Warning: Permanently added '10.128.1.189' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   37.125275][ T3966] loop0: detected capacity change from 0 to 1024
[   37.193663][  T563] ==================================================================
[   37.195601][  T563] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x834/0xffc
[   37.197492][  T563] Read of size 2048 at addr ffff0000cf7f1000 by task kworker/u4:4/563
[   37.199246][  T563] 
[   37.199747][  T563] CPU: 0 PID: 563 Comm: kworker/u4:4 Not tainted 5.15.110-syzkaller #0
[   37.201557][  T563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   37.203710][  T563] Workqueue: loop0 loop_rootcg_workfn
[   37.204900][  T563] Call trace:
[   37.205629][  T563]  dump_backtrace+0x0/0x530
[   37.206601][  T563]  show_stack+0x2c/0x3c
[   37.207562][  T563]  dump_stack_lvl+0x108/0x170
[   37.208582][  T563]  print_address_description+0x7c/0x3f0
[   37.209739][  T563]  kasan_report+0x174/0x1e4
[   37.210768][  T563]  kasan_check_range+0x274/0x2b4
[   37.211780][  T563]  memcpy+0x90/0xe8
[   37.212642][  T563]  copy_page_from_iter_atomic+0x834/0xffc
[   37.213888][  T563]  generic_perform_write+0x2d0/0x520
[   37.215013][  T563]  __generic_file_write_iter+0x230/0x454
[   37.216255][  T563]  generic_file_write_iter+0xb4/0x1b8
[   37.217427][  T563]  do_iter_readv_writev+0x420/0x5f8
[   37.218621][  T563]  do_iter_write+0x1b8/0x664
[   37.219642][  T563]  vfs_iter_write+0x88/0xac
[   37.220613][  T563]  lo_write_bvec+0x394/0xb4c
[   37.221610][  T563]  loop_process_work+0x1bcc/0x2790
[   37.222716][  T563]  loop_rootcg_workfn+0x28/0x38
[   37.223768][  T563]  process_one_work+0x790/0x11b8
[   37.224863][  T563]  worker_thread+0x910/0x1034
[   37.225947][  T563]  kthread+0x37c/0x45c
[   37.226839][  T563]  ret_from_fork+0x10/0x20
[   37.227814][  T563] 
[   37.228291][  T563] Allocated by task 3966:
[   37.229218][  T563]  ____kasan_kmalloc+0xbc/0xfc
[   37.230252][  T563]  __kasan_kmalloc+0x10/0x1c
[   37.231241][  T563]  __kmalloc+0x29c/0x4c8
[   37.232151][  T563]  hfsplus_read_wrapper+0x3b8/0xfc8
[   37.233234][  T563]  hfsplus_fill_super+0x2f0/0x167c
[   37.234364][  T563]  mount_bdev+0x26c/0x368
[   37.235275][  T563]  hfsplus_mount+0x44/0x58
[   37.236246][  T563]  legacy_get_tree+0xd4/0x16c
[   37.237244][  T563]  vfs_get_tree+0x90/0x274
[   37.238168][  T563]  do_new_mount+0x25c/0x8c8
[   37.239118][  T563]  path_mount+0x590/0x104c
[   37.240071][  T563]  __arm64_sys_mount+0x510/0x5e0
[   37.241093][  T563]  invoke_syscall+0x98/0x2b8
[   37.242126][  T563]  el0_svc_common+0x138/0x258
[   37.243121][  T563]  do_el0_svc+0x58/0x14c
[   37.244019][  T563]  el0_svc+0x7c/0x1f0
[   37.244852][  T563]  el0t_64_sync_handler+0x84/0xe4
[   37.245967][  T563]  el0t_64_sync+0x1a0/0x1a4
[   37.246911][  T563] 
[   37.247406][  T563] The buggy address belongs to the object at ffff0000cf7f1000
[   37.247406][  T563]  which belongs to the cache kmalloc-512 of size 512
[   37.250505][  T563] The buggy address is located 0 bytes inside of
[   37.250505][  T563]  512-byte region [ffff0000cf7f1000, ffff0000cf7f1200)
[   37.253409][  T563] The buggy address belongs to the page:
[   37.254596][  T563] page:0000000030ef9c33 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f7f0
[   37.256831][  T563] head:0000000030ef9c33 order:2 compound_mapcount:0 compound_pincount:0
[   37.258652][  T563] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   37.260399][  T563] raw: 05ffc00000010200 fffffc0003680800 0000000600000006 ffff0000c0002600
[   37.262310][  T563] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   37.264179][  T563] page dumped because: kasan: bad access detected
[   37.265583][  T563] 
[   37.266127][  T563] Memory state around the buggy address:
[   37.267354][  T563]  ffff0000cf7f1100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.269077][  T563]  ffff0000cf7f1180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.270771][  T563] >ffff0000cf7f1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.272464][  T563]                    ^
[   37.273411][  T563]  ffff0000cf7f1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.275214][  T563]  ffff0000cf7f1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.277069][  T563] ==================================================================
[   37.278759][  T563] Disabling lock debugging due to kernel taint