[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.240' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 294.752847] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 294.842824] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 294.962603] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 295.032541] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 295.123041] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 295.222551] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 295.332535] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 295.433078] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 295.532759] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 295.633402] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 295.732766] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 295.843034] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 295.962664] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 296.072743] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 296.182504] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) [ 296.292429] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 296.423082] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 296.532520] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 296.653197] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 296.762404] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 296.882734] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 296.972622] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 297.062492] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 297.162659] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 297.262370] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 297.362480] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) [ 297.472337] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program executing program [ 297.593075] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 297.692546] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 297.802322] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 297.913144] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 298.012480] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program executing program [ 298.112512] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 298.202966] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 298.302937] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 298.392412] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 298.502436] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 298.582321] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 298.672326] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 298.772783] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 298.872352] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 298.972651] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 299.072635] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 299.182207] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 299.272357] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 299.372508] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 299.472801] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 299.562232] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) executing program [ 299.692436] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 299.812302] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 299.922225] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 300.002359] loop_set_block_size: loop0 () has still dirty pages (nrpages=4) [ 300.092147] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 300.212519] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 300.332411] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) [ 300.432110] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 300.542436] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 300.602463] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) [ 300.692579] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program executing program [ 300.802128] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 300.902410] loop_set_block_size: loop0 () has still dirty pages (nrpages=8) executing program [ 300.992187] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 301.072332] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 301.182110] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 301.282852] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) [ 301.372319] loop_set_block_size: loop0 () has still dirty pages (nrpages=11) executing program executing program [ 301.472171] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 301.562406] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 301.652237] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 301.752077] loop_set_block_size: loop0 () has still dirty pages (nrpages=5) executing program [ 301.852126] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 301.942496] loop_set_block_size: loop0 () has still dirty pages (nrpages=2) [ 302.051966] loop_set_block_size: loop0 () has still dirty pages (nrpages=1) executing program [ 302.174066] ================================================================== [ 302.181577] BUG: KASAN: slab-out-of-bounds in memcpy_from_page+0x8c/0x110 [ 302.188479] Read of size 2048 at addr ffff8880a334d540 by task loop0/8343 [ 302.195375] [ 302.196981] CPU: 1 PID: 8343 Comm: loop0 Not tainted 4.14.303-syzkaller #0 [ 302.203962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 302.213288] Call Trace: [ 302.215864] dump_stack+0x1b2/0x281 [ 302.219466] print_address_description.cold+0x54/0x1d3 [ 302.225176] kasan_report_error.cold+0x8a/0x191 [ 302.229823] ? memcpy_from_page+0x8c/0x110 [ 302.234139] kasan_report+0x6f/0x80 [ 302.237873] ? memcpy_from_page+0x8c/0x110 [ 302.242092] memcpy+0x20/0x50 [ 302.245193] memcpy_from_page+0x8c/0x110 [ 302.249231] iov_iter_copy_from_user_atomic+0x5dc/0xa20 [ 302.254576] generic_perform_write+0x22b/0x430 [ 302.259135] ? __mnt_drop_write_file+0x5f/0x90 [ 302.263690] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 302.268330] ? current_time+0xb0/0xb0 [ 302.272105] ? lock_acquire+0x170/0x3f0 [ 302.276052] __generic_file_write_iter+0x227/0x590 [ 302.280955] generic_file_write_iter+0x36f/0x650 [ 302.285686] do_iter_readv_writev+0x4cf/0x5f0 [ 302.290155] ? clone_verify_area+0x1e0/0x1e0 [ 302.294538] ? rw_verify_area+0xe1/0x2a0 [ 302.298575] do_iter_write+0x152/0x550 [ 302.302439] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 302.307861] vfs_iter_write+0x70/0xa0 [ 302.311635] lo_write_bvec+0x114/0x310 [ 302.315495] ? loop_attr_do_show_backing_file+0x1a0/0x1a0 [ 302.321004] ? __lock_acquire+0x5fc/0x3f20 [ 302.325484] ? finish_task_switch+0x178/0x610 [ 302.329951] loop_queue_work+0x9f2/0x21e0 [ 302.334077] ? _raw_spin_unlock_irq+0x5a/0x80 [ 302.338545] ? finish_task_switch+0x178/0x610 [ 302.343013] ? finish_task_switch+0x14d/0x610 [ 302.347493] ? __switch_to_asm+0x31/0x60 [ 302.351528] ? __switch_to_asm+0x25/0x60 [ 302.355568] ? lo_fallocate.isra.0+0x120/0x120 [ 302.360122] ? __schedule+0x893/0x1de0 [ 302.363985] ? lock_acquire+0x170/0x3f0 [ 302.367931] ? lock_downgrade+0x740/0x740 [ 302.372052] ? _raw_spin_unlock_irq+0x24/0x80 [ 302.376528] kthread_worker_fn+0x271/0x6c0 [ 302.380757] ? __kthread_init_worker+0xf0/0xf0 [ 302.385325] ? loop_get_status64+0x100/0x100 [ 302.389723] kthread+0x30d/0x420 [ 302.393076] ? kthread_create_on_node+0xd0/0xd0 [ 302.398933] ret_from_fork+0x24/0x30 [ 302.402628] [ 302.404229] Allocated by task 8342: [ 302.407858] kasan_kmalloc+0xeb/0x160 [ 302.411745] __kmalloc+0x15a/0x400 [ 302.415271] hfsplus_read_wrapper+0x281/0xd70 [ 302.419748] hfsplus_fill_super+0x331/0x1850 [ 302.424132] mount_bdev+0x2b3/0x360 [ 302.427754] mount_fs+0x92/0x2a0 [ 302.431096] vfs_kern_mount.part.0+0x5b/0x470 [ 302.435561] do_mount+0xe65/0x2a30 [ 302.439076] SyS_mount+0xa8/0x120 [ 302.442500] do_syscall_64+0x1d5/0x640 [ 302.446362] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 302.451520] [ 302.453119] Freed by task 7930: [ 302.456392] kasan_slab_free+0xc3/0x1a0 [ 302.460338] kfree+0xc9/0x250 [ 302.463416] skb_release_data+0x5f6/0x820 [ 302.467549] __kfree_skb+0x46/0x60 [ 302.471061] tcp_recvmsg+0x14fc/0x1d50 [ 302.474931] inet_recvmsg+0xef/0x4d0 [ 302.478639] sock_read_iter+0x2be/0x3f0 [ 302.482588] __vfs_read+0x449/0x620 [ 302.486185] vfs_read+0x139/0x340 [ 302.489612] SyS_read+0xf2/0x210 [ 302.492954] do_syscall_64+0x1d5/0x640 [ 302.496817] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 302.501977] [ 302.503588] The buggy address belongs to the object at ffff8880a334d540 [ 302.503588] which belongs to the cache kmalloc-512 of size 512 [ 302.516224] The buggy address is located 0 bytes inside of [ 302.516224] 512-byte region [ffff8880a334d540, ffff8880a334d740) [ 302.527896] The buggy address belongs to the page: [ 302.532801] page:ffffea00028cd340 count:1 mapcount:0 mapping:ffff8880a334d040 index:0xffff8880a334d040 [ 302.542216] flags: 0xfff00000000100(slab) [ 302.546339] raw: 00fff00000000100 ffff8880a334d040 ffff8880a334d040 0000000100000003 [ 302.554193] raw: ffffea0002a4f360 ffffea00025c8da0 ffff88813fe74940 0000000000000000 [ 302.562043] page dumped because: kasan: bad access detected [ 302.567733] [ 302.569331] Memory state around the buggy address: [ 302.574232] ffff8880a334d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 302.581565] ffff8880a334d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 302.588895] >ffff8880a334d700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 302.596224] ^ [ 302.601646] ffff8880a334d780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 302.608976] ffff8880a334d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.616306] ================================================================== [ 302.623635] Disabling lock debugging due to kernel taint [ 302.629160] Kernel panic - not syncing: panic_on_warn set ... [ 302.629160] [ 302.636513] CPU: 1 PID: 8343 Comm: loop0 Tainted: G B 4.14.303-syzkaller #0 [ 302.644726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 302.654067] Call Trace: [ 302.656643] dump_stack+0x1b2/0x281 [ 302.660257] panic+0x1f9/0x42d [ 302.664230] ? add_taint.cold+0x16/0x16 [ 302.668179] kasan_end_report+0x43/0x49 [ 302.672128] kasan_report_error.cold+0xa7/0x191 [ 302.676771] ? memcpy_from_page+0x8c/0x110 [ 302.680975] kasan_report+0x6f/0x80 [ 302.684928] ? memcpy_from_page+0x8c/0x110 [ 302.689141] memcpy+0x20/0x50 [ 302.692224] memcpy_from_page+0x8c/0x110 [ 302.696262] iov_iter_copy_from_user_atomic+0x5dc/0xa20 [ 302.701606] generic_perform_write+0x22b/0x430 [ 302.706163] ? __mnt_drop_write_file+0x5f/0x90 [ 302.710714] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 302.715352] ? current_time+0xb0/0xb0 [ 302.719139] ? lock_acquire+0x170/0x3f0 [ 302.723086] __generic_file_write_iter+0x227/0x590 [ 302.727990] generic_file_write_iter+0x36f/0x650 [ 302.732719] do_iter_readv_writev+0x4cf/0x5f0 [ 302.737187] ? clone_verify_area+0x1e0/0x1e0 [ 302.741567] ? rw_verify_area+0xe1/0x2a0 [ 302.745599] do_iter_write+0x152/0x550 [ 302.749473] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 302.754895] vfs_iter_write+0x70/0xa0 [ 302.758690] lo_write_bvec+0x114/0x310 [ 302.762554] ? loop_attr_do_show_backing_file+0x1a0/0x1a0 [ 302.768064] ? __lock_acquire+0x5fc/0x3f20 [ 302.772275] ? finish_task_switch+0x178/0x610 [ 302.776742] loop_queue_work+0x9f2/0x21e0 [ 302.780864] ? _raw_spin_unlock_irq+0x5a/0x80 [ 302.785329] ? finish_task_switch+0x178/0x610 [ 302.789801] ? finish_task_switch+0x14d/0x610 [ 302.794267] ? __switch_to_asm+0x31/0x60 [ 302.798299] ? __switch_to_asm+0x25/0x60 [ 302.802334] ? lo_fallocate.isra.0+0x120/0x120 [ 302.806886] ? __schedule+0x893/0x1de0 [ 302.810745] ? lock_acquire+0x170/0x3f0 [ 302.814692] ? lock_downgrade+0x740/0x740 [ 302.818812] ? _raw_spin_unlock_irq+0x24/0x80 [ 302.823293] kthread_worker_fn+0x271/0x6c0 [ 302.827499] ? __kthread_init_worker+0xf0/0xf0 [ 302.832053] ? loop_get_status64+0x100/0x100 [ 302.836446] kthread+0x30d/0x420 [ 302.839789] ? kthread_create_on_node+0xd0/0xd0 [ 302.844433] ret_from_fork+0x24/0x30 [ 302.848480] Kernel Offset: disabled [ 302.852090] Rebooting in 86400 seconds..