Warning: Permanently added '10.128.1.158' (ED25519) to the list of known hosts.
executing program
[   46.376825][ T3563] loop0: detected capacity change from 0 to 1024
[   46.414756][ T3563] =======================================================
[   46.414756][ T3563] WARNING: The mand mount option has been deprecated and
[   46.414756][ T3563]          and is ignored by this kernel. Remove the mand
[   46.414756][ T3563]          option from the mount to silence this warning.
[   46.414756][ T3563] =======================================================
[   46.600306][  T154] ==================================================================
[   46.608516][  T154] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x8e3/0x1230
[   46.617209][  T154] Read of size 2048 at addr ffff888028c9e000 by task kworker/u4:2/154
[   46.625357][  T154] 
[   46.627665][  T154] CPU: 0 PID: 154 Comm: kworker/u4:2 Not tainted 5.15.166-syzkaller #0
[   46.635885][  T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   46.646036][  T154] Workqueue: loop0 loop_rootcg_workfn
[   46.651396][  T154] Call Trace:
[   46.654666][  T154]  <TASK>
[   46.657577][  T154]  dump_stack_lvl+0x1e3/0x2d0
[   46.662232][  T154]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   46.667850][  T154]  ? _printk+0xd1/0x120
[   46.671980][  T154]  ? __wake_up_klogd+0xcc/0x100
[   46.676803][  T154]  ? panic+0x860/0x860
[   46.680844][  T154]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   46.686288][  T154]  print_address_description+0x63/0x3b0
[   46.691808][  T154]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   46.697786][  T154]  kasan_report+0x16b/0x1c0
[   46.702263][  T154]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   46.708220][  T154]  kasan_check_range+0x27e/0x290
[   46.713146][  T154]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   46.719127][  T154]  memcpy+0x25/0x60
[   46.722931][  T154]  copy_page_from_iter_atomic+0x8e3/0x1230
[   46.728718][  T154]  ? shmem_getpage+0xa0/0xa0
[   46.733458][  T154]  ? pipe_zero+0x4f0/0x4f0
[   46.737853][  T154]  ? __lock_acquire+0x1295/0x1ff0
[   46.742951][  T154]  generic_perform_write+0x33a/0x5b0
[   46.748218][  T154]  ? grab_cache_page_write_begin+0x90/0x90
[   46.754000][  T154]  ? file_remove_privs+0x610/0x610
[   46.759088][  T154]  ? rwsem_write_trylock+0x166/0x210
[   46.764351][  T154]  __generic_file_write_iter+0x243/0x4f0
[   46.769960][  T154]  generic_file_write_iter+0xa7/0x1b0
[   46.775305][  T154]  do_iter_readv_writev+0x594/0x7a0
[   46.780580][  T154]  ? generic_file_rw_checks+0x260/0x260
[   46.786117][  T154]  ? common_file_perm+0x17d/0x1d0
[   46.791118][  T154]  ? fsnotify_perm+0x64/0x590
[   46.795786][  T154]  ? security_file_permission+0x75/0xa0
[   46.801482][  T154]  do_iter_write+0x1e6/0x760
[   46.806133][  T154]  ? rcu_read_lock_any_held+0xb3/0x160
[   46.811662][  T154]  ? vfs_iter_write+0x69/0xa0
[   46.816316][  T154]  lo_write_bvec+0x297/0x740
[   46.820883][  T154]  ? lo_rw_aio+0xd80/0xd80
[   46.825275][  T154]  ? do_raw_spin_unlock+0x137/0x8b0
[   46.830480][  T154]  ? kthread_associate_blkcg+0x2fd/0x590
[   46.836306][  T154]  ? _raw_spin_unlock_irq+0x1f/0x40
[   46.841507][  T154]  loop_process_work+0x2309/0x2af0
[   46.846618][  T154]  ? rcu_lock_release+0x20/0x20
[   46.851573][  T154]  ? read_lock_is_recursive+0x10/0x10
[   46.856924][  T154]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   46.862884][  T154]  ? print_irqtrace_events+0x210/0x210
[   46.868319][  T154]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   46.874192][  T154]  ? do_raw_spin_unlock+0x137/0x8b0
[   46.879369][  T154]  process_one_work+0x8a1/0x10c0
[   46.884291][  T154]  ? worker_detach_from_pool+0x260/0x260
[   46.889897][  T154]  ? _raw_spin_lock_irqsave+0x120/0x120
[   46.895415][  T154]  ? kthread_data+0x4e/0xc0
[   46.899894][  T154]  ? wq_worker_running+0x97/0x170
[   46.904895][  T154]  worker_thread+0xaca/0x1280
[   46.909571][  T154]  kthread+0x3f6/0x4f0
[   46.913618][  T154]  ? rcu_lock_release+0x20/0x20
[   46.918450][  T154]  ? kthread_blkcg+0xd0/0xd0
[   46.923037][  T154]  ret_from_fork+0x1f/0x30
[   46.927551][  T154]  </TASK>
[   46.930576][  T154] 
[   46.932888][  T154] Allocated by task 3563:
[   46.937196][  T154]  ____kasan_kmalloc+0xba/0xf0
[   46.941947][  T154]  __kmalloc+0x168/0x300
[   46.946168][  T154]  hfsplus_read_wrapper+0x4e3/0x13b0
[   46.951428][  T154]  hfsplus_fill_super+0x38a/0x1c90
[   46.956516][  T154]  mount_bdev+0x2c9/0x3f0
[   46.960821][  T154]  legacy_get_tree+0xeb/0x180
[   46.965576][  T154]  vfs_get_tree+0x88/0x270
[   46.969964][  T154]  do_new_mount+0x2ba/0xb40
[   46.974437][  T154]  __se_sys_mount+0x2d5/0x3c0
[   46.979097][  T154]  do_syscall_64+0x3b/0xb0
[   46.983483][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   46.989348][  T154] 
[   46.991644][  T154] The buggy address belongs to the object at ffff888028c9e000
[   46.991644][  T154]  which belongs to the cache kmalloc-512 of size 512
[   47.005758][  T154] The buggy address is located 0 bytes inside of
[   47.005758][  T154]  512-byte region [ffff888028c9e000, ffff888028c9e200)
[   47.018839][  T154] The buggy address belongs to the page:
[   47.024621][  T154] page:ffffea0000a32700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28c9c
[   47.034750][  T154] head:ffffea0000a32700 order:2 compound_mapcount:0 compound_pincount:0
[   47.043059][  T154] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   47.051015][  T154] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017041c80
[   47.059571][  T154] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   47.068121][  T154] page dumped because: kasan: bad access detected
[   47.074506][  T154] page_owner tracks the page as allocated
[   47.080188][  T154] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3563, ts 46370829577, free_ts 36882141059
[   47.099357][  T154]  get_page_from_freelist+0x322a/0x33c0
[   47.104884][  T154]  __alloc_pages+0x272/0x700
[   47.109449][  T154]  new_slab+0xbb/0x4b0
[   47.113489][  T154]  ___slab_alloc+0x6f6/0xe10
[   47.118057][  T154]  kmem_cache_alloc_trace+0x1a0/0x290
[   47.123419][  T154]  binderfs_fill_super+0x60b/0xe40
[   47.128540][  T154]  get_tree_nodev+0xaf/0x160
[   47.133099][  T154]  vfs_get_tree+0x88/0x270
[   47.137497][  T154]  do_new_mount+0x2ba/0xb40
[   47.141970][  T154]  __se_sys_mount+0x2d5/0x3c0
[   47.146620][  T154]  do_syscall_64+0x3b/0xb0
[   47.151095][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   47.156964][  T154] page last free stack trace:
[   47.161609][  T154]  free_unref_page_prepare+0xc34/0xcf0
[   47.167132][  T154]  free_unref_page+0x95/0x2d0
[   47.171791][  T154]  skb_release_data+0x411/0x8a0
[   47.176617][  T154]  __kfree_skb+0x4c/0x60
[   47.180832][  T154]  tcp_recvmsg_locked+0x1629/0x29b0
[   47.186000][  T154]  tcp_recvmsg+0x24e/0x7f0
[   47.190387][  T154]  inet_recvmsg+0x157/0x280
[   47.194858][  T154]  sock_read_iter+0x353/0x480
[   47.199506][  T154]  vfs_read+0xa93/0xe10
[   47.203633][  T154]  ksys_read+0x1a2/0x2c0
[   47.207864][  T154]  do_syscall_64+0x3b/0xb0
[   47.212248][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   47.218115][  T154] 
[   47.220411][  T154] Memory state around the buggy address:
[   47.226014][  T154]  ffff888028c9e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.234244][  T154]  ffff888028c9e180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.242360][  T154] >ffff888028c9e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.250475][  T154]                    ^
[   47.254516][  T154]  ffff888028c9e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.262566][  T154]  ffff888028c9e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.270604][  T154] ==================================================================
[   47.278637][  T154] Disabling lock debugging due to kernel taint
[   47.284915][  T154] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   47.292098][  T154] CPU: 0 PID: 154 Comm: kworker/u4:2 Tainted: G    B             5.15.166-syzkaller #0
[   47.301735][  T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   47.311766][  T154] Workqueue: loop0 loop_rootcg_workfn
[   47.317122][  T154] Call Trace:
[   47.320377][  T154]  <TASK>
[   47.323282][  T154]  dump_stack_lvl+0x1e3/0x2d0
[   47.327944][  T154]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   47.333551][  T154]  ? panic+0x860/0x860
[   47.337595][  T154]  ? lock_release+0xb9/0x9a0
[   47.342172][  T154]  ? rcu_is_watching+0x11/0xa0
[   47.346909][  T154]  panic+0x318/0x860
[   47.350881][  T154]  ? check_panic_on_warn+0x1d/0xa0
[   47.355963][  T154]  ? fb_is_primary_device+0xd0/0xd0
[   47.361132][  T154]  ? _raw_spin_unlock_irqrestore+0xd4/0x130
[   47.366996][  T154]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   47.372858][  T154]  ? _raw_spin_unlock+0x40/0x40
[   47.377679][  T154]  ? print_memory_metadata+0xe2/0x140
[   47.383026][  T154]  check_panic_on_warn+0x7e/0xa0
[   47.387936][  T154]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   47.393894][  T154]  end_report+0x6d/0xf0
[   47.398022][  T154]  kasan_report+0x18e/0x1c0
[   47.402495][  T154]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   47.408447][  T154]  kasan_check_range+0x27e/0x290
[   47.413357][  T154]  ? copy_page_from_iter_atomic+0x8e3/0x1230
[   47.419307][  T154]  memcpy+0x25/0x60
[   47.423105][  T154]  copy_page_from_iter_atomic+0x8e3/0x1230
[   47.428885][  T154]  ? shmem_getpage+0xa0/0xa0
[   47.433492][  T154]  ? pipe_zero+0x4f0/0x4f0
[   47.437882][  T154]  ? __lock_acquire+0x1295/0x1ff0
[   47.442886][  T154]  generic_perform_write+0x33a/0x5b0
[   47.448166][  T154]  ? grab_cache_page_write_begin+0x90/0x90
[   47.453954][  T154]  ? file_remove_privs+0x610/0x610
[   47.459040][  T154]  ? rwsem_write_trylock+0x166/0x210
[   47.464568][  T154]  __generic_file_write_iter+0x243/0x4f0
[   47.470218][  T154]  generic_file_write_iter+0xa7/0x1b0
[   47.475584][  T154]  do_iter_readv_writev+0x594/0x7a0
[   47.480762][  T154]  ? generic_file_rw_checks+0x260/0x260
[   47.486281][  T154]  ? common_file_perm+0x17d/0x1d0
[   47.491454][  T154]  ? fsnotify_perm+0x64/0x590
[   47.496109][  T154]  ? security_file_permission+0x75/0xa0
[   47.501629][  T154]  do_iter_write+0x1e6/0x760
[   47.506192][  T154]  ? rcu_read_lock_any_held+0xb3/0x160
[   47.511632][  T154]  ? vfs_iter_write+0x69/0xa0
[   47.516293][  T154]  lo_write_bvec+0x297/0x740
[   47.520950][  T154]  ? lo_rw_aio+0xd80/0xd80
[   47.525357][  T154]  ? do_raw_spin_unlock+0x137/0x8b0
[   47.530537][  T154]  ? kthread_associate_blkcg+0x2fd/0x590
[   47.536323][  T154]  ? _raw_spin_unlock_irq+0x1f/0x40
[   47.541507][  T154]  loop_process_work+0x2309/0x2af0
[   47.546629][  T154]  ? rcu_lock_release+0x20/0x20
[   47.551487][  T154]  ? read_lock_is_recursive+0x10/0x10
[   47.556835][  T154]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   47.562788][  T154]  ? print_irqtrace_events+0x210/0x210
[   47.568306][  T154]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   47.574176][  T154]  ? do_raw_spin_unlock+0x137/0x8b0
[   47.579555][  T154]  process_one_work+0x8a1/0x10c0
[   47.584479][  T154]  ? worker_detach_from_pool+0x260/0x260
[   47.590159][  T154]  ? _raw_spin_lock_irqsave+0x120/0x120
[   47.595808][  T154]  ? kthread_data+0x4e/0xc0
[   47.600311][  T154]  ? wq_worker_running+0x97/0x170
[   47.605312][  T154]  worker_thread+0xaca/0x1280
[   47.609973][  T154]  kthread+0x3f6/0x4f0
[   47.614013][  T154]  ? rcu_lock_release+0x20/0x20
[   47.618835][  T154]  ? kthread_blkcg+0xd0/0xd0
[   47.623400][  T154]  ret_from_fork+0x1f/0x30
[   47.627800][  T154]  </TASK>
[   47.631021][  T154] Kernel Offset: disabled
[   47.635342][  T154] Rebooting in 86400 seconds..