Warning: Permanently added '10.128.0.60' (ED25519) to the list of known hosts.
executing program
syzkaller login: [   41.629507][ T3500] loop0: detected capacity change from 0 to 1024
[   41.796707][ T1237] ==================================================================
[   41.805465][ T1237] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8e3/0x1230
[   41.814185][ T1237] Read of size 1024 at addr ffff88807abfec00 by task kworker/u4:4/1237
[   41.822400][ T1237] 
[   41.824709][ T1237] CPU: 0 PID: 1237 Comm: kworker/u4:4 Not tainted 5.15.158-syzkaller #0
[   41.833019][ T1237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   41.843051][ T1237] Workqueue: loop0 loop_rootcg_workfn
[   41.848407][ T1237] Call Trace:
[   41.851667][ T1237]  <TASK>
[   41.854580][ T1237]  dump_stack_lvl+0x1e3/0x2d0
[   41.859240][ T1237]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   41.864847][ T1237]  ? _printk+0xd1/0x120
[   41.868983][ T1237]  ? __wake_up_klogd+0xcc/0x100
[   41.873811][ T1237]  ? panic+0x860/0x860
[   41.877854][ T1237]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   41.883295][ T1237]  print_address_description+0x63/0x3b0
[   41.888831][ T1237]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   41.894793][ T1237]  kasan_report+0x16b/0x1c0
[   41.899281][ T1237]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   41.905238][ T1237]  kasan_check_range+0x27e/0x290
[   41.910175][ T1237]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   41.916133][ T1237]  memcpy+0x25/0x60
[   41.919917][ T1237]  copy_page_from_iter_atomic+0x8e3/0x1230
[   41.925703][ T1237]  ? shmem_getpage+0xa0/0xa0
[   41.930288][ T1237]  ? pipe_zero+0x4f0/0x4f0
[   41.934676][ T1237]  ? __lock_acquire+0x1295/0x1ff0
[   41.939689][ T1237]  generic_perform_write+0x33a/0x5b0
[   41.945044][ T1237]  ? grab_cache_page_write_begin+0x90/0x90
[   41.950828][ T1237]  ? file_remove_privs+0x610/0x610
[   41.955914][ T1237]  ? rwsem_write_trylock+0x166/0x210
[   41.961177][ T1237]  __generic_file_write_iter+0x243/0x4f0
[   41.966786][ T1237]  generic_file_write_iter+0xa7/0x1b0
[   41.972135][ T1237]  do_iter_readv_writev+0x594/0x7a0
[   41.977323][ T1237]  ? generic_file_rw_checks+0x260/0x260
[   41.982845][ T1237]  ? common_file_perm+0x17d/0x1d0
[   41.987848][ T1237]  ? fsnotify_perm+0x67/0x5a0
[   41.992501][ T1237]  ? bpf_lsm_file_permission+0x5/0x10
[   41.997860][ T1237]  do_iter_write+0x1ea/0x760
[   42.002442][ T1237]  ? rcu_read_lock_any_held+0xb3/0x160
[   42.007887][ T1237]  ? vfs_iter_write+0x69/0xa0
[   42.012546][ T1237]  lo_write_bvec+0x297/0x740
[   42.017123][ T1237]  ? lo_rw_aio+0xd80/0xd80
[   42.021524][ T1237]  ? do_raw_spin_unlock+0x137/0x8b0
[   42.026701][ T1237]  ? kthread_associate_blkcg+0x2fd/0x590
[   42.032312][ T1237]  ? _raw_spin_unlock_irq+0x1f/0x40
[   42.037492][ T1237]  loop_process_work+0x2309/0x2af0
[   42.042601][ T1237]  ? rcu_lock_release+0x20/0x20
[   42.047441][ T1237]  ? read_lock_is_recursive+0x10/0x10
[   42.052791][ T1237]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   42.058758][ T1237]  ? print_irqtrace_events+0x210/0x210
[   42.064193][ T1237]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   42.070083][ T1237]  ? do_raw_spin_unlock+0x137/0x8b0
[   42.075260][ T1237]  process_one_work+0x8a1/0x10c0
[   42.080183][ T1237]  ? worker_detach_from_pool+0x260/0x260
[   42.085810][ T1237]  ? _raw_spin_lock_irqsave+0x120/0x120
[   42.091330][ T1237]  ? kthread_data+0x4e/0xc0
[   42.095810][ T1237]  ? wq_worker_running+0x97/0x170
[   42.100812][ T1237]  worker_thread+0xaca/0x1280
[   42.105559][ T1237]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   42.111441][ T1237]  kthread+0x3f6/0x4f0
[   42.115486][ T1237]  ? rcu_lock_release+0x20/0x20
[   42.120310][ T1237]  ? kthread_blkcg+0xd0/0xd0
[   42.124875][ T1237]  ret_from_fork+0x1f/0x30
[   42.129275][ T1237]  </TASK>
[   42.132269][ T1237] 
[   42.134569][ T1237] Allocated by task 3500:
[   42.138866][ T1237]  ____kasan_kmalloc+0xba/0xf0
[   42.143602][ T1237]  __kmalloc+0x168/0x300
[   42.147819][ T1237]  hfsplus_read_wrapper+0x4e3/0x13b0
[   42.153089][ T1237]  hfsplus_fill_super+0x38a/0x1c90
[   42.158195][ T1237]  mount_bdev+0x2c9/0x3f0
[   42.162515][ T1237]  legacy_get_tree+0xeb/0x180
[   42.167170][ T1237]  vfs_get_tree+0x88/0x270
[   42.171581][ T1237]  do_new_mount+0x2ba/0xb40
[   42.176073][ T1237]  __se_sys_mount+0x2d5/0x3c0
[   42.180726][ T1237]  do_syscall_64+0x3b/0xb0
[   42.185121][ T1237]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   42.191002][ T1237] 
[   42.193311][ T1237] The buggy address belongs to the object at ffff88807abfec00
[   42.193311][ T1237]  which belongs to the cache kmalloc-512 of size 512
[   42.207335][ T1237] The buggy address is located 0 bytes inside of
[   42.207335][ T1237]  512-byte region [ffff88807abfec00, ffff88807abfee00)
[   42.220422][ T1237] The buggy address belongs to the page:
[   42.226024][ T1237] page:ffffea0001eaff00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7abfc
[   42.236148][ T1237] head:ffffea0001eaff00 order:2 compound_mapcount:0 compound_pincount:0
[   42.244466][ T1237] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   42.252436][ T1237] raw: 00fff00000010200 0000000000000000 0000000a00000001 ffff888011c41c80
[   42.261032][ T1237] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   42.269596][ T1237] page dumped because: kasan: bad access detected
[   42.275987][ T1237] page_owner tracks the page as allocated
[   42.281704][ T1237] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2964, ts 13748145428, free_ts 11348326457
[   42.300864][ T1237]  get_page_from_freelist+0x322a/0x33c0
[   42.306397][ T1237]  __alloc_pages+0x272/0x700
[   42.310960][ T1237]  new_slab+0xbb/0x4b0
[   42.315001][ T1237]  ___slab_alloc+0x6f6/0xe10
[   42.319565][ T1237]  kmem_cache_alloc_trace+0x1a0/0x290
[   42.324910][ T1237]  kernfs_fop_open+0x3b5/0xbc0
[   42.329646][ T1237]  do_dentry_open+0x807/0xfb0
[   42.334295][ T1237]  path_openat+0x2705/0x2f20
[   42.338857][ T1237]  do_filp_open+0x21c/0x460
[   42.343336][ T1237]  do_sys_openat2+0x13b/0x500
[   42.347991][ T1237]  __x64_sys_openat+0x243/0x290
[   42.352818][ T1237]  do_syscall_64+0x3b/0xb0
[   42.357207][ T1237]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   42.363074][ T1237] page last free stack trace:
[   42.367806][ T1237]  free_unref_page_prepare+0xc34/0xcf0
[   42.373237][ T1237]  free_unref_page+0x95/0x2d0
[   42.377886][ T1237]  free_contig_range+0x95/0xf0
[   42.382622][ T1237]  destroy_args+0xfe/0x980
[   42.387012][ T1237]  debug_vm_pgtable+0x40d/0x470
[   42.391837][ T1237]  do_one_initcall+0x22b/0x7a0
[   42.396578][ T1237]  do_initcall_level+0x157/0x210
[   42.401492][ T1237]  do_initcalls+0x49/0x90
[   42.405796][ T1237]  kernel_init_freeable+0x425/0x5c0
[   42.410967][ T1237]  kernel_init+0x19/0x290
[   42.415270][ T1237]  ret_from_fork+0x1f/0x30
[   42.419660][ T1237] 
[   42.421955][ T1237] Memory state around the buggy address:
[   42.427558][ T1237]  ffff88807abfed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.435589][ T1237]  ffff88807abfed80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.443625][ T1237] >ffff88807abfee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.451653][ T1237]                    ^
[   42.455695][ T1237]  ffff88807abfee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.463728][ T1237]  ffff88807abfef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.471756][ T1237] ==================================================================
[   42.479874][ T1237] Disabling lock debugging due to kernel taint
[   42.486139][ T1237] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   42.493312][ T1237] CPU: 0 PID: 1237 Comm: kworker/u4:4 Tainted: G    B             5.15.158-syzkaller #0
[   42.503089][ T1237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   42.513127][ T1237] Workqueue: loop0 loop_rootcg_workfn
[   42.518491][ T1237] Call Trace:
[   42.521743][ T1237]  <TASK>
[   42.524676][ T1237]  dump_stack_lvl+0x1e3/0x2d0
[   42.529332][ T1237]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   42.534938][ T1237]  ? panic+0x860/0x860
[   42.538980][ T1237]  ? rcu_is_watching+0x11/0xa0
[   42.543713][ T1237]  panic+0x318/0x860
[   42.547582][ T1237]  ? check_panic_on_warn+0x1d/0xa0
[   42.552667][ T1237]  ? fb_is_primary_device+0xd0/0xd0
[   42.557842][ T1237]  ? _raw_spin_unlock_irqrestore+0xd4/0x130
[   42.563707][ T1237]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   42.569571][ T1237]  ? _raw_spin_unlock+0x40/0x40
[   42.574393][ T1237]  ? print_memory_metadata+0xe2/0x140
[   42.579746][ T1237]  check_panic_on_warn+0x7e/0xa0
[   42.584656][ T1237]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   42.590609][ T1237]  end_report+0x6d/0xf0
[   42.594744][ T1237]  kasan_report+0x18e/0x1c0
[   42.599228][ T1237]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   42.605190][ T1237]  kasan_check_range+0x27e/0x290
[   42.610101][ T1237]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   42.616053][ T1237]  memcpy+0x25/0x60
[   42.619832][ T1237]  copy_page_from_iter_atomic+0x8e3/0x1230
[   42.625613][ T1237]  ? shmem_getpage+0xa0/0xa0
[   42.630173][ T1237]  ? pipe_zero+0x4f0/0x4f0
[   42.634559][ T1237]  ? __lock_acquire+0x1295/0x1ff0
[   42.639555][ T1237]  generic_perform_write+0x33a/0x5b0
[   42.644823][ T1237]  ? grab_cache_page_write_begin+0x90/0x90
[   42.650628][ T1237]  ? file_remove_privs+0x610/0x610
[   42.655712][ T1237]  ? rwsem_write_trylock+0x166/0x210
[   42.660970][ T1237]  __generic_file_write_iter+0x243/0x4f0
[   42.666590][ T1237]  generic_file_write_iter+0xa7/0x1b0
[   42.671934][ T1237]  do_iter_readv_writev+0x594/0x7a0
[   42.677118][ T1237]  ? generic_file_rw_checks+0x260/0x260
[   42.682639][ T1237]  ? common_file_perm+0x17d/0x1d0
[   42.687635][ T1237]  ? fsnotify_perm+0x67/0x5a0
[   42.692286][ T1237]  ? bpf_lsm_file_permission+0x5/0x10
[   42.697630][ T1237]  do_iter_write+0x1ea/0x760
[   42.702194][ T1237]  ? rcu_read_lock_any_held+0xb3/0x160
[   42.707628][ T1237]  ? vfs_iter_write+0x69/0xa0
[   42.712278][ T1237]  lo_write_bvec+0x297/0x740
[   42.716849][ T1237]  ? lo_rw_aio+0xd80/0xd80
[   42.721236][ T1237]  ? do_raw_spin_unlock+0x137/0x8b0
[   42.726406][ T1237]  ? kthread_associate_blkcg+0x2fd/0x590
[   42.732011][ T1237]  ? _raw_spin_unlock_irq+0x1f/0x40
[   42.737184][ T1237]  loop_process_work+0x2309/0x2af0
[   42.742271][ T1237]  ? rcu_lock_release+0x20/0x20
[   42.747099][ T1237]  ? read_lock_is_recursive+0x10/0x10
[   42.752445][ T1237]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   42.758397][ T1237]  ? print_irqtrace_events+0x210/0x210
[   42.763826][ T1237]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   42.769709][ T1237]  ? do_raw_spin_unlock+0x137/0x8b0
[   42.774879][ T1237]  process_one_work+0x8a1/0x10c0
[   42.779794][ T1237]  ? worker_detach_from_pool+0x260/0x260
[   42.785399][ T1237]  ? _raw_spin_lock_irqsave+0x120/0x120
[   42.791003][ T1237]  ? kthread_data+0x4e/0xc0
[   42.795482][ T1237]  ? wq_worker_running+0x97/0x170
[   42.800493][ T1237]  worker_thread+0xaca/0x1280
[   42.805142][ T1237]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   42.811014][ T1237]  kthread+0x3f6/0x4f0
[   42.815055][ T1237]  ? rcu_lock_release+0x20/0x20
[   42.819876][ T1237]  ? kthread_blkcg+0xd0/0xd0
[   42.824437][ T1237]  ret_from_fork+0x1f/0x30
[   42.828828][ T1237]  </TASK>
[   42.832079][ T1237] Kernel Offset: disabled
[   42.836386][ T1237] Rebooting in 86400 seconds..