Warning: Permanently added '10.128.1.27' (ED25519) to the list of known hosts. executing program [ 35.901008][ T4224] loop0: detected capacity change from 0 to 1024 [ 35.959879][ T279] ================================================================== [ 35.962090][ T279] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x9a4/0x1104 [ 35.964378][ T279] Read of size 2048 at addr ffff0000d0e7b000 by task kworker/u4:4/279 [ 35.966573][ T279] [ 35.967221][ T279] CPU: 0 PID: 279 Comm: kworker/u4:4 Not tainted 6.1.78-syzkaller #0 [ 35.969479][ T279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 35.972294][ T279] Workqueue: loop0 loop_rootcg_workfn [ 35.973733][ T279] Call trace: [ 35.974582][ T279] dump_backtrace+0x1c8/0x1f4 [ 35.975886][ T279] show_stack+0x2c/0x3c [ 35.977056][ T279] dump_stack_lvl+0x108/0x170 [ 35.978357][ T279] print_report+0x174/0x4c0 [ 35.979603][ T279] kasan_report+0xd4/0x130 [ 35.980737][ T279] kasan_check_range+0x264/0x2a4 [ 35.982116][ T279] memcpy+0x48/0x90 [ 35.983113][ T279] copy_page_from_iter_atomic+0x9a4/0x1104 [ 35.984708][ T279] generic_perform_write+0x2fc/0x55c [ 35.986105][ T279] __generic_file_write_iter+0x168/0x388 [ 35.987662][ T279] generic_file_write_iter+0xb8/0x2b4 [ 35.989136][ T279] do_iter_write+0x534/0x964 [ 35.990382][ T279] vfs_iter_write+0x88/0xac [ 35.991569][ T279] loop_process_work+0x15b4/0x24a4 [ 35.992960][ T279] loop_rootcg_workfn+0x28/0x38 [ 35.994295][ T279] process_one_work+0x7ac/0x1404 [ 35.995619][ T279] worker_thread+0x8e4/0xfec [ 35.996882][ T279] kthread+0x250/0x2d8 [ 35.998009][ T279] ret_from_fork+0x10/0x20 [ 35.999267][ T279] [ 35.999919][ T279] Allocated by task 4224: [ 36.001123][ T279] kasan_set_track+0x4c/0x80 [ 36.002426][ T279] kasan_save_alloc_info+0x24/0x30 [ 36.003783][ T279] __kasan_kmalloc+0xac/0xc4 [ 36.005087][ T279] __kmalloc+0xd8/0x1c4 [ 36.006253][ T279] hfsplus_read_wrapper+0x3ac/0xfcc [ 36.007771][ T279] hfsplus_fill_super+0x2f0/0x166c [ 36.009166][ T279] mount_bdev+0x274/0x370 [ 36.010340][ T279] hfsplus_mount+0x44/0x58 [ 36.011539][ T279] legacy_get_tree+0xd4/0x16c [ 36.012849][ T279] vfs_get_tree+0x90/0x274 [ 36.014009][ T279] do_new_mount+0x278/0x8fc [ 36.015303][ T279] path_mount+0x590/0xe5c [ 36.016467][ T279] __arm64_sys_mount+0x45c/0x594 [ 36.017817][ T279] invoke_syscall+0x98/0x2c0 [ 36.019059][ T279] el0_svc_common+0x138/0x258 [ 36.020317][ T279] do_el0_svc+0x64/0x218 [ 36.021472][ T279] el0_svc+0x58/0x168 [ 36.022538][ T279] el0t_64_sync_handler+0x84/0xf0 [ 36.023951][ T279] el0t_64_sync+0x18c/0x190 [ 36.025183][ T279] [ 36.025807][ T279] The buggy address belongs to the object at ffff0000d0e7b000 [ 36.025807][ T279] which belongs to the cache kmalloc-512 of size 512 [ 36.029834][ T279] The buggy address is located 0 bytes inside of [ 36.029834][ T279] 512-byte region [ffff0000d0e7b000, ffff0000d0e7b200) [ 36.033522][ T279] [ 36.034160][ T279] The buggy address belongs to the physical page: [ 36.035976][ T279] page:00000000c87e6fd9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110e78 [ 36.038773][ T279] head:00000000c87e6fd9 order:2 compound_mapcount:0 compound_pincount:0 [ 36.041112][ T279] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 36.043269][ T279] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 36.045725][ T279] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 36.048063][ T279] page dumped because: kasan: bad access detected [ 36.049757][ T279] [ 36.050377][ T279] Memory state around the buggy address: [ 36.051901][ T279] ffff0000d0e7b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.054121][ T279] ffff0000d0e7b180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.056362][ T279] >ffff0000d0e7b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.058587][ T279] ^ [ 36.059772][ T279] ffff0000d0e7b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.061955][ T279] ffff0000d0e7b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.064203][ T279] ================================================================== [ 36.066514][ T279] Disabling lock debugging due to kernel taint