[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.369050] erofs: read_super, device -> /dev/loop0 [ 42.374682] erofs: options -> [ 42.377938] erofs: root inode @ nid 36 [ 42.382187] erofs: mounted on /dev/loop0 with opts: . [ 42.388667] attempt to access beyond end of device [ 42.394258] loop0: rw=4096, want=104, limit=16 [ 42.398870] kasan: CONFIG_KASAN_INLINE enabled [ 42.403688] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 42.411051] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 42.417274] CPU: 1 PID: 8100 Comm: syz-executor224 Not tainted 4.19.211-syzkaller #0 [ 42.425139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 42.434481] RIP: 0010:z_erofs_map_blocks_iter+0x632/0x1aa0 [ 42.440082] Code: 0f b6 8c 24 9c 00 00 00 48 ba 00 00 00 00 00 fc ff df 48 d3 e3 44 01 f3 81 e3 ff 0f 00 00 48 03 5c 24 30 48 89 d8 48 c1 e8 03 <0f> b6 0c 10 48 8d 43 01 48 89 c6 48 c1 ee 03 0f b6 14 16 48 89 de [ 42.458957] RSP: 0018:ffff88809557f208 EFLAGS: 00010202 [ 42.464293] RAX: 0000a10fffffff40 RBX: 0005087ffffffa00 RCX: 0000000000000005 [ 42.471538] RDX: dffffc0000000000 RSI: 0000000000000010 RDI: ffff888097e1635c [ 42.478782] RBP: fffffffffffffffb R08: 0000000000000001 R09: 0000000000000000 [ 42.486027] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888097e162c0 [ 42.493269] R13: 0000000000000000 R14: 000000000000c580 R15: ffff88808dbd94c0 [ 42.500531] FS: 0000555557034300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 42.508733] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.514590] CR2: 000055777e591848 CR3: 00000000a9e90000 CR4: 00000000003406e0 [ 42.521838] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.529083] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.536327] Call Trace: [ 42.538898] ? check_preemption_disabled+0x41/0x280 [ 42.543893] erofs_map_blocks_iter+0x6d/0x3b0 [ 42.548367] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 42.553366] z_erofs_do_read_page+0x670/0x2820 [ 42.557941] ? z_erofs_vle_work_add_page+0x8b0/0x8b0 [ 42.563194] ? check_preemption_disabled+0x41/0x280 [ 42.568191] z_erofs_vle_normalaccess_readpage+0x136/0x460 [ 42.573793] ? z_erofs_submit_and_unzip.isra.0+0x1930/0x1930 [ 42.579572] ? add_to_page_cache_locked+0x40/0x40 [ 42.584406] do_read_cache_page+0x533/0x1170 [ 42.588802] ? check_preemption_disabled+0x41/0x280 [ 42.593796] ? z_erofs_submit_and_unzip.isra.0+0x1930/0x1930 [ 42.599568] erofs_namei+0x1ab/0x1740 [ 42.603355] ? check_preemption_disabled+0x41/0x280 [ 42.608353] erofs_lookup+0x143/0x500 [ 42.612131] ? erofs_namei+0x1740/0x1740 [ 42.616169] ? __lockdep_init_map+0x100/0x5a0 [ 42.620639] ? __lockdep_init_map+0x100/0x5a0 [ 42.625111] __lookup_slow+0x246/0x4a0 [ 42.628975] ? follow_dotdot_rcu+0x1040/0x1040 [ 42.633535] ? lookup_fast+0x4e9/0x1080 [ 42.637487] ? walk_component+0x798/0xda0 [ 42.641614] walk_component+0x7ac/0xda0 [ 42.645565] ? lookup_fast+0x1080/0x1080 [ 42.649600] ? walk_component+0xda0/0xda0 [ 42.653725] path_lookupat+0x1ff/0x8d0 [ 42.657589] ? path_mountpoint+0xac0/0xac0 [ 42.661803] ? trace_hardirqs_off+0x64/0x200 [ 42.666189] filename_lookup+0x1ac/0x5a0 [ 42.670225] ? filename_parentat+0x590/0x590 [ 42.674639] ? __phys_addr_symbol+0x2c/0x70 [ 42.678953] ? __check_object_size+0x17b/0x3e0 [ 42.683522] ? getname_flags+0x25b/0x590 [ 42.687575] do_mount+0x147/0x2f50 [ 42.691104] ? kfree+0x110/0x210 [ 42.694627] ? task_work_run+0x11c/0x1c0 [ 42.698667] ? copy_mount_string+0x40/0x40 [ 42.702883] ? __close_fd+0x128/0x200 [ 42.706662] ? lock_downgrade+0x720/0x720 [ 42.710787] ? lock_acquire+0x170/0x3c0 [ 42.714740] ? dnotify_flush+0x75/0x2d0 [ 42.718690] ? copy_mount_options+0x26f/0x380 [ 42.723161] ksys_mount+0xcf/0x130 [ 42.726692] __x64_sys_mount+0xba/0x150 [ 42.730646] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 42.735209] do_syscall_64+0xf9/0x620 [ 42.738993] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.744163] RIP: 0033:0x7f33bc0c1f49 [ 42.747855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.766729] RSP: 002b:00007ffd4c99a098 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 42.774414] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f33bc0c1f49 [ 42.781659] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000000 [ 42.788915] RBP: 00007f33bc0817e0 R08: 0000000000000000 R09: 0000000000000000 [ 42.796160] R10: 0000000000000050 R11: 0000000000000246 R12: 00007f33bc081870 [ 42.803414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 42.810660] Modules linked in: [ 42.813926] ---[ end trace 979a56dfc8603d21 ]--- [ 42.818693] RIP: 0010:z_erofs_map_blocks_iter+0x632/0x1aa0 [ 42.824365] Code: 0f b6 8c 24 9c 00 00 00 48 ba 00 00 00 00 00 fc ff df 48 d3 e3 44 01 f3 81 e3 ff 0f 00 00 48 03 5c 24 30 48 89 d8 48 c1 e8 03 <0f> b6 0c 10 48 8d 43 01 48 89 c6 48 c1 ee 03 0f b6 14 16 48 89 de [ 42.843294] RSP: 0018:ffff88809557f208 EFLAGS: 00010202 [ 42.848640] RAX: 0000a10fffffff40 RBX: 0005087ffffffa00 RCX: 0000000000000005 [ 42.855915] RDX: dffffc0000000000 RSI: 0000000000000010 RDI: ffff888097e1635c [ 42.863206] RBP: fffffffffffffffb R08: 0000000000000001 R09: 0000000000000000 [ 42.870462] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888097e162c0 [ 42.877739] R13: 0000000000000000 R14: 000000000000c580 R15: ffff88808dbd94c0 [ 42.885033] FS: 0000555557034300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 42.893274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.899151] CR2: 000055777e591848 CR3: 00000000a9e90000 CR4: 00000000003406e0 [ 42.906432] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.913721] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.920978] Kernel panic - not syncing: Fatal exception [ 42.926387] Kernel Offset: disabled [ 42.930007] Rebooting in 86400 seconds..