Warning: Permanently added '10.128.1.115' (ED25519) to the list of known hosts. 2023/09/20 18:49:12 ignoring optional flag "sandboxArg"="0" 2023/09/20 18:49:13 parsed 1 programs 2023/09/20 18:49:14 executed programs: 0 [ 46.668546] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 46.712847] IPVS: ftp: loaded support on port[0] = 21 [ 48.187586] ================================================================== [ 48.194951] BUG: KASAN: slab-out-of-bounds in memcpy_from_page+0x73/0xe0 [ 48.201761] Read of size 2048 at addr ffff8801e6821400 by task loop0/3041 [ 48.208653] [ 48.210255] CPU: 1 PID: 3041 Comm: loop0 Not tainted 4.19.0-syzkaller #0 [ 48.217059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 48.226382] Call Trace: [ 48.228942] dump_stack+0x10c/0x17a [ 48.232551] print_address_description.cold.6+0x9/0x244 [ 48.237895] kasan_report.cold.7+0x242/0x305 [ 48.242272] ? memcpy_from_page+0x73/0xe0 [ 48.246402] check_memory_region+0x13c/0x1b0 [ 48.250792] memcpy+0x23/0x50 [ 48.253889] memcpy_from_page+0x73/0xe0 [ 48.257847] iov_iter_copy_from_user_atomic+0x478/0x980 [ 48.263181] generic_perform_write+0x291/0x470 [ 48.267731] ? filemap_page_mkwrite+0x280/0x280 [ 48.272369] ? file_update_time+0x270/0x3f0 [ 48.276663] ? lock_acquire+0x177/0x310 [ 48.280603] ? current_time+0x140/0x140 [ 48.284543] ? lock_acquire+0x177/0x310 [ 48.288484] __generic_file_write_iter+0x205/0x590 [ 48.293382] generic_file_write_iter+0x302/0x660 [ 48.298105] ? mempool_free_slab+0x12/0x20 [ 48.302306] do_iter_readv_writev+0x4ae/0x960 [ 48.306769] ? clone_verify_area+0x1e0/0x1e0 [ 48.311231] ? rw_verify_area+0xb8/0x2b0 [ 48.315263] ? blk_queue_exit+0x58/0xd0 [ 48.319204] do_iter_write+0x12a/0x510 [ 48.323086] ? lock_acquire+0x177/0x310 [ 48.327028] ? lo_write_bvec+0x252/0x310 [ 48.331060] vfs_iter_write+0x5b/0xb0 [ 48.334913] lo_write_bvec+0x127/0x310 [ 48.338767] ? lo_rw_aio_do_completion+0x90/0x90 [ 48.343523] ? __lock_acquire.isra.10+0x116/0x1870 [ 48.348422] loop_queue_work+0xac5/0x1ffb [ 48.352539] ? lock_downgrade+0x590/0x590 [ 48.356653] ? loop_control_ioctl+0x2d0/0x2d0 [ 48.361289] ? __lock_acquire.isra.10+0x116/0x1870 [ 48.366188] ? kthread_worker_fn+0x1b4/0x640 [ 48.370567] ? lock_downgrade+0x590/0x590 [ 48.374685] ? lock_acquire+0x177/0x310 [ 48.378627] ? do_raw_spin_unlock+0x172/0x260 [ 48.383108] kthread_worker_fn+0x1ff/0x640 [ 48.387316] ? lock_downgrade+0x590/0x590 [ 48.391521] ? __kthread_init_worker+0xf0/0xf0 [ 48.396078] ? do_raw_spin_unlock+0x172/0x260 [ 48.400546] loop_kthread_worker_fn+0x4c/0x60 [ 48.405012] kthread+0x2ef/0x3a0 [ 48.408371] ? loop_get_status64+0x100/0x100 [ 48.412747] ? kthread_park+0xf0/0xf0 [ 48.416534] ret_from_fork+0x1f/0x30 [ 48.420224] [ 48.421828] Allocated by task 3039: [ 48.425433] kasan_kmalloc.part.1+0x62/0xf0 [ 48.429729] kasan_kmalloc+0xaf/0xc0 [ 48.433503] __kmalloc+0x139/0x260 [ 48.437032] hfsplus_read_wrapper+0xa1b/0xee0 [ 48.441528] hfsplus_fill_super+0x2e4/0x1770 [ 48.445934] mount_bdev+0x26f/0x330 [ 48.449542] hfsplus_mount+0x10/0x20 [ 48.453313] mount_fs+0x7f/0x1f0 [ 48.456658] vfs_kern_mount.part.11+0x58/0x3d0 [ 48.461217] do_mount+0x376/0x26e0 [ 48.464731] ksys_mount+0xb1/0xd0 [ 48.468153] __x64_sys_mount+0xb9/0x150 [ 48.472102] do_syscall_64+0xca/0x340 [ 48.475891] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.481047] [ 48.482645] Freed by task 2092: [ 48.485900] __kasan_slab_free+0x167/0x240 [ 48.490103] kasan_slab_free+0xe/0x10 [ 48.493872] kfree+0x10c/0x270 [ 48.497037] skb_free_head+0x74/0x90 [ 48.500722] skb_release_data+0x4cf/0x670 [ 48.504838] skb_release_all+0x3d/0x50 [ 48.508691] consume_skb+0xaf/0x1d0 [ 48.512305] netlink_unicast+0x445/0x650 [ 48.516372] netlink_sendmsg+0x680/0xc00 [ 48.520399] sock_sendmsg+0xac/0xf0 [ 48.524011] __sys_sendto+0x1d8/0x2a0 [ 48.527782] __x64_sys_sendto+0xdc/0x1a0 [ 48.531811] do_syscall_64+0xca/0x340 [ 48.535582] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.540736] [ 48.542337] The buggy address belongs to the object at ffff8801e6821400 [ 48.542337] which belongs to the cache kmalloc-512 of size 512 [ 48.554961] The buggy address is located 0 bytes inside of [ 48.554961] 512-byte region [ffff8801e6821400, ffff8801e6821600) [ 48.566653] The buggy address belongs to the page: [ 48.571552] page:ffffea00079a0800 count:1 mapcount:0 mapping:ffff8801f6802c00 index:0x0 compound_mapcount: 0 [ 48.581500] flags: 0x100000000008100(slab|head) [ 48.586138] raw: 0100000000008100 ffffea00079a0880 0000000600000006 ffff8801f6802c00 [ 48.593997] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 48.601941] page dumped because: kasan: bad access detected [ 48.607623] page allocated via order 1, migratetype Unmovable, gfp_mask 0x152c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC) [ 48.621477] get_page_from_freelist+0x2bf3/0x4050 [ 48.626301] __alloc_pages_nodemask+0x390/0x2300 [ 48.631051] alloc_pages_current+0xfd/0x290 [ 48.635351] new_slab+0x44b/0x7b0 [ 48.638781] ___slab_alloc+0x600/0x890 [ 48.642640] __slab_alloc+0x2f/0x60 [ 48.646244] __kmalloc_node_track_caller+0xd7/0x2f0 [ 48.651240] __kmalloc_reserve.isra.7+0x2c/0xc0 [ 48.655907] __alloc_skb+0xd7/0x580 [ 48.659617] netlink_sendmsg+0x961/0xc00 [ 48.663740] sock_sendmsg+0xac/0xf0 [ 48.667521] ___sys_sendmsg+0x647/0x950 [ 48.671481] __sys_sendmsg+0xd9/0x180 [ 48.675250] __x64_sys_sendmsg+0x73/0xb0 [ 48.679282] do_syscall_64+0xca/0x340 [ 48.683053] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.688220] [ 48.689822] Memory state around the buggy address: [ 48.694723] ffff8801e6821500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.702053] ffff8801e6821580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.709407] >ffff8801e6821600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.716739] ^ [ 48.720114] ffff8801e6821680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.727443] ffff8801e6821700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.734897] ================================================================== [ 48.742232] Disabling lock debugging due to kernel taint [ 48.747797] Kernel panic - not syncing: panic_on_warn set ... [ 48.747797] [ 48.755441] Kernel Offset: disabled [ 48.759101] Rebooting in 86400 seconds..