[ 15.081178][ T3896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.084491][ T3896] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.130854][ T1636] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.133725][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts. executing program syzkaller login: [ 34.334984][ T4221] loop0: detected capacity change from 0 to 1024 [ 34.355418][ T4221] hfsplus: request for non-existent node 3 in B*Tree [ 34.357120][ T4221] hfsplus: request for non-existent node 3 in B*Tree [ 34.413782][ T1636] ================================================================== [ 34.415381][ T1636] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x9a4/0x1104 [ 34.417322][ T1636] Read of size 1024 at addr ffff0000d1e70c00 by task kworker/u4:4/1636 [ 34.419069][ T1636] [ 34.419557][ T1636] CPU: 0 PID: 1636 Comm: kworker/u4:4 Not tainted 6.1.83-syzkaller #0 [ 34.421309][ T1636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.423594][ T1636] Workqueue: loop0 loop_rootcg_workfn [ 34.424711][ T1636] Call trace: [ 34.425394][ T1636] dump_backtrace+0x1c8/0x1f4 [ 34.426407][ T1636] show_stack+0x2c/0x3c [ 34.427320][ T1636] dump_stack_lvl+0x108/0x170 [ 34.428287][ T1636] print_report+0x174/0x4c0 [ 34.429288][ T1636] kasan_report+0xd4/0x130 [ 34.430270][ T1636] kasan_check_range+0x264/0x2a4 [ 34.431349][ T1636] memcpy+0x48/0x90 [ 34.432219][ T1636] copy_page_from_iter_atomic+0x9a4/0x1104 [ 34.433609][ T1636] generic_perform_write+0x2fc/0x55c [ 34.434801][ T1636] __generic_file_write_iter+0x168/0x388 [ 34.435976][ T1636] generic_file_write_iter+0xb8/0x2b4 [ 34.437128][ T1636] do_iter_write+0x534/0x964 [ 34.438214][ T1636] vfs_iter_write+0x88/0xac [ 34.439248][ T1636] loop_process_work+0x15b4/0x24a4 [ 34.440370][ T1636] loop_rootcg_workfn+0x28/0x38 [ 34.441401][ T1636] process_one_work+0x7ac/0x1404 [ 34.442458][ T1636] worker_thread+0x8e4/0xfec [ 34.443453][ T1636] kthread+0x250/0x2d8 [ 34.444343][ T1636] ret_from_fork+0x10/0x20 [ 34.445261][ T1636] [ 34.445796][ T1636] Allocated by task 4221: [ 34.446767][ T1636] kasan_set_track+0x4c/0x80 [ 34.447807][ T1636] kasan_save_alloc_info+0x24/0x30 [ 34.448907][ T1636] __kasan_kmalloc+0xac/0xc4 [ 34.449904][ T1636] __kmalloc+0xd8/0x1c4 [ 34.450804][ T1636] hfsplus_read_wrapper+0x3ac/0xfcc [ 34.451993][ T1636] hfsplus_fill_super+0x2f0/0x166c [ 34.453140][ T1636] mount_bdev+0x274/0x370 [ 34.454099][ T1636] hfsplus_mount+0x44/0x58 [ 34.455102][ T1636] legacy_get_tree+0xd4/0x16c [ 34.456128][ T1636] vfs_get_tree+0x90/0x274 [ 34.457068][ T1636] do_new_mount+0x278/0x8fc [ 34.458034][ T1636] path_mount+0x590/0xe5c [ 34.458989][ T1636] __arm64_sys_mount+0x45c/0x594 [ 34.460048][ T1636] invoke_syscall+0x98/0x2c0 [ 34.461087][ T1636] el0_svc_common+0x138/0x258 [ 34.462094][ T1636] do_el0_svc+0x64/0x218 [ 34.463046][ T1636] el0_svc+0x58/0x168 [ 34.463935][ T1636] el0t_64_sync_handler+0x84/0xf0 [ 34.465008][ T1636] el0t_64_sync+0x18c/0x190 [ 34.466017][ T1636] [ 34.466565][ T1636] The buggy address belongs to the object at ffff0000d1e70c00 [ 34.466565][ T1636] which belongs to the cache kmalloc-512 of size 512 [ 34.469781][ T1636] The buggy address is located 0 bytes inside of [ 34.469781][ T1636] 512-byte region [ffff0000d1e70c00, ffff0000d1e70e00) [ 34.472569][ T1636] [ 34.473072][ T1636] The buggy address belongs to the physical page: [ 34.474433][ T1636] page:000000004db81790 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111e70 [ 34.476707][ T1636] head:000000004db81790 order:2 compound_mapcount:0 compound_pincount:0 [ 34.478533][ T1636] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 34.480265][ T1636] raw: 05ffc00000010200 0000000000000000 dead000000000001 ffff0000c0002600 [ 34.482128][ T1636] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 34.483926][ T1636] page dumped because: kasan: bad access detected [ 34.485343][ T1636] [ 34.485858][ T1636] Memory state around the buggy address: [ 34.487080][ T1636] ffff0000d1e70d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.488819][ T1636] ffff0000d1e70d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.490596][ T1636] >ffff0000d1e70e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.492377][ T1636] ^ [ 34.493338][ T1636] ffff0000d1e70e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.495051][ T1636] ffff0000d1e70f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.496810][ T1636] ================================================================== [ 34.498747][ T1636] Disabling lock debugging due to kernel taint