DUID 00:04:12:1d:f4:f7:fe:f5:5d:a3:23:27:d1:cc:1a:40:42:dd forked to background, child pid 748 [ 8.757088][ T749] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 25.258444][ T911] cgroup: Unknown subsys name 'net' [ 25.350840][ T911] cgroup: Unknown subsys name 'rlimit' Warning: Permanently added '10.128.0.217' (ED25519) to the list of known hosts. 2024/03/21 08:51:54 ignoring optional flag "sandboxArg"="0" 2024/03/21 08:51:54 parsed 1 programs 2024/03/21 08:51:54 executed programs: 0 [ 54.872430][ T1858] loop0: detected capacity change from 0 to 1024 [ 54.932479][ T11] ================================================================== [ 54.940836][ T11] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x6f4/0xde0 [ 54.949494][ T11] Read of size 1024 at addr ffff8881042c8c00 by task kworker/u4:1/11 [ 54.957633][ T11] [ 54.959937][ T11] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.82-syzkaller #0 [ 54.967895][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 54.978193][ T11] Workqueue: loop0 loop_workfn [ 54.982948][ T11] Call Trace: [ 54.986208][ T11] [ 54.989160][ T11] dump_stack_lvl+0xf4/0x251 [ 54.993902][ T11] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 54.999435][ T11] ? panic+0x3f7/0x3f7 [ 55.003600][ T11] ? _printk+0xca/0x10a [ 55.007822][ T11] ? __virt_addr_valid+0x139/0x260 [ 55.013091][ T11] ? __virt_addr_valid+0x211/0x260 [ 55.018270][ T11] print_report+0x15f/0x4f0 [ 55.022839][ T11] ? __virt_addr_valid+0x139/0x260 [ 55.027930][ T11] ? __virt_addr_valid+0x211/0x260 [ 55.033028][ T11] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 55.039253][ T11] kasan_report+0x136/0x160 [ 55.043739][ T11] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 55.049617][ T11] kasan_check_range+0x27f/0x290 [ 55.054628][ T11] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 55.060674][ T11] memcpy+0x25/0x60 [ 55.064454][ T11] copy_page_from_iter_atomic+0x6f4/0xde0 [ 55.070327][ T11] ? pipe_zero+0x1e0/0x1e0 [ 55.074886][ T11] ? shmem_write_begin+0x1dd/0x400 [ 55.079966][ T11] ? shmem_writepage+0x1410/0x1410 [ 55.085218][ T11] ? rcu_is_watching+0x1b/0x90 [ 55.090051][ T11] generic_perform_write+0x352/0x530 [ 55.096372][ T11] ? generic_file_direct_write+0x360/0x360 [ 55.102238][ T11] ? generic_write_checks+0xc9/0x170 [ 55.107593][ T11] __generic_file_write_iter+0x13f/0x340 [ 55.113208][ T11] generic_file_write_iter+0x99/0x230 [ 55.118652][ T11] do_iter_write+0x664/0xad0 [ 55.123230][ T11] ? vfs_iter_write+0x90/0x90 [ 55.127896][ T11] ? kthread_associate_blkcg+0x1e7/0x330 [ 55.133725][ T11] loop_process_work+0x1420/0x1e40 [ 55.138899][ T11] ? loop_workfn+0x50/0x50 [ 55.143288][ T11] ? read_lock_is_recursive+0x10/0x10 [ 55.148640][ T11] ? _raw_spin_unlock_irqrestore+0xcb/0x130 [ 55.154523][ T11] ? read_word_at_a_time+0xe/0x20 [ 55.159565][ T11] ? process_one_work+0x6af/0xe90 [ 55.164923][ T11] ? process_one_work+0x6af/0xe90 [ 55.170124][ T11] process_one_work+0x745/0xe90 [ 55.175176][ T11] ? worker_detach_from_pool+0x240/0x240 [ 55.180874][ T11] ? __rwlock_init+0x140/0x140 [ 55.185621][ T11] ? wq_worker_sleeping+0x19/0x1f0 [ 55.190710][ T11] worker_thread+0x806/0xe60 [ 55.195289][ T11] kthread+0x1e8/0x240 [ 55.199352][ T11] ? process_one_work+0xe90/0xe90 [ 55.204384][ T11] ? kthread_blkcg+0xa0/0xa0 [ 55.209041][ T11] ret_from_fork+0x1f/0x30 [ 55.213604][ T11] [ 55.216623][ T11] [ 55.218922][ T11] Allocated by task 1858: [ 55.223478][ T11] kasan_set_track+0x4b/0x70 [ 55.228037][ T11] __kasan_kmalloc+0x97/0xb0 [ 55.233052][ T11] __kmalloc+0xa6/0x1c0 [ 55.237189][ T11] hfsplus_read_wrapper+0x3fc/0x1110 [ 55.242545][ T11] hfsplus_fill_super+0x36e/0x1970 [ 55.247720][ T11] mount_bdev+0x26b/0x340 [ 55.252019][ T11] legacy_get_tree+0xe5/0x170 [ 55.256858][ T11] vfs_get_tree+0x7a/0x170 [ 55.261257][ T11] do_new_mount+0x21a/0x910 [ 55.265744][ T11] __se_sys_mount+0x23e/0x2d0 [ 55.270528][ T11] do_syscall_64+0x3d/0x80 [ 55.274957][ T11] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.280833][ T11] [ 55.283134][ T11] The buggy address belongs to the object at ffff8881042c8c00 [ 55.283134][ T11] which belongs to the cache kmalloc-512 of size 512 [ 55.297159][ T11] The buggy address is located 0 bytes inside of [ 55.297159][ T11] 512-byte region [ffff8881042c8c00, ffff8881042c8e00) [ 55.310317][ T11] [ 55.312651][ T11] The buggy address belongs to the physical page: [ 55.319032][ T11] page:ffffea000410b200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1042c8 [ 55.329323][ T11] head:ffffea000410b200 order:2 compound_mapcount:0 compound_pincount:0 [ 55.337620][ T11] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 55.344194][ T11] raw: 0100000000010200 0000000000000000 dead000000000001 ffff888100041c80 [ 55.352834][ T11] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 55.361410][ T11] page dumped because: kasan: bad access detected [ 55.367970][ T11] page_owner tracks the page as allocated [ 55.373766][ T11] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 97, tgid 97 (kworker/u4:0), ts 3026559987, free_ts 0 [ 55.394047][ T11] post_alloc_hook+0x286/0x2b0 [ 55.398786][ T11] get_page_from_freelist+0x398c/0x3b60 [ 55.404388][ T11] __alloc_pages+0x251/0x640 [ 55.408948][ T11] alloc_slab_page+0x6a/0x150 [ 55.413685][ T11] new_slab+0x70/0x250 [ 55.417906][ T11] ___slab_alloc+0x9df/0xe70 [ 55.422483][ T11] __kmem_cache_alloc_node+0x195/0x250 [ 55.427921][ T11] kmalloc_trace+0x26/0xc0 [ 55.432399][ T11] alloc_bprm+0x52/0x5d0 [ 55.436629][ T11] kernel_execve+0x7d/0x610 [ 55.441193][ T11] call_usermodehelper_exec_async+0x1fc/0x310 [ 55.447841][ T11] ret_from_fork+0x1f/0x30 [ 55.452315][ T11] page_owner free stack trace missing [ 55.457653][ T11] [ 55.460055][ T11] Memory state around the buggy address: [ 55.465656][ T11] ffff8881042c8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.473810][ T11] ffff8881042c8d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.481929][ T11] >ffff8881042c8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.490135][ T11] ^ [ 55.494173][ T11] ffff8881042c8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.502288][ T11] ffff8881042c8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.510433][ T11] ================================================================== [ 55.518723][ T11] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.526510][ T11] Kernel Offset: disabled [ 55.530912][ T11] Rebooting in 86400 seconds..