Extracting prog: 3m21.488416564s
Minimizing prog: 25m6.195858044s
Simplifying prog options: 0s
Extracting C: 52.241358163s
Simplifying C: 6m50.011529073s
1 programs, timeouts [30s 6m0s]
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002380)='./file0\x00', 0x4040, &(0x7f00000023c0)=ANY=[], 0x3, 0x6ed, &(0x7f0000000900)="$eJzs3U1sHGcZAOB31uv1roHUadOkoEhdNVJBWCR2jAvmQkAIfKhQVQ6cV4nTWNk4le0iJ0LU4efOoQfEqRx8qzigco8EZ6pKqFcfOFRC6qUn34xmdmZ3bY9314lju/R5rJn5Zr7feWdnZn9kTQBfWovTUX0cSSxOv76Rrm9vzbXHtuYm8ux2RNQiohJR7SwiWcnzvno5bqTLr6cb823JYf28t7zw5iefb3/aWavmU1Y+GVSvRO3gps18imZEjOXLg8YPafHD/d3vae/moe2NqreHacCu5MuIPz9Vq/DUdg/Y7OZ98O9sPqj6Uc5b4IxKOvfNA6YiJiOiHhHZe4L86lA52dEdv83THgAAAAAcVePoVZ7biZ3YiHPPYjgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/yp//n+ST5Ui3YykeP5/Ld8WefoMGv4gxI8nOsvHz34wAAAAAAAAAPDMvbwTO7ER54r13ST7zf+Vvt/4vxLvxFosxWpcjY1oxXqsx2rMRsRUX0O1jdb6+upsVjPiwoCa1+OjkprXDx/jjWPeZwAAAAAAAAA44+pD8u+OH9z221js/f4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnQRIx1llk04UiPRWVakTUi3KbER9FRO10R3skSdnGxyc/DgAAAHgq9b2rSX2EOs+9GzuxEeeK9d0k+8x/Mfu8XI93YiXWYznWox1LcSv/DJ1+6q9sb821t7fm7qXTwXZ/9NmRhp61GJ3vHsp7fikr0YjbsZxtuRo3I4ndTCVv5aXtrbl0ea98XI/SMSU/zA0YzVhf+lY6u/Rhlv7j3m8RqkfaxSdUOTRnKssd70ZkJh9bWuN8EYHySAw9OtWBPc1GpfvNz4XBPZXH/NHg3if3lSr95uZU7I/E9ah0j9DFwZGI+ObfP/jlnfbK3Tu316bPzi6VendoiW4kvltcZnqRuDRyJBrHPfBTMJPt+4vd9cX4afwipuOziTdiNZbjV9GK9VhqFvmt/PWczqcGR+rjyf61N4aNJD0nm93rV9mYmrFnTNGMn2SpVrySHdNzsRxJ3I+IpXgt+7ses92rQe8IvzjCWV8Z4Urb58q3skU3TDHgtfHX0Zo8Lmlcz/fFtf+aO5Xl9W/pRen50igV97rR70d9qt/IE2kLvxt4fzhp+yMx2xeJFw57vXRC+pfddL7WXrm7eqf19oj9vZov0/PoD2fqLlGLR/F81POdO5/Nk+ycmsmO/gvdO+zeeNXyX1w6Kvvzfvanbr3OmfrzuB+39pyp34v5mI+FrKWLWenxA3esNO9St6X+vLksL32nVe3+sNP/fut+tDvvhwA42ya/PVlr/Lfxr8b7jd837jRer/944vsTl2sx/s/xH1Rnxl6tXE7+Fu/Hb3qf/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCe39uDh3Va7vbRanqiUZyWDa7Xau8WDxAaU2ZNI8kfljFA4WXvwcHdog4MTE/nwnrD6cSaKx6gNL9x8hsNINvcfr/rwY1E85WmELpIDAU8rP/GYi557W8bPwKHcn2geX4PFC7Yva/RX73++1qncKDteYxFRVmvIhWNsT4vAF9C19XtvX1t78PA7y/daby29tbQyPj+/MLMw/9rctdvL7aWZzryvwok8/BY4Cf1vJ7pqEfHy8Lpu/gAAAAAAAAAAAHA6TuJ/IU57HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAvtsXpqD6OJGZnrs6k69tbc+10KtK9ktWIqERE8uuI5B8RN6IzxVRfc8lh/by3vPDmJ59vf9prq1qUr0RsHlpvNJv5FM2IGMuXx9XezeHt1XrJiZLspBuZNGBXisDBaftfAAAA//+o7+kR")
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002380)='./file0\x00', 0x4040, &(0x7f00000023c0)=ANY=[], 0x3, 0x6ed, &(0x7f0000000900)="$eJzs3U1sHGcZAOB31uv1roHUadOkoEhdNVJBWCR2jAvmQkAIfKhQVQ6cV4nTWNk4le0iJ0LU4efOoQfEqRx8qzigco8EZ6pKqFcfOFRC6qUn34xmdmZ3bY9314lju/R5rJn5Zr7feWdnZn9kTQBfWovTUX0cSSxOv76Rrm9vzbXHtuYm8ux2RNQiohJR7SwiWcnzvno5bqTLr6cb823JYf28t7zw5iefb3/aWavmU1Y+GVSvRO3gps18imZEjOXLg8YPafHD/d3vae/moe2NqreHacCu5MuIPz9Vq/DUdg/Y7OZ98O9sPqj6Uc5b4IxKOvfNA6YiJiOiHhHZe4L86lA52dEdv83THgAAAAAcVePoVZ7biZ3YiHPPYjgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/yp//n+ST5Ui3YykeP5/Ld8WefoMGv4gxI8nOsvHz34wAAAAAAAAAPDMvbwTO7ER54r13ST7zf+Vvt/4vxLvxFosxWpcjY1oxXqsx2rMRsRUX0O1jdb6+upsVjPiwoCa1+OjkprXDx/jjWPeZwAAAAAAAAA44+pD8u+OH9z221js/f4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnQRIx1llk04UiPRWVakTUi3KbER9FRO10R3skSdnGxyc/DgAAAHgq9b2rSX2EOs+9GzuxEeeK9d0k+8x/Mfu8XI93YiXWYznWox1LcSv/DJ1+6q9sb821t7fm7qXTwXZ/9NmRhp61GJ3vHsp7fikr0YjbsZxtuRo3I4ndTCVv5aXtrbl0ea98XI/SMSU/zA0YzVhf+lY6u/Rhlv7j3m8RqkfaxSdUOTRnKssd70ZkJh9bWuN8EYHySAw9OtWBPc1GpfvNz4XBPZXH/NHg3if3lSr95uZU7I/E9ah0j9DFwZGI+ObfP/jlnfbK3Tu316bPzi6VendoiW4kvltcZnqRuDRyJBrHPfBTMJPt+4vd9cX4afwipuOziTdiNZbjV9GK9VhqFvmt/PWczqcGR+rjyf61N4aNJD0nm93rV9mYmrFnTNGMn2SpVrySHdNzsRxJ3I+IpXgt+7ses92rQe8IvzjCWV8Z4Urb58q3skU3TDHgtfHX0Zo8Lmlcz/fFtf+aO5Xl9W/pRen50igV97rR70d9qt/IE2kLvxt4fzhp+yMx2xeJFw57vXRC+pfddL7WXrm7eqf19oj9vZov0/PoD2fqLlGLR/F81POdO5/Nk+ycmsmO/gvdO+zeeNXyX1w6Kvvzfvanbr3OmfrzuB+39pyp34v5mI+FrKWLWenxA3esNO9St6X+vLksL32nVe3+sNP/fut+tDvvhwA42ya/PVlr/Lfxr8b7jd837jRer/944vsTl2sx/s/xH1Rnxl6tXE7+Fu/Hb3qf/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCe39uDh3Va7vbRanqiUZyWDa7Xau8WDxAaU2ZNI8kfljFA4WXvwcHdog4MTE/nwnrD6cSaKx6gNL9x8hsNINvcfr/rwY1E85WmELpIDAU8rP/GYi557W8bPwKHcn2geX4PFC7Yva/RX73++1qncKDteYxFRVmvIhWNsT4vAF9C19XtvX1t78PA7y/daby29tbQyPj+/MLMw/9rctdvL7aWZzryvwok8/BY4Cf1vJ7pqEfHy8Lpu/gAAAAAAAAAAAHA6TuJ/IU57HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAvtsXpqD6OJGZnrs6k69tbc+10KtK9ktWIqERE8uuI5B8RN6IzxVRfc8lh/by3vPDmJ59vf9prq1qUr0RsHlpvNJv5FM2IGMuXx9XezeHt1XrJiZLspBuZNGBXisDBaftfAAAA//+o7+kR")
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002380)='./file0\x00', 0x4040, &(0x7f00000023c0)=ANY=[], 0x3, 0x6ed, &(0x7f0000000900)="$eJzs3U1sHGcZAOB31uv1roHUadOkoEhdNVJBWCR2jAvmQkAIfKhQVQ6cV4nTWNk4le0iJ0LU4efOoQfEqRx8qzigco8EZ6pKqFcfOFRC6qUn34xmdmZ3bY9314lju/R5rJn5Zr7feWdnZn9kTQBfWovTUX0cSSxOv76Rrm9vzbXHtuYm8ux2RNQiohJR7SwiWcnzvno5bqTLr6cb823JYf28t7zw5iefb3/aWavmU1Y+GVSvRO3gps18imZEjOXLg8YPafHD/d3vae/moe2NqreHacCu5MuIPz9Vq/DUdg/Y7OZ98O9sPqj6Uc5b4IxKOvfNA6YiJiOiHhHZe4L86lA52dEdv83THgAAAAAcVePoVZ7biZ3YiHPPYjgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/yp//n+ST5Ui3YykeP5/Ld8WefoMGv4gxI8nOsvHz34wAAAAAAAAAPDMvbwTO7ER54r13ST7zf+Vvt/4vxLvxFosxWpcjY1oxXqsx2rMRsRUX0O1jdb6+upsVjPiwoCa1+OjkprXDx/jjWPeZwAAAAAAAAA44+pD8u+OH9z221js/f4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnQRIx1llk04UiPRWVakTUi3KbER9FRO10R3skSdnGxyc/DgAAAHgq9b2rSX2EOs+9GzuxEeeK9d0k+8x/Mfu8XI93YiXWYznWox1LcSv/DJ1+6q9sb821t7fm7qXTwXZ/9NmRhp61GJ3vHsp7fikr0YjbsZxtuRo3I4ndTCVv5aXtrbl0ea98XI/SMSU/zA0YzVhf+lY6u/Rhlv7j3m8RqkfaxSdUOTRnKssd70ZkJh9bWuN8EYHySAw9OtWBPc1GpfvNz4XBPZXH/NHg3if3lSr95uZU7I/E9ah0j9DFwZGI+ObfP/jlnfbK3Tu316bPzi6VendoiW4kvltcZnqRuDRyJBrHPfBTMJPt+4vd9cX4afwipuOziTdiNZbjV9GK9VhqFvmt/PWczqcGR+rjyf61N4aNJD0nm93rV9mYmrFnTNGMn2SpVrySHdNzsRxJ3I+IpXgt+7ses92rQe8IvzjCWV8Z4Urb58q3skU3TDHgtfHX0Zo8Lmlcz/fFtf+aO5Xl9W/pRen50igV97rR70d9qt/IE2kLvxt4fzhp+yMx2xeJFw57vXRC+pfddL7WXrm7eqf19oj9vZov0/PoD2fqLlGLR/F81POdO5/Nk+ycmsmO/gvdO+zeeNXyX1w6Kvvzfvanbr3OmfrzuB+39pyp34v5mI+FrKWLWenxA3esNO9St6X+vLksL32nVe3+sNP/fut+tDvvhwA42ya/PVlr/Lfxr8b7jd837jRer/944vsTl2sx/s/xH1Rnxl6tXE7+Fu/Hb3qf/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCe39uDh3Va7vbRanqiUZyWDa7Xau8WDxAaU2ZNI8kfljFA4WXvwcHdog4MTE/nwnrD6cSaKx6gNL9x8hsNINvcfr/rwY1E85WmELpIDAU8rP/GYi557W8bPwKHcn2geX4PFC7Yva/RX73++1qncKDteYxFRVmvIhWNsT4vAF9C19XtvX1t78PA7y/daby29tbQyPj+/MLMw/9rctdvL7aWZzryvwok8/BY4Cf1vJ7pqEfHy8Lpu/gAAAAAAAAAAAHA6TuJ/IU57HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAvtsXpqD6OJGZnrs6k69tbc+10KtK9ktWIqERE8uuI5B8RN6IzxVRfc8lh/by3vPDmJ59vf9prq1qUr0RsHlpvNJv5FM2IGMuXx9XezeHt1XrJiZLspBuZNGBXisDBaftfAAAA//+o7+kR")
syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-ioctl$LOOP_SET_BLOCK_SIZE
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002380)='./file0\x00', 0x4040, &(0x7f00000023c0)=ANY=[], 0x3, 0x6ed, &(0x7f0000000900)="$eJzs3U1sHGcZAOB31uv1roHUadOkoEhdNVJBWCR2jAvmQkAIfKhQVQ6cV4nTWNk4le0iJ0LU4efOoQfEqRx8qzigco8EZ6pKqFcfOFRC6qUn34xmdmZ3bY9314lju/R5rJn5Zr7feWdnZn9kTQBfWovTUX0cSSxOv76Rrm9vzbXHtuYm8ux2RNQiohJR7SwiWcnzvno5bqTLr6cb823JYf28t7zw5iefb3/aWavmU1Y+GVSvRO3gps18imZEjOXLg8YPafHD/d3vae/moe2NqreHacCu5MuIPz9Vq/DUdg/Y7OZ98O9sPqj6Uc5b4IxKOvfNA6YiJiOiHhHZe4L86lA52dEdv83THgAAAAAcVePoVZ7biZ3YiHPPYjgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/yp//n+ST5Ui3YykeP5/Ld8WefoMGv4gxI8nOsvHz34wAAAAAAAAAPDMvbwTO7ER54r13ST7zf+Vvt/4vxLvxFosxWpcjY1oxXqsx2rMRsRUX0O1jdb6+upsVjPiwoCa1+OjkprXDx/jjWPeZwAAAAAAAAA44+pD8u+OH9z221js/f4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnQRIx1llk04UiPRWVakTUi3KbER9FRO10R3skSdnGxyc/DgAAAHgq9b2rSX2EOs+9GzuxEeeK9d0k+8x/Mfu8XI93YiXWYznWox1LcSv/DJ1+6q9sb821t7fm7qXTwXZ/9NmRhp61GJ3vHsp7fikr0YjbsZxtuRo3I4ndTCVv5aXtrbl0ea98XI/SMSU/zA0YzVhf+lY6u/Rhlv7j3m8RqkfaxSdUOTRnKssd70ZkJh9bWuN8EYHySAw9OtWBPc1GpfvNz4XBPZXH/NHg3if3lSr95uZU7I/E9ah0j9DFwZGI+ObfP/jlnfbK3Tu316bPzi6VendoiW4kvltcZnqRuDRyJBrHPfBTMJPt+4vd9cX4afwipuOziTdiNZbjV9GK9VhqFvmt/PWczqcGR+rjyf61N4aNJD0nm93rV9mYmrFnTNGMn2SpVrySHdNzsRxJ3I+IpXgt+7ses92rQe8IvzjCWV8Z4Urb58q3skU3TDHgtfHX0Zo8Lmlcz/fFtf+aO5Xl9W/pRen50igV97rR70d9qt/IE2kLvxt4fzhp+yMx2xeJFw57vXRC+pfddL7WXrm7eqf19oj9vZov0/PoD2fqLlGLR/F81POdO5/Nk+ycmsmO/gvdO+zeeNXyX1w6Kvvzfvanbr3OmfrzuB+39pyp34v5mI+FrKWLWenxA3esNO9St6X+vLksL32nVe3+sNP/fut+tDvvhwA42ya/PVlr/Lfxr8b7jd837jRer/944vsTl2sx/s/xH1Rnxl6tXE7+Fu/Hb3qf/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCe39uDh3Va7vbRanqiUZyWDa7Xau8WDxAaU2ZNI8kfljFA4WXvwcHdog4MTE/nwnrD6cSaKx6gNL9x8hsNINvcfr/rwY1E85WmELpIDAU8rP/GYi557W8bPwKHcn2geX4PFC7Yva/RX73++1qncKDteYxFRVmvIhWNsT4vAF9C19XtvX1t78PA7y/daby29tbQyPj+/MLMw/9rctdvL7aWZzryvwok8/BY4Cf1vJ7pqEfHy8Lpu/gAAAAAAAAAAAHA6TuJ/IU57HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAvtsXpqD6OJGZnrs6k69tbc+10KtK9ktWIqERE8uuI5B8RN6IzxVRfc8lh/by3vPDmJ59vf9prq1qUr0RsHlpvNJv5FM2IGMuXx9XezeHt1XrJiZLspBuZNGBXisDBaftfAAAA//+o7+kR")
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x4c09, 0x800)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000002380)='./file0\x00', 0x4040, &(0x7f00000023c0)=ANY=[], 0x3, 0x6ed, &(0x7f0000000900)="$eJzs3U1sHGcZAOB31uv1roHUadOkoEhdNVJBWCR2jAvmQkAIfKhQVQ6cV4nTWNk4le0iJ0LU4efOoQfEqRx8qzigco8EZ6pKqFcfOFRC6qUn34xmdmZ3bY9314lju/R5rJn5Zr7feWdnZn9kTQBfWovTUX0cSSxOv76Rrm9vzbXHtuYm8ux2RNQiohJR7SwiWcnzvno5bqTLr6cb823JYf28t7zw5iefb3/aWavmU1Y+GVSvRO3gps18imZEjOXLg8YPafHD/d3vae/moe2NqreHacCu5MuIPz9Vq/DUdg/Y7OZ98O9sPqj6Uc5b4IxKOvfNA6YiJiOiHhHZe4L86lA52dEdv83THgAAAAAcVePoVZ7biZ3YiHPPYjgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/yp//n+ST5Ui3YykeP5/Ld8WefoMGv4gxI8nOsvHz34wAAAAAAAAAPDMvbwTO7ER54r13ST7zf+Vvt/4vxLvxFosxWpcjY1oxXqsx2rMRsRUX0O1jdb6+upsVjPiwoCa1+OjkprXDx/jjWPeZwAAAAAAAAA44+pD8u+OH9z221js/f4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnQRIx1llk04UiPRWVakTUi3KbER9FRO10R3skSdnGxyc/DgAAAHgq9b2rSX2EOs+9GzuxEeeK9d0k+8x/Mfu8XI93YiXWYznWox1LcSv/DJ1+6q9sb821t7fm7qXTwXZ/9NmRhp61GJ3vHsp7fikr0YjbsZxtuRo3I4ndTCVv5aXtrbl0ea98XI/SMSU/zA0YzVhf+lY6u/Rhlv7j3m8RqkfaxSdUOTRnKssd70ZkJh9bWuN8EYHySAw9OtWBPc1GpfvNz4XBPZXH/NHg3if3lSr95uZU7I/E9ah0j9DFwZGI+ObfP/jlnfbK3Tu316bPzi6VendoiW4kvltcZnqRuDRyJBrHPfBTMJPt+4vd9cX4afwipuOziTdiNZbjV9GK9VhqFvmt/PWczqcGR+rjyf61N4aNJD0nm93rV9mYmrFnTNGMn2SpVrySHdNzsRxJ3I+IpXgt+7ses92rQe8IvzjCWV8Z4Urb58q3skU3TDHgtfHX0Zo8Lmlcz/fFtf+aO5Xl9W/pRen50igV97rR70d9qt/IE2kLvxt4fzhp+yMx2xeJFw57vXRC+pfddL7WXrm7eqf19oj9vZov0/PoD2fqLlGLR/F81POdO5/Nk+ycmsmO/gvdO+zeeNXyX1w6Kvvzfvanbr3OmfrzuB+39pyp34v5mI+FrKWLWenxA3esNO9St6X+vLksL32nVe3+sNP/fut+tDvvhwA42ya/PVlr/Lfxr8b7jd837jRer/944vsTl2sx/s/xH1Rnxl6tXE7+Fu/Hb3qf/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCe39uDh3Va7vbRanqiUZyWDa7Xau8WDxAaU2ZNI8kfljFA4WXvwcHdog4MTE/nwnrD6cSaKx6gNL9x8hsNINvcfr/rwY1E85WmELpIDAU8rP/GYi557W8bPwKHcn2geX4PFC7Yva/RX73++1qncKDteYxFRVmvIhWNsT4vAF9C19XtvX1t78PA7y/daby29tbQyPj+/MLMw/9rctdvL7aWZzryvwok8/BY4Cf1vJ7pqEfHy8Lpu/gAAAAAAAAAAAHA6TuJ/IU57HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAvtsXpqD6OJGZnrs6k69tbc+10KtK9ktWIqERE8uuI5B8RN6IzxVRfc8lh/by3vPDmJ59vf9prq1qUr0RsHlpvNJv5FM2IGMuXx9XezeHt1XrJiZLspBuZNGBXisDBaftfAAAA//+o7+kR")
r0 = syz_open_dev$loop(0x0, 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
reproducing took 36m9.937184538s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy_from_iter lib/iov_iter.c:73 [inline]
BUG: KASAN: slab-out-of-bounds in iterate_bvec include/linux/iov_iter.h:122 [inline]
BUG: KASAN: slab-out-of-bounds in iterate_and_advance2 include/linux/iov_iter.h:249 [inline]
BUG: KASAN: slab-out-of-bounds in iterate_and_advance include/linux/iov_iter.h:271 [inline]
BUG: KASAN: slab-out-of-bounds in __copy_from_iter lib/iov_iter.c:249 [inline]
BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x953/0x1aa0 lib/iov_iter.c:481
Read of size 2048 at addr ffff888011c43000 by task kworker/u4:6/1032
CPU: 0 UID: 0 PID: 1032 Comm: kworker/u4:6 Not tainted 6.11.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: loop0 loop_rootcg_workfn
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:93 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
__asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105
memcpy_from_iter lib/iov_iter.c:73 [inline]
iterate_bvec include/linux/iov_iter.h:122 [inline]
iterate_and_advance2 include/linux/iov_iter.h:249 [inline]
iterate_and_advance include/linux/iov_iter.h:271 [inline]
__copy_from_iter lib/iov_iter.c:249 [inline]
copy_page_from_iter_atomic+0x953/0x1aa0 lib/iov_iter.c:481
copy_folio_from_iter_atomic include/linux/uio.h:186 [inline]
generic_perform_write+0x4a1/0x840 mm/filemap.c:4032
shmem_file_write_iter+0xfc/0x120 mm/shmem.c:3074
do_iter_readv_writev+0x60a/0x890
vfs_iter_write+0x244/0x610 fs/read_write.c:895
lo_write_bvec drivers/block/loop.c:243 [inline]
lo_write_simple drivers/block/loop.c:264 [inline]
do_req_filebacked drivers/block/loop.c:511 [inline]
loop_handle_cmd drivers/block/loop.c:1910 [inline]
loop_process_work+0x143b/0x2180 drivers/block/loop.c:1945
process_one_work kernel/workqueue.c:3231 [inline]
process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
worker_thread+0x870/0xd30 kernel/workqueue.c:3393
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Allocated by task 5106:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slub.c:4162 [inline]
__kmalloc_noprof+0x1fc/0x400 mm/slub.c:4174
kmalloc_noprof include/linux/slab.h:685 [inline]
hfsplus_read_wrapper+0x465/0x12d0 fs/hfsplus/wrapper.c:179
hfsplus_fill_super+0x38e/0x1ca0 fs/hfsplus/super.c:419
mount_bdev+0x20a/0x2d0 fs/super.c:1679
legacy_get_tree+0xee/0x190 fs/fs_context.c:662
vfs_get_tree+0x90/0x2b0 fs/super.c:1800
do_new_mount+0x2be/0xb40 fs/namespace.c:3472
do_mount fs/namespace.c:3812 [inline]
__do_sys_mount fs/namespace.c:4020 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3997
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The buggy address belongs to the object at ffff888011c43000
which belongs to the cache kmalloc-512 of size 512
The buggy address is located 0 bytes inside of
allocated 512-byte region [ffff888011c43000, ffff888011c43200)
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888011c43c00 pfn:0x11c42
head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xfdffffff(slab)
raw: 00fff00000000040 ffff88801ac41c80 ffffea0000491700 0000000000000003
raw: ffff888011c43c00 0000000000080005 00000001fdffffff 0000000000000000
head: 00fff00000000040 ffff88801ac41c80 ffffea0000491700 0000000000000003
head: ffff888011c43c00 0000000000080005 00000001fdffffff 0000000000000000
head: 00fff00000000001 ffffea0000471081 ffffffffffffffff 0000000000000000
head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5107, tgid 5107 (udevd), ts 88733477374, free_ts 32125874846
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1500
prep_new_page mm/page_alloc.c:1508 [inline]
get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3446
__alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4702
__alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
alloc_slab_page+0x5f/0x120 mm/slub.c:2325
allocate_slab+0x5a/0x2f0 mm/slub.c:2488
new_slab mm/slub.c:2541 [inline]
___slab_alloc+0xcd1/0x14b0 mm/slub.c:3727
__slab_alloc+0x58/0xa0 mm/slub.c:3817
__slab_alloc_node mm/slub.c:3870 [inline]
slab_alloc_node mm/slub.c:4029 [inline]
__kmalloc_cache_noprof+0x1d5/0x2c0 mm/slub.c:4188
kmalloc_noprof include/linux/slab.h:681 [inline]
kzalloc_noprof include/linux/slab.h:807 [inline]
kernfs_fop_open+0x3e0/0xd10 fs/kernfs/file.c:623
do_dentry_open+0x970/0x1440 fs/open.c:959
vfs_open+0x3e/0x330 fs/open.c:1089
do_open fs/namei.c:3727 [inline]
path_openat+0x2b3e/0x3470 fs/namei.c:3886
do_filp_open+0x235/0x490 fs/namei.c:3913
do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
do_sys_open fs/open.c:1431 [inline]
__do_sys_openat fs/open.c:1447 [inline]
__se_sys_openat fs/open.c:1442 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1442
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
page last free pid 4597 tgid 4597 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1101 [inline]
free_unref_page+0xd22/0xea0 mm/page_alloc.c:2619
discard_slab mm/slub.c:2587 [inline]
__put_partials+0xeb/0x130 mm/slub.c:3055
put_cpu_partial+0x17c/0x250 mm/slub.c:3130
__slab_free+0x2ea/0x3d0 mm/slub.c:4347
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x9e/0x140 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:322
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slub.c:3992 [inline]
slab_alloc_node mm/slub.c:4041 [inline]
kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4048
getname_flags+0xb7/0x540 fs/namei.c:139
do_sys_openat2+0xd2/0x1d0 fs/open.c:1410
do_sys_open fs/open.c:1431 [inline]
__do_sys_openat fs/open.c:1447 [inline]
__se_sys_openat fs/open.c:1442 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1442
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Memory state around the buggy address:
ffff888011c43100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888011c43180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff888011c43200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff888011c43280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff888011c43300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy_from_iter lib/iov_iter.c:73 [inline]
BUG: KASAN: slab-out-of-bounds in iterate_bvec include/linux/iov_iter.h:122 [inline]
BUG: KASAN: slab-out-of-bounds in iterate_and_advance2 include/linux/iov_iter.h:249 [inline]
BUG: KASAN: slab-out-of-bounds in iterate_and_advance include/linux/iov_iter.h:271 [inline]
BUG: KASAN: slab-out-of-bounds in __copy_from_iter lib/iov_iter.c:249 [inline]
BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x953/0x1aa0 lib/iov_iter.c:481
Read of size 2048 at addr ffff888011c43000 by task kworker/u4:6/1032
CPU: 0 UID: 0 PID: 1032 Comm: kworker/u4:6 Not tainted 6.11.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: loop0 loop_rootcg_workfn
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:93 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
__asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105
memcpy_from_iter lib/iov_iter.c:73 [inline]
iterate_bvec include/linux/iov_iter.h:122 [inline]
iterate_and_advance2 include/linux/iov_iter.h:249 [inline]
iterate_and_advance include/linux/iov_iter.h:271 [inline]
__copy_from_iter lib/iov_iter.c:249 [inline]
copy_page_from_iter_atomic+0x953/0x1aa0 lib/iov_iter.c:481
copy_folio_from_iter_atomic include/linux/uio.h:186 [inline]
generic_perform_write+0x4a1/0x840 mm/filemap.c:4032
shmem_file_write_iter+0xfc/0x120 mm/shmem.c:3074
do_iter_readv_writev+0x60a/0x890
vfs_iter_write+0x244/0x610 fs/read_write.c:895
lo_write_bvec drivers/block/loop.c:243 [inline]
lo_write_simple drivers/block/loop.c:264 [inline]
do_req_filebacked drivers/block/loop.c:511 [inline]
loop_handle_cmd drivers/block/loop.c:1910 [inline]
loop_process_work+0x143b/0x2180 drivers/block/loop.c:1945
process_one_work kernel/workqueue.c:3231 [inline]
process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
worker_thread+0x870/0xd30 kernel/workqueue.c:3393
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Allocated by task 5106:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slub.c:4162 [inline]
__kmalloc_noprof+0x1fc/0x400 mm/slub.c:4174
kmalloc_noprof include/linux/slab.h:685 [inline]
hfsplus_read_wrapper+0x465/0x12d0 fs/hfsplus/wrapper.c:179
hfsplus_fill_super+0x38e/0x1ca0 fs/hfsplus/super.c:419
mount_bdev+0x20a/0x2d0 fs/super.c:1679
legacy_get_tree+0xee/0x190 fs/fs_context.c:662
vfs_get_tree+0x90/0x2b0 fs/super.c:1800
do_new_mount+0x2be/0xb40 fs/namespace.c:3472
do_mount fs/namespace.c:3812 [inline]
__do_sys_mount fs/namespace.c:4020 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3997
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The buggy address belongs to the object at ffff888011c43000
which belongs to the cache kmalloc-512 of size 512
The buggy address is located 0 bytes inside of
allocated 512-byte region [ffff888011c43000, ffff888011c43200)
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888011c43c00 pfn:0x11c42
head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xfdffffff(slab)
raw: 00fff00000000040 ffff88801ac41c80 ffffea0000491700 0000000000000003
raw: ffff888011c43c00 0000000000080005 00000001fdffffff 0000000000000000
head: 00fff00000000040 ffff88801ac41c80 ffffea0000491700 0000000000000003
head: ffff888011c43c00 0000000000080005 00000001fdffffff 0000000000000000
head: 00fff00000000001 ffffea0000471081 ffffffffffffffff 0000000000000000
head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5107, tgid 5107 (udevd), ts 88733477374, free_ts 32125874846
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1500
prep_new_page mm/page_alloc.c:1508 [inline]
get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3446
__alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4702
__alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
alloc_slab_page+0x5f/0x120 mm/slub.c:2325
allocate_slab+0x5a/0x2f0 mm/slub.c:2488
new_slab mm/slub.c:2541 [inline]
___slab_alloc+0xcd1/0x14b0 mm/slub.c:3727
__slab_alloc+0x58/0xa0 mm/slub.c:3817
__slab_alloc_node mm/slub.c:3870 [inline]
slab_alloc_node mm/slub.c:4029 [inline]
__kmalloc_cache_noprof+0x1d5/0x2c0 mm/slub.c:4188
kmalloc_noprof include/linux/slab.h:681 [inline]
kzalloc_noprof include/linux/slab.h:807 [inline]
kernfs_fop_open+0x3e0/0xd10 fs/kernfs/file.c:623
do_dentry_open+0x970/0x1440 fs/open.c:959
vfs_open+0x3e/0x330 fs/open.c:1089
do_open fs/namei.c:3727 [inline]
path_openat+0x2b3e/0x3470 fs/namei.c:3886
do_filp_open+0x235/0x490 fs/namei.c:3913
do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
do_sys_open fs/open.c:1431 [inline]
__do_sys_openat fs/open.c:1447 [inline]
__se_sys_openat fs/open.c:1442 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1442
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
page last free pid 4597 tgid 4597 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1101 [inline]
free_unref_page+0xd22/0xea0 mm/page_alloc.c:2619
discard_slab mm/slub.c:2587 [inline]
__put_partials+0xeb/0x130 mm/slub.c:3055
put_cpu_partial+0x17c/0x250 mm/slub.c:3130
__slab_free+0x2ea/0x3d0 mm/slub.c:4347
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x9e/0x140 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:322
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slub.c:3992 [inline]
slab_alloc_node mm/slub.c:4041 [inline]
kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4048
getname_flags+0xb7/0x540 fs/namei.c:139
do_sys_openat2+0xd2/0x1d0 fs/open.c:1410
do_sys_open fs/open.c:1431 [inline]
__do_sys_openat fs/open.c:1447 [inline]
__se_sys_openat fs/open.c:1442 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1442
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Memory state around the buggy address:
ffff888011c43100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888011c43180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff888011c43200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff888011c43280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff888011c43300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================