Warning: Permanently added '10.128.0.205' (ED25519) to the list of known hosts. executing program [ 36.994822][ T6243] loop0: detected capacity change from 0 to 32768 [ 37.062534][ T6243] bcachefs (loop0): mounting version 1.7: (unknown version) opts=compression=lz4,nojournal_transaction_names [ 37.065874][ T6243] bcachefs (loop0): recovering from clean shutdown, journal seq 7 [ 37.067963][ T6243] bcachefs (loop0): Version downgrade required: [ 37.079100][ T6243] bcachefs (loop0): alloc_read... done [ 37.080729][ T6243] bcachefs (loop0): stripes_read... done [ 37.082290][ T6243] bcachefs (loop0): snapshots_read... done [ 37.086316][ T6243] bcachefs (loop0): journal_replay... done [ 37.087895][ T6243] bcachefs (loop0): resume_logged_ops... done [ 37.089665][ T6243] bcachefs (loop0): going read-write [ 37.093600][ T6243] bcachefs (loop0): done starting filesystem [ 37.101473][ T6243] ================================================================== [ 37.103622][ T6243] BUG: KASAN: slab-out-of-bounds in bch2_varint_decode_fast+0x138/0x184 [ 37.105909][ T6243] Read of size 8 at addr ffff0000d35a5286 by task syz-executor424/6243 [ 37.107996][ T6243] [ 37.108594][ T6243] CPU: 0 PID: 6243 Comm: syz-executor424 Not tainted 6.9.0-rc4-syzkaller-g6a71d2909427 #0 [ 37.111131][ T6243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 37.113684][ T6243] Call trace: [ 37.114496][ T6243] dump_backtrace+0x1b8/0x1e4 [ 37.115660][ T6243] show_stack+0x2c/0x3c [ 37.116740][ T6243] dump_stack_lvl+0xe4/0x150 [ 37.117882][ T6243] print_report+0x198/0x538 [ 37.119076][ T6243] kasan_report+0xd8/0x138 [ 37.120260][ T6243] __asan_report_load_n_noabort+0x1c/0x28 [ 37.121754][ T6243] bch2_varint_decode_fast+0x138/0x184 [ 37.123159][ T6243] bch2_inode_unpack+0x604/0x1fd0 [ 37.124458][ T6243] __bch2_inode_invalid+0x118/0x4d0 [ 37.125884][ T6243] bch2_inode_v3_invalid+0x114/0x1f4 [ 37.127239][ T6243] bch2_bkey_invalid+0x130/0x1d8 [ 37.128517][ T6243] __bch2_trans_commit+0x77c/0x55c4 [ 37.129861][ T6243] bch2_extent_update+0x3d0/0x9b4 [ 37.131255][ T6243] __bch2_write_index+0x6b4/0x1324 [ 37.132627][ T6243] bch2_write+0xd74/0x1520 [ 37.133755][ T6243] bch2_writepages+0x224/0x304 [ 37.134987][ T6243] do_writepages+0x2f8/0x7c4 [ 37.136160][ T6243] filemap_fdatawrite_wbc+0x124/0x174 [ 37.137566][ T6243] filemap_write_and_wait_range+0x158/0x23c [ 37.139161][ T6243] bch2_symlink+0x118/0x1d0 [ 37.140418][ T6243] vfs_symlink+0x138/0x260 [ 37.141525][ T6243] do_symlinkat+0x1bc/0x45c [ 37.142782][ T6243] __arm64_sys_symlinkat+0xa4/0xbc [ 37.144101][ T6243] invoke_syscall+0x98/0x2b8 [ 37.145305][ T6243] el0_svc_common+0x130/0x23c [ 37.146516][ T6243] do_el0_svc+0x48/0x58 [ 37.147568][ T6243] el0_svc+0x54/0x168 [ 37.148648][ T6243] el0t_64_sync_handler+0x84/0xfc [ 37.150073][ T6243] el0t_64_sync+0x190/0x194 [ 37.151290][ T6243] [ 37.151867][ T6243] Allocated by task 6243: [ 37.152957][ T6243] kasan_save_track+0x40/0x78 [ 37.154261][ T6243] kasan_save_alloc_info+0x40/0x50 [ 37.155648][ T6243] __kasan_kmalloc+0xac/0xc4 [ 37.156853][ T6243] __kmalloc_node_track_caller+0x2e4/0x544 [ 37.158330][ T6243] krealloc+0x94/0x148 [ 37.159365][ T6243] __bch2_trans_kmalloc+0x1dc/0xb28 [ 37.160783][ T6243] bch2_extent_update_i_size_sectors+0x5fc/0x854 [ 37.162448][ T6243] bch2_extent_update+0x338/0x9b4 [ 37.163755][ T6243] __bch2_write_index+0x6b4/0x1324 [ 37.165111][ T6243] bch2_write+0xd74/0x1520 [ 37.166357][ T6243] bch2_writepages+0x224/0x304 [ 37.167603][ T6243] do_writepages+0x2f8/0x7c4 [ 37.168865][ T6243] filemap_fdatawrite_wbc+0x124/0x174 [ 37.170295][ T6243] filemap_write_and_wait_range+0x158/0x23c [ 37.171759][ T6243] bch2_symlink+0x118/0x1d0 [ 37.172952][ T6243] vfs_symlink+0x138/0x260 [ 37.174128][ T6243] do_symlinkat+0x1bc/0x45c [ 37.175306][ T6243] __arm64_sys_symlinkat+0xa4/0xbc [ 37.176746][ T6243] invoke_syscall+0x98/0x2b8 [ 37.177952][ T6243] el0_svc_common+0x130/0x23c [ 37.179141][ T6243] do_el0_svc+0x48/0x58 [ 37.180276][ T6243] el0_svc+0x54/0x168 [ 37.181339][ T6243] el0t_64_sync_handler+0x84/0xfc [ 37.182647][ T6243] el0t_64_sync+0x190/0x194 [ 37.183875][ T6243] [ 37.184507][ T6243] The buggy address belongs to the object at ffff0000d35a5200 [ 37.184507][ T6243] which belongs to the cache kmalloc-128 of size 128 [ 37.188315][ T6243] The buggy address is located 6 bytes to the right of [ 37.188315][ T6243] allocated 128-byte region [ffff0000d35a5200, ffff0000d35a5280) [ 37.192211][ T6243] [ 37.192804][ T6243] The buggy address belongs to the physical page: [ 37.194525][ T6243] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1135a5 [ 37.196870][ T6243] flags: 0x5ffe00000000800(slab|node=0|zone=2|lastcpupid=0xfff) [ 37.198889][ T6243] page_type: 0xffffffff() [ 37.200051][ T6243] raw: 05ffe00000000800 ffff0000c00018c0 fffffdffc33e9200 dead000000000004 [ 37.202252][ T6243] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 37.204526][ T6243] page dumped because: kasan: bad access detected [ 37.206285][ T6243] [ 37.206876][ T6243] Memory state around the buggy address: [ 37.208385][ T6243] ffff0000d35a5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.210522][ T6243] ffff0000d35a5200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.212586][ T6243] >ffff0000d35a5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.214754][ T6243] ^ [ 37.215846][ T6243] ffff0000d35a5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.217952][ T6243] ffff0000d35a5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.219955][ T6243] ================================================================== [ 37.222524][ T6243] Disabling lock debugging due to kernel taint