Warning: Permanently added '10.128.1.86' (ED25519) to the list of known hosts. 2024/02/20 04:35:44 ignoring optional flag "sandboxArg"="0" 2024/02/20 04:35:45 parsed 1 programs 2024/02/20 04:35:45 executed programs: 0 [ 53.222658][ T1858] loop0: detected capacity change from 0 to 1024 [ 53.273680][ T27] ================================================================== [ 53.281906][ T27] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x6f4/0xde0 [ 53.290466][ T27] Read of size 2048 at addr ffff888105bbb400 by task kworker/u4:2/27 [ 53.298676][ T27] [ 53.300988][ T27] CPU: 0 PID: 27 Comm: kworker/u4:2 Not tainted 6.1.78-syzkaller #0 [ 53.309106][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 53.319141][ T27] Workqueue: loop0 loop_workfn [ 53.323879][ T27] Call Trace: [ 53.327136][ T27] [ 53.330057][ T27] dump_stack_lvl+0xf4/0x251 [ 53.334621][ T27] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 53.340161][ T27] ? panic+0x3f7/0x3f7 [ 53.344240][ T27] ? _printk+0xca/0x10a [ 53.348374][ T27] ? __virt_addr_valid+0x139/0x260 [ 53.353474][ T27] ? __virt_addr_valid+0x211/0x260 [ 53.358589][ T27] print_report+0x15f/0x4f0 [ 53.363180][ T27] ? __virt_addr_valid+0x139/0x260 [ 53.368501][ T27] ? __virt_addr_valid+0x211/0x260 [ 53.373602][ T27] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 53.379506][ T27] kasan_report+0x136/0x160 [ 53.383983][ T27] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 53.390051][ T27] kasan_check_range+0x27f/0x290 [ 53.394984][ T27] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 53.400850][ T27] memcpy+0x25/0x60 [ 53.404638][ T27] copy_page_from_iter_atomic+0x6f4/0xde0 [ 53.410853][ T27] ? pipe_zero+0x1e0/0x1e0 [ 53.415238][ T27] ? shmem_write_begin+0x1dd/0x400 [ 53.420612][ T27] ? shmem_writepage+0x1410/0x1410 [ 53.425873][ T27] ? rcu_is_watching+0x1b/0x90 [ 53.430625][ T27] generic_perform_write+0x352/0x530 [ 53.436501][ T27] ? generic_file_direct_write+0x360/0x360 [ 53.442471][ T27] ? generic_write_checks+0xc9/0x170 [ 53.447859][ T27] __generic_file_write_iter+0x13f/0x340 [ 53.453562][ T27] generic_file_write_iter+0x99/0x230 [ 53.458984][ T27] do_iter_write+0x664/0xad0 [ 53.463627][ T27] ? vfs_iter_write+0x90/0x90 [ 53.468385][ T27] ? kthread_associate_blkcg+0x1e7/0x330 [ 53.474109][ T27] loop_process_work+0x1420/0x1e40 [ 53.479195][ T27] ? loop_workfn+0x50/0x50 [ 53.483964][ T27] ? read_lock_is_recursive+0x10/0x10 [ 53.489605][ T27] ? _raw_spin_unlock_irqrestore+0xcb/0x130 [ 53.495491][ T27] ? read_word_at_a_time+0xe/0x20 [ 53.500667][ T27] ? process_one_work+0x6af/0xe90 [ 53.505662][ T27] ? process_one_work+0x6af/0xe90 [ 53.510662][ T27] process_one_work+0x745/0xe90 [ 53.515654][ T27] ? worker_detach_from_pool+0x240/0x240 [ 53.521269][ T27] ? __rwlock_init+0x140/0x140 [ 53.525997][ T27] ? wq_worker_sleeping+0x19/0x1f0 [ 53.531075][ T27] worker_thread+0x806/0xe60 [ 53.535721][ T27] kthread+0x1e8/0x240 [ 53.539753][ T27] ? process_one_work+0xe90/0xe90 [ 53.544842][ T27] ? kthread_blkcg+0xa0/0xa0 [ 53.549599][ T27] ret_from_fork+0x1f/0x30 [ 53.554009][ T27] [ 53.557131][ T27] [ 53.559439][ T27] Allocated by task 1858: [ 53.563908][ T27] kasan_set_track+0x4b/0x70 [ 53.568470][ T27] __kasan_kmalloc+0x97/0xb0 [ 53.573034][ T27] __kmalloc+0xa6/0x1c0 [ 53.577330][ T27] hfsplus_read_wrapper+0x3fc/0x1110 [ 53.582954][ T27] hfsplus_fill_super+0x36e/0x1970 [ 53.588054][ T27] mount_bdev+0x26b/0x340 [ 53.592394][ T27] legacy_get_tree+0xe5/0x170 [ 53.597138][ T27] vfs_get_tree+0x7a/0x170 [ 53.601548][ T27] do_new_mount+0x21a/0x910 [ 53.606033][ T27] __se_sys_mount+0x23e/0x2d0 [ 53.610763][ T27] do_syscall_64+0x3d/0x80 [ 53.615145][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.621275][ T27] [ 53.623662][ T27] The buggy address belongs to the object at ffff888105bbb400 [ 53.623662][ T27] which belongs to the cache kmalloc-512 of size 512 [ 53.637778][ T27] The buggy address is located 0 bytes inside of [ 53.637778][ T27] 512-byte region [ffff888105bbb400, ffff888105bbb600) [ 53.650937][ T27] [ 53.653324][ T27] The buggy address belongs to the physical page: [ 53.659705][ T27] page:ffffea000416ee00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bb8 [ 53.670001][ T27] head:ffffea000416ee00 order:2 compound_mapcount:0 compound_pincount:0 [ 53.678292][ T27] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 53.684936][ T27] raw: 0100000000010200 ffffea000415cb00 dead000000000002 ffff888100041c80 [ 53.693493][ T27] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 53.702040][ T27] page dumped because: kasan: bad access detected [ 53.708509][ T27] page_owner tracks the page as allocated [ 53.714972][ T27] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3603791089, free_ts 3603716907 [ 53.736822][ T27] post_alloc_hook+0x286/0x2b0 [ 53.741584][ T27] get_page_from_freelist+0x398c/0x3b60 [ 53.747348][ T27] __alloc_pages+0x251/0x640 [ 53.752179][ T27] alloc_page_interleave+0xf/0x120 [ 53.757516][ T27] alloc_slab_page+0x6a/0x150 [ 53.762159][ T27] new_slab+0x70/0x250 [ 53.766191][ T27] ___slab_alloc+0x9df/0xe70 [ 53.770773][ T27] __kmem_cache_alloc_node+0x195/0x250 [ 53.776206][ T27] __kmalloc_node_track_caller+0x96/0x1c0 [ 53.781910][ T27] pskb_expand_head+0x163/0x1100 [ 53.786830][ T27] netlink_trim+0x120/0x1a0 [ 53.791302][ T27] netlink_broadcast+0x66/0xdb0 [ 53.796115][ T27] hwsim_add_one+0xabc/0xef0 [ 53.800844][ T27] hwsim_probe+0x31/0xc0 [ 53.805059][ T27] platform_probe+0x107/0x140 [ 53.809708][ T27] really_probe+0x330/0xad0 [ 53.814177][ T27] page last free stack trace: [ 53.819084][ T27] free_unref_page_prepare+0xd38/0xed0 [ 53.824604][ T27] free_unref_page+0x33/0x390 [ 53.829247][ T27] __stack_depot_save+0x358/0x460 [ 53.834243][ T27] kasan_set_track+0x60/0x70 [ 53.838899][ T27] __kasan_kmalloc+0x97/0xb0 [ 53.843816][ T27] hwsim_add_one+0x55e/0xef0 [ 53.848374][ T27] hwsim_probe+0x31/0xc0 [ 53.852584][ T27] platform_probe+0x107/0x140 [ 53.857234][ T27] really_probe+0x330/0xad0 [ 53.861831][ T27] __driver_probe_device+0x138/0x340 [ 53.867193][ T27] driver_probe_device+0x4b/0x3a0 [ 53.872551][ T27] __driver_attach+0x271/0x5d0 [ 53.877318][ T27] bus_for_each_dev+0x151/0x1b0 [ 53.882289][ T27] bus_add_driver+0x2d6/0x4f0 [ 53.886944][ T27] driver_register+0x1f9/0x330 [ 53.891709][ T27] hwsim_init_module+0x110/0x18d [ 53.896643][ T27] [ 53.898960][ T27] Memory state around the buggy address: [ 53.904584][ T27] ffff888105bbb500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.912706][ T27] ffff888105bbb580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.920735][ T27] >ffff888105bbb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.928850][ T27] ^ [ 53.932932][ T27] ffff888105bbb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.940987][ T27] ffff888105bbb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.949283][ T27] ================================================================== [ 53.957447][ T27] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 53.965432][ T27] Kernel Offset: disabled [ 53.969830][ T27] Rebooting in 86400 seconds..