Warning: Permanently added '10.128.1.83' (ED25519) to the list of known hosts. 2024/07/06 08:21:06 ignoring optional flag "sandboxArg"="0" 2024/07/06 08:21:06 parsed 1 programs 2024/07/06 08:21:06 executed programs: 0 [ 67.463727][ T1775] loop0: detected capacity change from 0 to 1024 2024/07/06 08:21:12 executed programs: 1 [ 67.543338][ T261] ================================================================== [ 67.551530][ T261] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x6f4/0xde0 [ 67.560479][ T261] Read of size 1024 at addr ffff888174987c00 by task kworker/u4:4/261 [ 67.568622][ T261] [ 67.570960][ T261] CPU: 0 PID: 261 Comm: kworker/u4:4 Not tainted 6.1.97-syzkaller #0 [ 67.579012][ T261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 67.589058][ T261] Workqueue: loop0 loop_workfn [ 67.593820][ T261] Call Trace: [ 67.597089][ T261] [ 67.599997][ T261] dump_stack_lvl+0xf4/0x251 [ 67.604569][ T261] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 67.609994][ T261] ? panic+0x3fe/0x3fe [ 67.614043][ T261] ? _printk+0xca/0x10a [ 67.618242][ T261] ? __virt_addr_valid+0x139/0x260 [ 67.623436][ T261] ? __virt_addr_valid+0x211/0x260 [ 67.628603][ T261] print_report+0x15f/0x4f0 [ 67.633196][ T261] ? __virt_addr_valid+0x139/0x260 [ 67.638361][ T261] ? __virt_addr_valid+0x211/0x260 [ 67.643648][ T261] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 67.649547][ T261] kasan_report+0x136/0x160 [ 67.654027][ T261] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 67.660039][ T261] kasan_check_range+0x27f/0x290 [ 67.665016][ T261] ? copy_page_from_iter_atomic+0x6f4/0xde0 [ 67.671089][ T261] memcpy+0x25/0x60 [ 67.674893][ T261] copy_page_from_iter_atomic+0x6f4/0xde0 [ 67.680861][ T261] ? pipe_zero+0x1e0/0x1e0 [ 67.685455][ T261] ? shmem_write_begin+0x1dd/0x400 [ 67.690748][ T261] ? shmem_writepage+0x1410/0x1410 [ 67.695946][ T261] ? rcu_is_watching+0x1b/0x90 [ 67.700687][ T261] generic_perform_write+0x352/0x530 [ 67.705947][ T261] ? generic_file_direct_write+0x360/0x360 [ 67.711809][ T261] ? generic_write_checks+0xc9/0x170 [ 67.717087][ T261] __generic_file_write_iter+0x13f/0x340 [ 67.722830][ T261] generic_file_write_iter+0x99/0x230 [ 67.728381][ T261] do_iter_write+0x664/0xad0 [ 67.732981][ T261] ? vfs_iter_write+0x90/0x90 [ 67.737659][ T261] ? kthread_associate_blkcg+0x1e7/0x330 [ 67.743281][ T261] loop_process_work+0x1420/0x1e40 [ 67.748386][ T261] ? loop_workfn+0x50/0x50 [ 67.752795][ T261] ? read_lock_is_recursive+0x10/0x10 [ 67.758174][ T261] ? _raw_spin_unlock_irqrestore+0xcb/0x130 [ 67.764074][ T261] ? read_word_at_a_time+0xe/0x20 [ 67.769248][ T261] ? process_one_work+0x6af/0xe90 [ 67.774288][ T261] ? process_one_work+0x6af/0xe90 [ 67.779327][ T261] process_one_work+0x745/0xe90 [ 67.784165][ T261] ? worker_detach_from_pool+0x240/0x240 [ 67.789864][ T261] ? __rwlock_init+0x140/0x140 [ 67.794686][ T261] ? wq_worker_sleeping+0x19/0x1f0 [ 67.799943][ T261] worker_thread+0x806/0xe60 [ 67.804507][ T261] kthread+0x1e8/0x240 [ 67.808546][ T261] ? process_one_work+0xe90/0xe90 [ 67.813561][ T261] ? kthread_blkcg+0xa0/0xa0 [ 67.818142][ T261] ret_from_fork+0x1f/0x30 [ 67.822531][ T261] [ 67.825546][ T261] [ 67.827934][ T261] Allocated by task 1775: [ 67.832251][ T261] kasan_set_track+0x4b/0x70 [ 67.836914][ T261] __kasan_kmalloc+0x97/0xb0 [ 67.841495][ T261] __kmalloc+0xa6/0x1c0 [ 67.845633][ T261] hfsplus_read_wrapper+0x3fc/0x1110 [ 67.851285][ T261] hfsplus_fill_super+0x36e/0x1970 [ 67.856413][ T261] mount_bdev+0x26b/0x340 [ 67.860834][ T261] legacy_get_tree+0xe5/0x170 [ 67.865480][ T261] vfs_get_tree+0x7a/0x170 [ 67.869970][ T261] do_new_mount+0x21a/0x910 [ 67.874641][ T261] __se_sys_mount+0x23e/0x2d0 [ 67.879297][ T261] do_syscall_64+0x3b/0x80 [ 67.883757][ T261] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 67.889666][ T261] [ 67.892015][ T261] The buggy address belongs to the object at ffff888174987c00 [ 67.892015][ T261] which belongs to the cache kmalloc-512 of size 512 [ 67.906088][ T261] The buggy address is located 0 bytes inside of [ 67.906088][ T261] 512-byte region [ffff888174987c00, ffff888174987e00) [ 67.919672][ T261] [ 67.922148][ T261] The buggy address belongs to the physical page: [ 67.928539][ T261] page:ffffea0005d26100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174984 [ 67.939224][ T261] head:ffffea0005d26100 order:2 compound_mapcount:0 compound_pincount:0 [ 67.947616][ T261] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 67.954276][ T261] raw: 0100000000010200 0000000000000000 dead000000000001 ffff888100041c80 [ 67.962847][ T261] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 67.971413][ T261] page dumped because: kasan: bad access detected [ 67.977837][ T261] page_owner tracks the page as allocated [ 67.983530][ T261] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 712, tgid 712 (udevd), ts 7656589398, free_ts 5681214531 [ 68.004344][ T261] post_alloc_hook+0x286/0x2b0 [ 68.009171][ T261] get_page_from_freelist+0x3994/0x3b70 [ 68.014699][ T261] __alloc_pages+0x251/0x640 [ 68.019285][ T261] alloc_slab_page+0x6a/0x150 [ 68.023931][ T261] new_slab+0x70/0x250 [ 68.027981][ T261] ___slab_alloc+0x9df/0xe70 [ 68.032536][ T261] __kmem_cache_alloc_node+0x195/0x250 [ 68.038080][ T261] __kmalloc_node_track_caller+0x96/0x1c0 [ 68.043921][ T261] __alloc_skb+0x179/0x710 [ 68.048318][ T261] netlink_sendmsg+0x5c0/0xb60 [ 68.053051][ T261] ____sys_sendmsg+0x499/0x7a0 [ 68.057805][ T261] ___sys_sendmsg+0x223/0x2a0 [ 68.062462][ T261] __se_sys_sendmsg+0x143/0x1d0 [ 68.067354][ T261] do_syscall_64+0x3b/0x80 [ 68.071871][ T261] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 68.077943][ T261] page last free stack trace: [ 68.082583][ T261] free_unref_page_prepare+0xd38/0xed0 [ 68.088007][ T261] free_unref_page+0x33/0x390 [ 68.092679][ T261] free_contig_range+0x8d/0x130 [ 68.097496][ T261] destroy_args+0xde/0x79f [ 68.101895][ T261] debug_vm_pgtable+0x35f/0x51d [ 68.106708][ T261] do_one_initcall+0x19f/0x4c0 [ 68.111454][ T261] do_initcall_level+0x11e/0x1cd [ 68.116360][ T261] do_initcalls+0x46/0x74 [ 68.120907][ T261] kernel_init_freeable+0x375/0x4e9 [ 68.126093][ T261] kernel_init+0x14/0x190 [ 68.130401][ T261] ret_from_fork+0x1f/0x30 [ 68.134878][ T261] [ 68.137224][ T261] Memory state around the buggy address: [ 68.142873][ T261] ffff888174987d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.151001][ T261] ffff888174987d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.159043][ T261] >ffff888174987e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.167164][ T261] ^ [ 68.171198][ T261] ffff888174987e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.179221][ T261] ffff888174987f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.187249][ T261] ================================================================== [ 68.195905][ T261] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.203389][ T261] Kernel Offset: disabled [ 68.207889][ T261] Rebooting in 86400 seconds..