Warning: Permanently added '10.128.0.48' (ED25519) to the list of known hosts.
executing program
[   34.551254][ T6241] loop0: detected capacity change from 0 to 32768
[   34.559673][ T6241] ==================================================================
[   34.561789][ T6241] BUG: KASAN: slab-out-of-bounds in bch2_sb_downgrade_to_text+0xe58/0x1354
[   34.564307][ T6241] Read of size 2 at addr ffff0000d8fb6000 by task syz-executor199/6241
[   34.566447][ T6241] 
[   34.567065][ T6241] CPU: 0 PID: 6241 Comm: syz-executor199 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
[   34.569812][ T6241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   34.572413][ T6241] Call trace:
[   34.573221][ T6241]  dump_backtrace+0x1b8/0x1e4
[   34.574455][ T6241]  show_stack+0x2c/0x3c
[   34.575519][ T6241]  dump_stack_lvl+0xe4/0x150
[   34.576678][ T6241]  print_report+0x198/0x538
[   34.577864][ T6241]  kasan_report+0xd8/0x138
[   34.578976][ T6241]  __asan_report_load2_noabort+0x20/0x2c
[   34.580501][ T6241]  bch2_sb_downgrade_to_text+0xe58/0x1354
[   34.582211][ T6241]  bch2_sb_field_to_text+0x1a4/0x234
[   34.583738][ T6241]  bch2_sb_field_validate+0x1cc/0x298
[   34.585189][ T6241]  bch2_sb_validate+0x918/0xbf8
[   34.586547][ T6241]  __bch2_read_super+0xa4c/0x10a8
[   34.587880][ T6241]  bch2_read_super+0x38/0x4c
[   34.589112][ T6241]  bch2_fs_open+0x1e0/0xb64
[   34.590327][ T6241]  bch2_mount+0x558/0xe10
[   34.591476][ T6241]  legacy_get_tree+0xd4/0x16c
[   34.592641][ T6241]  vfs_get_tree+0x90/0x288
[   34.593807][ T6241]  do_new_mount+0x278/0x900
[   34.594928][ T6241]  path_mount+0x590/0xe04
[   34.596051][ T6241]  __arm64_sys_mount+0x45c/0x594
[   34.597399][ T6241]  invoke_syscall+0x98/0x2b8
[   34.598695][ T6241]  el0_svc_common+0x130/0x23c
[   34.600044][ T6241]  do_el0_svc+0x48/0x58
[   34.601194][ T6241]  el0_svc+0x54/0x168
[   34.602287][ T6241]  el0t_64_sync_handler+0x84/0xfc
[   34.603625][ T6241]  el0t_64_sync+0x190/0x194
[   34.604793][ T6241] 
[   34.605391][ T6241] Allocated by task 6241:
[   34.606584][ T6241]  kasan_save_track+0x40/0x78
[   34.607713][ T6241]  kasan_save_alloc_info+0x40/0x50
[   34.609136][ T6241]  __kasan_kmalloc+0xac/0xc4
[   34.610350][ T6241]  __kmalloc_node_track_caller+0x2e4/0x544
[   34.611948][ T6241]  krealloc+0x94/0x148
[   34.613084][ T6241]  bch2_sb_realloc+0x284/0x564
[   34.614374][ T6241]  read_one_super+0x6c8/0x2614
[   34.615602][ T6241]  __bch2_read_super+0x714/0x10a8
[   34.616926][ T6241]  bch2_read_super+0x38/0x4c
[   34.618134][ T6241]  bch2_fs_open+0x1e0/0xb64
[   34.619287][ T6241]  bch2_mount+0x558/0xe10
[   34.620431][ T6241]  legacy_get_tree+0xd4/0x16c
[   34.621658][ T6241]  vfs_get_tree+0x90/0x288
[   34.622837][ T6241]  do_new_mount+0x278/0x900
[   34.624008][ T6241]  path_mount+0x590/0xe04
[   34.625154][ T6241]  __arm64_sys_mount+0x45c/0x594
[   34.626416][ T6241]  invoke_syscall+0x98/0x2b8
[   34.627620][ T6241]  el0_svc_common+0x130/0x23c
[   34.628825][ T6241]  do_el0_svc+0x48/0x58
[   34.629927][ T6241]  el0_svc+0x54/0x168
[   34.631041][ T6241]  el0t_64_sync_handler+0x84/0xfc
[   34.632415][ T6241]  el0t_64_sync+0x190/0x194
[   34.633598][ T6241] 
[   34.634207][ T6241] The buggy address belongs to the object at ffff0000d8fb4000
[   34.634207][ T6241]  which belongs to the cache kmalloc-8k of size 8192
[   34.637935][ T6241] The buggy address is located 0 bytes to the right of
[   34.637935][ T6241]  allocated 8192-byte region [ffff0000d8fb4000, ffff0000d8fb6000)
[   34.641868][ T6241] 
[   34.642487][ T6241] The buggy address belongs to the physical page:
[   34.644169][ T6241] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118fb0
[   34.646477][ T6241] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   34.648393][ T6241] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   34.650511][ T6241] page_type: 0xffffffff()
[   34.651635][ T6241] raw: 05ffc00000000840 ffff0000c0002280 dead000000000122 0000000000000000
[   34.653947][ T6241] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   34.656252][ T6241] head: 05ffc00000000840 ffff0000c0002280 dead000000000122 0000000000000000
[   34.658503][ T6241] head: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   34.660765][ T6241] head: 05ffc00000000003 fffffdffc363ec01 fffffdffc363ec48 00000000ffffffff
[   34.662994][ T6241] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[   34.665195][ T6241] page dumped because: kasan: bad access detected
[   34.666857][ T6241] 
[   34.667505][ T6241] Memory state around the buggy address:
[   34.668965][ T6241]  ffff0000d8fb5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.671159][ T6241]  ffff0000d8fb5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.673221][ T6241] >ffff0000d8fb6000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.675332][ T6241]                    ^
[   34.676407][ T6241]  ffff0000d8fb6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.678513][ T6241]  ffff0000d8fb6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.680634][ T6241] ==================================================================
[   34.682997][ T6241] Disabling lock debugging due to kernel taint