Warning: Permanently added '10.128.0.171' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.266043][ T4216] loop0: detected capacity change from 0 to 1024 [ 38.337768][ T39] ================================================================== [ 38.339878][ T39] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x9a4/0x1104 [ 38.341983][ T39] Read of size 1024 at addr ffff0000d97c8c00 by task kworker/u4:2/39 [ 38.344063][ T39] [ 38.344666][ T39] CPU: 0 PID: 39 Comm: kworker/u4:2 Not tainted 6.1.27-syzkaller #0 [ 38.346908][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 [ 38.349572][ T39] Workqueue: loop0 loop_rootcg_workfn [ 38.350939][ T39] Call trace: [ 38.351779][ T39] dump_backtrace+0x1c8/0x1f4 [ 38.353029][ T39] show_stack+0x2c/0x3c [ 38.354130][ T39] dump_stack_lvl+0x108/0x170 [ 38.355346][ T39] print_report+0x174/0x4c0 [ 38.356551][ T39] kasan_report+0xd4/0x130 [ 38.357737][ T39] kasan_check_range+0x264/0x2a4 [ 38.359065][ T39] memcpy+0x48/0x90 [ 38.360058][ T39] copy_page_from_iter_atomic+0x9a4/0x1104 [ 38.361606][ T39] generic_perform_write+0x2fc/0x55c [ 38.362914][ T39] __generic_file_write_iter+0x168/0x388 [ 38.364440][ T39] generic_file_write_iter+0xb8/0x2b4 [ 38.365859][ T39] do_iter_write+0x534/0x964 [ 38.367098][ T39] vfs_iter_write+0x88/0xac [ 38.368329][ T39] loop_process_work+0x15fc/0x256c [ 38.369636][ T39] loop_rootcg_workfn+0x28/0x38 [ 38.370901][ T39] process_one_work+0x7ac/0x1404 [ 38.372248][ T39] worker_thread+0x8e4/0xfec [ 38.373484][ T39] kthread+0x250/0x2d8 [ 38.374574][ T39] ret_from_fork+0x10/0x20 [ 38.375786][ T39] [ 38.376385][ T39] Allocated by task 4216: [ 38.377559][ T39] kasan_set_track+0x4c/0x80 [ 38.378666][ T39] kasan_save_alloc_info+0x24/0x30 [ 38.380029][ T39] __kasan_kmalloc+0xac/0xc4 [ 38.381230][ T39] __kmalloc+0xd8/0x1c4 [ 38.382294][ T39] hfsplus_read_wrapper+0x3ac/0xfcc [ 38.383692][ T39] hfsplus_fill_super+0x2f0/0x166c [ 38.385092][ T39] mount_bdev+0x26c/0x368 [ 38.386295][ T39] hfsplus_mount+0x44/0x58 [ 38.387443][ T39] legacy_get_tree+0xd4/0x16c [ 38.388752][ T39] vfs_get_tree+0x90/0x274 [ 38.389947][ T39] do_new_mount+0x25c/0x8c8 [ 38.391134][ T39] path_mount+0x590/0xe58 [ 38.392180][ T39] __arm64_sys_mount+0x45c/0x594 [ 38.393482][ T39] invoke_syscall+0x98/0x2c0 [ 38.394665][ T39] el0_svc_common+0x138/0x258 [ 38.395869][ T39] do_el0_svc+0x64/0x218 [ 38.396944][ T39] el0_svc+0x58/0x168 [ 38.397964][ T39] el0t_64_sync_handler+0x84/0xf0 [ 38.399336][ T39] el0t_64_sync+0x18c/0x190 [ 38.400548][ T39] [ 38.401176][ T39] The buggy address belongs to the object at ffff0000d97c8c00 [ 38.401176][ T39] which belongs to the cache kmalloc-512 of size 512 [ 38.404918][ T39] The buggy address is located 0 bytes inside of [ 38.404918][ T39] 512-byte region [ffff0000d97c8c00, ffff0000d97c8e00) [ 38.408360][ T39] [ 38.408986][ T39] The buggy address belongs to the physical page: [ 38.410702][ T39] page:000000006877335d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1197c8 [ 38.413328][ T39] head:000000006877335d order:2 compound_mapcount:0 compound_pincount:0 [ 38.415563][ T39] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 38.417664][ T39] raw: 05ffc00000010200 0000000000000000 dead000000000001 ffff0000c0002600 [ 38.419902][ T39] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 38.422148][ T39] page dumped because: kasan: bad access detected [ 38.423913][ T39] [ 38.424512][ T39] Memory state around the buggy address: [ 38.425958][ T39] ffff0000d97c8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.428084][ T39] ffff0000d97c8d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.430115][ T39] >ffff0000d97c8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.432205][ T39] ^ [ 38.433213][ T39] ffff0000d97c8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.435378][ T39] ffff0000d97c8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.437552][ T39] ================================================================== [ 38.439704][ T39] Disabling lock debugging due to kernel taint