Unable to handle kernel paging request at virtual address ffff600121520204 KASAN: probably wild-memory-access in range [0xffff00090a901020-0xffff00090a901027] Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 swapper pgtable: 4k pages, 48-bit VAs, pgdp=000000020730e000 [ffff600121520204] pgd=0000000000000000, p4d=0000000233983003, pud=0000000000000000 Internal error: Oops: 0000000096000005 [#1] SMP Modules linked in: CPU: 0 UID: 0 PID: 9218 Comm: read_btree_node Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : unpack_state_init fs/bcachefs/bkey.c:151 [inline] pc : __bch2_bkey_unpack_key+0x58/0xc00 fs/bcachefs/bkey.c:269 lr : __bch2_bkey_unpack_key+0x3c/0xc00 fs/bcachefs/bkey.c:268 sp : ffff80009be16740 x29: ffff80009be16760 x28: ffff00010a901029 x27: dfff800000000000 x26: 1fffe00021520205 x25: 0000000000000000 x24: 0000000000000000 x23: ffff00010a901028 x22: ffff80009be169f0 x21: ffff0000cc2eb0c0 x20: ffff00090a901020 x19: ffff80009be16880 x18: 1fffe000337dc876 x17: ffff8000827f714c x16: ffff80008ae31308 x15: 0000000000000005 x14: 0000000000000000 x13: 0000000000000004 x12: 0000000000ff0100 x11: ffff0000f9065b80 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 1fffe00121520204 x7 : 0000000000000000 x6 : ffff00010a901028 x5 : ffff0000cc2eb0c0 x4 : 0000000000000000 x3 : 0000000000000020 x2 : 0000000000000008 x1 : ffff00010a901028 x0 : ffff0000cc2eb0c0 Call trace: unpack_state_init fs/bcachefs/bkey.c:151 [inline] (P) __bch2_bkey_unpack_key+0x58/0xc00 fs/bcachefs/bkey.c:269 (P) __bch2_bkey_compat+0x40c/0x99c fs/bcachefs/bkey_methods.c:480 bch2_bkey_compat fs/bcachefs/bkey_methods.h:134 [inline] validate_bset_keys+0x480/0x1258 fs/bcachefs/btree_io.c:983 bch2_btree_node_read_done+0x13f8/0x432c fs/bcachefs/btree_io.c:1211 btree_node_read_work+0x328/0xc1c fs/bcachefs/btree_io.c:1399 bch2_btree_node_read+0x814/0x23f8 fs/bcachefs/btree_io.c:-1 bch2_btree_node_fill+0x91c/0xf38 fs/bcachefs/btree_cache.c:994 bch2_btree_node_get_noiter+0x8b4/0xd80 fs/bcachefs/btree_cache.c:1261 found_btree_node_is_readable fs/bcachefs/btree_node_scan.c:85 [inline] try_read_btree_node fs/bcachefs/btree_node_scan.c:220 [inline] read_btree_nodes_worker+0xdf0/0x1734 fs/bcachefs/btree_node_scan.c:269 kthread+0x5fc/0x75c kernel/kthread.c:464 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847 Code: 394002b8 51000708 8b284ef4 d343fe88 (387b6908) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: 394002b8 ldrb w24, [x21] 4: 51000708 sub w8, w24, #0x1 8: 8b284ef4 add x20, x23, w8, uxtw #3 c: d343fe88 lsr x8, x20, #3 * 10: 387b6908 ldrb w8, [x8, x27] <-- trapping instruction