Extracting prog: 2m41.313451947s Minimizing prog: 4m11.303522322s Simplifying prog options: 0s Extracting C: 1m0.830352761s Simplifying C: 7m27.645773502s extracting reproducer from 1 programs testing a last program of every proc single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr detailed listing: executing program 0: syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x65e, &(0x7f00000008c0)="$eJzs3U9sHFcdB/DvrjdONpTUTZM2RZUSNRIgLBL/kQvmQkAI+VChqhw4W4nTWNmkxXaRWyHq8vfaQ8S5HHzjhMQ9UrlwgVuvPlZCcOkFc1o0s7P2xt71n9b12u3nE82+N/Nm3vzeb9/s7K4VbYAvrbnxNB6nlrnxV1aL9Y316dbG+vSDbj3J2ST1pNEpUvtvu93+MLmVzpIXio1Vd7Ud3Te6lUeLs6999MnGx9ubG939632OO6S1asm1JCNVeVT93d6vv3P7dVfbGmGRsOvdxMGwnUnSLv37UWfLz//+1FZLj2a/o/ed+cApUOvcN3cZS85XF3rxPqBzV+zcs0+1tWEHAAAAAMfg6c1sZjUXhh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnCbV7//XqqXerV9Lrfv7/6PVtlT1k+Xq4XZ//HnFAQAAAAAAAADH6OpmNrOaC931dq38m/9L5cql4uFM8laWs5Cl3Mhq5rOSlSxlMslYT0ejq/MrK0uTvUfmK32PnOp75NQ+gZ6tyuYRDRwAAAAAAAAAvlh+nbntv/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBJUEtGOkW5XOrWx1JvJDmXZLTYby35Z7d+mj0edgAAAABwDJ7ezGZWc6G73q6Vn/mfKz/3n8tbeZiVLGYlrSzkTvldQOdTf31jfbq1sT79oFh29/uD/xwqjLLHdL576H/mK+UezdzNYrnlRm7njbRyJ/XyyMKVbjz943qviKn2/coBI7tTlcXI36/KXd491GAHOeSXKWNlRs5sZWSiiq3IxjN7Z+KQz87OM02mvhXspR1nGn1yHJ8q5+ershjP7wflfCh2ZmKqZ/Y9t3fOk2/89c8/u9d6eP/e3eXxkzOkva1V5UhVtsvH5u5MTPdk4vkvYiYGmigzcXlrfS4/zk8znmt5NUtZzC8yn5Us5Fp+VNbmq/lc67nkB2Tq1hNrr+4XyWg1QztP1uFieqk89kIW85O8kTtZyMvlv6lM5juZyUxme57hywd4pa0PuOrbX+0b/PVvVpVmkj9U5clQ5PWZnrz2vuaOlW29W7azdPHo70eNr1WV4hy/qcqTYWcmJnsy8ezemfhT+bKy3Hp4f+ne/JsHO93F96tKcR397kTdJYr5crF4ssq1J2dH0fZs37bJsu3SVlt9V9vlrbbOlbo28Eodrd7D7e5pqmx7vm/bdNl2paet3/stAE688986P9r8V/MfzQ+av23ea75y7odnv3v2xdGc+duZ7zUmRr5ef7H2l3yQX21//gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD695bffuT/fai0s7ai02+13BzSd5kr358yO8aQvPJUMa8ijSU5G5v/XbrerLbWTEM/elXbhbNqfrZ8/7j/ZGkn6NV3t3fLeUObPEF+UgGNxc+XBmzeX337n24sP5l9feH3h4ezMzOzE7MzL0zfvLrYWJjqPw44S+Dxs3/SHHQkAAAAAAAAAAABwUEfzfwaaSQbvM/js545zqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApNTeexuPUMjlxY6JY31ifbhVLt769ZyNJPUntl0ntw+RWOkvGerqrDTrPo8XZ1z76ZOPjrb7aI92m+l7HHcxateRakpGqPKr+bn/m/mpbIywSdr2bOBi2/wcAAP//8aAC9g==") llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc single: successfully extracted reproducer found reproducer with 2 syscalls minimizing guilty program testing program (duration=1m1.348343763s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus detailed listing: executing program 0: syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x65e, &(0x7f00000008c0)="$eJzs3U9sHFcdB/DvrjdONpTUTZM2RZUSNRIgLBL/kQvmQkAI+VChqhw4W4nTWNmkxXaRWyHq8vfaQ8S5HHzjhMQ9UrlwgVuvPlZCcOkFc1o0s7P2xt71n9b12u3nE82+N/Nm3vzeb9/s7K4VbYAvrbnxNB6nlrnxV1aL9Y316dbG+vSDbj3J2ST1pNEpUvtvu93+MLmVzpIXio1Vd7Ud3Te6lUeLs6999MnGx9ubG939632OO6S1asm1JCNVeVT93d6vv3P7dVfbGmGRsOvdxMGwnUnSLv37UWfLz//+1FZLj2a/o/ed+cApUOvcN3cZS85XF3rxPqBzV+zcs0+1tWEHAAAAAMfg6c1sZjUXhh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnCbV7//XqqXerV9Lrfv7/6PVtlT1k+Xq4XZ//HnFAQAAAAAAAADH6OpmNrOaC931dq38m/9L5cql4uFM8laWs5Cl3Mhq5rOSlSxlMslYT0ejq/MrK0uTvUfmK32PnOp75NQ+gZ6tyuYRDRwAAAAAAAAAvlh+nbntv/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBJUEtGOkW5XOrWx1JvJDmXZLTYby35Z7d+mj0edgAAAABwDJ7ezGZWc6G73q6Vn/mfKz/3n8tbeZiVLGYlrSzkTvldQOdTf31jfbq1sT79oFh29/uD/xwqjLLHdL576H/mK+UezdzNYrnlRm7njbRyJ/XyyMKVbjz943qviKn2/coBI7tTlcXI36/KXd491GAHOeSXKWNlRs5sZWSiiq3IxjN7Z+KQz87OM02mvhXspR1nGn1yHJ8q5+ershjP7wflfCh2ZmKqZ/Y9t3fOk2/89c8/u9d6eP/e3eXxkzOkva1V5UhVtsvH5u5MTPdk4vkvYiYGmigzcXlrfS4/zk8znmt5NUtZzC8yn5Us5Fp+VNbmq/lc67nkB2Tq1hNrr+4XyWg1QztP1uFieqk89kIW85O8kTtZyMvlv6lM5juZyUxme57hywd4pa0PuOrbX+0b/PVvVpVmkj9U5clQ5PWZnrz2vuaOlW29W7azdPHo70eNr1WV4hy/qcqTYWcmJnsy8ezemfhT+bKy3Hp4f+ne/JsHO93F96tKcR397kTdJYr5crF4ssq1J2dH0fZs37bJsu3SVlt9V9vlrbbOlbo28Eodrd7D7e5pqmx7vm/bdNl2paet3/stAE688986P9r8V/MfzQ+av23ea75y7odnv3v2xdGc+duZ7zUmRr5ef7H2l3yQX21//gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD695bffuT/fai0s7ai02+13BzSd5kr358yO8aQvPJUMa8ijSU5G5v/XbrerLbWTEM/elXbhbNqfrZ8/7j/ZGkn6NV3t3fLeUObPEF+UgGNxc+XBmzeX337n24sP5l9feH3h4ezMzOzE7MzL0zfvLrYWJjqPw44S+Dxs3/SHHQkAAAAAAAAAAABwUEfzfwaaSQbvM/js545zqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApNTeexuPUMjlxY6JY31ifbhVLt769ZyNJPUntl0ntw+RWOkvGerqrDTrPo8XZ1z76ZOPjrb7aI92m+l7HHcxateRakpGqPKr+bn/m/mpbIywSdr2bOBi2/wcAAP//8aAC9g==") program did not crash testing program (duration=1m1.348343763s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): llistxattr detailed listing: executing program 0: llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) program did not crash testing program (duration=1m1.348343763s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr detailed listing: executing program 0: syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x65e, &(0x7f00000008c0)="$eJzs3U9sHFcdB/DvrjdONpTUTZM2RZUSNRIgLBL/kQvmQkAI+VChqhw4W4nTWNmkxXaRWyHq8vfaQ8S5HHzjhMQ9UrlwgVuvPlZCcOkFc1o0s7P2xt71n9b12u3nE82+N/Nm3vzeb9/s7K4VbYAvrbnxNB6nlrnxV1aL9Y316dbG+vSDbj3J2ST1pNEpUvtvu93+MLmVzpIXio1Vd7Ud3Te6lUeLs6999MnGx9ubG939632OO6S1asm1JCNVeVT93d6vv3P7dVfbGmGRsOvdxMGwnUnSLv37UWfLz//+1FZLj2a/o/ed+cApUOvcN3cZS85XF3rxPqBzV+zcs0+1tWEHAAAAAMfg6c1sZjUXhh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnCbV7//XqqXerV9Lrfv7/6PVtlT1k+Xq4XZ//HnFAQAAAAAAAADH6OpmNrOaC931dq38m/9L5cql4uFM8laWs5Cl3Mhq5rOSlSxlMslYT0ejq/MrK0uTvUfmK32PnOp75NQ+gZ6tyuYRDRwAAAAAAAAAvlh+nbntv/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBJUEtGOkW5XOrWx1JvJDmXZLTYby35Z7d+mj0edgAAAABwDJ7ezGZWc6G73q6Vn/mfKz/3n8tbeZiVLGYlrSzkTvldQOdTf31jfbq1sT79oFh29/uD/xwqjLLHdL576H/mK+UezdzNYrnlRm7njbRyJ/XyyMKVbjz943qviKn2/coBI7tTlcXI36/KXd491GAHOeSXKWNlRs5sZWSiiq3IxjN7Z+KQz87OM02mvhXspR1nGn1yHJ8q5+ershjP7wflfCh2ZmKqZ/Y9t3fOk2/89c8/u9d6eP/e3eXxkzOkva1V5UhVtsvH5u5MTPdk4vkvYiYGmigzcXlrfS4/zk8znmt5NUtZzC8yn5Us5Fp+VNbmq/lc67nkB2Tq1hNrr+4XyWg1QztP1uFieqk89kIW85O8kTtZyMvlv6lM5juZyUxme57hywd4pa0PuOrbX+0b/PVvVpVmkj9U5clQ5PWZnrz2vuaOlW29W7azdPHo70eNr1WV4hy/qcqTYWcmJnsy8ezemfhT+bKy3Hp4f+ne/JsHO93F96tKcR397kTdJYr5crF4ssq1J2dH0fZs37bJsu3SVlt9V9vlrbbOlbo28Eodrd7D7e5pqmx7vm/bdNl2paet3/stAE688986P9r8V/MfzQ+av23ea75y7odnv3v2xdGc+duZ7zUmRr5ef7H2l3yQX21//gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD695bffuT/fai0s7ai02+13BzSd5kr358yO8aQvPJUMa8ijSU5G5v/XbrerLbWTEM/elXbhbNqfrZ8/7j/ZGkn6NV3t3fLeUObPEF+UgGNxc+XBmzeX337n24sP5l9feH3h4ezMzOzE7MzL0zfvLrYWJjqPw44S+Dxs3/SHHQkAAAAAAAAAAABwUEfzfwaaSQbvM/js545zqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApNTeexuPUMjlxY6JY31ifbhVLt769ZyNJPUntl0ntw+RWOkvGerqrDTrPo8XZ1z76ZOPjrb7aI92m+l7HHcxateRakpGqPKr+bn/m/mpbIywSdr2bOBi2/wcAAP//8aAC9g==") llistxattr(0x0, 0x0, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=1m1.348343763s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc simplifying C reproducer testing compiled C program (duration=1m1.348343763s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc testing compiled C program (duration=1m1.348343763s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc testing compiled C program (duration=1m1.348343763s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc testing compiled C program (duration=1m1.348343763s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc testing compiled C program (duration=1m1.348343763s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc testing compiled C program (duration=1m1.348343763s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc testing compiled C program (duration=1m1.348343763s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc reproducing took 15m21.093131772s repro crashed as (corrupted=false): loop0: detected capacity change from 0 to 1024 ================================================================== BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 fs/hfsplus/unicode.c:179 Read of size 2 at addr ffff0000c4c48218 by task syz-executor602/4291 CPU: 1 PID: 4291 Comm: syz-executor602 Not tainted 6.1.123-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [inline] print_report+0x174/0x4c0 mm/kasan/report.c:427 kasan_report+0xd4/0x130 mm/kasan/report.c:531 __asan_report_load2_noabort+0x2c/0x38 mm/kasan/report_generic.c:349 hfsplus_uni2asc+0x624/0x1018 fs/hfsplus/unicode.c:179 hfsplus_listxattr+0x5bc/0xc9c fs/hfsplus/xattr.c:736 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x29c/0x3cc fs/xattr.c:804 path_listxattr fs/xattr.c:828 [inline] __do_sys_llistxattr fs/xattr.c:846 [inline] __se_sys_llistxattr fs/xattr.c:843 [inline] __arm64_sys_llistxattr+0x13c/0x21c fs/xattr.c:843 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 Allocated by task 4291: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4c/0x80 mm/kasan/common.c:52 kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505 ____kasan_kmalloc mm/kasan/common.c:374 [inline] __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:383 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slab_common.c:936 [inline] __kmalloc+0xd8/0x1c4 mm/slab_common.c:949 kmalloc include/linux/slab.h:568 [inline] hfsplus_find_init+0x84/0x1bc fs/hfsplus/bfind.c:21 hfsplus_listxattr+0x31c/0xc9c fs/hfsplus/xattr.c:696 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x29c/0x3cc fs/xattr.c:804 path_listxattr fs/xattr.c:828 [inline] __do_sys_llistxattr fs/xattr.c:846 [inline] __se_sys_llistxattr fs/xattr.c:843 [inline] __arm64_sys_llistxattr+0x13c/0x21c fs/xattr.c:843 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 The buggy address belongs to the object at ffff0000c4c48000 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 536 bytes inside of 1024-byte region [ffff0000c4c48000, ffff0000c4c48400) The buggy address belongs to the physical page: page:000000004d5f8c95 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c48 head:000000004d5f8c95 order:3 compound_mapcount:0 compound_pincount:0 flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002780 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000c4c48100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff0000c4c48180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff0000c4c48200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff0000c4c48280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff0000c4c48300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== hfsplus: unicode conversion failed final repro crashed as (corrupted=false): loop0: detected capacity change from 0 to 1024 ================================================================== BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 fs/hfsplus/unicode.c:179 Read of size 2 at addr ffff0000c4c48218 by task syz-executor602/4291 CPU: 1 PID: 4291 Comm: syz-executor602 Not tainted 6.1.123-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [inline] print_report+0x174/0x4c0 mm/kasan/report.c:427 kasan_report+0xd4/0x130 mm/kasan/report.c:531 __asan_report_load2_noabort+0x2c/0x38 mm/kasan/report_generic.c:349 hfsplus_uni2asc+0x624/0x1018 fs/hfsplus/unicode.c:179 hfsplus_listxattr+0x5bc/0xc9c fs/hfsplus/xattr.c:736 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x29c/0x3cc fs/xattr.c:804 path_listxattr fs/xattr.c:828 [inline] __do_sys_llistxattr fs/xattr.c:846 [inline] __se_sys_llistxattr fs/xattr.c:843 [inline] __arm64_sys_llistxattr+0x13c/0x21c fs/xattr.c:843 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 Allocated by task 4291: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4c/0x80 mm/kasan/common.c:52 kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505 ____kasan_kmalloc mm/kasan/common.c:374 [inline] __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:383 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slab_common.c:936 [inline] __kmalloc+0xd8/0x1c4 mm/slab_common.c:949 kmalloc include/linux/slab.h:568 [inline] hfsplus_find_init+0x84/0x1bc fs/hfsplus/bfind.c:21 hfsplus_listxattr+0x31c/0xc9c fs/hfsplus/xattr.c:696 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x29c/0x3cc fs/xattr.c:804 path_listxattr fs/xattr.c:828 [inline] __do_sys_llistxattr fs/xattr.c:846 [inline] __se_sys_llistxattr fs/xattr.c:843 [inline] __arm64_sys_llistxattr+0x13c/0x21c fs/xattr.c:843 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 The buggy address belongs to the object at ffff0000c4c48000 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 536 bytes inside of 1024-byte region [ffff0000c4c48000, ffff0000c4c48400) The buggy address belongs to the physical page: page:000000004d5f8c95 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c48 head:000000004d5f8c95 order:3 compound_mapcount:0 compound_pincount:0 flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002780 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000c4c48100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff0000c4c48180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff0000c4c48200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff0000c4c48280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff0000c4c48300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== hfsplus: unicode conversion failed