Extracting prog: 2m2.009945082s
Minimizing prog: 5m31.94029164s
Simplifying prog options: 0s
Extracting C: 1m4.123934769s
Simplifying C: 5m26.924200494s


1 programs, 3 VMs, timeouts [15s 6m0s]
extracting reproducer from 1 programs
single: executing 1 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-sendfile-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
fallocate(0xffffffffffffffff, 0x30, 0x4, 0x1000)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1010004, &(0x7f0000000100)={[{@part={'part', 0x3d, 0x4}}, {@umask={'umask', 0x3d, 0xbf6}}, {@nls={'nls', 0x3d, 'cp737'}}, {@umask={'umask', 0x3d, 0xad9b}}]}, 0x6, 0x6ad, &(0x7f00000009c0)="$eJzs3U9sHFcdB/DvbDZrb5BSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmFyAYoSJw4oR44FKFw6AkhhFROiHJGQuLCKfdI3DjkABjN7Ox6bW8cO3+8bvv5SLPzZt+8937zy/zZmY21AT6zzr2e/b0UOXf8/M1y+e6dTvfunc61QTnJVJJG0uzPUrST4uPkbPpTPl++WXdXPGicV+99VDTf/7DTX2rWU7V+Y6t2m4xds5dMDxf2JZntF/+z7W439VdNVT8X1/p7RMUw7jJhxwaJg0lb3aS3Vtl4aPPtH7fAnnWrf93cZCY5kP7VtfwckPrs8PAzw+RteW7q7V4cAAAA8LSsu5cvxtzsPnM/93MzB3cxJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjEK/q/GVjUU2NQnk0x+P3/1shv6rcmHO5jeu9yNfvuM5MOBAAAAAAAAAAey9H7uZ+bOThYXi2q7/xfqhYOVa+fy9u5kcUs50RuZiErWcly5pPMjHTUurmwsrI8v7nlL1O2XF1dvVW3PDW25an1cfU2BjrufxpsWgkAAAAAAAAAPrN+lHNr3/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBeUCT7+rNqOjQoz6TRTDKdpFXMDldvTTTYJ+DPkw4AAAAAnr52PT9Y/K9fWC2qe/7D1X3/dN7O9axkKSvpZjGXqmcB/bv+xt97ne7dO51r5bS542/8a0dxVD2m/+xh/Mhz1RovDFucy7fzvRzPbC5kOUv5fhayksXM5ltVaSFFZuqnFzN377QziHVzvGfXLV0YKU+XL0dH3ijjO1JF0s7lLFWxncjF1iD0Rr3ekZHR/thKNox4u8xO8Vptmzm6VM/LLfpFPd8bZqot3z/MyFyd+zIbz47mfXPud7ifbBxpPo3hM6hDa6OUixtHeqScH6jnZa5/+nRzvsNHaesz0ft5uTTY+w5vnfPky//4y4UrjetXr1y+cXzv7EaPaOM+0RnJxIvbykS3zETvMTIx/TjxPzmtOhv9s+jOzpYvVW0PZinfyZu5lMWczlzmcyZz+VpOpZNTI3l9Yeu8VsdaY2fH2rEv1YXymvSzkWvTrpl6UEWZ12dH8jp6ppup6kbfWcvSc9vIUtHK+Cz9c2wozS/UhXKMH49ccSZvYybmRzLx/NaZ+PV/V5Pc6F6/unxl4a1tjvdyPS8P2/fWn5t/80Q2aOfqzS33l+fKf6z0Lxuje0dZ9/ygbkO+WvU3Ls26s3V1rVTHc7/uYUdq2dPh2+N66te9OHaUTlV3ZKRu3aecvJnu8FMIAHvYgVcOtNr32n9rf9D+SftK+/z0N6fOTH2xlf1/bf5p3+8av218vXglH+SHOTjpSAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NPgxjvvXl3odheX92AhjSfc4e2xVYNU9N9pPfHNObonkrlLhamt9qjfJ9mieWsSMbeT7InUpbkLY01lTNX54TvtpDGMJ8nVPfIDd8DTcHLl2lsnb7zz7leWri28sfjG4vVTZ06/drrz1flbJy8vdRfn+q+TjhJ4GtY+Bkw6EgAAAAAAAAAAAGC7duPPG8YMW/QmsK0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJ9O517O/lyLzcyfmyuW7dzrdchqU19ZsJmkkKX6QFB8nZ9OfMjPSXfGgcV6999GvXn7/w85aX83B+o0N7f7w79XVHW5Fr54ym2RfPX+4qW31d3Gkv94OA+srhltYJuzYIHEwaf8PAAD//8JZCBU=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
single: successfully extracted reproducer
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-sendfile-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
fallocate(0xffffffffffffffff, 0x30, 0x4, 0x1000)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1010004, &(0x7f0000000100)={[{@part={'part', 0x3d, 0x4}}, {@umask={'umask', 0x3d, 0xbf6}}, {@nls={'nls', 0x3d, 'cp737'}}, {@umask={'umask', 0x3d, 0xad9b}}]}, 0x6, 0x6ad, &(0x7f00000009c0)="$eJzs3U9sHFcdB/DvbDZrb5BSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmFyAYoSJw4oR44FKFw6AkhhFROiHJGQuLCKfdI3DjkABjN7Ox6bW8cO3+8bvv5SLPzZt+8937zy/zZmY21AT6zzr2e/b0UOXf8/M1y+e6dTvfunc61QTnJVJJG0uzPUrST4uPkbPpTPl++WXdXPGicV+99VDTf/7DTX2rWU7V+Y6t2m4xds5dMDxf2JZntF/+z7W439VdNVT8X1/p7RMUw7jJhxwaJg0lb3aS3Vtl4aPPtH7fAnnWrf93cZCY5kP7VtfwckPrs8PAzw+RteW7q7V4cAAAA8LSsu5cvxtzsPnM/93MzB3cxJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjEK/q/GVjUU2NQnk0x+P3/1shv6rcmHO5jeu9yNfvuM5MOBAAAAAAAAAAey9H7uZ+bOThYXi2q7/xfqhYOVa+fy9u5kcUs50RuZiErWcly5pPMjHTUurmwsrI8v7nlL1O2XF1dvVW3PDW25an1cfU2BjrufxpsWgkAAAAAAAAAPrN+lHNr3/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBeUCT7+rNqOjQoz6TRTDKdpFXMDldvTTTYJ+DPkw4AAAAAnr52PT9Y/K9fWC2qe/7D1X3/dN7O9axkKSvpZjGXqmcB/bv+xt97ne7dO51r5bS542/8a0dxVD2m/+xh/Mhz1RovDFucy7fzvRzPbC5kOUv5fhayksXM5ltVaSFFZuqnFzN377QziHVzvGfXLV0YKU+XL0dH3ijjO1JF0s7lLFWxncjF1iD0Rr3ekZHR/thKNox4u8xO8Vptmzm6VM/LLfpFPd8bZqot3z/MyFyd+zIbz47mfXPud7ifbBxpPo3hM6hDa6OUixtHeqScH6jnZa5/+nRzvsNHaesz0ft5uTTY+w5vnfPky//4y4UrjetXr1y+cXzv7EaPaOM+0RnJxIvbykS3zETvMTIx/TjxPzmtOhv9s+jOzpYvVW0PZinfyZu5lMWczlzmcyZz+VpOpZNTI3l9Yeu8VsdaY2fH2rEv1YXymvSzkWvTrpl6UEWZ12dH8jp6ppup6kbfWcvSc9vIUtHK+Cz9c2wozS/UhXKMH49ccSZvYybmRzLx/NaZ+PV/V5Pc6F6/unxl4a1tjvdyPS8P2/fWn5t/80Q2aOfqzS33l+fKf6z0Lxuje0dZ9/ygbkO+WvU3Ls26s3V1rVTHc7/uYUdq2dPh2+N66te9OHaUTlV3ZKRu3aecvJnu8FMIAHvYgVcOtNr32n9rf9D+SftK+/z0N6fOTH2xlf1/bf5p3+8av218vXglH+SHOTjpSAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NPgxjvvXl3odheX92AhjSfc4e2xVYNU9N9pPfHNObonkrlLhamt9qjfJ9mieWsSMbeT7InUpbkLY01lTNX54TvtpDGMJ8nVPfIDd8DTcHLl2lsnb7zz7leWri28sfjG4vVTZ06/drrz1flbJy8vdRfn+q+TjhJ4GtY+Bkw6EgAAAAAAAAAAAGC7duPPG8YMW/QmsK0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJ9O517O/lyLzcyfmyuW7dzrdchqU19ZsJmkkKX6QFB8nZ9OfMjPSXfGgcV6999GvXn7/w85aX83B+o0N7f7w79XVHW5Fr54ym2RfPX+4qW31d3Gkv94OA+srhltYJuzYIHEwaf8PAAD//8JZCBU=")

program did not crash
testing program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-sendfile-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-openat
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
fallocate(0xffffffffffffffff, 0x30, 0x4, 0x1000)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-sendfile-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-syz_mount_image$hfsplus-openat
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
fallocate(0xffffffffffffffff, 0x30, 0x4, 0x1000)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1010004, &(0x7f0000000100)={[{@part={'part', 0x3d, 0x4}}, {@umask={'umask', 0x3d, 0xbf6}}, {@nls={'nls', 0x3d, 'cp737'}}, {@umask={'umask', 0x3d, 0xad9b}}]}, 0x6, 0x6ad, &(0x7f00000009c0)="$eJzs3U9sHFcdB/DvbDZrb5BSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmFyAYoSJw4oR44FKFw6AkhhFROiHJGQuLCKfdI3DjkABjN7Ox6bW8cO3+8bvv5SLPzZt+8937zy/zZmY21AT6zzr2e/b0UOXf8/M1y+e6dTvfunc61QTnJVJJG0uzPUrST4uPkbPpTPl++WXdXPGicV+99VDTf/7DTX2rWU7V+Y6t2m4xds5dMDxf2JZntF/+z7W439VdNVT8X1/p7RMUw7jJhxwaJg0lb3aS3Vtl4aPPtH7fAnnWrf93cZCY5kP7VtfwckPrs8PAzw+RteW7q7V4cAAAA8LSsu5cvxtzsPnM/93MzB3cxJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjEK/q/GVjUU2NQnk0x+P3/1shv6rcmHO5jeu9yNfvuM5MOBAAAAAAAAAAey9H7uZ+bOThYXi2q7/xfqhYOVa+fy9u5kcUs50RuZiErWcly5pPMjHTUurmwsrI8v7nlL1O2XF1dvVW3PDW25an1cfU2BjrufxpsWgkAAAAAAAAAPrN+lHNr3/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBeUCT7+rNqOjQoz6TRTDKdpFXMDldvTTTYJ+DPkw4AAAAAnr52PT9Y/K9fWC2qe/7D1X3/dN7O9axkKSvpZjGXqmcB/bv+xt97ne7dO51r5bS542/8a0dxVD2m/+xh/Mhz1RovDFucy7fzvRzPbC5kOUv5fhayksXM5ltVaSFFZuqnFzN377QziHVzvGfXLV0YKU+XL0dH3ijjO1JF0s7lLFWxncjF1iD0Rr3ekZHR/thKNox4u8xO8Vptmzm6VM/LLfpFPd8bZqot3z/MyFyd+zIbz47mfXPud7ifbBxpPo3hM6hDa6OUixtHeqScH6jnZa5/+nRzvsNHaesz0ft5uTTY+w5vnfPky//4y4UrjetXr1y+cXzv7EaPaOM+0RnJxIvbykS3zETvMTIx/TjxPzmtOhv9s+jOzpYvVW0PZinfyZu5lMWczlzmcyZz+VpOpZNTI3l9Yeu8VsdaY2fH2rEv1YXymvSzkWvTrpl6UEWZ12dH8jp6ppup6kbfWcvSc9vIUtHK+Cz9c2wozS/UhXKMH49ccSZvYybmRzLx/NaZ+PV/V5Pc6F6/unxl4a1tjvdyPS8P2/fWn5t/80Q2aOfqzS33l+fKf6z0Lxuje0dZ9/ygbkO+WvU3Ls26s3V1rVTHc7/uYUdq2dPh2+N66te9OHaUTlV3ZKRu3aecvJnu8FMIAHvYgVcOtNr32n9rf9D+SftK+/z0N6fOTH2xlf1/bf5p3+8av218vXglH+SHOTjpSAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NPgxjvvXl3odheX92AhjSfc4e2xVYNU9N9pPfHNObonkrlLhamt9qjfJ9mieWsSMbeT7InUpbkLY01lTNX54TvtpDGMJ8nVPfIDd8DTcHLl2lsnb7zz7leWri28sfjG4vVTZ06/drrz1flbJy8vdRfn+q+TjhJ4GtY+Bkw6EgAAAAAAAAAAAGC7duPPG8YMW/QmsK0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJ9O517O/lyLzcyfmyuW7dzrdchqU19ZsJmkkKX6QFB8nZ9OfMjPSXfGgcV6999GvXn7/w85aX83B+o0N7f7w79XVHW5Fr54ym2RfPX+4qW31d3Gkv94OA+srhltYJuzYIHEwaf8PAAD//8JZCBU=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-sendfile-ioctl$LOOP_SET_BLOCK_SIZE-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1010004, &(0x7f0000000100)={[{@part={'part', 0x3d, 0x4}}, {@umask={'umask', 0x3d, 0xbf6}}, {@nls={'nls', 0x3d, 'cp737'}}, {@umask={'umask', 0x3d, 0xad9b}}]}, 0x6, 0x6ad, &(0x7f00000009c0)="$eJzs3U9sHFcdB/DvbDZrb5BSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmFyAYoSJw4oR44FKFw6AkhhFROiHJGQuLCKfdI3DjkABjN7Ox6bW8cO3+8bvv5SLPzZt+8937zy/zZmY21AT6zzr2e/b0UOXf8/M1y+e6dTvfunc61QTnJVJJG0uzPUrST4uPkbPpTPl++WXdXPGicV+99VDTf/7DTX2rWU7V+Y6t2m4xds5dMDxf2JZntF/+z7W439VdNVT8X1/p7RMUw7jJhxwaJg0lb3aS3Vtl4aPPtH7fAnnWrf93cZCY5kP7VtfwckPrs8PAzw+RteW7q7V4cAAAA8LSsu5cvxtzsPnM/93MzB3cxJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjEK/q/GVjUU2NQnk0x+P3/1shv6rcmHO5jeu9yNfvuM5MOBAAAAAAAAAAey9H7uZ+bOThYXi2q7/xfqhYOVa+fy9u5kcUs50RuZiErWcly5pPMjHTUurmwsrI8v7nlL1O2XF1dvVW3PDW25an1cfU2BjrufxpsWgkAAAAAAAAAPrN+lHNr3/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBeUCT7+rNqOjQoz6TRTDKdpFXMDldvTTTYJ+DPkw4AAAAAnr52PT9Y/K9fWC2qe/7D1X3/dN7O9axkKSvpZjGXqmcB/bv+xt97ne7dO51r5bS542/8a0dxVD2m/+xh/Mhz1RovDFucy7fzvRzPbC5kOUv5fhayksXM5ltVaSFFZuqnFzN377QziHVzvGfXLV0YKU+XL0dH3ijjO1JF0s7lLFWxncjF1iD0Rr3ekZHR/thKNox4u8xO8Vptmzm6VM/LLfpFPd8bZqot3z/MyFyd+zIbz47mfXPud7ifbBxpPo3hM6hDa6OUixtHeqScH6jnZa5/+nRzvsNHaesz0ft5uTTY+w5vnfPky//4y4UrjetXr1y+cXzv7EaPaOM+0RnJxIvbykS3zETvMTIx/TjxPzmtOhv9s+jOzpYvVW0PZinfyZu5lMWczlzmcyZz+VpOpZNTI3l9Yeu8VsdaY2fH2rEv1YXymvSzkWvTrpl6UEWZ12dH8jp6ppup6kbfWcvSc9vIUtHK+Cz9c2wozS/UhXKMH49ccSZvYybmRzLx/NaZ+PV/V5Pc6F6/unxl4a1tjvdyPS8P2/fWn5t/80Q2aOfqzS33l+fKf6z0Lxuje0dZ9/ygbkO+WvU3Ls26s3V1rVTHc7/uYUdq2dPh2+N66te9OHaUTlV3ZKRu3aecvJnu8FMIAHvYgVcOtNr32n9rf9D+SftK+/z0N6fOTH2xlf1/bf5p3+8av218vXglH+SHOTjpSAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NPgxjvvXl3odheX92AhjSfc4e2xVYNU9N9pPfHNObonkrlLhamt9qjfJ9mieWsSMbeT7InUpbkLY01lTNX54TvtpDGMJ8nVPfIDd8DTcHLl2lsnb7zz7leWri28sfjG4vVTZ06/drrz1flbJy8vdRfn+q+TjhJ4GtY+Bkw6EgAAAAAAAAAAAGC7duPPG8YMW/QmsK0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJ9O517O/lyLzcyfmyuW7dzrdchqU19ZsJmkkKX6QFB8nZ9OfMjPSXfGgcV6999GvXn7/w85aX83B+o0N7f7w79XVHW5Fr54ym2RfPX+4qW31d3Gkv94OA+srhltYJuzYIHEwaf8PAAD//8JZCBU=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-sendfile-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x24002de8)
fallocate(0xffffffffffffffff, 0x30, 0x4, 0x1000)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1010004, &(0x7f0000000100)={[{@part={'part', 0x3d, 0x4}}, {@umask={'umask', 0x3d, 0xbf6}}, {@nls={'nls', 0x3d, 'cp737'}}, {@umask={'umask', 0x3d, 0xad9b}}]}, 0x6, 0x6ad, &(0x7f00000009c0)="$eJzs3U9sHFcdB/DvbDZrb5BSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmFyAYoSJw4oR44FKFw6AkhhFROiHJGQuLCKfdI3DjkABjN7Ox6bW8cO3+8bvv5SLPzZt+8937zy/zZmY21AT6zzr2e/b0UOXf8/M1y+e6dTvfunc61QTnJVJJG0uzPUrST4uPkbPpTPl++WXdXPGicV+99VDTf/7DTX2rWU7V+Y6t2m4xds5dMDxf2JZntF/+z7W439VdNVT8X1/p7RMUw7jJhxwaJg0lb3aS3Vtl4aPPtH7fAnnWrf93cZCY5kP7VtfwckPrs8PAzw+RteW7q7V4cAAAA8LSsu5cvxtzsPnM/93MzB3cxJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjEK/q/GVjUU2NQnk0x+P3/1shv6rcmHO5jeu9yNfvuM5MOBAAAAAAAAAAey9H7uZ+bOThYXi2q7/xfqhYOVa+fy9u5kcUs50RuZiErWcly5pPMjHTUurmwsrI8v7nlL1O2XF1dvVW3PDW25an1cfU2BjrufxpsWgkAAAAAAAAAPrN+lHNr3/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBeUCT7+rNqOjQoz6TRTDKdpFXMDldvTTTYJ+DPkw4AAAAAnr52PT9Y/K9fWC2qe/7D1X3/dN7O9axkKSvpZjGXqmcB/bv+xt97ne7dO51r5bS542/8a0dxVD2m/+xh/Mhz1RovDFucy7fzvRzPbC5kOUv5fhayksXM5ltVaSFFZuqnFzN377QziHVzvGfXLV0YKU+XL0dH3ijjO1JF0s7lLFWxncjF1iD0Rr3ekZHR/thKNox4u8xO8Vptmzm6VM/LLfpFPd8bZqot3z/MyFyd+zIbz47mfXPud7ifbBxpPo3hM6hDa6OUixtHeqScH6jnZa5/+nRzvsNHaesz0ft5uTTY+w5vnfPky//4y4UrjetXr1y+cXzv7EaPaOM+0RnJxIvbykS3zETvMTIx/TjxPzmtOhv9s+jOzpYvVW0PZinfyZu5lMWczlzmcyZz+VpOpZNTI3l9Yeu8VsdaY2fH2rEv1YXymvSzkWvTrpl6UEWZ12dH8jp6ppup6kbfWcvSc9vIUtHK+Cz9c2wozS/UhXKMH49ccSZvYybmRzLx/NaZ+PV/V5Pc6F6/unxl4a1tjvdyPS8P2/fWn5t/80Q2aOfqzS33l+fKf6z0Lxuje0dZ9/ygbkO+WvU3Ls26s3V1rVTHc7/uYUdq2dPh2+N66te9OHaUTlV3ZKRu3aecvJnu8FMIAHvYgVcOtNr32n9rf9D+SftK+/z0N6fOTH2xlf1/bf5p3+8av218vXglH+SHOTjpSAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NPgxjvvXl3odheX92AhjSfc4e2xVYNU9N9pPfHNObonkrlLhamt9qjfJ9mieWsSMbeT7InUpbkLY01lTNX54TvtpDGMJ8nVPfIDd8DTcHLl2lsnb7zz7leWri28sfjG4vVTZ06/drrz1flbJy8vdRfn+q+TjhJ4GtY+Bkw6EgAAAAAAAAAAAGC7duPPG8YMW/QmsK0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJ9O517O/lyLzcyfmyuW7dzrdchqU19ZsJmkkKX6QFB8nZ9OfMjPSXfGgcV6999GvXn7/w85aX83B+o0N7f7w79XVHW5Fr54ym2RfPX+4qW31d3Gkv94OA+srhltYJuzYIHEwaf8PAAD//8JZCBU=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
fallocate(0xffffffffffffffff, 0x30, 0x4, 0x1000)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1010004, &(0x7f0000000100)={[{@part={'part', 0x3d, 0x4}}, {@umask={'umask', 0x3d, 0xbf6}}, {@nls={'nls', 0x3d, 'cp737'}}, {@umask={'umask', 0x3d, 0xad9b}}]}, 0x6, 0x6ad, &(0x7f00000009c0)="$eJzs3U9sHFcdB/DvbDZrb5BSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmFyAYoSJw4oR44FKFw6AkhhFROiHJGQuLCKfdI3DjkABjN7Ox6bW8cO3+8bvv5SLPzZt+8937zy/zZmY21AT6zzr2e/b0UOXf8/M1y+e6dTvfunc61QTnJVJJG0uzPUrST4uPkbPpTPl++WXdXPGicV+99VDTf/7DTX2rWU7V+Y6t2m4xds5dMDxf2JZntF/+z7W439VdNVT8X1/p7RMUw7jJhxwaJg0lb3aS3Vtl4aPPtH7fAnnWrf93cZCY5kP7VtfwckPrs8PAzw+RteW7q7V4cAAAA8LSsu5cvxtzsPnM/93MzB3cxJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjEK/q/GVjUU2NQnk0x+P3/1shv6rcmHO5jeu9yNfvuM5MOBAAAAAAAAAAey9H7uZ+bOThYXi2q7/xfqhYOVa+fy9u5kcUs50RuZiErWcly5pPMjHTUurmwsrI8v7nlL1O2XF1dvVW3PDW25an1cfU2BjrufxpsWgkAAAAAAAAAPrN+lHNr3/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBeUCT7+rNqOjQoz6TRTDKdpFXMDldvTTTYJ+DPkw4AAAAAnr52PT9Y/K9fWC2qe/7D1X3/dN7O9axkKSvpZjGXqmcB/bv+xt97ne7dO51r5bS542/8a0dxVD2m/+xh/Mhz1RovDFucy7fzvRzPbC5kOUv5fhayksXM5ltVaSFFZuqnFzN377QziHVzvGfXLV0YKU+XL0dH3ijjO1JF0s7lLFWxncjF1iD0Rr3ekZHR/thKNox4u8xO8Vptmzm6VM/LLfpFPd8bZqot3z/MyFyd+zIbz47mfXPud7ifbBxpPo3hM6hDa6OUixtHeqScH6jnZa5/+nRzvsNHaesz0ft5uTTY+w5vnfPky//4y4UrjetXr1y+cXzv7EaPaOM+0RnJxIvbykS3zETvMTIx/TjxPzmtOhv9s+jOzpYvVW0PZinfyZu5lMWczlzmcyZz+VpOpZNTI3l9Yeu8VsdaY2fH2rEv1YXymvSzkWvTrpl6UEWZ12dH8jp6ppup6kbfWcvSc9vIUtHK+Cz9c2wozS/UhXKMH49ccSZvYybmRzLx/NaZ+PV/V5Pc6F6/unxl4a1tjvdyPS8P2/fWn5t/80Q2aOfqzS33l+fKf6z0Lxuje0dZ9/ygbkO+WvU3Ls26s3V1rVTHc7/uYUdq2dPh2+N66te9OHaUTlV3ZKRu3aecvJnu8FMIAHvYgVcOtNr32n9rf9D+SftK+/z0N6fOTH2xlf1/bf5p3+8av218vXglH+SHOTjpSAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NPgxjvvXl3odheX92AhjSfc4e2xVYNU9N9pPfHNObonkrlLhamt9qjfJ9mieWsSMbeT7InUpbkLY01lTNX54TvtpDGMJ8nVPfIDd8DTcHLl2lsnb7zz7leWri28sfjG4vVTZ06/drrz1flbJy8vdRfn+q+TjhJ4GtY+Bkw6EgAAAAAAAAAAAGC7duPPG8YMW/QmsK0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJ9O517O/lyLzcyfmyuW7dzrdchqU19ZsJmkkKX6QFB8nZ9OfMjPSXfGgcV6999GvXn7/w85aX83B+o0N7f7w79XVHW5Fr54ym2RfPX+4qW31d3Gkv94OA+srhltYJuzYIHEwaf8PAAD//8JZCBU=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
detailed listing:
executing program 0:
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x4c09, 0x800)
fallocate(0xffffffffffffffff, 0x30, 0x4, 0x1000)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1010004, &(0x7f0000000100)={[{@part={'part', 0x3d, 0x4}}, {@umask={'umask', 0x3d, 0xbf6}}, {@nls={'nls', 0x3d, 'cp737'}}, {@umask={'umask', 0x3d, 0xad9b}}]}, 0x6, 0x6ad, &(0x7f00000009c0)="$eJzs3U9sHFcdB/DvbDZrb5BSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmFyAYoSJw4oR44FKFw6AkhhFROiHJGQuLCKfdI3DjkABjN7Ox6bW8cO3+8bvv5SLPzZt+8937zy/zZmY21AT6zzr2e/b0UOXf8/M1y+e6dTvfunc61QTnJVJJG0uzPUrST4uPkbPpTPl++WXdXPGicV+99VDTf/7DTX2rWU7V+Y6t2m4xds5dMDxf2JZntF/+z7W439VdNVT8X1/p7RMUw7jJhxwaJg0lb3aS3Vtl4aPPtH7fAnnWrf93cZCY5kP7VtfwckPrs8PAzw+RteW7q7V4cAAAA8LSsu5cvxtzsPnM/93MzB3cxJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjEK/q/GVjUU2NQnk0x+P3/1shv6rcmHO5jeu9yNfvuM5MOBAAAAAAAAAAey9H7uZ+bOThYXi2q7/xfqhYOVa+fy9u5kcUs50RuZiErWcly5pPMjHTUurmwsrI8v7nlL1O2XF1dvVW3PDW25an1cfU2BjrufxpsWgkAAAAAAAAAPrN+lHNr3/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBeUCT7+rNqOjQoz6TRTDKdpFXMDldvTTTYJ+DPkw4AAAAAnr52PT9Y/K9fWC2qe/7D1X3/dN7O9axkKSvpZjGXqmcB/bv+xt97ne7dO51r5bS542/8a0dxVD2m/+xh/Mhz1RovDFucy7fzvRzPbC5kOUv5fhayksXM5ltVaSFFZuqnFzN377QziHVzvGfXLV0YKU+XL0dH3ijjO1JF0s7lLFWxncjF1iD0Rr3ekZHR/thKNox4u8xO8Vptmzm6VM/LLfpFPd8bZqot3z/MyFyd+zIbz47mfXPud7ifbBxpPo3hM6hDa6OUixtHeqScH6jnZa5/+nRzvsNHaesz0ft5uTTY+w5vnfPky//4y4UrjetXr1y+cXzv7EaPaOM+0RnJxIvbykS3zETvMTIx/TjxPzmtOhv9s+jOzpYvVW0PZinfyZu5lMWczlzmcyZz+VpOpZNTI3l9Yeu8VsdaY2fH2rEv1YXymvSzkWvTrpl6UEWZ12dH8jp6ppup6kbfWcvSc9vIUtHK+Cz9c2wozS/UhXKMH49ccSZvYybmRzLx/NaZ+PV/V5Pc6F6/unxl4a1tjvdyPS8P2/fWn5t/80Q2aOfqzS33l+fKf6z0Lxuje0dZ9/ygbkO+WvU3Ls26s3V1rVTHc7/uYUdq2dPh2+N66te9OHaUTlV3ZKRu3aecvJnu8FMIAHvYgVcOtNr32n9rf9D+SftK+/z0N6fOTH2xlf1/bf5p3+8av218vXglH+SHOTjpSAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NPgxjvvXl3odheX92AhjSfc4e2xVYNU9N9pPfHNObonkrlLhamt9qjfJ9mieWsSMbeT7InUpbkLY01lTNX54TvtpDGMJ8nVPfIDd8DTcHLl2lsnb7zz7leWri28sfjG4vVTZ06/drrz1flbJy8vdRfn+q+TjhJ4GtY+Bkw6EgAAAAAAAAAAAGC7duPPG8YMW/QmsK0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJ9O517O/lyLzcyfmyuW7dzrdchqU19ZsJmkkKX6QFB8nZ9OfMjPSXfGgcV6999GvXn7/w85aX83B+o0N7f7w79XVHW5Fr54ym2RfPX+4qW31d3Gkv94OA+srhltYJuzYIHEwaf8PAAD//8JZCBU=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
detailed listing:
executing program 0:
r0 = syz_open_dev$loop(0x0, 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x800)
fallocate(0xffffffffffffffff, 0x30, 0x4, 0x1000)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1010004, &(0x7f0000000100)={[{@part={'part', 0x3d, 0x4}}, {@umask={'umask', 0x3d, 0xbf6}}, {@nls={'nls', 0x3d, 'cp737'}}, {@umask={'umask', 0x3d, 0xad9b}}]}, 0x6, 0x6ad, &(0x7f00000009c0)="$eJzs3U9sHFcdB/DvbDZrb5BSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmFyAYoSJw4oR44FKFw6AkhhFROiHJGQuLCKfdI3DjkABjN7Ox6bW8cO3+8bvv5SLPzZt+8937zy/zZmY21AT6zzr2e/b0UOXf8/M1y+e6dTvfunc61QTnJVJJG0uzPUrST4uPkbPpTPl++WXdXPGicV+99VDTf/7DTX2rWU7V+Y6t2m4xds5dMDxf2JZntF/+z7W439VdNVT8X1/p7RMUw7jJhxwaJg0lb3aS3Vtl4aPPtH7fAnnWrf93cZCY5kP7VtfwckPrs8PAzw+RteW7q7V4cAAAA8LSsu5cvxtzsPnM/93MzB3cxJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjEK/q/GVjUU2NQnk0x+P3/1shv6rcmHO5jeu9yNfvuM5MOBAAAAAAAAAAey9H7uZ+bOThYXi2q7/xfqhYOVa+fy9u5kcUs50RuZiErWcly5pPMjHTUurmwsrI8v7nlL1O2XF1dvVW3PDW25an1cfU2BjrufxpsWgkAAAAAAAAAPrN+lHNr3/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBeUCT7+rNqOjQoz6TRTDKdpFXMDldvTTTYJ+DPkw4AAAAAnr52PT9Y/K9fWC2qe/7D1X3/dN7O9axkKSvpZjGXqmcB/bv+xt97ne7dO51r5bS542/8a0dxVD2m/+xh/Mhz1RovDFucy7fzvRzPbC5kOUv5fhayksXM5ltVaSFFZuqnFzN377QziHVzvGfXLV0YKU+XL0dH3ijjO1JF0s7lLFWxncjF1iD0Rr3ekZHR/thKNox4u8xO8Vptmzm6VM/LLfpFPd8bZqot3z/MyFyd+zIbz47mfXPud7ifbBxpPo3hM6hDa6OUixtHeqScH6jnZa5/+nRzvsNHaesz0ft5uTTY+w5vnfPky//4y4UrjetXr1y+cXzv7EaPaOM+0RnJxIvbykS3zETvMTIx/TjxPzmtOhv9s+jOzpYvVW0PZinfyZu5lMWczlzmcyZz+VpOpZNTI3l9Yeu8VsdaY2fH2rEv1YXymvSzkWvTrpl6UEWZ12dH8jp6ppup6kbfWcvSc9vIUtHK+Cz9c2wozS/UhXKMH49ccSZvYybmRzLx/NaZ+PV/V5Pc6F6/unxl4a1tjvdyPS8P2/fWn5t/80Q2aOfqzS33l+fKf6z0Lxuje0dZ9/ygbkO+WvU3Ls26s3V1rVTHc7/uYUdq2dPh2+N66te9OHaUTlV3ZKRu3aecvJnu8FMIAHvYgVcOtNr32n9rf9D+SftK+/z0N6fOTH2xlf1/bf5p3+8av218vXglH+SHOTjpSAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NPgxjvvXl3odheX92AhjSfc4e2xVYNU9N9pPfHNObonkrlLhamt9qjfJ9mieWsSMbeT7InUpbkLY01lTNX54TvtpDGMJ8nVPfIDd8DTcHLl2lsnb7zz7leWri28sfjG4vVTZ06/drrz1flbJy8vdRfn+q+TjhJ4GtY+Bkw6EgAAAAAAAAAAAGC7duPPG8YMW/QmsK0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJ9O517O/lyLzcyfmyuW7dzrdchqU19ZsJmkkKX6QFB8nZ9OfMjPSXfGgcV6999GvXn7/w85aX83B+o0N7f7w79XVHW5Fr54ym2RfPX+4qW31d3Gkv94OA+srhltYJuzYIHEwaf8PAAD//8JZCBU=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
program crashed: KASAN: slab-out-of-bounds Write in shmem_file_read_iter
simplifying C reproducer
testing compiled C program (duration=22.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing compiled C program (duration=22.5s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
program did not crash
testing compiled C program (duration=22.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
program did not crash
testing compiled C program (duration=22.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing compiled C program (duration=22.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing compiled C program (duration=22.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
program crashed: KASAN: slab-out-of-bounds Read in generic_perform_write
testing compiled C program (duration=22.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
program crashed: KASAN: slab-out-of-bounds Write in shmem_file_read_iter
testing compiled C program (duration=22.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-ioctl$LOOP_SET_BLOCK_SIZE-fallocate-ioctl$LOOP_SET_STATUS-syz_mount_image$hfsplus-openat
program crashed: KASAN: slab-out-of-bounds Write in shmem_file_read_iter
reproducing took 14m4.998401463s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-out-of-bounds in _copy_to_iter+0x738/0xe58 lib/iov_iter.c:527
Write of size 1024 at addr ffff0000dd999c00 by task kworker/u4:5/1609

CPU: 0 PID: 1609 Comm: kworker/u4:5 Not tainted 6.1.92-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: loop0 loop_rootcg_workfn
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:284 [inline]
 print_report+0x174/0x4c0 mm/kasan/report.c:395
 kasan_report+0xd4/0x130 mm/kasan/report.c:495
 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189
 memcpy+0x60/0x90 mm/kasan/shadow.c:66
 _copy_to_iter+0x738/0xe58 lib/iov_iter.c:527
 copy_page_to_iter+0x218/0x344 lib/iov_iter.c:725
 shmem_file_read_iter+0x4d0/0xa04 mm/shmem.c:2692
 do_iter_read+0x578/0x998 fs/read_write.c:796
 vfs_iter_read+0x88/0xac fs/read_write.c:838
 lo_read_simple drivers/block/loop.c:288 [inline]
 do_req_filebacked drivers/block/loop.c:498 [inline]
 loop_handle_cmd drivers/block/loop.c:1909 [inline]
 loop_process_work+0xe7c/0x24a4 drivers/block/loop.c:1944
 loop_rootcg_workfn+0x28/0x38 drivers/block/loop.c:1975
 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
 worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864

Allocated by task 4227:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
 kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slab_common.c:955 [inline]
 __kmalloc+0xd8/0x1c4 mm/slab_common.c:968
 kmalloc include/linux/slab.h:561 [inline]
 hfsplus_read_wrapper+0x46c/0xfcc fs/hfsplus/wrapper.c:181
 hfsplus_fill_super+0x2f0/0x166c fs/hfsplus/super.c:413
 mount_bdev+0x274/0x370 fs/super.c:1432
 hfsplus_mount+0x44/0x58 fs/hfsplus/super.c:641
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:632
 vfs_get_tree+0x90/0x274 fs/super.c:1562
 do_new_mount+0x278/0x8fc fs/namespace.c:3051
 path_mount+0x590/0xe5c fs/namespace.c:3381
 do_mount fs/namespace.c:3394 [inline]
 __do_sys_mount fs/namespace.c:3602 [inline]
 __se_sys_mount fs/namespace.c:3579 [inline]
 __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3579
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

The buggy address belongs to the object at ffff0000dd999c00
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 0 bytes inside of
 512-byte region [ffff0000dd999c00, ffff0000dd999e00)

The buggy address belongs to the physical page:
page:0000000089394480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d998
head:0000000089394480 order:2 compound_mapcount:0 compound_pincount:0
flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000dd999d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000dd999d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000dd999e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                   ^
 ffff0000dd999e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000dd999f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-out-of-bounds in _copy_to_iter+0x738/0xe58 lib/iov_iter.c:527
Write of size 1024 at addr ffff0000dd999c00 by task kworker/u4:5/1609

CPU: 0 PID: 1609 Comm: kworker/u4:5 Not tainted 6.1.92-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: loop0 loop_rootcg_workfn
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:284 [inline]
 print_report+0x174/0x4c0 mm/kasan/report.c:395
 kasan_report+0xd4/0x130 mm/kasan/report.c:495
 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189
 memcpy+0x60/0x90 mm/kasan/shadow.c:66
 _copy_to_iter+0x738/0xe58 lib/iov_iter.c:527
 copy_page_to_iter+0x218/0x344 lib/iov_iter.c:725
 shmem_file_read_iter+0x4d0/0xa04 mm/shmem.c:2692
 do_iter_read+0x578/0x998 fs/read_write.c:796
 vfs_iter_read+0x88/0xac fs/read_write.c:838
 lo_read_simple drivers/block/loop.c:288 [inline]
 do_req_filebacked drivers/block/loop.c:498 [inline]
 loop_handle_cmd drivers/block/loop.c:1909 [inline]
 loop_process_work+0xe7c/0x24a4 drivers/block/loop.c:1944
 loop_rootcg_workfn+0x28/0x38 drivers/block/loop.c:1975
 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
 worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864

Allocated by task 4227:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
 kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slab_common.c:955 [inline]
 __kmalloc+0xd8/0x1c4 mm/slab_common.c:968
 kmalloc include/linux/slab.h:561 [inline]
 hfsplus_read_wrapper+0x46c/0xfcc fs/hfsplus/wrapper.c:181
 hfsplus_fill_super+0x2f0/0x166c fs/hfsplus/super.c:413
 mount_bdev+0x274/0x370 fs/super.c:1432
 hfsplus_mount+0x44/0x58 fs/hfsplus/super.c:641
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:632
 vfs_get_tree+0x90/0x274 fs/super.c:1562
 do_new_mount+0x278/0x8fc fs/namespace.c:3051
 path_mount+0x590/0xe5c fs/namespace.c:3381
 do_mount fs/namespace.c:3394 [inline]
 __do_sys_mount fs/namespace.c:3602 [inline]
 __se_sys_mount fs/namespace.c:3579 [inline]
 __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3579
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

The buggy address belongs to the object at ffff0000dd999c00
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 0 bytes inside of
 512-byte region [ffff0000dd999c00, ffff0000dd999e00)

The buggy address belongs to the physical page:
page:0000000089394480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d998
head:0000000089394480 order:2 compound_mapcount:0 compound_pincount:0
flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000dd999d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000dd999d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000dd999e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                   ^
 ffff0000dd999e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000dd999f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================