Warning: Permanently added '10.128.0.95' (ED25519) to the list of known hosts. executing program syzkaller login: [ 36.010164][ T4220] loop0: detected capacity change from 0 to 1024 [ 36.056311][ T9] ================================================================== [ 36.058096][ T9] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x9a4/0x1104 [ 36.060214][ T9] Read of size 1024 at addr ffff0000c4c87c00 by task kworker/u4:0/9 [ 36.062156][ T9] [ 36.062701][ T9] CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.66-syzkaller #0 [ 36.064686][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 36.067255][ T9] Workqueue: loop0 loop_rootcg_workfn [ 36.068585][ T9] Call trace: [ 36.069485][ T9] dump_backtrace+0x1c8/0x1f4 [ 36.070611][ T9] show_stack+0x2c/0x3c [ 36.071601][ T9] dump_stack_lvl+0x108/0x170 [ 36.072839][ T9] print_report+0x174/0x4c0 [ 36.073962][ T9] kasan_report+0xd4/0x130 [ 36.075118][ T9] kasan_check_range+0x264/0x2a4 [ 36.076389][ T9] memcpy+0x48/0x90 [ 36.077448][ T9] copy_page_from_iter_atomic+0x9a4/0x1104 [ 36.078969][ T9] generic_perform_write+0x2fc/0x55c [ 36.080339][ T9] __generic_file_write_iter+0x168/0x388 [ 36.081743][ T9] generic_file_write_iter+0xb8/0x2b4 [ 36.083139][ T9] do_iter_write+0x534/0x964 [ 36.084235][ T9] vfs_iter_write+0x88/0xac [ 36.085403][ T9] loop_process_work+0x15b4/0x24a4 [ 36.086673][ T9] loop_rootcg_workfn+0x28/0x38 [ 36.087960][ T9] process_one_work+0x7ac/0x1404 [ 36.089246][ T9] worker_thread+0x8e4/0xfec [ 36.090480][ T9] kthread+0x250/0x2d8 [ 36.091563][ T9] ret_from_fork+0x10/0x20 [ 36.092708][ T9] [ 36.093288][ T9] Allocated by task 4220: [ 36.094372][ T9] kasan_set_track+0x4c/0x80 [ 36.095620][ T9] kasan_save_alloc_info+0x24/0x30 [ 36.096872][ T9] __kasan_kmalloc+0xac/0xc4 [ 36.098068][ T9] __kmalloc+0xd8/0x1c4 [ 36.099145][ T9] hfsplus_read_wrapper+0x3ac/0xfcc [ 36.100456][ T9] hfsplus_fill_super+0x2f0/0x166c [ 36.101795][ T9] mount_bdev+0x274/0x370 [ 36.102783][ T9] hfsplus_mount+0x44/0x58 [ 36.103971][ T9] legacy_get_tree+0xd4/0x16c [ 36.105068][ T9] vfs_get_tree+0x90/0x274 [ 36.106204][ T9] do_new_mount+0x25c/0x8c4 [ 36.107327][ T9] path_mount+0x590/0xe5c [ 36.108411][ T9] __arm64_sys_mount+0x45c/0x594 [ 36.109626][ T9] invoke_syscall+0x98/0x2c0 [ 36.110767][ T9] el0_svc_common+0x138/0x258 [ 36.111906][ T9] do_el0_svc+0x64/0x218 [ 36.113020][ T9] el0_svc+0x58/0x168 [ 36.114011][ T9] el0t_64_sync_handler+0x84/0xf0 [ 36.115286][ T9] el0t_64_sync+0x18c/0x190 [ 36.116370][ T9] [ 36.116948][ T9] The buggy address belongs to the object at ffff0000c4c87c00 [ 36.116948][ T9] which belongs to the cache kmalloc-512 of size 512 [ 36.120540][ T9] The buggy address is located 0 bytes inside of [ 36.120540][ T9] 512-byte region [ffff0000c4c87c00, ffff0000c4c87e00) [ 36.123918][ T9] [ 36.124543][ T9] The buggy address belongs to the physical page: [ 36.126118][ T9] page:000000008e295d1e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c84 [ 36.128755][ T9] head:000000008e295d1e order:2 compound_mapcount:0 compound_pincount:0 [ 36.130814][ T9] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 36.132802][ T9] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 36.134864][ T9] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 36.137035][ T9] page dumped because: kasan: bad access detected [ 36.138712][ T9] [ 36.139308][ T9] Memory state around the buggy address: [ 36.140820][ T9] ffff0000c4c87d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.142979][ T9] ffff0000c4c87d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.145043][ T9] >ffff0000c4c87e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.147106][ T9] ^ [ 36.148207][ T9] ffff0000c4c87e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.150272][ T9] ffff0000c4c87f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.152355][ T9] ================================================================== [ 36.154543][ T9] Disabling lock debugging due to kernel taint