Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts. 2024/01/10 04:34:16 ignoring optional flag "sandboxArg"="0" 2024/01/10 04:34:16 parsed 1 programs 2024/01/10 04:34:16 executed programs: 0 [ 55.144044][ T1857] loop0: detected capacity change from 0 to 1024 [ 55.176960][ T557] ================================================================== [ 55.185227][ T557] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x6f4/0xde0 [ 55.193841][ T557] Read of size 2048 at addr ffff88817e028400 by task kworker/u4:3/557 [ 55.202016][ T557] [ 55.204338][ T557] CPU: 1 PID: 557 Comm: kworker/u4:3 Not tainted 6.1.71-syzkaller #0 [ 55.212775][ T557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 55.223042][ T557] Workqueue: loop0 loop_workfn [ 55.227970][ T557] Call Trace: [ 55.231229][ T557] [ 55.234139][ T557] dump_stack_lvl+0xf4/0x251 [ 55.238897][ T557] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 55.244508][ T557] ? panic+0x3f7/0x3f7 [ 55.248548][ T557] ? _printk+0xca/0x10a [ 55.252775][ T557] ? page_cache_prev_miss+0x350/0x350 [ 55.258229][ T557] print_report+0x15f/0x4f0 [ 55.262712][ T557] ? folio_mark_accessed+0x10d/0x880 [ 55.268007][ T557] ? PageHeadHuge+0x40/0x110 [ 55.272659][ T557] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 55.278646][ T557] kasan_report+0x136/0x160 [ 55.283129][ T557] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 55.289088][ T557] kasan_check_range+0x27f/0x290 [ 55.294000][ T557] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 55.300052][ T557] memcpy+0x25/0x60 [ 55.303830][ T557] copy_page_from_iter_atomic+0x6f4/0xde0 [ 55.309619][ T557] ? pipe_zero+0x1e0/0x1e0 [ 55.314409][ T557] ? shmem_write_begin+0x1dd/0x400 [ 55.319578][ T557] ? shmem_writepage+0x1410/0x1410 [ 55.324834][ T557] ? rcu_is_watching+0x1b/0x90 [ 55.329749][ T557] generic_perform_write+0x352/0x530 [ 55.335024][ T557] ? generic_file_direct_write+0x360/0x360 [ 55.340986][ T557] ? generic_write_checks+0xc9/0x170 [ 55.346502][ T557] __generic_file_write_iter+0x13f/0x340 [ 55.352293][ T557] generic_file_write_iter+0x99/0x230 [ 55.357641][ T557] do_iter_write+0x664/0xad0 [ 55.362212][ T557] ? vfs_iter_write+0x90/0x90 [ 55.366946][ T557] ? kthread_associate_blkcg+0x1e7/0x330 [ 55.372551][ T557] loop_process_work+0x1420/0x1e40 [ 55.377659][ T557] ? loop_workfn+0x50/0x50 [ 55.382062][ T557] ? read_lock_is_recursive+0x10/0x10 [ 55.387410][ T557] ? _raw_spin_unlock_irqrestore+0xcb/0x130 [ 55.393276][ T557] ? read_word_at_a_time+0xe/0x20 [ 55.398290][ T557] ? process_one_work+0x6af/0xe90 [ 55.403375][ T557] ? process_one_work+0x6af/0xe90 [ 55.408403][ T557] process_one_work+0x745/0xe90 [ 55.413233][ T557] ? worker_detach_from_pool+0x240/0x240 [ 55.418954][ T557] ? __rwlock_init+0x140/0x140 [ 55.423757][ T557] ? wq_worker_sleeping+0x19/0x1f0 [ 55.428871][ T557] worker_thread+0x806/0xe60 [ 55.433971][ T557] kthread+0x1e8/0x240 [ 55.438800][ T557] ? process_one_work+0xe90/0xe90 [ 55.443885][ T557] ? kthread_blkcg+0xa0/0xa0 [ 55.448475][ T557] ret_from_fork+0x1f/0x30 [ 55.453082][ T557] [ 55.456180][ T557] [ 55.458479][ T557] Allocated by task 1857: [ 55.463130][ T557] kasan_set_track+0x4b/0x70 [ 55.467779][ T557] __kasan_kmalloc+0x97/0xb0 [ 55.472512][ T557] __kmalloc+0xa6/0x1c0 [ 55.476644][ T557] hfsplus_read_wrapper+0x3fc/0x1110 [ 55.482073][ T557] hfsplus_fill_super+0x36e/0x1970 [ 55.487327][ T557] mount_bdev+0x26b/0x340 [ 55.491814][ T557] legacy_get_tree+0xe5/0x170 [ 55.496758][ T557] vfs_get_tree+0x7a/0x170 [ 55.501427][ T557] do_new_mount+0x1e1/0x8f0 [ 55.506132][ T557] __se_sys_mount+0x23e/0x2d0 [ 55.510986][ T557] do_syscall_64+0x3d/0x80 [ 55.515387][ T557] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.521620][ T557] [ 55.524218][ T557] The buggy address belongs to the object at ffff88817e028400 [ 55.524218][ T557] which belongs to the cache kmalloc-512 of size 512 [ 55.538457][ T557] The buggy address is located 0 bytes inside of [ 55.538457][ T557] 512-byte region [ffff88817e028400, ffff88817e028600) [ 55.551785][ T557] [ 55.554623][ T557] The buggy address belongs to the physical page: [ 55.561005][ T557] page:ffffea0005f80a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17e028 [ 55.571485][ T557] head:ffffea0005f80a00 order:2 compound_mapcount:0 compound_pincount:0 [ 55.580043][ T557] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 55.586700][ T557] raw: 0100000000010200 ffffea0005f80600 dead000000000002 ffff888100041c80 [ 55.595339][ T557] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 55.603951][ T557] page dumped because: kasan: bad access detected [ 55.610433][ T557] page_owner tracks the page as allocated [ 55.616391][ T557] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 712, tgid 712 (udevadm), ts 7281092537, free_ts 6235168043 [ 55.636520][ T557] post_alloc_hook+0x286/0x2b0 [ 55.641444][ T557] get_page_from_freelist+0x398c/0x3b60 [ 55.647138][ T557] __alloc_pages+0x251/0x640 [ 55.651816][ T557] alloc_slab_page+0x6a/0x150 [ 55.656677][ T557] new_slab+0x70/0x250 [ 55.660742][ T557] ___slab_alloc+0x9df/0xe70 [ 55.665571][ T557] __kmem_cache_alloc_node+0x195/0x250 [ 55.671009][ T557] __kmalloc+0x95/0x1c0 [ 55.675224][ T557] tomoyo_init_log+0x19a0/0x1fc0 [ 55.680224][ T557] tomoyo_supervisor+0x30d/0xfc0 [ 55.685219][ T557] tomoyo_path_perm+0x5c9/0x890 [ 55.690126][ T557] security_inode_getattr+0x7b/0xe0 [ 55.695456][ T557] vfs_getattr+0x1d/0x2d0 [ 55.699754][ T557] vfs_statx+0x14e/0x400 [ 55.703981][ T557] __se_sys_newfstatat+0xfe/0x790 [ 55.709071][ T557] do_syscall_64+0x3d/0x80 [ 55.713464][ T557] page last free stack trace: [ 55.718109][ T557] free_unref_page_prepare+0xd38/0xed0 [ 55.723540][ T557] free_unref_page+0x33/0x390 [ 55.728448][ T557] free_contig_range+0x8d/0x130 [ 55.733454][ T557] destroy_args+0xde/0x79f [ 55.737845][ T557] debug_vm_pgtable+0x35f/0x51d [ 55.742666][ T557] do_one_initcall+0x19f/0x4c0 [ 55.747579][ T557] do_initcall_level+0x11e/0x1cd [ 55.752513][ T557] do_initcalls+0x46/0x74 [ 55.756835][ T557] kernel_init_freeable+0x375/0x4e9 [ 55.762197][ T557] kernel_init+0x14/0x190 [ 55.766519][ T557] ret_from_fork+0x1f/0x30 [ 55.770943][ T557] [ 55.773421][ T557] Memory state around the buggy address: [ 55.779069][ T557] ffff88817e028500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.787387][ T557] ffff88817e028580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.795460][ T557] >ffff88817e028600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.803583][ T557] ^ [ 55.807888][ T557] ffff88817e028680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.816615][ T557] ffff88817e028700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.825003][ T557] ================================================================== [ 55.833721][ T557] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.841461][ T557] Kernel Offset: disabled [ 55.845772][ T557] Rebooting in 86400 seconds..