Warning: Permanently added '10.128.1.136' (ED25519) to the list of known hosts. executing program [ 28.280851][ T6167] loop0: detected capacity change from 0 to 1024 [ 28.346474][ T5068] ================================================================== [ 28.348597][ T5068] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0xa68/0x17c0 [ 28.350709][ T5068] Read of size 2048 at addr ffff0000d2615400 by task kworker/u4:7/5068 [ 28.352773][ T5068] [ 28.353365][ T5068] CPU: 1 PID: 5068 Comm: kworker/u4:7 Tainted: G B 6.8.0-rc6-syzkaller-g381f163531d8 #0 [ 28.356307][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 28.358866][ T5068] Workqueue: loop0 loop_rootcg_workfn [ 28.360176][ T5068] Call trace: [ 28.361035][ T5068] dump_backtrace+0x1b8/0x1e4 [ 28.362273][ T5068] show_stack+0x2c/0x3c [ 28.363340][ T5068] dump_stack_lvl+0xd0/0x124 [ 28.364529][ T5068] print_report+0x178/0x518 [ 28.365726][ T5068] kasan_report+0xd8/0x138 [ 28.366889][ T5068] kasan_check_range+0x254/0x294 [ 28.368168][ T5068] __asan_memcpy+0x3c/0x84 [ 28.369281][ T5068] copy_page_from_iter_atomic+0xa68/0x17c0 [ 28.370816][ T5068] generic_perform_write+0x310/0x588 [ 28.372115][ T5068] shmem_file_write_iter+0x110/0x138 [ 28.373495][ T5068] do_iter_readv_writev+0x38c/0x540 [ 28.374776][ T5068] vfs_iter_write+0x31c/0x6b8 [ 28.376009][ T5068] loop_process_work+0x1128/0x1d80 [ 28.377326][ T5068] loop_rootcg_workfn+0x28/0x38 [ 28.378646][ T5068] process_one_work+0x694/0x1204 [ 28.379978][ T5068] worker_thread+0x938/0xef4 [ 28.381307][ T5068] kthread+0x288/0x310 [ 28.382407][ T5068] ret_from_fork+0x10/0x20 [ 28.383662][ T5068] [ 28.384268][ T5068] Allocated by task 6167: [ 28.385463][ T5068] kasan_save_track+0x40/0x78 [ 28.386761][ T5068] kasan_save_alloc_info+0x70/0x84 [ 28.388127][ T5068] __kasan_kmalloc+0xac/0xc4 [ 28.389280][ T5068] __kmalloc+0x2bc/0x5d4 [ 28.390381][ T5068] hfsplus_read_wrapper+0x3ac/0xfcc [ 28.391687][ T5068] hfsplus_fill_super+0x2f0/0x166c [ 28.393067][ T5068] mount_bdev+0x1d4/0x2a0 [ 28.394245][ T5068] hfsplus_mount+0x44/0x58 [ 28.395343][ T5068] legacy_get_tree+0xd4/0x16c [ 28.396641][ T5068] vfs_get_tree+0x90/0x288 [ 28.397736][ T5068] do_new_mount+0x278/0x900 [ 28.398899][ T5068] path_mount+0x590/0xe04 [ 28.399960][ T5068] __arm64_sys_mount+0x45c/0x594 [ 28.401276][ T5068] invoke_syscall+0x98/0x2b8 [ 28.402513][ T5068] el0_svc_common+0x130/0x23c [ 28.403730][ T5068] do_el0_svc+0x48/0x58 [ 28.404856][ T5068] el0_svc+0x54/0x168 [ 28.405928][ T5068] el0t_64_sync_handler+0x84/0xfc [ 28.407226][ T5068] el0t_64_sync+0x190/0x194 [ 28.408401][ T5068] [ 28.409025][ T5068] The buggy address belongs to the object at ffff0000d2615400 [ 28.409025][ T5068] which belongs to the cache kmalloc-512 of size 512 [ 28.412759][ T5068] The buggy address is located 0 bytes inside of [ 28.412759][ T5068] allocated 512-byte region [ffff0000d2615400, ffff0000d2615600) [ 28.416335][ T5068] [ 28.416967][ T5068] The buggy address belongs to the physical page: [ 28.418591][ T5068] page:000000001c3bc4cc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112614 [ 28.421272][ T5068] head:000000001c3bc4cc order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.423599][ T5068] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 28.425732][ T5068] page_type: 0xffffffff() [ 28.426835][ T5068] raw: 05ffc00000000840 ffff0000c0001c80 fffffdffc35aae00 0000000000000002 [ 28.429063][ T5068] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 28.431299][ T5068] page dumped because: kasan: bad access detected [ 28.432969][ T5068] [ 28.433576][ T5068] Memory state around the buggy address: [ 28.435015][ T5068] ffff0000d2615500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.437267][ T5068] ffff0000d2615580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.439379][ T5068] >ffff0000d2615600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.441522][ T5068] ^ [ 28.442644][ T5068] ffff0000d2615680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.444734][ T5068] ffff0000d2615700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.446792][ T5068] ==================================================================