Warning: Permanently added '10.128.1.71' (ED25519) to the list of known hosts. executing program [ 34.920546][ T6237] loop0: detected capacity change from 0 to 32768 [ 34.927987][ T6237] ================================================================== [ 34.930210][ T6237] BUG: KASAN: slab-out-of-bounds in bch2_sb_clean_to_text+0x1b4/0x224 [ 34.932366][ T6237] Read of size 1 at addr ffff0000d63ee004 by task syz-executor481/6237 [ 34.934450][ T6237] [ 34.935039][ T6237] CPU: 1 PID: 6237 Comm: syz-executor481 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0 [ 34.937648][ T6237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 34.940361][ T6237] Call trace: [ 34.941214][ T6237] dump_backtrace+0x1b8/0x1e4 [ 34.942439][ T6237] show_stack+0x2c/0x3c [ 34.943530][ T6237] dump_stack_lvl+0xe4/0x150 [ 34.944747][ T6237] print_report+0x198/0x538 [ 34.945933][ T6237] kasan_report+0xd8/0x138 [ 34.947098][ T6237] __asan_report_load1_noabort+0x20/0x2c [ 34.948593][ T6237] bch2_sb_clean_to_text+0x1b4/0x224 [ 34.950001][ T6237] bch2_sb_field_to_text+0x1a4/0x234 [ 34.951420][ T6237] bch2_sb_field_validate+0x1cc/0x298 [ 34.952852][ T6237] bch2_sb_validate+0x918/0xbf8 [ 34.954197][ T6237] __bch2_read_super+0xa4c/0x10a8 [ 34.955570][ T6237] bch2_read_super+0x38/0x4c [ 34.956788][ T6237] bch2_fs_open+0x1e0/0xb64 [ 34.957974][ T6237] bch2_mount+0x558/0xe10 [ 34.959131][ T6237] legacy_get_tree+0xd4/0x16c [ 34.960408][ T6237] vfs_get_tree+0x90/0x288 [ 34.961663][ T6237] do_new_mount+0x278/0x900 [ 34.962884][ T6237] path_mount+0x590/0xe04 [ 34.964051][ T6237] __arm64_sys_mount+0x45c/0x594 [ 34.965379][ T6237] invoke_syscall+0x98/0x2b8 [ 34.966654][ T6237] el0_svc_common+0x130/0x23c [ 34.967906][ T6237] do_el0_svc+0x48/0x58 [ 34.969036][ T6237] el0_svc+0x54/0x168 [ 34.970118][ T6237] el0t_64_sync_handler+0x84/0xfc [ 34.971492][ T6237] el0t_64_sync+0x190/0x194 [ 34.972697][ T6237] [ 34.973313][ T6237] Allocated by task 6237: [ 34.974452][ T6237] kasan_save_track+0x40/0x78 [ 34.975732][ T6237] kasan_save_alloc_info+0x40/0x50 [ 34.977163][ T6237] __kasan_kmalloc+0xac/0xc4 [ 34.978413][ T6237] __kmalloc_node_track_caller+0x2e4/0x544 [ 34.979949][ T6237] krealloc+0x94/0x148 [ 34.981023][ T6237] bch2_sb_realloc+0x284/0x564 [ 34.982301][ T6237] read_one_super+0x6c8/0x2614 [ 34.983518][ T6237] __bch2_read_super+0x714/0x10a8 [ 34.984885][ T6237] bch2_read_super+0x38/0x4c [ 34.986106][ T6237] bch2_fs_open+0x1e0/0xb64 [ 34.987278][ T6237] bch2_mount+0x558/0xe10 [ 34.988420][ T6237] legacy_get_tree+0xd4/0x16c [ 34.989643][ T6237] vfs_get_tree+0x90/0x288 [ 34.990788][ T6237] do_new_mount+0x278/0x900 [ 34.991953][ T6237] path_mount+0x590/0xe04 [ 34.993131][ T6237] __arm64_sys_mount+0x45c/0x594 [ 34.994497][ T6237] invoke_syscall+0x98/0x2b8 [ 34.995688][ T6237] el0_svc_common+0x130/0x23c [ 34.996942][ T6237] do_el0_svc+0x48/0x58 [ 34.998086][ T6237] el0_svc+0x54/0x168 [ 34.999131][ T6237] el0t_64_sync_handler+0x84/0xfc [ 35.000440][ T6237] el0t_64_sync+0x190/0x194 [ 35.001631][ T6237] [ 35.002251][ T6237] The buggy address belongs to the object at ffff0000d63ec000 [ 35.002251][ T6237] which belongs to the cache kmalloc-8k of size 8192 [ 35.005929][ T6237] The buggy address is located 4 bytes to the right of [ 35.005929][ T6237] allocated 8192-byte region [ffff0000d63ec000, ffff0000d63ee000) [ 35.009791][ T6237] [ 35.010407][ T6237] The buggy address belongs to the physical page: [ 35.012087][ T6237] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1163e8 [ 35.014464][ T6237] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 35.016461][ T6237] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 35.018614][ T6237] page_type: 0xffffffff() [ 35.019758][ T6237] raw: 05ffc00000000840 ffff0000c0002280 dead000000000122 0000000000000000 [ 35.022061][ T6237] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 35.024374][ T6237] head: 05ffc00000000840 ffff0000c0002280 dead000000000122 0000000000000000 [ 35.026690][ T6237] head: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 35.029041][ T6237] head: 05ffc00000000003 fffffdffc358fa01 fffffdffc358fa48 00000000ffffffff [ 35.031414][ T6237] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000 [ 35.033796][ T6237] page dumped because: kasan: bad access detected [ 35.035483][ T6237] [ 35.036039][ T6237] Memory state around the buggy address: [ 35.037529][ T6237] ffff0000d63edf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.039623][ T6237] ffff0000d63edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.041753][ T6237] >ffff0000d63ee000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.043854][ T6237] ^ [ 35.044908][ T6237] ffff0000d63ee080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.047091][ T6237] ffff0000d63ee100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.049242][ T6237] ================================================================== [ 35.051479][ T6237] Disabling lock debugging due to kernel taint [ 35.360163][ T6237] ------------[ cut here ]------------ [ 35.361688][ T6237] WARNING: CPU: 1 PID: 6237 at mm/page_alloc.c:4551 __alloc_pages+0x32c/0x6d0 [ 35.363916][ T6237] Modules linked in: [ 35.364889][ T6237] CPU: 1 PID: 6237 Comm: syz-executor481 Tainted: G B 6.9.0-rc7-syzkaller-gfda5695d692c #0 [ 35.367905][ T6237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 35.370573][ T6237] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 35.372635][ T6237] pc : __alloc_pages+0x32c/0x6d0 [ 35.373940][ T6237] lr : __alloc_pages+0xc8/0x6d0 [ 35.375222][ T6237] sp : ffff80009a206440 [ 35.376318][ T6237] x29: ffff80009a206530 x28: ffff80009a206460 x27: dfff800000000000 [ 35.378405][ T6237] x26: ffff700013440c8c x25: 0000000000000000 x24: ffff80009a206480 [ 35.380620][ T6237] x23: 0000000000000000 x22: 0000000000040cc0 x21: 1ffff00013440c90 [ 35.382666][ T6237] x20: ffff80009a2064a0 x19: 000000000000000b x18: 0000000000000000 [ 35.384773][ T6237] x17: 343220656220646c x16: ffff80008adc5540 x15: 0000000000000005 [ 35.386882][ T6237] x14: 1ffff00013440c94 x13: 0000000000000000 x12: 0000000000000000 [ 35.388962][ T6237] x11: ffff700013440c99 x10: 1ffff00013440c98 x9 : 0000000000000001 [ 35.391086][ T6237] x8 : ffff800091f7b000 x7 : 0000000000000000 x6 : 0000000072657620 [ 35.393169][ T6237] x5 : ffff0000e1ffffff x4 : 0000000000000000 x3 : 0000000000000020 [ 35.395251][ T6237] x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff80009a2064a0 [ 35.397426][ T6237] Call trace: [ 35.398244][ T6237] __alloc_pages+0x32c/0x6d0 [ 35.399455][ T6237] __kmalloc_large_node+0xbc/0x200 [ 35.400832][ T6237] __kmalloc_node_track_caller+0x3dc/0x544 [ 35.402298][ T6237] krealloc+0x94/0x148 [ 35.403368][ T6237] bch2_prt_printf+0x300/0x5b8 [ 35.404607][ T6237] bch2_bkey_to_text+0x1a4/0x26c [ 35.405941][ T6237] bch2_bkey_val_to_text+0x40/0x140 [ 35.407343][ T6237] journal_entry_btree_keys_to_text+0x340/0x5b8 [ 35.409016][ T6237] bch2_journal_entry_to_text+0x2f8/0x500 [ 35.410544][ T6237] bch2_sb_clean_to_text+0x128/0x224 [ 35.411989][ T6237] bch2_sb_field_to_text+0x1a4/0x234 [ 35.413394][ T6237] bch2_sb_field_validate+0x1cc/0x298 [ 35.414799][ T6237] bch2_sb_validate+0x918/0xbf8 [ 35.416065][ T6237] __bch2_read_super+0xa4c/0x10a8 [ 35.417398][ T6237] bch2_read_super+0x38/0x4c [ 35.418579][ T6237] bch2_fs_open+0x1e0/0xb64 [ 35.419768][ T6237] bch2_mount+0x558/0xe10 [ 35.420928][ T6237] legacy_get_tree+0xd4/0x16c [ 35.422173][ T6237] vfs_get_tree+0x90/0x288 [ 35.423383][ T6237] do_new_mount+0x278/0x900 [ 35.424600][ T6237] path_mount+0x590/0xe04 [ 35.425719][ T6237] __arm64_sys_mount+0x45c/0x594 [ 35.427037][ T6237] invoke_syscall+0x98/0x2b8 [ 35.428251][ T6237] el0_svc_common+0x130/0x23c [ 35.429482][ T6237] do_el0_svc+0x48/0x58 [ 35.430569][ T6237] el0_svc+0x54/0x168 [ 35.431596][ T6237] el0t_64_sync_handler+0x84/0xfc [ 35.432916][ T6237] el0t_64_sync+0x190/0x194 [ 35.434136][ T6237] irq event stamp: 71059 [ 35.435220][ T6237] hardirqs last enabled at (71059): [] raw_spin_rq_unlock_irq+0x14/0x24 [ 35.437927][ T6237] hardirqs last disabled at (71058): [] __schedule+0x2bc/0x24e8 [ 35.440379][ T6237] softirqs last enabled at (70766): [] handle_softirqs+0xa60/0xc34 [ 35.442902][ T6237] softirqs last disabled at (70749): [] __do_softirq+0x14/0x20 [ 35.445313][ T6237] ---[ end trace 0000000000000000 ]---