Warning: Permanently added '10.128.1.130' (ED25519) to the list of known hosts. executing program [ 45.794736][ T4020] loop0: detected capacity change from 0 to 1024 [ 46.089532][ T153] ================================================================== [ 46.091580][ T153] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x834/0xffc [ 46.093361][ T153] Read of size 2048 at addr ffff0000d64a5400 by task kworker/u4:3/153 [ 46.095279][ T153] [ 46.095793][ T153] CPU: 0 PID: 153 Comm: kworker/u4:3 Not tainted 5.15.173-syzkaller #0 [ 46.097482][ T153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 46.099468][ T153] Workqueue: loop0 loop_rootcg_workfn [ 46.100674][ T153] Call trace: [ 46.101347][ T153] dump_backtrace+0x0/0x530 [ 46.102208][ T153] show_stack+0x2c/0x3c [ 46.103057][ T153] dump_stack_lvl+0x108/0x170 [ 46.103984][ T153] print_address_description+0x7c/0x3f0 [ 46.105062][ T153] kasan_report+0x174/0x1e4 [ 46.105945][ T153] kasan_check_range+0x274/0x2b4 [ 46.106990][ T153] memcpy+0x90/0xe8 [ 46.107730][ T153] copy_page_from_iter_atomic+0x834/0xffc [ 46.108812][ T153] generic_perform_write+0x2d0/0x520 [ 46.109876][ T153] __generic_file_write_iter+0x230/0x454 [ 46.111143][ T153] generic_file_write_iter+0xb4/0x1b8 [ 46.112200][ T153] do_iter_readv_writev+0x420/0x5f8 [ 46.113411][ T153] do_iter_write+0x1b8/0x66c [ 46.114391][ T153] vfs_iter_write+0x88/0xac [ 46.115251][ T153] lo_write_bvec+0x394/0xb4c [ 46.116178][ T153] loop_process_work+0x1f24/0x2798 [ 46.117178][ T153] loop_rootcg_workfn+0x28/0x38 [ 46.118113][ T153] process_one_work+0x790/0x11b8 [ 46.119099][ T153] worker_thread+0x910/0x1034 [ 46.120071][ T153] kthread+0x37c/0x45c [ 46.120994][ T153] ret_from_fork+0x10/0x20 [ 46.121938][ T153] [ 46.122369][ T153] Allocated by task 4020: [ 46.123209][ T153] ____kasan_kmalloc+0xbc/0xfc [ 46.124215][ T153] __kasan_kmalloc+0x10/0x1c [ 46.125093][ T153] __kmalloc+0x29c/0x4c8 [ 46.126029][ T153] hfsplus_read_wrapper+0x3b8/0xfc8 [ 46.127144][ T153] hfsplus_fill_super+0x2f0/0x167c [ 46.128273][ T153] mount_bdev+0x274/0x370 [ 46.129376][ T153] hfsplus_mount+0x44/0x58 [ 46.130353][ T153] legacy_get_tree+0xd4/0x16c [ 46.131331][ T153] vfs_get_tree+0x90/0x274 [ 46.132313][ T153] do_new_mount+0x278/0x8fc [ 46.133187][ T153] path_mount+0x594/0x101c [ 46.134164][ T153] __arm64_sys_mount+0x510/0x5e0 [ 46.135279][ T153] invoke_syscall+0x98/0x2b8 [ 46.136405][ T153] el0_svc_common+0x138/0x258 [ 46.137356][ T153] do_el0_svc+0x58/0x14c [ 46.138269][ T153] el0_svc+0x7c/0x1f0 [ 46.139125][ T153] el0t_64_sync_handler+0x84/0xe4 [ 46.140243][ T153] el0t_64_sync+0x1a0/0x1a4 [ 46.141177][ T153] [ 46.141637][ T153] The buggy address belongs to the object at ffff0000d64a5400 [ 46.141637][ T153] which belongs to the cache kmalloc-512 of size 512 [ 46.144450][ T153] The buggy address is located 0 bytes inside of [ 46.144450][ T153] 512-byte region [ffff0000d64a5400, ffff0000d64a5600) [ 46.146977][ T153] The buggy address belongs to the page: [ 46.148075][ T153] page:00000000816a5640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1164a4 [ 46.150304][ T153] head:00000000816a5640 order:2 compound_mapcount:0 compound_pincount:0 [ 46.152038][ T153] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 46.153819][ T153] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 46.155699][ T153] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 46.157600][ T153] page dumped because: kasan: bad access detected [ 46.158906][ T153] [ 46.159433][ T153] Memory state around the buggy address: [ 46.160707][ T153] ffff0000d64a5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.162503][ T153] ffff0000d64a5580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.164129][ T153] >ffff0000d64a5600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.165791][ T153] ^ [ 46.166645][ T153] ffff0000d64a5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.168331][ T153] ffff0000d64a5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.169955][ T153] ================================================================== [ 46.171514][ T153] Disabling lock debugging due to kernel taint