[ 18.419397][ T3636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.427737][ T3636] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.465317][ T148] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.469332][ T1528] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller syzkaller login: [ 69.640481][ T25] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.197' (ED25519) to the list of known hosts. executing program [ 163.855299][ T3979] loop0: detected capacity change from 0 to 1024 [ 163.898654][ T3979] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 163.996824][ T3981] loop0: detected capacity change from 0 to 1024 [ 164.041839][ T340] ================================================================== [ 164.043867][ T340] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x834/0xffc [ 164.045970][ T340] Read of size 1024 at addr ffff0000c542fc00 by task kworker/u4:4/340 [ 164.048100][ T340] [ 164.048682][ T340] CPU: 1 PID: 340 Comm: kworker/u4:4 Not tainted 5.15.127-syzkaller #0 [ 164.050861][ T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 164.053536][ T340] Workqueue: loop0 loop_rootcg_workfn [ 164.055013][ T340] Call trace: [ 164.055886][ T340] dump_backtrace+0x0/0x530 [ 164.057006][ T340] show_stack+0x2c/0x3c [ 164.058059][ T340] dump_stack_lvl+0x108/0x170 [ 164.059282][ T340] print_address_description+0x7c/0x3f0 [ 164.060800][ T340] kasan_report+0x174/0x1e4 [ 164.061984][ T340] kasan_check_range+0x274/0x2b4 [ 164.063284][ T340] memcpy+0x90/0xe8 [ 164.064352][ T340] copy_page_from_iter_atomic+0x834/0xffc [ 164.065892][ T340] generic_perform_write+0x2d0/0x520 [ 164.067277][ T340] __generic_file_write_iter+0x230/0x454 [ 164.068784][ T340] generic_file_write_iter+0xb4/0x1b8 [ 164.070167][ T340] do_iter_readv_writev+0x420/0x5f8 [ 164.071489][ T340] do_iter_write+0x1b8/0x664 [ 164.072672][ T340] vfs_iter_write+0x88/0xac [ 164.073898][ T340] lo_write_bvec+0x394/0xb4c [ 164.075074][ T340] loop_process_work+0x1bcc/0x2790 [ 164.076487][ T340] loop_rootcg_workfn+0x28/0x38 [ 164.077837][ T340] process_one_work+0x790/0x11b8 [ 164.079213][ T340] worker_thread+0x910/0x1034 [ 164.080451][ T340] kthread+0x37c/0x45c [ 164.081530][ T340] ret_from_fork+0x10/0x20 [ 164.082746][ T340] [ 164.083446][ T340] Allocated by task 3981: [ 164.084637][ T340] ____kasan_kmalloc+0xbc/0xfc [ 164.085939][ T340] __kasan_kmalloc+0x10/0x1c [ 164.087154][ T340] __kmalloc+0x29c/0x4c8 [ 164.088280][ T340] hfsplus_read_wrapper+0x3b8/0xfc8 [ 164.089697][ T340] hfsplus_fill_super+0x2f0/0x167c [ 164.091118][ T340] mount_bdev+0x274/0x370 [ 164.092287][ T340] hfsplus_mount+0x44/0x58 [ 164.093483][ T340] legacy_get_tree+0xd4/0x16c [ 164.094808][ T340] vfs_get_tree+0x90/0x274 [ 164.096021][ T340] do_new_mount+0x25c/0x8c4 [ 164.097262][ T340] path_mount+0x590/0x104c [ 164.098446][ T340] __arm64_sys_mount+0x510/0x5e0 [ 164.099718][ T340] invoke_syscall+0x98/0x2b8 [ 164.100945][ T340] el0_svc_common+0x138/0x258 [ 164.102145][ T340] do_el0_svc+0x58/0x14c [ 164.103241][ T340] el0_svc+0x7c/0x1f0 [ 164.104318][ T340] el0t_64_sync_handler+0x84/0xe4 [ 164.105664][ T340] el0t_64_sync+0x1a0/0x1a4 [ 164.106931][ T340] [ 164.107592][ T340] The buggy address belongs to the object at ffff0000c542fc00 [ 164.107592][ T340] which belongs to the cache kmalloc-512 of size 512 [ 164.111361][ T340] The buggy address is located 0 bytes inside of [ 164.111361][ T340] 512-byte region [ffff0000c542fc00, ffff0000c542fe00) [ 164.114858][ T340] The buggy address belongs to the page: [ 164.116329][ T340] page:0000000003925560 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10542c [ 164.119273][ T340] head:0000000003925560 order:2 compound_mapcount:0 compound_pincount:0 [ 164.121480][ T340] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 164.123793][ T340] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 164.126101][ T340] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 164.128436][ T340] page dumped because: kasan: bad access detected [ 164.130172][ T340] [ 164.130755][ T340] Memory state around the buggy address: [ 164.132238][ T340] ffff0000c542fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 164.134360][ T340] ffff0000c542fd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 164.136432][ T340] >ffff0000c542fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.138514][ T340] ^ [ 164.139595][ T340] ffff0000c542fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.141702][ T340] ffff0000c542ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.143842][ T340] ================================================================== [ 164.145931][ T340] Disabling lock debugging due to kernel taint executing program [ 164.171294][ T3982] loop0: detected capacity change from 0 to 1024 executing program [ 164.269226][ T3983] loop0: detected capacity change from 0 to 1024 [ 164.308062][ T3983] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 164.367089][ T3984] loop0: detected capacity change from 0 to 1024 executing program [ 164.469744][ T3985] loop0: detected capacity change from 0 to 1024 executing program [ 164.559429][ T3986] loop0: detected capacity change from 0 to 1024 [ 164.598101][ T3986] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 164.656850][ T3987] loop0: detected capacity change from 0 to 1024 [ 164.698189][ T3987] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 164.757619][ T3988] loop0: detected capacity change from 0 to 1024 executing program [ 164.859342][ T3989] loop0: detected capacity change from 0 to 1024 [ 164.887942][ T3989] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 164.916095][ T3990] loop0: detected capacity change from 0 to 1024 executing program [ 165.018997][ T3991] loop0: detected capacity change from 0 to 1024 [ 165.077969][ T3991] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 165.147301][ T3992] loop0: detected capacity change from 0 to 1024 [ 165.188165][ T3992] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 165.257049][ T3993] loop0: detected capacity change from 0 to 1024 executing program [ 165.359397][ T3994] loop0: detected capacity change from 0 to 1024 [ 165.407927][ T3994] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 165.465957][ T3995] loop0: detected capacity change from 0 to 1024 [ 165.517998][ T3995] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 165.599395][ T3996] loop0: detected capacity change from 0 to 1024 [ 165.638032][ T3996] loop_set_block_size: loop0 () has still dirty pages (nrpages=4) executing program executing program [ 165.719232][ T3998] loop0: detected capacity change from 0 to 1024 [ 165.748104][ T3998] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 165.787195][ T3999] loop0: detected capacity change from 0 to 1024 executing program [ 165.869386][ T4000] loop0: detected capacity change from 0 to 1024 [ 165.908239][ T4000] loop_set_block_size: loop0 () has still dirty pages (nrpages=4) executing program [ 165.957173][ T4001] loop0: detected capacity change from 0 to 1024 executing program [ 166.074153][ T4002] loop0: detected capacity change from 0 to 1024 executing program [ 166.167588][ T4003] loop0: detected capacity change from 0 to 1024 executing program [ 166.259299][ T4004] loop0: detected capacity change from 0 to 1024 [ 166.298148][ T4004] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 166.356069][ T4005] loop0: detected capacity change from 0 to 1024 [ 166.387961][ T4005] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 166.438802][ T4006] loop0: detected capacity change from 0 to 1024 executing program [ 166.539811][ T4007] loop0: detected capacity change from 0 to 1024 [ 166.568858][ T4007] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 166.619135][ T4008] loop0: detected capacity change from 0 to 1024 [ 166.658171][ T4008] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 166.697694][ T4009] loop0: detected capacity change from 0 to 1024 [ 166.737989][ T4009] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 166.808458][ T4010] loop0: detected capacity change from 0 to 1024 [ 166.867992][ T4010] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 166.926269][ T4011] loop0: detected capacity change from 0 to 1024 [ 166.968115][ T4011] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 167.019454][ T4012] loop0: detected capacity change from 0 to 1024 executing program [ 167.100637][ T4013] loop0: detected capacity change from 0 to 1024 [ 167.148126][ T4013] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 167.207516][ T4014] loop0: detected capacity change from 0 to 1024 [ 167.248078][ T4014] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 167.323959][ T4015] loop0: detected capacity change from 0 to 1024 executing program [ 167.429193][ T4016] loop0: detected capacity change from 0 to 1024 [ 167.477910][ T4016] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program executing program [ 167.549255][ T4018] loop0: detected capacity change from 0 to 1024 [ 167.597981][ T4018] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 167.676852][ T4019] loop0: detected capacity change from 0 to 1024 [ 167.738154][ T4019] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 167.806365][ T4020] loop0: detected capacity change from 0 to 1024 executing program [ 167.899685][ T4021] loop0: detected capacity change from 0 to 1024 [ 167.928010][ T4021] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 167.959179][ T4022] loop0: detected capacity change from 0 to 1024 executing program [ 168.048225][ T4023] loop0: detected capacity change from 0 to 1024 [ 168.088033][ T4023] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 168.136653][ T4024] loop0: detected capacity change from 0 to 1024 [ 168.178085][ T4024] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 168.238617][ T4025] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 168.279127][ T4026] loop0: detected capacity change from 0 to 1024 [ 168.328057][ T4026] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 168.376730][ T4027] loop0: detected capacity change from 0 to 1024 [ 168.427998][ T4027] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 168.480670][ T4028] loop0: detected capacity change from 0 to 1024 [ 168.528217][ T4028] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 168.578554][ T4029] loop0: detected capacity change from 0 to 1024 [ 168.608779][ T4029] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 168.659914][ T4030] loop0: detected capacity change from 0 to 1024 executing program [ 168.748879][ T4031] loop0: detected capacity change from 0 to 1024 [ 168.787902][ T4031] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 168.857055][ T4032] loop0: detected capacity change from 0 to 1024 executing program executing program [ 168.962214][ T4034] loop0: detected capacity change from 0 to 1024 [ 169.028473][ T4034] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 169.076649][ T4035] loop0: detected capacity change from 0 to 1024 [ 169.107984][ T4035] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 169.158668][ T4036] loop0: detected capacity change from 0 to 1024 [ 169.198191][ T4036] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 169.276863][ T4037] loop0: detected capacity change from 0 to 1024 executing program [ 169.370017][ T4038] loop0: detected capacity change from 0 to 1024 executing program [ 169.459290][ T4039] loop0: detected capacity change from 0 to 1024 [ 169.497967][ T4039] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 169.549188][ T4040] loop0: detected capacity change from 0 to 1024 [ 169.587955][ T4040] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 169.647099][ T4041] loop0: detected capacity change from 0 to 1024 [ 169.688241][ T4041] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 169.786462][ T4042] loop0: detected capacity change from 0 to 1024 executing program [ 169.878922][ T4043] loop0: detected capacity change from 0 to 1024 executing program [ 170.009280][ T4044] loop0: detected capacity change from 0 to 1024 [ 170.057999][ T4044] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 170.106587][ T4045] loop0: detected capacity change from 0 to 1024 [ 170.148045][ T4045] loop_set_block_size: loop0 () has still dirty pages (nrpages=4) executing program [ 170.206847][ T4046] loop0: detected capacity change from 0 to 1024 [ 170.258085][ T4046] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 170.317140][ T4047] loop0: detected capacity change from 0 to 1024 executing program [ 170.410506][ T4048] loop0: detected capacity change from 0 to 1024 [ 170.438187][ T4048] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 170.509112][ T4049] loop0: detected capacity change from 0 to 1024 [ 170.548156][ T4049] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 170.627414][ T4050] loop0: detected capacity change from 0 to 1024 executing program [ 170.719157][ T4051] loop0: detected capacity change from 0 to 1024 [ 170.758186][ T4051] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 170.810121][ T4052] loop0: detected capacity change from 0 to 1024 [ 170.858167][ T4052] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 170.937513][ T4053] loop0: detected capacity change from 0 to 1024 [ 170.978092][ T4053] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 171.039506][ T4054] loop0: detected capacity change from 0 to 1024 [ 171.087987][ T4054] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 171.135706][ T4055] loop0: detected capacity change from 0 to 1024 [ 171.187904][ T4055] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 171.239159][ T4056] loop0: detected capacity change from 0 to 1024 [ 171.277940][ T4056] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 171.326083][ T4057] loop0: detected capacity change from 0 to 1024 [ 171.358002][ T4057] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 171.409525][ T4058] loop0: detected capacity change from 0 to 1024 [ 171.447919][ T4058] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 171.508518][ T4059] loop0: detected capacity change from 0 to 1024 [ 171.547914][ T4059] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 171.589203][ T4060] loop0: detected capacity change from 0 to 1024 [ 171.638032][ T4060] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 171.709091][ T4061] loop0: detected capacity change from 0 to 1024 executing program [ 171.838383][ T4062] loop0: detected capacity change from 0 to 1024 [ 171.877924][ T4062] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 171.929353][ T4063] loop0: detected capacity change from 0 to 1024 [ 171.968077][ T4063] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 172.026998][ T4064] loop0: detected capacity change from 0 to 1024 executing program [ 172.129024][ T4065] loop0: detected capacity change from 0 to 1024 [ 172.167924][ T4065] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 172.227003][ T4066] loop0: detected capacity change from 0 to 1024 [ 172.268099][ T4066] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 172.327022][ T4067] loop0: detected capacity change from 0 to 1024 executing program [ 172.428505][ T4068] loop0: detected capacity change from 0 to 1024 executing program [ 172.518258][ T4069] loop0: detected capacity change from 0 to 1024 executing program [ 172.609401][ T4070] loop0: detected capacity change from 0 to 1024 [ 172.657890][ T4070] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 172.709208][ T4071] loop0: detected capacity change from 0 to 1024 [ 172.748050][ T4071] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 172.799148][ T4072] loop0: detected capacity change from 0 to 1024 [ 172.837945][ T4072] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 172.891023][ T4073] loop0: detected capacity change from 0 to 1024 [ 172.927967][ T4073] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 172.989432][ T4074] loop0: detected capacity change from 0 to 1024 [ 173.037922][ T4074] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 173.110967][ T4075] loop0: detected capacity change from 0 to 1024 executing program [ 173.169207][ T4076] loop0: detected capacity change from 0 to 1024 executing program [ 173.267227][ T4077] loop0: detected capacity change from 0 to 1024 [ 173.308125][ T4077] loop_set_block_size: loop0 () has still dirty pages (nrpages=3) executing program [ 173.366606][ T4078] loop0: detected capacity change from 0 to 1024 [ 173.448098][ T4078] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 173.499446][ T4079] loop0: detected capacity change from 0 to 1024 [ 173.537935][ T4079] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 173.589993][ T4080] loop0: detected capacity change from 0 to 1024 [ 173.658135][ T4080] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 173.719165][ T4081] loop0: detected capacity change from 0 to 1024 [ 173.758159][ T4081] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 173.836974][ T4082] loop0: detected capacity change from 0 to 1024 [ 173.868107][ T4082] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 173.927073][ T4083] loop0: detected capacity change from 0 to 1024 executing program [ 174.019473][ T4084] loop0: detected capacity change from 0 to 1024