Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts. 2023/11/10 23:51:09 ignoring optional flag "sandboxArg"="0" 2023/11/10 23:51:09 parsed 1 programs 2023/11/10 23:51:09 executed programs: 0 [ 53.789504][ T1858] loop0: detected capacity change from 0 to 1024 [ 53.832309][ T11] ================================================================== [ 53.840712][ T11] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x6f4/0xde0 [ 53.849279][ T11] Read of size 1024 at addr ffff888109793c00 by task kworker/u4:1/11 [ 53.857491][ T11] [ 53.860002][ T11] CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.62-syzkaller #0 [ 53.868129][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 53.878516][ T11] Workqueue: loop0 loop_workfn [ 53.883265][ T11] Call Trace: [ 53.886546][ T11] [ 53.889462][ T11] dump_stack_lvl+0xf4/0x251 [ 53.894039][ T11] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 53.899567][ T11] ? panic+0x3f7/0x3f7 [ 53.903613][ T11] ? _printk+0xca/0x10a [ 53.907839][ T11] ? page_cache_prev_miss+0x350/0x350 [ 53.913200][ T11] print_report+0x15f/0x4f0 [ 53.917884][ T11] ? folio_mark_accessed+0x10d/0x880 [ 53.923405][ T11] ? PageHeadHuge+0x40/0x110 [ 53.928162][ T11] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 53.934148][ T11] kasan_report+0x136/0x160 [ 53.939187][ T11] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 53.945057][ T11] kasan_check_range+0x27f/0x290 [ 53.950153][ T11] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 53.956921][ T11] memcpy+0x25/0x60 [ 53.960812][ T11] copy_page_from_iter_atomic+0x6f4/0xde0 [ 53.966781][ T11] ? pipe_zero+0x1e0/0x1e0 [ 53.971226][ T11] ? shmem_write_begin+0x1dd/0x400 [ 53.976398][ T11] ? shmem_writepage+0x1410/0x1410 [ 53.981482][ T11] ? rcu_is_watching+0x1b/0x90 [ 53.986393][ T11] generic_perform_write+0x352/0x530 [ 53.991822][ T11] ? generic_file_direct_write+0x360/0x360 [ 53.997709][ T11] ? generic_write_checks+0xc9/0x170 [ 54.003057][ T11] __generic_file_write_iter+0x13f/0x340 [ 54.008664][ T11] generic_file_write_iter+0x99/0x230 [ 54.014015][ T11] do_iter_write+0x664/0xad0 [ 54.018684][ T11] ? vfs_iter_write+0x90/0x90 [ 54.023345][ T11] ? kthread_associate_blkcg+0x1e7/0x330 [ 54.029212][ T11] loop_process_work+0x1420/0x1e40 [ 54.034297][ T11] ? loop_workfn+0x50/0x50 [ 54.038688][ T11] ? read_lock_is_recursive+0x10/0x10 [ 54.044057][ T11] ? _raw_spin_unlock_irqrestore+0xcb/0x130 [ 54.050360][ T11] ? read_word_at_a_time+0xe/0x20 [ 54.055713][ T11] ? process_one_work+0x6af/0xe90 [ 54.060736][ T11] ? process_one_work+0x6af/0xe90 [ 54.065844][ T11] process_one_work+0x745/0xe90 [ 54.071117][ T11] ? worker_detach_from_pool+0x240/0x240 [ 54.076815][ T11] ? __rwlock_init+0x140/0x140 [ 54.081552][ T11] ? wq_worker_sleeping+0x19/0x1f0 [ 54.086749][ T11] worker_thread+0x806/0xe60 [ 54.091405][ T11] kthread+0x1e8/0x240 [ 54.095555][ T11] ? process_one_work+0xe90/0xe90 [ 54.100567][ T11] ? kthread_blkcg+0xa0/0xa0 [ 54.105147][ T11] ret_from_fork+0x1f/0x30 [ 54.109566][ T11] [ 54.112563][ T11] [ 54.114860][ T11] Allocated by task 1858: [ 54.119265][ T11] kasan_set_track+0x4b/0x70 [ 54.123939][ T11] __kasan_kmalloc+0x97/0xb0 [ 54.128499][ T11] __kmalloc+0xa6/0x1c0 [ 54.132801][ T11] hfsplus_read_wrapper+0x3fc/0x1110 [ 54.138144][ T11] hfsplus_fill_super+0x36e/0x1970 [ 54.143486][ T11] mount_bdev+0x26b/0x340 [ 54.147879][ T11] legacy_get_tree+0xe5/0x170 [ 54.152612][ T11] vfs_get_tree+0x7a/0x170 [ 54.157083][ T11] do_new_mount+0x1e1/0x8f0 [ 54.161559][ T11] __se_sys_mount+0x23e/0x2d0 [ 54.166213][ T11] do_syscall_64+0x3d/0x80 [ 54.170689][ T11] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.176570][ T11] [ 54.178874][ T11] The buggy address belongs to the object at ffff888109793c00 [ 54.178874][ T11] which belongs to the cache kmalloc-512 of size 512 [ 54.193426][ T11] The buggy address is located 0 bytes inside of [ 54.193426][ T11] 512-byte region [ffff888109793c00, ffff888109793e00) [ 54.206859][ T11] [ 54.211182][ T11] The buggy address belongs to the physical page: [ 54.217768][ T11] page:ffffea000425e400 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888109793800 pfn:0x109790 [ 54.229473][ T11] head:ffffea000425e400 order:2 compound_mapcount:0 compound_pincount:0 [ 54.237856][ T11] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 54.244517][ T11] raw: 0100000000010200 ffffea000414e800 dead000000000003 ffff888100041c80 [ 54.253247][ T11] raw: ffff888109793800 000000008010000f 00000001ffffffff 0000000000000000 [ 54.262179][ T11] page dumped because: kasan: bad access detected [ 54.269631][ T11] page_owner tracks the page as allocated [ 54.275419][ T11] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 697, tgid 697 (start-stop-daem), ts 6311362054, free_ts 6288933289 [ 54.296152][ T11] post_alloc_hook+0x286/0x2b0 [ 54.301098][ T11] get_page_from_freelist+0x398c/0x3b60 [ 54.306815][ T11] __alloc_pages+0x251/0x640 [ 54.311403][ T11] alloc_slab_page+0x6a/0x150 [ 54.316169][ T11] new_slab+0x70/0x250 [ 54.320229][ T11] ___slab_alloc+0x9df/0xe70 [ 54.324819][ T11] __kmem_cache_alloc_node+0x195/0x250 [ 54.330304][ T11] __kmalloc+0x95/0x1c0 [ 54.334552][ T11] tomoyo_init_log+0x19a0/0x1fc0 [ 54.339487][ T11] tomoyo_supervisor+0x30d/0xfc0 [ 54.344409][ T11] tomoyo_check_open_permission+0x412/0x950 [ 54.350641][ T11] security_file_open+0x23/0x80 [ 54.355835][ T11] do_dentry_open+0x299/0xd20 [ 54.360485][ T11] path_openat+0x2208/0x27d0 [ 54.365048][ T11] do_filp_open+0x226/0x430 [ 54.369619][ T11] do_sys_openat2+0x10b/0x420 [ 54.374291][ T11] page last free stack trace: [ 54.378951][ T11] free_unref_page_prepare+0xd38/0xed0 [ 54.384579][ T11] free_unref_page+0x33/0x390 [ 54.389459][ T11] __stack_depot_save+0x358/0x460 [ 54.394464][ T11] kasan_set_track+0x60/0x70 [ 54.399102][ T11] __kasan_kmalloc+0x97/0xb0 [ 54.403792][ T11] __kmalloc+0xa6/0x1c0 [ 54.408011][ T11] tomoyo_init_log+0x19a0/0x1fc0 [ 54.413027][ T11] tomoyo_supervisor+0x30d/0xfc0 [ 54.418100][ T11] tomoyo_check_unix_address+0x3d7/0x700 [ 54.423717][ T11] tomoyo_socket_listen_permission+0x1f8/0x300 [ 54.429862][ T11] security_socket_listen+0x29/0x80 [ 54.435386][ T11] __sys_listen+0xfe/0x1a0 [ 54.439778][ T11] __x64_sys_listen+0x51/0x60 [ 54.444424][ T11] do_syscall_64+0x3d/0x80 [ 54.448901][ T11] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.455196][ T11] [ 54.457688][ T11] Memory state around the buggy address: [ 54.463459][ T11] ffff888109793d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.471933][ T11] ffff888109793d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.480065][ T11] >ffff888109793e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.488101][ T11] ^ [ 54.492259][ T11] ffff888109793e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.500477][ T11] ffff888109793f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.508552][ T11] ================================================================== [ 54.516790][ T11] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 54.524333][ T11] Kernel Offset: disabled [ 54.528645][ T11] Rebooting in 86400 seconds..