file2\x00', 0x1008810, &(0x7f0000002600)=ANY=[], 0x1, 0x61a, &(0x7f0000000680)="$eJzs3U9vHGcdB/Dvrv+tg5S6btIGVAmrSBXCIlnbEilcKKUgC1WoEgcuXCziNFY2aWW7yO2BBsQh4tSXUA5+A4gDhyLlQHuEUyVuRj0icfdt0czOeDex69jxn92Ez0eanefZ55lnf/ObZyczY0Ub4P/W8nzGH6SR5fm3tor6zvZSZ2d76U5RHtte6iSZStJMWkkaxdt/SfJlci+9JV+vGwbW+3zxaeudzz/+7H6v1qqWsn/jsO2OZi+WmV6s5fq0xls88Xjl3rXq2mySuZPFB6ejW/v3gc3197L913ONCgA4D41k7KD3Z5IL1cVrcR/QuyruXWM/1e4NOwAAAAA4B8/tZjdbuTjsOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBpUv3+f6NamnV5Lo369/+rbqXJIYZ6Kh4MOwAAAAAAAAAAOAXf3M1utnKxrncb5d/8Xykrl8rXr+X9bGQ167maraxkM5tZz0KSmYGBJrdWut0jbbm4f8vNzfXF89lfAAAAAAAAAHhG/T7L/b//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKGgkY71VuVyqyzNpjidpJZks+t1L/lmXR8vEsXq/fmZxAAAAwOh4bje72crFut5tlPf8L5b3/a28n7vZzFo208lqbpTPAnp3/c2d7aXOzvbSnWLZP+6P/nusMMoR03v2cPAnXyl7TOdm1sp3rubXeTed3Eiz3LJwpY7n4Lh+V8TU+GHliJHdqNbFnv+sWo+GmTIjE3sZaVexFdl4/vBMHPPoPPpJC2nuPfm5dAY5v1Cti/15c/Ry3qprq1kcmH0vHpaJYmLP/vKP12917t6+dXNjfnR26Qk9OieWBjLx0uFz4hnLRLvMxOW9+nJ+ml9kPnN5O+tZy2+yks2sZi5vlqWVaj4XrzM720vdno8OyNTrDz1ffftxkUxWx6V3Fj1eTK+U217MWn6ed3OjPKLtXM/1LOZ7+X7aDx3hywce4Y+6VXP5rW8e71v/rW9XhYkkPzn2g9yzVOT1+YG8Dp5zZ8q2wXf6WZo9/XPj+DeqQjF73hi5c2M/ExPlvxJ1Jl54NBMPH9w/lRNno3P39vqtlfeO+HmvVusiAz/el4nu2Mn36EkV82W2OFhl7eHZUbS9cGDbQtl2aa+tua/t8l7b476pk9U13P6RFsu2lw5s6213ZaBteu9o9q+3ABh5F75zYXL6P9P/mP5k+g/Tt6bfar0x9drUy5OZ+PvED8bbY682X278OZ/kt/37fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MltfPDh7ZVOZ3Vd4Skr3D965/rXmIYe88gV5pKczoBzJ9m8OzUS2RgsTA35xAScuWubd967tvHBh99du7NS/2rfawsLC9fb126udVar12FHCQCcpv5F/7AjAQAAAAAAAAAAAAAAvsp5/HfiYe8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwbFuez/iDNLLQvtou6jvbS51iqcv9nq0kjaLwt+RfXyb30lsyk1+N1Z0aX/U5X3zaeufzjz+73x+rVfdvHLbd0QzEkjSr9WmNt3ji8fp7OJdktlrD0P0vAAD//7hAAFQ=")
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=58.453789107s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
simplifying C reproducer
testing compiled C program (duration=58.453789107s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=58.453789107s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
program did not crash
testing compiled C program (duration=58.453789107s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=58.453789107s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=58.453789107s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=58.453789107s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
program did not crash
testing compiled C program (duration=58.453789107s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=58.453789107s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$fuse-mount$fuse
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
reproducing took 23m13.670923843s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x648/0x1054 fs/hfsplus/unicode.c:179
Read of size 2 at addr ffff0000c5fbc40c by task syz-executor157/6489

CPU: 0 UID: 0 PID: 6489 Comm: syz-executor157 Not tainted 6.15.0-rc4-syzkaller-ge0f4c8dd9d2d #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 print_address_description+0xa8/0x254 mm/kasan/report.c:408
 print_report+0x68/0x84 mm/kasan/report.c:521
 kasan_report+0xb0/0x110 mm/kasan/report.c:634
 __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379
 hfsplus_uni2asc+0x648/0x1054 fs/hfsplus/unicode.c:179
 hfsplus_readdir+0x638/0xb3c fs/hfsplus/dir.c:207
 iterate_dir+0x458/0x5e0 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:403 [inline]
 __se_sys_getdents64 fs/readdir.c:389 [inline]
 __arm64_sys_getdents64+0x114/0x2fc fs/readdir.c:389
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600

Allocated by task 6489:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:68
 kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4341 [inline]
 __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4353
 kmalloc_noprof include/linux/slab.h:909 [inline]
 hfsplus_find_init+0x84/0x1bc fs/hfsplus/bfind.c:21
 hfsplus_readdir+0x19c/0xb3c fs/hfsplus/dir.c:144
 iterate_dir+0x458/0x5e0 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:403 [inline]
 __se_sys_getdents64 fs/readdir.c:389 [inline]
 __arm64_sys_getdents64+0x114/0x2fc fs/readdir.c:389
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600

The buggy address belongs to the object at ffff0000c5fbc000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 0 bytes to the right of
 allocated 1036-byte region [ffff0000c5fbc000, ffff0000c5fbc40c)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fb8
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
head: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000
head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
head: 05ffc00000000003 fffffdffc317ee01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000c5fbc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000c5fbc380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000c5fbc400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                      ^
 ffff0000c5fbc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000c5fbc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x648/0x1054 fs/hfsplus/unicode.c:179
Read of size 2 at addr ffff0000c5fbc40c by task syz-executor157/6489

CPU: 0 UID: 0 PID: 6489 Comm: syz-executor157 Not tainted 6.15.0-rc4-syzkaller-ge0f4c8dd9d2d #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 print_address_description+0xa8/0x254 mm/kasan/report.c:408
 print_report+0x68/0x84 mm/kasan/report.c:521
 kasan_report+0xb0/0x110 mm/kasan/report.c:634
 __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379
 hfsplus_uni2asc+0x648/0x1054 fs/hfsplus/unicode.c:179
 hfsplus_readdir+0x638/0xb3c fs/hfsplus/dir.c:207
 iterate_dir+0x458/0x5e0 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:403 [inline]
 __se_sys_getdents64 fs/readdir.c:389 [inline]
 __arm64_sys_getdents64+0x114/0x2fc fs/readdir.c:389
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600

Allocated by task 6489:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:68
 kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4341 [inline]
 __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4353
 kmalloc_noprof include/linux/slab.h:909 [inline]
 hfsplus_find_init+0x84/0x1bc fs/hfsplus/bfind.c:21
 hfsplus_readdir+0x19c/0xb3c fs/hfsplus/dir.c:144
 iterate_dir+0x458/0x5e0 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:403 [inline]
 __se_sys_getdents64 fs/readdir.c:389 [inline]
 __arm64_sys_getdents64+0x114/0x2fc fs/readdir.c:389
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600

The buggy address belongs to the object at ffff0000c5fbc000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 0 bytes to the right of
 allocated 1036-byte region [ffff0000c5fbc000, ffff0000c5fbc40c)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fb8
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
head: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000
head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
head: 05ffc00000000003 fffffdffc317ee01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000c5fbc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000c5fbc380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000c5fbc400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                      ^
 ffff0000c5fbc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000c5fbc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================