Warning: Permanently added '10.128.10.8' (ED25519) to the list of known hosts. executing program [ 46.109154][ T4221] loop0: detected capacity change from 0 to 1024 [ 46.112565][ T4221] ======================================================= [ 46.112565][ T4221] WARNING: The mand mount option has been deprecated and [ 46.112565][ T4221] and is ignored by this kernel. Remove the mand [ 46.112565][ T4221] option from the mount to silence this warning. [ 46.112565][ T4221] ======================================================= [ 46.178934][ T58] ================================================================== [ 46.181044][ T58] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x9a4/0x1104 [ 46.183384][ T58] Read of size 2048 at addr ffff0000c95d8400 by task kworker/u4:3/58 [ 46.185599][ T58] [ 46.186260][ T58] CPU: 1 PID: 58 Comm: kworker/u4:3 Not tainted 6.1.82-syzkaller #0 [ 46.188352][ T58] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 46.190977][ T58] Workqueue: loop0 loop_rootcg_workfn [ 46.192451][ T58] Call trace: [ 46.193345][ T58] dump_backtrace+0x1c8/0x1f4 [ 46.194534][ T58] show_stack+0x2c/0x3c [ 46.195602][ T58] dump_stack_lvl+0x108/0x170 [ 46.196907][ T58] print_report+0x174/0x4c0 [ 46.198098][ T58] kasan_report+0xd4/0x130 [ 46.199306][ T58] kasan_check_range+0x264/0x2a4 [ 46.200627][ T58] memcpy+0x48/0x90 [ 46.201644][ T58] copy_page_from_iter_atomic+0x9a4/0x1104 [ 46.203240][ T58] generic_perform_write+0x2fc/0x55c [ 46.204638][ T58] __generic_file_write_iter+0x168/0x388 [ 46.206128][ T58] generic_file_write_iter+0xb8/0x2b4 [ 46.207581][ T58] do_iter_write+0x534/0x964 [ 46.208762][ T58] vfs_iter_write+0x88/0xac [ 46.209977][ T58] loop_process_work+0x15b4/0x24a4 [ 46.211331][ T58] loop_rootcg_workfn+0x28/0x38 [ 46.212637][ T58] process_one_work+0x7ac/0x1404 [ 46.214008][ T58] worker_thread+0x8e4/0xfec [ 46.215252][ T58] kthread+0x250/0x2d8 [ 46.216418][ T58] ret_from_fork+0x10/0x20 [ 46.217566][ T58] [ 46.218141][ T58] Allocated by task 4221: [ 46.219231][ T58] kasan_set_track+0x4c/0x80 [ 46.220386][ T58] kasan_save_alloc_info+0x24/0x30 [ 46.221739][ T58] __kasan_kmalloc+0xac/0xc4 [ 46.222949][ T58] __kmalloc+0xd8/0x1c4 [ 46.224054][ T58] hfsplus_read_wrapper+0x3ac/0xfcc [ 46.225415][ T58] hfsplus_fill_super+0x2f0/0x166c [ 46.226753][ T58] mount_bdev+0x274/0x370 [ 46.227942][ T58] hfsplus_mount+0x44/0x58 [ 46.229075][ T58] legacy_get_tree+0xd4/0x16c [ 46.230336][ T58] vfs_get_tree+0x90/0x274 [ 46.231504][ T58] do_new_mount+0x278/0x8fc [ 46.232662][ T58] path_mount+0x590/0xe5c [ 46.233779][ T58] __arm64_sys_mount+0x45c/0x594 [ 46.235130][ T58] invoke_syscall+0x98/0x2c0 [ 46.236397][ T58] el0_svc_common+0x138/0x258 [ 46.237683][ T58] do_el0_svc+0x64/0x218 [ 46.238844][ T58] el0_svc+0x58/0x168 [ 46.239908][ T58] el0t_64_sync_handler+0x84/0xf0 [ 46.241242][ T58] el0t_64_sync+0x18c/0x190 [ 46.242437][ T58] [ 46.243064][ T58] The buggy address belongs to the object at ffff0000c95d8400 [ 46.243064][ T58] which belongs to the cache kmalloc-512 of size 512 [ 46.246719][ T58] The buggy address is located 0 bytes inside of [ 46.246719][ T58] 512-byte region [ffff0000c95d8400, ffff0000c95d8600) [ 46.250188][ T58] [ 46.250801][ T58] The buggy address belongs to the physical page: [ 46.252586][ T58] page:00000000b6381fcf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1095d8 [ 46.255432][ T58] head:00000000b6381fcf order:2 compound_mapcount:0 compound_pincount:0 [ 46.257601][ T58] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 46.259778][ T58] raw: 05ffc00000010200 0000000000000000 dead000000000001 ffff0000c0002600 [ 46.261974][ T58] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 46.264253][ T58] page dumped because: kasan: bad access detected [ 46.265981][ T58] [ 46.266577][ T58] Memory state around the buggy address: [ 46.267989][ T58] ffff0000c95d8500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.270174][ T58] ffff0000c95d8580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.272354][ T58] >ffff0000c95d8600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.274470][ T58] ^ [ 46.275530][ T58] ffff0000c95d8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.277724][ T58] ffff0000c95d8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.279911][ T58] ================================================================== [ 46.282205][ T58] Disabling lock debugging due to kernel taint