Warning: Permanently added '10.128.1.150' (ED25519) to the list of known hosts. 2023/09/22 23:13:58 ignoring optional flag "sandboxArg"="0" 2023/09/22 23:13:59 parsed 1 programs 2023/09/22 23:14:00 executed programs: 0 [ 44.460606] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 44.541045] IPVS: ftp: loaded support on port[0] = 21 [ 44.554273] IPVS: ftp: loaded support on port[0] = 21 [ 44.563134] IPVS: ftp: loaded support on port[0] = 21 [ 44.564297] IPVS: ftp: loaded support on port[0] = 21 [ 44.581014] IPVS: ftp: loaded support on port[0] = 21 [ 44.604000] IPVS: ftp: loaded support on port[0] = 21 [ 48.481502] hfsplus: unable to find HFS+ superblock [ 48.495394] hfsplus: unable to find HFS+ superblock [ 48.609997] hfsplus: unable to find HFS+ superblock [ 48.610048] hfsplus: unable to find HFS+ superblock [ 48.647059] ================================================================== [ 48.654518] BUG: KASAN: slab-out-of-bounds in memcpy_from_page+0x73/0xe0 [ 48.661332] Read of size 2048 at addr ffff8801efbac780 by task loop0/5139 [ 48.668228] [ 48.669829] CPU: 1 PID: 5139 Comm: loop0 Not tainted 4.19.0-syzkaller #0 [ 48.676647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 48.686189] Call Trace: [ 48.688835] dump_stack+0x10c/0x17a [ 48.692435] print_address_description.cold.6+0x9/0x244 [ 48.697828] kasan_report.cold.7+0x242/0x305 [ 48.702240] ? memcpy_from_page+0x73/0xe0 [ 48.706374] check_memory_region+0x13c/0x1b0 [ 48.710759] memcpy+0x23/0x50 [ 48.713928] memcpy_from_page+0x73/0xe0 [ 48.717878] ? aa_file_perm+0x29a/0x950 [ 48.721840] iov_iter_copy_from_user_atomic+0x478/0x980 [ 48.727171] generic_perform_write+0x291/0x470 [ 48.731724] ? filemap_page_mkwrite+0x280/0x280 [ 48.736363] ? file_update_time+0x270/0x3f0 [ 48.740654] ? current_time+0x140/0x140 [ 48.744605] ? lock_acquire+0x177/0x310 [ 48.748547] __generic_file_write_iter+0x205/0x590 [ 48.753445] generic_file_write_iter+0x302/0x660 [ 48.758196] do_iter_readv_writev+0x4ae/0x960 [ 48.762661] ? clone_verify_area+0x1e0/0x1e0 [ 48.767040] ? rw_verify_area+0xb8/0x2b0 [ 48.771070] ? blk_queue_exit+0x58/0xd0 [ 48.775010] do_iter_write+0x12a/0x510 [ 48.778864] ? lock_acquire+0x177/0x310 [ 48.782807] ? lo_write_bvec+0x252/0x310 [ 48.786833] vfs_iter_write+0x5b/0xb0 [ 48.790602] lo_write_bvec+0x127/0x310 [ 48.794457] ? lo_rw_aio_do_completion+0x90/0x90 [ 48.799178] ? __lock_acquire.isra.10+0x116/0x1870 [ 48.804072] loop_queue_work+0xac5/0x1ffb [ 48.808189] ? lock_downgrade+0x590/0x590 [ 48.812306] ? loop_control_ioctl+0x2d0/0x2d0 [ 48.816765] ? __lock_acquire.isra.10+0x116/0x1870 [ 48.821662] ? kthread_worker_fn+0x1b4/0x640 [ 48.826036] ? lock_downgrade+0x590/0x590 [ 48.830203] ? lock_acquire+0x177/0x310 [ 48.834174] ? do_raw_spin_unlock+0x172/0x260 [ 48.838635] kthread_worker_fn+0x1ff/0x640 [ 48.842837] ? lock_downgrade+0x590/0x590 [ 48.846981] ? __kthread_init_worker+0xf0/0xf0 [ 48.851705] ? do_raw_spin_unlock+0x172/0x260 [ 48.856169] loop_kthread_worker_fn+0x4c/0x60 [ 48.860635] kthread+0x2ef/0x3a0 [ 48.864061] ? loop_get_status64+0x100/0x100 [ 48.868438] ? kthread_park+0xf0/0xf0 [ 48.872208] ret_from_fork+0x1f/0x30 [ 48.875890] [ 48.877486] Allocated by task 5137: [ 48.881095] kasan_kmalloc.part.1+0x62/0xf0 [ 48.885383] kasan_kmalloc+0xaf/0xc0 [ 48.889078] __kmalloc+0x139/0x260 [ 48.892600] hfsplus_read_wrapper+0xa1b/0xee0 [ 48.897239] hfsplus_fill_super+0x2e4/0x1770 [ 48.901615] mount_bdev+0x26f/0x330 [ 48.905208] hfsplus_mount+0x10/0x20 [ 48.908908] mount_fs+0x7f/0x1f0 [ 48.912244] vfs_kern_mount.part.11+0x58/0x3d0 [ 48.916794] do_mount+0x376/0x26e0 [ 48.920317] ksys_mount+0xb1/0xd0 [ 48.923739] __x64_sys_mount+0xb9/0x150 [ 48.927685] do_syscall_64+0xca/0x340 [ 48.931478] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.936645] [ 48.938244] Freed by task 2622: [ 48.941554] __kasan_slab_free+0x167/0x240 [ 48.945766] kasan_slab_free+0xe/0x10 [ 48.949536] kfree+0x10c/0x270 [ 48.952698] skb_free_head+0x74/0x90 [ 48.956381] skb_release_data+0x4cf/0x670 [ 48.960501] skb_release_all+0x3d/0x50 [ 48.964357] consume_skb+0xaf/0x1d0 [ 48.967952] netlink_broadcast_filtered+0x288/0x900 [ 48.972940] netlink_broadcast+0xe/0x10 [ 48.976884] nlmsg_notify+0x107/0x140 [ 48.980656] rtnl_notify+0x86/0xe0 [ 48.984162] rtmsg_ifa+0x11e/0x190 [ 48.987679] __inet_insert_ifa+0x5e0/0xb30 [ 48.991885] inet_rtm_newaddr+0xb7f/0x13c0 [ 48.996092] rtnetlink_rcv_msg+0x676/0x9d0 [ 49.000296] netlink_rcv_skb+0x13c/0x380 [ 49.004324] rtnetlink_rcv+0x10/0x20 [ 49.008006] netlink_unicast+0x43d/0x650 [ 49.012034] netlink_sendmsg+0x680/0xc00 [ 49.016068] sock_sendmsg+0xac/0xf0 [ 49.019668] __sys_sendto+0x1d8/0x2a0 [ 49.023442] __x64_sys_sendto+0xdc/0x1a0 [ 49.027498] do_syscall_64+0xca/0x340 [ 49.031264] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 49.036418] [ 49.038028] The buggy address belongs to the object at ffff8801efbac780 [ 49.038028] which belongs to the cache kmalloc-512 of size 512 [ 49.050648] The buggy address is located 0 bytes inside of [ 49.050648] 512-byte region [ffff8801efbac780, ffff8801efbac980) [ 49.062326] The buggy address belongs to the page: [ 49.067225] page:ffffea0007beeb00 count:1 mapcount:0 mapping:ffff8801f6802c00 index:0x0 compound_mapcount: 0 [ 49.077159] flags: 0x100000000008100(slab|head) [ 49.081803] raw: 0100000000008100 dead000000000100 dead000000000200 ffff8801f6802c00 [ 49.089652] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 49.097502] page dumped because: kasan: bad access detected [ 49.103270] page allocated via order 1, migratetype Unmovable, gfp_mask 0x152c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC) [ 49.117114] get_page_from_freelist+0x2bf3/0x4050 [ 49.121929] __alloc_pages_nodemask+0x390/0x2300 [ 49.126651] alloc_page_interleave+0x14/0x130 [ 49.131113] alloc_pages_current+0x1ef/0x290 [ 49.135585] new_slab+0x44b/0x7b0 [ 49.139008] ___slab_alloc+0x600/0x890 [ 49.142948] __slab_alloc+0x2f/0x60 [ 49.146638] kmem_cache_alloc_node_trace+0xb6/0x240 [ 49.151630] iolatency_pd_alloc+0x4c/0xe0 [ 49.155752] blkcg_activate_policy+0xcb/0x510 [ 49.160214] blk_iolatency_init+0x11e/0x280 [ 49.164587] blkcg_init_queue+0x160/0x290 [ 49.168698] blk_alloc_queue_node+0x726/0xab0 [ 49.173245] blk_mq_init_queue+0x3e/0x90 [ 49.177275] loop_add+0x274/0x800 [ 49.180691] loop_init+0x174/0x1c5 [ 49.184196] [ 49.185789] Memory state around the buggy address: [ 49.190680] ffff8801efbac880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.198095] ffff8801efbac900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.205427] >ffff8801efbac980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.212777] ^ [ 49.216109] ffff8801efbaca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.223432] ffff8801efbaca80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.230756] ================================================================== [ 49.238166] Disabling lock debugging due to kernel taint [ 49.243683] Kernel panic - not syncing: panic_on_warn set ... [ 49.243683] [ 49.251875] Kernel Offset: disabled [ 49.255485] Rebooting in 86400 seconds..