loop1: detected capacity change from 0 to 64
==================================================================
BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x453/0x970
Write of size 1 at addr ffff8880231324ce by task syz-executor.1/3697

CPU: 0 PID: 3697 Comm: syz-executor.1 Not tainted 6.1.0-rc4-syzkaller-00074-g8d824e69d9f3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 dump_stack_lvl+0x1b1/0x28e
 print_report+0x15f/0x4c0
 kasan_report+0xca/0x100
 hfs_asc2mac+0x453/0x970
 hfs_cat_build_key+0x93/0x170
 hfs_lookup+0x1ab/0x2c0
 path_openat+0x10e4/0x2e50
 do_filp_open+0x269/0x500
 do_sys_openat2+0x124/0x4e0
 __x64_sys_open+0x221/0x270
 do_syscall_64+0x3d/0xb0
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f102587c919
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f10266a80c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f102599bf80 RCX: 00007f102587c919
RDX: 0000000000000100 RSI: 0000000000002000 RDI: 0000000020000800
RBP: 00007f10258d8ad0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f102599bf80 R15: 00007ffc7e8a2958
 </TASK>

Allocated by task 3697:
 kasan_set_track+0x3c/0x60
 __kasan_kmalloc+0x97/0xb0
 __kmalloc+0xaf/0x1a0
 hfs_find_init+0x8c/0x1e0
 hfs_lookup+0x105/0x2c0
 path_openat+0x10e4/0x2e50
 do_filp_open+0x269/0x500
 do_sys_openat2+0x124/0x4e0
 __x64_sys_open+0x221/0x270
 do_syscall_64+0x3d/0xb0
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

The buggy address belongs to the object at ffff888023132480
 which belongs to the cache kmalloc-96 of size 96
The buggy address is located 78 bytes inside of
 96-byte region [ffff888023132480, ffff8880231324e0)

The buggy address belongs to the physical page:
page:ffffea00008c4c80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23132
flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888012041780
raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 3696, tgid 3696 (syz-executor.1), ts 63307119096, free_ts 63057197903
 get_page_from_freelist+0x34b2/0x3640
 __alloc_pages+0x28d/0x7e0
 alloc_slab_page+0x3b/0xe0
 new_slab+0x84/0x2d0
 ___slab_alloc+0x9f3/0xff0
 __kmem_cache_alloc_node+0x19f/0x260
 __kmalloc+0x9e/0x1a0
 tomoyo_encode+0x26b/0x530
 tomoyo_realpath_from_path+0x594/0x5d0
 tomoyo_path_perm+0x216/0x680
 tomoyo_path_symlink+0xda/0x110
 security_path_symlink+0xd9/0x130
 do_symlinkat+0x11a/0x600
 __x64_sys_symlinkat+0x95/0xa0
 do_syscall_64+0x3d/0xb0
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
page last free stack trace:
 free_unref_page_prepare+0xfb8/0x1160
 free_unref_page+0x99/0x520
 __mmdrop+0xb2/0x3e0
 finish_task_switch+0x221/0x630
 __schedule+0x1304/0x42e0
 schedule+0xbf/0x180
 schedule_timeout+0x98/0x2f0
 do_wait_for_common+0x441/0x5e0
 wait_for_completion_state+0x48/0x70
 call_usermodehelper_exec+0x29b/0x470
 __request_module+0x46f/0xac0
 dev_ioctl+0x3a5/0xf20
 sock_do_ioctl+0x193/0x370
 sock_ioctl+0x488/0x6e0
 __se_sys_ioctl+0xf1/0x160
 do_syscall_64+0x3d/0xb0

Memory state around the buggy address:
 ffff888023132380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
 ffff888023132400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff888023132480: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
                                              ^
 ffff888023132500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888023132580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
