Warning: Permanently added '10.128.1.73' (ED25519) to the list of known hosts.
executing program
[   37.616779][ T3961] loop0: detected capacity change from 0 to 1024
[   37.734392][  T148] ==================================================================
[   37.736569][  T148] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0x834/0xffc
[   37.738845][  T148] Read of size 2048 at addr ffff0000cfa4c400 by task kworker/u4:2/148
[   37.741113][  T148] 
[   37.741716][  T148] CPU: 0 PID: 148 Comm: kworker/u4:2 Not tainted 5.15.151-syzkaller #0
[   37.743941][  T148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   37.746636][  T148] Workqueue: loop0 loop_rootcg_workfn
[   37.748057][  T148] Call trace:
[   37.748900][  T148]  dump_backtrace+0x0/0x530
[   37.750116][  T148]  show_stack+0x2c/0x3c
[   37.751214][  T148]  dump_stack_lvl+0x108/0x170
[   37.752467][  T148]  print_address_description+0x7c/0x3f0
[   37.754014][  T148]  kasan_report+0x174/0x1e4
[   37.755249][  T148]  kasan_check_range+0x274/0x2b4
[   37.756513][  T148]  memcpy+0x90/0xe8
[   37.757528][  T148]  copy_page_from_iter_atomic+0x834/0xffc
[   37.759055][  T148]  generic_perform_write+0x2d0/0x520
[   37.760386][  T148]  __generic_file_write_iter+0x230/0x454
[   37.761831][  T148]  generic_file_write_iter+0xb4/0x1b8
[   37.763268][  T148]  do_iter_readv_writev+0x420/0x5f8
[   37.764737][  T148]  do_iter_write+0x1b8/0x664
[   37.765934][  T148]  vfs_iter_write+0x88/0xac
[   37.767132][  T148]  lo_write_bvec+0x394/0xb4c
[   37.768360][  T148]  loop_process_work+0x1f24/0x2798
[   37.769795][  T148]  loop_rootcg_workfn+0x28/0x38
[   37.771174][  T148]  process_one_work+0x790/0x11b8
[   37.772553][  T148]  worker_thread+0x910/0x1034
[   37.773835][  T148]  kthread+0x37c/0x45c
[   37.774904][  T148]  ret_from_fork+0x10/0x20
[   37.776094][  T148] 
[   37.776700][  T148] Allocated by task 3961:
[   37.777889][  T148]  ____kasan_kmalloc+0xbc/0xfc
[   37.779142][  T148]  __kasan_kmalloc+0x10/0x1c
[   37.780403][  T148]  __kmalloc+0x29c/0x4c8
[   37.781553][  T148]  hfsplus_read_wrapper+0x3b8/0xfc8
[   37.782943][  T148]  hfsplus_fill_super+0x2f0/0x167c
[   37.784355][  T148]  mount_bdev+0x274/0x370
[   37.785496][  T148]  hfsplus_mount+0x44/0x58
[   37.786670][  T148]  legacy_get_tree+0xd4/0x16c
[   37.787903][  T148]  vfs_get_tree+0x90/0x274
[   37.789111][  T148]  do_new_mount+0x278/0x8fc
[   37.790344][  T148]  path_mount+0x594/0x101c
[   37.791569][  T148]  __arm64_sys_mount+0x510/0x5e0
[   37.792913][  T148]  invoke_syscall+0x98/0x2b8
[   37.794208][  T148]  el0_svc_common+0x138/0x258
[   37.795501][  T148]  do_el0_svc+0x58/0x14c
[   37.796631][  T148]  el0_svc+0x7c/0x1f0
[   37.797696][  T148]  el0t_64_sync_handler+0x84/0xe4
[   37.799029][  T148]  el0t_64_sync+0x1a0/0x1a4
[   37.800233][  T148] 
[   37.800865][  T148] The buggy address belongs to the object at ffff0000cfa4c400
[   37.800865][  T148]  which belongs to the cache kmalloc-512 of size 512
[   37.804637][  T148] The buggy address is located 0 bytes inside of
[   37.804637][  T148]  512-byte region [ffff0000cfa4c400, ffff0000cfa4c600)
[   37.808103][  T148] The buggy address belongs to the page:
[   37.809643][  T148] page:00000000fe94b7fa refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fa4c
[   37.812392][  T148] head:00000000fe94b7fa order:2 compound_mapcount:0 compound_pincount:0
[   37.814631][  T148] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   37.816814][  T148] raw: 05ffc00000010200 0000000000000000 0000000200000001 ffff0000c0002600
[   37.819089][  T148] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   37.821402][  T148] page dumped because: kasan: bad access detected
[   37.823091][  T148] 
[   37.823741][  T148] Memory state around the buggy address:
[   37.825284][  T148]  ffff0000cfa4c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.827469][  T148]  ffff0000cfa4c580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.829732][  T148] >ffff0000cfa4c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.831920][  T148]                    ^
[   37.833025][  T148]  ffff0000cfa4c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.835115][  T148]  ffff0000cfa4c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.837184][  T148] ==================================================================
[   37.839381][  T148] Disabling lock debugging due to kernel taint