Warning: Permanently added '10.128.0.187' (ED25519) to the list of known hosts. 2024/08/15 06:24:51 ignoring optional flag "sandboxArg"="0" 2024/08/15 06:24:51 parsed 1 programs 2024/08/15 06:24:54 executed programs: 0 [ 138.301118][ T5526] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 138.672837][ T5551] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 138.681155][ T5551] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 138.695911][ T5551] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 138.716594][ T5554] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 138.726015][ T5554] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 138.736071][ T5557] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 138.744929][ T5554] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 138.752921][ T5554] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 138.762173][ T5557] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 138.771828][ T5557] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 138.781462][ T5554] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 138.782114][ T5557] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 138.789950][ T5560] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 138.796810][ T5557] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 138.804686][ T5554] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 138.814103][ T5557] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 138.818510][ T5560] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 138.825331][ T5557] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 138.832031][ T5554] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 138.841656][ T5557] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 138.847623][ T5560] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 138.859136][ T5554] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 138.859748][ T5557] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 138.868401][ T5554] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 138.875394][ T5557] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 138.880415][ T5560] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 138.888010][ T5557] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 138.894258][ T5554] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 138.909103][ T5557] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 138.911900][ T5554] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 138.922480][ T5237] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 138.927231][ T5554] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 138.954983][ T5554] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 138.962487][ T5554] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 138.972663][ T5548] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 138.984517][ T5548] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 140.225176][ T5549] chnl_net:caif_netlink_parms(): no params data found [ 140.611028][ T5543] chnl_net:caif_netlink_parms(): no params data found [ 140.626451][ T5541] chnl_net:caif_netlink_parms(): no params data found [ 140.663525][ T5540] chnl_net:caif_netlink_parms(): no params data found [ 140.935526][ T5545] chnl_net:caif_netlink_parms(): no params data found [ 140.973442][ T5549] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.981069][ T5549] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.984756][ T5554] Bluetooth: hci1: command tx timeout [ 140.989815][ T5549] bridge_slave_0: entered allmulticast mode [ 140.993790][ T54] Bluetooth: hci5: command tx timeout [ 141.003346][ T5549] bridge_slave_0: entered promiscuous mode [ 141.064489][ T5554] Bluetooth: hci0: command tx timeout [ 141.070585][ T5554] Bluetooth: hci2: command tx timeout [ 141.071861][ T5542] chnl_net:caif_netlink_parms(): no params data found [ 141.076512][ T54] Bluetooth: hci4: command tx timeout [ 141.089021][ T5548] Bluetooth: hci3: command tx timeout [ 141.109928][ T5549] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.117731][ T5549] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.125144][ T5549] bridge_slave_1: entered allmulticast mode [ 141.133333][ T5549] bridge_slave_1: entered promiscuous mode [ 141.407024][ T5543] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.415184][ T5543] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.422448][ T5543] bridge_slave_0: entered allmulticast mode [ 141.431965][ T5543] bridge_slave_0: entered promiscuous mode [ 141.443163][ T5543] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.450530][ T5543] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.457811][ T5543] bridge_slave_1: entered allmulticast mode [ 141.466615][ T5543] bridge_slave_1: entered promiscuous mode [ 141.522341][ T5549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 141.641445][ T5541] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.649200][ T5541] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.656831][ T5541] bridge_slave_0: entered allmulticast mode [ 141.666858][ T5541] bridge_slave_0: entered promiscuous mode [ 141.687590][ T5541] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.695949][ T5541] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.703259][ T5541] bridge_slave_1: entered allmulticast mode [ 141.712677][ T5541] bridge_slave_1: entered promiscuous mode [ 141.734891][ T5549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 141.769468][ T5540] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.777000][ T5540] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.784518][ T5540] bridge_slave_0: entered allmulticast mode [ 141.793228][ T5540] bridge_slave_0: entered promiscuous mode [ 141.808674][ T5543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 141.906565][ T5540] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.913928][ T5540] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.922224][ T5540] bridge_slave_1: entered allmulticast mode [ 141.932216][ T5540] bridge_slave_1: entered promiscuous mode [ 141.943236][ T5543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.052323][ T5545] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.060310][ T5545] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.068718][ T5545] bridge_slave_0: entered allmulticast mode [ 142.077335][ T5545] bridge_slave_0: entered promiscuous mode [ 142.095274][ T5549] team0: Port device team_slave_0 added [ 142.176353][ T5542] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.183627][ T5542] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.191667][ T5542] bridge_slave_0: entered allmulticast mode [ 142.200920][ T5542] bridge_slave_0: entered promiscuous mode [ 142.238310][ T5541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.277333][ T5541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.288650][ T5545] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.296098][ T5545] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.303437][ T5545] bridge_slave_1: entered allmulticast mode [ 142.313211][ T5545] bridge_slave_1: entered promiscuous mode [ 142.330368][ T5549] team0: Port device team_slave_1 added [ 142.376203][ T5543] team0: Port device team_slave_0 added [ 142.383195][ T5542] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.391296][ T5542] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.399099][ T5542] bridge_slave_1: entered allmulticast mode [ 142.408397][ T5542] bridge_slave_1: entered promiscuous mode [ 142.491076][ T5540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.508735][ T5540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.520611][ T5543] team0: Port device team_slave_1 added [ 142.731412][ T5542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.749121][ T5541] team0: Port device team_slave_0 added [ 142.761903][ T5545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.773181][ T5549] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 142.780952][ T5549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.807280][ T5549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 142.824382][ T5549] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 142.831423][ T5549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.867470][ T5549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 142.867925][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 142.885327][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 142.911193][ T5543] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 142.919577][ T5543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.947012][ T5543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 142.963115][ T5542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.999815][ T5541] team0: Port device team_slave_1 added [ 143.037639][ T5545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 143.065036][ T54] Bluetooth: hci5: command tx timeout [ 143.068473][ T5540] team0: Port device team_slave_0 added [ 143.076257][ T54] Bluetooth: hci1: command tx timeout [ 143.084454][ T5543] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 143.091413][ T5543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.118376][ T5543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 143.146136][ T54] Bluetooth: hci4: command tx timeout [ 143.151589][ T54] Bluetooth: hci2: command tx timeout [ 143.157808][ T5554] Bluetooth: hci3: command tx timeout [ 143.161332][ T54] Bluetooth: hci0: command tx timeout [ 143.258525][ T5545] team0: Port device team_slave_0 added [ 143.272575][ T5540] team0: Port device team_slave_1 added [ 143.320937][ T5542] team0: Port device team_slave_0 added [ 143.331222][ T5541] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 143.339280][ T5541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.368578][ T5541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 143.385593][ T5545] team0: Port device team_slave_1 added [ 143.444553][ T5540] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 143.451537][ T5540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.479380][ T5540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 143.498464][ T5542] team0: Port device team_slave_1 added [ 143.506271][ T5541] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 143.513230][ T5541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.540120][ T5541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 143.654933][ T5540] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 143.661928][ T5540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.689164][ T5540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 143.822334][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 143.829811][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.858186][ T5545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 143.908235][ T5543] hsr_slave_0: entered promiscuous mode [ 143.916065][ T5543] hsr_slave_1: entered promiscuous mode [ 143.928164][ T5542] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 143.938780][ T5542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.965467][ T5542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 144.008392][ T5549] hsr_slave_0: entered promiscuous mode [ 144.016396][ T5549] hsr_slave_1: entered promiscuous mode [ 144.023115][ T5549] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 144.031457][ T5549] Cannot create hsr debugfs directory [ 144.067286][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 144.074581][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.100987][ T5545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 144.129428][ T5542] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 144.136548][ T5542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.163357][ T5542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 144.186427][ T5541] hsr_slave_0: entered promiscuous mode [ 144.193618][ T5541] hsr_slave_1: entered promiscuous mode [ 144.201831][ T5541] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 144.209728][ T5541] Cannot create hsr debugfs directory [ 144.358227][ T5540] hsr_slave_0: entered promiscuous mode [ 144.366360][ T5540] hsr_slave_1: entered promiscuous mode [ 144.373053][ T5540] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 144.382903][ T5540] Cannot create hsr debugfs directory [ 144.651280][ T5545] hsr_slave_0: entered promiscuous mode [ 144.660024][ T5545] hsr_slave_1: entered promiscuous mode [ 144.668228][ T5545] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 144.675899][ T5545] Cannot create hsr debugfs directory [ 144.725082][ T5542] hsr_slave_0: entered promiscuous mode [ 144.732485][ T5542] hsr_slave_1: entered promiscuous mode [ 144.740337][ T5542] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 144.748195][ T5542] Cannot create hsr debugfs directory [ 145.152921][ T54] Bluetooth: hci1: command tx timeout [ 145.158614][ T54] Bluetooth: hci5: command tx timeout [ 145.225067][ T54] Bluetooth: hci0: command tx timeout [ 145.225198][ T5554] Bluetooth: hci3: command tx timeout [ 145.230622][ T54] Bluetooth: hci4: command tx timeout [ 145.236043][ T5548] Bluetooth: hci2: command tx timeout [ 145.797433][ T5549] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 145.837832][ T5549] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 145.871037][ T5549] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 145.901788][ T5549] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 145.970471][ T5543] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 145.992896][ T5543] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 146.021877][ T5543] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 146.048515][ T5543] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 146.158481][ T5540] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 146.204464][ T5540] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 146.220742][ T5540] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 146.277985][ T5540] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 146.691744][ T5545] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 146.723121][ T5545] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 146.755359][ T5545] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 147.046259][ T5545] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 147.224601][ T5548] Bluetooth: hci5: command tx timeout [ 147.236531][ T5548] Bluetooth: hci1: command tx timeout [ 147.306647][ T5548] Bluetooth: hci4: command tx timeout [ 147.312315][ T5548] Bluetooth: hci0: command tx timeout [ 147.322430][ T5554] Bluetooth: hci2: command tx timeout [ 147.324251][ T5237] Bluetooth: hci3: command tx timeout [ 147.660073][ T5549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.936886][ T5549] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.042833][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.050193][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.123195][ T5540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.165331][ T5543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.262889][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.270521][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.299462][ T5542] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 148.319323][ T5542] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 148.341684][ T5542] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 148.423684][ T5542] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 148.582209][ T5545] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.611157][ T5540] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.699549][ T5543] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.770187][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.777529][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.832425][ T5541] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 148.849542][ T5541] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 148.887408][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.894859][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.956240][ T5545] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.967640][ T5541] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 148.995899][ T5541] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 149.033686][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.041047][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.101821][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.109339][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.189236][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.196664][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.402906][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.410266][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.202767][ T5543] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 150.471065][ T5549] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 150.610474][ T5541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.776960][ T5542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.882127][ T5541] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.112815][ T5542] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.137810][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.145139][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.212505][ T5540] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.270166][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.277650][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.324985][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.332292][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.388240][ T5549] veth0_vlan: entered promiscuous mode [ 151.459337][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.466734][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.531022][ T5549] veth1_vlan: entered promiscuous mode [ 151.583790][ T5543] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.772098][ T5545] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.162812][ T5549] veth0_macvtap: entered promiscuous mode [ 152.293312][ T5549] veth1_macvtap: entered promiscuous mode [ 152.566545][ T5549] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.748166][ T5545] veth0_vlan: entered promiscuous mode [ 152.837999][ T5549] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.905421][ T5549] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.923550][ T5549] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.944159][ T5549] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.968051][ T5549] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.025216][ T5540] veth0_vlan: entered promiscuous mode [ 153.104362][ T5545] veth1_vlan: entered promiscuous mode [ 153.185366][ T5540] veth1_vlan: entered promiscuous mode [ 153.382674][ T5541] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.726792][ T5545] veth0_macvtap: entered promiscuous mode [ 153.819790][ T5540] veth0_macvtap: entered promiscuous mode [ 153.872554][ T5542] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.963535][ T5545] veth1_macvtap: entered promiscuous mode [ 153.977368][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.009401][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.031202][ T5543] veth0_vlan: entered promiscuous mode [ 154.091875][ T5540] veth1_macvtap: entered promiscuous mode [ 154.376436][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 154.412112][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.414061][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 154.445680][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.467970][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.488171][ T5545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.534379][ T5545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.564107][ T5545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.585035][ T5545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.607206][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.648643][ T5543] veth1_vlan: entered promiscuous mode [ 154.728568][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.764532][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.791610][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 154.803784][ T5541] veth0_vlan: entered promiscuous mode [ 154.848099][ T5545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.877027][ T5545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.908861][ T5545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.945092][ T5545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.993662][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.031007][ T5545] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.042672][ T5545] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.052523][ T5545] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.062012][ T5545] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.073574][ T5737] loop0: detected capacity change from 0 to 1024 [ 155.111068][ T5737] ======================================================= [ 155.111068][ T5737] WARNING: The mand mount option has been deprecated and [ 155.111068][ T5737] and is ignored by this kernel. Remove the mand [ 155.111068][ T5737] option from the mount to silence this warning. [ 155.111068][ T5737] ======================================================= [ 155.143521][ T5541] veth1_vlan: entered promiscuous mode [ 155.171156][ T5540] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.182927][ T5540] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.210130][ T5540] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 2024/08/15 06:25:11 executed programs: 6 [ 155.243563][ T5540] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.335892][ T1108] ================================================================== [ 155.344087][ T1108] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170 [ 155.352872][ T1108] Read of size 2048 at addr ffff88807b4cb000 by task kworker/u8:7/1108 [ 155.359971][ T5543] veth0_macvtap: entered promiscuous mode [ 155.361158][ T1108] [ 155.361171][ T1108] CPU: 0 UID: 0 PID: 1108 Comm: kworker/u8:7 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 155.377272][ T5543] veth1_macvtap: entered promiscuous mode [ 155.380028][ T1108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 155.395909][ T1108] Workqueue: loop0 loop_workfn [ 155.400724][ T1108] Call Trace: [ 155.404108][ T1108] [ 155.407053][ T1108] dump_stack_lvl+0x116/0x1f0 [ 155.411988][ T1108] print_report+0xc3/0x620 [ 155.416752][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.422859][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.428635][ T1108] ? __phys_addr+0xc6/0x150 [ 155.433185][ T1108] kasan_report+0xd9/0x110 [ 155.437654][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 155.443949][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 155.449990][ T1108] kasan_check_range+0xef/0x1a0 [ 155.454874][ T1108] __asan_memcpy+0x23/0x60 [ 155.459326][ T1108] copy_page_from_iter_atomic+0x8bc/0x1170 [ 155.465183][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.470846][ T1108] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 155.477130][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.482997][ T1108] ? shmem_write_begin+0x16f/0x360 [ 155.488166][ T1108] ? __pfx_shmem_write_begin+0x10/0x10 [ 155.493669][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.499346][ T1108] ? lockdep_hardirqs_on+0x7c/0x110 [ 155.504590][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.510279][ T1108] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 155.517350][ T1108] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 155.523332][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.529019][ T1108] generic_perform_write+0x53d/0xaa0 [ 155.534366][ T1108] ? __pfx_generic_perform_write+0x10/0x10 [ 155.540420][ T1108] ? __mark_inode_dirty+0x2a6/0xe70 [ 155.545692][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.551361][ T1108] ? preempt_count_add+0x76/0x150 [ 155.556460][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.562126][ T1108] ? mnt_put_write_access_file+0xc1/0xf0 [ 155.567845][ T1108] shmem_file_write_iter+0x114/0x140 [ 155.573186][ T1108] do_iter_readv_writev+0x534/0x800 [ 155.578417][ T1108] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 155.584177][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.589850][ T1108] vfs_iter_write+0x1eb/0x9c0 [ 155.594564][ T1108] loop_process_work+0x14dd/0x2000 [ 155.599736][ T1108] ? __pfx_loop_process_work+0x10/0x10 [ 155.605238][ T1108] ? __pfx_lock_release+0x10/0x10 [ 155.610398][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.616082][ T1108] process_one_work+0x9c8/0x1b40 [ 155.621086][ T1108] ? __pfx_batadv_nc_worker+0x10/0x10 [ 155.626729][ T1108] ? __pfx_process_one_work+0x10/0x10 [ 155.632153][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.637827][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.643490][ T1108] ? assign_work+0x1a0/0x250 [ 155.648134][ T1108] worker_thread+0x6c8/0xf20 [ 155.652815][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.658486][ T1108] ? __kthread_parkme+0x148/0x220 [ 155.663550][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.669243][ T1108] ? __pfx_worker_thread+0x10/0x10 [ 155.674409][ T1108] kthread+0x2c4/0x3a0 [ 155.678864][ T1108] ? _raw_spin_unlock_irq+0x23/0x50 [ 155.684204][ T1108] ? __pfx_kthread+0x10/0x10 [ 155.688827][ T1108] ret_from_fork+0x48/0x80 [ 155.693298][ T1108] ? __pfx_kthread+0x10/0x10 [ 155.697923][ T1108] ret_from_fork_asm+0x1a/0x30 [ 155.702754][ T1108] [ 155.705785][ T1108] [ 155.708110][ T1108] Allocated by task 5737: [ 155.712453][ T1108] kasan_save_stack+0x33/0x60 [ 155.717168][ T1108] kasan_save_track+0x14/0x30 [ 155.721880][ T1108] __kasan_kmalloc+0xaa/0xb0 [ 155.726505][ T1108] __kmalloc_noprof+0x1e8/0x400 [ 155.731435][ T1108] hfsplus_read_wrapper+0x34c/0xff0 [ 155.736660][ T1108] hfsplus_fill_super+0x352/0x1bc0 [ 155.741831][ T1108] mount_bdev+0x1e6/0x2d0 [ 155.746189][ T1108] legacy_get_tree+0x10c/0x220 [ 155.751003][ T1108] vfs_get_tree+0x92/0x380 [ 155.755441][ T1108] path_mount+0x14e6/0x1f20 [ 155.759991][ T1108] __x64_sys_mount+0x294/0x320 [ 155.764801][ T1108] do_syscall_64+0xcd/0x250 [ 155.769341][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.775282][ T1108] [ 155.777605][ T1108] The buggy address belongs to the object at ffff88807b4cb000 [ 155.777605][ T1108] which belongs to the cache kmalloc-512 of size 512 [ 155.791673][ T1108] The buggy address is located 0 bytes inside of [ 155.791673][ T1108] allocated 512-byte region [ffff88807b4cb000, ffff88807b4cb200) [ 155.805666][ T1108] [ 155.807996][ T1108] The buggy address belongs to the physical page: [ 155.814407][ T1108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b4c8 [ 155.823200][ T1108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 155.831724][ T1108] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 155.839297][ T1108] page_type: 0xfdffffff(slab) [ 155.843997][ T1108] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 155.852613][ T1108] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 155.861228][ T1108] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 155.870041][ T1108] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 155.878738][ T1108] head: 00fff00000000002 ffffea0001ed3201 ffffffffffffffff 0000000000000000 [ 155.887456][ T1108] head: ffff888000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 155.896399][ T1108] page dumped because: kasan: bad access detected [ 155.902820][ T1108] page_owner tracks the page as allocated [ 155.908536][ T1108] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5545, tgid 5545 (syz-executor.3), ts 154810862436, free_ts 153529740197 [ 155.931685][ T1108] post_alloc_hook+0x2d1/0x350 [ 155.936493][ T1108] get_page_from_freelist+0x1351/0x2e50 [ 155.942084][ T1108] __alloc_pages_noprof+0x22b/0x2460 [ 155.947413][ T1108] alloc_slab_page+0x4e/0xf0 [ 155.952027][ T1108] new_slab+0x84/0x260 [ 155.956135][ T1108] ___slab_alloc+0xdac/0x1870 [ 155.960844][ T1108] __slab_alloc.constprop.0+0x56/0xb0 [ 155.966253][ T1108] __kmalloc_noprof+0x367/0x400 [ 155.971138][ T1108] fib6_info_alloc+0x40/0x160 [ 155.975841][ T1108] ip6_route_info_create+0x337/0x1940 [ 155.981252][ T1108] ip6_route_add+0x26/0x190 [ 155.985799][ T1108] addrconf_add_mroute+0x1de/0x350 [ 155.990930][ T1108] addrconf_add_dev+0x14e/0x1c0 [ 155.995812][ T1108] inet6_addr_add+0x1a8/0xbe0 [ 156.000521][ T1108] inet6_rtm_newaddr+0x11e7/0x1ab0 [ 156.005663][ T1108] rtnetlink_rcv_msg+0x3ca/0xea0 [ 156.010634][ T1108] page last free pid 5718 tgid 5718 stack trace: [ 156.016968][ T1108] free_unref_page+0x64a/0xe40 [ 156.021769][ T1108] __put_partials+0x14c/0x170 [ 156.026568][ T1108] qlist_free_all+0x4e/0x140 [ 156.031187][ T1108] kasan_quarantine_reduce+0x192/0x1e0 [ 156.036675][ T1108] __kasan_slab_alloc+0x69/0x90 [ 156.041820][ T1108] kmem_cache_alloc_noprof+0x121/0x2f0 [ 156.047316][ T1108] getname_flags.part.0+0x4c/0x550 [ 156.052468][ T1108] getname_flags+0x93/0xf0 [ 156.056904][ T1108] vfs_fstatat+0x86/0x160 [ 156.061268][ T1108] __do_sys_newfstatat+0xa2/0x130 [ 156.066503][ T1108] do_syscall_64+0xcd/0x250 [ 156.071043][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.076980][ T1108] [ 156.079329][ T1108] Memory state around the buggy address: [ 156.085068][ T1108] ffff88807b4cb100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 156.093147][ T1108] ffff88807b4cb180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 156.101658][ T1108] >ffff88807b4cb200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 156.109730][ T1108] ^ [ 156.113845][ T1108] ffff88807b4cb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 156.122047][ T1108] ffff88807b4cb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 156.130127][ T1108] ================================================================== [ 156.144300][ T1108] Disabling lock debugging due to kernel taint [ 156.211054][ T1108] ================================================================== [ 156.219163][ T1108] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170 [ 156.227896][ T1108] Read of size 2048 at addr ffff88807b4cb000 by task kworker/u8:7/1108 [ 156.236172][ T1108] [ 156.238522][ T1108] CPU: 0 UID: 0 PID: 1108 Comm: kworker/u8:7 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 156.250898][ T1108] Tainted: [B]=BAD_PAGE [ 156.255065][ T1108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 156.265153][ T1108] Workqueue: loop0 loop_workfn [ 156.269967][ T1108] Call Trace: [ 156.273276][ T1108] [ 156.276228][ T1108] dump_stack_lvl+0x116/0x1f0 [ 156.280949][ T1108] print_report+0xc3/0x620 [ 156.285514][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.291238][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.296909][ T1108] ? __phys_addr+0xc6/0x150 [ 156.301471][ T1108] kasan_report+0xd9/0x110 [ 156.305952][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 156.312018][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 156.318070][ T1108] kasan_check_range+0xef/0x1a0 [ 156.323038][ T1108] __asan_memcpy+0x23/0x60 [ 156.327558][ T1108] copy_page_from_iter_atomic+0x8bc/0x1170 [ 156.333522][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.339222][ T1108] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 156.345509][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.351175][ T1108] ? shmem_write_begin+0x16f/0x360 [ 156.356502][ T1108] ? __pfx_shmem_write_begin+0x10/0x10 [ 156.362033][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.367733][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.373485][ T1108] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 156.380393][ T1108] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 156.386328][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.392021][ T1108] generic_perform_write+0x53d/0xaa0 [ 156.397402][ T1108] ? __pfx_generic_perform_write+0x10/0x10 [ 156.403248][ T1108] ? __mark_inode_dirty+0x2a6/0xe70 [ 156.408508][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.414779][ T1108] ? preempt_count_add+0x76/0x150 [ 156.419930][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.425682][ T1108] ? mnt_put_write_access_file+0xc1/0xf0 [ 156.431485][ T1108] shmem_file_write_iter+0x114/0x140 [ 156.436828][ T1108] do_iter_readv_writev+0x534/0x800 [ 156.442061][ T1108] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 156.447812][ T1108] ? __pfx___might_resched+0x10/0x10 [ 156.453130][ T1108] vfs_iter_write+0x1eb/0x9c0 [ 156.457839][ T1108] loop_process_work+0x14dd/0x2000 [ 156.462991][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.468678][ T1108] ? __pfx_loop_process_work+0x10/0x10 [ 156.474175][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.479836][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.486018][ T1108] ? rcu_is_watching+0x12/0xc0 [ 156.490832][ T1108] ? lock_acquire+0x47b/0x560 [ 156.495580][ T1108] ? __pfx_lock_release+0x10/0x10 [ 156.500661][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.506412][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.512112][ T1108] ? rcu_is_watching+0x12/0xc0 [ 156.516944][ T1108] process_one_work+0x9c8/0x1b40 [ 156.521952][ T1108] ? __pfx_lock_acquire+0x10/0x10 [ 156.527035][ T1108] ? __pfx_process_one_work+0x10/0x10 [ 156.532457][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.538258][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.543928][ T1108] ? assign_work+0x1a0/0x250 [ 156.548573][ T1108] worker_thread+0x6c8/0xf20 [ 156.553223][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.558920][ T1108] ? __kthread_parkme+0x148/0x220 [ 156.563978][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.569654][ T1108] ? __pfx_worker_thread+0x10/0x10 [ 156.574817][ T1108] kthread+0x2c4/0x3a0 [ 156.578921][ T1108] ? _raw_spin_unlock_irq+0x23/0x50 [ 156.584153][ T1108] ? __pfx_kthread+0x10/0x10 [ 156.588775][ T1108] ret_from_fork+0x48/0x80 [ 156.593237][ T1108] ? __pfx_kthread+0x10/0x10 [ 156.597880][ T1108] ret_from_fork_asm+0x1a/0x30 [ 156.602701][ T1108] [ 156.605734][ T1108] [ 156.608061][ T1108] Allocated by task 5737: [ 156.612391][ T1108] kasan_save_stack+0x33/0x60 [ 156.617105][ T1108] kasan_save_track+0x14/0x30 [ 156.621815][ T1108] __kasan_kmalloc+0xaa/0xb0 [ 156.626608][ T1108] __kmalloc_noprof+0x1e8/0x400 [ 156.631494][ T1108] hfsplus_read_wrapper+0x34c/0xff0 [ 156.636716][ T1108] hfsplus_fill_super+0x352/0x1bc0 [ 156.641853][ T1108] mount_bdev+0x1e6/0x2d0 [ 156.646205][ T1108] legacy_get_tree+0x10c/0x220 [ 156.651019][ T1108] vfs_get_tree+0x92/0x380 [ 156.655461][ T1108] path_mount+0x14e6/0x1f20 [ 156.659989][ T1108] __x64_sys_mount+0x294/0x320 [ 156.664790][ T1108] do_syscall_64+0xcd/0x250 [ 156.669340][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.675457][ T1108] [ 156.677879][ T1108] The buggy address belongs to the object at ffff88807b4cb000 [ 156.677879][ T1108] which belongs to the cache kmalloc-512 of size 512 [ 156.692152][ T1108] The buggy address is located 0 bytes inside of [ 156.692152][ T1108] allocated 512-byte region [ffff88807b4cb000, ffff88807b4cb200) [ 156.706170][ T1108] [ 156.708499][ T1108] The buggy address belongs to the physical page: [ 156.714914][ T1108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b4c8 [ 156.723700][ T1108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 156.732224][ T1108] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 156.739905][ T1108] page_type: 0xfdffffff(slab) [ 156.744782][ T1108] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 156.753385][ T1108] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 156.761991][ T1108] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 156.770686][ T1108] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 156.779422][ T1108] head: 00fff00000000002 ffffea0001ed3201 ffffffffffffffff 0000000000000000 [ 156.788205][ T1108] head: ffff888000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 156.796883][ T1108] page dumped because: kasan: bad access detected [ 156.803304][ T1108] page_owner tracks the page as allocated [ 156.809053][ T1108] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5545, tgid 5545 (syz-executor.3), ts 154810862436, free_ts 153529740197 [ 156.832546][ T1108] post_alloc_hook+0x2d1/0x350 [ 156.837352][ T1108] get_page_from_freelist+0x1351/0x2e50 [ 156.842943][ T1108] __alloc_pages_noprof+0x22b/0x2460 [ 156.848288][ T1108] alloc_slab_page+0x4e/0xf0 [ 156.852903][ T1108] new_slab+0x84/0x260 [ 156.857173][ T1108] ___slab_alloc+0xdac/0x1870 [ 156.861906][ T1108] __slab_alloc.constprop.0+0x56/0xb0 [ 156.867316][ T1108] __kmalloc_noprof+0x367/0x400 [ 156.872204][ T1108] fib6_info_alloc+0x40/0x160 [ 156.876905][ T1108] ip6_route_info_create+0x337/0x1940 [ 156.882338][ T1108] ip6_route_add+0x26/0x190 [ 156.886967][ T1108] addrconf_add_mroute+0x1de/0x350 [ 156.892097][ T1108] addrconf_add_dev+0x14e/0x1c0 [ 156.896973][ T1108] inet6_addr_add+0x1a8/0xbe0 [ 156.901698][ T1108] inet6_rtm_newaddr+0x11e7/0x1ab0 [ 156.906890][ T1108] rtnetlink_rcv_msg+0x3ca/0xea0 [ 156.911975][ T1108] page last free pid 5718 tgid 5718 stack trace: [ 156.918349][ T1108] free_unref_page+0x64a/0xe40 [ 156.923156][ T1108] __put_partials+0x14c/0x170 [ 156.927872][ T1108] qlist_free_all+0x4e/0x140 [ 156.932586][ T1108] kasan_quarantine_reduce+0x192/0x1e0 [ 156.938196][ T1108] __kasan_slab_alloc+0x69/0x90 [ 156.943277][ T1108] kmem_cache_alloc_noprof+0x121/0x2f0 [ 156.948780][ T1108] getname_flags.part.0+0x4c/0x550 [ 156.954019][ T1108] getname_flags+0x93/0xf0 [ 156.958455][ T1108] vfs_fstatat+0x86/0x160 [ 156.962907][ T1108] __do_sys_newfstatat+0xa2/0x130 [ 156.967977][ T1108] do_syscall_64+0xcd/0x250 [ 156.972516][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.978465][ T1108] [ 156.980817][ T1108] Memory state around the buggy address: [ 156.986454][ T1108] ffff88807b4cb100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 156.994637][ T1108] ffff88807b4cb180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 157.002720][ T1108] >ffff88807b4cb200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 157.010799][ T1108] ^ [ 157.014919][ T1108] ffff88807b4cb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 157.022995][ T1108] ffff88807b4cb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 157.031591][ T1108] ================================================================== [ 157.307430][ T5542] veth0_vlan: entered promiscuous mode [ 157.365905][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.391815][ T5746] loop0: detected capacity change from 0 to 1024 [ 157.395956][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.418881][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.430042][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.444608][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.458855][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.475546][ T5543] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.545055][ T1046] ================================================================== [ 157.553170][ T1046] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170 [ 157.561932][ T1046] Read of size 2048 at addr ffff888022cfd400 by task kworker/u8:6/1046 [ 157.570199][ T1046] [ 157.572540][ T1046] CPU: 1 UID: 0 PID: 1046 Comm: kworker/u8:6 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 157.584917][ T1046] Tainted: [B]=BAD_PAGE [ 157.589092][ T1046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 157.599173][ T1046] Workqueue: loop0 loop_workfn [ 157.603984][ T1046] Call Trace: [ 157.607280][ T1046] [ 157.610229][ T1046] dump_stack_lvl+0x116/0x1f0 [ 157.614957][ T1046] print_report+0xc3/0x620 [ 157.619429][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.622987][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.625078][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.625127][ T1046] ? __phys_addr+0xc6/0x150 [ 157.625178][ T1046] kasan_report+0xd9/0x110 [ 157.625238][ T1046] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 157.625301][ T1046] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 157.625366][ T1046] kasan_check_range+0xef/0x1a0 [ 157.625408][ T1046] __asan_memcpy+0x23/0x60 [ 157.625457][ T1046] copy_page_from_iter_atomic+0x8bc/0x1170 [ 157.625522][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.625568][ T1046] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 157.625627][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.625672][ T1046] ? shmem_write_begin+0x16f/0x360 [ 157.625734][ T1046] ? __pfx_shmem_write_begin+0x10/0x10 [ 157.625787][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.625833][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.639294][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.641811][ T1046] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 157.646820][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.650678][ T1046] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 157.656739][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.662585][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.662640][ T1046] generic_perform_write+0x53d/0xaa0 [ 157.662712][ T1046] ? __pfx_generic_perform_write+0x10/0x10 [ 157.662766][ T1046] ? __mark_inode_dirty+0x2a6/0xe70 [ 157.662818][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.662863][ T1046] ? preempt_count_add+0x76/0x150 [ 157.662919][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.662967][ T1046] ? mnt_put_write_access_file+0xc1/0xf0 [ 157.663038][ T1046] shmem_file_write_iter+0x114/0x140 [ 157.663106][ T1046] do_iter_readv_writev+0x534/0x800 [ 157.663152][ T1046] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 157.663200][ T1046] ? __pfx___might_resched+0x10/0x10 [ 157.663249][ T1046] vfs_iter_write+0x1eb/0x9c0 [ 157.663295][ T1046] loop_process_work+0x14dd/0x2000 [ 157.669181][ T5543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.672629][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.678474][ T5543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.684025][ T1046] ? __pfx_loop_process_work+0x10/0x10 [ 157.684077][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.684124][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.712137][ T5543] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.712193][ T1046] ? rcu_is_watching+0x12/0xc0 [ 157.732472][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.734486][ T1046] ? lock_acquire+0x47b/0x560 [ 157.734557][ T1046] ? __pfx_lock_release+0x10/0x10 [ 157.751018][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.760982][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.766415][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.766466][ T1046] ? rcu_is_watching+0x12/0xc0 [ 157.766535][ T1046] process_one_work+0x9c8/0x1b40 [ 157.766611][ T1046] ? __pfx_lock_acquire+0x10/0x10 [ 157.766674][ T1046] ? __pfx_process_one_work+0x10/0x10 [ 157.766744][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.766796][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.810902][ T5543] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.815510][ T1046] ? assign_work+0x1a0/0x250 [ 157.815577][ T1046] worker_thread+0x6c8/0xf20 [ 157.815650][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.815697][ T1046] ? __kthread_parkme+0x148/0x220 [ 157.815746][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.815799][ T1046] ? __pfx_worker_thread+0x10/0x10 [ 157.815865][ T1046] kthread+0x2c4/0x3a0 [ 157.815911][ T1046] ? _raw_spin_unlock_irq+0x23/0x50 [ 157.815961][ T1046] ? __pfx_kthread+0x10/0x10 [ 157.816010][ T1046] ret_from_fork+0x48/0x80 [ 157.830274][ T5543] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.831655][ T1046] ? __pfx_kthread+0x10/0x10 [ 157.839183][ T5543] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.847127][ T1046] ret_from_fork_asm+0x1a/0x30 [ 157.847204][ T1046] [ 157.847219][ T1046] [ 157.853183][ T5543] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.862623][ T1046] Allocated by task 5746: [ 157.862643][ T1046] kasan_save_stack+0x33/0x60 [ 157.862695][ T1046] kasan_save_track+0x14/0x30 [ 157.887533][ T5541] veth0_macvtap: entered promiscuous mode [ 157.891673][ T1046] __kasan_kmalloc+0xaa/0xb0 [ 157.906318][ T5542] veth1_vlan: entered promiscuous mode [ 157.909325][ T1046] __kmalloc_noprof+0x1e8/0x400 [ 157.988460][ T5541] veth1_macvtap: entered promiscuous mode [ 157.993532][ T1046] hfsplus_read_wrapper+0x34c/0xff0 [ 158.103485][ T1046] hfsplus_fill_super+0x352/0x1bc0 [ 158.108639][ T1046] mount_bdev+0x1e6/0x2d0 [ 158.113005][ T1046] legacy_get_tree+0x10c/0x220 [ 158.117834][ T1046] vfs_get_tree+0x92/0x380 [ 158.122284][ T1046] path_mount+0x14e6/0x1f20 [ 158.126846][ T1046] __x64_sys_mount+0x294/0x320 [ 158.131646][ T1046] do_syscall_64+0xcd/0x250 [ 158.136209][ T1046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.142162][ T1046] [ 158.144500][ T1046] The buggy address belongs to the object at ffff888022cfd400 [ 158.144500][ T1046] which belongs to the cache kmalloc-512 of size 512 [ 158.158594][ T1046] The buggy address is located 0 bytes inside of [ 158.158594][ T1046] allocated 512-byte region [ffff888022cfd400, ffff888022cfd600) [ 158.172610][ T1046] [ 158.174968][ T1046] The buggy address belongs to the physical page: [ 158.181394][ T1046] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22cfc [ 158.190446][ T1046] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 158.199154][ T1046] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 158.206860][ T1046] page_type: 0xfdffffff(slab) [ 158.211572][ T1046] raw: 00fff00000000040 ffff888015841c80 ffffea0000a69300 dead000000000002 [ 158.220200][ T1046] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 158.228961][ T1046] head: 00fff00000000040 ffff888015841c80 ffffea0000a69300 dead000000000002 [ 158.237785][ T1046] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 158.246507][ T1046] head: 00fff00000000002 ffffea00008b3f01 ffffffffffffffff 0000000000000000 [ 158.255391][ T1046] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 158.264087][ T1046] page dumped because: kasan: bad access detected [ 158.270514][ T1046] page_owner tracks the page as allocated [ 158.276242][ T1046] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4682, tgid 4682 (udevd), ts 49773587910, free_ts 49751973603 [ 158.297063][ T1046] post_alloc_hook+0x2d1/0x350 [ 158.301890][ T1046] get_page_from_freelist+0x1351/0x2e50 [ 158.307498][ T1046] __alloc_pages_noprof+0x22b/0x2460 [ 158.312863][ T1046] alloc_slab_page+0x4e/0xf0 [ 158.317493][ T1046] new_slab+0x84/0x260 [ 158.321606][ T1046] ___slab_alloc+0xdac/0x1870 [ 158.326363][ T1046] __slab_alloc.constprop.0+0x56/0xb0 [ 158.331979][ T1046] __kmalloc_cache_noprof+0x2b4/0x300 [ 158.337924][ T1046] kernfs_fop_open+0x28b/0xdb0 [ 158.342726][ T1046] do_dentry_open+0x922/0x15f0 [ 158.347534][ T1046] vfs_open+0x82/0x3f0 [ 158.351651][ T1046] path_openat+0x2141/0x2d20 [ 158.356295][ T1046] do_filp_open+0x1dc/0x430 [ 158.360839][ T1046] do_sys_openat2+0x17a/0x1e0 [ 158.365567][ T1046] __x64_sys_openat+0x175/0x210 [ 158.370468][ T1046] do_syscall_64+0xcd/0x250 [ 158.375016][ T1046] page last free pid 4676 tgid 4676 stack trace: [ 158.381354][ T1046] free_unref_page+0x64a/0xe40 [ 158.386166][ T1046] qlist_free_all+0x4e/0x140 [ 158.390889][ T1046] kasan_quarantine_reduce+0x192/0x1e0 [ 158.396390][ T1046] __kasan_slab_alloc+0x69/0x90 [ 158.401287][ T1046] kmem_cache_alloc_noprof+0x121/0x2f0 [ 158.406879][ T1046] getname_flags.part.0+0x4c/0x550 [ 158.412040][ T1046] getname_flags+0x93/0xf0 [ 158.416487][ T1046] vfs_fstatat+0x86/0x160 [ 158.420862][ T1046] __do_sys_newfstatat+0xa2/0x130 [ 158.425944][ T1046] do_syscall_64+0xcd/0x250 [ 158.430507][ T1046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.436455][ T1046] [ 158.438832][ T1046] Memory state around the buggy address: [ 158.444472][ T1046] ffff888022cfd500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 158.452561][ T1046] ffff888022cfd580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 158.460643][ T1046] >ffff888022cfd600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 158.468722][ T1046] ^ [ 158.472811][ T1046] ffff888022cfd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 158.480900][ T1046] ffff888022cfd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 158.488979][ T1046] ================================================================== [ 158.518674][ T61] ================================================================== [ 158.526824][ T61] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170 [ 158.535560][ T61] Read of size 2048 at addr ffff888022cfd400 by task kworker/u8:4/61 [ 158.543748][ T61] [ 158.546096][ T61] CPU: 0 UID: 0 PID: 61 Comm: kworker/u8:4 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 158.558737][ T61] Tainted: [B]=BAD_PAGE [ 158.562903][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 158.572988][ T61] Workqueue: loop0 loop_workfn [ 158.577806][ T61] Call Trace: [ 158.581102][ T61] [ 158.584052][ T61] dump_stack_lvl+0x116/0x1f0 [ 158.588781][ T61] print_report+0xc3/0x620 [ 158.593283][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.598962][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.604645][ T61] ? __phys_addr+0xc6/0x150 [ 158.609204][ T61] kasan_report+0xd9/0x110 [ 158.613692][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 158.619735][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 158.625972][ T61] kasan_check_range+0xef/0x1a0 [ 158.631335][ T61] __asan_memcpy+0x23/0x60 [ 158.635891][ T61] copy_page_from_iter_atomic+0x8bc/0x1170 [ 158.641759][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.647524][ T61] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 158.653826][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.659616][ T61] ? shmem_write_begin+0x16f/0x360 [ 158.664797][ T61] ? __pfx_shmem_write_begin+0x10/0x10 [ 158.670337][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.676017][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.681687][ T61] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 158.688584][ T61] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 158.694529][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.700208][ T61] generic_perform_write+0x53d/0xaa0 [ 158.705556][ T61] ? __pfx_generic_perform_write+0x10/0x10 [ 158.711503][ T61] ? __mark_inode_dirty+0x2a6/0xe70 [ 158.716749][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.722422][ T61] ? preempt_count_add+0x76/0x150 [ 158.727497][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.733170][ T61] ? mnt_put_write_access_file+0xc1/0xf0 [ 158.737430][ T5542] veth0_macvtap: entered promiscuous mode [ 158.738884][ T61] shmem_file_write_iter+0x114/0x140 [ 158.749896][ T61] do_iter_readv_writev+0x534/0x800 [ 158.752498][ T5542] veth1_macvtap: entered promiscuous mode [ 158.755147][ T61] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 158.755199][ T61] ? __pfx___might_resched+0x10/0x10 [ 158.771901][ T61] vfs_iter_write+0x1eb/0x9c0 [ 158.776624][ T61] loop_process_work+0x14dd/0x2000 [ 158.781797][ T61] ? __pfx_loop_process_work+0x10/0x10 [ 158.787301][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.793069][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.798747][ T61] ? rcu_is_watching+0x12/0xc0 [ 158.803575][ T61] ? lock_acquire+0x47b/0x560 [ 158.808352][ T61] ? __pfx_lock_release+0x10/0x10 [ 158.808499][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.813413][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.823826][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.829435][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.829483][ T61] ? rcu_is_watching+0x12/0xc0 [ 158.829552][ T61] process_one_work+0x9c8/0x1b40 [ 158.829629][ T61] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 158.829679][ T61] ? __pfx_process_one_work+0x10/0x10 [ 158.829746][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.829797][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.829843][ T61] ? assign_work+0x1a0/0x250 [ 158.829906][ T61] worker_thread+0x6c8/0xf20 [ 158.829985][ T61] ? __pfx_worker_thread+0x10/0x10 [ 158.830057][ T61] kthread+0x2c4/0x3a0 [ 158.830105][ T61] ? _raw_spin_unlock_irq+0x23/0x50 [ 158.830155][ T61] ? __pfx_kthread+0x10/0x10 [ 158.830203][ T61] ret_from_fork+0x48/0x80 [ 158.830267][ T61] ? __pfx_kthread+0x10/0x10 [ 158.830316][ T61] ret_from_fork_asm+0x1a/0x30 [ 158.830392][ T61] [ 158.830406][ T61] [ 158.830414][ T61] Allocated by task 5746: [ 158.830432][ T61] kasan_save_stack+0x33/0x60 [ 158.830482][ T61] kasan_save_track+0x14/0x30 [ 158.830531][ T61] __kasan_kmalloc+0xaa/0xb0 [ 158.830579][ T61] __kmalloc_noprof+0x1e8/0x400 [ 158.830631][ T61] hfsplus_read_wrapper+0x34c/0xff0 [ 158.830671][ T61] hfsplus_fill_super+0x352/0x1bc0 [ 158.830714][ T61] mount_bdev+0x1e6/0x2d0 [ 158.830751][ T61] legacy_get_tree+0x10c/0x220 [ 158.830812][ T61] vfs_get_tree+0x92/0x380 [ 158.830848][ T61] path_mount+0x14e6/0x1f20 [ 158.830888][ T61] __x64_sys_mount+0x294/0x320 [ 158.830930][ T61] do_syscall_64+0xcd/0x250 [ 158.830983][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.831051][ T61] [ 158.831060][ T61] The buggy address belongs to the object at ffff888022cfd400 [ 158.831060][ T61] which belongs to the cache kmalloc-512 of size 512 [ 158.831091][ T61] The buggy address is located 0 bytes inside of [ 158.831091][ T61] allocated 512-byte region [ffff888022cfd400, ffff888022cfd600) [ 158.831131][ T61] [ 158.831139][ T61] The buggy address belongs to the physical page: [ 158.831153][ T61] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22cfc [ 158.831188][ T61] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 158.831222][ T61] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 158.831255][ T61] page_type: 0xfdffffff(slab) [ 158.831289][ T61] raw: 00fff00000000040 ffff888015841c80 0000000000000000 dead000000000001 [ 158.831327][ T61] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 158.831366][ T61] head: 00fff00000000040 ffff888015841c80 0000000000000000 dead000000000001 [ 158.831404][ T61] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 158.831442][ T61] head: 00fff00000000002 ffffea00008b3f01 ffffffffffffffff 0000000000000000 [ 158.831479][ T61] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 158.831502][ T61] page dumped because: kasan: bad access detected [ 158.831519][ T61] page_owner tracks the page as allocated [ 158.831530][ T61] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4682, tgid 4682 (udevd), ts 49773587910, free_ts 49751973603 [ 158.831601][ T61] post_alloc_hook+0x2d1/0x350 [ 158.831651][ T61] get_page_from_freelist+0x1351/0x2e50 [ 158.857685][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.864343][ T61] __alloc_pages_noprof+0x22b/0x2460 [ 158.869981][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.875497][ T61] alloc_slab_page+0x4e/0xf0 [ 158.875540][ T61] new_slab+0x84/0x260 [ 158.875586][ T61] ___slab_alloc+0xdac/0x1870 [ 158.875633][ T61] __slab_alloc.constprop.0+0x56/0xb0 [ 158.875685][ T61] __kmalloc_cache_noprof+0x2b4/0x300 [ 158.875738][ T61] kernfs_fop_open+0x28b/0xdb0 [ 158.875778][ T61] do_dentry_open+0x922/0x15f0 [ 158.875821][ T61] vfs_open+0x82/0x3f0 [ 158.875873][ T61] path_openat+0x2141/0x2d20 [ 158.875916][ T61] do_filp_open+0x1dc/0x430 [ 158.875958][ T61] do_sys_openat2+0x17a/0x1e0 [ 158.876017][ T61] __x64_sys_openat+0x175/0x210 [ 158.876074][ T61] do_syscall_64+0xcd/0x250 [ 158.876128][ T61] page last free pid 4676 tgid 4676 stack trace: [ 158.876148][ T61] free_unref_page+0x64a/0xe40 [ 158.876201][ T61] qlist_free_all+0x4e/0x140 [ 158.876248][ T61] kasan_quarantine_reduce+0x192/0x1e0 [ 158.876298][ T61] __kasan_slab_alloc+0x69/0x90 [ 158.876351][ T61] kmem_cache_alloc_noprof+0x121/0x2f0 [ 158.876405][ T61] getname_flags.part.0+0x4c/0x550 [ 158.876464][ T61] getname_flags+0x93/0xf0 [ 158.876503][ T61] vfs_fstatat+0x86/0x160 [ 158.891282][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.891381][ T61] __do_sys_newfstatat+0xa2/0x130 [ 158.896954][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.900507][ T61] do_syscall_64+0xcd/0x250 [ 158.906290][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.910265][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.915131][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.919223][ T61] [ 158.919231][ T61] Memory state around the buggy address: [ 158.939521][ T5542] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.943101][ T61] ffff888022cfd500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 158.972027][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.976329][ T61] ffff888022cfd580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 158.976357][ T61] >ffff888022cfd600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 158.976377][ T61] ^ [ 158.976396][ T61] ffff888022cfd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 158.976424][ T61] ffff888022cfd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 158.976445][ T61] ================================================================== [ 159.470507][ T5763] loop0: detected capacity change from 0 to 1024 [ 159.506896][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.534138][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.549669][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.568967][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.579796][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.590157][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.601003][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.612830][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.623340][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.642062][ T5541] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.714290][ T1108] ================================================================== [ 159.722487][ T1108] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170 [ 159.731212][ T1108] Read of size 2048 at addr ffff88807b776000 by task kworker/u8:7/1108 [ 159.739756][ T1108] [ 159.742100][ T1108] CPU: 1 UID: 0 PID: 1108 Comm: kworker/u8:7 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 159.754461][ T1108] Tainted: [B]=BAD_PAGE [ 159.758617][ T1108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 159.768687][ T1108] Workqueue: loop0 loop_workfn [ 159.773482][ T1108] Call Trace: [ 159.776781][ T1108] [ 159.779723][ T1108] dump_stack_lvl+0x116/0x1f0 [ 159.784436][ T1108] print_report+0xc3/0x620 [ 159.788903][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.794595][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.800255][ T1108] ? __phys_addr+0xc6/0x150 [ 159.804795][ T1108] kasan_report+0xd9/0x110 [ 159.809512][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 159.815545][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 159.821572][ T1108] kasan_check_range+0xef/0x1a0 [ 159.826451][ T1108] __asan_memcpy+0x23/0x60 [ 159.830899][ T1108] copy_page_from_iter_atomic+0x8bc/0x1170 [ 159.836929][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.842591][ T1108] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 159.848876][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.854541][ T1108] ? shmem_write_begin+0x16f/0x360 [ 159.859867][ T1108] ? __pfx_shmem_write_begin+0x10/0x10 [ 159.865398][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.871063][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.876725][ T1108] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 159.883610][ T1108] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 159.889546][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.895215][ T1108] generic_perform_write+0x53d/0xaa0 [ 159.900556][ T1108] ? __pfx_generic_perform_write+0x10/0x10 [ 159.906403][ T1108] ? __mark_inode_dirty+0x2a6/0xe70 [ 159.911637][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.917304][ T1108] ? preempt_count_add+0x76/0x150 [ 159.922398][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.928063][ T1108] ? mnt_put_write_access_file+0xc1/0xf0 [ 159.933761][ T1108] shmem_file_write_iter+0x114/0x140 [ 159.939119][ T1108] do_iter_readv_writev+0x534/0x800 [ 159.944354][ T1108] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 159.950111][ T1108] ? __pfx___might_resched+0x10/0x10 [ 159.955428][ T1108] vfs_iter_write+0x1eb/0x9c0 [ 159.960145][ T1108] loop_process_work+0x14dd/0x2000 [ 159.965297][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.970992][ T1108] ? __pfx_loop_process_work+0x10/0x10 [ 159.976482][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.982147][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.987815][ T1108] ? rcu_is_watching+0x12/0xc0 [ 159.992647][ T1108] ? lock_acquire+0x47b/0x560 [ 159.997370][ T1108] ? __pfx_lock_release+0x10/0x10 [ 160.002552][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.008242][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.013908][ T1108] ? rcu_is_watching+0x12/0xc0 [ 160.018733][ T1108] process_one_work+0x9c8/0x1b40 [ 160.023760][ T1108] ? __pfx_lock_acquire+0x10/0x10 [ 160.028853][ T1108] ? __pfx_process_one_work+0x10/0x10 [ 160.034286][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.039956][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.045620][ T1108] ? assign_work+0x1a0/0x250 [ 160.050254][ T1108] worker_thread+0x6c8/0xf20 [ 160.054947][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.060982][ T1108] ? __kthread_parkme+0x148/0x220 [ 160.066563][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.072231][ T1108] ? __pfx_worker_thread+0x10/0x10 [ 160.077393][ T1108] kthread+0x2c4/0x3a0 [ 160.081495][ T1108] ? _raw_spin_unlock_irq+0x23/0x50 [ 160.086731][ T1108] ? __pfx_kthread+0x10/0x10 [ 160.091360][ T1108] ret_from_fork+0x48/0x80 [ 160.095823][ T1108] ? __pfx_kthread+0x10/0x10 [ 160.100614][ T1108] ret_from_fork_asm+0x1a/0x30 [ 160.105436][ T1108] [ 160.108464][ T1108] [ 160.110797][ T1108] Allocated by task 5763: [ 160.115131][ T1108] kasan_save_stack+0x33/0x60 [ 160.119849][ T1108] kasan_save_track+0x14/0x30 [ 160.124562][ T1108] __kasan_kmalloc+0xaa/0xb0 [ 160.129266][ T1108] __kmalloc_noprof+0x1e8/0x400 [ 160.134178][ T1108] hfsplus_read_wrapper+0x34c/0xff0 [ 160.139507][ T1108] hfsplus_fill_super+0x352/0x1bc0 [ 160.144758][ T1108] mount_bdev+0x1e6/0x2d0 [ 160.149136][ T1108] legacy_get_tree+0x10c/0x220 [ 160.153940][ T1108] vfs_get_tree+0x92/0x380 [ 160.158468][ T1108] path_mount+0x14e6/0x1f20 [ 160.163043][ T1108] __x64_sys_mount+0x294/0x320 [ 160.167837][ T1108] do_syscall_64+0xcd/0x250 [ 160.172373][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.178428][ T1108] [ 160.180752][ T1108] The buggy address belongs to the object at ffff88807b776000 [ 160.180752][ T1108] which belongs to the cache kmalloc-512 of size 512 [ 160.195009][ T1108] The buggy address is located 0 bytes inside of [ 160.195009][ T1108] allocated 512-byte region [ffff88807b776000, ffff88807b776200) [ 160.209021][ T1108] [ 160.211353][ T1108] The buggy address belongs to the physical page: [ 160.217769][ T1108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b774 [ 160.226556][ T1108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 160.235510][ T1108] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 160.243089][ T1108] page_type: 0xfdffffff(slab) [ 160.247794][ T1108] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 160.256401][ T1108] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000 [ 160.265039][ T1108] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 160.273734][ T1108] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000 [ 160.282438][ T1108] head: 00fff00000000002 ffffea0001eddd01 ffffffffffffffff 0000000000000000 [ 160.291187][ T1108] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 160.299878][ T1108] page dumped because: kasan: bad access detected [ 160.306388][ T1108] page_owner tracks the page as allocated [ 160.312126][ T1108] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5541, tgid 5541 (syz-executor.1), ts 158958610015, free_ts 157115524368 [ 160.335906][ T1108] post_alloc_hook+0x2d1/0x350 [ 160.340712][ T1108] get_page_from_freelist+0x1351/0x2e50 [ 160.346319][ T1108] __alloc_pages_noprof+0x22b/0x2460 [ 160.351645][ T1108] alloc_slab_page+0x4e/0xf0 [ 160.356346][ T1108] new_slab+0x84/0x260 [ 160.360531][ T1108] ___slab_alloc+0xdac/0x1870 [ 160.365241][ T1108] __slab_alloc.constprop.0+0x56/0xb0 [ 160.370733][ T1108] __kmalloc_noprof+0x367/0x400 [ 160.375624][ T1108] fib6_info_alloc+0x40/0x160 [ 160.380500][ T1108] ip6_route_info_create+0x337/0x1940 [ 160.385910][ T1108] ip6_route_add+0x26/0x190 [ 160.390447][ T1108] addrconf_add_mroute+0x1de/0x350 [ 160.395578][ T1108] addrconf_add_dev+0x14e/0x1c0 [ 160.400482][ T1108] inet6_addr_add+0x1a8/0xbe0 [ 160.405188][ T1108] inet6_rtm_newaddr+0x11e7/0x1ab0 [ 160.410328][ T1108] rtnetlink_rcv_msg+0x3ca/0xea0 [ 160.415297][ T1108] page last free pid 1046 tgid 1046 stack trace: [ 160.421644][ T1108] free_unref_page+0x64a/0xe40 [ 160.426447][ T1108] qlist_free_all+0x4e/0x140 [ 160.431069][ T1108] kasan_quarantine_reduce+0x192/0x1e0 [ 160.436556][ T1108] __kasan_slab_alloc+0x69/0x90 [ 160.441442][ T1108] __kmalloc_cache_noprof+0x11e/0x300 [ 160.446854][ T1108] __ipv6_dev_mc_inc+0x2b7/0xc50 [ 160.451833][ T1108] addrconf_dad_work+0x232/0x1500 [ 160.456895][ T1108] process_one_work+0x9c8/0x1b40 [ 160.461961][ T1108] worker_thread+0x6c8/0xf20 [ 160.466595][ T1108] kthread+0x2c4/0x3a0 [ 160.470718][ T1108] ret_from_fork+0x48/0x80 [ 160.475263][ T1108] ret_from_fork_asm+0x1a/0x30 [ 160.480063][ T1108] [ 160.482472][ T1108] Memory state around the buggy address: [ 160.488135][ T1108] ffff88807b776100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 160.496209][ T1108] ffff88807b776180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 160.504284][ T1108] >ffff88807b776200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 160.512351][ T1108] ^ [ 160.516421][ T1108] ffff88807b776280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 160.524496][ T1108] ffff88807b776300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 160.532567][ T1108] ================================================================== [ 160.567538][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.601610][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.611774][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.612660][ T1108] ================================================================== [ 160.625109][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.630247][ T1108] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170 [ 160.630313][ T1108] Read of size 2048 at addr ffff88807b776000 by task kworker/u8:7/1108 [ 160.630346][ T1108] [ 160.630362][ T1108] CPU: 1 UID: 0 PID: 1108 Comm: kworker/u8:7 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 160.630419][ T1108] Tainted: [B]=BAD_PAGE [ 160.630434][ T1108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 160.630461][ T1108] Workqueue: loop0 loop_workfn [ 160.630505][ T1108] Call Trace: [ 160.630520][ T1108] [ 160.630534][ T1108] dump_stack_lvl+0x116/0x1f0 [ 160.630577][ T1108] print_report+0xc3/0x620 [ 160.630636][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.630682][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.630727][ T1108] ? __phys_addr+0xc6/0x150 [ 160.630784][ T1108] kasan_report+0xd9/0x110 [ 160.630843][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 160.630905][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 160.630969][ T1108] kasan_check_range+0xef/0x1a0 [ 160.631010][ T1108] __asan_memcpy+0x23/0x60 [ 160.631059][ T1108] copy_page_from_iter_atomic+0x8bc/0x1170 [ 160.631120][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.631167][ T1108] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 160.631225][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.631269][ T1108] ? shmem_write_begin+0x16f/0x360 [ 160.643856][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.649741][ T1108] ? __pfx_shmem_write_begin+0x10/0x10 [ 160.649804][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.649852][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.649897][ T1108] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 160.649945][ T1108] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 160.650002][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.650051][ T1108] generic_perform_write+0x53d/0xaa0 [ 160.650118][ T1108] ? __pfx_generic_perform_write+0x10/0x10 [ 160.664601][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.672967][ T1108] ? __mark_inode_dirty+0x2a6/0xe70 [ 160.679111][ T5542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.687133][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.687184][ T1108] ? preempt_count_add+0x76/0x150 [ 160.687241][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.687285][ T1108] ? mnt_put_write_access_file+0xc1/0xf0 [ 160.687358][ T1108] shmem_file_write_iter+0x114/0x140 [ 160.703515][ T5542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.707473][ T1108] do_iter_readv_writev+0x534/0x800 [ 160.707525][ T1108] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 160.719725][ T5542] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 160.723371][ T1108] ? __pfx___might_resched+0x10/0x10 [ 160.734963][ T2514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.739726][ T1108] vfs_iter_write+0x1eb/0x9c0 [ 160.755201][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.760451][ T1108] loop_process_work+0x14dd/0x2000 [ 160.773648][ T2514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.777369][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.777435][ T1108] ? __pfx_loop_process_work+0x10/0x10 [ 160.791931][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.793343][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.802573][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.804570][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.804620][ T1108] ? rcu_is_watching+0x12/0xc0 [ 160.804685][ T1108] ? lock_acquire+0x47b/0x560 [ 160.804750][ T1108] ? __pfx_lock_release+0x10/0x10 [ 160.804819][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.804864][ T1108] ? pwq_dec_nr_in_flight+0xc9/0xed0 [ 160.804931][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.816753][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.817657][ T1108] ? rcu_is_watching+0x12/0xc0 [ 160.823397][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.828662][ T1108] process_one_work+0x9c8/0x1b40 [ 160.828739][ T1108] ? __pfx_loop_rootcg_workfn+0x10/0x10 [ 160.828794][ T1108] ? __pfx_process_one_work+0x10/0x10 [ 160.828859][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.828912][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.828956][ T1108] ? assign_work+0x1a0/0x250 [ 160.829018][ T1108] worker_thread+0x6c8/0xf20 [ 160.829090][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.829134][ T1108] ? __kthread_parkme+0x148/0x220 [ 160.829181][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 160.829228][ T1108] ? __pfx_worker_thread+0x10/0x10 [ 160.829294][ T1108] kthread+0x2c4/0x3a0 [ 160.829340][ T1108] ? _raw_spin_unlock_irq+0x23/0x50 [ 160.829390][ T1108] ? __pfx_kthread+0x10/0x10 [ 160.829439][ T1108] ret_from_fork+0x48/0x80 [ 160.842982][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.845051][ T1108] ? __pfx_kthread+0x10/0x10 [ 160.845105][ T1108] ret_from_fork_asm+0x1a/0x30 [ 160.850771][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.860878][ T1108] [ 160.860898][ T1108] [ 160.860905][ T1108] Allocated by task 5763: [ 160.860924][ T1108] kasan_save_stack+0x33/0x60 [ 160.860981][ T1108] kasan_save_track+0x14/0x30 [ 160.861027][ T1108] __kasan_kmalloc+0xaa/0xb0 [ 160.861074][ T1108] __kmalloc_noprof+0x1e8/0x400 [ 160.861126][ T1108] hfsplus_read_wrapper+0x34c/0xff0 [ 160.861167][ T1108] hfsplus_fill_super+0x352/0x1bc0 [ 160.861208][ T1108] mount_bdev+0x1e6/0x2d0 [ 160.861247][ T1108] legacy_get_tree+0x10c/0x220 [ 160.861306][ T1108] vfs_get_tree+0x92/0x380 [ 160.872080][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.877560][ T1108] path_mount+0x14e6/0x1f20 [ 160.877606][ T1108] __x64_sys_mount+0x294/0x320 [ 160.877647][ T1108] do_syscall_64+0xcd/0x250 [ 160.877698][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.877772][ T1108] [ 160.877781][ T1108] The buggy address belongs to the object at ffff88807b776000 [ 160.877781][ T1108] which belongs to the cache kmalloc-512 of size 512 [ 160.877812][ T1108] The buggy address is located 0 bytes inside of [ 160.877812][ T1108] allocated 512-byte region [ffff88807b776000, ffff88807b776200) [ 160.877851][ T1108] [ 160.877860][ T1108] The buggy address belongs to the physical page: [ 160.877873][ T1108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b774 [ 160.877908][ T1108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 160.877942][ T1108] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 160.877973][ T1108] page_type: 0xfdffffff(slab) [ 160.878005][ T1108] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 160.892863][ T5541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.898677][ T1108] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 160.898714][ T1108] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 160.898750][ T1108] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 160.908922][ T5541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.909634][ T1108] head: 00fff00000000002 ffffea0001eddd01 ffffffffffffffff 0000000000000000 [ 160.921017][ T5541] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 160.922159][ T1108] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 160.941297][ T5541] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.945058][ T1108] page dumped because: kasan: bad access detected [ 160.945076][ T1108] page_owner tracks the page as allocated [ 160.945088][ T1108] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5541, tgid 5541 (syz-executor.1), ts 158958610015, free_ts 157115524368 [ 160.945162][ T1108] post_alloc_hook+0x2d1/0x350 [ 160.945218][ T1108] get_page_from_freelist+0x1351/0x2e50 [ 160.945277][ T1108] __alloc_pages_noprof+0x22b/0x2460 [ 160.945334][ T1108] alloc_slab_page+0x4e/0xf0 [ 160.945372][ T1108] new_slab+0x84/0x260 [ 160.945419][ T1108] ___slab_alloc+0xdac/0x1870 [ 160.945467][ T1108] __slab_alloc.constprop.0+0x56/0xb0 [ 160.953045][ T5541] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.957849][ T1108] __kmalloc_noprof+0x367/0x400 [ 160.957905][ T1108] fib6_info_alloc+0x40/0x160 [ 160.966761][ T5541] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.968957][ T1108] ip6_route_info_create+0x337/0x1940 [ 160.981327][ T5541] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.984364][ T1108] ip6_route_add+0x26/0x190 [ 160.984423][ T1108] addrconf_add_mroute+0x1de/0x350 [ 160.984459][ T1108] addrconf_add_dev+0x14e/0x1c0 [ 160.984500][ T1108] inet6_addr_add+0x1a8/0xbe0 [ 160.984546][ T1108] inet6_rtm_newaddr+0x11e7/0x1ab0 [ 160.984597][ T1108] rtnetlink_rcv_msg+0x3ca/0xea0 [ 160.984650][ T1108] page last free pid 1046 tgid 1046 stack trace: [ 160.984671][ T1108] free_unref_page+0x64a/0xe40 [ 160.984724][ T1108] qlist_free_all+0x4e/0x140 [ 160.984775][ T1108] kasan_quarantine_reduce+0x192/0x1e0 [ 160.984824][ T1108] __kasan_slab_alloc+0x69/0x90 [ 160.984875][ T1108] __kmalloc_cache_noprof+0x11e/0x300 [ 160.984927][ T1108] __ipv6_dev_mc_inc+0x2b7/0xc50 [ 160.984987][ T1108] addrconf_dad_work+0x232/0x1500 [ 160.985036][ T1108] process_one_work+0x9c8/0x1b40 [ 160.985097][ T1108] worker_thread+0x6c8/0xf20 [ 160.985157][ T1108] kthread+0x2c4/0x3a0 [ 160.985199][ T1108] ret_from_fork+0x48/0x80 [ 160.985258][ T1108] ret_from_fork_asm+0x1a/0x30 [ 160.985315][ T1108] [ 160.985322][ T1108] Memory state around the buggy address: [ 160.985341][ T1108] ffff88807b776100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 160.985368][ T1108] ffff88807b776180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 160.985395][ T1108] >ffff88807b776200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 160.985416][ T1108] ^ [ 160.985434][ T1108] ffff88807b776280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 160.985461][ T1108] ffff88807b776300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 160.985482][ T1108] ================================================================== [ 161.468809][ T5766] loop0: detected capacity change from 0 to 1024 2024/08/15 06:25:18 executed programs: 9 [ 161.846934][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.848998][ T5542] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.856389][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.873916][ T5542] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.886629][ T5542] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.895792][ T5542] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.913246][ T61] ================================================================== [ 161.921342][ T61] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170 [ 161.930074][ T61] Read of size 2048 at addr ffff88807b178400 by task kworker/u8:4/61 [ 161.938198][ T61] [ 161.940541][ T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u8:4 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 161.952742][ T61] Tainted: [B]=BAD_PAGE [ 161.956927][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 161.967269][ T61] Workqueue: loop0 loop_workfn [ 161.972087][ T61] Call Trace: [ 161.975384][ T61] [ 161.978340][ T61] dump_stack_lvl+0x116/0x1f0 [ 161.983058][ T61] print_report+0xc3/0x620 [ 161.987529][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 161.993246][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 161.998927][ T61] ? __phys_addr+0xc6/0x150 [ 162.003485][ T61] kasan_report+0xd9/0x110 [ 162.008073][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 162.014125][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 162.020204][ T61] kasan_check_range+0xef/0x1a0 [ 162.025106][ T61] __asan_memcpy+0x23/0x60 [ 162.029574][ T61] copy_page_from_iter_atomic+0x8bc/0x1170 [ 162.035479][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.041161][ T61] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 162.047743][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.053422][ T61] ? shmem_write_begin+0x16f/0x360 [ 162.058585][ T61] ? __pfx_shmem_write_begin+0x10/0x10 [ 162.064115][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.069889][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.075567][ T61] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 162.082504][ T61] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 162.088455][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.094145][ T61] generic_perform_write+0x53d/0xaa0 [ 162.099580][ T61] ? __pfx_generic_perform_write+0x10/0x10 [ 162.105536][ T61] ? __mark_inode_dirty+0x2a6/0xe70 [ 162.110785][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.116461][ T61] ? preempt_count_add+0x76/0x150 [ 162.121536][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.127214][ T61] ? mnt_put_write_access_file+0xc1/0xf0 [ 162.132915][ T61] shmem_file_write_iter+0x114/0x140 [ 162.138266][ T61] do_iter_readv_writev+0x534/0x800 [ 162.143537][ T61] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 162.149300][ T61] ? __pfx___might_resched+0x10/0x10 [ 162.154630][ T61] vfs_iter_write+0x1eb/0x9c0 [ 162.159376][ T61] loop_process_work+0x14dd/0x2000 [ 162.164547][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.170334][ T61] ? __pfx_loop_process_work+0x10/0x10 [ 162.175844][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.181523][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.187204][ T61] ? rcu_is_watching+0x12/0xc0 [ 162.192043][ T61] ? lock_acquire+0x47b/0x560 [ 162.196792][ T61] ? __pfx_lock_release+0x10/0x10 [ 162.201887][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.207613][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.213310][ T61] ? rcu_is_watching+0x12/0xc0 [ 162.218140][ T61] process_one_work+0x9c8/0x1b40 [ 162.223179][ T61] ? __pfx_lock_acquire+0x10/0x10 [ 162.228264][ T61] ? __pfx_process_one_work+0x10/0x10 [ 162.233693][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.239374][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.245133][ T61] ? assign_work+0x1a0/0x250 [ 162.249805][ T61] worker_thread+0x6c8/0xf20 [ 162.254467][ T61] ? __pfx_worker_thread+0x10/0x10 [ 162.259635][ T61] kthread+0x2c4/0x3a0 [ 162.263845][ T61] ? _raw_spin_unlock_irq+0x23/0x50 [ 162.269086][ T61] ? __pfx_kthread+0x10/0x10 [ 162.273719][ T61] ret_from_fork+0x48/0x80 [ 162.278195][ T61] ? __pfx_kthread+0x10/0x10 [ 162.282828][ T61] ret_from_fork_asm+0x1a/0x30 [ 162.287667][ T61] [ 162.290703][ T61] [ 162.293044][ T61] Allocated by task 5766: [ 162.297410][ T61] kasan_save_stack+0x33/0x60 [ 162.302132][ T61] kasan_save_track+0x14/0x30 [ 162.306860][ T61] __kasan_kmalloc+0xaa/0xb0 [ 162.311492][ T61] __kmalloc_noprof+0x1e8/0x400 [ 162.316394][ T61] hfsplus_read_wrapper+0x34c/0xff0 [ 162.321627][ T61] hfsplus_fill_super+0x352/0x1bc0 [ 162.326776][ T61] mount_bdev+0x1e6/0x2d0 [ 162.331139][ T61] legacy_get_tree+0x10c/0x220 [ 162.336133][ T61] vfs_get_tree+0x92/0x380 [ 162.340583][ T61] path_mount+0x14e6/0x1f20 [ 162.345123][ T61] __x64_sys_mount+0x294/0x320 [ 162.349927][ T61] do_syscall_64+0xcd/0x250 [ 162.354525][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.360486][ T61] [ 162.362822][ T61] The buggy address belongs to the object at ffff88807b178400 [ 162.362822][ T61] which belongs to the cache kmalloc-512 of size 512 [ 162.376905][ T61] The buggy address is located 0 bytes inside of [ 162.376905][ T61] allocated 512-byte region [ffff88807b178400, ffff88807b178600) [ 162.390917][ T61] [ 162.393256][ T61] The buggy address belongs to the physical page: [ 162.399701][ T61] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b178 [ 162.408541][ T61] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 162.417097][ T61] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 162.424669][ T61] page_type: 0xfdffffff(slab) [ 162.429407][ T61] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 162.438037][ T61] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 162.447012][ T61] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 162.455831][ T61] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 162.464548][ T61] head: 00fff00000000002 ffffea0001ec5e01 ffffffffffffffff 0000000000000000 [ 162.473265][ T61] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 162.481965][ T61] page dumped because: kasan: bad access detected [ 162.488415][ T61] page_owner tracks the page as allocated [ 162.494155][ T61] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5743, tgid 5743 (udevd), ts 161724843222, free_ts 161325089563 [ 162.516709][ T61] post_alloc_hook+0x2d1/0x350 [ 162.521540][ T61] get_page_from_freelist+0x1351/0x2e50 [ 162.527231][ T61] __alloc_pages_noprof+0x22b/0x2460 [ 162.532572][ T61] alloc_slab_page+0x4e/0xf0 [ 162.537234][ T61] new_slab+0x84/0x260 [ 162.541387][ T61] ___slab_alloc+0xdac/0x1870 [ 162.546109][ T61] __slab_alloc.constprop.0+0x56/0xb0 [ 162.551531][ T61] __kmalloc_cache_noprof+0x2b4/0x300 [ 162.557121][ T61] kernfs_fop_open+0x28b/0xdb0 [ 162.561923][ T61] do_dentry_open+0x922/0x15f0 [ 162.566722][ T61] vfs_open+0x82/0x3f0 [ 162.570840][ T61] path_openat+0x2141/0x2d20 [ 162.575467][ T61] do_filp_open+0x1dc/0x430 [ 162.580464][ T61] do_sys_openat2+0x17a/0x1e0 [ 162.585191][ T61] __x64_sys_openat+0x175/0x210 [ 162.590092][ T61] do_syscall_64+0xcd/0x250 [ 162.594643][ T61] page last free pid 4674 tgid 4674 stack trace: [ 162.600985][ T61] free_unref_page+0x64a/0xe40 [ 162.605927][ T61] qlist_free_all+0x4e/0x140 [ 162.610557][ T61] kasan_quarantine_reduce+0x192/0x1e0 [ 162.616060][ T61] __kasan_slab_alloc+0x69/0x90 [ 162.620962][ T61] kmem_cache_alloc_noprof+0x121/0x2f0 [ 162.626474][ T61] getname_flags.part.0+0x4c/0x550 [ 162.631639][ T61] getname_flags+0x93/0xf0 [ 162.636180][ T61] vfs_fstatat+0x86/0x160 [ 162.640552][ T61] __do_sys_newfstatat+0xa2/0x130 [ 162.645802][ T61] do_syscall_64+0xcd/0x250 [ 162.650360][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.656306][ T61] [ 162.658637][ T61] Memory state around the buggy address: [ 162.664281][ T61] ffff88807b178500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 162.672374][ T61] ffff88807b178580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 162.680497][ T61] >ffff88807b178600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 162.688578][ T61] ^ [ 162.692677][ T61] ffff88807b178680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 162.700774][ T61] ffff88807b178700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 162.708948][ T61] ================================================================== [ 162.778456][ T61] ================================================================== [ 162.786591][ T61] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170 [ 162.795526][ T61] Read of size 2048 at addr ffff88807b178400 by task kworker/u8:4/61 [ 162.803770][ T61] [ 162.806141][ T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u8:4 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 162.818345][ T61] Tainted: [B]=BAD_PAGE [ 162.822523][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 162.832711][ T61] Workqueue: loop0 loop_workfn [ 162.837525][ T61] Call Trace: [ 162.840815][ T61] [ 162.843753][ T61] dump_stack_lvl+0x116/0x1f0 [ 162.848461][ T61] print_report+0xc3/0x620 [ 162.852915][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.858575][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.864265][ T61] ? __phys_addr+0xc6/0x150 [ 162.868829][ T61] kasan_report+0xd9/0x110 [ 162.873312][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 162.879340][ T61] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 162.885380][ T61] kasan_check_range+0xef/0x1a0 [ 162.890260][ T61] __asan_memcpy+0x23/0x60 [ 162.894796][ T61] copy_page_from_iter_atomic+0x8bc/0x1170 [ 162.900650][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.906321][ T61] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 162.912604][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.918271][ T61] ? shmem_write_begin+0x16f/0x360 [ 162.923423][ T61] ? __pfx_shmem_write_begin+0x10/0x10 [ 162.928922][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.934769][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.940437][ T61] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 162.947324][ T61] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 162.953258][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.958928][ T61] generic_perform_write+0x53d/0xaa0 [ 162.964268][ T61] ? __pfx_generic_perform_write+0x10/0x10 [ 162.970149][ T61] ? __mark_inode_dirty+0x2a6/0xe70 [ 162.975393][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.981183][ T61] ? preempt_count_add+0x76/0x150 [ 162.986382][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 162.992089][ T61] ? mnt_put_write_access_file+0xc1/0xf0 [ 162.997786][ T61] shmem_file_write_iter+0x114/0x140 [ 163.003159][ T61] do_iter_readv_writev+0x534/0x800 [ 163.008393][ T61] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 163.014257][ T61] ? __pfx___might_resched+0x10/0x10 [ 163.019597][ T61] vfs_iter_write+0x1eb/0x9c0 [ 163.024312][ T61] loop_process_work+0x14dd/0x2000 [ 163.029460][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 163.035137][ T61] ? __pfx_loop_process_work+0x10/0x10 [ 163.040714][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 163.046642][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 163.052308][ T61] ? rcu_is_watching+0x12/0xc0 [ 163.057207][ T61] ? lock_acquire+0x47b/0x560 [ 163.061930][ T61] ? __pfx_lock_release+0x10/0x10 [ 163.067003][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 163.072665][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 163.078330][ T61] ? rcu_is_watching+0x12/0xc0 [ 163.083237][ T61] process_one_work+0x9c8/0x1b40 [ 163.088280][ T61] ? __pfx_lock_acquire+0x10/0x10 [ 163.093459][ T61] ? __pfx_process_one_work+0x10/0x10 [ 163.098888][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 163.104564][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 163.110235][ T61] ? assign_work+0x1a0/0x250 [ 163.114877][ T61] worker_thread+0x6c8/0xf20 [ 163.119553][ T61] ? __pfx_worker_thread+0x10/0x10 [ 163.124722][ T61] kthread+0x2c4/0x3a0 [ 163.128825][ T61] ? _raw_spin_unlock_irq+0x23/0x50 [ 163.134056][ T61] ? __pfx_kthread+0x10/0x10 [ 163.138675][ T61] ret_from_fork+0x48/0x80 [ 163.143132][ T61] ? __pfx_kthread+0x10/0x10 [ 163.147838][ T61] ret_from_fork_asm+0x1a/0x30 [ 163.152664][ T61] [ 163.155691][ T61] [ 163.158014][ T61] Allocated by task 5766: [ 163.162429][ T61] kasan_save_stack+0x33/0x60 [ 163.167138][ T61] kasan_save_track+0x14/0x30 [ 163.171858][ T61] __kasan_kmalloc+0xaa/0xb0 [ 163.176477][ T61] __kmalloc_noprof+0x1e8/0x400 [ 163.181357][ T61] hfsplus_read_wrapper+0x34c/0xff0 [ 163.186575][ T61] hfsplus_fill_super+0x352/0x1bc0 [ 163.191706][ T61] mount_bdev+0x1e6/0x2d0 [ 163.196059][ T61] legacy_get_tree+0x10c/0x220 [ 163.200864][ T61] vfs_get_tree+0x92/0x380 [ 163.205301][ T61] path_mount+0x14e6/0x1f20 [ 163.209825][ T61] __x64_sys_mount+0x294/0x320 [ 163.214611][ T61] do_syscall_64+0xcd/0x250 [ 163.219147][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.225081][ T61] [ 163.227405][ T61] The buggy address belongs to the object at ffff88807b178400 [ 163.227405][ T61] which belongs to the cache kmalloc-512 of size 512 [ 163.241471][ T61] The buggy address is located 0 bytes inside of [ 163.241471][ T61] allocated 512-byte region [ffff88807b178400, ffff88807b178600) [ 163.255663][ T61] [ 163.257988][ T61] The buggy address belongs to the physical page: [ 163.264395][ T61] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b178 [ 163.273254][ T61] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 163.281774][ T61] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 163.289427][ T61] page_type: 0xfdffffff(slab) [ 163.294124][ T61] raw: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 163.302819][ T61] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 163.311426][ T61] head: 00fff00000000040 ffff888015841c80 dead000000000122 0000000000000000 [ 163.320287][ T61] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 163.329160][ T61] head: 00fff00000000002 ffffea0001ec5e01 ffffffffffffffff 0000000000000000 [ 163.337945][ T61] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 163.346710][ T61] page dumped because: kasan: bad access detected [ 163.353120][ T61] page_owner tracks the page as allocated [ 163.358922][ T61] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5743, tgid 5743 (udevd), ts 161724843222, free_ts 161325089563 [ 163.381286][ T61] post_alloc_hook+0x2d1/0x350 [ 163.386093][ T61] get_page_from_freelist+0x1351/0x2e50 [ 163.391676][ T61] __alloc_pages_noprof+0x22b/0x2460 [ 163.397002][ T61] alloc_slab_page+0x4e/0xf0 [ 163.401634][ T61] new_slab+0x84/0x260 [ 163.405747][ T61] ___slab_alloc+0xdac/0x1870 [ 163.410461][ T61] __slab_alloc.constprop.0+0x56/0xb0 [ 163.415873][ T61] __kmalloc_cache_noprof+0x2b4/0x300 [ 163.421284][ T61] kernfs_fop_open+0x28b/0xdb0 [ 163.426329][ T61] do_dentry_open+0x922/0x15f0 [ 163.431146][ T61] vfs_open+0x82/0x3f0 [ 163.435248][ T61] path_openat+0x2141/0x2d20 [ 163.439865][ T61] do_filp_open+0x1dc/0x430 [ 163.444391][ T61] do_sys_openat2+0x17a/0x1e0 [ 163.449102][ T61] __x64_sys_openat+0x175/0x210 [ 163.453988][ T61] do_syscall_64+0xcd/0x250 [ 163.458538][ T61] page last free pid 4674 tgid 4674 stack trace: [ 163.464899][ T61] free_unref_page+0x64a/0xe40 [ 163.469696][ T61] qlist_free_all+0x4e/0x140 [ 163.474312][ T61] kasan_quarantine_reduce+0x192/0x1e0 [ 163.479810][ T61] __kasan_slab_alloc+0x69/0x90 [ 163.484697][ T61] kmem_cache_alloc_noprof+0x121/0x2f0 [ 163.490193][ T61] getname_flags.part.0+0x4c/0x550 [ 163.495361][ T61] getname_flags+0x93/0xf0 [ 163.499817][ T61] vfs_fstatat+0x86/0x160 [ 163.504279][ T61] __do_sys_newfstatat+0xa2/0x130 [ 163.509349][ T61] do_syscall_64+0xcd/0x250 [ 163.513889][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.519834][ T61] [ 163.522158][ T61] Memory state around the buggy address: [ 163.527792][ T61] ffff88807b178500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 163.535864][ T61] ffff88807b178580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 163.544024][ T61] >ffff88807b178600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 163.552092][ T61] ^ [ 163.556166][ T61] ffff88807b178680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 163.564332][ T61] ffff88807b178700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 163.572396][ T61] ================================================================== [ 163.797580][ T5790] loop0: detected capacity change from 0 to 1024 [ 163.927580][ T1046] ================================================================== [ 163.935742][ T1046] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170 [ 163.944501][ T1046] Read of size 2048 at addr ffff8880299be400 by task kworker/u8:6/1046 [ 163.952771][ T1046] [ 163.955114][ T1046] CPU: 1 UID: 0 PID: 1046 Comm: kworker/u8:6 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 163.967474][ T1046] Tainted: [B]=BAD_PAGE [ 163.971650][ T1046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 163.981733][ T1046] Workqueue: loop0 loop_workfn [ 163.986534][ T1046] Call Trace: [ 163.989913][ T1046] [ 163.992860][ T1046] dump_stack_lvl+0x116/0x1f0 [ 163.997567][ T1046] print_report+0xc3/0x620 [ 164.002046][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.007709][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.013374][ T1046] ? __phys_addr+0xc6/0x150 [ 164.017943][ T1046] kasan_report+0xd9/0x110 [ 164.022411][ T1046] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 164.028435][ T1046] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 164.034662][ T1046] kasan_check_range+0xef/0x1a0 [ 164.039629][ T1046] __asan_memcpy+0x23/0x60 [ 164.044092][ T1046] copy_page_from_iter_atomic+0x8bc/0x1170 [ 164.049986][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.055655][ T1046] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 164.061953][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.067636][ T1046] ? shmem_write_begin+0x16f/0x360 [ 164.072791][ T1046] ? __pfx_shmem_write_begin+0x10/0x10 [ 164.078400][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.084254][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.089952][ T1046] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 164.096830][ T1046] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 164.102761][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.108428][ T1046] generic_perform_write+0x53d/0xaa0 [ 164.113766][ T1046] ? __pfx_generic_perform_write+0x10/0x10 [ 164.119639][ T1046] ? __mark_inode_dirty+0x2a6/0xe70 [ 164.124885][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.130543][ T1046] ? preempt_count_add+0x76/0x150 [ 164.135605][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.141262][ T1046] ? mnt_put_write_access_file+0xc1/0xf0 [ 164.146949][ T1046] shmem_file_write_iter+0x114/0x140 [ 164.152285][ T1046] do_iter_readv_writev+0x534/0x800 [ 164.157598][ T1046] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 164.163348][ T1046] ? __pfx___might_resched+0x10/0x10 [ 164.168662][ T1046] vfs_iter_write+0x1eb/0x9c0 [ 164.173370][ T1046] loop_process_work+0x14dd/0x2000 [ 164.178690][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.184370][ T1046] ? __pfx_loop_process_work+0x10/0x10 [ 164.189858][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.195517][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.201175][ T1046] ? rcu_is_watching+0x12/0xc0 [ 164.206071][ T1046] ? lock_acquire+0x47b/0x560 [ 164.210822][ T1046] ? __pfx_lock_release+0x10/0x10 [ 164.215980][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.221641][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.227476][ T1046] ? rcu_is_watching+0x12/0xc0 [ 164.232287][ T1046] process_one_work+0x9c8/0x1b40 [ 164.237281][ T1046] ? __pfx_lock_acquire+0x10/0x10 [ 164.242347][ T1046] ? __pfx_process_one_work+0x10/0x10 [ 164.247765][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.253436][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.259103][ T1046] ? assign_work+0x1a0/0x250 [ 164.263759][ T1046] worker_thread+0x6c8/0xf20 [ 164.268411][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.274334][ T1046] ? __kthread_parkme+0x148/0x220 [ 164.279407][ T1046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.285093][ T1046] ? __pfx_worker_thread+0x10/0x10 [ 164.290272][ T1046] kthread+0x2c4/0x3a0 [ 164.294719][ T1046] ? _raw_spin_unlock_irq+0x23/0x50 [ 164.299956][ T1046] ? __pfx_kthread+0x10/0x10 [ 164.304584][ T1046] ret_from_fork+0x48/0x80 [ 164.309045][ T1046] ? __pfx_kthread+0x10/0x10 [ 164.313836][ T1046] ret_from_fork_asm+0x1a/0x30 [ 164.318654][ T1046] [ 164.321680][ T1046] [ 164.324024][ T1046] Allocated by task 5790: [ 164.328364][ T1046] kasan_save_stack+0x33/0x60 [ 164.333092][ T1046] kasan_save_track+0x14/0x30 [ 164.337820][ T1046] __kasan_kmalloc+0xaa/0xb0 [ 164.342545][ T1046] __kmalloc_noprof+0x1e8/0x400 [ 164.347448][ T1046] hfsplus_read_wrapper+0x34c/0xff0 [ 164.352700][ T1046] hfsplus_fill_super+0x352/0x1bc0 [ 164.357837][ T1046] mount_bdev+0x1e6/0x2d0 [ 164.362361][ T1046] legacy_get_tree+0x10c/0x220 [ 164.367168][ T1046] vfs_get_tree+0x92/0x380 [ 164.371694][ T1046] path_mount+0x14e6/0x1f20 [ 164.376241][ T1046] __x64_sys_mount+0x294/0x320 [ 164.381575][ T1046] do_syscall_64+0xcd/0x250 [ 164.386111][ T1046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.392050][ T1046] [ 164.394376][ T1046] The buggy address belongs to the object at ffff8880299be400 [ 164.394376][ T1046] which belongs to the cache kmalloc-512 of size 512 [ 164.408726][ T1046] The buggy address is located 0 bytes inside of [ 164.408726][ T1046] allocated 512-byte region [ffff8880299be400, ffff8880299be600) [ 164.422826][ T1046] [ 164.425152][ T1046] The buggy address belongs to the physical page: [ 164.431561][ T1046] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x299bc [ 164.440331][ T1046] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 164.448846][ T1046] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 164.456402][ T1046] page_type: 0xfdffffff(slab) [ 164.461095][ T1046] raw: 00fff00000000040 ffff888015841c80 dead000000000100 dead000000000122 [ 164.469697][ T1046] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 164.478325][ T1046] head: 00fff00000000040 ffff888015841c80 dead000000000100 dead000000000122 [ 164.487013][ T1046] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 164.495705][ T1046] head: 00fff00000000002 ffffea0000a66f01 ffffffffffffffff 0000000000000000 [ 164.504395][ T1046] head: ffff888000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 164.513121][ T1046] page dumped because: kasan: bad access detected [ 164.519541][ T1046] page_owner tracks the page as allocated [ 164.525264][ T1046] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4674, tgid 4674 (udevd), ts 65705726479, free_ts 65534211109 [ 164.546241][ T1046] post_alloc_hook+0x2d1/0x350 [ 164.551045][ T1046] get_page_from_freelist+0x1351/0x2e50 [ 164.556805][ T1046] __alloc_pages_noprof+0x22b/0x2460 [ 164.562302][ T1046] alloc_slab_page+0x4e/0xf0 [ 164.566914][ T1046] new_slab+0x84/0x260 [ 164.571007][ T1046] ___slab_alloc+0xdac/0x1870 [ 164.575713][ T1046] __slab_alloc.constprop.0+0x56/0xb0 [ 164.581120][ T1046] __kmalloc_cache_noprof+0x2b4/0x300 [ 164.586527][ T1046] kernfs_fop_open+0x28b/0xdb0 [ 164.591320][ T1046] do_dentry_open+0x922/0x15f0 [ 164.596285][ T1046] vfs_open+0x82/0x3f0 [ 164.600389][ T1046] path_openat+0x2141/0x2d20 [ 164.605001][ T1046] do_filp_open+0x1dc/0x430 [ 164.609627][ T1046] do_sys_openat2+0x17a/0x1e0 [ 164.614341][ T1046] __x64_sys_openat+0x175/0x210 [ 164.619226][ T1046] do_syscall_64+0xcd/0x250 [ 164.623853][ T1046] page last free pid 4679 tgid 4679 stack trace: [ 164.630184][ T1046] free_unref_page+0x64a/0xe40 [ 164.634988][ T1046] rcu_core+0x82b/0x16b0 [ 164.639267][ T1046] handle_softirqs+0x219/0x8f0 [ 164.644050][ T1046] irq_exit_rcu+0xbb/0x120 [ 164.648487][ T1046] sysvec_apic_timer_interrupt+0x95/0xb0 [ 164.654178][ T1046] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 164.660294][ T1046] [ 164.662618][ T1046] Memory state around the buggy address: [ 164.668259][ T1046] ffff8880299be500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 164.676421][ T1046] ffff8880299be580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 164.684495][ T1046] >ffff8880299be600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.692759][ T1046] ^ [ 164.696835][ T1046] ffff8880299be680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.704909][ T1046] ffff8880299be700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.712977][ T1046] ================================================================== [ 164.771587][ T5794] loop5: detected capacity change from 0 to 1024 [ 164.811579][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.822393][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.835548][ T1108] ================================================================== [ 164.843669][ T1108] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8bc/0x1170 [ 164.852399][ T1108] Read of size 2048 at addr ffff8880299be400 by task kworker/u8:7/1108 [ 164.860665][ T1108] [ 164.863003][ T1108] CPU: 1 UID: 0 PID: 1108 Comm: kworker/u8:7 Tainted: G B 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 164.875374][ T1108] Tainted: [B]=BAD_PAGE [ 164.879540][ T1108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 164.889620][ T1108] Workqueue: loop0 loop_workfn [ 164.894433][ T1108] Call Trace: [ 164.897818][ T1108] [ 164.900757][ T1108] dump_stack_lvl+0x116/0x1f0 [ 164.905467][ T1108] print_report+0xc3/0x620 [ 164.909963][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.915627][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.921285][ T1108] ? __phys_addr+0xc6/0x150 [ 164.925825][ T1108] kasan_report+0xd9/0x110 [ 164.930372][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 164.936490][ T1108] ? copy_page_from_iter_atomic+0x8bc/0x1170 [ 164.942517][ T1108] kasan_check_range+0xef/0x1a0 [ 164.947391][ T1108] __asan_memcpy+0x23/0x60 [ 164.951838][ T1108] copy_page_from_iter_atomic+0x8bc/0x1170 [ 164.957688][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.963352][ T1108] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 164.969979][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.975639][ T1108] ? shmem_write_begin+0x16f/0x360 [ 164.980787][ T1108] ? __pfx_shmem_write_begin+0x10/0x10 [ 164.986455][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.992114][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 164.997775][ T1108] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 165.004666][ T1108] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 165.010592][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.016346][ T1108] generic_perform_write+0x53d/0xaa0 [ 165.021676][ T1108] ? __pfx_generic_perform_write+0x10/0x10 [ 165.027515][ T1108] ? __mark_inode_dirty+0x2a6/0xe70 [ 165.032760][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.038476][ T1108] ? preempt_count_add+0x76/0x150 [ 165.043539][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.049199][ T1108] ? mnt_put_write_access_file+0xc1/0xf0 [ 165.054883][ T1108] shmem_file_write_iter+0x114/0x140 [ 165.060215][ T1108] do_iter_readv_writev+0x534/0x800 [ 165.065441][ T1108] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 165.071189][ T1108] ? __pfx___might_resched+0x10/0x10 [ 165.076507][ T1108] vfs_iter_write+0x1eb/0x9c0 [ 165.081209][ T1108] loop_process_work+0x14dd/0x2000 [ 165.086390][ T1108] ? __pfx_loop_process_work+0x10/0x10 [ 165.091887][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.097550][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.103215][ T1108] ? rcu_is_watching+0x12/0xc0 [ 165.108029][ T1108] ? lock_acquire+0x47b/0x560 [ 165.112753][ T1108] ? __pfx_lock_release+0x10/0x10 [ 165.117826][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.123513][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.129258][ T1108] ? rcu_is_watching+0x12/0xc0 [ 165.134069][ T1108] process_one_work+0x9c8/0x1b40 [ 165.139065][ T1108] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 165.146651][ T1108] ? __pfx_process_one_work+0x10/0x10 [ 165.152077][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.157741][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.163532][ T1108] ? assign_work+0x1a0/0x250 [ 165.168372][ T1108] worker_thread+0x6c8/0xf20 [ 165.173021][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.178694][ T1108] ? __kthread_parkme+0x148/0x220 [ 165.183843][ T1108] ? srso_alias_return_thunk+0x5/0xfbef5 [ 165.189508][ T1108] ? __pfx_worker_thread+0x10/0x10 [ 165.194778][ T1108] kthread+0x2c4/0x3a0 [ 165.198966][ T1108] ? _raw_spin_unlock_irq+0x23/0x50 [ 165.204285][ T1108] ? __pfx_kthread+0x10/0x10 [ 165.208902][ T1108] ret_from_fork+0x48/0x80 [ 165.213365][ T1108] ? __pfx_kthread+0x10/0x10 [ 165.217998][ T1108] ret_from_fork_asm+0x1a/0x30 [ 165.222827][ T1108] [ 165.225858][ T1108] [ 165.228186][ T1108] Allocated by task 5790: [ 165.232627][ T1108] kasan_save_stack+0x33/0x60 [ 165.237364][ T1108] kasan_save_track+0x14/0x30 [ 165.242171][ T1108] __kasan_kmalloc+0xaa/0xb0 [ 165.246800][ T1108] __kmalloc_noprof+0x1e8/0x400 [ 165.251880][ T1108] hfsplus_read_wrapper+0x34c/0xff0 [ 165.257101][ T1108] hfsplus_fill_super+0x352/0x1bc0 [ 165.262236][ T1108] mount_bdev+0x1e6/0x2d0 [ 165.266588][ T1108] legacy_get_tree+0x10c/0x220 [ 165.271393][ T1108] vfs_get_tree+0x92/0x380 [ 165.275832][ T1108] path_mount+0x14e6/0x1f20 [ 165.280356][ T1108] __x64_sys_mount+0x294/0x320 [ 165.285142][ T1108] do_syscall_64+0xcd/0x250 [ 165.289680][ T1108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.295614][ T1108] [ 165.297940][ T1108] The buggy address belongs to the object at ffff8880299be400 [ 165.297940][ T1108] which belongs to the cache kmalloc-512 of size 512 [ 165.312032][ T1108] The buggy address is located 0 bytes inside of [ 165.312032][ T1108] allocated 512-byte region [ffff8880299be400, ffff8880299be600) [ 165.326028][ T1108] [ 165.328356][ T1108] The buggy address belongs to the physical page: [ 165.334968][ T1108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x299bc [ 165.343745][ T1108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 165.352267][ T1108] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 165.359827][ T1108] page_type: 0xfdffffff(slab) [ 165.364520][ T1108] raw: 00fff00000000040 ffff888015841c80 dead000000000100 dead000000000122