Warning: Permanently added '10.128.0.128' (ED25519) to the list of known hosts.
executing program
[   34.149938][ T6237] loop0: detected capacity change from 0 to 32768
[   34.160494][ T6237] ==================================================================
[   34.162506][ T6237] BUG: KASAN: slab-out-of-bounds in bch2_sb_downgrade_to_text+0xe58/0x1354
[   34.164495][ T6237] Read of size 2 at addr ffff0000d7056000 by task syz-executor178/6237
[   34.166366][ T6237] 
[   34.166919][ T6237] CPU: 1 PID: 6237 Comm: syz-executor178 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
[   34.169398][ T6237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   34.171839][ T6237] Call trace:
[   34.172563][ T6237]  dump_backtrace+0x1b8/0x1e4
[   34.173701][ T6237]  show_stack+0x2c/0x3c
[   34.174825][ T6237]  dump_stack_lvl+0xe4/0x150
[   34.175964][ T6237]  print_report+0x198/0x538
[   34.177088][ T6237]  kasan_report+0xd8/0x138
[   34.178307][ T6237]  __asan_report_load2_noabort+0x20/0x2c
[   34.179618][ T6237]  bch2_sb_downgrade_to_text+0xe58/0x1354
[   34.181006][ T6237]  bch2_sb_field_to_text+0x1a4/0x234
[   34.182397][ T6237]  bch2_sb_field_validate+0x1cc/0x298
[   34.183701][ T6237]  bch2_sb_validate+0x918/0xbf8
[   34.184908][ T6237]  __bch2_read_super+0xa4c/0x10a8
[   34.186082][ T6237]  bch2_read_super+0x38/0x4c
[   34.187184][ T6237]  bch2_fs_open+0x1e0/0xb64
[   34.188279][ T6237]  bch2_mount+0x558/0xe10
[   34.189343][ T6237]  legacy_get_tree+0xd4/0x16c
[   34.190461][ T6237]  vfs_get_tree+0x90/0x288
[   34.191553][ T6237]  do_new_mount+0x278/0x900
[   34.192659][ T6237]  path_mount+0x590/0xe04
[   34.193669][ T6237]  __arm64_sys_mount+0x45c/0x594
[   34.194869][ T6237]  invoke_syscall+0x98/0x2b8
[   34.196033][ T6237]  el0_svc_common+0x130/0x23c
[   34.197206][ T6237]  do_el0_svc+0x48/0x58
[   34.198211][ T6237]  el0_svc+0x54/0x168
[   34.199211][ T6237]  el0t_64_sync_handler+0x84/0xfc
[   34.200381][ T6237]  el0t_64_sync+0x190/0x194
[   34.201495][ T6237] 
[   34.202086][ T6237] Allocated by task 6237:
[   34.203106][ T6237]  kasan_save_track+0x40/0x78
[   34.204267][ T6237]  kasan_save_alloc_info+0x40/0x50
[   34.205560][ T6237]  __kasan_kmalloc+0xac/0xc4
[   34.206694][ T6237]  __kmalloc_node_track_caller+0x2e4/0x544
[   34.208167][ T6237]  krealloc+0x94/0x148
[   34.209221][ T6237]  bch2_sb_realloc+0x284/0x564
[   34.210419][ T6237]  read_one_super+0x6c8/0x2614
[   34.211563][ T6237]  __bch2_read_super+0x714/0x10a8
[   34.212889][ T6237]  bch2_read_super+0x38/0x4c
[   34.214091][ T6237]  bch2_fs_open+0x1e0/0xb64
[   34.215188][ T6237]  bch2_mount+0x558/0xe10
[   34.216246][ T6237]  legacy_get_tree+0xd4/0x16c
[   34.217376][ T6237]  vfs_get_tree+0x90/0x288
[   34.218480][ T6237]  do_new_mount+0x278/0x900
[   34.219585][ T6237]  path_mount+0x590/0xe04
[   34.220534][ T6237]  __arm64_sys_mount+0x45c/0x594
[   34.221749][ T6237]  invoke_syscall+0x98/0x2b8
[   34.222891][ T6237]  el0_svc_common+0x130/0x23c
[   34.223979][ T6237]  do_el0_svc+0x48/0x58
[   34.224984][ T6237]  el0_svc+0x54/0x168
[   34.225988][ T6237]  el0t_64_sync_handler+0x84/0xfc
[   34.227174][ T6237]  el0t_64_sync+0x190/0x194
[   34.228243][ T6237] 
[   34.228838][ T6237] The buggy address belongs to the object at ffff0000d7054000
[   34.228838][ T6237]  which belongs to the cache kmalloc-8k of size 8192
[   34.232120][ T6237] The buggy address is located 0 bytes to the right of
[   34.232120][ T6237]  allocated 8192-byte region [ffff0000d7054000, ffff0000d7056000)
[   34.235650][ T6237] 
[   34.236196][ T6237] The buggy address belongs to the physical page:
[   34.237774][ T6237] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117050
[   34.239890][ T6237] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   34.241714][ T6237] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   34.243674][ T6237] page_type: 0xffffffff()
[   34.244684][ T6237] raw: 05ffc00000000840 ffff0000c0002280 dead000000000122 0000000000000000
[   34.246943][ T6237] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   34.249200][ T6237] head: 05ffc00000000840 ffff0000c0002280 dead000000000122 0000000000000000
[   34.251397][ T6237] head: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   34.253469][ T6237] head: 05ffc00000000003 fffffdffc35c1401 fffffdffc35c1448 00000000ffffffff
[   34.255522][ T6237] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[   34.257683][ T6237] page dumped because: kasan: bad access detected
[   34.259296][ T6237] 
[   34.259811][ T6237] Memory state around the buggy address:
[   34.261169][ T6237]  ffff0000d7055f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.263152][ T6237]  ffff0000d7055f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.265122][ T6237] >ffff0000d7056000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.267065][ T6237]                    ^
[   34.268016][ T6237]  ffff0000d7056080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.270026][ T6237]  ffff0000d7056100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.272029][ T6237] ==================================================================
[   34.274666][ T6237] Disabling lock debugging due to kernel taint