Extracting prog: 2m0.186915275s
Minimizing prog: 8m58.047902731s
Simplifying prog options: 0s
Extracting C: 1m50.749441536s
Simplifying C: 8m30.501866745s


extracting reproducer from 30 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000c00), &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES8, @ANYBLOB="0a42f7415a3663f0ccff19a8b6c74a5ca36cde3a0764e4539a0072118a8ca35f4cfd925432ff27a561206de87f8ef8fd024eb3b7293d4f804164aa55affb403bca8af4c0f0fb72f91e3d6b0bb844b31943a9deeeafb1a147ec2703ef0dcb51f0b130653ab2053803328849a0ce1549b84673bd2905fb1371c07486fcc547a816c117c340d1683e87ffde3073bb03c6b1155e6cb645b5e79b6c216befe7790345349e", @ANYRESOCT, @ANYRES8], 0xfb, 0x6b4, &(0x7f00000013c0)="$eJzs3ctvXFcdB/DvHU9sT1pCmiZtQJVqNRIgIhInVlrMhoAQyqKqqrJgbSVOY8VJi+Mit0LE4bnton9AWWSDWCGxYhOpsGADu+6Ql0hIbMqCsGHQvXPHHs+MJ+M28QM+n+jOOeeec88953cf87CiG+D/1pWzaT5IkStnX10ryxv355Y37s/d6uRfayaZSrKelNlGkuJf7Xb7o+RyUmx2U/SlAz5Ymn/j4082/tYpNeulat8YtV2fut163+r17rqZJBN1+hls6+/qZ+6v2Bz55SRn6hT23ZEk7W1+8KenN2t6tIZtPb0nYwSerKLzvjngeHK0vtDLzwHdd97G3o5uPBPdQXYVzR3b9n+CAAAAgMOm+g48+NV325rPP8zDrBXH9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKitJ5P14/OLeml08zMpus//n6zXpc4fLC/urvmDzpwAAAAAAAAA4FB78WEeZi3HuuV2Uf3N/6WqcLJ6fSrv5E4Ws5JzWctCVrNaJBeSHO/paHJtYXV1qlvaccus5OKwLVcuPmKg3a5bj2HSAAAAAAAAAPC/5ye5svX3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAiKZKKTpLjXs/p4Gs0k00kmyxXrSdGs8wfb9MjaB3s2DgAAANg/U8nDrOVYt9wucjLJc9VvANN5J7ezmqWsZjmLuVb9LtD51t/YuD+3vHF/7la5DPb7rX/sahhVj+n89jB8z6fLFu0i17NUrTmXq3kry7mWRrVl6XQ9nm6vfeO6V46p+GbtlfFGdq1Oy5m/X6cD7u5qsjvZ5Y8px6uYHelEZCKZrcdWRuOZ7pEZfoR2eXS27SmLuZDG5mBP9u1pcvtktsd8q8vGqP0drdNyPr/YKeb7ohOJ/7Q7FnOx5+x7bnTMky//7jffn63zB2dK45mo03b12ho8J+Z6IvH8OJG4sXz75o3rd84etkgMmK0icWqzfCXfzfdyNjN5PStZyg+zkNUsZibfqXIL9cEvei75HSJ1eVvp9UeNZLI+QzsHa3djeqna9liW8lreyrUs5uXq38VcyCu5lEuZ7znCp0Yf4eqqbwxe9ZX254YO/sxX6kwryS/r9GAo4/pMT1y3zvrZKt7PbFtTR6lo5sQYURpybxyl+cU6U+7jp4+6ke6p/khc6Dlfnh0diV9Vt5U7y7dvrtxYeHu83Z14v86U19HPk5mDcyMpz5cT5cGqSlPbzo6y7tnNuu3xKutObtY1BupO5fdpNrt7Wcr6jlfqZP0ZbrCni1Xd80Pr5qq60z11rSGftwA48I5+9ehk6++tP7c+bP2sdaP16vS3p74+9cJkjvzhyDeasxNfarxQ/DYf5sdb3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBP7867791cWF5eXOnLtNvtu38ZXjVmpvu8mk+5eX+m+1SoMRpn5q9PlU2HVE2kfXeHqieV+cLTyV7t6+Bm/t1ut+s1xQ5tfv3H/kBNZZ9CVz/nr30gQjciM/34rq+BzL7dkoA9cn711tvn77z73teWbi28ufjm4u35S5fmZ+cvvTw3fX1peXH2fPW636MEnoStN/39HgkAAAAAAAAAAAAwrsf8fwbWh1Xt9xwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAw+3K2TQfpMiF2XOzZXnj/txyuXTzWy2bSRpJih8lxUfJ5XSWHO/prthpPx8szb/x8Scb/2x31P1V7RujthvPer1kJslEJ733uPq7WqcjFaOmUGzOsAzYmW7gYL/9NwAA//8wOw48")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x120)
getdents64(r0, &(0x7f0000000080)=""/203, 0xcb)

program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=45.484842954s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000c00), &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES8, @ANYBLOB="0a42f7415a3663f0ccff19a8b6c74a5ca36cde3a0764e4539a0072118a8ca35f4cfd925432ff27a561206de87f8ef8fd024eb3b7293d4f804164aa55affb403bca8af4c0f0fb72f91e3d6b0bb844b31943a9deeeafb1a147ec2703ef0dcb51f0b130653ab2053803328849a0ce1549b84673bd2905fb1371c07486fcc547a816c117c340d1683e87ffde3073bb03c6b1155e6cb645b5e79b6c216befe7790345349e", @ANYRESOCT, @ANYRES8], 0xfb, 0x6b4, &(0x7f00000013c0)="$eJzs3ctvXFcdB/DvHU9sT1pCmiZtQJVqNRIgIhInVlrMhoAQyqKqqrJgbSVOY8VJi+Mit0LE4bnton9AWWSDWCGxYhOpsGADu+6Ql0hIbMqCsGHQvXPHHs+MJ+M28QM+n+jOOeeec88953cf87CiG+D/1pWzaT5IkStnX10ryxv355Y37s/d6uRfayaZSrKelNlGkuJf7Xb7o+RyUmx2U/SlAz5Ymn/j4082/tYpNeulat8YtV2fut163+r17rqZJBN1+hls6+/qZ+6v2Bz55SRn6hT23ZEk7W1+8KenN2t6tIZtPb0nYwSerKLzvjngeHK0vtDLzwHdd97G3o5uPBPdQXYVzR3b9n+CAAAAgMOm+g48+NV325rPP8zDrBXH9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKitJ5P14/OLeml08zMpus//n6zXpc4fLC/urvmDzpwAAAAAAAAA4FB78WEeZi3HuuV2Uf3N/6WqcLJ6fSrv5E4Ws5JzWctCVrNaJBeSHO/paHJtYXV1qlvaccus5OKwLVcuPmKg3a5bj2HSAAAAAAAAAPC/5ye5svX3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAiKZKKTpLjXs/p4Gs0k00kmyxXrSdGs8wfb9MjaB3s2DgAAANg/U8nDrOVYt9wucjLJc9VvANN5J7ezmqWsZjmLuVb9LtD51t/YuD+3vHF/7la5DPb7rX/sahhVj+n89jB8z6fLFu0i17NUrTmXq3kry7mWRrVl6XQ9nm6vfeO6V46p+GbtlfFGdq1Oy5m/X6cD7u5qsjvZ5Y8px6uYHelEZCKZrcdWRuOZ7pEZfoR2eXS27SmLuZDG5mBP9u1pcvtktsd8q8vGqP0drdNyPr/YKeb7ohOJ/7Q7FnOx5+x7bnTMky//7jffn63zB2dK45mo03b12ho8J+Z6IvH8OJG4sXz75o3rd84etkgMmK0icWqzfCXfzfdyNjN5PStZyg+zkNUsZibfqXIL9cEvei75HSJ1eVvp9UeNZLI+QzsHa3djeqna9liW8lreyrUs5uXq38VcyCu5lEuZ7znCp0Yf4eqqbwxe9ZX254YO/sxX6kwryS/r9GAo4/pMT1y3zvrZKt7PbFtTR6lo5sQYURpybxyl+cU6U+7jp4+6ke6p/khc6Dlfnh0diV9Vt5U7y7dvrtxYeHu83Z14v86U19HPk5mDcyMpz5cT5cGqSlPbzo6y7tnNuu3xKutObtY1BupO5fdpNrt7Wcr6jlfqZP0ZbrCni1Xd80Pr5qq60z11rSGftwA48I5+9ehk6++tP7c+bP2sdaP16vS3p74+9cJkjvzhyDeasxNfarxQ/DYf5sdb3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBP7867791cWF5eXOnLtNvtu38ZXjVmpvu8mk+5eX+m+1SoMRpn5q9PlU2HVE2kfXeHqieV+cLTyV7t6+Bm/t1ut+s1xQ5tfv3H/kBNZZ9CVz/nr30gQjciM/34rq+BzL7dkoA9cn711tvn77z73teWbi28ufjm4u35S5fmZ+cvvTw3fX1peXH2fPW636MEnoStN/39HgkAAAAAAAAAAAAwrsf8fwbWh1Xt9xwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAw+3K2TQfpMiF2XOzZXnj/txyuXTzWy2bSRpJih8lxUfJ5XSWHO/prthpPx8szb/x8Scb/2x31P1V7RujthvPer1kJslEJ733uPq7WqcjFaOmUGzOsAzYmW7gYL/9NwAA//8wOw48")
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x120)

program did not crash
testing program (duration=45.484842954s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-getdents64
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000c00), &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES8, @ANYBLOB="0a42f7415a3663f0ccff19a8b6c74a5ca36cde3a0764e4539a0072118a8ca35f4cfd925432ff27a561206de87f8ef8fd024eb3b7293d4f804164aa55affb403bca8af4c0f0fb72f91e3d6b0bb844b31943a9deeeafb1a147ec2703ef0dcb51f0b130653ab2053803328849a0ce1549b84673bd2905fb1371c07486fcc547a816c117c340d1683e87ffde3073bb03c6b1155e6cb645b5e79b6c216befe7790345349e", @ANYRESOCT, @ANYRES8], 0xfb, 0x6b4, &(0x7f00000013c0)="$eJzs3ctvXFcdB/DvHU9sT1pCmiZtQJVqNRIgIhInVlrMhoAQyqKqqrJgbSVOY8VJi+Mit0LE4bnton9AWWSDWCGxYhOpsGADu+6Ql0hIbMqCsGHQvXPHHs+MJ+M28QM+n+jOOeeec88953cf87CiG+D/1pWzaT5IkStnX10ryxv355Y37s/d6uRfayaZSrKelNlGkuJf7Xb7o+RyUmx2U/SlAz5Ymn/j4082/tYpNeulat8YtV2fut163+r17rqZJBN1+hls6+/qZ+6v2Bz55SRn6hT23ZEk7W1+8KenN2t6tIZtPb0nYwSerKLzvjngeHK0vtDLzwHdd97G3o5uPBPdQXYVzR3b9n+CAAAAgMOm+g48+NV325rPP8zDrBXH9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKitJ5P14/OLeml08zMpus//n6zXpc4fLC/urvmDzpwAAAAAAAAA4FB78WEeZi3HuuV2Uf3N/6WqcLJ6fSrv5E4Ws5JzWctCVrNaJBeSHO/paHJtYXV1qlvaccus5OKwLVcuPmKg3a5bj2HSAAAAAAAAAPC/5ye5svX3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAiKZKKTpLjXs/p4Gs0k00kmyxXrSdGs8wfb9MjaB3s2DgAAANg/U8nDrOVYt9wucjLJc9VvANN5J7ezmqWsZjmLuVb9LtD51t/YuD+3vHF/7la5DPb7rX/sahhVj+n89jB8z6fLFu0i17NUrTmXq3kry7mWRrVl6XQ9nm6vfeO6V46p+GbtlfFGdq1Oy5m/X6cD7u5qsjvZ5Y8px6uYHelEZCKZrcdWRuOZ7pEZfoR2eXS27SmLuZDG5mBP9u1pcvtktsd8q8vGqP0drdNyPr/YKeb7ohOJ/7Q7FnOx5+x7bnTMky//7jffn63zB2dK45mo03b12ho8J+Z6IvH8OJG4sXz75o3rd84etkgMmK0icWqzfCXfzfdyNjN5PStZyg+zkNUsZibfqXIL9cEvei75HSJ1eVvp9UeNZLI+QzsHa3djeqna9liW8lreyrUs5uXq38VcyCu5lEuZ7znCp0Yf4eqqbwxe9ZX254YO/sxX6kwryS/r9GAo4/pMT1y3zvrZKt7PbFtTR6lo5sQYURpybxyl+cU6U+7jp4+6ke6p/khc6Dlfnh0diV9Vt5U7y7dvrtxYeHu83Z14v86U19HPk5mDcyMpz5cT5cGqSlPbzo6y7tnNuu3xKutObtY1BupO5fdpNrt7Wcr6jlfqZP0ZbrCni1Xd80Pr5qq60z11rSGftwA48I5+9ehk6++tP7c+bP2sdaP16vS3p74+9cJkjvzhyDeasxNfarxQ/DYf5sdb3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBP7867791cWF5eXOnLtNvtu38ZXjVmpvu8mk+5eX+m+1SoMRpn5q9PlU2HVE2kfXeHqieV+cLTyV7t6+Bm/t1ut+s1xQ5tfv3H/kBNZZ9CVz/nr30gQjciM/34rq+BzL7dkoA9cn711tvn77z73teWbi28ufjm4u35S5fmZ+cvvTw3fX1peXH2fPW636MEnoStN/39HgkAAAAAAAAAAAAwrsf8fwbWh1Xt9xwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAw+3K2TQfpMiF2XOzZXnj/txyuXTzWy2bSRpJih8lxUfJ5XSWHO/prthpPx8szb/x8Scb/2x31P1V7RujthvPer1kJslEJ733uPq7WqcjFaOmUGzOsAzYmW7gYL/9NwAA//8wOw48")
getdents64(0xffffffffffffffff, &(0x7f0000000080)=""/203, 0xcb)

program did not crash
testing program (duration=45.484842954s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$dir-getdents64
detailed listing:
executing program 0:
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x120)
getdents64(r0, &(0x7f0000000080)=""/203, 0xcb)

program did not crash
testing program (duration=45.484842954s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000c00), &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES8, @ANYBLOB="0a42f7415a3663f0ccff19a8b6c74a5ca36cde3a0764e4539a0072118a8ca35f4cfd925432ff27a561206de87f8ef8fd024eb3b7293d4f804164aa55affb403bca8af4c0f0fb72f91e3d6b0bb844b31943a9deeeafb1a147ec2703ef0dcb51f0b130653ab2053803328849a0ce1549b84673bd2905fb1371c07486fcc547a816c117c340d1683e87ffde3073bb03c6b1155e6cb645b5e79b6c216befe7790345349e", @ANYRESOCT, @ANYRES8], 0xfb, 0x6b4, &(0x7f00000013c0)="$eJzs3ctvXFcdB/DvHU9sT1pCmiZtQJVqNRIgIhInVlrMhoAQyqKqqrJgbSVOY8VJi+Mit0LE4bnton9AWWSDWCGxYhOpsGADu+6Ql0hIbMqCsGHQvXPHHs+MJ+M28QM+n+jOOeeec88953cf87CiG+D/1pWzaT5IkStnX10ryxv355Y37s/d6uRfayaZSrKelNlGkuJf7Xb7o+RyUmx2U/SlAz5Ymn/j4082/tYpNeulat8YtV2fut163+r17rqZJBN1+hls6+/qZ+6v2Bz55SRn6hT23ZEk7W1+8KenN2t6tIZtPb0nYwSerKLzvjngeHK0vtDLzwHdd97G3o5uPBPdQXYVzR3b9n+CAAAAgMOm+g48+NV325rPP8zDrBXH9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKitJ5P14/OLeml08zMpus//n6zXpc4fLC/urvmDzpwAAAAAAAAA4FB78WEeZi3HuuV2Uf3N/6WqcLJ6fSrv5E4Ws5JzWctCVrNaJBeSHO/paHJtYXV1qlvaccus5OKwLVcuPmKg3a5bj2HSAAAAAAAAAPC/5ye5svX3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAiKZKKTpLjXs/p4Gs0k00kmyxXrSdGs8wfb9MjaB3s2DgAAANg/U8nDrOVYt9wucjLJc9VvANN5J7ezmqWsZjmLuVb9LtD51t/YuD+3vHF/7la5DPb7rX/sahhVj+n89jB8z6fLFu0i17NUrTmXq3kry7mWRrVl6XQ9nm6vfeO6V46p+GbtlfFGdq1Oy5m/X6cD7u5qsjvZ5Y8px6uYHelEZCKZrcdWRuOZ7pEZfoR2eXS27SmLuZDG5mBP9u1pcvtktsd8q8vGqP0drdNyPr/YKeb7ohOJ/7Q7FnOx5+x7bnTMky//7jffn63zB2dK45mo03b12ho8J+Z6IvH8OJG4sXz75o3rd84etkgMmK0icWqzfCXfzfdyNjN5PStZyg+zkNUsZibfqXIL9cEvei75HSJ1eVvp9UeNZLI+QzsHa3djeqna9liW8lreyrUs5uXq38VcyCu5lEuZ7znCp0Yf4eqqbwxe9ZX254YO/sxX6kwryS/r9GAo4/pMT1y3zvrZKt7PbFtTR6lo5sQYURpybxyl+cU6U+7jp4+6ke6p/khc6Dlfnh0diV9Vt5U7y7dvrtxYeHu83Z14v86U19HPk5mDcyMpz5cT5cGqSlPbzo6y7tnNuu3xKutObtY1BupO5fdpNrt7Wcr6jlfqZP0ZbrCni1Xd80Pr5qq60z11rSGftwA48I5+9ehk6++tP7c+bP2sdaP16vS3p74+9cJkjvzhyDeasxNfarxQ/DYf5sdb3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBP7867791cWF5eXOnLtNvtu38ZXjVmpvu8mk+5eX+m+1SoMRpn5q9PlU2HVE2kfXeHqieV+cLTyV7t6+Bm/t1ut+s1xQ5tfv3H/kBNZZ9CVz/nr30gQjciM/34rq+BzL7dkoA9cn711tvn77z73teWbi28ufjm4u35S5fmZ+cvvTw3fX1peXH2fPW636MEnoStN/39HgkAAAAAAAAAAAAwrsf8fwbWh1Xt9xwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAw+3K2TQfpMiF2XOzZXnj/txyuXTzWy2bSRpJih8lxUfJ5XSWHO/prthpPx8szb/x8Scb/2x31P1V7RujthvPer1kJslEJ733uPq7WqcjFaOmUGzOsAzYmW7gYL/9NwAA//8wOw48")
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x120)
getdents64(r0, &(0x7f0000000080)=""/203, 0xcb)

program did not crash
testing program (duration=45.484842954s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000c00), &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES8, @ANYBLOB="0a42f7415a3663f0ccff19a8b6c74a5ca36cde3a0764e4539a0072118a8ca35f4cfd925432ff27a561206de87f8ef8fd024eb3b7293d4f804164aa55affb403bca8af4c0f0fb72f91e3d6b0bb844b31943a9deeeafb1a147ec2703ef0dcb51f0b130653ab2053803328849a0ce1549b84673bd2905fb1371c07486fcc547a816c117c340d1683e87ffde3073bb03c6b1155e6cb645b5e79b6c216befe7790345349e", @ANYRESOCT, @ANYRES8], 0xfb, 0x6b4, &(0x7f00000013c0)="$eJzs3ctvXFcdB/DvHU9sT1pCmiZtQJVqNRIgIhInVlrMhoAQyqKqqrJgbSVOY8VJi+Mit0LE4bnton9AWWSDWCGxYhOpsGADu+6Ql0hIbMqCsGHQvXPHHs+MJ+M28QM+n+jOOeeec88953cf87CiG+D/1pWzaT5IkStnX10ryxv355Y37s/d6uRfayaZSrKelNlGkuJf7Xb7o+RyUmx2U/SlAz5Ymn/j4082/tYpNeulat8YtV2fut163+r17rqZJBN1+hls6+/qZ+6v2Bz55SRn6hT23ZEk7W1+8KenN2t6tIZtPb0nYwSerKLzvjngeHK0vtDLzwHdd97G3o5uPBPdQXYVzR3b9n+CAAAAgMOm+g48+NV325rPP8zDrBXH9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKitJ5P14/OLeml08zMpus//n6zXpc4fLC/urvmDzpwAAAAAAAAA4FB78WEeZi3HuuV2Uf3N/6WqcLJ6fSrv5E4Ws5JzWctCVrNaJBeSHO/paHJtYXV1qlvaccus5OKwLVcuPmKg3a5bj2HSAAAAAAAAAPC/5ye5svX3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAiKZKKTpLjXs/p4Gs0k00kmyxXrSdGs8wfb9MjaB3s2DgAAANg/U8nDrOVYt9wucjLJc9VvANN5J7ezmqWsZjmLuVb9LtD51t/YuD+3vHF/7la5DPb7rX/sahhVj+n89jB8z6fLFu0i17NUrTmXq3kry7mWRrVl6XQ9nm6vfeO6V46p+GbtlfFGdq1Oy5m/X6cD7u5qsjvZ5Y8px6uYHelEZCKZrcdWRuOZ7pEZfoR2eXS27SmLuZDG5mBP9u1pcvtktsd8q8vGqP0drdNyPr/YKeb7ohOJ/7Q7FnOx5+x7bnTMky//7jffn63zB2dK45mo03b12ho8J+Z6IvH8OJG4sXz75o3rd84etkgMmK0icWqzfCXfzfdyNjN5PStZyg+zkNUsZibfqXIL9cEvei75HSJ1eVvp9UeNZLI+QzsHa3djeqna9liW8lreyrUs5uXq38VcyCu5lEuZ7znCp0Yf4eqqbwxe9ZX254YO/sxX6kwryS/r9GAo4/pMT1y3zvrZKt7PbFtTR6lo5sQYURpybxyl+cU6U+7jp4+6ke6p/khc6Dlfnh0diV9Vt5U7y7dvrtxYeHu83Z14v86U19HPk5mDcyMpz5cT5cGqSlPbzo6y7tnNuu3xKutObtY1BupO5fdpNrt7Wcr6jlfqZP0ZbrCni1Xd80Pr5qq60z11rSGftwA48I5+9ehk6++tP7c+bP2sdaP16vS3p74+9cJkjvzhyDeasxNfarxQ/DYf5sdb3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBP7867791cWF5eXOnLtNvtu38ZXjVmpvu8mk+5eX+m+1SoMRpn5q9PlU2HVE2kfXeHqieV+cLTyV7t6+Bm/t1ut+s1xQ5tfv3H/kBNZZ9CVz/nr30gQjciM/34rq+BzL7dkoA9cn711tvn77z73teWbi28ufjm4u35S5fmZ+cvvTw3fX1peXH2fPW636MEnoStN/39HgkAAAAAAAAAAAAwrsf8fwbWh1Xt9xwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAw+3K2TQfpMiF2XOzZXnj/txyuXTzWy2bSRpJih8lxUfJ5XSWHO/prthpPx8szb/x8Scb/2x31P1V7RujthvPer1kJslEJ733uPq7WqcjFaOmUGzOsAzYmW7gYL/9NwAA//8wOw48")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x120)
getdents64(r0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=45.484842954s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
simplifying C reproducer
testing compiled C program (duration=45.484842954s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=45.484842954s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=45.484842954s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=45.484842954s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
program did not crash
testing compiled C program (duration=45.484842954s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=45.484842954s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=45.484842954s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing program (duration=45.484842954s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000c00), &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES8, @ANYBLOB="0a42f7415a3663f0ccff19a8b6c74a5ca36cde3a0764e4539a0072118a8ca35f4cfd925432ff27a561206de87f8ef8fd024eb3b7293d4f804164aa55affb403bca8af4c0f0fb72f91e3d6b0bb844b31943a9deeeafb1a147ec2703ef0dcb51f0b130653ab2053803328849a0ce1549b84673bd2905fb1371c07486fcc547a816c117c340d1683e87ffde3073bb03c6b1155e6cb645b5e79b6c216befe7790345349e", @ANYRESOCT, @ANYRES8], 0xfb, 0x6b4, &(0x7f00000013c0)="$eJzs3ctvXFcdB/DvHU9sT1pCmiZtQJVqNRIgIhInVlrMhoAQyqKqqrJgbSVOY8VJi+Mit0LE4bnton9AWWSDWCGxYhOpsGADu+6Ql0hIbMqCsGHQvXPHHs+MJ+M28QM+n+jOOeeec88953cf87CiG+D/1pWzaT5IkStnX10ryxv355Y37s/d6uRfayaZSrKelNlGkuJf7Xb7o+RyUmx2U/SlAz5Ymn/j4082/tYpNeulat8YtV2fut163+r17rqZJBN1+hls6+/qZ+6v2Bz55SRn6hT23ZEk7W1+8KenN2t6tIZtPb0nYwSerKLzvjngeHK0vtDLzwHdd97G3o5uPBPdQXYVzR3b9n+CAAAAgMOm+g48+NV325rPP8zDrBXH9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKitJ5P14/OLeml08zMpus//n6zXpc4fLC/urvmDzpwAAAAAAAAA4FB78WEeZi3HuuV2Uf3N/6WqcLJ6fSrv5E4Ws5JzWctCVrNaJBeSHO/paHJtYXV1qlvaccus5OKwLVcuPmKg3a5bj2HSAAAAAAAAAPC/5ye5svX3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAiKZKKTpLjXs/p4Gs0k00kmyxXrSdGs8wfb9MjaB3s2DgAAANg/U8nDrOVYt9wucjLJc9VvANN5J7ezmqWsZjmLuVb9LtD51t/YuD+3vHF/7la5DPb7rX/sahhVj+n89jB8z6fLFu0i17NUrTmXq3kry7mWRrVl6XQ9nm6vfeO6V46p+GbtlfFGdq1Oy5m/X6cD7u5qsjvZ5Y8px6uYHelEZCKZrcdWRuOZ7pEZfoR2eXS27SmLuZDG5mBP9u1pcvtktsd8q8vGqP0drdNyPr/YKeb7ohOJ/7Q7FnOx5+x7bnTMky//7jffn63zB2dK45mo03b12ho8J+Z6IvH8OJG4sXz75o3rd84etkgMmK0icWqzfCXfzfdyNjN5PStZyg+zkNUsZibfqXIL9cEvei75HSJ1eVvp9UeNZLI+QzsHa3djeqna9liW8lreyrUs5uXq38VcyCu5lEuZ7znCp0Yf4eqqbwxe9ZX254YO/sxX6kwryS/r9GAo4/pMT1y3zvrZKt7PbFtTR6lo5sQYURpybxyl+cU6U+7jp4+6ke6p/khc6Dlfnh0diV9Vt5U7y7dvrtxYeHu83Z14v86U19HPk5mDcyMpz5cT5cGqSlPbzo6y7tnNuu3xKutObtY1BupO5fdpNrt7Wcr6jlfqZP0ZbrCni1Xd80Pr5qq60z11rSGftwA48I5+9ehk6++tP7c+bP2sdaP16vS3p74+9cJkjvzhyDeasxNfarxQ/DYf5sdb3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBP7867791cWF5eXOnLtNvtu38ZXjVmpvu8mk+5eX+m+1SoMRpn5q9PlU2HVE2kfXeHqieV+cLTyV7t6+Bm/t1ut+s1xQ5tfv3H/kBNZZ9CVz/nr30gQjciM/34rq+BzL7dkoA9cn711tvn77z73teWbi28ufjm4u35S5fmZ+cvvTw3fX1peXH2fPW636MEnoStN/39HgkAAAAAAAAAAAAwrsf8fwbWh1Xt9xwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAw+3K2TQfpMiF2XOzZXnj/txyuXTzWy2bSRpJih8lxUfJ5XSWHO/prthpPx8szb/x8Scb/2x31P1V7RujthvPer1kJslEJ733uPq7WqcjFaOmUGzOsAzYmW7gYL/9NwAA//8wOw48")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x120)
getdents64(r0, &(0x7f0000000080)=""/203, 0xcb)

program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
validation run: crashed=true
testing program (duration=45.484842954s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000c00), &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES8, @ANYBLOB="0a42f7415a3663f0ccff19a8b6c74a5ca36cde3a0764e4539a0072118a8ca35f4cfd925432ff27a561206de87f8ef8fd024eb3b7293d4f804164aa55affb403bca8af4c0f0fb72f91e3d6b0bb844b31943a9deeeafb1a147ec2703ef0dcb51f0b130653ab2053803328849a0ce1549b84673bd2905fb1371c07486fcc547a816c117c340d1683e87ffde3073bb03c6b1155e6cb645b5e79b6c216befe7790345349e", @ANYRESOCT, @ANYRES8], 0xfb, 0x6b4, &(0x7f00000013c0)="$eJzs3ctvXFcdB/DvHU9sT1pCmiZtQJVqNRIgIhInVlrMhoAQyqKqqrJgbSVOY8VJi+Mit0LE4bnton9AWWSDWCGxYhOpsGADu+6Ql0hIbMqCsGHQvXPHHs+MJ+M28QM+n+jOOeeec88953cf87CiG+D/1pWzaT5IkStnX10ryxv355Y37s/d6uRfayaZSrKelNlGkuJf7Xb7o+RyUmx2U/SlAz5Ymn/j4082/tYpNeulat8YtV2fut163+r17rqZJBN1+hls6+/qZ+6v2Bz55SRn6hT23ZEk7W1+8KenN2t6tIZtPb0nYwSerKLzvjngeHK0vtDLzwHdd97G3o5uPBPdQXYVzR3b9n+CAAAAgMOm+g48+NV325rPP8zDrBXH9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKitJ5P14/OLeml08zMpus//n6zXpc4fLC/urvmDzpwAAAAAAAAA4FB78WEeZi3HuuV2Uf3N/6WqcLJ6fSrv5E4Ws5JzWctCVrNaJBeSHO/paHJtYXV1qlvaccus5OKwLVcuPmKg3a5bj2HSAAAAAAAAAPC/5ye5svX3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAiKZKKTpLjXs/p4Gs0k00kmyxXrSdGs8wfb9MjaB3s2DgAAANg/U8nDrOVYt9wucjLJc9VvANN5J7ezmqWsZjmLuVb9LtD51t/YuD+3vHF/7la5DPb7rX/sahhVj+n89jB8z6fLFu0i17NUrTmXq3kry7mWRrVl6XQ9nm6vfeO6V46p+GbtlfFGdq1Oy5m/X6cD7u5qsjvZ5Y8px6uYHelEZCKZrcdWRuOZ7pEZfoR2eXS27SmLuZDG5mBP9u1pcvtktsd8q8vGqP0drdNyPr/YKeb7ohOJ/7Q7FnOx5+x7bnTMky//7jffn63zB2dK45mo03b12ho8J+Z6IvH8OJG4sXz75o3rd84etkgMmK0icWqzfCXfzfdyNjN5PStZyg+zkNUsZibfqXIL9cEvei75HSJ1eVvp9UeNZLI+QzsHa3djeqna9liW8lreyrUs5uXq38VcyCu5lEuZ7znCp0Yf4eqqbwxe9ZX254YO/sxX6kwryS/r9GAo4/pMT1y3zvrZKt7PbFtTR6lo5sQYURpybxyl+cU6U+7jp4+6ke6p/khc6Dlfnh0diV9Vt5U7y7dvrtxYeHu83Z14v86U19HPk5mDcyMpz5cT5cGqSlPbzo6y7tnNuu3xKutObtY1BupO5fdpNrt7Wcr6jlfqZP0ZbrCni1Xd80Pr5qq60z11rSGftwA48I5+9ehk6++tP7c+bP2sdaP16vS3p74+9cJkjvzhyDeasxNfarxQ/DYf5sdb3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBP7867791cWF5eXOnLtNvtu38ZXjVmpvu8mk+5eX+m+1SoMRpn5q9PlU2HVE2kfXeHqieV+cLTyV7t6+Bm/t1ut+s1xQ5tfv3H/kBNZZ9CVz/nr30gQjciM/34rq+BzL7dkoA9cn711tvn77z73teWbi28ufjm4u35S5fmZ+cvvTw3fX1peXH2fPW636MEnoStN/39HgkAAAAAAAAAAAAwrsf8fwbWh1Xt9xwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAw+3K2TQfpMiF2XOzZXnj/txyuXTzWy2bSRpJih8lxUfJ5XSWHO/prthpPx8szb/x8Scb/2x31P1V7RujthvPer1kJslEJ733uPq7WqcjFaOmUGzOsAzYmW7gYL/9NwAA//8wOw48")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x120)
getdents64(r0, &(0x7f0000000080)=""/203, 0xcb)

program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
validation run: crashed=true
testing program (duration=45.484842954s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-openat$dir-getdents64
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000c00), &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES8, @ANYBLOB="0a42f7415a3663f0ccff19a8b6c74a5ca36cde3a0764e4539a0072118a8ca35f4cfd925432ff27a561206de87f8ef8fd024eb3b7293d4f804164aa55affb403bca8af4c0f0fb72f91e3d6b0bb844b31943a9deeeafb1a147ec2703ef0dcb51f0b130653ab2053803328849a0ce1549b84673bd2905fb1371c07486fcc547a816c117c340d1683e87ffde3073bb03c6b1155e6cb645b5e79b6c216befe7790345349e", @ANYRESOCT, @ANYRES8], 0xfb, 0x6b4, &(0x7f00000013c0)="$eJzs3ctvXFcdB/DvHU9sT1pCmiZtQJVqNRIgIhInVlrMhoAQyqKqqrJgbSVOY8VJi+Mit0LE4bnton9AWWSDWCGxYhOpsGADu+6Ql0hIbMqCsGHQvXPHHs+MJ+M28QM+n+jOOeeec88953cf87CiG+D/1pWzaT5IkStnX10ryxv355Y37s/d6uRfayaZSrKelNlGkuJf7Xb7o+RyUmx2U/SlAz5Ymn/j4082/tYpNeulat8YtV2fut163+r17rqZJBN1+hls6+/qZ+6v2Bz55SRn6hT23ZEk7W1+8KenN2t6tIZtPb0nYwSerKLzvjngeHK0vtDLzwHdd97G3o5uPBPdQXYVzR3b9n+CAAAAgMOm+g48+NV325rPP8zDrBXH9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKitJ5P14/OLeml08zMpus//n6zXpc4fLC/urvmDzpwAAAAAAAAA4FB78WEeZi3HuuV2Uf3N/6WqcLJ6fSrv5E4Ws5JzWctCVrNaJBeSHO/paHJtYXV1qlvaccus5OKwLVcuPmKg3a5bj2HSAAAAAAAAAPC/5ye5svX3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAiKZKKTpLjXs/p4Gs0k00kmyxXrSdGs8wfb9MjaB3s2DgAAANg/U8nDrOVYt9wucjLJc9VvANN5J7ezmqWsZjmLuVb9LtD51t/YuD+3vHF/7la5DPb7rX/sahhVj+n89jB8z6fLFu0i17NUrTmXq3kry7mWRrVl6XQ9nm6vfeO6V46p+GbtlfFGdq1Oy5m/X6cD7u5qsjvZ5Y8px6uYHelEZCKZrcdWRuOZ7pEZfoR2eXS27SmLuZDG5mBP9u1pcvtktsd8q8vGqP0drdNyPr/YKeb7ohOJ/7Q7FnOx5+x7bnTMky//7jffn63zB2dK45mo03b12ho8J+Z6IvH8OJG4sXz75o3rd84etkgMmK0icWqzfCXfzfdyNjN5PStZyg+zkNUsZibfqXIL9cEvei75HSJ1eVvp9UeNZLI+QzsHa3djeqna9liW8lreyrUs5uXq38VcyCu5lEuZ7znCp0Yf4eqqbwxe9ZX254YO/sxX6kwryS/r9GAo4/pMT1y3zvrZKt7PbFtTR6lo5sQYURpybxyl+cU6U+7jp4+6ke6p/khc6Dlfnh0diV9Vt5U7y7dvrtxYeHu83Z14v86U19HPk5mDcyMpz5cT5cGqSlPbzo6y7tnNuu3xKutObtY1BupO5fdpNrt7Wcr6jlfqZP0ZbrCni1Xd80Pr5qq60z11rSGftwA48I5+9ehk6++tP7c+bP2sdaP16vS3p74+9cJkjvzhyDeasxNfarxQ/DYf5sdb3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBP7867791cWF5eXOnLtNvtu38ZXjVmpvu8mk+5eX+m+1SoMRpn5q9PlU2HVE2kfXeHqieV+cLTyV7t6+Bm/t1ut+s1xQ5tfv3H/kBNZZ9CVz/nr30gQjciM/34rq+BzL7dkoA9cn711tvn77z73teWbi28ufjm4u35S5fmZ+cvvTw3fX1peXH2fPW636MEnoStN/39HgkAAAAAAAAAAAAwrsf8fwbWh1Xt9xwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAw+3K2TQfpMiF2XOzZXnj/txyuXTzWy2bSRpJih8lxUfJ5XSWHO/prthpPx8szb/x8Scb/2x31P1V7RujthvPer1kJslEJ733uPq7WqcjFaOmUGzOsAzYmW7gYL/9NwAA//8wOw48")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x120)
getdents64(r0, &(0x7f0000000080)=""/203, 0xcb)

program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
validation run: crashed=true
reproducing took 24m18.929954137s
repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 1024
==================================================================
BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x648/0x1054 fs/hfsplus/unicode.c:179
Read of size 2 at addr ffff0000d39f040c by task syz.0.17/4492

CPU: 0 PID: 4492 Comm: syz.0.17 Not tainted 6.1.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 print_address_description+0x88/0x218 mm/kasan/report.c:316
 print_report+0x50/0x68 mm/kasan/report.c:420
 kasan_report+0xa8/0x100 mm/kasan/report.c:524
 __asan_report_load2_noabort+0x2c/0x38 mm/kasan/report_generic.c:349
 hfsplus_uni2asc+0x648/0x1054 fs/hfsplus/unicode.c:179
 hfsplus_readdir+0x638/0xb3c fs/hfsplus/dir.c:207
 iterate_dir+0x1f0/0x4cc fs/readdir.c:-1
 __do_sys_getdents64 fs/readdir.c:369 [inline]
 __se_sys_getdents64 fs/readdir.c:354 [inline]
 __arm64_sys_getdents64+0x11c/0x318 fs/readdir.c:354
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Allocated by task 4492:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
 kasan_save_alloc_info+0x28/0x34 mm/kasan/generic.c:505
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0xa0/0xb8 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slab_common.c:936 [inline]
 __kmalloc+0xec/0x178 mm/slab_common.c:949
 kmalloc include/linux/slab.h:568 [inline]
 hfsplus_find_init+0x84/0x1bc fs/hfsplus/bfind.c:21
 hfsplus_readdir+0x19c/0xb3c fs/hfsplus/dir.c:144
 iterate_dir+0x1f0/0x4cc fs/readdir.c:-1
 __do_sys_getdents64 fs/readdir.c:369 [inline]
 __se_sys_getdents64 fs/readdir.c:354 [inline]
 __arm64_sys_getdents64+0x11c/0x318 fs/readdir.c:354
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

The buggy address belongs to the object at ffff0000d39f0000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 1036 bytes inside of
 2048-byte region [ffff0000d39f0000, ffff0000d39f0800)

The buggy address belongs to the physical page:
page:0000000088be2612 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1139f0
head:0000000088be2612 order:3 compound_mapcount:0 compound_pincount:0
flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002900
raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000d39f0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000d39f0380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000d39f0400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                      ^
 ffff0000d39f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000d39f0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

final repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 1024
==================================================================
BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x648/0x1054 fs/hfsplus/unicode.c:179
Read of size 2 at addr ffff0000d39f040c by task syz.0.17/4492

CPU: 0 PID: 4492 Comm: syz.0.17 Not tainted 6.1.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 print_address_description+0x88/0x218 mm/kasan/report.c:316
 print_report+0x50/0x68 mm/kasan/report.c:420
 kasan_report+0xa8/0x100 mm/kasan/report.c:524
 __asan_report_load2_noabort+0x2c/0x38 mm/kasan/report_generic.c:349
 hfsplus_uni2asc+0x648/0x1054 fs/hfsplus/unicode.c:179
 hfsplus_readdir+0x638/0xb3c fs/hfsplus/dir.c:207
 iterate_dir+0x1f0/0x4cc fs/readdir.c:-1
 __do_sys_getdents64 fs/readdir.c:369 [inline]
 __se_sys_getdents64 fs/readdir.c:354 [inline]
 __arm64_sys_getdents64+0x11c/0x318 fs/readdir.c:354
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Allocated by task 4492:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
 kasan_save_alloc_info+0x28/0x34 mm/kasan/generic.c:505
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0xa0/0xb8 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slab_common.c:936 [inline]
 __kmalloc+0xec/0x178 mm/slab_common.c:949
 kmalloc include/linux/slab.h:568 [inline]
 hfsplus_find_init+0x84/0x1bc fs/hfsplus/bfind.c:21
 hfsplus_readdir+0x19c/0xb3c fs/hfsplus/dir.c:144
 iterate_dir+0x1f0/0x4cc fs/readdir.c:-1
 __do_sys_getdents64 fs/readdir.c:369 [inline]
 __se_sys_getdents64 fs/readdir.c:354 [inline]
 __arm64_sys_getdents64+0x11c/0x318 fs/readdir.c:354
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

The buggy address belongs to the object at ffff0000d39f0000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 1036 bytes inside of
 2048-byte region [ffff0000d39f0000, ffff0000d39f0800)

The buggy address belongs to the physical page:
page:0000000088be2612 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1139f0
head:0000000088be2612 order:3 compound_mapcount:0 compound_pincount:0
flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002900
raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000d39f0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000d39f0380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000d39f0400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                      ^
 ffff0000d39f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000d39f0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================