[ 18.609245][ T3637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.614592][ T3637] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.657886][ T148] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.666910][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.047832][ T3961] loop0: detected capacity change from 0 to 1024 [ 45.060622][ T3961] ================================================================== [ 45.062404][ T3961] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 [ 45.064070][ T3961] Read of size 2 at addr ffff0000dbffba18 by task syz-executor619/3961 [ 45.065890][ T3961] [ 45.066347][ T3961] CPU: 0 PID: 3961 Comm: syz-executor619 Not tainted 5.15.110-syzkaller #0 [ 45.068169][ T3961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 45.070364][ T3961] Call trace: [ 45.071084][ T3961] dump_backtrace+0x0/0x530 [ 45.072057][ T3961] show_stack+0x2c/0x3c [ 45.072980][ T3961] dump_stack_lvl+0x108/0x170 [ 45.074001][ T3961] print_address_description+0x7c/0x3f0 [ 45.075134][ T3961] kasan_report+0x174/0x1e4 [ 45.076075][ T3961] __asan_report_load2_noabort+0x44/0x50 [ 45.077256][ T3961] hfsplus_uni2asc+0x624/0x1018 [ 45.078390][ T3961] hfsplus_listxattr+0x5bc/0xc9c [ 45.079499][ T3961] listxattr+0x29c/0x3e4 [ 45.080385][ T3961] __arm64_sys_llistxattr+0x13c/0x21c [ 45.081536][ T3961] invoke_syscall+0x98/0x2b8 [ 45.082531][ T3961] el0_svc_common+0x138/0x258 [ 45.083515][ T3961] do_el0_svc+0x58/0x14c [ 45.084461][ T3961] el0_svc+0x7c/0x1f0 [ 45.085362][ T3961] el0t_64_sync_handler+0x84/0xe4 [ 45.086503][ T3961] el0t_64_sync+0x1a0/0x1a4 [ 45.087479][ T3961] [ 45.087928][ T3961] Allocated by task 3961: [ 45.088820][ T3961] ____kasan_kmalloc+0xbc/0xfc [ 45.089846][ T3961] __kasan_kmalloc+0x10/0x1c [ 45.090832][ T3961] __kmalloc+0x29c/0x4c8 [ 45.091788][ T3961] hfsplus_find_init+0x84/0x1bc [ 45.092796][ T3961] hfsplus_listxattr+0x31c/0xc9c [ 45.093841][ T3961] listxattr+0x29c/0x3e4 [ 45.094746][ T3961] __arm64_sys_llistxattr+0x13c/0x21c [ 45.095927][ T3961] invoke_syscall+0x98/0x2b8 [ 45.096919][ T3961] el0_svc_common+0x138/0x258 [ 45.097974][ T3961] do_el0_svc+0x58/0x14c [ 45.098861][ T3961] el0_svc+0x7c/0x1f0 [ 45.099833][ T3961] el0t_64_sync_handler+0x84/0xe4 [ 45.100957][ T3961] el0t_64_sync+0x1a0/0x1a4 [ 45.101953][ T3961] [ 45.102457][ T3961] The buggy address belongs to the object at ffff0000dbffb800 [ 45.102457][ T3961] which belongs to the cache kmalloc-1k of size 1024 [ 45.105559][ T3961] The buggy address is located 536 bytes inside of [ 45.105559][ T3961] 1024-byte region [ffff0000dbffb800, ffff0000dbffbc00) [ 45.108383][ T3961] The buggy address belongs to the page: [ 45.109607][ T3961] page:000000007ca059d1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bff8 [ 45.111846][ T3961] head:000000007ca059d1 order:3 compound_mapcount:0 compound_pincount:0 [ 45.113542][ T3961] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 45.115271][ T3961] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 45.117057][ T3961] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 45.118885][ T3961] page dumped because: kasan: bad access detected [ 45.120241][ T3961] [ 45.120760][ T3961] Memory state around the buggy address: [ 45.121949][ T3961] ffff0000dbffb900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.123744][ T3961] ffff0000dbffb980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.125552][ T3961] >ffff0000dbffba00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.127228][ T3961] ^ [ 45.128295][ T3961] ffff0000dbffba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.130057][ T3961] ffff0000dbffbb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.131819][ T3961] ================================================================== [ 45.133601][ T3961] Disabling lock debugging due to kernel taint [ 45.135695][ T3961] hfsplus: unicode conversion failed