Warning: Permanently added '10.128.0.253' (ED25519) to the list of known hosts. executing program [ 42.626578][ T4021] loop0: detected capacity change from 0 to 1024 [ 42.722939][ T4021] ================================================================== [ 42.725174][ T4021] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x648/0x1054 [ 42.727303][ T4021] Read of size 2 at addr ffff0000c21c2a18 by task syz-executor355/4021 [ 42.729607][ T4021] [ 42.730186][ T4021] CPU: 0 PID: 4021 Comm: syz-executor355 Not tainted 5.15.185-syzkaller #0 [ 42.732565][ T4021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.735181][ T4021] Call trace: [ 42.736024][ T4021] dump_backtrace+0x0/0x43c [ 42.737256][ T4021] show_stack+0x2c/0x3c [ 42.738389][ T4021] __dump_stack+0x30/0x40 [ 42.739622][ T4021] dump_stack_lvl+0xf8/0x160 [ 42.740943][ T4021] print_address_description+0x78/0x30c [ 42.742402][ T4021] kasan_report+0xec/0x15c [ 42.743534][ T4021] __asan_report_load2_noabort+0x44/0x50 [ 42.745050][ T4021] hfsplus_uni2asc+0x648/0x1054 [ 42.746312][ T4021] hfsplus_listxattr+0x4a8/0x9e8 [ 42.747607][ T4021] listxattr+0x29c/0x3e0 [ 42.748681][ T4021] path_listxattr+0xdc/0x1b4 [ 42.749871][ T4021] __arm64_sys_llistxattr+0x80/0x94 [ 42.751192][ T4021] invoke_syscall+0x98/0x2b8 [ 42.752376][ T4021] el0_svc_common+0x138/0x258 [ 42.753572][ T4021] do_el0_svc+0x58/0x14c [ 42.754670][ T4021] el0_svc+0x78/0x1e0 [ 42.755730][ T4021] el0t_64_sync_handler+0xcc/0xe4 [ 42.757005][ T4021] el0t_64_sync+0x1a0/0x1a4 [ 42.758201][ T4021] [ 42.758825][ T4021] Allocated by task 4021: [ 42.759948][ T4021] __kasan_kmalloc+0xb0/0xf0 [ 42.761131][ T4021] __kmalloc+0x298/0x44c [ 42.762257][ T4021] hfsplus_find_init+0x84/0x1bc [ 42.763533][ T4021] hfsplus_listxattr+0x2fc/0x9e8 [ 42.764879][ T4021] listxattr+0x29c/0x3e0 [ 42.765982][ T4021] path_listxattr+0xdc/0x1b4 [ 42.767161][ T4021] __arm64_sys_llistxattr+0x80/0x94 [ 42.768512][ T4021] invoke_syscall+0x98/0x2b8 [ 42.769733][ T4021] el0_svc_common+0x138/0x258 [ 42.770994][ T4021] do_el0_svc+0x58/0x14c [ 42.772136][ T4021] el0_svc+0x78/0x1e0 [ 42.773179][ T4021] el0t_64_sync_handler+0xcc/0xe4 [ 42.774513][ T4021] el0t_64_sync+0x1a0/0x1a4 [ 42.775675][ T4021] [ 42.776259][ T4021] The buggy address belongs to the object at ffff0000c21c2800 [ 42.776259][ T4021] which belongs to the cache kmalloc-1k of size 1024 [ 42.779938][ T4021] The buggy address is located 536 bytes inside of [ 42.779938][ T4021] 1024-byte region [ffff0000c21c2800, ffff0000c21c2c00) [ 42.783448][ T4021] The buggy address belongs to the page: [ 42.784920][ T4021] page:000000006e383c59 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021c0 [ 42.787617][ T4021] head:000000006e383c59 order:3 compound_mapcount:0 compound_pincount:0 [ 42.789829][ T4021] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 42.791981][ T4021] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 [ 42.794270][ T4021] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 42.796511][ T4021] page dumped because: kasan: bad access detected [ 42.798156][ T4021] [ 42.798738][ T4021] Memory state around the buggy address: [ 42.800223][ T4021] ffff0000c21c2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.802319][ T4021] ffff0000c21c2980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.804403][ T4021] >ffff0000c21c2a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.806547][ T4021] ^ [ 42.807827][ T4021] ffff0000c21c2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.809995][ T4021] ffff0000c21c2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.812314][ T4021] ================================================================== [ 42.814511][ T4021] Disabling lock debugging due to kernel taint [ 42.816161][ T4021] hfsplus: unicode conversion failed