Warning: Permanently added '10.128.1.23' (ED25519) to the list of known hosts. executing program [ 43.612405][ T3961] loop0: detected capacity change from 0 to 1024 [ 43.656542][ T3961] ======================================================= [ 43.656542][ T3961] WARNING: The mand mount option has been deprecated and [ 43.656542][ T3961] and is ignored by this kernel. Remove the mand [ 43.656542][ T3961] option from the mount to silence this warning. [ 43.656542][ T3961] ======================================================= [ 43.757859][ T136] ================================================================== [ 43.760138][ T136] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x834/0xffc [ 43.762447][ T136] Read of size 2048 at addr ffff0000d17ad400 by task kworker/u4:1/136 [ 43.764625][ T136] [ 43.765239][ T136] CPU: 1 PID: 136 Comm: kworker/u4:1 Not tainted 5.15.152-syzkaller #0 [ 43.767354][ T136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 43.770013][ T136] Workqueue: loop0 loop_rootcg_workfn [ 43.771470][ T136] Call trace: [ 43.772344][ T136] dump_backtrace+0x0/0x530 [ 43.773548][ T136] show_stack+0x2c/0x3c [ 43.774635][ T136] dump_stack_lvl+0x108/0x170 [ 43.775884][ T136] print_address_description+0x7c/0x3f0 [ 43.777322][ T136] kasan_report+0x174/0x1e4 [ 43.778573][ T136] kasan_check_range+0x274/0x2b4 [ 43.779860][ T136] memcpy+0x90/0xe8 [ 43.780844][ T136] copy_page_from_iter_atomic+0x834/0xffc [ 43.782438][ T136] generic_perform_write+0x2d0/0x520 [ 43.783803][ T136] __generic_file_write_iter+0x230/0x454 [ 43.785256][ T136] generic_file_write_iter+0xb4/0x1b8 [ 43.786644][ T136] do_iter_readv_writev+0x420/0x5f8 [ 43.788130][ T136] do_iter_write+0x1b8/0x664 [ 43.789364][ T136] vfs_iter_write+0x88/0xac [ 43.790594][ T136] lo_write_bvec+0x394/0xb4c [ 43.791843][ T136] loop_process_work+0x1f24/0x2798 [ 43.793196][ T136] loop_rootcg_workfn+0x28/0x38 [ 43.794508][ T136] process_one_work+0x790/0x11b8 [ 43.795861][ T136] worker_thread+0x910/0x1034 [ 43.797086][ T136] kthread+0x37c/0x45c [ 43.798162][ T136] ret_from_fork+0x10/0x20 [ 43.799296][ T136] [ 43.799880][ T136] Allocated by task 3961: [ 43.801048][ T136] ____kasan_kmalloc+0xbc/0xfc [ 43.802322][ T136] __kasan_kmalloc+0x10/0x1c [ 43.803558][ T136] __kmalloc+0x29c/0x4c8 [ 43.804657][ T136] hfsplus_read_wrapper+0x3b8/0xfc8 [ 43.805986][ T136] hfsplus_fill_super+0x2f0/0x167c [ 43.807367][ T136] mount_bdev+0x274/0x370 [ 43.808540][ T136] hfsplus_mount+0x44/0x58 [ 43.809706][ T136] legacy_get_tree+0xd4/0x16c [ 43.810898][ T136] vfs_get_tree+0x90/0x274 [ 43.812078][ T136] do_new_mount+0x278/0x8fc [ 43.813277][ T136] path_mount+0x594/0x101c [ 43.814425][ T136] __arm64_sys_mount+0x510/0x5e0 [ 43.815700][ T136] invoke_syscall+0x98/0x2b8 [ 43.816942][ T136] el0_svc_common+0x138/0x258 [ 43.818170][ T136] do_el0_svc+0x58/0x14c [ 43.819277][ T136] el0_svc+0x7c/0x1f0 [ 43.820328][ T136] el0t_64_sync_handler+0x84/0xe4 [ 43.821667][ T136] el0t_64_sync+0x1a0/0x1a4 [ 43.822850][ T136] [ 43.823450][ T136] The buggy address belongs to the object at ffff0000d17ad400 [ 43.823450][ T136] which belongs to the cache kmalloc-512 of size 512 [ 43.827110][ T136] The buggy address is located 0 bytes inside of [ 43.827110][ T136] 512-byte region [ffff0000d17ad400, ffff0000d17ad600) [ 43.830650][ T136] The buggy address belongs to the page: [ 43.832048][ T136] page:000000000fc12783 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1117ac [ 43.834729][ T136] head:000000000fc12783 order:2 compound_mapcount:0 compound_pincount:0 [ 43.836891][ T136] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 43.838922][ T136] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 43.841161][ T136] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 43.843348][ T136] page dumped because: kasan: bad access detected [ 43.845044][ T136] [ 43.845672][ T136] Memory state around the buggy address: [ 43.847158][ T136] ffff0000d17ad500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.849305][ T136] ffff0000d17ad580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.851381][ T136] >ffff0000d17ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.853412][ T136] ^ [ 43.854490][ T136] ffff0000d17ad680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.856597][ T136] ffff0000d17ad700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.858681][ T136] ================================================================== [ 43.860716][ T136] Disabling lock debugging due to kernel taint