Warning: Permanently added '10.128.1.136' (ED25519) to the list of known hosts.
executing program
[   33.139775][ T6239] loop0: detected capacity change from 0 to 1024
[   33.193293][  T586] ==================================================================
[   33.195414][  T586] BUG: KASAN: slab-out-of-bounds in copy_page_from_iter_atomic+0xa1c/0x168c
[   33.197694][  T586] Read of size 1024 at addr ffff0000d10a9c00 by task kworker/u8:6/586
[   33.199850][  T586] 
[   33.200448][  T586] CPU: 0 PID: 586 Comm: kworker/u8:6 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
[   33.203066][  T586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   33.205768][  T586] Workqueue: loop0 loop_rootcg_workfn
[   33.207208][  T586] Call trace:
[   33.208080][  T586]  dump_backtrace+0x1b8/0x1e4
[   33.209329][  T586]  show_stack+0x2c/0x3c
[   33.210422][  T586]  dump_stack_lvl+0xe4/0x150
[   33.211662][  T586]  print_report+0x198/0x538
[   33.212877][  T586]  kasan_report+0xd8/0x138
[   33.214039][  T586]  kasan_check_range+0x268/0x2a8
[   33.215341][  T586]  __asan_memcpy+0x3c/0x84
[   33.216518][  T586]  copy_page_from_iter_atomic+0xa1c/0x168c
[   33.218058][  T586]  generic_perform_write+0x310/0x588
[   33.219496][  T586]  shmem_file_write_iter+0x110/0x138
[   33.220897][  T586]  do_iter_readv_writev+0x438/0x658
[   33.222262][  T586]  vfs_iter_write+0x31c/0x6b8
[   33.223558][  T586]  loop_process_work+0x1128/0x1d80
[   33.224880][  T586]  loop_rootcg_workfn+0x28/0x38
[   33.226144][  T586]  process_one_work+0x7b8/0x15d4
[   33.227467][  T586]  worker_thread+0x938/0xef4
[   33.228715][  T586]  kthread+0x288/0x310
[   33.229786][  T586]  ret_from_fork+0x10/0x20
[   33.230941][  T586] 
[   33.231550][  T586] Allocated by task 6239:
[   33.232720][  T586]  kasan_save_track+0x40/0x78
[   33.233984][  T586]  kasan_save_alloc_info+0x40/0x50
[   33.235373][  T586]  __kasan_kmalloc+0xac/0xc4
[   33.236752][  T586]  __kmalloc+0x2b8/0x508
[   33.237935][  T586]  hfsplus_read_wrapper+0x3ac/0xfcc
[   33.239325][  T586]  hfsplus_fill_super+0x2f0/0x166c
[   33.240707][  T586]  mount_bdev+0x1d4/0x2a0
[   33.241889][  T586]  hfsplus_mount+0x44/0x58
[   33.243046][  T586]  legacy_get_tree+0xd4/0x16c
[   33.244378][  T586]  vfs_get_tree+0x90/0x288
[   33.245605][  T586]  do_new_mount+0x278/0x900
[   33.246868][  T586]  path_mount+0x590/0xe04
[   33.248160][  T586]  __arm64_sys_mount+0x45c/0x594
[   33.249484][  T586]  invoke_syscall+0x98/0x2b8
[   33.250714][  T586]  el0_svc_common+0x130/0x23c
[   33.252017][  T586]  do_el0_svc+0x48/0x58
[   33.253160][  T586]  el0_svc+0x54/0x168
[   33.254267][  T586]  el0t_64_sync_handler+0x84/0xfc
[   33.255648][  T586]  el0t_64_sync+0x190/0x194
[   33.256895][  T586] 
[   33.257493][  T586] The buggy address belongs to the object at ffff0000d10a9c00
[   33.257493][  T586]  which belongs to the cache kmalloc-512 of size 512
[   33.261299][  T586] The buggy address is located 0 bytes inside of
[   33.261299][  T586]  allocated 512-byte region [ffff0000d10a9c00, ffff0000d10a9e00)
[   33.265015][  T586] 
[   33.265595][  T586] The buggy address belongs to the physical page:
[   33.267339][  T586] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1110a8
[   33.269713][  T586] head: order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.271780][  T586] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   33.273955][  T586] page_type: 0xffffffff()
[   33.275177][  T586] raw: 05ffc00000000840 ffff0000c0001c80 fffffdffc3634c00 dead000000000002
[   33.277476][  T586] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   33.279785][  T586] head: 05ffc00000000840 ffff0000c0001c80 fffffdffc3634c00 dead000000000002
[   33.282205][  T586] head: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   33.284538][  T586] head: 05ffc00000000002 fffffdffc3442a01 fffffdffc3442a48 00000000ffffffff
[   33.286794][  T586] head: 0000000400000000 0000000000000000 00000000ffffffff 0000000000000000
[   33.289151][  T586] page dumped because: kasan: bad access detected
[   33.290848][  T586] 
[   33.291433][  T586] Memory state around the buggy address:
[   33.292992][  T586]  ffff0000d10a9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.295187][  T586]  ffff0000d10a9d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.297349][  T586] >ffff0000d10a9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.299520][  T586]                    ^
[   33.300620][  T586]  ffff0000d10a9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.302763][  T586]  ffff0000d10a9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.304965][  T586] ==================================================================
[   33.307289][  T586] Disabling lock debugging due to kernel taint