Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. executing program [ 35.234528][ T4223] loop0: detected capacity change from 0 to 1024 [ 35.237285][ T4223] ======================================================= [ 35.237285][ T4223] WARNING: The mand mount option has been deprecated and [ 35.237285][ T4223] and is ignored by this kernel. Remove the mand [ 35.237285][ T4223] option from the mount to silence this warning. [ 35.237285][ T4223] ======================================================= [ 35.289178][ T188] ================================================================== [ 35.291074][ T188] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x9a4/0x1104 [ 35.293124][ T188] Read of size 2048 at addr ffff0000cbcb6800 by task kworker/u4:3/188 [ 35.295124][ T188] [ 35.295691][ T188] CPU: 1 PID: 188 Comm: kworker/u4:3 Not tainted 6.1.70-syzkaller #0 [ 35.297598][ T188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 35.299979][ T188] Workqueue: loop0 loop_rootcg_workfn [ 35.301219][ T188] Call trace: [ 35.301951][ T188] dump_backtrace+0x1c8/0x1f4 [ 35.303056][ T188] show_stack+0x2c/0x3c [ 35.304051][ T188] dump_stack_lvl+0x108/0x170 [ 35.305166][ T188] print_report+0x174/0x4c0 [ 35.306239][ T188] kasan_report+0xd4/0x130 [ 35.307253][ T188] kasan_check_range+0x264/0x2a4 [ 35.308496][ T188] memcpy+0x48/0x90 [ 35.309298][ T188] copy_page_from_iter_atomic+0x9a4/0x1104 [ 35.310720][ T188] generic_perform_write+0x2fc/0x55c [ 35.311898][ T188] __generic_file_write_iter+0x168/0x388 [ 35.313235][ T188] generic_file_write_iter+0xb8/0x2b4 [ 35.314518][ T188] do_iter_write+0x534/0x964 [ 35.315671][ T188] vfs_iter_write+0x88/0xac [ 35.316815][ T188] loop_process_work+0x15b4/0x24a4 [ 35.318051][ T188] loop_rootcg_workfn+0x28/0x38 [ 35.319215][ T188] process_one_work+0x7ac/0x1404 [ 35.320374][ T188] worker_thread+0x8e4/0xfec [ 35.321525][ T188] kthread+0x250/0x2d8 [ 35.322528][ T188] ret_from_fork+0x10/0x20 [ 35.323546][ T188] [ 35.324094][ T188] Allocated by task 4223: [ 35.325124][ T188] kasan_set_track+0x4c/0x80 [ 35.326258][ T188] kasan_save_alloc_info+0x24/0x30 [ 35.327546][ T188] __kasan_kmalloc+0xac/0xc4 [ 35.328680][ T188] __kmalloc+0xd8/0x1c4 [ 35.329677][ T188] hfsplus_read_wrapper+0x3ac/0xfcc [ 35.330911][ T188] hfsplus_fill_super+0x2f0/0x166c [ 35.332194][ T188] mount_bdev+0x274/0x370 [ 35.333296][ T188] hfsplus_mount+0x44/0x58 [ 35.334345][ T188] legacy_get_tree+0xd4/0x16c [ 35.335497][ T188] vfs_get_tree+0x90/0x274 [ 35.336509][ T188] do_new_mount+0x25c/0x8c4 [ 35.337582][ T188] path_mount+0x590/0xe5c [ 35.338519][ T188] __arm64_sys_mount+0x45c/0x594 [ 35.339803][ T188] invoke_syscall+0x98/0x2c0 [ 35.340829][ T188] el0_svc_common+0x138/0x258 [ 35.341983][ T188] do_el0_svc+0x64/0x218 [ 35.342974][ T188] el0_svc+0x58/0x168 [ 35.343883][ T188] el0t_64_sync_handler+0x84/0xf0 [ 35.345052][ T188] el0t_64_sync+0x18c/0x190 [ 35.346161][ T188] [ 35.346733][ T188] The buggy address belongs to the object at ffff0000cbcb6800 [ 35.346733][ T188] which belongs to the cache kmalloc-512 of size 512 [ 35.350160][ T188] The buggy address is located 0 bytes inside of [ 35.350160][ T188] 512-byte region [ffff0000cbcb6800, ffff0000cbcb6a00) [ 35.353287][ T188] [ 35.353858][ T188] The buggy address belongs to the physical page: [ 35.355440][ T188] page:000000005d2e6f38 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10bcb4 [ 35.357886][ T188] head:000000005d2e6f38 order:2 compound_mapcount:0 compound_pincount:0 [ 35.359863][ T188] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 35.361833][ T188] raw: 05ffc00000010200 fffffc00030c1b00 dead000000000002 ffff0000c0002600 [ 35.363893][ T188] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 35.365994][ T188] page dumped because: kasan: bad access detected [ 35.367518][ T188] [ 35.368017][ T188] Memory state around the buggy address: [ 35.369340][ T188] ffff0000cbcb6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.371417][ T188] ffff0000cbcb6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.373398][ T188] >ffff0000cbcb6a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.375406][ T188] ^ [ 35.376475][ T188] ffff0000cbcb6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.378500][ T188] ffff0000cbcb6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.380450][ T188] ================================================================== [ 35.382587][ T188] Disabling lock debugging due to kernel taint