[ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.790968] erofs: read_super, device -> /dev/loop0 [ 32.796341] erofs: options -> [ 32.800364] erofs: root inode @ nid 36 [ 32.805135] erofs: mounted on /dev/loop0 with opts: . [ 32.816456] ================================================================== [ 32.823955] BUG: KASAN: slab-out-of-bounds in z_erofs_unzip_lz4+0x778/0xa10 [ 32.831146] Read of size 1790 at addr ffff8880a93d8ff1 by task syz-executor152/8097 [ 32.838922] [ 32.840556] CPU: 0 PID: 8097 Comm: syz-executor152 Not tainted 4.19.211-syzkaller #0 [ 32.848425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 32.857784] Call Trace: [ 32.860370] dump_stack+0x1fc/0x2ef [ 32.863985] print_address_description.cold+0x54/0x219 [ 32.869612] kasan_report_error.cold+0x8a/0x1b9 [ 32.874307] ? z_erofs_unzip_lz4+0x778/0xa10 [ 32.878715] kasan_report+0x8f/0xa0 [ 32.882334] ? z_erofs_unzip_lz4+0x778/0xa10 [ 32.886731] memcpy+0x20/0x50 [ 32.889825] z_erofs_unzip_lz4+0x778/0xa10 [ 32.894173] ? init_worker_pool+0x310/0x5c0 [ 32.898501] z_erofs_vle_unzip_fast_percpu+0xff/0x530 [ 32.903696] z_erofs_vle_unzip.isra.0+0x11fb/0x2460 [ 32.908706] ? z_erofs_vle_unzip_kickoff+0x100/0x100 [ 32.913987] ? __lock_acquire+0x6de/0x3ff0 [ 32.918224] ? __lock_acquire+0x6de/0x3ff0 [ 32.922465] ? __lock_acquire+0x6de/0x3ff0 [ 32.926689] ? mark_held_locks+0xf0/0xf0 [ 32.930742] ? finish_task_switch+0x146/0x760 [ 32.935247] ? mark_held_locks+0xf0/0xf0 [ 32.939296] ? mark_held_locks+0xa6/0xf0 [ 32.943348] ? finish_task_switch+0x118/0x760 [ 32.947842] ? prepare_to_wait_event+0x145/0x6b0 [ 32.952599] ? mark_held_locks+0xa6/0xf0 [ 32.956649] ? z_erofs_submit_and_unzip.isra.0+0x16dc/0x1930 [ 32.962451] ? mark_held_locks+0xa6/0xf0 [ 32.966503] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 32.971607] z_erofs_submit_and_unzip.isra.0+0x10dc/0x1930 [ 32.977245] ? z_erofs_vle_unzip_wq+0x1c0/0x1c0 [ 32.981898] ? wait_woken+0x250/0x250 [ 32.985707] ? wait_for_completion_io+0x10/0x10 [ 32.990366] z_erofs_vle_normalaccess_readpages+0x6b0/0xa80 [ 32.996070] ? z_erofs_vle_normalaccess_readpage+0x460/0x460 [ 33.001864] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 33.006693] ? find_attach+0x1215/0x1660 [ 33.010739] ? z_erofs_vle_normalaccess_readpage+0x460/0x460 [ 33.016609] read_pages.isra.0+0xf6/0x5d0 [ 33.020810] ? read_cache_pages+0x750/0x750 [ 33.025211] ? alloc_pages_current+0x19b/0x2a0 [ 33.029779] __do_page_cache_readahead+0x5c6/0x6c0 [ 33.034714] ? read_pages.isra.0+0x5d0/0x5d0 [ 33.039122] ? page_cache_sync_readahead+0x1c5/0x520 [ 33.044228] ondemand_readahead.isra.0+0x575/0xd40 [ 33.049149] page_cache_sync_readahead+0x275/0x520 [ 33.054080] generic_file_read_iter+0x1497/0x2b60 [ 33.058927] ? iov_iter_init+0xb8/0x1d0 [ 33.062901] __vfs_read+0x518/0x750 [ 33.066529] ? __se_sys_copy_file_range+0x410/0x410 [ 33.071626] ? security_file_permission+0x1c0/0x220 [ 33.076629] vfs_read+0x194/0x3c0 [ 33.080106] kernel_read+0xa6/0x110 [ 33.083732] prepare_binprm+0x64f/0x890 [ 33.087966] ? lock_downgrade+0x720/0x720 [ 33.092310] ? install_exec_creds+0x170/0x170 [ 33.097469] __do_execve_file+0xfb8/0x2360 [ 33.102414] ? open_exec+0x70/0x70 [ 33.106477] ? check_preemption_disabled+0x41/0x280 [ 33.111820] ? __phys_addr+0x9a/0x110 [ 33.115711] ? __phys_addr_symbol+0x2c/0x70 [ 33.120036] ? strncpy_from_user+0x2a2/0x350 [ 33.124555] do_execve+0x35/0x50 [ 33.127932] __x64_sys_execve+0x7c/0xa0 [ 33.131949] do_syscall_64+0xf9/0x620 [ 33.135751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.140933] RIP: 0033:0x7fa1677da659 [ 33.144638] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.163615] RSP: 002b:00007ffdf5085378 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 33.171321] RAX: ffffffffffffffda RBX: 00007ffdf50853b8 RCX: 00007fa1677da659 [ 33.178592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 33.185937] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 33.193211] R10: 00007ffdf5085240 R11: 0000000000000246 R12: 00007ffdf50853b0 [ 33.200464] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 33.207741] [ 33.209353] The buggy address belongs to the page: [ 33.214368] page:ffffea0002a4f600 count:3 mapcount:0 mapping:ffff88808ac78b20 index:0x1 [ 33.222599] flags: 0xfff00000001008(uptodate|private) [ 33.227776] raw: 00fff00000001008 dead000000000100 dead000000000200 ffff88808ac78b20 [ 33.235648] raw: 0000000000000001 ffff88808ac79ee0 00000003ffffffff ffff8880b59f68c0 [ 33.243507] page dumped because: kasan: bad access detected [ 33.249286] page->mem_cgroup:ffff8880b59f68c0 [ 33.253775] [ 33.255384] Memory state around the buggy address: [ 33.260335] ffff8880a93d9380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.268048] ffff8880a93d9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.275586] >ffff8880a93d9480: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 33.283571] ^ [ 33.289037] ffff8880a93d9500: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 [ 33.296508] ffff8880a93d9580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.303860] ================================================================== [ 33.311204] Disabling lock debugging due to kernel taint [ 33.317025] Kernel panic - not syncing: panic_on_warn set ... [ 33.317025] [ 33.324409] CPU: 0 PID: 8097 Comm: syz-executor152 Tainted: G B 4.19.211-syzkaller #0 [ 33.333683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 33.343041] Call Trace: [ 33.345637] dump_stack+0x1fc/0x2ef [ 33.349487] panic+0x26a/0x50e [ 33.352683] ? __warn_printk+0xf3/0xf3 [ 33.356576] ? retint_kernel+0x2d/0x2d [ 33.360469] ? trace_hardirqs_on+0x55/0x210 [ 33.364795] kasan_end_report+0x43/0x49 [ 33.368769] kasan_report_error.cold+0xa7/0x1b9 [ 33.373449] ? z_erofs_unzip_lz4+0x778/0xa10 [ 33.377847] kasan_report+0x8f/0xa0 [ 33.381459] ? z_erofs_unzip_lz4+0x778/0xa10 [ 33.386044] memcpy+0x20/0x50 [ 33.389137] z_erofs_unzip_lz4+0x778/0xa10 [ 33.393372] ? init_worker_pool+0x310/0x5c0 [ 33.397681] z_erofs_vle_unzip_fast_percpu+0xff/0x530 [ 33.402866] z_erofs_vle_unzip.isra.0+0x11fb/0x2460 [ 33.407894] ? z_erofs_vle_unzip_kickoff+0x100/0x100 [ 33.412984] ? __lock_acquire+0x6de/0x3ff0 [ 33.417211] ? __lock_acquire+0x6de/0x3ff0 [ 33.421435] ? __lock_acquire+0x6de/0x3ff0 [ 33.425662] ? mark_held_locks+0xf0/0xf0 [ 33.429712] ? finish_task_switch+0x146/0x760 [ 33.434289] ? mark_held_locks+0xf0/0xf0 [ 33.438336] ? mark_held_locks+0xa6/0xf0 [ 33.442394] ? finish_task_switch+0x118/0x760 [ 33.447204] ? prepare_to_wait_event+0x145/0x6b0 [ 33.451953] ? mark_held_locks+0xa6/0xf0 [ 33.456049] ? z_erofs_submit_and_unzip.isra.0+0x16dc/0x1930 [ 33.461846] ? mark_held_locks+0xa6/0xf0 [ 33.466095] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 33.471191] z_erofs_submit_and_unzip.isra.0+0x10dc/0x1930 [ 33.476829] ? z_erofs_vle_unzip_wq+0x1c0/0x1c0 [ 33.481585] ? wait_woken+0x250/0x250 [ 33.485379] ? wait_for_completion_io+0x10/0x10 [ 33.490051] z_erofs_vle_normalaccess_readpages+0x6b0/0xa80 [ 33.495758] ? z_erofs_vle_normalaccess_readpage+0x460/0x460 [ 33.501547] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 33.506394] ? find_attach+0x1215/0x1660 [ 33.510442] ? z_erofs_vle_normalaccess_readpage+0x460/0x460 [ 33.516296] read_pages.isra.0+0xf6/0x5d0 [ 33.520434] ? read_cache_pages+0x750/0x750 [ 33.524749] ? alloc_pages_current+0x19b/0x2a0 [ 33.529338] __do_page_cache_readahead+0x5c6/0x6c0 [ 33.534294] ? read_pages.isra.0+0x5d0/0x5d0 [ 33.538685] ? page_cache_sync_readahead+0x1c5/0x520 [ 33.543784] ondemand_readahead.isra.0+0x575/0xd40 [ 33.548824] page_cache_sync_readahead+0x275/0x520 [ 33.553748] generic_file_read_iter+0x1497/0x2b60 [ 33.558593] ? iov_iter_init+0xb8/0x1d0 [ 33.562661] __vfs_read+0x518/0x750 [ 33.566274] ? __se_sys_copy_file_range+0x410/0x410 [ 33.571288] ? security_file_permission+0x1c0/0x220 [ 33.576289] vfs_read+0x194/0x3c0 [ 33.579724] kernel_read+0xa6/0x110 [ 33.583333] prepare_binprm+0x64f/0x890 [ 33.587293] ? lock_downgrade+0x720/0x720 [ 33.591426] ? install_exec_creds+0x170/0x170 [ 33.595906] __do_execve_file+0xfb8/0x2360 [ 33.600137] ? open_exec+0x70/0x70 [ 33.603661] ? check_preemption_disabled+0x41/0x280 [ 33.608660] ? __phys_addr+0x9a/0x110 [ 33.612444] ? __phys_addr_symbol+0x2c/0x70 [ 33.616763] ? strncpy_from_user+0x2a2/0x350 [ 33.621171] do_execve+0x35/0x50 [ 33.624520] __x64_sys_execve+0x7c/0xa0 [ 33.628476] do_syscall_64+0xf9/0x620 [ 33.632261] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.637432] RIP: 0033:0x7fa1677da659 [ 33.641142] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.660038] RSP: 002b:00007ffdf5085378 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 33.667731] RAX: ffffffffffffffda RBX: 00007ffdf50853b8 RCX: 00007fa1677da659 [ 33.674985] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 33.682238] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 33.689490] R10: 00007ffdf5085240 R11: 0000000000000246 R12: 00007ffdf50853b0 [ 33.696838] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 33.704511] Kernel Offset: disabled [ 33.708127] Rebooting in 86400 seconds..