Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts. executing program syzkaller login: [ 31.059658][ T6164] loop0: detected capacity change from 0 to 1024 [ 31.104814][ T4160] ================================================================== [ 31.106940][ T4160] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0xa68/0x17c0 [ 31.109022][ T4160] Read of size 2048 at addr ffff0000d1b82800 by task kworker/u4:10/4160 [ 31.111037][ T4160] [ 31.111607][ T4160] CPU: 0 PID: 4160 Comm: kworker/u4:10 Not tainted 6.8.0-rc6-syzkaller-g9910665503b3 #0 [ 31.113967][ T4160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 31.116530][ T4160] Workqueue: loop0 loop_rootcg_workfn [ 31.117861][ T4160] Call trace: [ 31.118729][ T4160] dump_backtrace+0x1b8/0x1e4 [ 31.119937][ T4160] show_stack+0x2c/0x3c [ 31.120948][ T4160] dump_stack_lvl+0xd0/0x124 [ 31.122086][ T4160] print_report+0x178/0x518 [ 31.123214][ T4160] kasan_report+0xd8/0x138 [ 31.124271][ T4160] kasan_check_range+0x254/0x294 [ 31.125493][ T4160] __asan_memcpy+0x3c/0x84 [ 31.126518][ T4160] copy_page_from_iter_atomic+0xa68/0x17c0 [ 31.127970][ T4160] generic_perform_write+0x310/0x588 [ 31.129419][ T4160] shmem_file_write_iter+0x110/0x138 [ 31.130771][ T4160] do_iter_readv_writev+0x38c/0x540 [ 31.132026][ T4160] vfs_iter_write+0x31c/0x6b8 [ 31.133175][ T4160] loop_process_work+0x1128/0x1d80 [ 31.134447][ T4160] loop_rootcg_workfn+0x28/0x38 [ 31.135673][ T4160] process_one_work+0x694/0x1204 [ 31.136931][ T4160] worker_thread+0x938/0xef4 [ 31.138072][ T4160] kthread+0x288/0x310 [ 31.139152][ T4160] ret_from_fork+0x10/0x20 [ 31.140245][ T4160] [ 31.140817][ T4160] Allocated by task 6164: [ 31.141878][ T4160] kasan_save_track+0x40/0x78 [ 31.143043][ T4160] kasan_save_alloc_info+0x70/0x84 [ 31.144357][ T4160] __kasan_kmalloc+0xac/0xc4 [ 31.145480][ T4160] __kmalloc+0x2bc/0x5d4 [ 31.146504][ T4160] hfsplus_read_wrapper+0x3ac/0xfcc [ 31.147864][ T4160] hfsplus_fill_super+0x2f0/0x166c [ 31.149161][ T4160] mount_bdev+0x1d4/0x2a0 [ 31.150248][ T4160] hfsplus_mount+0x44/0x58 [ 31.151300][ T4160] legacy_get_tree+0xd4/0x16c [ 31.152471][ T4160] vfs_get_tree+0x90/0x288 [ 31.153551][ T4160] do_new_mount+0x278/0x900 [ 31.154756][ T4160] path_mount+0x590/0xe04 [ 31.155858][ T4160] __arm64_sys_mount+0x45c/0x594 [ 31.157068][ T4160] invoke_syscall+0x98/0x2b8 [ 31.158220][ T4160] el0_svc_common+0x130/0x23c [ 31.159423][ T4160] do_el0_svc+0x48/0x58 [ 31.160451][ T4160] el0_svc+0x54/0x168 [ 31.161435][ T4160] el0t_64_sync_handler+0x84/0xfc [ 31.162700][ T4160] el0t_64_sync+0x190/0x194 [ 31.163793][ T4160] [ 31.164353][ T4160] The buggy address belongs to the object at ffff0000d1b82800 [ 31.164353][ T4160] which belongs to the cache kmalloc-512 of size 512 [ 31.167887][ T4160] The buggy address is located 0 bytes inside of [ 31.167887][ T4160] allocated 512-byte region [ffff0000d1b82800, ffff0000d1b82a00) [ 31.171332][ T4160] [ 31.171915][ T4160] The buggy address belongs to the physical page: [ 31.173492][ T4160] page:000000006ed390ff refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111b80 [ 31.176108][ T4160] head:000000006ed390ff order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.178301][ T4160] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 31.180259][ T4160] page_type: 0xffffffff() [ 31.181364][ T4160] raw: 05ffc00000000840 ffff0000c0001c80 fffffdffc3552900 dead000000000002 [ 31.183528][ T4160] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 31.185748][ T4160] page dumped because: kasan: bad access detected [ 31.187368][ T4160] [ 31.187927][ T4160] Memory state around the buggy address: [ 31.189368][ T4160] ffff0000d1b82900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.191368][ T4160] ffff0000d1b82980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.193382][ T4160] >ffff0000d1b82a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.195438][ T4160] ^ [ 31.196452][ T4160] ffff0000d1b82a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.198418][ T4160] ffff0000d1b82b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.200414][ T4160] ================================================================== [ 31.202534][ T4160] Disabling lock debugging due to kernel taint