Warning: Permanently added '10.128.1.54' (ED25519) to the list of known hosts. Setting up swapspace version 1, size = 127995904 bytes [ 40.922699][ T3965] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS executing program [ 40.992324][ T3969] loop0: detected capacity change from 0 to 1024 [ 41.088838][ T3969] hfsplus: request for non-existent node 3 in B*Tree [ 41.090784][ T3969] hfsplus: request for non-existent node 3 in B*Tree [ 41.146441][ T388] ================================================================== [ 41.148649][ T388] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x834/0xffc [ 41.150881][ T388] Read of size 2048 at addr ffff0000d5b9c000 by task kworker/u4:4/388 [ 41.153053][ T388] [ 41.153667][ T388] CPU: 1 PID: 388 Comm: kworker/u4:4 Not tainted 5.15.160-syzkaller #0 [ 41.155829][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 41.158463][ T388] Workqueue: loop0 loop_rootcg_workfn [ 41.159872][ T388] Call trace: [ 41.160695][ T388] dump_backtrace+0x0/0x530 [ 41.161882][ T388] show_stack+0x2c/0x3c [ 41.162961][ T388] dump_stack_lvl+0x108/0x170 [ 41.164177][ T388] print_address_description+0x7c/0x3f0 [ 41.165602][ T388] kasan_report+0x174/0x1e4 [ 41.166750][ T388] kasan_check_range+0x274/0x2b4 [ 41.168078][ T388] memcpy+0x90/0xe8 [ 41.169047][ T388] copy_page_from_iter_atomic+0x834/0xffc [ 41.170508][ T388] generic_perform_write+0x2d0/0x520 [ 41.171906][ T388] __generic_file_write_iter+0x230/0x454 [ 41.173319][ T388] generic_file_write_iter+0xb4/0x1b8 [ 41.174709][ T388] do_iter_readv_writev+0x420/0x5f8 [ 41.176004][ T388] do_iter_write+0x1b8/0x664 [ 41.177178][ T388] vfs_iter_write+0x88/0xac [ 41.178353][ T388] lo_write_bvec+0x394/0xb4c [ 41.179497][ T388] loop_process_work+0x1f24/0x2798 [ 41.180766][ T388] loop_rootcg_workfn+0x28/0x38 [ 41.182027][ T388] process_one_work+0x790/0x11b8 [ 41.183274][ T388] worker_thread+0x910/0x1034 [ 41.184518][ T388] kthread+0x37c/0x45c [ 41.185542][ T388] ret_from_fork+0x10/0x20 [ 41.186727][ T388] [ 41.187333][ T388] Allocated by task 3969: [ 41.188422][ T388] ____kasan_kmalloc+0xbc/0xfc [ 41.189651][ T388] __kasan_kmalloc+0x10/0x1c [ 41.190880][ T388] __kmalloc+0x29c/0x4c8 [ 41.192009][ T388] hfsplus_read_wrapper+0x3b8/0xfc8 [ 41.193359][ T388] hfsplus_fill_super+0x2f0/0x167c [ 41.194683][ T388] mount_bdev+0x274/0x370 [ 41.195792][ T388] hfsplus_mount+0x44/0x58 [ 41.196947][ T388] legacy_get_tree+0xd4/0x16c [ 41.198181][ T388] vfs_get_tree+0x90/0x274 [ 41.199301][ T388] do_new_mount+0x278/0x8fc [ 41.200497][ T388] path_mount+0x594/0x101c [ 41.201644][ T388] __arm64_sys_mount+0x510/0x5e0 [ 41.202937][ T388] invoke_syscall+0x98/0x2b8 [ 41.204108][ T388] el0_svc_common+0x138/0x258 [ 41.205292][ T388] do_el0_svc+0x58/0x14c [ 41.206488][ T388] el0_svc+0x7c/0x1f0 [ 41.207514][ T388] el0t_64_sync_handler+0x84/0xe4 [ 41.208795][ T388] el0t_64_sync+0x1a0/0x1a4 [ 41.210044][ T388] [ 41.210652][ T388] The buggy address belongs to the object at ffff0000d5b9c000 [ 41.210652][ T388] which belongs to the cache kmalloc-512 of size 512 [ 41.214515][ T388] The buggy address is located 0 bytes inside of [ 41.214515][ T388] 512-byte region [ffff0000d5b9c000, ffff0000d5b9c200) [ 41.217837][ T388] The buggy address belongs to the page: [ 41.219073][ T388] page:0000000006416830 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115b9c [ 41.221317][ T388] head:0000000006416830 order:2 compound_mapcount:0 compound_pincount:0 [ 41.223394][ T388] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 41.225451][ T388] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 41.227712][ T388] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 41.229990][ T388] page dumped because: kasan: bad access detected [ 41.231621][ T388] [ 41.232325][ T388] Memory state around the buggy address: [ 41.233802][ T388] ffff0000d5b9c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.236000][ T388] ffff0000d5b9c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.238347][ T388] >ffff0000d5b9c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.240471][ T388] ^ [ 41.241589][ T388] ffff0000d5b9c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.243827][ T388] ffff0000d5b9c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.245969][ T388] ================================================================== [ 41.248130][ T388] Disabling lock debugging due to kernel taint