Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts.
executing program
[   35.193761][ T6243] loop0: detected capacity change from 0 to 32768
[   35.204719][ T6243] ==================================================================
[   35.206717][ T6243] BUG: KASAN: slab-out-of-bounds in bch2_sb_downgrade_to_text+0xe58/0x1354
[   35.208618][ T6243] Read of size 2 at addr ffff0000d6c62000 by task syz-executor229/6243
[   35.210631][ T6243] 
[   35.211155][ T6243] CPU: 0 PID: 6243 Comm: syz-executor229 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
[   35.213463][ T6243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   35.215808][ T6243] Call trace:
[   35.216587][ T6243]  dump_backtrace+0x1b8/0x1e4
[   35.217701][ T6243]  show_stack+0x2c/0x3c
[   35.218692][ T6243]  dump_stack_lvl+0xe4/0x150
[   35.219862][ T6243]  print_report+0x198/0x538
[   35.220940][ T6243]  kasan_report+0xd8/0x138
[   35.221960][ T6243]  __asan_report_load2_noabort+0x20/0x2c
[   35.223289][ T6243]  bch2_sb_downgrade_to_text+0xe58/0x1354
[   35.224660][ T6243]  bch2_sb_field_to_text+0x1a4/0x234
[   35.225918][ T6243]  bch2_sb_field_validate+0x1cc/0x298
[   35.227163][ T6243]  bch2_sb_validate+0x918/0xbf8
[   35.228298][ T6243]  __bch2_read_super+0xa4c/0x10a8
[   35.229465][ T6243]  bch2_read_super+0x38/0x4c
[   35.230593][ T6243]  bch2_fs_open+0x1e0/0xb64
[   35.231657][ T6243]  bch2_mount+0x558/0xe10
[   35.232669][ T6243]  legacy_get_tree+0xd4/0x16c
[   35.233825][ T6243]  vfs_get_tree+0x90/0x288
[   35.234809][ T6243]  do_new_mount+0x278/0x900
[   35.235813][ T6243]  path_mount+0x590/0xe04
[   35.236798][ T6243]  __arm64_sys_mount+0x45c/0x594
[   35.237879][ T6243]  invoke_syscall+0x98/0x2b8
[   35.238983][ T6243]  el0_svc_common+0x130/0x23c
[   35.240094][ T6243]  do_el0_svc+0x48/0x58
[   35.241115][ T6243]  el0_svc+0x54/0x168
[   35.242039][ T6243]  el0t_64_sync_handler+0x84/0xfc
[   35.243202][ T6243]  el0t_64_sync+0x190/0x194
[   35.244216][ T6243] 
[   35.244751][ T6243] Allocated by task 6243:
[   35.245691][ T6243]  kasan_save_track+0x40/0x78
[   35.246729][ T6243]  kasan_save_alloc_info+0x40/0x50
[   35.247943][ T6243]  __kasan_kmalloc+0xac/0xc4
[   35.249025][ T6243]  __kmalloc_node_track_caller+0x2e4/0x544
[   35.250278][ T6243]  krealloc+0x94/0x148
[   35.251241][ T6243]  bch2_sb_realloc+0x284/0x564
[   35.252392][ T6243]  read_one_super+0x6c8/0x2614
[   35.253507][ T6243]  __bch2_read_super+0x714/0x10a8
[   35.254674][ T6243]  bch2_read_super+0x38/0x4c
[   35.255793][ T6243]  bch2_fs_open+0x1e0/0xb64
[   35.256808][ T6243]  bch2_mount+0x558/0xe10
[   35.257846][ T6243]  legacy_get_tree+0xd4/0x16c
[   35.258921][ T6243]  vfs_get_tree+0x90/0x288
[   35.259877][ T6243]  do_new_mount+0x278/0x900
[   35.260912][ T6243]  path_mount+0x590/0xe04
[   35.261914][ T6243]  __arm64_sys_mount+0x45c/0x594
[   35.263016][ T6243]  invoke_syscall+0x98/0x2b8
[   35.264077][ T6243]  el0_svc_common+0x130/0x23c
[   35.265126][ T6243]  do_el0_svc+0x48/0x58
[   35.266034][ T6243]  el0_svc+0x54/0x168
[   35.267025][ T6243]  el0t_64_sync_handler+0x84/0xfc
[   35.268173][ T6243]  el0t_64_sync+0x190/0x194
[   35.269279][ T6243] 
[   35.269804][ T6243] The buggy address belongs to the object at ffff0000d6c60000
[   35.269804][ T6243]  which belongs to the cache kmalloc-8k of size 8192
[   35.272952][ T6243] The buggy address is located 0 bytes to the right of
[   35.272952][ T6243]  allocated 8192-byte region [ffff0000d6c60000, ffff0000d6c62000)
[   35.276201][ T6243] 
[   35.276729][ T6243] The buggy address belongs to the physical page:
[   35.278232][ T6243] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x116c60
[   35.280299][ T6243] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.282036][ T6243] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   35.284001][ T6243] page_type: 0xffffffff()
[   35.285043][ T6243] raw: 05ffc00000000840 ffff0000c0002280 dead000000000122 0000000000000000
[   35.287048][ T6243] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[   35.289131][ T6243] head: 05ffc00000000840 ffff0000c0002280 dead000000000122 0000000000000000
[   35.291150][ T6243] head: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[   35.293131][ T6243] head: 05ffc00000000003 fffffdffc35b1801 fffffdffc35b1848 00000000ffffffff
[   35.295059][ T6243] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[   35.296976][ T6243] page dumped because: kasan: bad access detected
[   35.298458][ T6243] 
[   35.299033][ T6243] Memory state around the buggy address:
[   35.300459][ T6243]  ffff0000d6c61f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.302313][ T6243]  ffff0000d6c61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.304221][ T6243] >ffff0000d6c62000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.306207][ T6243]                    ^
[   35.307154][ T6243]  ffff0000d6c62080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.309125][ T6243]  ffff0000d6c62100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.311146][ T6243] ==================================================================
[   35.313128][ T6243] Disabling lock debugging due to kernel taint