Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. executing program [ 37.333630][ T4217] loop0: detected capacity change from 0 to 1024 [ 37.343793][ T4217] ================================================================== [ 37.345447][ T4217] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018 [ 37.346960][ T4217] Read of size 2 at addr ffff0000de891a18 by task syz-executor952/4217 [ 37.348664][ T4217] [ 37.349194][ T4217] CPU: 1 PID: 4217 Comm: syz-executor952 Not tainted 6.1.27-syzkaller #0 [ 37.351017][ T4217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 37.353178][ T4217] Call trace: [ 37.353863][ T4217] dump_backtrace+0x1c8/0x1f4 [ 37.354891][ T4217] show_stack+0x2c/0x3c [ 37.355783][ T4217] dump_stack_lvl+0x108/0x170 [ 37.356774][ T4217] print_report+0x174/0x4c0 [ 37.357777][ T4217] kasan_report+0xd4/0x130 [ 37.358706][ T4217] __asan_report_load2_noabort+0x2c/0x38 [ 37.359869][ T4217] hfsplus_uni2asc+0x624/0x1018 [ 37.360983][ T4217] hfsplus_listxattr+0x5bc/0xc9c [ 37.362020][ T4217] listxattr+0x29c/0x3cc [ 37.362930][ T4217] __arm64_sys_llistxattr+0x13c/0x21c [ 37.364096][ T4217] invoke_syscall+0x98/0x2c0 [ 37.365091][ T4217] el0_svc_common+0x138/0x258 [ 37.366065][ T4217] do_el0_svc+0x64/0x218 [ 37.366991][ T4217] el0_svc+0x58/0x168 [ 37.367852][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 37.368866][ T4217] el0t_64_sync+0x18c/0x190 [ 37.369767][ T4217] [ 37.370222][ T4217] Allocated by task 4217: [ 37.371138][ T4217] kasan_set_track+0x4c/0x80 [ 37.372147][ T4217] kasan_save_alloc_info+0x24/0x30 [ 37.373228][ T4217] __kasan_kmalloc+0xac/0xc4 [ 37.374223][ T4217] __kmalloc+0xd8/0x1c4 [ 37.375049][ T4217] hfsplus_find_init+0x84/0x1bc [ 37.376040][ T4217] hfsplus_listxattr+0x31c/0xc9c [ 37.377048][ T4217] listxattr+0x29c/0x3cc [ 37.377935][ T4217] __arm64_sys_llistxattr+0x13c/0x21c [ 37.379173][ T4217] invoke_syscall+0x98/0x2c0 [ 37.380134][ T4217] el0_svc_common+0x138/0x258 [ 37.381100][ T4217] do_el0_svc+0x64/0x218 [ 37.381969][ T4217] el0_svc+0x58/0x168 [ 37.382836][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 37.383912][ T4217] el0t_64_sync+0x18c/0x190 [ 37.384858][ T4217] [ 37.385361][ T4217] The buggy address belongs to the object at ffff0000de891800 [ 37.385361][ T4217] which belongs to the cache kmalloc-1k of size 1024 [ 37.388249][ T4217] The buggy address is located 536 bytes inside of [ 37.388249][ T4217] 1024-byte region [ffff0000de891800, ffff0000de891c00) [ 37.391004][ T4217] [ 37.391544][ T4217] The buggy address belongs to the physical page: [ 37.392889][ T4217] page:00000000b37f6ffc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e890 [ 37.394987][ T4217] head:00000000b37f6ffc order:3 compound_mapcount:0 compound_pincount:0 [ 37.396818][ T4217] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 37.398637][ T4217] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 37.400393][ T4217] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 37.402209][ T4217] page dumped because: kasan: bad access detected [ 37.403559][ T4217] [ 37.404051][ T4217] Memory state around the buggy address: [ 37.405357][ T4217] ffff0000de891900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.406977][ T4217] ffff0000de891980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.408690][ T4217] >ffff0000de891a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.410445][ T4217] ^ [ 37.411393][ T4217] ffff0000de891a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.413129][ T4217] ffff0000de891b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.414802][ T4217] =========================