Extracting prog: 4m59.658536918s
Minimizing prog: 18m48.300319674s
Simplifying prog options: 0s
Extracting C: 36.486153694s
Simplifying C: 10m39.3929111s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x65e, &(0x7f00000008c0)="$eJzs3U9sHFcdB/DvrjdONpTUTZM2RZUSNRIgLBL/kQvmQkAI+VChqhw4W4nTWNmkxXaRWyHq8vfaQ8S5HHzjhMQ9UrlwgVuvPlZCcOkFc1o0s7P2xt71n9b12u3nE82+N/Nm3vzeb9/s7K4VbYAvrbnxNB6nlrnxV1aL9Y316dbG+vSDbj3J2ST1pNEpUvtvu93+MLmVzpIXio1Vd7Ud3Te6lUeLs6999MnGx9ubG939632OO6S1asm1JCNVeVT93d6vv3P7dVfbGmGRsOvdxMGwnUnSLv37UWfLz//+1FZLj2a/o/ed+cApUOvcN3cZS85XF3rxPqBzV+zcs0+1tWEHAAAAAMfg6c1sZjUXhh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnCbV7//XqqXerV9Lrfv7/6PVtlT1k+Xq4XZ//HnFAQAAAAAAAADH6OpmNrOaC931dq38m/9L5cql4uFM8laWs5Cl3Mhq5rOSlSxlMslYT0ejq/MrK0uTvUfmK32PnOp75NQ+gZ6tyuYRDRwAAAAAAAAAvlh+nbntv/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBJUEtGOkW5XOrWx1JvJDmXZLTYby35Z7d+mj0edgAAAABwDJ7ezGZWc6G73q6Vn/mfKz/3n8tbeZiVLGYlrSzkTvldQOdTf31jfbq1sT79oFh29/uD/xwqjLLHdL576H/mK+UezdzNYrnlRm7njbRyJ/XyyMKVbjz943qviKn2/coBI7tTlcXI36/KXd491GAHOeSXKWNlRs5sZWSiiq3IxjN7Z+KQz87OM02mvhXspR1nGn1yHJ8q5+ershjP7wflfCh2ZmKqZ/Y9t3fOk2/89c8/u9d6eP/e3eXxkzOkva1V5UhVtsvH5u5MTPdk4vkvYiYGmigzcXlrfS4/zk8znmt5NUtZzC8yn5Us5Fp+VNbmq/lc67nkB2Tq1hNrr+4XyWg1QztP1uFieqk89kIW85O8kTtZyMvlv6lM5juZyUxme57hywd4pa0PuOrbX+0b/PVvVpVmkj9U5clQ5PWZnrz2vuaOlW29W7azdPHo70eNr1WV4hy/qcqTYWcmJnsy8ezemfhT+bKy3Hp4f+ne/JsHO93F96tKcR397kTdJYr5crF4ssq1J2dH0fZs37bJsu3SVlt9V9vlrbbOlbo28Eodrd7D7e5pqmx7vm/bdNl2paet3/stAE688986P9r8V/MfzQ+av23ea75y7odnv3v2xdGc+duZ7zUmRr5ef7H2l3yQX21//gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD695bffuT/fai0s7ai02+13BzSd5kr358yO8aQvPJUMa8ijSU5G5v/XbrerLbWTEM/elXbhbNqfrZ8/7j/ZGkn6NV3t3fLeUObPEF+UgGNxc+XBmzeX337n24sP5l9feH3h4ezMzOzE7MzL0zfvLrYWJjqPw44S+Dxs3/SHHQkAAAAAAAAAAABwUEfzfwaaSQbvM/js545zqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApNTeexuPUMjlxY6JY31ifbhVLt769ZyNJPUntl0ntw+RWOkvGerqrDTrPo8XZ1z76ZOPjrb7aI92m+l7HHcxateRakpGqPKr+bn/m/mpbIywSdr2bOBi2/wcAAP//8aAC9g==")
llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0)
program did not crash
program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x65e, &(0x7f00000008c0)="$eJzs3U9sHFcdB/DvrjdONpTUTZM2RZUSNRIgLBL/kQvmQkAI+VChqhw4W4nTWNmkxXaRWyHq8vfaQ8S5HHzjhMQ9UrlwgVuvPlZCcOkFc1o0s7P2xt71n9b12u3nE82+N/Nm3vzeb9/s7K4VbYAvrbnxNB6nlrnxV1aL9Y316dbG+vSDbj3J2ST1pNEpUvtvu93+MLmVzpIXio1Vd7Ud3Te6lUeLs6999MnGx9ubG939632OO6S1asm1JCNVeVT93d6vv3P7dVfbGmGRsOvdxMGwnUnSLv37UWfLz//+1FZLj2a/o/ed+cApUOvcN3cZS85XF3rxPqBzV+zcs0+1tWEHAAAAAMfg6c1sZjUXhh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnCbV7//XqqXerV9Lrfv7/6PVtlT1k+Xq4XZ//HnFAQAAAAAAAADH6OpmNrOaC931dq38m/9L5cql4uFM8laWs5Cl3Mhq5rOSlSxlMslYT0ejq/MrK0uTvUfmK32PnOp75NQ+gZ6tyuYRDRwAAAAAAAAAvlh+nbntv/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBJUEtGOkW5XOrWx1JvJDmXZLTYby35Z7d+mj0edgAAAABwDJ7ezGZWc6G73q6Vn/mfKz/3n8tbeZiVLGYlrSzkTvldQOdTf31jfbq1sT79oFh29/uD/xwqjLLHdL576H/mK+UezdzNYrnlRm7njbRyJ/XyyMKVbjz943qviKn2/coBI7tTlcXI36/KXd491GAHOeSXKWNlRs5sZWSiiq3IxjN7Z+KQz87OM02mvhXspR1nGn1yHJ8q5+ershjP7wflfCh2ZmKqZ/Y9t3fOk2/89c8/u9d6eP/e3eXxkzOkva1V5UhVtsvH5u5MTPdk4vkvYiYGmigzcXlrfS4/zk8znmt5NUtZzC8yn5Us5Fp+VNbmq/lc67nkB2Tq1hNrr+4XyWg1QztP1uFieqk89kIW85O8kTtZyMvlv6lM5juZyUxme57hywd4pa0PuOrbX+0b/PVvVpVmkj9U5clQ5PWZnrz2vuaOlW29W7azdPHo70eNr1WV4hy/qcqTYWcmJnsy8ezemfhT+bKy3Hp4f+ne/JsHO93F96tKcR397kTdJYr5crF4ssq1J2dH0fZs37bJsu3SVlt9V9vlrbbOlbo28Eodrd7D7e5pqmx7vm/bdNl2paet3/stAE688986P9r8V/MfzQ+av23ea75y7odnv3v2xdGc+duZ7zUmRr5ef7H2l3yQX21//gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD695bffuT/fai0s7ai02+13BzSd5kr358yO8aQvPJUMa8ijSU5G5v/XbrerLbWTEM/elXbhbNqfrZ8/7j/ZGkn6NV3t3fLeUObPEF+UgGNxc+XBmzeX337n24sP5l9feH3h4ezMzOzE7MzL0zfvLrYWJjqPw44S+Dxs3/SHHQkAAAAAAAAAAABwUEfzfwaaSQbvM/js545zqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApNTeexuPUMjlxY6JY31ifbhVLt769ZyNJPUntl0ntw+RWOkvGerqrDTrPo8XZ1z76ZOPjrb7aI92m+l7HHcxateRakpGqPKr+bn/m/mpbIywSdr2bOBi2/wcAAP//8aAC9g==")
llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0)
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x65e, &(0x7f00000008c0)="$eJzs3U9sHFcdB/DvrjdONpTUTZM2RZUSNRIgLBL/kQvmQkAI+VChqhw4W4nTWNmkxXaRWyHq8vfaQ8S5HHzjhMQ9UrlwgVuvPlZCcOkFc1o0s7P2xt71n9b12u3nE82+N/Nm3vzeb9/s7K4VbYAvrbnxNB6nlrnxV1aL9Y316dbG+vSDbj3J2ST1pNEpUvtvu93+MLmVzpIXio1Vd7Ud3Te6lUeLs6999MnGx9ubG939632OO6S1asm1JCNVeVT93d6vv3P7dVfbGmGRsOvdxMGwnUnSLv37UWfLz//+1FZLj2a/o/ed+cApUOvcN3cZS85XF3rxPqBzV+zcs0+1tWEHAAAAAMfg6c1sZjUXhh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnCbV7//XqqXerV9Lrfv7/6PVtlT1k+Xq4XZ//HnFAQAAAAAAAADH6OpmNrOaC931dq38m/9L5cql4uFM8laWs5Cl3Mhq5rOSlSxlMslYT0ejq/MrK0uTvUfmK32PnOp75NQ+gZ6tyuYRDRwAAAAAAAAAvlh+nbntv/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBJUEtGOkW5XOrWx1JvJDmXZLTYby35Z7d+mj0edgAAAABwDJ7ezGZWc6G73q6Vn/mfKz/3n8tbeZiVLGYlrSzkTvldQOdTf31jfbq1sT79oFh29/uD/xwqjLLHdL576H/mK+UezdzNYrnlRm7njbRyJ/XyyMKVbjz943qviKn2/coBI7tTlcXI36/KXd491GAHOeSXKWNlRs5sZWSiiq3IxjN7Z+KQz87OM02mvhXspR1nGn1yHJ8q5+ershjP7wflfCh2ZmKqZ/Y9t3fOk2/89c8/u9d6eP/e3eXxkzOkva1V5UhVtsvH5u5MTPdk4vkvYiYGmigzcXlrfS4/zk8znmt5NUtZzC8yn5Us5Fp+VNbmq/lc67nkB2Tq1hNrr+4XyWg1QztP1uFieqk89kIW85O8kTtZyMvlv6lM5juZyUxme57hywd4pa0PuOrbX+0b/PVvVpVmkj9U5clQ5PWZnrz2vuaOlW29W7azdPHo70eNr1WV4hy/qcqTYWcmJnsy8ezemfhT+bKy3Hp4f+ne/JsHO93F96tKcR397kTdJYr5crF4ssq1J2dH0fZs37bJsu3SVlt9V9vlrbbOlbo28Eodrd7D7e5pqmx7vm/bdNl2paet3/stAE688986P9r8V/MfzQ+av23ea75y7odnv3v2xdGc+duZ7zUmRr5ef7H2l3yQX21//gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD695bffuT/fai0s7ai02+13BzSd5kr358yO8aQvPJUMa8ijSU5G5v/XbrerLbWTEM/elXbhbNqfrZ8/7j/ZGkn6NV3t3fLeUObPEF+UgGNxc+XBmzeX337n24sP5l9feH3h4ezMzOzE7MzL0zfvLrYWJjqPw44S+Dxs3/SHHQkAAAAAAAAAAABwUEfzfwaaSQbvM/js545zqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApNTeexuPUMjlxY6JY31ifbhVLt769ZyNJPUntl0ntw+RWOkvGerqrDTrPo8XZ1z76ZOPjrb7aI92m+l7HHcxateRakpGqPKr+bn/m/mpbIywSdr2bOBi2/wcAAP//8aAC9g==")
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): llistxattr
detailed listing:
executing program 0:
llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', 0x3000c00, &(0x7f0000000200)=ANY=[], 0x1, 0x65e, &(0x7f00000008c0)="$eJzs3U9sHFcdB/DvrjdONpTUTZM2RZUSNRIgLBL/kQvmQkAI+VChqhw4W4nTWNmkxXaRWyHq8vfaQ8S5HHzjhMQ9UrlwgVuvPlZCcOkFc1o0s7P2xt71n9b12u3nE82+N/Nm3vzeb9/s7K4VbYAvrbnxNB6nlrnxV1aL9Y316dbG+vSDbj3J2ST1pNEpUvtvu93+MLmVzpIXio1Vd7Ud3Te6lUeLs6999MnGx9ubG939632OO6S1asm1JCNVeVT93d6vv3P7dVfbGmGRsOvdxMGwnUnSLv37UWfLz//+1FZLj2a/o/ed+cApUOvcN3cZS85XF3rxPqBzV+zcs0+1tWEHAAAAAMfg6c1sZjUXhh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnCbV7//XqqXerV9Lrfv7/6PVtlT1k+Xq4XZ//HnFAQAAAAAAAADH6OpmNrOaC931dq38m/9L5cql4uFM8laWs5Cl3Mhq5rOSlSxlMslYT0ejq/MrK0uTvUfmK32PnOp75NQ+gZ6tyuYRDRwAAAAAAAAAvlh+nbntv/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBJUEtGOkW5XOrWx1JvJDmXZLTYby35Z7d+mj0edgAAAABwDJ7ezGZWc6G73q6Vn/mfKz/3n8tbeZiVLGYlrSzkTvldQOdTf31jfbq1sT79oFh29/uD/xwqjLLHdL576H/mK+UezdzNYrnlRm7njbRyJ/XyyMKVbjz943qviKn2/coBI7tTlcXI36/KXd491GAHOeSXKWNlRs5sZWSiiq3IxjN7Z+KQz87OM02mvhXspR1nGn1yHJ8q5+ershjP7wflfCh2ZmKqZ/Y9t3fOk2/89c8/u9d6eP/e3eXxkzOkva1V5UhVtsvH5u5MTPdk4vkvYiYGmigzcXlrfS4/zk8znmt5NUtZzC8yn5Us5Fp+VNbmq/lc67nkB2Tq1hNrr+4XyWg1QztP1uFieqk89kIW85O8kTtZyMvlv6lM5juZyUxme57hywd4pa0PuOrbX+0b/PVvVpVmkj9U5clQ5PWZnrz2vuaOlW29W7azdPHo70eNr1WV4hy/qcqTYWcmJnsy8ezemfhT+bKy3Hp4f+ne/JsHO93F96tKcR397kTdJYr5crF4ssq1J2dH0fZs37bJsu3SVlt9V9vlrbbOlbo28Eodrd7D7e5pqmx7vm/bdNl2paet3/stAE688986P9r8V/MfzQ+av23ea75y7odnv3v2xdGc+duZ7zUmRr5ef7H2l3yQX21//gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD695bffuT/fai0s7ai02+13BzSd5kr358yO8aQvPJUMa8ijSU5G5v/XbrerLbWTEM/elXbhbNqfrZ8/7j/ZGkn6NV3t3fLeUObPEF+UgGNxc+XBmzeX337n24sP5l9feH3h4ezMzOzE7MzL0zfvLrYWJjqPw44S+Dxs3/SHHQkAAAAAAAAAAABwUEfzfwaaSQbvM/js545zqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApNTeexuPUMjlxY6JY31ifbhVLt769ZyNJPUntl0ntw+RWOkvGerqrDTrPo8XZ1z76ZOPjrb7aI92m+l7HHcxateRakpGqPKr+bn/m/mpbIywSdr2bOBi2/wcAAP//8aAC9g==")
llistxattr(0x0, 0x0, 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-llistxattr
program crashed: KASAN: slab-out-of-bounds Read in hfsplus_uni2asc
reproducing took 35m3.83795667s
repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 1024
==================================================================
BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x680/0x1270 fs/hfsplus/unicode.c:179
Read of size 2 at addr ffff88802fdf8218 by task syz-executor852/5823
CPU: 1 UID: 0 PID: 5823 Comm: syz-executor852 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0xd2/0x2b0 mm/kasan/report.c:521
kasan_report+0x118/0x150 mm/kasan/report.c:634
hfsplus_uni2asc+0x680/0x1270 fs/hfsplus/unicode.c:179
hfsplus_listxattr+0x58e/0xb80 fs/hfsplus/xattr.c:734
vfs_listxattr fs/xattr.c:493 [inline]
listxattr+0x10d/0x2a0 fs/xattr.c:924
filename_listxattr fs/xattr.c:958 [inline]
path_listxattrat+0x179/0x3a0 fs/xattr.c:988
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f687e773a99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffce7f273f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f687e773a99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
RBP: 00007f687e7e75f0 R08: 0000000000000658 R09: 0000555579a394c0
R10: 00007ffce7f272c0 R11: 0000000000000246 R12: 00007ffce7f27420
R13: 00007ffce7f27648 R14: 431bde82d7b634db R15: 00007f687e7bc03b
Allocated by task 5823:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394
kasan_kmalloc include/linux/kasan.h:260 [inline]
__do_kmalloc_node mm/slub.c:4328 [inline]
__kmalloc_noprof+0x27a/0x4f0 mm/slub.c:4340
kmalloc_noprof include/linux/slab.h:909 [inline]
hfsplus_find_init+0x8c/0x1d0 fs/hfsplus/bfind.c:21
hfsplus_listxattr+0x38f/0xb80 fs/hfsplus/xattr.c:693
vfs_listxattr fs/xattr.c:493 [inline]
listxattr+0x10d/0x2a0 fs/xattr.c:924
filename_listxattr fs/xattr.c:958 [inline]
path_listxattrat+0x179/0x3a0 fs/xattr.c:988
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The buggy address belongs to the object at ffff88802fdf8000
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 0 bytes to the right of
allocated 536-byte region [ffff88802fdf8000, ffff88802fdf8218)
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2fdf8
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801a441dc0 ffffea0000a58c00 dead000000000002
raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88801a441dc0 ffffea0000a58c00 dead000000000002
head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
head: 00fff00000000003 ffffea0000bf7e01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 21461666242, free_ts 0
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1704
prep_new_page mm/page_alloc.c:1712 [inline]
get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3669
__alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:4959
alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2419
alloc_slab_page mm/slub.c:2451 [inline]
allocate_slab+0x8a/0x3b0 mm/slub.c:2619
new_slab mm/slub.c:2673 [inline]
___slab_alloc+0xbfc/0x1480 mm/slub.c:3859
__slab_alloc mm/slub.c:3949 [inline]
__slab_alloc_node mm/slub.c:4024 [inline]
slab_alloc_node mm/slub.c:4185 [inline]
__do_kmalloc_node mm/slub.c:4327 [inline]
__kmalloc_node_track_caller_noprof+0x2f8/0x4e0 mm/slub.c:4347
kmalloc_reserve+0x136/0x290 net/core/skbuff.c:601
pskb_expand_head+0x18e/0x1150 net/core/skbuff.c:2241
netlink_trim+0x1d5/0x2e0 net/netlink/af_netlink.c:1295
netlink_broadcast_filtered+0x80/0x1140 net/netlink/af_netlink.c:1501
nlmsg_multicast_filtered include/net/netlink.h:1151 [inline]
nlmsg_multicast include/net/netlink.h:1170 [inline]
genlmsg_mcast net/netlink/genetlink.c:1953 [inline]
genlmsg_multicast_allns+0x2fe/0x500 net/netlink/genetlink.c:1977
genl_ctrl_event+0x7e3/0xa80 net/netlink/genetlink.c:1508
genl_register_family+0x12a8/0x16e0 net/netlink/genetlink.c:830
ip_vs_genl_register net/netfilter/ipvs/ip_vs_ctl.c:4251 [inline]
ip_vs_register_nl_ioctl+0x32/0x90 net/netfilter/ipvs/ip_vs_ctl.c:4512
ip_vs_init+0xc3/0x110 net/netfilter/ipvs/ip_vs_core.c:2416
page_owner free stack trace missing
Memory state around the buggy address:
ffff88802fdf8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff88802fdf8180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88802fdf8200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff88802fdf8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88802fdf8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
final repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 1024
==================================================================
BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x680/0x1270 fs/hfsplus/unicode.c:179
Read of size 2 at addr ffff88802fdf8218 by task syz-executor852/5823
CPU: 1 UID: 0 PID: 5823 Comm: syz-executor852 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0xd2/0x2b0 mm/kasan/report.c:521
kasan_report+0x118/0x150 mm/kasan/report.c:634
hfsplus_uni2asc+0x680/0x1270 fs/hfsplus/unicode.c:179
hfsplus_listxattr+0x58e/0xb80 fs/hfsplus/xattr.c:734
vfs_listxattr fs/xattr.c:493 [inline]
listxattr+0x10d/0x2a0 fs/xattr.c:924
filename_listxattr fs/xattr.c:958 [inline]
path_listxattrat+0x179/0x3a0 fs/xattr.c:988
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f687e773a99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffce7f273f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f687e773a99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
RBP: 00007f687e7e75f0 R08: 0000000000000658 R09: 0000555579a394c0
R10: 00007ffce7f272c0 R11: 0000000000000246 R12: 00007ffce7f27420
R13: 00007ffce7f27648 R14: 431bde82d7b634db R15: 00007f687e7bc03b
Allocated by task 5823:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394
kasan_kmalloc include/linux/kasan.h:260 [inline]
__do_kmalloc_node mm/slub.c:4328 [inline]
__kmalloc_noprof+0x27a/0x4f0 mm/slub.c:4340
kmalloc_noprof include/linux/slab.h:909 [inline]
hfsplus_find_init+0x8c/0x1d0 fs/hfsplus/bfind.c:21
hfsplus_listxattr+0x38f/0xb80 fs/hfsplus/xattr.c:693
vfs_listxattr fs/xattr.c:493 [inline]
listxattr+0x10d/0x2a0 fs/xattr.c:924
filename_listxattr fs/xattr.c:958 [inline]
path_listxattrat+0x179/0x3a0 fs/xattr.c:988
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The buggy address belongs to the object at ffff88802fdf8000
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 0 bytes to the right of
allocated 536-byte region [ffff88802fdf8000, ffff88802fdf8218)
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2fdf8
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801a441dc0 ffffea0000a58c00 dead000000000002
raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88801a441dc0 ffffea0000a58c00 dead000000000002
head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
head: 00fff00000000003 ffffea0000bf7e01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 21461666242, free_ts 0
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1704
prep_new_page mm/page_alloc.c:1712 [inline]
get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3669
__alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:4959
alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2419
alloc_slab_page mm/slub.c:2451 [inline]
allocate_slab+0x8a/0x3b0 mm/slub.c:2619
new_slab mm/slub.c:2673 [inline]
___slab_alloc+0xbfc/0x1480 mm/slub.c:3859
__slab_alloc mm/slub.c:3949 [inline]
__slab_alloc_node mm/slub.c:4024 [inline]
slab_alloc_node mm/slub.c:4185 [inline]
__do_kmalloc_node mm/slub.c:4327 [inline]
__kmalloc_node_track_caller_noprof+0x2f8/0x4e0 mm/slub.c:4347
kmalloc_reserve+0x136/0x290 net/core/skbuff.c:601
pskb_expand_head+0x18e/0x1150 net/core/skbuff.c:2241
netlink_trim+0x1d5/0x2e0 net/netlink/af_netlink.c:1295
netlink_broadcast_filtered+0x80/0x1140 net/netlink/af_netlink.c:1501
nlmsg_multicast_filtered include/net/netlink.h:1151 [inline]
nlmsg_multicast include/net/netlink.h:1170 [inline]
genlmsg_mcast net/netlink/genetlink.c:1953 [inline]
genlmsg_multicast_allns+0x2fe/0x500 net/netlink/genetlink.c:1977
genl_ctrl_event+0x7e3/0xa80 net/netlink/genetlink.c:1508
genl_register_family+0x12a8/0x16e0 net/netlink/genetlink.c:830
ip_vs_genl_register net/netfilter/ipvs/ip_vs_ctl.c:4251 [inline]
ip_vs_register_nl_ioctl+0x32/0x90 net/netfilter/ipvs/ip_vs_ctl.c:4512
ip_vs_init+0xc3/0x110 net/netfilter/ipvs/ip_vs_core.c:2416
page_owner free stack trace missing
Memory state around the buggy address:
ffff88802fdf8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff88802fdf8180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88802fdf8200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff88802fdf8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88802fdf8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================